WIP: Use GSocketClient for IRC connections

TODO: - Proxy support (some will be lost along the way) - Remove all OpenSSL usage from fe-gtk? - DCC support?
2021-07-13 22:09:26 -05:00
30 changed files with 607 additions and 1755 deletions
--- a/.github/workflows/msys-build.yml
+++ b/.github/workflows/msys-build.yml
@@ -1,40 +0,0 @@
 name: MSYS2 Build
 on: [push, pull_request]
 jobs:
  build:
    runs-on: windows-latest
    defaults:
      run:
        shell: msys2 {0}
    steps:
      - uses: actions/checkout@v2
      - uses: msys2/setup-msys2@v2
        with:
          install: >-
            mingw-w64-x86_64-gcc
            mingw-w64-x86_64-pkg-config
            mingw-w64-x86_64-python3-cffi
            mingw-w64-x86_64-meson
            mingw-w64-x86_64-gtk2
            mingw-w64-x86_64-luajit
            mingw-w64-x86_64-desktop-file-utils
      - name: Configure
        run: >-
          meson build
          -Dtext-frontend=true
          -Ddbus=disabled
          -Dwith-upd=false
          -Dwith-perl=false
      - name: Build
        run: ninja -C build
      - name: Test
        run: ninja -C build test
      - name: Install
        run: ninja -C build install
--- a/.github/workflows/windows-build.yml
+++ b/.github/workflows/windows-build.yml
@@ -28,7 +28,7 @@ jobs:
          Invoke-WebRequest https://dl.hexchat.net/misc/idpsetup-1.5.1.exe -OutFile deps\idpsetup.exe
          & deps\idpsetup.exe /VERYSILENT
-          Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29-openssl1.1.7z -OutFile deps\gtk-${{ matrix.arch }}.7z
+          Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29.7z -OutFile deps\gtk-${{ matrix.arch }}.7z
          & 7z.exe x deps\gtk-${{ matrix.arch }}.7z -oC:\gtk-build\gtk
          Invoke-WebRequest https://dl.hexchat.net/gtk-win32/gendef-20111031.7z -OutFile deps\gendef.7z
--- a/data/misc/io.github.Hexchat.appdata.xml.in
+++ b/data/misc/io.github.Hexchat.appdata.xml.in
@@ -26,22 +26,6 @@
    <id>hexchat.desktop</id>
  </provides>
  <releases>
    <release date="2021-10-01" version="2.16.0">
      <description>
        <p>This is a feature release:</p>
        <ul>
          <li>Add support for IRCv3 SETNAME, invite-notify, account-tag, standard replies, and UTF8ONLY</li>
          <li>Add support for strikethrough formatting</li>
          <li>Fix text clipping issues by respecting font line height</li>
          <li>Fix URLs not being escaped when opened</li>
          <li>Fix possible hang when showing notifications</li>
          <li>Print ChanServ notices in the front tab by default</li>
          <li>Update network list</li>
          <li>python: Rewrite plugin improving memory usage and compatibility</li>
          <li>fishlim: Add support for CBC and other improvements</li>
        </ul>
      </description>
    </release>
    <release date="2019-12-20" version="2.14.3">
      <description>
        <p>This is a bug-fix release:</p>
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
 project('hexchat', 'c',
-  version: '2.16.0',
+  version: '2.14.3',
  meson_version: '>= 0.47.0',
  default_options: [
    'c_std=gnu89',
@@ -13,7 +13,7 @@ gnome = import('gnome')
 cc = meson.get_compiler('c')
-libgio_dep = dependency('gio-2.0', version: '>= 2.34.0')
+libgio_dep = dependency('gio-2.0', version: '>= 2.44.0')
 libgmodule_dep = dependency('gmodule-2.0')
 libcanberra_dep = dependency('libcanberra', version: '>= 0.22',
@@ -22,7 +22,7 @@ dbus_glib_dep = dependency('dbus-glib-1', required: get_option('dbus'))
 global_deps = []
 if cc.get_id() == 'msvc'
-  libssl_dep = cc.find_library('libssl')
+  libssl_dep = cc.find_library('libeay32')
 else
  libssl_dep = dependency('openssl', version: '>= 0.9.8',
                          required: get_option('tls'))
@@ -46,8 +46,8 @@ config_h.set('G_DISABLE_SINGLE_INCLUDES', true)
 config_h.set('GTK_DISABLE_DEPRECATED', true)
 config_h.set('GTK_DISABLE_SINGLE_INCLUDES', true)
 config_h.set('GDK_PIXBUF_DISABLE_SINGLE_INCLUDES', true)
-config_h.set('GLIB_VERSION_MAX_ALLOWED', 'GLIB_VERSION_2_34')
+config_h.set('GLIB_VERSION_MAX_ALLOWED', 'GLIB_VERSION_2_44')
-config_h.set('GLIB_VERSION_MIN_REQUIRED', 'GLIB_VERSION_2_34')
+config_h.set('GLIB_VERSION_MIN_REQUIRED', 'GLIB_VERSION_2_44')
 # Detected features
 config_h.set('HAVE_MEMRCHR', cc.has_function('memrchr'))
--- a/plugins/fishlim/fishlim.vcxproj
+++ b/plugins/fishlim/fishlim.vcxproj
@@ -29,7 +29,7 @@
  </PropertyGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <ClCompile>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <AdditionalIncludeDirectories>$(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
    </ClCompile>
    <Link>
@@ -40,7 +40,7 @@
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <ClCompile>
-      <PreprocessorDefinitions>WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <AdditionalIncludeDirectories>$(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
    </ClCompile>
    <Link>
--- a/plugins/fishlim/tests/fake/keystore.c
+++ b/plugins/fishlim/tests/fake/keystore.c
@@ -1,4 +1,5 @@
 /*
  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
  Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -21,31 +22,26 @@
 */
-#include "fish.h"
+#include "../../fish.h"
 /**
 * Extracts a key from the key store file.
 */
-char *
+char *keystore_get_key(const char *nick, enum fish_mode *mode) {
 keystore_get_key(const char *nick, enum fish_mode *mode)
 {
    return NULL;
 }
 /**
 * Sets a key in the key store file.
 */
-gboolean
+gboolean keystore_store_key(const char *nick, const char *key, enum fish_mode mode) {
 keystore_store_key(const char *nick, const char *key, enum fish_mode mode)
 {
    return TRUE;
 }
 /**
 * Deletes a nick from the key store.
 */
-gboolean
+gboolean keystore_delete_nick(const char *nick) {
 keystore_delete_nick(const char *nick)
 {
    return TRUE;
 }
--- a/plugins/fishlim/tests/meson.build
+++ b/plugins/fishlim/tests/meson.build
@@ -1,15 +1,17 @@
 subdir('old_version')
 fishlim_test_sources = [
  'tests.c',
-  'mock-keystore.c',
+  'fake/keystore.c',
  '../fish.c',
  '../utils.c',
 ]
 fishlim_tests = executable('fishlim_tests', fishlim_test_sources,
-  dependencies: [libgio_dep, libssl_dep, hexchat_plugin_dep],
+  dependencies: [libgio_dep, libssl_dep],
-  include_directories: include_directories('..'),
+  link_with : fishlim_old_lib
 )
 test('Fishlim Tests', fishlim_tests,
-  protocol: 'tap',
+  timeout: 90
 )
--- a/plugins/fishlim/tests/old_version/fish.c
+++ b/plugins/fishlim/tests/old_version/fish.c
@@ -0,0 +1,155 @@
 /*
  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal
  in the Software without restriction, including without limitation the rights
  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  copies of the Software, and to permit persons to whom the Software is
  furnished to do so, subject to the following conditions:
  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  THE SOFTWARE.
 */
 #ifdef __APPLE__
 #define __AVAILABILITYMACROS__
 #define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
 #endif
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/blowfish.h>
 #include "fish.h"
 #define IB 64
 static const char fish_base64[64] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 static const signed char fish_unbase64[256] = {
    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB,IB,IB,
 /*      !  "  #  $  %  &  '  (    )  *  +  ,  -  .  / */
    IB,IB,IB,IB,IB,IB,IB,IB,  IB,IB,IB,IB,IB,IB, 0, 1,
 /*   0  1  2  3  4  5  6  7    8  9  :  ;  <  =  >  ? */
     2, 3, 4, 5, 6, 7, 8, 9,  10,11,IB,IB,IB,IB,IB,IB,
 /*   @  A  B  C  D  E  F  G    H  I  J  K  L  M  N  O */
    IB,38,39,40,41,42,43,44,  45,46,47,48,49,50,51,52,
 /*   P  Q  R  S  T  U  V  W    X  Y  Z  [  \  ]  ^  _*/
    53,54,55,56,57,58,59,60,  61,62,63,IB,IB,IB,IB,IB,
 /*   `  a  b  c  d  e  f  g    h  i  j  k  l  m  n  o */
    IB,12,13,14,15,16,17,18,  19,20,21,22,23,24,25,26,
 /*   p  q  r  s  t  u  v  w    x  y  z  {  |  }  ~  <del> */
    27,28,29,30,31,32,33,34,  35,36,37,IB,IB,IB,IB,IB,
 };
 #define GET_BYTES(dest, source) do { \
    *((dest)++) = ((source) >> 24) & 0xFF; \
    *((dest)++) = ((source) >> 16) & 0xFF; \
    *((dest)++) = ((source) >> 8) & 0xFF; \
    *((dest)++) = (source) & 0xFF; \
 } while (0);
 char *__old_fish_encrypt(const char *key, size_t keylen, const char *message) {
    BF_KEY bfkey;
    size_t messagelen;
    size_t i;
    int j;
    char *encrypted;
    char *end;
    unsigned char bit;
    unsigned char word;
    unsigned char d;
    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
    messagelen = strlen(message);
    if (messagelen == 0) return NULL;
    encrypted = g_malloc(((messagelen - 1) / 8) * 12 + 12 + 1); /* each 8-byte block becomes 12 bytes */
    end = encrypted;
    while (*message) {
        /* Read 8 bytes (a Blowfish block) */
        BF_LONG binary[2] = { 0, 0 };
        unsigned char c;
        for (i = 0; i < 8; i++) {
            c = message[i];
            binary[i >> 2] |= c << 8*(3 - (i&3));
            if (c == '\0') break;
        }
        message += 8;
        /* Encrypt block */
        BF_encrypt(binary, &bfkey);
        /* Emit FiSH-BASE64 */
        bit = 0;
        word = 1;
        for (j = 0; j < 12; j++) {
            d = fish_base64[(binary[word] >> bit) & 63];
            *(end++) = d;
            bit += 6;
            if (j == 5) {
                bit = 0;
                word = 0;
            }
        }
        /* Stop if a null terminator was found */
        if (c == '\0') break;
    }
    *end = '\0';
    return encrypted;
 }
 char *__old_fish_decrypt(const char *key, size_t keylen, const char *data) {
    BF_KEY bfkey;
    size_t i;
    char *decrypted;
    char *end;
    unsigned char bit;
    unsigned char word;
    unsigned char d;
    BF_set_key(&bfkey, keylen, (const unsigned char*)key);
    decrypted = g_malloc(strlen(data) + 1);
    end = decrypted;
    while (*data) {
        /* Convert from FiSH-BASE64 */
        BF_LONG binary[2] = { 0, 0 };
        bit = 0;
        word = 1;
        for (i = 0; i < 12; i++) {
            d = fish_unbase64[(const unsigned char)*(data++)];
            if (d == IB) goto decrypt_end;
            binary[word] |= (unsigned long)d << bit;
            bit += 6;
            if (i == 5) {
                bit = 0;
                word = 0;
            }
        }
        /* Decrypt block */
        BF_decrypt(binary, &bfkey);
        /* Copy to buffer */
        GET_BYTES(end, binary[0]);
        GET_BYTES(end, binary[1]);
    }
  decrypt_end:
    *end = '\0';
    return decrypted;
 }
--- a/plugins/fishlim/tests/old_version/fish.h
+++ b/plugins/fishlim/tests/old_version/fish.h
@@ -0,0 +1,37 @@
 /*
  Copyright (c) 2010 Samuel Lidén Borell <samuel@kodafritt.se>
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal
  in the Software without restriction, including without limitation the rights
  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  copies of the Software, and to permit persons to whom the Software is
  furnished to do so, subject to the following conditions:
  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  THE SOFTWARE.
 */
 #ifndef FISH_OLD_H
 #define FISH_OLD_H
 #include <stddef.h>
 #include <glib.h>
 char *__old_fish_encrypt(const char *key, size_t keylen, const char *message);
 char *__old_fish_decrypt(const char *key, size_t keylen, const char *data);
 #endif
--- a/plugins/fishlim/tests/old_version/meson.build
+++ b/plugins/fishlim/tests/old_version/meson.build
@@ -0,0 +1,4 @@
 fishlim_old_lib = shared_library('fishlim_old_lib',
  ['fish.c'],
  dependencies: [libgio_dep, libssl_dep],
 )
--- a/plugins/fishlim/tests/tests.c
+++ b/plugins/fishlim/tests/tests.c
@@ -1,4 +1,5 @@
 /*
  Copyright (c) 2020 <bakasura@protonmail.ch>
  Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -21,19 +22,22 @@
 */
-#include <glib.h>
+#ifndef PLUGIN_HEXCHAT_FISHLIM_TEST_H
 #define PLUGIN_HEXCHAT_FISHLIM_TEST_H
-#include "fish.h"
+// Libs
-#include "utils.h"
+#include <glib.h>
 // Project Libs
 #include "../fish.h"
 #include "../utils.h"
 #include "old_version/fish.h"
 /**
 * Auxiliary function: Generate a random string
 * @param out Preallocated string to fill
 * @param len Size of bytes to fill
 */
-static void
+void random_string(char *out, size_t len) {
 random_string(char *out, size_t len)
 {
    GRand *rand = NULL;
    int i = 0;
@@ -47,14 +51,13 @@ random_string(char *out, size_t len)
    g_rand_free(rand);
 }
 /**
- * Check encrypt and decrypt in ECB mode
+ * Check encrypt and decrypt in ECB mode and compare with old implementation
 */
-static void
+void __ecb(void) {
-test_ecb(void)
+    char *bo64 = NULL, *b64 = NULL;
-{
+    char *deo = NULL, *de = NULL;
    char *b64 = NULL;
    char *de = NULL;
    int key_len, message_len = 0;
    char key[57];
    char message[1000];
@@ -68,20 +71,36 @@ test_ecb(void)
            random_string(message, message_len);
            /* Encrypt */
            bo64 = __old_fish_encrypt(key, key_len, message);
            g_assert_nonnull(bo64);
            b64 = fish_encrypt(key, key_len, message, message_len, FISH_ECB_MODE);
            g_assert_nonnull(b64);
            g_assert_cmpuint(g_strcmp0(b64, bo64), == , 0);
            /* Decrypt */
            /* Linear */
            deo = __old_fish_decrypt(key, key_len, bo64);
            de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
-			g_assert_cmpstr (de, ==, message);
+            g_assert_nonnull(deo);
            g_assert_nonnull(de);
            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
            g_free(deo);
            g_free(de);
            /* Mixed */
-            de = fish_decrypt_str(key, key_len, b64, FISH_ECB_MODE);
+            deo = __old_fish_decrypt(key, key_len, b64);
-			g_assert_cmpstr (de, ==, message);
+            de = fish_decrypt_str(key, key_len, bo64, FISH_ECB_MODE);
            g_assert_nonnull(deo);
            g_assert_nonnull(de);
            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
            g_assert_cmpuint(g_strcmp0(deo, message), == , 0);
            g_assert_cmpuint(g_strcmp0(de, deo), == , 0);
            g_free(deo);
            g_free(de);
            /* Free */
            g_free(bo64);
            g_free(b64);
        }
    }
@@ -90,9 +109,7 @@ test_ecb(void)
 /**
 * Check encrypt and decrypt in CBC mode
 */
-static void
+void __cbc(void) {
 test_cbc(void)
 {
    char *b64 = NULL;
    char *de = NULL;
    int key_len, message_len = 0;
@@ -114,9 +131,11 @@ test_cbc(void)
            /* Decrypt */
            /* Linear */
            de = fish_decrypt_str(key, key_len, b64, FISH_CBC_MODE);
-            g_assert_cmpstr (de, ==, message);
+            g_assert_nonnull(de);
            g_assert_cmpuint(g_strcmp0(de, message), == , 0);
            g_free(de);
            /* Free */
            g_free(b64);
        }
    }
@@ -125,14 +144,13 @@ test_cbc(void)
 /**
 * Check the calculation of final length from an encoded string in Base64
 */
-static void
+void __base64_len(void) {
 test_base64_len (void)
 {
    char *b64 = NULL;
    int i, message_len = 0;
    char message[1000];
    for (i = 0; i < 10; ++i) {
        for (message_len = 1; message_len < 1000; ++message_len) {
            random_string(message, message_len);
            b64 = g_base64_encode((const unsigned char *) message, message_len);
@@ -146,9 +164,7 @@ test_base64_len (void)
 /**
 * Check the calculation of final length from an encoded string in BlowcryptBase64
 */
-static void
+void __base64_fish_len(void) {
 test_base64_fish_len (void)
 {
    char *b64 = NULL;
    int i, message_len = 0;
    char message[1000];
@@ -165,12 +181,11 @@ test_base64_fish_len (void)
    }
 }
 /**
 * Check the calculation of final length from an encrypted string in ECB mode
 */
-static void
+void __base64_ecb_len(void) {
 test_base64_ecb_len(void)
 {
    char *b64 = NULL;
    int key_len, message_len = 0;
    char key[57];
@@ -194,9 +209,7 @@ test_base64_ecb_len(void)
 /**
 * Check the calculation of final length from an encrypted string in CBC mode
 */
-static void
+void __base64_cbc_len(void) {
 test_base64_cbc_len(void)
 {
    char *b64 = NULL;
    int key_len, message_len = 0;
    char key[57];
@@ -220,9 +233,7 @@ test_base64_cbc_len(void)
 /**
 * Check the calculation of length limit for a plaintext in each encryption mode
 */
-static void
+void __max_text_command_len(void) {
 test_max_text_command_len(void)
 {
    int max_encoded_len, plaintext_len;
    enum fish_mode mode;
@@ -237,9 +248,7 @@ test_max_text_command_len(void)
 /**
 * Check the calculation of length limit for a plaintext in each encryption mode
 */
-static void
+void __foreach_utf8_data_chunks(void) {
 test_foreach_utf8_data_chunks(void)
 {
    GRand *rand = NULL;
    GString *chunks = NULL;
    int tests, max_chunks_len, chunks_len;
@@ -268,19 +277,21 @@ test_foreach_utf8_data_chunks(void)
    }
 }
-int
+
-main(int argc, char *argv[]) {
+int main(int argc, char *argv[]) {
    g_test_init(&argc, &argv, NULL);
-    g_test_add_func("/fishlim/ecb", test_ecb);
+    g_test_add_func("/fishlim/__ecb", __ecb);
-    g_test_add_func("/fishlim/cbc", test_cbc);
+    g_test_add_func("/fishlim/__cbc", __ecb);
-    g_test_add_func("/fishlim/base64_len", test_base64_len);
+    g_test_add_func("/fishlim/__base64_len", __base64_len);
-    g_test_add_func("/fishlim/base64_fish_len", test_base64_fish_len);
+    g_test_add_func("/fishlim/__base64_fish_len", __base64_fish_len);
-    g_test_add_func("/fishlim/base64_ecb_len", test_base64_ecb_len);
+    g_test_add_func("/fishlim/__base64_ecb_len", __base64_ecb_len);
-    g_test_add_func("/fishlim/base64_cbc_len", test_base64_cbc_len);
+    g_test_add_func("/fishlim/__base64_cbc_len", __base64_cbc_len);
-    g_test_add_func("/fishlim/max_text_command_len", test_max_text_command_len);
+    g_test_add_func("/fishlim/__max_text_command_len", __max_text_command_len);
-    g_test_add_func("/fishlim/foreach_utf8_data_chunks", test_foreach_utf8_data_chunks);
+    g_test_add_func("/fishlim/__foreach_utf8_data_chunks", __foreach_utf8_data_chunks);
    return g_test_run();
 }
 #endif //PLUGIN_HEXCHAT_FISHLIM_TEST_H
--- a/src/common/dcc.c
+++ b/src/common/dcc.c
@@ -487,6 +487,19 @@ dcc_notify_kill (struct server *serv)
 	}
 }
 static int
 tcp_send_real (int sok, GIConv write_converter, char *buf, int len)
 {
 	int ret;
 	gsize buf_encoded_len;
 	gchar *buf_encoded = text_convert_invalid (buf, len, write_converter, arbitrary_encoding_fallback_string, &buf_encoded_len);
 	ret = send (sok, buf_encoded, buf_encoded_len, 0);
 	g_free (buf_encoded);
 	return ret;
 }
 struct DCC *
 dcc_write_chat (char *nick, char *text)
 {
@@ -499,7 +512,7 @@ dcc_write_chat (char *nick, char *text)
 	if (dcc && dcc->dccstat == STAT_ACTIVE)
 	{
 		len = strlen (text);
-		tcp_send_real (NULL, dcc->sok, dcc->serv->write_converter, text, len);
+		tcp_send_real (dcc->sok, dcc->serv->write_converter, text, len);
 		send (dcc->sok, "\n", 1, 0);
 		dcc->size += len;
 		fe_dcc_update (dcc);
@@ -1656,7 +1669,8 @@ dcc_listen_init (struct DCC *dcc, session *sess)
 	memset (&SAddr, 0, sizeof (struct sockaddr_in));
 	len = sizeof (SAddr);
-	getsockname (dcc->serv->sok, (struct sockaddr *) &SAddr, &len);
+	/* TODO: Get rid of raw socket usage */
 	getsockname (g_socket_get_fd (dcc->serv->socket), (struct sockaddr *) &SAddr, &len);
 	SAddr.sin_family = AF_INET;
--- a/src/common/hexchat.c
+++ b/src/common/hexchat.c
@@ -266,7 +266,7 @@ lag_check (void)
 				EMIT_SIGNAL (XP_TE_PINGTIMEOUT, serv->server_session, tbuf, NULL,
 								 NULL, NULL, 0);
 				if (prefs.hex_net_auto_reconnect)
-					serv->auto_reconnect (serv, FALSE, -1);
+					serv->auto_reconnect (serv, FALSE, NULL);
 			}
 			else
 			{
--- a/src/common/hexchat.h
+++ b/src/common/hexchat.h
@@ -39,10 +39,6 @@
 #include "history.h"
 #include "tree.h"
 #ifdef USE_OPENSSL
 #include <openssl/ssl.h>		  /* SSL_() */
 #endif
 #ifdef __EMX__						  /* for o/s 2 */
 #define OFLAGS O_BINARY
 #define g_ascii_strcasecmp stricmp
@@ -434,10 +430,10 @@ typedef struct server
 {
 	/*  server control operations (in server*.c) */
 	void (*connect)(struct server *, char *hostname, int port, int no_login);
-	void (*disconnect)(struct session *, int sendquit, int err);
+	void (*disconnect)(struct session *, int sendquit, GError *err);
 	int  (*cleanup)(struct server *);
 	void (*flush_queue)(struct server *);
-	void (*auto_reconnect)(struct server *, int send_quit, int err);
+	void (*auto_reconnect)(struct server *, int send_quit, GError *err);
 	/* irc protocol functions (in proto*.c) */
 	void (*p_inline)(struct server *, char *buf, int len);
 	void (*p_invite)(struct server *, char *channel, char *nick);
@@ -474,36 +470,25 @@ typedef struct server
 	int (*p_cmp)(const char *s1, const char *s2);
 	int port;
 	int sok;					/* is equal to sok4 or sok6 (the one we are using) */
 	int sok4;					/* tcp4 socket */
 	int sok6;					/* tcp6 socket */
 	int proxy_type;
 	int proxy_sok;				/* Additional information for MS Proxy beast */
 	int proxy_sok4;
 	int proxy_sok6;
 	int id;					/* unique ID number (for plugin API) */
 	/* dcc_ip moved from hexchatprefs to make it per-server */
 	guint32 dcc_ip;
-#ifdef USE_OPENSSL
+	GSocketClient *socket_client;
-	SSL_CTX *ctx;
+	GSocketConnection *socket_conn;
-	SSL *ssl;
+	GSocket *socket; /* Owned by socket_conn */
-	int ssl_do_connect_tag;
+	GCancellable *connection_cancellable;
-#else
+	GTlsCertificate *client_cert;
-	void *ssl;
+	GSource *socket_read_source;
-#endif
+
 	int childread;
 	int childwrite;
 	int childpid;
 	int iotag;
 	int recondelay_tag;				/* reconnect delay timeout */
 	int joindelay_tag;				/* waiting before we send JOIN */
 	char hostname[128];				/* real ip number */
 	char servername[128];			/* what the server says is its name */
 	char password[86];
 	char nick[NICKLEN];
-	char linebuf[8704];				/* RFC says 512 chars including \r\n, IRCv3 message tags add 8191, plus the NUL byte */
+	char linebuf[2048];				/* RFC says 512 chars including \r\n */
 	char *last_away_reason;
 	int pos;								/* current position in linebuf */
 	int nickcount;
--- a/src/common/meson.build
+++ b/src/common/meson.build
@@ -74,7 +74,6 @@ textevents = custom_target('textevents',
 #   HAVE_GTK_MAC
 if libssl_dep.found()
  common_sources += 'ssl.c'
  common_deps += libssl_dep
 endif
--- a/src/common/modes.c
+++ b/src/common/modes.c
@@ -67,8 +67,8 @@ send_channel_modes (session *sess, char *tbuf, char *word[], int wpos,
 	int usable_modes, orig_len, len, wlen, i, max;
 	server *serv = sess->server;
-	/* sanity check. IRC RFC says three per line but some servers may support less. */
+	/* sanity check. IRC RFC says three per line. */
-	if (serv->modes_per_line < 1)
+	if (serv->modes_per_line < 3)
 		serv->modes_per_line = 3;
 	if (modes_per_line < 1)
 		modes_per_line = serv->modes_per_line;
@@ -880,7 +880,7 @@ inbound_005 (server * serv, char *word[], const message_tags_data *tags_data)
 				g_free (serv->nick_prefixes);
 				g_free (serv->nick_modes);
 				serv->nick_prefixes = g_strdup (pre + 1);
-				serv->nick_modes = g_strdup (tokvalue + 1);
+				serv->nick_modes = g_strdup (tokvalue);
 			} else
 			{
 				/* bad! some ircds don't give us the modes. */
--- a/src/common/outbound.c
+++ b/src/common/outbound.c
@@ -903,8 +903,8 @@ cmd_debug (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	while (list)
 	{
 		v = (struct server *) list->data;
-		sprintf (tbuf, "%p %-5d %s\n",
+		sprintf (tbuf, "%p %s\n",
-					v, v->sok, v->servername);
+					v, v->servername);
 		PrintText (sess, tbuf);
 		list = list->next;
 	}
@@ -1414,7 +1414,7 @@ cmd_devoice (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 static int
 cmd_discon (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 {
-	sess->server->disconnect (sess, TRUE, -1);
+	sess->server->disconnect (sess, TRUE, NULL);
 	return TRUE;
 }
@@ -1956,7 +1956,7 @@ cmd_quit (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 {
 	if (*word_eol[2])
 		sess->quitreason = word_eol[2];
-	sess->server->disconnect (sess, TRUE, -1);
+	sess->server->disconnect (sess, TRUE, NULL);
 	sess->quitreason = NULL;
 	return 2;
 }
@@ -3216,7 +3216,7 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		{
 			serv = list->data;
 			if (serv->connected)
-				serv->auto_reconnect (serv, TRUE, -1);
+				serv->auto_reconnect (serv, TRUE, NULL);
 			list = list->next;
 		}
 	}
@@ -3249,11 +3249,11 @@ cmd_reconnect (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		if (*word[3+offset])
 			serv->port = atoi (word[3+offset]);
 		safe_strcpy (serv->hostname, word[2+offset], sizeof (serv->hostname));
-		serv->auto_reconnect (serv, TRUE, -1);
+		serv->auto_reconnect (serv, TRUE, NULL);
 	}
 	else
 	{
-		serv->auto_reconnect (serv, TRUE, -1);
+		serv->auto_reconnect (serv, TRUE, NULL);
 	}
 	prefs.hex_net_reconnect_delay = tmp;
@@ -3294,6 +3294,7 @@ cmd_send (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 	if (!word[2][0])
 		return FALSE;
 #if 0
 	addr = dcc_get_my_address (sess);
 	if (addr == 0)
 	{
@@ -3313,6 +3314,7 @@ cmd_send (struct session *sess, char *tbuf, char *word[], char *word_eol[])
 		g_snprintf (tbuf, 512, "DCC SEND %s", word_eol[2]);
 	handle_command (sess, tbuf, FALSE);
 #endif
 	return TRUE;
 }
--- a/src/common/proto-irc.c
+++ b/src/common/proto-irc.c
@@ -503,6 +503,22 @@ process_numeric (session * sess, int n,
 		goto def;
 	case 4:	/* check the ircd type */
 		serv->use_listargs = FALSE;
 		serv->modes_per_line = 3;		/* default to IRC RFC */
 		if (strncmp (word[5], "bahamut", 7) == 0)				/* DALNet */
 		{
 			serv->use_listargs = TRUE;		/* use the /list args */
 		} else if (strncmp (word[5], "u2.10.", 6) == 0)		/* Undernet */
 		{
 			serv->use_listargs = TRUE;		/* use the /list args */
 			serv->modes_per_line = 6;		/* allow 6 modes per line */
 		} else if (strncmp (word[5], "glx2", 4) == 0)
 		{
 			serv->use_listargs = TRUE;		/* use the /list args */
 		}
 		goto def;
 	case 5:
 		inbound_005 (serv, word, tags_data);
 		goto def;
--- a/src/common/server.c
+++ b/src/common/server.c
--- a/src/common/server.h
+++ b/src/common/server.h
@@ -25,7 +25,6 @@ extern GSList *serv_list;
 /* eventually need to keep the tcp_* functions isolated to server.c */
 int tcp_send_len (server *serv, char *buf, int len);
 void tcp_sendf (server *serv, const char *fmt, ...) G_GNUC_PRINTF (2, 3);
 int tcp_send_real (void *ssl, int sok, GIConv write_converter, char *buf, int len);
 server *server_new (void);
 int is_server (server *serv);
@@ -39,6 +38,4 @@ void server_free (server *serv);
 void server_away_save_message (server *serv, char *nick, char *msg);
 struct away_msg *server_away_find_message (server *serv, char *nick);
 void base64_encode (char *to, char *from, unsigned int len);
 #endif
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -1,566 +0,0 @@
 /*
 * ssl.c v0.0.3
 * Copyright (C) 2000  --  DaP <profeta@freemail.c3.hu>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #ifdef __APPLE__
 #define __AVAILABILITYMACROS__
 #define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
 #endif
 #include "inet.h"				  /* make it first to avoid macro redefinitions */
 #include <openssl/ssl.h>		  /* SSL_() */
 #include <openssl/err.h>		  /* ERR_() */
 #include <openssl/x509v3.h>
 #ifdef WIN32
 #include <openssl/rand.h>		  /* RAND_seed() */
 #endif
 #include "config.h"
 #include <time.h>				  /* asctime() */
 #include <string.h>				  /* strncpy() */
 #include "ssl.h"				  /* struct cert_info */
 #include <glib.h>
 #include <glib/gprintf.h>
 #include <gio/gio.h>
 #include "util.h"
 /* If openssl was built without ec */
 #ifndef SSL_OP_SINGLE_ECDH_USE
 #define SSL_OP_SINGLE_ECDH_USE 0
 #endif
 #ifndef SSL_OP_NO_COMPRESSION
 #define SSL_OP_NO_COMPRESSION 0
 #endif
 /* globals */
 static struct chiper_info chiper_info;		/* static buffer for _SSL_get_cipher_info() */
 static char err_buf[256];			/* generic error buffer */
 /* +++++ Internal functions +++++ */
 static void
 __SSL_fill_err_buf (char *funcname)
 {
 	int err;
 	char buf[256];
 	err = ERR_get_error ();
 	ERR_error_string (err, buf);
 	g_snprintf (err_buf, sizeof (err_buf), "%s: %s (%d)\n", funcname, buf, err);
 }
 static void
 __SSL_critical_error (char *funcname)
 {
 	__SSL_fill_err_buf (funcname);
 	fprintf (stderr, "%s\n", err_buf);
 	exit (1);
 }
 /* +++++ SSL functions +++++ */
 SSL_CTX *
 _SSL_context_init (void (*info_cb_func))
 {
 	SSL_CTX *ctx;
 	SSLeay_add_ssl_algorithms ();
 	SSL_load_error_strings ();
 	ctx = SSL_CTX_new (SSLv23_client_method ());
 	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
 	SSL_CTX_set_timeout (ctx, 300);
 	SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
 							  |SSL_OP_NO_COMPRESSION
 							  |SSL_OP_SINGLE_DH_USE|SSL_OP_SINGLE_ECDH_USE
 							  |SSL_OP_NO_TICKET
 							  |SSL_OP_CIPHER_SERVER_PREFERENCE);
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined (OPENSSL_NO_COMP) /* workaround for OpenSSL 0.9.8 */
 	sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
 #endif
 	/* used in SSL_connect(), SSL_accept() */
 	SSL_CTX_set_info_callback (ctx, info_cb_func);
 	return(ctx);
 }
 static void
 ASN1_TIME_snprintf (char *buf, int buf_len, ASN1_TIME * tm)
 {
 	char *expires = NULL;
 	BIO *inMem = BIO_new (BIO_s_mem ());
 	ASN1_TIME_print (inMem, tm);
 	BIO_get_mem_data (inMem, &expires);
 	buf[0] = 0;
 	if (expires != NULL)
 	{
 		/* expires is not \0 terminated */
 		safe_strcpy (buf, expires, MIN(24, buf_len));
 	}
 	BIO_free (inMem);
 }
 static void
 broke_oneline (char *oneline, char *parray[])
 {
 	char *pt, *ppt;
 	int i;
 	i = 0;
 	ppt = pt = oneline + 1;
 	while ((pt = strchr (pt, '/')))
 	{
 		*pt = 0;
 		parray[i++] = ppt;
 		ppt = ++pt;
 	}
 	parray[i++] = ppt;
 	parray[i] = NULL;
 }
 /*
    FIXME: Master-Key, Extensions, CA bits
 	    (openssl x509 -text -in servcert.pem)
 */
 int
 _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
 {
 	X509 *peer_cert;
 	X509_PUBKEY *key;
 	X509_ALGOR *algor = NULL;
 	EVP_PKEY *peer_pkey;
 	char notBefore[64];
 	char notAfter[64];
 	int alg;
 	int sign_alg;
 	if (!(peer_cert = SSL_get_peer_certificate (ssl)))
 		return (1);				  /* FATAL? */
 	X509_NAME_oneline (X509_get_subject_name (peer_cert), cert_info->subject,
 							 sizeof (cert_info->subject));
 	X509_NAME_oneline (X509_get_issuer_name (peer_cert), cert_info->issuer,
 							 sizeof (cert_info->issuer));
 	broke_oneline (cert_info->subject, cert_info->subject_word);
 	broke_oneline (cert_info->issuer, cert_info->issuer_word);
 	key = X509_get_X509_PUBKEY(peer_cert);
 	if (!X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key))
 		return 1;
 	alg = OBJ_obj2nid (algor->algorithm);
 #ifndef HAVE_X509_GET_SIGNATURE_NID
 	sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
 #else
 	sign_alg = X509_get_signature_nid (peer_cert);
 #endif
 	ASN1_TIME_snprintf (notBefore, sizeof (notBefore),
 							  X509_get_notBefore (peer_cert));
 	ASN1_TIME_snprintf (notAfter, sizeof (notAfter),
 							  X509_get_notAfter (peer_cert));
 	peer_pkey = X509_get_pubkey (peer_cert);
 	safe_strcpy (cert_info->algorithm,
 				(alg == NID_undef) ? "Unknown" : OBJ_nid2ln (alg),
 				sizeof (cert_info->algorithm));
 	cert_info->algorithm_bits = EVP_PKEY_bits (peer_pkey);
 	safe_strcpy (cert_info->sign_algorithm,
 				(sign_alg == NID_undef) ? "Unknown" : OBJ_nid2ln (sign_alg),
 				sizeof (cert_info->sign_algorithm));
 	/* EVP_PKEY_bits(ca_pkey)); */
 	cert_info->sign_algorithm_bits = 0;
 	safe_strcpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
 	safe_strcpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
 	EVP_PKEY_free (peer_pkey);
 	/* SSL_SESSION_print_fp(stdout, SSL_get_session(ssl)); */
 /*
 	if (ssl->session->sess_cert->peer_rsa_tmp) {
 		tmp_pkey = EVP_PKEY_new();
 		EVP_PKEY_assign_RSA(tmp_pkey, ssl->session->sess_cert->peer_rsa_tmp);
 		cert_info->rsa_tmp_bits = EVP_PKEY_bits (tmp_pkey);
 		EVP_PKEY_free(tmp_pkey);
 	} else
 		fprintf(stderr, "REMOTE SIDE DOESN'T PROVIDES ->peer_rsa_tmp\n");
 */
 	cert_info->rsa_tmp_bits = 0;
 	X509_free (peer_cert);
 	return (0);
 }
 struct chiper_info *
 _SSL_get_cipher_info (SSL * ssl)
 {
 	const SSL_CIPHER *c;
 	c = SSL_get_current_cipher (ssl);
 	safe_strcpy (chiper_info.version, SSL_CIPHER_get_version (c),
 				sizeof (chiper_info.version));
 	safe_strcpy (chiper_info.chiper, SSL_CIPHER_get_name (c),
 				sizeof (chiper_info.chiper));
 	SSL_CIPHER_get_bits (c, &chiper_info.chiper_bits);
 	return (&chiper_info);
 }
 int
 _SSL_send (SSL * ssl, char *buf, int len)
 {
 	int num;
 	num = SSL_write (ssl, buf, len);
 	switch (SSL_get_error (ssl, num))
 	{
 	case SSL_ERROR_SSL:			  /* setup errno! */
 		/* ??? */
 		__SSL_fill_err_buf ("SSL_write");
 		fprintf (stderr, "%s\n", err_buf);
 		break;
 	case SSL_ERROR_SYSCALL:
 		/* ??? */
 		perror ("SSL_write/write");
 		break;
 	case SSL_ERROR_ZERO_RETURN:
 		/* fprintf(stderr, "SSL closed on write\n"); */
 		break;
 	}
 	return (num);
 }
 int
 _SSL_recv (SSL * ssl, char *buf, int len)
 {
 	int num;
 	num = SSL_read (ssl, buf, len);
 	switch (SSL_get_error (ssl, num))
 	{
 	case SSL_ERROR_SSL:
 		/* ??? */
 		__SSL_fill_err_buf ("SSL_read");
 		fprintf (stderr, "%s\n", err_buf);
 		break;
 	case SSL_ERROR_SYSCALL:
 		/* ??? */
 		if (!would_block ())
 			perror ("SSL_read/read");
 		break;
 	case SSL_ERROR_ZERO_RETURN:
 		/* fprintf(stdeerr, "SSL closed on read\n"); */
 		break;
 	}
 	return (num);
 }
 SSL *
 _SSL_socket (SSL_CTX *ctx, int sd)
 {
 	SSL *ssl;
 	const SSL_METHOD *method;
 	if (!(ssl = SSL_new (ctx)))
 		/* FATAL */
 		__SSL_critical_error ("SSL_new");
 	SSL_set_fd (ssl, sd);
 #ifndef HAVE_SSL_CTX_GET_SSL_METHOD
 	method = ctx->method;
 #else
 	method = SSL_CTX_get_ssl_method (ctx);
 #endif
 	if (method == SSLv23_client_method())
 		SSL_set_connect_state (ssl);
 	else
 	        SSL_set_accept_state(ssl);
 	return (ssl);
 }
 char *
 _SSL_set_verify (SSL_CTX *ctx, void *verify_callback)
 {
 #ifdef DEFAULT_CERT_FILE
 	if (!SSL_CTX_load_verify_locations (ctx, DEFAULT_CERT_FILE, NULL))
 	{
 		__SSL_fill_err_buf ("SSL_CTX_load_verify_locations");
 		return (err_buf);
 	}
 #else
 	if (!SSL_CTX_set_default_verify_paths (ctx))
 	{
 		__SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths");
 		return (err_buf);
 	}
 #endif
 	SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, verify_callback);
 	return (NULL);
 }
 void
 _SSL_close (SSL * ssl)
 {
 	SSL_set_shutdown (ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
 	SSL_free (ssl);
 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* OpenSSL handles this itself in 1.1+ and this is a no-op */
 	ERR_remove_thread_state (NULL);
 #endif
 #else
 	ERR_remove_state (0);
 #endif
 }
 /* Hostname validation code based on OpenBSD's libtls. */
 static int
 _SSL_match_hostname (const char *cert_hostname, const char *hostname)
 {
 	const char *cert_domain, *domain, *next_dot;
 	if (g_ascii_strcasecmp (cert_hostname, hostname) == 0)
 		return 0;
 	/* Wildcard match? */
 	if (cert_hostname[0] == '*')
 	{
 		/*
 		 * Valid wildcards:
 		 * - "*.domain.tld"
 		 * - "*.sub.domain.tld"
 		 * - etc.
 		 * Reject "*.tld".
 		 * No attempt to prevent the use of eg. "*.co.uk".
 		 */
 		cert_domain = &cert_hostname[1];
 		/* Disallow "*"  */
 		if (cert_domain[0] == '\0')
 			return -1;
 		/* Disallow "*foo" */
 		if (cert_domain[0] != '.')
 			return -1;
 		/* Disallow "*.." */
 		if (cert_domain[1] == '.')
 			return -1;
 		next_dot = strchr (&cert_domain[1], '.');
 		/* Disallow "*.bar" */
 		if (next_dot == NULL)
 			return -1;
 		/* Disallow "*.bar.." */
 		if (next_dot[1] == '.')
 			return -1;
 		domain = strchr (hostname, '.');
 		/* No wildcard match against a hostname with no domain part. */
 		if (domain == NULL || strlen(domain) == 1)
 			return -1;
 		if (g_ascii_strcasecmp (cert_domain, domain) == 0)
 			return 0;
 	}
 	return -1;
 }
 static int
 _SSL_check_subject_altname (X509 *cert, const char *host)
 {
 	STACK_OF(GENERAL_NAME) *altname_stack = NULL;
 	GInetAddress *addr;
 	GSocketFamily family;
 	int type = GEN_DNS;
 	int count, i;
 	int rv = -1;
 	altname_stack = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
 	if (altname_stack == NULL)
 		return -1;
 	addr = g_inet_address_new_from_string (host);
 	if (addr != NULL)
 	{
 		family = g_inet_address_get_family (addr);
 		if (family == G_SOCKET_FAMILY_IPV4 || family == G_SOCKET_FAMILY_IPV6)
 			type = GEN_IPADD;
 	}
 	count = sk_GENERAL_NAME_num(altname_stack);
 	for (i = 0; i < count; i++)
 	{
 		GENERAL_NAME *altname;
 		altname = sk_GENERAL_NAME_value (altname_stack, i);
 		if (altname->type != type)
 			continue;
 		if (type == GEN_DNS)
 		{
 			const unsigned char *data;
 			int format;
 			format = ASN1_STRING_type (altname->d.dNSName);
 			if (format == V_ASN1_IA5STRING)
 			{
 #ifdef HAVE_ASN1_STRING_GET0_DATA
 				data = ASN1_STRING_get0_data (altname->d.dNSName);
 #else
 				data = ASN1_STRING_data (altname->d.dNSName);
 #endif
 				if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data))
 				{
 					g_warning("NUL byte in subjectAltName, probably a malicious certificate.\n");
 					rv = -2;
 					break;
 				}
 				if (_SSL_match_hostname (data, host) == 0)
 				{
 					rv = 0;
 					break;
 				}
 			}
 			else
 				g_warning ("unhandled subjectAltName dNSName encoding (%d)\n", format);
 		}
 		else if (type == GEN_IPADD)
 		{
 			const unsigned char *data;
 			const guint8 *addr_bytes;
 			int datalen, addr_len;
 			datalen = ASN1_STRING_length (altname->d.iPAddress);
 #ifdef HAVE_ASN1_STRING_GET0_DATA
 			data = ASN1_STRING_get0_data (altname->d.iPAddress);
 #else
 			data = ASN1_STRING_data (altname->d.iPAddress);
 #endif
 			addr_bytes = g_inet_address_to_bytes (addr);
 			addr_len = (int)g_inet_address_get_native_size (addr);
 			if (datalen == addr_len && memcmp (data, addr_bytes, addr_len) == 0)
 			{
 				rv = 0;
 				break;
 			}
 		}
 	}
 	if (addr != NULL)
 		g_object_unref (addr);
 	sk_GENERAL_NAME_pop_free (altname_stack, GENERAL_NAME_free);
 	return rv;
 }
 static int
 _SSL_check_common_name (X509 *cert, const char *host)
 {
 	X509_NAME *name;
 	char *common_name = NULL;
 	int common_name_len;
 	int rv = -1;
 	GInetAddress *addr;
 	name = X509_get_subject_name (cert);
 	if (name == NULL)
 		return -1;
 	common_name_len = X509_NAME_get_text_by_NID (name, NID_commonName, NULL, 0);
 	if (common_name_len < 0)
 		return -1;
 	common_name = g_malloc0 (common_name_len + 1);
 	X509_NAME_get_text_by_NID (name, NID_commonName, common_name, common_name_len + 1);
 	/* NUL bytes in CN? */
 	if (common_name_len != (int)strlen(common_name))
 	{
 		g_warning ("NUL byte in Common Name field, probably a malicious certificate.\n");
 		rv = -2;
 		goto out;
 	}
 	if ((addr = g_inet_address_new_from_string (host)) != NULL)
 	{
 		/*
 		 * We don't want to attempt wildcard matching against IP
 		 * addresses, so perform a simple comparison here.
 		 */
 		if (g_strcmp0 (common_name, host) == 0)
 			rv = 0;
 		else
 			rv = -1;
 		g_object_unref (addr);
 	}
 	else if (_SSL_match_hostname (common_name, host) == 0)
 		rv = 0;
 out:
 	g_free(common_name);
 	return rv;
 }
 int
 _SSL_check_hostname (X509 *cert, const char *host)
 {
 	int rv;
 	rv = _SSL_check_subject_altname (cert, host);
 	if (rv == 0 || rv == -2)
 		return rv;
 	return _SSL_check_common_name (cert, host);
 }
--- a/src/common/ssl.h
+++ b/src/common/ssl.h
@@ -1,85 +0,0 @@
 /* HexChat
 * Copyright (C) 1998-2010 Peter Zelezny.
 * Copyright (C) 2009-2013 Berke Viktor.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #ifndef HEXCHAT_SSL_H
 #define HEXCHAT_SSL_H
 struct cert_info {
    char subject[256];
    char *subject_word[12];
    char issuer[256];
    char *issuer_word[12];
    char algorithm[32];
    int algorithm_bits;
    char sign_algorithm[32];
    int sign_algorithm_bits;
    char notbefore[32];
    char notafter[32];
    int rsa_tmp_bits;
 };
 struct chiper_info {
    char version[16];
    char chiper[48];
    int chiper_bits;
 };
 SSL_CTX *_SSL_context_init (void (*info_cb_func));
 #define _SSL_context_free(a)	SSL_CTX_free(a);
 SSL *_SSL_socket (SSL_CTX *ctx, int sd);
 char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback));
 /*
    int SSL_connect(SSL *);
    int SSL_accept(SSL *);
    int SSL_get_fd(SSL *);
 */
 void _SSL_close (SSL * ssl);
 int _SSL_check_hostname(X509 *cert, const char *host);
 int _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl);
 struct chiper_info *_SSL_get_cipher_info (SSL * ssl);
 /*char *_SSL_add_keypair (SSL_CTX *ctx, char *privkey, char *cert);*/
 /*void _SSL_add_random_keypair(SSL_CTX *ctx, int bits);*/
 int _SSL_send (SSL * ssl, char *buf, int len);
 int _SSL_recv (SSL * ssl, char *buf, int len);
 /* misc */
 /*void broke_oneline (char *oneline, char *parray[]);*/
 /*char *_SSL_do_cipher_base64(char *buf, int buf_len, char *key, int operation);*/		/* must be freed */
 /*void *_SSL_get_sess_obj(SSL *ssl, int type);*/		/* NOT must be freed */
 #define	_SSL_get_sess_pkey(a)	_SSL_get_sess_obj(a, 0)
 #define	_SSL_get_sess_prkey(a)	_SSL_get_sess_obj(a, 1)
 #define	_SSL_get_sess_x509(a)	_SSL_get_sess_obj(a, 2)
 /*char *_SSL_get_obj_base64(void *s, int type);*/		/* must be freed */
 #define	_SSL_get_pkey_base64(a)		_SSL_get_obj_base64(a, 0)
 #define	_SSL_get_prkey_base64(a)	_SSL_get_obj_base64(a, 1)
 #define	_SSL_get_x509_base64(a)		_SSL_get_obj_base64(a, 2)
 /*char *_SSL_get_ctx_obj_base64(SSL_CTX *ctx, int type);*/	/* must be freed */
 #define	_SSL_get_ctx_pkey_base64(a)	_SSL_get_ctx_obj_base64(a, 0)
 #define	_SSL_get_ctx_prkey_base64(a)	_SSL_get_ctx_obj_base64(a, 1)
 #define	_SSL_get_ctx_x509_base64(a)	_SSL_get_ctx_obj_base64(a, 2)
 /*int _SSL_verify_x509(X509 *x509);*/
 #endif
--- a/src/common/text.c
+++ b/src/common/text.c
@@ -1323,7 +1323,6 @@ static char * const pevt_connect_help[] = {
 };
 static char * const pevt_sconnect_help[] = {
 	"PID"
 };
 static char * const pevt_generic_nick_help[] = {
--- a/src/common/textevents.in
+++ b/src/common/textevents.in
@@ -787,8 +787,8 @@ n2
 Stop Connection
 XP_TE_STOPCONNECT
 pevt_sconnect_help
-%C23*%O$tStopped previous connection attempt (%C24$1%O)
+%C23*%O$tStopped previous connection attempt
-1
+0
 Topic
 XP_TE_TOPIC
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -56,6 +56,9 @@
 #ifdef USE_OPENSSL
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #ifndef WIN32
 #include <netinet/in.h>
 #endif
@@ -1550,3 +1553,52 @@ strftime_utf8 (char *dest, gsize destsize, const char *format, time_t time)
 	g_date_free (date);
 	return result;
 }
 static void
 three_to_four (char *from, char *to)
 {
 	static const char tab64[64]=
 	{
 		'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P',
 		'Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f',
 		'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
 		'w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/'
 	};
 	to[0] = tab64 [ (from[0] >> 2) & 63 ];
 	to[1] = tab64 [ ((from[0] << 4) | (from[1] >> 4)) & 63 ];
 	to[2] = tab64 [ ((from[1] << 2) | (from[2] >> 6)) & 63 ];
 	to[3] = tab64 [ from[2] & 63 ];
 };
 void
 base64_encode (char *to, char *from, unsigned int len)
 {
 	while (len >= 3)
 	{
 		three_to_four (from, to);
 		len -= 3;
 		from += 3;
 		to += 4;
 	}
 	if (len)
 	{
 		char three[3] = {0,0,0};
 		unsigned int i;
 		for (i = 0; i < len; i++)
 		{
 			three[i] = *from++;
 		}
 		three_to_four (three, to);
 		if (len == 1)
 		{
 			to[2] = to[3] = '=';
 		}
 		else if (len == 2)
 		{
 			to[3] = '=';
 		}
 		to += 4;
 	};
 	to[0] = 0;
 }
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -80,4 +80,6 @@ char *encode_sasl_pass_plain (char *user, char *pass);
 char *challengeauth_response (const char *username, const char *password, const char *challenge);
 size_t strftime_validated (char *dest, size_t destsize, const char *format, const struct tm *time);
 gsize strftime_utf8 (char *dest, gsize destsize, const char *format, time_t time);
 void base64_encode (char *to, char *from, unsigned int len);
 #endif
--- a/src/fe-gtk/notifications/notification-freedesktop.c
+++ b/src/fe-gtk/notifications/notification-freedesktop.c
@@ -55,7 +55,7 @@ notification_backend_show (const char *title, const char *text)
    g_variant_builder_init (&params, G_VARIANT_TYPE ("(susssasa{sv}i)"));
    g_variant_builder_add (&params, "s", "hexchat"); /* App name */
    g_variant_builder_add (&params, "u", 0); /* ID, 0 means don't replace */
-    g_variant_builder_add (&params, "s", "io.github.Hexchat"); /* App icon */
+    g_variant_builder_add (&params, "s", ""); /* App icon (set from hints instead) */
    g_variant_builder_add (&params, "s", title);
    g_variant_builder_add (&params, "s", text);
    g_variant_builder_add (&params, "as", NULL); /* Actions */
--- a/win32/copy/copy.vcxproj
+++ b/win32/copy/copy.vcxproj
@@ -40,8 +40,7 @@
    <None Include="$(DepsRoot)\bin\gthread-2.0-0.dll" />
    <None Include="$(DepsRoot)\bin\gtk-win32-2.0.dll" />
    <None Include="$(DepsRoot)\bin\iconv.dll" />
-    <None Include="$(DepsRoot)\bin\libcrypto*.dll" />
+    <None Include="$(DepsRoot)\bin\libeay32.dll" />
    <None Include="$(DepsRoot)\bin\libssl*.dll" />
    <None Include="$(DepsRoot)\bin\libenchant.dll" />
    <None Include="$(DepsRoot)\bin\ffi-7.dll" />
    <None Include="$(DepsRoot)\bin\intl.dll" />
@@ -51,6 +50,7 @@
    <None Include="$(DepsRoot)\bin\pangocairo-1.0-0.dll" />
    <None Include="$(DepsRoot)\bin\pangoft2-1.0-0.dll" />
    <None Include="$(DepsRoot)\bin\pangowin32-1.0-0.dll" />
    <None Include="$(DepsRoot)\bin\ssleay32.dll" />
    <None Include="$(DepsRoot)\bin\zlib1.dll" />
    <None Include="$(WinSparklePath)\WinSparkle.dll" />
    <None Include="$(HexChatBin)thememan.exe" />
--- a/win32/hexchat.props
+++ b/win32/hexchat.props
@@ -15,7 +15,7 @@
 		<!-- G_DISABLE_DEPRECATED is unfeasible due to g_completion_* -->
 		<!-- must be buildable with GSEAL_ENABLE in the future, xtext, setup, and chanview-tabs stand in the way -->
-		<OwnFlags>GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_X509_GET_SIGNATURE_NID;HAVE_SSL_CTX_GET_SSL_METHOD;DEFAULT_CERT_FILE="cert.pem";HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline</OwnFlags>
+		<OwnFlags>GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline</OwnFlags>
 		<!-- FIXME: Add ability to use debug builds -->
 		<DepsRoot>$(YourDepsPath)\$(PlatformName)\release</DepsRoot>
 		<GendefPath>$(YourGendefPath)</GendefPath>
@@ -33,7 +33,7 @@
 		<LuaLib>lua51</LuaLib>
 		<Glib>$(DepsRoot)\include\glib-2.0;$(DepsRoot)\lib\glib-2.0\include;$(DepsRoot)\include\libxml2</Glib>
 		<Gtk>$(DepsRoot)\include\gtk-2.0;$(DepsRoot)\lib\gtk-2.0\include;$(DepsRoot)\include\atk-1.0;$(DepsRoot)\include\cairo;$(DepsRoot)\include\pango-1.0;$(DepsRoot)\include\gdk-pixbuf-2.0</Gtk>
-		<DepLibs>gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libcrypto.lib;libssl.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib</DepLibs>
+		<DepLibs>gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libeay32.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib</DepLibs>
 		<DataDir>$(SolutionDir)..\data\\</DataDir>
 		<HexChatBuild>$(SolutionDir)..\..\hexchat-build</HexChatBuild>
 		<HexChatBin>$(HexChatBuild)\$(PlatformName)\bin\</HexChatBin>
--- a/win32/installer/hexchat.iss.tt
+++ b/win32/installer/hexchat.iss.tt
@@ -138,13 +138,7 @@ Source: "gspawn-win32-helper-console.exe"; DestDir: "{app}"; Flags: ignoreversio
 Source: "gthread-2.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "gtk-win32-2.0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "iconv.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
-#if APPARCH == "x64"
+Source: "libeay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "libcrypto-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "libssl-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 #else
 Source: "libcrypto-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "libssl-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 #endif
 Source: "libenchant.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "ffi-7.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "intl.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
@@ -154,6 +148,7 @@ Source: "pango-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: l
 Source: "pangocairo-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "pangoft2-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "pangowin32-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "ssleay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "zlib1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs
 Source: "plugins\hcnotifications-winrt.dll"; DestDir: "{app}\plugins"; Flags: ignoreversion; Components: libs