1. Forum
  2. FidoNet
  3. SYNC PROGRAMMING

  • src/sbbs3/ssl.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Wed Mar 5 11:31:02 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/b5b3769123c99c8500377ebc
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Don't set cryptlib_initialized = true until the init is complete

    is_crypt_initialized() does not depend on the once value.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Wed Mar 5 11:36:28 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/fea518c7ae55a66649a81068
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    assert() pthread_mutex assumptions in ssl.c
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on Debian Linux)@1:103/705 to Git commit to main/sbbs/master on Thu Mar 6 12:50:06 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/2adf8468d63418b04cef9c2d
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Log a (notice-level) message when creating a self-signed cert
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Fri Mar 7 17:32:18 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/3122a36b6b0bad4296401ab3
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Fix failure handing in crypt initialization.

    Don't add the atexit() do_cryptEnd() handler until we're not going
    to call cryptEnd() ourselves.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 9 06:51:54 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/d1c741d07362a4a3327532f7
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Incremental backoff on loading SSL cert

    Try for 16 seconds (14 loops) to load the SSL certificate.

    On the first time through the loop, create self-signed certificate
    if configured to do so.

    This also splits the generation of the self-signed certificate into
    a separate function.

    While we're here, split the new SSL epoch out into a separate function
    as well, and explicitly call it when we create a new self-signed
    cert. This at least partially fixes the epoch thing, but there's
    still the possibility of creating it multiple times in the same
    second... the file date isn't really enough.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on Debian Linux)@1:103/705 to Git commit to main/sbbs/master on Wed Aug 6 18:22:42 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/b40af061776e4215e9ebf102
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Remove duplicate log message: "Creating self-signed TLS certificate"

    ... added in commit d1c741d07

    As pointed out in issue #960
    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on ChromeOS)@1:103/705 to Git commit to main/sbbs/master on Wed Aug 6 21:49:04 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/38e2430de193a65ce9586ec5
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Only fail ssl_sync() when ssl.cert doesn't exist, if not self-signing

    This allows letsyncrypt.js to work when the ctrl/ssl.cert file doesn't (initially) exist. The SCFG->System->Security->Create Self-signed Certificate option must be enabled (which is the default).

    This should fix issue #960
    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on ChromeOS)@1:103/705 to Git commit to main/sbbs/master on Wed Aug 6 23:09:06 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/a0fd65fa72b75df176dfbcf3
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    Remove the failure result form ssl_sync if ssl.ccert is missing, altogether

    ... even when create_self_signed_cert is false, because in some cases (e.g. creating a TLS client in JS), a certificate isn't required.

    Related to issue #960
    --- SBBSecho 3.29-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on Debian Linux)@1:103/705 to Git commit to main/sbbs/master on Wed May 6 19:41:52 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/e3c1569fc5a74ca9bb76c62c
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    ssl: assert CRYPTLIB_PATCHES literal is at least 32 chars (CID 483188)

    CRYPTLIB_PATCHES is generated at build time by 3rdp/build/hashpatch.pl
    as a 32-char MD5 plus " -" (36 bytes including NUL). If hashpatch.pl
    fails to run, the macro can be left empty, and the existing
    memcmp(patches, CRYPTLIB_PATCHES, 32) reads 32 bytes off the end of a
    1-byte empty literal — Coverity flags this as OVERRUN. Add a
    _Static_assert at the top of internal_do_cryptInit() so a malformed
    build fails to compile instead of producing a binary that may either
    overrun or run a broken patch check.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on Debian Linux)@1:103/705 to Git commit to main/sbbs/master on Wed May 6 22:36:56 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/0f04514cb45809851b631961
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    ssl: cast DO() to void in get_ssl_cert key load (CID 544155)

    The cryptGetPrivateKey result is captured via the cert_entry->cert out-parameter and the loop's 'cert == -1' check, which is the actual
    condition the caller acts on. The DO() macro return is informational
    only here. Make the discarded return explicit.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on Debian Linux)@1:103/705 to Git commit to main/sbbs/master on Thu May 7 01:03:38 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/a62f38d5ba9491e2c89227d7
    Modified Files:
    src/sbbs3/ssl.c
    Log Message:
    ssl: fix macOS build of internal_do_cryptInit (CID 483188 follow-up)

    e3c1569fc added a _Static_assert that CRYPTLIB_PATCHES is at least
    32 chars, but some build configs (macOS, exec/testbuild.js nightly)
    define it empty to deliberately skip the patch-version check. The
    assert tripped that build.

    Replace the assert with a sizeof() runtime guard wrapping the cryptGetAttributeString / memcmp / asprintf block. Compilers fold
    the sizeof comparison constant per build, so:
    - When CRYPTLIB_PATCHES is the real 36-byte literal, the block is
    kept and Coverity sees the memcmp is safely bounded.
    - When CRYPTLIB_PATCHES is "", the block is dropped entirely and
    we never attempt the 32-byte read past the empty literal.

    GitLab CI pipelines pass; this only affects the nightly testbuild configurations that leave CRYPTLIB_PATCHES empty.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)