search

irssi-import / bugs.irssi.org

bugs.irssi.org archive
https://github.com/irssi/irssi/issues
0 stars 0 forks source link

/connect -ssl_cert password_protected.pem problem #305

Open irssibot opened 19 years ago

irssibot commented 19 years ago

I tried /connect -ssl_cert with a password protected PEM file.

23:55:15 [ircnet2] -!- Irssi: Connecting to ircs.ircnet.ee [2001:7d0:0:f37d::6667] port 6667 [23:55:15] [fic] [1:ircnet2 (change with ^X)] [Act: 45] [(status)] Enter PEM pass phrase:

After that PEM pass phrase prompt irssi starts behaving weird - for every key I press I see two characters etc. I'm running irssi on FreeBSD 5.4, but that shouldn't be relevant.

irssibot commented 18 years ago

irssi-ssl-passphrase.patch

patch against svn nightly of 20061001

--- network-openssl.c.orig  Tue Sep 26 15:49:49 2006
+++ network-openssl.c   Tue Oct  3 17:11:08 2006
@@ -41,7 +41,9 @@
    unsigned int got_cert:1;
    unsigned int verify:1;
 } GIOSSLChannel;
-   
+
+void irssi_redraw(void);
+
 static SSL_CTX *ssl_ctx = NULL;

 static void irssi_ssl_free(GIOChannel *handle)
@@ -385,6 +387,17 @@

 #endif

+static int getpass_cb(char *buf, int size, int rwflag, void *keyname)
+{
+   char *pp, prompt[256];
+        snprintf(prompt, 256, "Enter Passphrase for %s:", keyname);
+   pp = getpass(prompt);
+   strncpy(buf, pp, size);
+   buf[size - 1] = '\0';
+   irssi_redraw();
+   return(strlen(buf));
+}
+
 static gboolean irssi_ssl_init(void)
 {
    SSL_library_init();
@@ -427,6 +440,8 @@
        scert = convert_home(mycert);
        if (mypkey && *mypkey)
            spkey = convert_home(mypkey);
+       SSL_CTX_set_default_passwd_cb(ctx, getpass_cb);
+       SSL_CTX_set_default_passwd_cb_userdata(ctx, spkey);
        if (! SSL_CTX_use_certificate_file(ctx, scert, SSL_FILETYPE_PEM))
            g_warning("Loading of client certificate '%s' failed", mycert);
        else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM))
irssibot commented 19 years ago

From openssl man:

        #include <openssl/ssl.h>

        void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
        void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);

        int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);

Setting up a costum password prompt will probably fix the issue.

irssibot commented 18 years ago

I ran into the same issue, and you were correct.

Attached is a patch that solves this issue, tested on FreeBSD-STABLE with the irssi subversion snapshot of 20061001.

Hope this helps.

--alex
irssibot commented 12 years ago

Bump. I just ran into this bug, too.

irssibot commented 12 years ago

Sorry, forgot to mention the version: Debian Squeeze $ irssi --version irssi 0.8.15 (20100403 1617)

irssibot commented 11 years ago

Same issue as well. Mac OS X Mountain Lion, irssi 0.8.15.

irssibot commented 11 years ago

This just appeared to me. I think this should be confirmed and fixed, it's minor group of people who use ssl certificates and can experience that.

irssibot commented 11 years ago

Same issue for me $ irssi --version irssi 0.8.15 (20100403 1617)

$ uname -a Linux 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 19:34:52 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

irssibot commented 11 years ago

tally up another one... same issue for me. Sadly, the patch is outdated as well.

$ irssi --version irssi 0.8.15 (20100403 1617)

$ uname -a Linux 3.2.0-41-generic #66-Ubuntu SMP Thu Apr 25 03:27:11 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

irssibot commented 11 years ago

I also have same issue Mac OS X Mountain Lion, irssi 0.8.15.

any resolution to this?

irssibot commented 11 years ago

I updated the earlier patch to suit my needs.

Changes: (1) replaced redraw with status_redraw (2) commented out the keyname (NULL) from the prompt

irssibot commented 11 years ago

irssi-0.8.15-ssl-passphrase.patch

--- irssi-0.8.15/src/core/network-openssl.c.orig    2010-04-03 09:19:38.000000000 -0700
+++ irssi-0.8.15/src/core/network-openssl.c 2013-08-09 18:10:27.965632997 -0700
@@ -374,6 +374,17 @@
     irssi_ssl_get_flags
 };

+static int getpass_cb(char *buf, int size, int rwflag, void *keyname)
+{
+   char *pp, prompt[256];
+   snprintf(prompt, 256, "Enter PEM pass phrase:"); // for %s:", keyname);
+   pp = getpass(prompt);
+   strncpy(buf, pp, size);
+   buf[size - 1] = '\0';
+   statusbar_redraw(NULL, TRUE);
+   return(strlen(buf));
+}
+
 static gboolean irssi_ssl_init(void)
 {
    SSL_library_init();
@@ -412,6 +423,8 @@
        scert = convert_home(mycert);
        if (mypkey && *mypkey)
            spkey = convert_home(mypkey);
+       SSL_CTX_set_default_passwd_cb(ctx, getpass_cb);
+       SSL_CTX_set_default_passwd_cb_userdata(ctx, spkey);
        if (! SSL_CTX_use_certificate_file(ctx, scert, SSL_FILETYPE_PEM))
            g_warning("Loading of client certificate '%s' failed", mycert);
        else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM))
irssibot commented 11 years ago

I have this as well...

$ irssi --version irssi 0.8.15 (20100403 1617)

$ uname -a Linux curve 3.8.0-30-generic #44~precise1-Ubuntu SMP Fri Aug 23 18:32:41 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

irssibot commented 11 years ago

also double characters on

solaris 11.1 irssi 0.8.15 (20100403 1617)

irssibot commented 10 years ago

I too get this issue.

irssi 0.8.15 (20100403 1617)

13.0.0 Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64 x86_64 osx 10.9

irssibot commented 10 years ago

Thanks for implementing this; I see it's just been committed. But can't we use the password callback stuff that's also used for the oper password for this? This doesn't look very secure to me at first sight. The password is shown while you type it, and even stays in the command history.

I didn't try (sorry), but what happens if you /server add with the passphrase, /save, and restart?