From bb512f60c395ecfbcd651c982601ed25a5157a66 Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Sun, 17 Nov 2013 17:11:25 +0100 Subject: [PATCH 1/3] Make sure server SSL certificate is also validated when using older versions of cuRL by setting CURLOPT_SSL_VERIFYPEER to 1. For explicitness sake, also explicity set CURLOPT_SSL_VERIFYHOST option to a default value of 2. --- push.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/push.cpp b/push.cpp index cb177d2..9692e08 100644 --- a/push.cpp +++ b/push.cpp @@ -1508,6 +1508,9 @@ CURLcode make_curl_request(const CString& service_host, const CString& service_u curl_easy_setopt(curl, CURLOPT_VERBOSE, 1); } + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); + curl_easy_setopt(curl, CURLOPT_URL, url.data()); curl_easy_setopt(curl, CURLOPT_PORT, port); curl_easy_setopt(curl, CURLOPT_USERAGENT, "ZNC Push"); From 3fcc729746ce6e1dea2626f4c36bfdd74c3d52bc Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Sun, 17 Nov 2013 17:18:42 +0100 Subject: [PATCH 2/3] Include module version in the User-Agent header. --- push.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/push.cpp b/push.cpp index 9692e08..126e543 100644 --- a/push.cpp +++ b/push.cpp @@ -52,7 +52,7 @@ class CPushSocket : public CSocket parent = (CPushMod*) p; first = true; crlf = "\r\n"; - user_agent = "ZNC Push"; + user_agent = "ZNC Push/" + CString(PUSHVERSION); } // Implemented after CPushMod @@ -1500,6 +1500,8 @@ CURLcode make_curl_request(const CString& service_host, const CString& service_u curl = curl_easy_init(); + CString user_agent = "ZNC Push/" + CString(PUSHVERSION); + CString url = CString(use_ssl ? "https" : "http") + "://" + service_host + service_url; CString query = build_query_string(params); @@ -1513,7 +1515,7 @@ CURLcode make_curl_request(const CString& service_host, const CString& service_u curl_easy_setopt(curl, CURLOPT_URL, url.data()); curl_easy_setopt(curl, CURLOPT_PORT, port); - curl_easy_setopt(curl, CURLOPT_USERAGENT, "ZNC Push"); + curl_easy_setopt(curl, CURLOPT_USERAGENT, user_agent.c_str()); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 3); // three seconds ought to be good enough for anyone, eh? if (service_auth != "") From f579d6407650edf252f681c9802a413f6db3314c Mon Sep 17 00:00:00 2001 From: Tomaz Muraus Date: Sun, 17 Nov 2013 18:25:27 +0100 Subject: [PATCH 3/3] Update readme. --- README.md | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1208fe9..987ee81 100644 --- a/README.md +++ b/README.md @@ -31,16 +31,26 @@ ZNC Push was created by [John Reese](http://johnmreese.com) and designed to fill personal need. It may not fit your use cases, but any and all feedback would be greatly appreciated. - -Compiling ---------- +Dependencies +------------ If you have installed ZNC from a Linux distribution's repository, you will most likely -need to install the development package before building this module. On Ubuntu, this can +need to install the development package before building this module. On Ubuntu, this can be installed with: $ sudo aptitude install znc-dev +Optionally, if you want to use libcurl for http requests, you also need to install cURL +development header files. + +On Ubuntu, development headers can be installed by installing `libcurl3-dev` or +`libcurl4-openssl-dev` package: + + $ sudo aptitude install libcurl4-openssl-dev + +Compiling +--------- + If you have `make` installed, you can compile the module with: $ make @@ -59,13 +69,16 @@ If you would like to compile ZNC Push using libcurl for http requests, you must If libcurl is not in the default system library paths, you will need to populate `$CXXFLAGS` with the appropriate GCC flags so that it can find and link ZNC Push with libcurl. +Note: You are strongly encouraged to use libcurl transport. The reason for that is, that +the default CSocket transport doesn't verify server's SSL certificate which leaves you +vulnerable to MITM attacks. Installation ------------ Copy the compiled module into your ZNC profile: - $ cp push.so ~/.znc/modules/ + $ make install Now, load the module in ZNC: