WIP: Use GSocketClient for IRC connections

TODO:
- Proxy support (some will be lost along the way)
- Remove all OpenSSL usage from fe-gtk?
- DCC support?

.github/workflows/msys-build.yml

@@ -1,40 +0,0 @@
-name: MSYS2 Build
-on: [push, pull_request]
-
-jobs:
-  build:
-    runs-on: windows-latest
-    defaults:
-      run:
-        shell: msys2 {0}
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: msys2/setup-msys2@v2
-        with:
-          install: >-
-            mingw-w64-x86_64-gcc
-            mingw-w64-x86_64-pkg-config
-            mingw-w64-x86_64-python3-cffi
-            mingw-w64-x86_64-meson
-            mingw-w64-x86_64-gtk2
-            mingw-w64-x86_64-luajit
-            mingw-w64-x86_64-desktop-file-utils
-
-      - name: Configure
-        run: >-
-          meson build
-          -Dtext-frontend=true
-          -Ddbus=disabled
-          -Dwith-upd=false
-          -Dwith-perl=false
-
-      - name: Build
-        run: ninja -C build
-
-      - name: Test
-        run: ninja -C build test
-
-      - name: Install
-        run: ninja -C build install

.github/workflows/windows-build.yml

@@ -28,7 +28,7 @@ jobs:
           Invoke-WebRequest https://dl.hexchat.net/misc/idpsetup-1.5.1.exe -OutFile deps\idpsetup.exe
           & deps\idpsetup.exe /VERYSILENT
 
-          Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29-openssl1.1.7z -OutFile deps\gtk-${{ matrix.arch }}.7z
+          Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29.7z -OutFile deps\gtk-${{ matrix.arch }}.7z
           & 7z.exe x deps\gtk-${{ matrix.arch }}.7z -oC:\gtk-build\gtk
 
           Invoke-WebRequest https://dl.hexchat.net/gtk-win32/gendef-20111031.7z -OutFile deps\gendef.7z

data/misc/io.github.Hexchat.appdata.xml.in

@@ -26,22 +26,6 @@
     <id>hexchat.desktop</id>
   </provides>
   <releases>
-    <release date="2021-10-01" version="2.16.0">
-      <description>
-        <p>This is a feature release:</p>
-        <ul>
-          <li>Add support for IRCv3 SETNAME, invite-notify, account-tag, standard replies, and UTF8ONLY</li>
-          <li>Add support for strikethrough formatting</li>
-          <li>Fix text clipping issues by respecting font line height</li>
-          <li>Fix URLs not being escaped when opened</li>
-          <li>Fix possible hang when showing notifications</li>
-          <li>Print ChanServ notices in the front tab by default</li>
-          <li>Update network list</li>
-          <li>python: Rewrite plugin improving memory usage and compatibility</li>
-          <li>fishlim: Add support for CBC and other improvements</li>
-        </ul>
-      </description>
-    </release>
     <release date="2019-12-20" version="2.14.3">
       <description>
         <p>This is a bug-fix release:</p>

meson.build

@@ -1,5 +1,5 @@
 project('hexchat', 'c',
-  version: '2.16.0',
+  version: '2.14.3',
   meson_version: '>= 0.47.0',
   default_options: [
     'c_std=gnu89',
@@ -13,7 +13,7 @@ gnome = import('gnome')
 cc = meson.get_compiler('c')
 
 
-libgio_dep = dependency('gio-2.0', version: '>= 2.34.0')
+libgio_dep = dependency('gio-2.0', version: '>= 2.44.0')
 libgmodule_dep = dependency('gmodule-2.0')
 
 libcanberra_dep = dependency('libcanberra', version: '>= 0.22',
@@ -22,7 +22,7 @@ dbus_glib_dep = dependency('dbus-glib-1', required: get_option('dbus'))
 
 global_deps = []
 if cc.get_id() == 'msvc'
-  libssl_dep = cc.find_library('libssl')
+  libssl_dep = cc.find_library('libeay32')
 else
   libssl_dep = dependency('openssl', version: '>= 0.9.8',
                           required: get_option('tls'))
@@ -46,8 +46,8 @@ config_h.set('G_DISABLE_SINGLE_INCLUDES', true)
 config_h.set('GTK_DISABLE_DEPRECATED', true)
 config_h.set('GTK_DISABLE_SINGLE_INCLUDES', true)
 config_h.set('GDK_PIXBUF_DISABLE_SINGLE_INCLUDES', true)
-config_h.set('GLIB_VERSION_MAX_ALLOWED', 'GLIB_VERSION_2_34')
-config_h.set('GLIB_VERSION_MIN_REQUIRED', 'GLIB_VERSION_2_34')
+config_h.set('GLIB_VERSION_MAX_ALLOWED', 'GLIB_VERSION_2_44')
+config_h.set('GLIB_VERSION_MIN_REQUIRED', 'GLIB_VERSION_2_44')
 
 # Detected features
 config_h.set('HAVE_MEMRCHR', cc.has_function('memrchr'))

plugins/fishlim/fishlim.vcxproj

@@ -29,7 +29,7 @@
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <AdditionalIncludeDirectories>$(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
@@ -40,7 +40,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
-      <PreprocessorDefinitions>WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <AdditionalIncludeDirectories>$(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>

plugins/fishlim/tests/fake/keystore.c

@@ -1,4 +1,5 @@
 /*
+
   Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -21,31 +22,26 @@
 
 */
 
-#include "fish.h"
+#include "../../fish.h"
+
 
 /**
  * Extracts a key from the key store file.
  */
-char *
-keystore_get_key(const char *nick, enum fish_mode *mode)
-{
+char *keystore_get_key(const char *nick, enum fish_mode *mode) {
     return NULL;
 }
 
 /**
  * Sets a key in the key store file.
  */
-gboolean
-keystore_store_key(const char *nick, const char *key, enum fish_mode mode)
-{
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode) {
     return TRUE;
 }
 
 /**
  * Deletes a nick from the key store.
  */
-gboolean
-keystore_delete_nick(const char *nick)
-{
+gboolean keystore_delete_nick(const char *nick) {
     return TRUE;
 }

plugins/fishlim/tests/meson.build

@@ -1,15 +1,17 @@
+subdir('old_version')
+
 fishlim_test_sources = [
   'tests.c',
-  'mock-keystore.c',
+  'fake/keystore.c',
   '../fish.c',
   '../utils.c',
 ]
 
 fishlim_tests = executable('fishlim_tests', fishlim_test_sources,
-  dependencies: [libgio_dep, libssl_dep, hexchat_plugin_dep],
-  include_directories: include_directories('..'),
+  dependencies: [libgio_dep, libssl_dep],
+  link_with : fishlim_old_lib
 )
 
 test('Fishlim Tests', fishlim_tests,
-  protocol: 'tap',
+  timeout: 90
 )

plugins/fishlim/tests/old_version/fish.c

@@ -0,0 +1,155 @@
+/*
+
+  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#ifdef __APPLE__
+#define __AVAILABILITYMACROS__
+#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+
+#include "fish.h"
+
+#define IB 64
+static const char fish_base64[64] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+static const signed char fish_unbase64[256] = {
+    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
+    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
+/*      !  "  #  $  %  &  '  (    )  *  +  ,  -  .  / */
+    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB, 0, 1,
+/*   0  1  2  3  4  5  6  7    8  9  :  ;  <  =  >  ? */
+     2, 3, 4, 5, 6, 7, 8, 9,  10,11,IB,IB,IB,IB,IB,IB,
+/*   @  A  B  C  D  E  F  G    H  I  J  K  L  M  N  O */
+    IB,38,39,40,41,42,43,44,  45,46,47,48,49,50,51,52,
+/*   P  Q  R  S  T  U  V  W    X  Y  Z  [  \  ]  ^  _*/
+    53,54,55,56,57,58,59,60,  61,62,63,IB,IB,IB,IB,IB,
+/*   `  a  b  c  d  e  f  g    h  i  j  k  l  m  n  o */
+    IB,12,13,14,15,16,17,18,  19,20,21,22,23,24,25,26,
+/*   p  q  r  s  t  u  v  w    x  y  z  {  |  }  ~  <del> */
+    27,28,29,30,31,32,33,34,  35,36,37,IB,IB,IB,IB,IB,
+};
+
+#define GET_BYTES(dest, source) do { \
+    *((dest)++) = ((source) >> 24) & 0xFF; \
+    *((dest)++) = ((source) >> 16) & 0xFF; \
+    *((dest)++) = ((source) >> 8) & 0xFF; \
+    *((dest)++) = (source) & 0xFF; \
+} while (0);
+
+
+char *__old_fish_encrypt(const char *key, size_t keylen, const char *message) {
+    BF_KEY bfkey;
+    size_t messagelen;
+    size_t i;
+    int j;
+    char *encrypted;
+    char *end;
+    unsigned char bit;
+    unsigned char word;
+    unsigned char d;
+    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
+    
+    messagelen = strlen(message);
+    if (messagelen == 0) return NULL;
+    encrypted = g_malloc(((messagelen - 1) / 8) * 12 + 12 + 1); /* each 8-byte block becomes 12 bytes */
+    end = encrypted;
+     
+    while (*message) {
+        /* Read 8 bytes (a Blowfish block) */
+        BF_LONG binary[2] = { 0, 0 };
+        unsigned char c;
+        for (i = 0; i < 8; i++) {
+            c = message[i];
+            binary[i >> 2] |= c << 8*(3 - (i&3));
+            if (c == '\0') break;
+        }
+        message += 8;
+        
+        /* Encrypt block */
+        BF_encrypt(binary, &bfkey);
+        
+        /* Emit FiSH-BASE64 */
+        bit = 0;
+        word = 1;
+        for (j = 0; j < 12; j++) {
+            d = fish_base64[(binary[word] >> bit) & 63];
+            *(end++) = d;
+            bit += 6;
+            if (j == 5) {
+                bit = 0;
+                word = 0;
+            }
+        }
+        
+        /* Stop if a null terminator was found */
+        if (c == '\0') break;
+    }
+    *end = '\0';
+    return encrypted;
+}
+
+
+char *__old_fish_decrypt(const char *key, size_t keylen, const char *data) {
+    BF_KEY bfkey;
+    size_t i;
+    char *decrypted;
+    char *end;
+    unsigned char bit;
+    unsigned char word;
+    unsigned char d;
+    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
+    
+    decrypted = g_malloc(strlen(data) + 1);
+    end = decrypted;
+    
+    while (*data) {
+        /* Convert from FiSH-BASE64 */
+        BF_LONG binary[2] = { 0, 0 };
+        bit = 0;
+        word = 1;
+        for (i = 0; i < 12; i++) {
+            d = fish_unbase64[(const unsigned char)*(data++)];
+            if (d == IB) goto decrypt_end;
+            binary[word] |= (unsigned long)d << bit;
+            bit += 6;
+            if (i == 5) {
+                bit = 0;
+                word = 0;
+            }
+        }
+        
+        /* Decrypt block */
+        BF_decrypt(binary, &bfkey);
+        
+        /* Copy to buffer */
+        GET_BYTES(end, binary[0]);
+        GET_BYTES(end, binary[1]);
+    }
+    
+  decrypt_end:
+    *end = '\0';
+    return decrypted;
+}

plugins/fishlim/tests/old_version/fish.h

@@ -0,0 +1,37 @@
+/*
+
+  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+
+*/
+
+#ifndef FISH_OLD_H
+#define FISH_OLD_H
+
+#include <stddef.h>
+
+#include <glib.h>
+
+char *__old_fish_encrypt(const char *key, size_t keylen, const char *message);
+char *__old_fish_decrypt(const char *key, size_t keylen, const char *data);
+
+#endif
+
+

plugins/fishlim/tests/old_version/meson.build

@@ -0,0 +1,4 @@
+fishlim_old_lib = shared_library('fishlim_old_lib',
+  ['fish.c'],
+  dependencies: [libgio_dep, libssl_dep],
+)

plugins/fishlim/tests/tests.c

@@ -1,4 +1,5 @@
 /*
+
   Copyright (c) 2020 <bakasura@protonmail.ch>
 
   Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -21,19 +22,22 @@
 
 */
 
-#include <glib.h>
+#ifndef PLUGIN_HEXCHAT_FISHLIM_TEST_H
+#define PLUGIN_HEXCHAT_FISHLIM_TEST_H
 
-#include "fish.h"
-#include "utils.h"
+// Libs
+#include <glib.h>
+// Project Libs
+#include "../fish.h"
+#include "../utils.h"
+#include "old_version/fish.h"
 
 /**
  * Auxiliary function: Generate a random string
  * @param out Preallocated string to fill
  * @param len Size of bytes to fill
  */
-static void
-random_string(char *out, size_t len)
-{
+void random_string(char *out, size_t len) {
     GRand *rand = NULL;
     int i = 0;
 
@@ -47,14 +51,13 @@ random_string(char *out, size_t len)
     g_rand_free(rand);
 }
 
+
 /**
- * Check encrypt and decrypt in ECB mode
+ * Check encrypt and decrypt in ECB mode and compare with old implementation
  */
-static void
-test_ecb(void)
-{
-    char *b64 = NULL;
-    char *de = NULL;
+void __ecb(void) {
+    char *bo64 = NULL, *b64 = NULL;
+    char *deo = NULL, *de = NULL;
     int key_len, message_len = 0;
     char key[57];
     char message[1000];
@@ -68,20 +71,36 @@ test_ecb(void)
             random_string(message, message_len);
 
             /* Encrypt */
+            bo64 = __old_fish_encrypt(key, key_len, message);
+            g_assert_nonnull(bo64);
             b64 = fish_encrypt(key, key_len, message, message_len, FISH_ECB_MODE);
             g_assert_nonnull(b64);
+            g_assert_cmpuint(g_strcmp0(b64, bo64), == , 0);
 
             /* Decrypt */
             /* Linear */
+            deo = __old_fish_decrypt(key, key_len, bo64);
             de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
-			g_assert_cmpstr (de, ==, message);
+            g_assert_nonnull(deo);
+            g_assert_nonnull(de);
+            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
+            g_free(deo);
             g_free(de);
-	
             /* Mixed */
-            de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
-			g_assert_cmpstr (de, ==, message);
+            deo = __old_fish_decrypt(key, key_len, b64);
+            de = fish_decrypt_str(key, key_len, bo64, FISH_ECB_MODE);
+            g_assert_nonnull(deo);
+            g_assert_nonnull(de);
+            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
+            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
+            g_free(deo);
             g_free(de);
 
+            /* Free */
+            g_free(bo64);
             g_free(b64);
         }
     }
@@ -90,9 +109,7 @@ test_ecb(void)
 /**
  * Check encrypt and decrypt in CBC mode
  */
-static void
-test_cbc(void)
-{
+void __cbc(void) {
     char *b64 = NULL;
     char *de = NULL;
     int key_len, message_len = 0;
@@ -114,9 +131,11 @@ test_cbc(void)
             /* Decrypt */
             /* Linear */
             de = fish_decrypt_str(key, key_len, b64, FISH_CBC_MODE);
-            g_assert_cmpstr (de, ==, message);
+            g_assert_nonnull(de);
+            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
             g_free(de);
 
+            /* Free */
             g_free(b64);
         }
     }
@@ -125,14 +144,13 @@ test_cbc(void)
 /**
  * Check the calculation of final length from an encoded string in Base64
  */
-static void
-test_base64_len (void)
-{
+void __base64_len(void) {
     char *b64 = NULL;
     int i, message_len = 0;
     char message[1000];
 
     for (i = 0; i < 10; ++i) {
+
         for (message_len = 1; message_len < 1000; ++message_len) {
             random_string(message, message_len);
             b64 = g_base64_encode((const unsigned char *) message, message_len);
@@ -146,9 +164,7 @@ test_base64_len (void)
 /**
  * Check the calculation of final length from an encoded string in BlowcryptBase64
  */
-static void
-test_base64_fish_len (void)
-{
+void __base64_fish_len(void) {
     char *b64 = NULL;
     int i, message_len = 0;
     char message[1000];
@@ -165,12 +181,11 @@ test_base64_fish_len (void)
     }
 }
 
+
 /**
  * Check the calculation of final length from an encrypted string in ECB mode
  */
-static void
-test_base64_ecb_len(void)
-{
+void __base64_ecb_len(void) {
     char *b64 = NULL;
     int key_len, message_len = 0;
     char key[57];
@@ -194,9 +209,7 @@ test_base64_ecb_len(void)
 /**
  * Check the calculation of final length from an encrypted string in CBC mode
  */
-static void
-test_base64_cbc_len(void)
-{
+void __base64_cbc_len(void) {
     char *b64 = NULL;
     int key_len, message_len = 0;
     char key[57];
@@ -220,9 +233,7 @@ test_base64_cbc_len(void)
 /**
  * Check the calculation of length limit for a plaintext in each encryption mode
  */
-static void
-test_max_text_command_len(void)
-{
+void __max_text_command_len(void) {
     int max_encoded_len, plaintext_len;
     enum fish_mode mode;
 
@@ -237,9 +248,7 @@ test_max_text_command_len(void)
 /**
  * Check the calculation of length limit for a plaintext in each encryption mode
  */
-static void
-test_foreach_utf8_data_chunks(void)
-{
+void __foreach_utf8_data_chunks(void) {
     GRand *rand = NULL;
     GString *chunks = NULL;
     int tests, max_chunks_len, chunks_len;
@@ -268,19 +277,21 @@ test_foreach_utf8_data_chunks(void)
     }
 }
 
-int
-main(int argc, char *argv[]) {
+
+int main(int argc, char *argv[]) {
 
     g_test_init(&argc, &argv, NULL);
 
-    g_test_add_func("/fishlim/ecb", test_ecb);
-    g_test_add_func("/fishlim/cbc", test_cbc);
-    g_test_add_func("/fishlim/base64_len", test_base64_len);
-    g_test_add_func("/fishlim/base64_fish_len", test_base64_fish_len);
-    g_test_add_func("/fishlim/base64_ecb_len", test_base64_ecb_len);
-    g_test_add_func("/fishlim/base64_cbc_len", test_base64_cbc_len);
-    g_test_add_func("/fishlim/max_text_command_len", test_max_text_command_len);
-    g_test_add_func("/fishlim/foreach_utf8_data_chunks", test_foreach_utf8_data_chunks);
+    g_test_add_func("/fishlim/__ecb", __ecb);
+    g_test_add_func("/fishlim/__cbc", __ecb);
+    g_test_add_func("/fishlim/__base64_len", __base64_len);
+    g_test_add_func("/fishlim/__base64_fish_len", __base64_fish_len);
+    g_test_add_func("/fishlim/__base64_ecb_len", __base64_ecb_len);
+    g_test_add_func("/fishlim/__base64_cbc_len", __base64_cbc_len);
+    g_test_add_func("/fishlim/__max_text_command_len", __max_text_command_len);
+    g_test_add_func("/fishlim/__foreach_utf8_data_chunks", __foreach_utf8_data_chunks);
 
     return g_test_run();
 }
+
+#endif //PLUGIN_HEXCHAT_FISHLIM_TEST_H

src/common/dcc.c

@@ -487,6 +487,19 @@ dcc_notify_kill (struct server *serv)
 	}
 }
 
+static int
+tcp_send_real (int sok, GIConv write_converter, char *buf, int len)
+{
+	int ret;
+
+	gsize buf_encoded_len;
+	gchar *buf_encoded = text_convert_invalid (buf, len, write_converter, arbitrary_encoding_fallback_string, &buf_encoded_len);
+	ret = send (sok, buf_encoded, buf_encoded_len, 0);
+	g_free (buf_encoded);
+
+	return ret;
+}
+
 struct DCC *
 dcc_write_chat (char *nick, char *text)
 {
@@ -499,7 +512,7 @@ dcc_write_chat (char *nick, char *text)
 	if (dcc && dcc->dccstat == STAT_ACTIVE)
 	{
 		len = strlen (text);
-		tcp_send_real (NULL, dcc->sok, dcc->serv->write_converter, text, len);
+		tcp_send_real (dcc->sok, dcc->serv->write_converter, text, len);
 		send (dcc->sok, "\n", 1, 0);
 		dcc->size += len;
 		fe_dcc_update (dcc);
@@ -1656,7 +1669,8 @@ dcc_listen_init (struct DCC *dcc, session *sess)
 	memset (&SAddr, 0, sizeof (struct sockaddr_in));
 
 	len = sizeof (SAddr);
-	getsockname (dcc->serv->sok, (struct sockaddr *) &SAddr, &len);
+	/* TODO: Get rid of raw socket usage */
+	getsockname (g_socket_get_fd (dcc->serv->socket), (struct sockaddr *) &SAddr, &len);
 
 	SAddr.sin_family = AF_INET;
 

src/common/hexchat.c

@@ -266,7 +266,7 @@ lag_check (void)
 				EMIT_SIGNAL (XP_TE_PINGTIMEOUT, serv->server_session, tbuf, NULL,
 								 NULL, NULL, 0);
 				if (prefs.hex_net_auto_reconnect)
-					serv->auto_reconnect (serv, FALSE, -1);
+					serv->auto_reconnect (serv, FALSE, NULL);
 			}
 			else
 			{

src/common/hexchat.h

@@ -39,10 +39,6 @@
 #include "history.h"
 #include "tree.h"
 
-#ifdef USE_OPENSSL
-#include <openssl/ssl.h>		  /* SSL_() */
-#endif
-
 #ifdef __EMX__						  /* for o/s 2 */
 #define OFLAGS O_BINARY
 #define g_ascii_strcasecmp stricmp
@@ -434,10 +430,10 @@ typedef struct server
 {
 	/*  server control operations (in server*.c) */
 	void (*connect)(struct server *, char *hostname, int port, int no_login);
-	void (*disconnect)(struct session *, int sendquit, int err);
+	void (*disconnect)(struct session *, int sendquit, GError *err);
 	int  (*cleanup)(struct server *);
 	void (*flush_queue)(struct server *);
-	void (*auto_reconnect)(struct server *, int send_quit, int err);
+	void (*auto_reconnect)(struct server *, int send_quit, GError *err);
 	/* irc protocol functions (in proto*.c) */
 	void (*p_inline)(struct server *, char *buf, int len);
 	void (*p_invite)(struct server *, char *channel, char *nick);
@@ -474,36 +470,25 @@ typedef struct server
 	int (*p_cmp)(const char *s1, const char *s2);
 
 	int port;
-	int sok;					/* is equal to sok4 or sok6 (the one we are using) */
-	int sok4;					/* tcp4 socket */
-	int sok6;					/* tcp6 socket */
-	int proxy_type;
-	int proxy_sok;				/* Additional information for MS Proxy beast */
-	int proxy_sok4;
-	int proxy_sok6;
 	int id;					/* unique ID number (for plugin API) */
 
 	/* dcc_ip moved from hexchatprefs to make it per-server */
 	guint32 dcc_ip;
 
-#ifdef USE_OPENSSL
-	SSL_CTX *ctx;
-	SSL *ssl;
-	int ssl_do_connect_tag;
-#else
-	void *ssl;
-#endif
-	int childread;
-	int childwrite;
-	int childpid;
-	int iotag;
+	GSocketClient *socket_client;
+	GSocketConnection *socket_conn;
+	GSocket *socket; /* Owned by socket_conn */
+	GCancellable *connection_cancellable;
+	GTlsCertificate *client_cert;
+	GSource *socket_read_source;
+
 	int recondelay_tag;				/* reconnect delay timeout */
 	int joindelay_tag;				/* waiting before we send JOIN */
 	char hostname[128];				/* real ip number */
 	char servername[128];			/* what the server says is its name */
 	char password[86];
 	char nick[NICKLEN];
-	char linebuf[8704];				/* RFC says 512 chars including \r\n, IRCv3 message tags add 8191, plus the NUL byte */
+	char linebuf[2048];				/* RFC says 512 chars including \r\n */
 	char *last_away_reason;
 	int pos;								/* current position in linebuf */
 	int nickcount;

src/common/meson.build

@@ -74,7 +74,6 @@ textevents = custom_target('textevents',
 #   HAVE_GTK_MAC
 
 if libssl_dep.found()
-  common_sources += 'ssl.c'
   common_deps += libssl_dep
 endif
 

src/common/modes.c

@@ -67,8 +67,8 @@ send_channel_modes (session *sess, char *tbuf, char *word[], int wpos,
 	int usable_modes, orig_len, len, wlen, i, max;
 	server *serv = sess->server;
 
-	/* sanity check. IRC RFC says three per line but some servers may support less. */
-	if (serv->modes_per_line < 1)
+	/* sanity check. IRC RFC says three per line. */
+	if (serv->modes_per_line < 3)
 		serv->modes_per_line = 3;
 	if (modes_per_line < 1)
 		modes_per_line = serv->modes_per_line;
@@ -880,7 +880,7 @@ inbound_005 (server * serv, char *word[], const message_tags_data *tags_data)
 				g_free (serv->nick_prefixes);
 				g_free (serv->nick_modes);
 				serv->nick_prefixes = g_strdup (pre + 1);
-				serv->nick_modes = g_strdup (tokvalue + 1);
+				serv->nick_modes = g_strdup (tokvalue);
 			} else
 			{
 				/* bad! some ircds don't give us the modes. */

src/common/outbound.c

@@ -903,8 +903,8 @@ cmd_debug (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	while (list)
 	{
 		v = (struct server *) list->data;
-		sprintf (tbuf, "%p %-5d %s\n",
-					v, v->sok, v->servername);
+		sprintf (tbuf, "%p %s\n",
+					v, v->servername);
 		PrintText (sess, tbuf);
 		list = list->next;
 	}
@@ -1414,7 +1414,7 @@ cmd_devoice (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 static int
 cmd_discon (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 {
-	sess->server->disconnect (sess, TRUE, -1);
+	sess->server->disconnect (sess, TRUE, NULL);
 	return TRUE;
 }
 
@@ -1956,7 +1956,7 @@ cmd_quit (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 {
 	if (*word_eol[2])
 		sess->quitreason = word_eol[2];
-	sess->server->disconnect (sess, TRUE, -1);
+	sess->server->disconnect (sess, TRUE, NULL);
 	sess->quitreason = NULL;
 	return 2;
 }
@@ -3216,7 +3216,7 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		{
 			serv = list->data;
 			if (serv->connected)
-				serv->auto_reconnect (serv, TRUE, -1);
+				serv->auto_reconnect (serv, TRUE, NULL);
 			list = list->next;
 		}
 	}
@@ -3249,11 +3249,11 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		if (*word[3+offset])
 			serv->port = atoi (word[3+offset]);
 		safe_strcpy (serv->hostname, word[2+offset], sizeof (serv->hostname));
-		serv->auto_reconnect (serv, TRUE, -1);
+		serv->auto_reconnect (serv, TRUE, NULL);
 	}
 	else
 	{
-		serv->auto_reconnect (serv, TRUE, -1);
+		serv->auto_reconnect (serv, TRUE, NULL);
 	}
 	prefs.hex_net_reconnect_delay = tmp;
 
@@ -3294,6 +3294,7 @@ cmd_send (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	if (!word[2][0])
 		return FALSE;
 
+#if 0
 	addr = dcc_get_my_address (sess);
 	if (addr == 0)
 	{
@@ -3313,6 +3314,7 @@ cmd_send (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		g_snprintf (tbuf, 512, "DCC SEND %s", word_eol[2]);
 
 	handle_command (sess, tbuf, FALSE);
+#endif
 
 	return TRUE;
 }

src/common/proto-irc.c

@@ -503,6 +503,22 @@ process_numeric (session * sess, int n,
 
 		goto def;
 
+	case 4:	/* check the ircd type */
+		serv->use_listargs = FALSE;
+		serv->modes_per_line = 3;		/* default to IRC RFC */
+		if (strncmp (word[5], "bahamut", 7) == 0)				/* DALNet */
+		{
+			serv->use_listargs = TRUE;		/* use the /list args */
+		} else if (strncmp (word[5], "u2.10.", 6) == 0)		/* Undernet */
+		{
+			serv->use_listargs = TRUE;		/* use the /list args */
+			serv->modes_per_line = 6;		/* allow 6 modes per line */
+		} else if (strncmp (word[5], "glx2", 4) == 0)
+		{
+			serv->use_listargs = TRUE;		/* use the /list args */
+		}
+		goto def;
+
 	case 5:
 		inbound_005 (serv, word, tags_data);
 		goto def;

src/common/server.h

@@ -25,7 +25,6 @@ extern GSList *serv_list;
 /* eventually need to keep the tcp_* functions isolated to server.c */
 int tcp_send_len (server *serv, char *buf, int len);
 void tcp_sendf (server *serv, const char *fmt, ...) G_GNUC_PRINTF (2, 3);
-int tcp_send_real (void *ssl, int sok, GIConv write_converter, char *buf, int len);
 
 server *server_new (void);
 int is_server (server *serv);
@@ -39,6 +38,4 @@ void server_free (server *serv);
 void server_away_save_message (server *serv, char *nick, char *msg);
 struct away_msg *server_away_find_message (server *serv, char *nick);
 
-void base64_encode (char *to, char *from, unsigned int len);
-
 #endif

src/common/ssl.c

@@ -1,566 +0,0 @@
-/*
- * ssl.c v0.0.3
- * Copyright (C) 2000  --  DaP <profeta@freemail.c3.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifdef __APPLE__
-#define __AVAILABILITYMACROS__
-#define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
-#endif
-
-#include "inet.h"				  /* make it first to avoid macro redefinitions */
-#include <openssl/ssl.h>		  /* SSL_() */
-#include <openssl/err.h>		  /* ERR_() */
-#include <openssl/x509v3.h>
-#ifdef WIN32
-#include <openssl/rand.h>		  /* RAND_seed() */
-#endif
-#include "config.h"
-#include <time.h>				  /* asctime() */
-#include <string.h>				  /* strncpy() */
-#include "ssl.h"				  /* struct cert_info */
-
-#include <glib.h>
-#include <glib/gprintf.h>
-#include <gio/gio.h>
-#include "util.h"
-
-/* If openssl was built without ec */
-#ifndef SSL_OP_SINGLE_ECDH_USE
-#define SSL_OP_SINGLE_ECDH_USE 0
-#endif
-
-#ifndef SSL_OP_NO_COMPRESSION
-#define SSL_OP_NO_COMPRESSION 0
-#endif
-
-/* globals */
-static struct chiper_info chiper_info;		/* static buffer for _SSL_get_cipher_info() */
-static char err_buf[256];			/* generic error buffer */
-
-
-/* +++++ Internal functions +++++ */
-
-static void
-__SSL_fill_err_buf (char *funcname)
-{
-	int err;
-	char buf[256];
-
-
-	err = ERR_get_error ();
-	ERR_error_string (err, buf);
-	g_snprintf (err_buf, sizeof (err_buf), "%s: %s (%d)\n", funcname, buf, err);
-}
-
-
-static void
-__SSL_critical_error (char *funcname)
-{
-	__SSL_fill_err_buf (funcname);
-	fprintf (stderr, "%s\n", err_buf);
-
-	exit (1);
-}
-
-/* +++++ SSL functions +++++ */
-
-SSL_CTX *
-_SSL_context_init (void (*info_cb_func))
-{
-	SSL_CTX *ctx;
-
-	SSLeay_add_ssl_algorithms ();
-	SSL_load_error_strings ();
-	ctx = SSL_CTX_new (SSLv23_client_method ());
-
-	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
-	SSL_CTX_set_timeout (ctx, 300);
-	SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
-							  |SSL_OP_NO_COMPRESSION
-							  |SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
-							  |SSL_OP_NO_TICKET
-							  |SSL_OP_CIPHER_SERVER_PREFERENCE);
-
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined (OPENSSL_NO_COMP) /* workaround for OpenSSL 0.9.8 */
-	sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
-#endif
-
-	/* used in SSL_connect(), SSL_accept() */
-	SSL_CTX_set_info_callback (ctx, info_cb_func);
-
-	return(ctx);
-}
-
-static void
-ASN1_TIME_snprintf (char *buf, int buf_len, ASN1_TIME * tm)
-{
-	char *expires = NULL;
-	BIO *inMem = BIO_new (BIO_s_mem ());
-
-	ASN1_TIME_print (inMem, tm);
-	BIO_get_mem_data (inMem, &expires);
-	buf[0] = 0;
-	if (expires != NULL)
-	{
-		/* expires is not \0 terminated */
-		safe_strcpy (buf, expires, MIN(24, buf_len));
-	}
-	BIO_free (inMem);
-}
-
-
-static void
-broke_oneline (char *oneline, char *parray[])
-{
-	char *pt, *ppt;
-	int i;
-
-
-	i = 0;
-	ppt = pt = oneline + 1;
-	while ((pt = strchr (pt, '/')))
-	{
-		*pt = 0;
-		parray[i++] = ppt;
-		ppt = ++pt;
-	}
-	parray[i++] = ppt;
-	parray[i] = NULL;
-}
-
-
-/*
-    FIXME: Master-Key, Extensions, CA bits
-	    (openssl x509 -text -in servcert.pem)
-*/
-int
-_SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
-{
-	X509 *peer_cert;
-	X509_PUBKEY *key;
-	X509_ALGOR *algor = NULL;
-	EVP_PKEY *peer_pkey;
-	char notBefore[64];
-	char notAfter[64];
-	int alg;
-	int sign_alg;
-
-
-	if (!(peer_cert = SSL_get_peer_certificate (ssl)))
-		return (1);				  /* FATAL? */
-
-	X509_NAME_oneline (X509_get_subject_name (peer_cert), cert_info->subject,
-							 sizeof (cert_info->subject));
-	X509_NAME_oneline (X509_get_issuer_name (peer_cert), cert_info->issuer,
-							 sizeof (cert_info->issuer));
-	broke_oneline (cert_info->subject, cert_info->subject_word);
-	broke_oneline (cert_info->issuer, cert_info->issuer_word);
-
-	key = X509_get_X509_PUBKEY(peer_cert);
-	if (!X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key))
-		return 1;
-
-	alg = OBJ_obj2nid (algor->algorithm);
-#ifndef HAVE_X509_GET_SIGNATURE_NID
-	sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
-#else
-	sign_alg = X509_get_signature_nid (peer_cert);
-#endif
-	ASN1_TIME_snprintf (notBefore, sizeof (notBefore),
-							  X509_get_notBefore (peer_cert));
-	ASN1_TIME_snprintf (notAfter, sizeof (notAfter),
-							  X509_get_notAfter (peer_cert));
-
-	peer_pkey = X509_get_pubkey (peer_cert);
-
-	safe_strcpy (cert_info->algorithm,
-				(alg == NID_undef) ? "Unknown" : OBJ_nid2ln (alg),
-				sizeof (cert_info->algorithm));
-	cert_info->algorithm_bits = EVP_PKEY_bits (peer_pkey);
-	safe_strcpy (cert_info->sign_algorithm,
-				(sign_alg == NID_undef) ? "Unknown" : OBJ_nid2ln (sign_alg),
-				sizeof (cert_info->sign_algorithm));
-	/* EVP_PKEY_bits(ca_pkey)); */
-	cert_info->sign_algorithm_bits = 0;
-	safe_strcpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
-	safe_strcpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
-
-	EVP_PKEY_free (peer_pkey);
-
-	/* SSL_SESSION_print_fp(stdout, SSL_get_session(ssl)); */
-/*
-	if (ssl->session->sess_cert->peer_rsa_tmp) {
-		tmp_pkey = EVP_PKEY_new();
-		EVP_PKEY_assign_RSA(tmp_pkey, ssl->session->sess_cert->peer_rsa_tmp);
-		cert_info->rsa_tmp_bits = EVP_PKEY_bits (tmp_pkey);
-		EVP_PKEY_free(tmp_pkey);
-	} else
-		fprintf(stderr, "REMOTE SIDE DOESN'T PROVIDES ->peer_rsa_tmp\n");
-*/
-	cert_info->rsa_tmp_bits = 0;
-
-	X509_free (peer_cert);
-
-	return (0);
-}
-
-
-struct chiper_info *
-_SSL_get_cipher_info (SSL * ssl)
-{
-	const SSL_CIPHER *c;
-
-
-	c = SSL_get_current_cipher (ssl);
-	safe_strcpy (chiper_info.version, SSL_CIPHER_get_version (c),
-				sizeof (chiper_info.version));
-	safe_strcpy (chiper_info.chiper, SSL_CIPHER_get_name (c),
-				sizeof (chiper_info.chiper));
-	SSL_CIPHER_get_bits (c, &chiper_info.chiper_bits);
-
-	return (&chiper_info);
-}
-
-
-int
-_SSL_send (SSL * ssl, char *buf, int len)
-{
-	int num;
-
-
-	num = SSL_write (ssl, buf, len);
-
-	switch (SSL_get_error (ssl, num))
-	{
-	case SSL_ERROR_SSL:			  /* setup errno! */
-		/* ??? */
-		__SSL_fill_err_buf ("SSL_write");
-		fprintf (stderr, "%s\n", err_buf);
-		break;
-	case SSL_ERROR_SYSCALL:
-		/* ??? */
-		perror ("SSL_write/write");
-		break;
-	case SSL_ERROR_ZERO_RETURN:
-		/* fprintf(stderr, "SSL closed on write\n"); */
-		break;
-	}
-
-	return (num);
-}
-
-
-int
-_SSL_recv (SSL * ssl, char *buf, int len)
-{
-	int num;
-
-
-	num = SSL_read (ssl, buf, len);
-
-	switch (SSL_get_error (ssl, num))
-	{
-	case SSL_ERROR_SSL:
-		/* ??? */
-		__SSL_fill_err_buf ("SSL_read");
-		fprintf (stderr, "%s\n", err_buf);
-		break;
-	case SSL_ERROR_SYSCALL:
-		/* ??? */
-		if (!would_block ())
-			perror ("SSL_read/read");
-		break;
-	case SSL_ERROR_ZERO_RETURN:
-		/* fprintf(stdeerr, "SSL closed on read\n"); */
-		break;
-	}
-
-	return (num);
-}
-
-
-SSL *
-_SSL_socket (SSL_CTX *ctx, int sd)
-{
-	SSL *ssl;
-	const SSL_METHOD *method;
-
-	if (!(ssl = SSL_new (ctx)))
-		/* FATAL */
-		__SSL_critical_error ("SSL_new");
-
-	SSL_set_fd (ssl, sd);
-
-#ifndef HAVE_SSL_CTX_GET_SSL_METHOD
-	method = ctx->method;
-#else
-	method = SSL_CTX_get_ssl_method (ctx);
-#endif
-	if (method == SSLv23_client_method())
-		SSL_set_connect_state (ssl);
-	else
-	        SSL_set_accept_state(ssl);
-
-	return (ssl);
-}
-
-
-char *
-_SSL_set_verify (SSL_CTX *ctx, void *verify_callback)
-{
-#ifdef DEFAULT_CERT_FILE
-	if (!SSL_CTX_load_verify_locations (ctx, DEFAULT_CERT_FILE, NULL))
-	{
-		__SSL_fill_err_buf ("SSL_CTX_load_verify_locations");
-		return (err_buf);
-	}
-#else
-	if (!SSL_CTX_set_default_verify_paths (ctx))
-	{
-		__SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths");
-		return (err_buf);
-	}
-#endif
-
-	SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, verify_callback);
-
-	return (NULL);
-}
-
-
-void
-_SSL_close (SSL * ssl)
-{
-	SSL_set_shutdown (ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-	SSL_free (ssl);
-#ifdef HAVE_ERR_REMOVE_THREAD_STATE
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
-	/* OpenSSL handles this itself in 1.1+ and this is a no-op */
-	ERR_remove_thread_state (NULL);
-#endif
-#else
-	ERR_remove_state (0);
-#endif
-}
-
-/* Hostname validation code based on OpenBSD's libtls. */
-
-static int
-_SSL_match_hostname (const char *cert_hostname, const char *hostname)
-{
-	const char *cert_domain, *domain, *next_dot;
-
-	if (g_ascii_strcasecmp (cert_hostname, hostname) == 0)
-		return 0;
-
-	/* Wildcard match? */
-	if (cert_hostname[0] == '*')
-	{
-		/*
-		 * Valid wildcards:
-		 * - "*.domain.tld"
-		 * - "*.sub.domain.tld"
-		 * - etc.
-		 * Reject "*.tld".
-		 * No attempt to prevent the use of eg. "*.co.uk".
-		 */
-		cert_domain = &cert_hostname[1];
-		/* Disallow "*"  */
-		if (cert_domain[0] == '\0')
-			return -1;
-		/* Disallow "*foo" */
-		if (cert_domain[0] != '.')
-			return -1;
-		/* Disallow "*.." */
-		if (cert_domain[1] == '.')
-			return -1;
-		next_dot = strchr (&cert_domain[1], '.');
-		/* Disallow "*.bar" */
-		if (next_dot == NULL)
-			return -1;
-		/* Disallow "*.bar.." */
-		if (next_dot[1] == '.')
-			return -1;
-
-		domain = strchr (hostname, '.');
-
-		/* No wildcard match against a hostname with no domain part. */
-		if (domain == NULL || strlen(domain) == 1)
-			return -1;
-
-		if (g_ascii_strcasecmp (cert_domain, domain) == 0)
-			return 0;
-	}
-
-	return -1;
-}
-
-static int
-_SSL_check_subject_altname (X509 *cert, const char *host)
-{
-	STACK_OF(GENERAL_NAME) *altname_stack = NULL;
-	GInetAddress *addr;
-	GSocketFamily family;
-	int type = GEN_DNS;
-	int count, i;
-	int rv = -1;
-
-	altname_stack = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
-	if (altname_stack == NULL)
-		return -1;
-
-	addr = g_inet_address_new_from_string (host);
-	if (addr != NULL)
-	{
-		family = g_inet_address_get_family (addr);
-		if (family == G_SOCKET_FAMILY_IPV4 || family == G_SOCKET_FAMILY_IPV6)
-			type = GEN_IPADD;
-	}
-
-	count = sk_GENERAL_NAME_num(altname_stack);
-	for (i = 0; i < count; i++)
-	{
-		GENERAL_NAME *altname;
-
-		altname = sk_GENERAL_NAME_value (altname_stack, i);
-
-		if (altname->type != type)
-			continue;
-
-		if (type == GEN_DNS)
-		{
-			const unsigned char *data;
-			int format;
-
-			format = ASN1_STRING_type (altname->d.dNSName);
-			if (format == V_ASN1_IA5STRING)
-			{
-#ifdef HAVE_ASN1_STRING_GET0_DATA
-				data = ASN1_STRING_get0_data (altname->d.dNSName);
-#else
-				data = ASN1_STRING_data (altname->d.dNSName);
-#endif
-
-				if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data))
-				{
-					g_warning("NUL byte in subjectAltName, probably a malicious certificate.\n");
-					rv = -2;
-					break;
-				}
-
-				if (_SSL_match_hostname (data, host) == 0)
-				{
-					rv = 0;
-					break;
-				}
-			}
-			else
-				g_warning ("unhandled subjectAltName dNSName encoding (%d)\n", format);
-
-		}
-		else if (type == GEN_IPADD)
-		{
-			const unsigned char *data;
-			const guint8 *addr_bytes;
-			int datalen, addr_len;
-
-			datalen = ASN1_STRING_length (altname->d.iPAddress);
-#ifdef HAVE_ASN1_STRING_GET0_DATA
-			data = ASN1_STRING_get0_data (altname->d.iPAddress);
-#else
-			data = ASN1_STRING_data (altname->d.iPAddress);
-#endif
-
-			addr_bytes = g_inet_address_to_bytes (addr);
-			addr_len = (int)g_inet_address_get_native_size (addr);
-
-			if (datalen == addr_len && memcmp (data, addr_bytes, addr_len) == 0)
-			{
-				rv = 0;
-				break;
-			}
-		}
-	}
-
-	if (addr != NULL)
-		g_object_unref (addr);
-	sk_GENERAL_NAME_pop_free (altname_stack, GENERAL_NAME_free);
-	return rv;
-}
-
-static int
-_SSL_check_common_name (X509 *cert, const char *host)
-{
-	X509_NAME *name;
-	char *common_name = NULL;
-	int common_name_len;
-	int rv = -1;
-	GInetAddress *addr;
-
-	name = X509_get_subject_name (cert);
-	if (name == NULL)
-		return -1;
-
-	common_name_len = X509_NAME_get_text_by_NID (name, NID_commonName, NULL, 0);
-	if (common_name_len < 0)
-		return -1;
-
-	common_name = g_malloc0 (common_name_len + 1);
-
-	X509_NAME_get_text_by_NID (name, NID_commonName, common_name, common_name_len + 1);
-
-	/* NUL bytes in CN? */
-	if (common_name_len != (int)strlen(common_name))
-	{
-		g_warning ("NUL byte in Common Name field, probably a malicious certificate.\n");
-		rv = -2;
-		goto out;
-	}
-
-	if ((addr = g_inet_address_new_from_string (host)) != NULL)
-	{
-		/*
-		 * We don't want to attempt wildcard matching against IP
-		 * addresses, so perform a simple comparison here.
-		 */
-		if (g_strcmp0 (common_name, host) == 0)
-			rv = 0;
-		else
-			rv = -1;
-
-		g_object_unref (addr);
-	}
-	else if (_SSL_match_hostname (common_name, host) == 0)
-		rv = 0;
-
-out:
-	g_free(common_name);
-	return rv;
-}
-
-int
-_SSL_check_hostname (X509 *cert, const char *host)
-{
-	int rv;
-
-	rv = _SSL_check_subject_altname (cert, host);
-	if (rv == 0 || rv == -2)
-		return rv;
-
-	return _SSL_check_common_name (cert, host);
-}

src/common/ssl.h

@@ -1,85 +0,0 @@
-/* HexChat
- * Copyright (C) 1998-2010 Peter Zelezny.
- * Copyright (C) 2009-2013 Berke Viktor.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef HEXCHAT_SSL_H
-#define HEXCHAT_SSL_H
-
-struct cert_info {
-    char subject[256];
-    char *subject_word[12];
-    char issuer[256];
-    char *issuer_word[12];
-    char algorithm[32];
-    int algorithm_bits;
-    char sign_algorithm[32];
-    int sign_algorithm_bits;
-    char notbefore[32];
-    char notafter[32];
-
-    int rsa_tmp_bits;
-};
-
-struct chiper_info {
-    char version[16];
-    char chiper[48];
-    int chiper_bits;
-};
-
-SSL_CTX *_SSL_context_init (void (*info_cb_func));
-#define _SSL_context_free(a)	SSL_CTX_free(a);
-
-SSL *_SSL_socket (SSL_CTX *ctx, int sd);
-char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback));
-/*
-    int SSL_connect(SSL *);
-    int SSL_accept(SSL *);
-    int SSL_get_fd(SSL *);
-*/
-void _SSL_close (SSL * ssl);
-int _SSL_check_hostname(X509 *cert, const char *host);
-int _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl);
-struct chiper_info *_SSL_get_cipher_info (SSL * ssl);
-
-/*char *_SSL_add_keypair (SSL_CTX *ctx, char *privkey, char *cert);*/
-/*void _SSL_add_random_keypair(SSL_CTX *ctx, int bits);*/
-
-int _SSL_send (SSL * ssl, char *buf, int len);
-int _SSL_recv (SSL * ssl, char *buf, int len);
-
-/* misc */
-/*void broke_oneline (char *oneline, char *parray[]);*/
-
-/*char *_SSL_do_cipher_base64(char *buf, int buf_len, char *key, int operation);*/		/* must be freed */
-
-/*void *_SSL_get_sess_obj(SSL *ssl, int type);*/		/* NOT must be freed */
-#define	_SSL_get_sess_pkey(a)	_SSL_get_sess_obj(a, 0)
-#define	_SSL_get_sess_prkey(a)	_SSL_get_sess_obj(a, 1)
-#define	_SSL_get_sess_x509(a)	_SSL_get_sess_obj(a, 2)
-/*char *_SSL_get_obj_base64(void *s, int type);*/		/* must be freed */
-#define	_SSL_get_pkey_base64(a)		_SSL_get_obj_base64(a, 0)
-#define	_SSL_get_prkey_base64(a)	_SSL_get_obj_base64(a, 1)
-#define	_SSL_get_x509_base64(a)		_SSL_get_obj_base64(a, 2)
-/*char *_SSL_get_ctx_obj_base64(SSL_CTX *ctx, int type);*/	/* must be freed */
-#define	_SSL_get_ctx_pkey_base64(a)	_SSL_get_ctx_obj_base64(a, 0)
-#define	_SSL_get_ctx_prkey_base64(a)	_SSL_get_ctx_obj_base64(a, 1)
-#define	_SSL_get_ctx_x509_base64(a)	_SSL_get_ctx_obj_base64(a, 2)
-
-/*int _SSL_verify_x509(X509 *x509);*/
-
-#endif

src/common/text.c

@@ -1323,7 +1323,6 @@ static char * const pevt_connect_help[] = {
 };
 
 static char * const pevt_sconnect_help[] = {
-	"PID"
 };
 
 static char * const pevt_generic_nick_help[] = {

src/common/textevents.in

@@ -787,8 +787,8 @@ n2
 Stop Connection
 XP_TE_STOPCONNECT
 pevt_sconnect_help
-%C23*%O$tStopped previous connection attempt (%C24$1%O)
-1
+%C23*%O$tStopped previous connection attempt
+0
 
 Topic
 XP_TE_TOPIC

src/common/util.c

@@ -56,6 +56,9 @@
 #ifdef USE_OPENSSL
 #include <openssl/bn.h>
 #include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
 #ifndef WIN32
 #include <netinet/in.h>
 #endif
@@ -1550,3 +1553,52 @@ strftime_utf8 (char *dest, gsize destsize, const char *format, time_t time)
 	g_date_free (date);
 	return result;
 }
+
+static void
+three_to_four (char *from, char *to)
+{
+	static const char tab64[64]=
+	{
+		'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P',
+		'Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f',
+		'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
+		'w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/'
+	};
+
+	to[0] = tab64 [ (from[0] >> 2) & 63 ];
+	to[1] = tab64 [ ((from[0] << 4) | (from[1] >> 4)) & 63 ];
+	to[2] = tab64 [ ((from[1] << 2) | (from[2] >> 6)) & 63 ];
+	to[3] = tab64 [ from[2] & 63 ];
+};
+
+void
+base64_encode (char *to, char *from, unsigned int len)
+{
+	while (len >= 3)
+	{
+		three_to_four (from, to);
+		len -= 3;
+		from += 3;
+		to += 4;
+	}
+	if (len)
+	{
+		char three[3] = {0,0,0};
+		unsigned int i;
+		for (i = 0; i < len; i++)
+		{
+			three[i] = *from++;
+		}
+		three_to_four (three, to);
+		if (len == 1)
+		{
+			to[2] = to[3] = '=';
+		}
+		else if (len == 2)
+		{
+			to[3] = '=';
+		}
+		to += 4;
+	};
+	to[0] = 0;
+}

src/common/util.h

@@ -80,4 +80,6 @@ char *encode_sasl_pass_plain (char *user, char *pass);
 char *challengeauth_response (const char *username, const char *password, const char *challenge);
 size_t strftime_validated (char *dest, size_t destsize, const char *format, const struct tm *time);
 gsize strftime_utf8 (char *dest, gsize destsize, const char *format, time_t time);
+void base64_encode (char *to, char *from, unsigned int len);
+
 #endif

src/fe-gtk/notifications/notification-freedesktop.c

@@ -55,7 +55,7 @@ notification_backend_show (const char *title, const char *text)
     g_variant_builder_init (&params, G_VARIANT_TYPE ("(susssasa{sv}i)"));
     g_variant_builder_add (&params, "s", "hexchat"); /* App name */
     g_variant_builder_add (&params, "u", 0); /* ID, 0 means don't replace */
-    g_variant_builder_add (&params, "s", "io.github.Hexchat"); /* App icon */
+    g_variant_builder_add (&params, "s", ""); /* App icon (set from hints instead) */
     g_variant_builder_add (&params, "s", title);
     g_variant_builder_add (&params, "s", text);
     g_variant_builder_add (&params, "as", NULL); /* Actions */

win32/copy/copy.vcxproj

@@ -40,8 +40,7 @@
     <None Include="$(DepsRoot)\bin\gthread-2.0-0.dll" />
     <None Include="$(DepsRoot)\bin\gtk-win32-2.0.dll" />
     <None Include="$(DepsRoot)\bin\iconv.dll" />
-    <None Include="$(DepsRoot)\bin\libcrypto*.dll" />
-    <None Include="$(DepsRoot)\bin\libssl*.dll" />
+    <None Include="$(DepsRoot)\bin\libeay32.dll" />
     <None Include="$(DepsRoot)\bin\libenchant.dll" />
     <None Include="$(DepsRoot)\bin\ffi-7.dll" />
     <None Include="$(DepsRoot)\bin\intl.dll" />
@@ -51,6 +50,7 @@
     <None Include="$(DepsRoot)\bin\pangocairo-1.0-0.dll" />
     <None Include="$(DepsRoot)\bin\pangoft2-1.0-0.dll" />
     <None Include="$(DepsRoot)\bin\pangowin32-1.0-0.dll" />
+    <None Include="$(DepsRoot)\bin\ssleay32.dll" />
     <None Include="$(DepsRoot)\bin\zlib1.dll" />
     <None Include="$(WinSparklePath)\WinSparkle.dll" />
     <None Include="$(HexChatBin)thememan.exe" />

win32/hexchat.props

@@ -15,7 +15,7 @@
 
 		<!-- G_DISABLE_DEPRECATED is unfeasible due to g_completion_* -->
 		<!-- must be buildable with GSEAL_ENABLE in the future, xtext, setup, and chanview-tabs stand in the way -->
-		<OwnFlags>GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_X509_GET_SIGNATURE_NID;HAVE_SSL_CTX_GET_SSL_METHOD;DEFAULT_CERT_FILE="cert.pem";HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline</OwnFlags>
+		<OwnFlags>GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline</OwnFlags>
 		<!-- FIXME: Add ability to use debug builds -->
 		<DepsRoot>$(YourDepsPath)\$(PlatformName)\release</DepsRoot>
 		<GendefPath>$(YourGendefPath)</GendefPath>
@@ -33,7 +33,7 @@
 		<LuaLib>lua51</LuaLib>
 		<Glib>$(DepsRoot)\include\glib-2.0;$(DepsRoot)\lib\glib-2.0\include;$(DepsRoot)\include\libxml2</Glib>
 		<Gtk>$(DepsRoot)\include\gtk-2.0;$(DepsRoot)\lib\gtk-2.0\include;$(DepsRoot)\include\atk-1.0;$(DepsRoot)\include\cairo;$(DepsRoot)\include\pango-1.0;$(DepsRoot)\include\gdk-pixbuf-2.0</Gtk>
-		<DepLibs>gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libcrypto.lib;libssl.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib</DepLibs>
+		<DepLibs>gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libeay32.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib</DepLibs>
 		<DataDir>$(SolutionDir)..\data\\</DataDir>
 		<HexChatBuild>$(SolutionDir)..\..\hexchat-build</HexChatBuild>
 		<HexChatBin>$(HexChatBuild)\$(PlatformName)\bin\</HexChatBin>

win32/installer/hexchat.iss.tt

@@ -138,13 +138,7 @@ Source: "gspawn-win32-helper-console.exe"; DestDir: "{app}"; Flags: ignoreversio
 Source: "gthread-2.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "gtk-win32-2.0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "iconv.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-#if APPARCH == "x64"
-Source: "libcrypto-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-Source: "libssl-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-#else
-Source: "libcrypto-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-Source: "libssl-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-#endif
+Source: "libeay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "libenchant.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "ffi-7.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "intl.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
@@ -154,6 +148,7 @@ Source: "pango-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: l
 Source: "pangocairo-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "pangoft2-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "pangowin32-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
+Source: "ssleay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "zlib1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 
 Source: "plugins\hcnotifications-winrt.dll"; DestDir: "{app}\plugins"; Flags: ignoreversion; Components: libs