Site Tools


release_notes_2_1_6
*** News 10/06/2021 -- EPIC5-2.1.6 (1981 - Impignorate) released Here

*** News 09/21/2021 -- Another round of clang static analysis
        Somewhere around here we did another round of static analysis
        with clang's analyzer, and fixed whatever it recommended.

*** News 09/19/2021 -- "reconnect" script has been reimplemented
        The reconnect script has been renamed to "reconnect.orig".
        If you want the original behavior, just /load reconnect.orig
        The new script is based on improvements we've made in epic5
        to make reconnection logic more reliable and dependable.

*** News 09/11/2021 -- New option,  $serverctl(GET x PADDR)
        The $serverctl(GET x PADDR) returns the server's presentation
        address.  This is "1.2.3.4" for ipv4, or "2600::1" for ipv6.
        This represents the IP address we're connected to.

*** News 09/11/2021 -- New /window operation, /WINDOW CLEARREGEX <regex>
        This was requested by Zlonix.

        The /WINDOW CLEARREGEX <regex> operation removes all items from
        the window's lastlog whose text (what you see on the screen)
        matches the <regex>.  Removing them from the lastlog removes
        them from the scrollback and your screen as well.  This is useful
        for making conversations with annoying bots go away retroactively.
        Example:        /window clearregex annoybot

*** News 09/11/2021 -- New /ON, /ON RECONNECT_REQUIRED
        The /ON RECONNECT_REQUIRED hook is thrown by the client when it
        feels that a reconnection intervention is appropriate.
        We are going to start this small, and build in more use cases
        as we go forward.

          1. When server is in ACTIVE state and the socket dies
          2. When a write to the server fails

        In these situations, your script should take whatever measures
        are necessary to save the state of windows, channels, etc,
        in preparation for the upcoming disconnection.

        This /ON is thrown while the server is in a state of chaos.
        The internal state of the system is wrong, and you must assume
        that the connection to the server has already been lost.

        YOU MUST _*_*_NOT_*_*_ try to do anything clever in this /on.
        If you have this idea of moving windows or servers or channels,
        please don't!  I recommend setting up /timer's and /defer's so
        you can do those sorts of changes away from the blast radius.

        YOU MUST _*_*_NEVER_*_*_ attempt to do any direct intervention
        in this /on -- instead, you should save information and create
        a timer to deal with the problem later.  YOU HAVE BEEN WARNED.

        /ON RECONNECT_REQUIRED currently provides this information
                $0      The server that unexpected failed on us.
                        Reconnection will be required.  Remember,
                        you cannot do reconnection in the /on, you
                        have to schedule it to happen "later"

*** News 09/08/2021 -- New /window operation, /WINDOW CLEARLEVEL [levels]
        This was requested by Zlonix.

        The /WINDOW CLEARLEVEL [levels] operation removes all items from
        the window's lastlog of the levels you specify.  Removing them
        from your lastlog removes them from your screen as well.  This is
        useful for making noise go away retroactively
        Example:        /window clearlevel joins,parts,quits,kicks

*** News 09/08/2021 -- New statement type: block-with-arglist
        The ircII syntax now supports a new statement type, which I'm
        calling a "block with arglist"

                (arglist) {block}

        You could also think of this as an "inline anonymous function".
        For the purposes of the statement, $* is modified by (arglist)
        and then {block} is run.

        Please note there are several caveats to this:
          1. Arglist is not magic, it is syntactic sugar.  So it creates real
             local variables, and those local variables have their ordinary
             scope.  So they will persist after the end of the statement.
          2. The statement only modifies $* during the statement itself.
             So after {block} is run, $* goes back to what it was originally.
          3. Note that this is a *statement* and not a *block* so if you are
             working with something that expects a block, wrap it in {}s to
             create a block.
                if (# == 3) {(arg0, arg1, arg2) {... code ...}}
          4. Arglist processing isn't "free" so doing it in a tight loop will
             be slower than doing it outside of the loop

*** News 09/07/2021 -- Pass window refnum in /ON CHANNEL_LOST
        The /ON CHANNEL_LOST hook now provides the window that a channel
        was in as $2
                $0 - The server refnum of a channel
                $1 - The name of a channel
                $2 - The window refnum of a channel

*** News 09/06/2021 -- Functions for JSON document handling
        Some time ago some new functions appeared for handling
        JSON documents, but they were not documented.  So now
        I am going to document them!

        CONVERTING JSON DOCS TO /ASSIGNS
        --------------------------------
        Syntax:    $json_explode(varbase json-document)

        An example is worth a thousand words:

            $json_explode(e {"one": 1, "two": { "sub1", "hi", "sub2", "bye" })
        will result in three new assigns
                $e[one]         -> 1
                $e[two][sub1]   -> hi
                $e[two][sub2]   -> bye

        CONVERTING ASSIGNS TO JSON DOCS
        -------------------------------
        Syntax:    $json_implode(varbase)

        This converts everything under $varbase[*] into a JSON doc.

        HANDLING ERRORS
        --------------
        If there is an error, $json_error() will tell you about it.

*** News 09/06/2021 -- SSL handling improvements (take 2)
        The other day I posted some info on how the SSL handling has been
        improved.  But then things got revamped again, so I delete the old
        info and am replacing it with this info.

        1) Step one - You connect to an SSL server
         You connect to an irc server doing something like
                /SERVER irc.example.com:6697:type=irc-ssl
         This goes through connect()ing to the server, and then doing an
         SSL_connect() to set up the certificate exchange and TLS negotiation.

        2) Step two - The SSL handshake is completed
         After the SSL_connect() step has completed, we now have a fully
         functioning TLS socket with an SSL certificate.  Before we use the
         TLS socket, we're supposed to verify we trust the SSL certificate,
         to ensure we're talking to who we think we are.

        3) Step three - The client watches the certificate verification
         OpenSSL "verifies" the certificate and the client provides
         a C function to tag along for the ride.  The callback function
         is called every time:
           (1) An error is discovered, or
           (2) There are no (further) errors in a certificate.
         Thus, if a certificate is trusted, it will only report
         "no problems" for each link in the chain.

         This permits the client to trap and categorize every error that
         happens - some certificates have multiple problems!  There are
         three buckets the client uses:
                (1) Self-signed certificates
                (2) Incorrect-hostname certificates
                (3) Any other (serious) error
         The client tracks the "most serious error" (if there is one),
         using the above priorities.

        4) Step four - The cliet offers you /ON SSL_SERVER_CERT
          The client sets $serverctl(SET <refnum> SSL_ACCEPT_CERT -1)
          and then throws /ON SSL_SERVER_CERT.   The use of -1 is on
          purpose so the client can determine whether your /ON handler
          sets it to 0 or 1.

          If your handler does a $serverctl(SET <retval> SSL_ACCEPT_CERT 0|1)
          then that is taken as the final disposition of the handling, and
          nothing further occurs. (ie, it skips the rest of the steps)

          Parameters of /ON SSL_SERVER_CERT
                $0  The fd of the socket
                    (Use $serverctl(FROM_SERVER) to get the server refnum)
                $1  Certificate Subject, url-encoded
                $2  Certificate Issuer, url-encoded
                $3  Bits used in the public key
                $4  OpenSSL error code of the "most serious error"
                        (18 is "Self-signed certificate",
                         62 is "Hostname mismatch",
                         everything else is irregular/bad)
                $5  The SSL regime being used (ie, TLSv1.2)
                $6  The Certificate Hash
                $7  Was there a hostname mismatch?  0 = no error, 1 = error
                $8  Was there a self-signed error?  0 = no error, 1 = error
                $9  Was there another (serious) error?
                        0 = no other error 1 = other error
                $10 Was there any error of any kind?
                        0 = no errors of any kind, 1 = some kind of error

        5) Step five - The client makes a provisional decision
          Next, the client looks at the errors and decides whether
          it thinks the cert is ok.
            * Cert has no errors                   -> ACCEPT
            * Cert has "self signed" or "wrong hostname" error
              and /SET ACCEPT_INVALID_SSL_CERT ON  -> ACCEPT
            * Cert has "self signed" or "wrong hostname" error
              and /SET ACCEPT_INVALID_SSL_CERT OFF -> REJECT
            * Cert has any serious error           -> REJECT
          The client sets this provisional value with
                $serverctl(SET <refnum> SSL_ACCEPT_CERT 0|1)

        6) Step six - The client offers you /ON SERVER_SSL_EVAL
          Then, the client hooks /ON SERVER_SSL_EVAL.  At this point,
          all of the information your script needs to make a fully
          informed decision to accept or overrule the client's choice
          is available.  Your handler is not obligated to make any
          change, but it certainly can if it wants to

          Parameters of /ON SERVER_SSL_EVAL
                $0  The server refnum
                $1  The "ourname" of the server (what you /server'd to)
                $2  Was there any error at all?
                        0 = no errors of any kind   1 = some kind of error
                $3  Was there a hostname mismatch?  0 = no error, 1 = error
                $4  Was there a self-signed error?  0 = no error, 1 = error
                $5  Was there another (serious) error?
                        0 = no other error, 1 = other error
                $6  What does the client suggest?
                        0 = reject certificate, 1 = accept certificate

          Using $serverctl() to get info about the certificate
          Use $serverctl(GET <refnum> <item>) where <item> is:
                SSL_CIPHER              The encryption cipher being used
                SSL_PEM                 The certificate (in PEM format)
                SSL_CERT_HASH           The certificate's hash
                SSL_PKEY_BITS           The bits in the public key
                SSL_SUBJECT             Who the cert was issued to
                SSL_SUBJECT_URL         Who the cert was issued to (url-encoded)
                SSL_ISSUER              Who issued the cert
                SSL_ISSUER_URL          Who issued the cert (url-encoded)
                SSL_VERSION             What version of SSL being used (ie, TLSv1.2)
                SSL_SANS                Subject Alternate Names in the cert
                SSL_CHECKHOST_ERROR     Hostname Mismatch error - 0 (no) 1 (yes)
                SSL_SELF_SIGNED_ERROR   Self-signed error - 0 (no) 1 (yes)
                SSL_OTHER_ERROR         Any other (serious) error - 0 (no) 1 (yes)
                SSL_MOST_SERIOUS_ERROR  The OpenSSL error code of the most serious error
                                        18 (self-signed) and 62 (hostname mismatch)
                                        are considered non-serious (routine) errors
                SSL_VERIFY_ERROR        Any error at all - 0 (no) 1 (yes)
                SSL_ACCEPT_CERT         Is this cert headed for acceptance?  0 (no) 1 (yes)

           Use $serverctl(SET <refnum> SSL_ACCEPT_CERT 0) to reject the cert
           Use $serverctl(SET <refnum> SSL_ACCEPT_CERT 1) to accept the cert
           If you don't do anything, the client will do the most reasonable thing

        7) Step seven - The client moves forward
          Finally, everyone has had a chance to weigh in.
          Whatever the value of $serverctl(GET <refnum> SSL_ACCEPT_CERT)
          is after all this, is used to accept or reject the SSL connection.

*** News 09/02/2021 -- Configuring SSL Ciphers
        Now, if you know what you are doing, you can set
        the SSL Ciphersuites that the client will use for
        SSL connections, via
                /SET SSL_CIPHERS <stuff>
        If you don't know what you're doing, don't touch.
        The default value is "unset", which means we let
        openssl choose the ciphers for us.

*** News 09/02/2021 -- SSL Handling improvements
        [replaced -- see above]

*** News 08/30/2021 -- New server description field "ssl-strict"
        [this feature was removed]

`

release_notes_2_1_6.txt · Last modified: 2021/10/06 15:39 by 127.0.0.1