Art Cancro [Mon, 10 Jan 2022 22:42:26 +0000 (17:42 -0500)]
ssl ciphers had to be set to its old value of
"ALL:RC4+RSA:+SSLv2:+TLSv1:!MD5:@STRENGTH"
instead of
"DEFAULT"
even though the latter works just fine in WebCit, works just fine
in all protocols on the development host, but causes all sorts of
chaos on Uncensored. I don't know why.
Art Cancro [Mon, 10 Jan 2022 19:54:54 +0000 (14:54 -0500)]
I got a little too eager in removing old cruft from the TLS code. Not setting the correct cipher list broke production in a way that didn't fail in development.
Art Cancro [Mon, 10 Jan 2022 16:59:07 +0000 (11:59 -0500)]
Switch out the key/cert in a critical section (mutex wrapped). This will prevent multiple threads from doing it at once and leaking memory (thanks zcw159357)
Art Cancro [Sat, 8 Jan 2022 18:42:27 +0000 (13:42 -0500)]
When a new certificate is installed, allocate a new ssl_ctx and bind to it; then wait a moment before freeing the old one to let any in-progress binds complete.
Art Cancro [Sat, 8 Jan 2022 18:30:23 +0000 (13:30 -0500)]
Significant cleanup of the code that generates a self-signed certificate. There is no need to keep the CSR around so we don't do that anymore. The remainder of the code contains only what is needed; the rest I had copied from OpenSSL example code 20 years ago and never looked at again.
Art Cancro [Fri, 7 Jan 2022 16:54:54 +0000 (11:54 -0500)]
Removed the local implementation of snprintf() and vsnprintf() that we hacked in two decades ago to work around broken or missing system libraries. Not needed anymore.
Art Cancro [Fri, 7 Jan 2022 16:38:19 +0000 (11:38 -0500)]
ssl_ctx = SSL_CTX_new(SSLv23_server_method()) instead of using a temporary variable f or the server method. (Changed in Citadel Server, WebCit Classic, and WebCit-NG)
Art Cancro [Wed, 5 Jan 2022 18:49:17 +0000 (13:49 -0500)]
When checking to see whether we have to rebind a new key and/or
certificate, the stored "previous value" is now the sum of the
existing key *and* certificate modification times. This causes a
rebind to occur if either file's modification time is touched.
It does not matter if this rolls over on 32-bit systems because
we are only checking to see if the value changed, not for any
particular date comparison.
Art Cancro [Mon, 3 Jan 2022 22:33:19 +0000 (17:33 -0500)]
I went looking for something in the text client, and was reminded
how absolutely rubbish my coding style was in the late 1980s. I did
a few bits of cleanup but most of that code ought to be rewritten.
The good news is that unlike WebCit, I believe we can redo the text
client in place over a period of time.
Art Cancro [Sat, 1 Jan 2022 20:49:08 +0000 (15:49 -0500)]
The "reply" function in webcit-ng now correctly replaces the editor div with
the final rendered version of the message that came back from the server.
It looks nice.
Art Cancro [Wed, 29 Dec 2021 22:53:59 +0000 (17:53 -0500)]
Extend the source_room field all the way into the SMTP delivery loop.
Tested adding SMTP headers directly into the outgoing message at the
moment of transmission -- it worked really well. Temporarily adding
an "X-Citadel-Room:" header as a placeholder, but in the next couple
of commits we will make it a "List-Unsubscribe:" header.
Art Cancro [Wed, 29 Dec 2021 19:47:34 +0000 (14:47 -0500)]
When delivering mailing list messages, populate the sending_room
field of the recipient list. This in turn populates the source_room
directive in the SMTP delivery list, which we will use soon.
Art Cancro [Wed, 29 Dec 2021 16:28:48 +0000 (11:28 -0500)]
Fucking hell. We actually HAVE a "Allow non-subscribers to mail to
this room" flag. I was confused by the poor wording of this option
in the text client, and screwed up the server's behavior when I
rewrote the mailing list server. It's fixed now, and once again
has the correct behavior: anyone can email a room when the flag is
set, and subscribers can email the room regardless of the flag.
Art Cancro [Tue, 28 Dec 2021 21:31:53 +0000 (16:31 -0500)]
WebCit-NG:
* Force webcit to be on the same host as citserver
* Remove local keys directory, use the ones from citserver directory
* Auto re-bind key and cert if either one changes
* Support .well-known directory for static content, supporting HTTP-01
Art Cancro [Mon, 27 Dec 2021 22:30:09 +0000 (17:30 -0500)]
Citadel Server and WebCit (classic) now both reload the key and cert if the modification time of either one changes. This should allow us to replace or renew the certificate during normal operation without restarting.
Art Cancro [Mon, 27 Dec 2021 20:49:38 +0000 (15:49 -0500)]
BIG CHANGES: PAY ATTENTION
1. WebCit must now run on the same host as Citadel Server, which is how everyone runs it anyway.
2. WebCit now uses the SSL key and Certificate from the Citadel Server directory.
Art Cancro [Mon, 27 Dec 2021 19:27:08 +0000 (14:27 -0500)]
Removed the obsolete 'setup' utility. It is not used by any currently supported installation method.
Removed the unfinished 'setup wizard'.
Removed the unused 'tests' directory.
Art Cancro [Wed, 22 Dec 2021 21:46:50 +0000 (16:46 -0500)]
I need to make the static web server just a static web server. I hate working in webcit classic because it's such a tangled mess. The present commit just cleans up some old cruft; there is no actual change in functionality yet. The next couple of commits will attempt to only cache the templates while using a regular file open for everything else. There's no need to cache everything else because the operating system can do it better than we can. KISS principle. Coming soon to a webcit near you.
Art Cancro [Wed, 15 Dec 2021 00:14:51 +0000 (19:14 -0500)]
Slowly becoming a good JavaScript developer. :) Don't pass around div names when we can actually pass around references to the divs themselves. This should shave off a few cycles because we don't have to keep calling document.getElementById()
Art Cancro [Tue, 14 Dec 2021 21:17:53 +0000 (16:17 -0500)]
Major change to the javascript forum view. We now wait for all messages to be loaded before rendering them all in one shot. Rendering works, opening the reply box works, saving a message works, but we still have to figure out how to render a message in the location where it was entered. Or maybe that's not a good idea? Also the scroll_to semantics are broken but we are in a better position to redo this in a simpler way.
Art Cancro [Sat, 11 Dec 2021 01:19:42 +0000 (20:19 -0500)]
It's Friday night, Wesley is out, Sammi is not hungry, and Miss Melissa is asleep on the couch. Instead of making dinner I added URL parameter parsing to the web server. I didn't think we'd need it but I want to be able to transmit some parameters to ENT0 and this seems like a reasonable way to do it.
Art Cancro [Thu, 9 Dec 2021 22:43:17 +0000 (17:43 -0500)]
When delivering mail from a mailing list room, it is not enough to set the Reply-To: header to the room's address; we must set the From: address too. Doing otherwise annoys the recipient's DKIM validators.
Art Cancro [Fri, 26 Nov 2021 05:39:04 +0000 (00:39 -0500)]
Link entry in the editor now works. The example code at https://www.thatsoftwaredude.com/content/8912/create-a-basic-text-editor-in-javascript was a bit naive because it assumes the URL is already known at the moment the user presses the Link button. We open a box for URL entry, but when the user clicks into that box the original selection disappears. So we have to save the selection range in hidden fields so we know where to replace the text.