mirror of
https://github.com/ChronosX88/psyced.git
synced 2024-12-05 00:22:19 +00:00
recognize gnunet-exit as secure transport
This commit is contained in:
parent
8538a31075
commit
18e72b74cc
@ -11,6 +11,11 @@ vim:nosmarttab:syntax=diff
|
|||||||
| Then again, no. psyced is in low maintenance mode since it roughly
|
| Then again, no. psyced is in low maintenance mode since it roughly
|
||||||
| does what it should and we need a distributed communication system
|
| does what it should and we need a distributed communication system
|
||||||
| such as secushare.org anyway.
|
| such as secushare.org anyway.
|
||||||
|
________________________________________________________________________
|
||||||
|
== LIBPSYC / PSYC2 =====================================================
|
||||||
|
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
|
||||||
|
- check packet and variable lengths for sanity before allocating memory
|
||||||
|
|
||||||
________________________________________________________________________
|
________________________________________________________________________
|
||||||
== NUISANCES worth fixing, possibly ====================================
|
== NUISANCES worth fixing, possibly ====================================
|
||||||
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
|
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
|
||||||
|
@ -102,6 +102,9 @@
|
|||||||
# endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
// virtual IP network of GNUnet exit service
|
||||||
|
#define IS_GNUNET(ip) abbrev("169.254.86.", ip)
|
||||||
|
|
||||||
#define HAS_PORT(PORT, PATH) (defined(PATH) && defined(PORT) && PORT - 0)
|
#define HAS_PORT(PORT, PATH) (defined(PATH) && defined(PORT) && PORT - 0)
|
||||||
// also need HAS_TLS_PORT() ?
|
// also need HAS_TLS_PORT() ?
|
||||||
|
|
||||||
@ -279,6 +282,7 @@
|
|||||||
#define PRIVACY_SURVEILLED 0
|
#define PRIVACY_SURVEILLED 0
|
||||||
#define PRIVACY_UNKNOWN -1
|
#define PRIVACY_UNKNOWN -1
|
||||||
#define PRIVACY_MITMX509 23
|
#define PRIVACY_MITMX509 23
|
||||||
#define PRIVACY_REASONABLE 44
|
#define PRIVACY_REASONABLE 42
|
||||||
|
#define PRIVACY_GOOD 44
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -186,14 +186,12 @@ string tls_bad_cipher(object sock, string scheme) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do not use server technologies like psyced for strong
|
// This function handles safety via TLS, Tor and GNUnet. The
|
||||||
// privacy or anonymity requirements. Get started using
|
// latter of the three is the distributed system you should
|
||||||
// distributed technologies instead. Check out:
|
// be using. --lynX 2016
|
||||||
// http://youbroketheinternet.org
|
//
|
||||||
// http://secushare.org
|
// FIXME: move this function to a different library file...
|
||||||
// But if you're happy with half-baked security, here you
|
// "tls" is no longer appropriate
|
||||||
// have it:
|
|
||||||
// -lynX 2015
|
|
||||||
//
|
//
|
||||||
int probably_private(object source) {
|
int probably_private(object source) {
|
||||||
// object has no TCP to it. you have to ask its circuit.
|
// object has no TCP to it. you have to ask its circuit.
|
||||||
@ -214,6 +212,15 @@ int probably_private(object source) {
|
|||||||
// only the server itself could be considered secure.
|
// only the server itself could be considered secure.
|
||||||
//
|
//
|
||||||
) return PRIVACY_REASONABLE;
|
) return PRIVACY_REASONABLE;
|
||||||
|
//
|
||||||
|
// Coming from GNUnet means that we are ourselves a
|
||||||
|
// GNUnet node. This increases the chances that we
|
||||||
|
// are a private individual's machine in a private
|
||||||
|
// home rather than a server in a computing centre.
|
||||||
|
// Let's guess that is good news.
|
||||||
|
//
|
||||||
|
if (IS_GNUNET(query_ip_number(source))) return PRIVACY_GOOD;
|
||||||
|
//
|
||||||
# if __EFUN_DEFINED__(tls_query_connection_state)
|
# if __EFUN_DEFINED__(tls_query_connection_state)
|
||||||
// Alas, this person is using a TLS/SSL-enhanced
|
// Alas, this person is using a TLS/SSL-enhanced
|
||||||
// access protocol which, unless the client implements
|
// access protocol which, unless the client implements
|
||||||
|
@ -25,6 +25,7 @@ static string safetypin(object o, string ip) {
|
|||||||
SECURE_IP_NUMBER(ip) ? "*" :
|
SECURE_IP_NUMBER(ip) ? "*" :
|
||||||
#endif
|
#endif
|
||||||
is_localhost(ip) ? "=" :
|
is_localhost(ip) ? "=" :
|
||||||
|
IS_GNUNET(ip) ? "#" :
|
||||||
#if __EFUN_DEFINED__(tls_query_connection_state)
|
#if __EFUN_DEFINED__(tls_query_connection_state)
|
||||||
tls_query_connection_state(o) ? "+" :
|
tls_query_connection_state(o) ? "+" :
|
||||||
#endif
|
#endif
|
||||||
|
@ -1602,6 +1602,10 @@ logon() {
|
|||||||
# endif
|
# endif
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
unless (beQuiet) w("_status_circuit_encryption_good",
|
||||||
|
// FIXME: just for fun.. if we want to keep it, it belongs into the textdb
|
||||||
|
"Congratulations. You are using GNUnet's forward secret end-to-end encryption.");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
// cannot if (greeting) here this since jabber:iq:auth depends on this
|
// cannot if (greeting) here this since jabber:iq:auth depends on this
|
||||||
|
Loading…
Reference in New Issue
Block a user