1. Forum
  2. DOVE-Net
  3. Synchronet Programming C+

  • src/sbbs3/js_socket.c js_socket.h

    From deuce@VERT to CVS commit on Mon Jan 8 22:48:27 2018
    src/sbbs3 js_socket.c 1.181 1.182 js_socket.h 1.3 1.4
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv18537

    Modified Files:
    js_socket.c js_socket.h
    Log Message:
    Fix up TLS sessions.

    1) Only call crpytFlushData() if there *is* data.
    2) Only call cryptFlushData() once per call to do_CryptFlush()
    3) If cryptPushData() does a short write, flush immediately, regardless of
    the preferences
    4) Pass the whole private data pointer to do_CryptFlush() so it can only
    call cryptFlushData() if there's unflushed data
    5) Extend the private data structure to track unflushed data



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Sun Mar 18 23:59:48 2018
    src/sbbs3 js_socket.c 1.217 1.218 js_socket.h 1.5 1.6
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv329

    Modified Files:
    js_socket.c js_socket.h
    Log Message:
    Make peek(), nread, data_waiting, and poll() usable for TLS sockets by recv()ing
    a single byte into a special buffer. Note that peek() and nread will never return/indicate more than a single byte, so scripts which rely on these may
    be inefficient with TLS (websocket stuff appears to use nread heavily).



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Tue Aug 20 18:58:55 2019
    src/sbbs3 js_socket.c 1.240 1.241 js_socket.h 1.6 1.7
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv17530

    Modified Files:
    js_socket.c js_socket.h
    Log Message:
    Fix the "local_port" property for ListeningSocket(). Other properties that depend on a socket descriptor still won't work.


    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sat Feb 24 01:19:34 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/bfa0668e5fc4da86b0dea36c
    Modified Files:
    src/sbbs3/js_socket.c js_socket.h
    Log Message:
    Report getaddrinfo() failure result in Socket.error and error_str (not errno)

    As Nelgin pointed out, a Socket.connect() failure for reasons of address/host lookup failure would report a stale/nonsense Socket.error/error_str value.

    This change required us to query/store the socket API/getaddrinfo error string at the time of failure (for the Socket.error_str property value) rather than converting from number to string at the time the property is read.

    This does mean that sometimes Socket.error is a errno value and sometimes its
    a getaddrinfo (EAI_*) error value. Since the EAI_* values are negative, it should be obvious which is which.
    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Sat Nov 8 13:37:47 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/495ca643bcd016cac27b0a1f
    Modified Files:
    src/sbbs3/js_socket.c js_socket.h
    Log Message:
    Add five new TLS properties to the socket object

    tls_nameverify (defaults to true)
    Ensures the remote hostname is in the certificate.
    Turning this off will allow any valid certificate to be used by the remote
    Only useful for testing, insecure for actual use.

    tls_certverifiy (defaults to true)
    Validates the certificate.
    Only useful for testing. Turning this off basically makes TLS a joke.

    tls_client_auth (defaults to false)
    When set by a server, requires a client certificate for the TLS session.
    When set by a client, will provide the current certificate to the server if requested.

    tls_enhanced_certcheck (defaults to false)
    Checks a bit more of the remote certificate for validity. A small
    number of internet hosts need this disabled to allow TLS, these hosts
    have suspect certificates, but web browsers think they're good enough,
    so we do too by default.

    tls_remote_cert
    This property is a CryptCert object created when a client connection
    is established, and when a server that has tls_client_auth enabled
    accepts a connection. Actually using this object is quite complex
    and painful, but hopefully we can get the Subject Alt Names out of
    it someday, which will allow TLS secured BinkIT sessions to verify
    that the remote is actually connecting from an IP address that maps
    back to the FidoNet node using the domain DNS lookup. With this and
    a reasonable list of trusted CAs (it's not clear what is currently
    used if anything), we can actually have mutually authenticated
    connections from FTN nodes that don't have explicit links
    configured... which would be the first step toward making netmail
    not be trivially spoofable. A lot of work after this still left to
    do though.
    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net