From: Philip Kaludercic <philipk@posteo.net>
To: Omar Polo <op@omarpolo.com>
Cc: Emacs developers <emacs-devel@gnu.org>
Subject: Re: [RFC] certfp for rcirc
Date: Sun, 14 Nov 2021 18:25:57 +0000 [thread overview]
Message-ID: <877ddaegqy.fsf@posteo.net> (raw)
In-Reply-To: <87mtmb2hg4.fsf@omarpolo.com> (Omar Polo's message of "Wed, 11 Nov 2021 10:02:27 +0100")
Omar Polo <op@omarpolo.com> writes:
> For some reason I don't know yet, the NickServ still says that I've got
> 30 seconds to identify myself, but in reality I'm already logged in. I
> don't know basically anything about how the irc protocol works, so I'm
> probably missing something incredibly obvious.
Have you experienced any issues since? It might also be that this is a
server side issue? What do other clients say?
> What do you think?
I think this would be a good addition. One might even want to go
further and add functions to automate the certfp authentication. But
that might be a too much for rcirc.
Also, the manual should be updated to explain how this works.
> Cheers,
>
> Omar Polo
>
>
> diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
> index 52d74a3394..070218ef0a 100644
> --- a/lisp/net/rcirc.el
> +++ b/lisp/net/rcirc.el
> @@ -262,10 +262,12 @@ The ARGUMENTS for each METHOD symbol are:
> `bitlbee': NICK PASSWORD
> `quakenet': ACCOUNT PASSWORD
> `sasl': NICK PASSWORD
> + `certfp': KEY CERT
>
> Examples:
> ((\"Libera.Chat\" nickserv \"bob\" \"p455w0rd\")
> (\"Libera.Chat\" chanserv \"bob\" \"#bobland\" \"passwd99\")
> + (\"Libera.Chat\" certfp \"/path/to/key.pem\" \"/path/to/cert.pem\")
> (\"bitlbee\" bitlbee \"robert\" \"sekrit\")
> (\"dal.net\" nickserv \"bob\" \"sekrit\" \"NickServ@services.dal.net\")
> (\"quakenet.org\" quakenet \"bobby\" \"sekrit\")
> @@ -291,7 +293,11 @@ Examples:
> (list :tag "SASL"
> (const sasl)
> (string :tag "Nick")
> - (string :tag "Password")))))
> + (string :tag "Password"))
> + (list :tag "CertFP"
> + (const certfp)
> + (string :tag "Key")
> + (string :tag "Certificate")))))
>
> (defcustom rcirc-auto-authenticate-flag t
> "Non-nil means automatically send authentication string to server.
> @@ -547,6 +553,9 @@ If ARG is non-nil, instead prompt for connection parameters."
> (password (plist-get (cdr c) :password))
> (encryption (plist-get (cdr c) :encryption))
> (server-alias (plist-get (cdr c) :server-alias))
> + (client-cert (when (eq (rcirc-get-server-method (car c))
> + 'certfp)
> + (rcirc-get-server-cert (car c))))
> contact)
> (when-let (((not password))
> (auth (auth-source-search :host server
> @@ -563,7 +572,7 @@ If ARG is non-nil, instead prompt for connection parameters."
> (condition-case nil
> (let ((process (rcirc-connect server port nick user-name
> full-name channels password encryption
> - server-alias)))
> + client-cert server-alias)))
> (when rcirc-display-server-buffer
> (pop-to-buffer-same-window (process-buffer process))))
> (quit (message "Quit connecting to %s"
> @@ -662,13 +671,22 @@ See `rcirc-connect' for more details on these variables.")
> (when (string-match server-i server)
> (throw 'pass (car args)))))))
>
> +(defun rcirc-get-server-cert (server)
> + "Return a list of key and certificate for SERVER."
> + (catch 'pass
> + (dolist (i rcirc-authinfo)
> + (let ((server-i (car i))
> + (args (cddr i)))
> + (when (string-match server-i server)
> + (throw 'pass args))))))
Why not use alist-get with a test function?
> ;;;###autoload
> (defun rcirc-connect (server &optional port nick user-name
> full-name startup-channels password encryption
> - server-alias)
> + certfp server-alias)
> "Connect to SERVER.
> The arguments PORT, NICK, USER-NAME, FULL-NAME, PASSWORD,
> -ENCRYPTION, SERVER-ALIAS are interpreted as in
> +ENCRYPTION, CERTFP, SERVER-ALIAS are interpreted as in
> `rcirc-server-alist'. STARTUP-CHANNELS is a list of channels
> that are joined after authentication."
> (save-excursion
> @@ -692,10 +710,16 @@ that are joined after authentication."
> (delete-process process))
>
> ;; Set up process
> - (setq process (open-network-stream
> - (or server-alias server) nil server port-number
> - :type (or encryption 'plain)
> - :nowait t))
> + (setq process (if certfp
> + (open-network-stream
> + (or server-alias server) nil server port-number
> + :type 'tls
> + :nowait t
> + :client-certificate certfp)
Is this case-distinction necessary? If `certfp' is nil, then
open-network-stream should just ignore the argument if I am not
mistaken.
> + (open-network-stream
> + (or server-alias server) nil server port-number
> + :type (or encryption 'plain)
> + :nowait t)))
> (set-process-coding-system process 'raw-text 'raw-text)
> (with-current-buffer (get-buffer-create (rcirc-generate-new-buffer-name process nil))
> (set-process-buffer process (current-buffer))
>
>
--
Philip Kaludercic
next prev parent reply other threads:[~2021-11-14 18:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-11 9:02 [RFC] certfp for rcirc Omar Polo
2021-11-14 18:25 ` Philip Kaludercic [this message]
2021-11-14 18:36 ` Omar Polo
2021-11-15 18:02 ` Omar Polo
2021-11-15 21:49 ` Omar Polo
2021-11-16 7:42 ` Lars Ingebrigtsen
2021-11-17 20:23 ` Philip Kaludercic
2021-11-21 18:01 ` Philip Kaludercic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877ddaegqy.fsf@posteo.net \
--to=philipk@posteo.net \
--cc=emacs-devel@gnu.org \
--cc=op@omarpolo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.