diff --git a/doc/sample-ngircd.conf b/doc/sample-ngircd.conf index 1ccc90c6..ee607290 100644 --- a/doc/sample-ngircd.conf +++ b/doc/sample-ngircd.conf @@ -211,7 +211,7 @@ ;Passive = no # Connect to the remote server using TLS/SSL (Default: false) - ; SSLConnect = yes + ;SSLConnect = yes # Define a (case insensitive) mask matching nick names that sould be # treated as IRC services when introduced via this remote server. diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index 79fbd01c..dc165d79 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -151,7 +151,7 @@ Load_DH_params(void) bool ret = true; if (!Conf_SSLOptions.DHFile) { - Log(LOG_NOTICE, "Configuration option \"SSLDHFile\" not set"); + Log(LOG_NOTICE, "Configuration option \"SSLDHFile\" not set!"); return false; } fp = fopen(Conf_SSLOptions.DHFile, "r"); @@ -161,7 +161,8 @@ Load_DH_params(void) } dh_params = PEM_read_DHparams(fp, NULL, NULL, NULL); if (!dh_params) { - Log(LOG_ERR, "%s: PEM_read_DHparams failed", Conf_SSLOptions.DHFile); + Log(LOG_ERR, "%s: PEM_read_DHparams failed!", + Conf_SSLOptions.DHFile); ret = false; } fclose(fp); @@ -194,7 +195,9 @@ Load_DH_params(void) } } if (need_dhgenerate) { - Log(LOG_WARNING, "SSLDHFile not set, generating %u bit DH parameters. This may take a while...", DH_BITS); + Log(LOG_WARNING, + "SSLDHFile not set, generating %u bit DH parameters. This may take a while ...", + DH_BITS); err = gnutls_dh_params_generate2(tmp_dh_params, DH_BITS); if (err < 0) { Log(LOG_ERR, "gnutls_dh_params_generate2: %s", gnutls_strerror(err)); @@ -263,7 +266,7 @@ ConnSSL_InitLibrary( void ) SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_free(ssl_ctx); ssl_ctx = newctx; - Log(LOG_INFO, "%s initialized", SSLeay_version(SSLEAY_VERSION)); + Log(LOG_INFO, "%s initialized.", SSLeay_version(SSLEAY_VERSION)); return true; out: SSL_CTX_free(newctx); @@ -282,7 +285,7 @@ out: } if (!ConnSSL_LoadServerKey_gnutls()) return false; - Log(LOG_INFO, "gnutls %s initialized", gnutls_check_version(NULL)); + Log(LOG_INFO, "gnutls %s initialized.", gnutls_check_version(NULL)); initialized = true; return true; #endif @@ -304,12 +307,13 @@ ConnSSL_LoadServerKey_gnutls(void) cert_file = Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile:Conf_SSLOptions.KeyFile; if (!cert_file) { - Log(LOG_ERR, "Neither Key nor certificate File set"); + Log(LOG_NOTICE, "No SSL server key configured, SSL disabled."); return false; } if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) - Log(LOG_WARNING, "Ignoring KeyFilePassword: Not supported by GNUTLS"); + Log(LOG_WARNING, + "Ignoring KeyFilePassword: Not supported by GNUTLS."); if (!Load_DH_params()) return false; @@ -334,7 +338,7 @@ ConnSSL_LoadServerKey_openssl(SSL_CTX *ctx) assert(ctx); if (!Conf_SSLOptions.KeyFile) { - Log(LOG_NOTICE, "No SSL Server Key configured, ssl disabled"); + Log(LOG_NOTICE, "No SSL server key configured, SSL disabled."); return false; } @@ -544,16 +548,17 @@ ConnSSL_LogCertInfo( CONNECTION *c ) assert( c ); assert( ssl ); - Log( LOG_INFO, "New %s connection using cipher %s on socket %d", + Log(LOG_INFO, "New %s connection using cipher %s on socket %d.", SSL_get_version(ssl), SSL_get_cipher(ssl), c->sock); #endif #ifdef HAVE_LIBGNUTLS gnutls_session_t sess = c->ssl_state.gnutls_session; gnutls_cipher_algorithm_t cipher = gnutls_cipher_get(sess); - Log( LOG_INFO, "New %s connection using cipher %s-%s on socket %d", - gnutls_protocol_get_name(gnutls_protocol_get_version(sess)), - gnutls_cipher_get_name(cipher), gnutls_mac_get_name(gnutls_mac_get(sess)), c->sock); + Log(LOG_INFO, "New %s connection using cipher %s-%s on socket %d.", + gnutls_protocol_get_name(gnutls_protocol_get_version(sess)), + gnutls_cipher_get_name(cipher), + gnutls_mac_get_name(gnutls_mac_get(sess)), c->sock); #endif } diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index b29ad7e3..bd1a5bdd 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -234,12 +234,12 @@ cb_connserver_login_ssl(int sock, short unused) case 0: LogDebug("ConnSSL_Connect: not ready"); return; case -1: - Log(LOG_INFO, "SSL connection on socket %d failed", sock); + Log(LOG_ERR, "SSL connection on socket %d failed!", sock); Conn_Close(idx, "Can't connect!", NULL, false); return; } - Log( LOG_INFO, "SSL Connection %d with \"%s:%d\" established.", idx, + Log( LOG_INFO, "SSL connection %d with \"%s:%d\" established.", idx, My_Connections[idx].host, Conf_Server[Conf_GetServer( idx )].port ); server_login(idx); @@ -346,11 +346,9 @@ Conn_Exit( void ) CONN_ID idx; - LogDebug("Shutting down all connections ..." ); - Conn_ExitListeners(); - /* Sockets schliessen */ + LogDebug("Shutting down all connections ..." ); for( idx = 0; idx < Pool_Size; idx++ ) { if( My_Connections[idx].sock > NONE ) { Conn_Close( idx, NULL, NGIRCd_SignalRestart ? @@ -451,7 +449,8 @@ Conn_ExitListeners( void ) #endif arraylen = array_length(&My_Listeners, sizeof (int)); - Log( LOG_INFO, "Shutting down all listening sockets (%d total)...", arraylen ); + Log(LOG_INFO, + "Shutting down all listening sockets (%d total) ...", arraylen); fd = array_start(&My_Listeners); while(arraylen--) { assert(fd != NULL); @@ -960,7 +959,7 @@ Conn_Close( CONN_ID Idx, char *LogMsg, char *FwdMsg, bool InformClient ) c = Conn_GetClient( Idx ); #ifdef SSL_SUPPORT if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_SSL )) { - Log( LOG_INFO, "SSL Connection %d shutting down", Idx ); + Log(LOG_INFO, "SSL connection %d shutting down ...", Idx); ConnSSL_Free(&My_Connections[Idx]); } #endif @@ -1825,8 +1824,8 @@ cb_Connect_to_Server(int fd, UNUSED short events) len -= sizeof(ng_ipaddr_t); if (len > sizeof(&Conf_Server[i].dst_addr)) { len = sizeof(&Conf_Server[i].dst_addr); - Log(LOG_NOTICE, "Notice: Resolver returned more IP Addresses for host than we can handle," - " additional addresses dropped"); + Log(LOG_NOTICE, + "Notice: Resolver returned more IP Addresses for host than we can handle, additional addresses dropped."); } memcpy(&Conf_Server[i].dst_addr, &dest_addrs[1], len); } diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c index d9428ed4..1f7969df 100644 --- a/src/ngircd/ngircd.c +++ b/src/ngircd/ngircd.c @@ -735,7 +735,8 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) return true; if (!ConnSSL_InitLibrary()) - Log(LOG_WARNING, "Warning: Error during SSL initialization, continuing"); + Log(LOG_WARNING, + "Warning: Error during SSL initialization, continuing ..."); if( Conf_Chroot[0] ) { if( chdir( Conf_Chroot ) != 0 ) { @@ -831,12 +832,12 @@ NGIRCd_Init( bool NGIRCd_NoDaemon ) pwd ? pwd->pw_name : "unknown", Conf_UID, grp ? grp->gr_name : "unknown", Conf_GID, pid); - if ( chrooted ) { - Log( LOG_INFO, "Running chrooted, chrootdir \"%s\".", Conf_Chroot ); + if (chrooted) { + Log(LOG_INFO, "Running with root directory \"%s\".", + Conf_Chroot ); return true; - } else { - Log( LOG_INFO, "Not running chrooted." ); - } + } else + Log(LOG_INFO, "Not running with changed root directory."); /* Change working directory to home directory of the user * we are running as (only when running in daemon mode and not in chroot) */