Just a sample of the Echomail archive
[ << oldest | < older | list | newer > | newest >> ]
| Message 48053 |
| Deucе to Git commit to main/sbbs/master |
| src/sbbs3/js_socket.c js_socket.h |
| 08 Nov 25 13:37:47 |
TZUTC: -0800 MSGID: 53467.syncprog@1:103/705 2d75bf06 PID: Synchronet 3.21a-Linux master/88b423313 Sep 29 2025 GCC 12.2.0 TID: SBBSecho 3.31-Linux master/d39e01091 Nov 03 2025 GCC 12.2.0 BBSID: VERT CHRS: UTF-8 4 FORMAT: flowed https://gitlab.synchro.net/main/sbbs/-/commit/495ca643bcd016cac27b0a1f Modified Files: src/sbbs3/js_socket.c js_socket.h Log Message: Add five new TLS properties to the socket object tls_nameverify (defaults to true) Ensures the remote hostname is in the certificate. Turning this off will allow any valid certificate to be used by the remote Only useful for testing, insecure for actual use. tls_certverifiy (defaults to true) Validates the certificate. Only useful for testing. Turning this off basically makes TLS a joke. tls_client_auth (defaults to false) When set by a server, requires a client certificate for the TLS session. When set by a client, will provide the current certificate to the server if requested. tls_enhanced_certcheck (defaults to false) Checks a bit more of the remote certificate for validity. A small number of internet hosts need this disabled to allow TLS, these hosts have suspect certificates, but web browsers think they're good enough, so we do too by default. tls_remote_cert This property is a CryptCert object created when a client connection is established, and when a server that has tls_client_auth enabled accepts a connection. Actually using this object is quite complex and painful, but hopefully we can get the Subject Alt Names out of it someday, which will allow TLS secured BinkIT sessions to verify that the remote is actually connecting from an IP address that maps back to the FidoNet node using the domain DNS lookup. With this and a reasonable list of trusted CAs (it's not clear what is currently used if anything), we can actually have mutually authenticated connections from FTN nodes that don't have explicit links configured... which would be the first step toward making netmail not be trivially spoofable. A lot of work after this still left to do though. --- SBBSecho 3.31-Linux * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) SEEN-BY: 10/0 1 102/401 103/1 705 105/81 106/201 124/5016 128/187 SEEN-BY: 129/14 153/7715 154/110 214/22 218/0 1 215 610 700 810 226/30 SEEN-BY: 227/114 229/110 206 317 400 426 428 470 700 705 266/512 280/464 SEEN-BY: 291/111 301/1 320/219 322/757 342/200 396/45 460/58 633/280 SEEN-BY: 712/848 902/26 5075/35 PATH: 103/705 218/700 229/426 |
[ << oldest | < older | list | newer > | newest >> ]