Rename SSL to TLS.

This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.

NEWS

@@ -18,6 +18,9 @@ v0.8.21-head 2016-xx-xx  The Irssi team <staff@irssi.org>
 	      tag/* and * to ignore whole networks or everything.
 	+ /hilight got a -matchcase flag to hilight case sensitively (#421).
 	+ Always build irssi with TLS support.
+	+ Rename SSL to TLS in the code and add -tls_* versions of the -ssl_*
+	  options to /CONNECT and /SERVER, but make sure the -ssl_* options continue
+	  to work.
 	- IP addresses are no longer stored when resolve_reverse_lookup is
 	  used.
 	- /names and $[...] now uses utf8 string operations (#40, #411).

docs/help/in/connect.in

@@ -5,23 +5,22 @@
 
 %9Parameters:%9
 
-    -4:             Connects using IPv4.
+    -4:                 Connects using IPv4.
-    -6:             Connects using IPv6.
+    -6:                 Connects using IPv6.
-    -ssl:           Connects using SSL encryption.
+    -tls:               Connects using TLS encryption.
-    -ssl_cert:      The SSL client certificate file.
+    -tls_cert:          The TLS client certificate file.
-    -ssl_pkey:      The SSL client private key, if not included in the
+    -tls_pkey:          The TLS client private key, if not included in the certificate file.
-                    certificate file.
+    -tls_pass:          The password for the TLS client private key or certificate.
-    -ssl_pass:      The password for the SSL client private key or certificate.
+    -tls_verify:        Verifies the TLS certificate of the server.
-    -ssl_verify:    Verifies the SSL certificate of the server.
+    -tls_cafile:        The file with the list of CA certificates.
-    -ssl_cafile:    The file with the list of CA certificates.
+    -tls_capath:        The directory which contains the CA certificates.
-    -ssl_capath:    The directory which contains the CA certificates.
+    -tls_ciphers:       TLS cipher suite preference lists.
-    -ssl_ciphers:   SSL cipher suite preference lists.
+    -noproxy:           Ignores the global proxy configuration.
-    -noproxy:       Ignores the global proxy configuration.
+    -network:           The network this connection belongs to.
-    -network:       The network this connection belongs to.
+    -host:              The hostname you would like to connect from.
-    -host:          The hostname you would like to connect from.
+    -rawlog:            Immediately open rawlog after connecting.
-    -rawlog:        Immediately open rawlog after connecting.
+    -!:                 Doesn't autojoin channels.
-    -!:             Doesn't autojoin channels.
+    -noautosendcmd:     Doesn't execute autosendcmd.
-    -noautosendcmd: Doesn't execute autosendcmd.
 
     A network or server to connect to; you can optionally specify a custom port,
     password and nickname.

docs/help/in/server.in

@@ -5,38 +5,38 @@
 
 %9Parameters:%9
 
-    LIST:              Displays the list of servers you are connected to.
+    LIST:               Displays the list of servers you are connected to.
-    CONNECT:           Connects to the given server.
+    CONNECT:            Connects to the given server.
-    ADD:               Adds a server to your configuration.
+    ADD:                Adds a server to your configuration.
-    MODIFY:            Modifies a server in your configuration.
+    MODIFY:             Modifies a server in your configuration.
-    REMOVE:            Removes a server from your configuration.
+    REMOVE:             Removes a server from your configuration.
-    PURGE:             Purges the commands queued to be sent to the server.
+    PURGE:              Purges the commands queued to be sent to the server.
 
-    -!:                Doesn't autojoin the channels.
+    -!:                 Doesn't autojoin the channels.
-    -4:                Connects using IPv4.
+    -4:                 Connects using IPv4.
-    -6:                Connects using IPv6.
+    -6:                 Connects using IPv6.
-    -ssl:              Connects using SSL encryption.
+    -tls:               Connects using TLS encryption.
-    -ssl_cert:         The SSL client certificate file.
+    -tls_cert:          The TLS client certificate file.
-    -ssl_pkey:         The SSL client private key, if not included in the
+    -tls_pkey:          The TLS client private key, if not included in the
-                       certificate file.
+                        certificate file.
-    -ssl_pass:         The password for the SSL client private key or certificate.
+    -tls_pass:          The password for the TLS client private key or certificate.
-    -ssl_verify:       Verifies the SSL certificate of the server.
+    -tls_verify:        Verifies the TLS certificate of the server.
-    -ssl_cafile:       The file with the list of CA certificates.
+    -tls_cafile:        The file with the list of CA certificates.
-    -ssl_capath:       The directory which contains the CA certificates.
+    -tls_capath:        The directory which contains the CA certificates.
-    -ssl_ciphers:      SSL cipher suite preference lists.
+    -tls_ciphers:       TLS cipher suite preference lists.
-    -auto:             Automatically connects to the server on startup.
+    -auto:              Automatically connects to the server on startup.
-    -noauto:           Doesn't connect to the server on startup.
+    -noauto:            Doesn't connect to the server on startup.
-    -network:          The network the server belongs to.
+    -network:           The network the server belongs to.
-    -host:             The hostname you would like to connect from.
+    -host:              The hostname you would like to connect from.
-    -cmdspeed:         Specifies the minimum amount of time, expressed in
+    -cmdspeed:          Specifies the minimum amount of time, expressed in
-                       milliseconds, that the client must wait before sending
+                        milliseconds, that the client must wait before sending
-                       additional commands to the server.
+                        additional commands to the server.
-    -cmdmax:           Specifies the maximum number of commands to perform
+    -cmdmax:            Specifies the maximum number of commands to perform
-                       before starting the internal flood protection.
+                        before starting the internal flood protection.
-    -port:             Specifies the port to connect to the server.
+    -port:              Specifies the port to connect to the server.
-    -noproxy:          Ignores the global proxy configuration.
+    -noproxy:           Ignores the global proxy configuration.
-    -rawlog:           Immediately open rawlog after connecting.
+    -rawlog:            Immediately open rawlog after connecting.
-    -noautosendcmd:    Doesn't execute autosendcmd.
+    -noautosendcmd:     Doesn't execute autosendcmd.
 
     The server, port and network to add, modify or remove; if no argument is
     given, the list of servers you are connected to will be returned.

src/core/chat-commands.c

@@ -99,27 +99,27 @@ static SERVER_CONNECT_REC *get_server_connect(const char *data, int *plus_addr,
 	else if (g_hash_table_lookup(optlist, "4") != NULL)
 		conn->family = AF_INET;
 
-	if (g_hash_table_lookup(optlist, "ssl") != NULL)
+	if (g_hash_table_lookup(optlist, "tls") != NULL || g_hash_table_lookup(optlist, "ssl") != NULL)
-		conn->use_ssl = TRUE;
+		conn->use_tls = TRUE;
-	if ((tmp = g_hash_table_lookup(optlist, "ssl_cert")) != NULL)
+	if ((tmp = g_hash_table_lookup(optlist, "tls_cert")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_cert")) != NULL)
-		conn->ssl_cert = g_strdup(tmp);
+		conn->tls_cert = g_strdup(tmp);
-	if ((tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL)
+	if ((tmp = g_hash_table_lookup(optlist, "tls_pkey")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL)
-		conn->ssl_pkey = g_strdup(tmp);
+		conn->tls_pkey = g_strdup(tmp);
-	if ((tmp = g_hash_table_lookup(optlist, "ssl_pass")) != NULL)
+	if ((tmp = g_hash_table_lookup(optlist, "tls_pass")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_pass")) != NULL)
-		conn->ssl_pass = g_strdup(tmp);
+		conn->tls_pass = g_strdup(tmp);
-	if (g_hash_table_lookup(optlist, "ssl_verify") != NULL)
+	if (g_hash_table_lookup(optlist, "tls_verify") != NULL || g_hash_table_lookup(optlist, "ssl_verify") != NULL)
-		conn->ssl_verify = TRUE;
+		conn->tls_verify = TRUE;
-	if ((tmp = g_hash_table_lookup(optlist, "ssl_cafile")) != NULL)
+	if ((tmp = g_hash_table_lookup(optlist, "tls_cafile")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_cafile")) != NULL)
-		conn->ssl_cafile = g_strdup(tmp);
+		conn->tls_cafile = g_strdup(tmp);
-	if ((tmp = g_hash_table_lookup(optlist, "ssl_capath")) != NULL)
+	if ((tmp = g_hash_table_lookup(optlist, "tls_capath")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_capath")) != NULL)
-		conn->ssl_capath = g_strdup(tmp);
+		conn->tls_capath = g_strdup(tmp);
-	if ((tmp = g_hash_table_lookup(optlist, "ssl_ciphers")) != NULL)
+	if ((tmp = g_hash_table_lookup(optlist, "tls_ciphers")) != NULL || (tmp = g_hash_table_lookup(optlist, "ssl_ciphers")) != NULL)
-		conn->ssl_ciphers = g_strdup(tmp);
+		conn->tls_ciphers = g_strdup(tmp);
-	if ((conn->ssl_capath != NULL && conn->ssl_capath[0] != '\0')
+	if ((conn->tls_capath != NULL && conn->tls_capath[0] != '\0')
-	||  (conn->ssl_cafile != NULL && conn->ssl_cafile[0] != '\0'))
+	||  (conn->tls_cafile != NULL && conn->tls_cafile[0] != '\0'))
-		conn->ssl_verify = TRUE;
+		conn->tls_verify = TRUE;
-	if ((conn->ssl_cert != NULL && conn->ssl_cert[0] != '\0') || conn->ssl_verify)
+	if ((conn->tls_cert != NULL && conn->tls_cert[0] != '\0') || conn->tls_verify)
-		conn->use_ssl = TRUE;
+		conn->use_tls = TRUE;
 
 	if (g_hash_table_lookup(optlist, "!") != NULL)
 		conn->no_autojoin_channels = TRUE;
@@ -494,7 +494,7 @@ void chat_commands_init(void)
 	signal_add("default command server", (SIGNAL_FUNC) sig_default_command_server);
 	signal_add("server sendmsg", (SIGNAL_FUNC) sig_server_sendmsg);
 
-	command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +host noproxy -rawlog noautosendcmd");
+	command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers +host noproxy -rawlog noautosendcmd");
 	command_set_options("msg", "channel nick");
 }
 

src/core/network-openssl.c

@@ -455,13 +455,13 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_
 	SSL *ssl;
 	SSL_CTX *ctx = NULL;
 
-	const char *mycert = server->connrec->ssl_cert;
+	const char *mycert = server->connrec->tls_cert;
-	const char *mypkey = server->connrec->ssl_pkey;
+	const char *mypkey = server->connrec->tls_pkey;
-	const char *mypass = server->connrec->ssl_pass;
+	const char *mypass = server->connrec->tls_pass;
-	const char *cafile = server->connrec->ssl_cafile;
+	const char *cafile = server->connrec->tls_cafile;
-	const char *capath = server->connrec->ssl_capath;
+	const char *capath = server->connrec->tls_capath;
-	const char *ciphers = server->connrec->ssl_ciphers;
+	const char *ciphers = server->connrec->tls_ciphers;
-	gboolean verify = server->connrec->ssl_verify;
+	gboolean verify = server->connrec->tls_verify;
 
 	g_return_val_if_fail(handle != NULL, NULL);
 
@@ -480,7 +480,8 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_
 	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 	SSL_CTX_set_default_passwd_cb(ctx, get_pem_password_callback);
 	SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)mypass);
-	if (ciphers && *ciphers) {
+
+	if (ciphers != NULL && ciphers[0] != '\0') {
 		if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1)
 			g_warning("No valid SSL cipher suite could be selected");
 	}

src/core/server-connect-rec.h

@@ -23,12 +23,12 @@ char *nick;
 char *username;
 char *realname;
 
-char *ssl_cert;
+char *tls_cert;
-char *ssl_pkey;
+char *tls_pkey;
-char *ssl_pass;
+char *tls_pass;
-char *ssl_cafile;
+char *tls_cafile;
-char *ssl_capath;
+char *tls_capath;
-char *ssl_ciphers;
+char *tls_ciphers;
 
 GIOChannel *connect_handle; /* connect using this handle */
 
@@ -38,8 +38,8 @@ unsigned int reconnecting:1; /* we're trying to reconnect any connection */
 unsigned int no_autojoin_channels:1; /* don't autojoin any channels */
 unsigned int no_autosendcmd:1; /* don't execute autosendcmd */
 unsigned int unix_socket:1; /* Connect using named unix socket */
-unsigned int use_ssl:1; /* this connection uses SSL */
+unsigned int use_tls:1; /* this connection uses TLS */
-unsigned int ssl_verify:1;
+unsigned int tls_verify:1;
 unsigned int no_connect:1; /* don't connect() at all, it's done by plugin */
 char *channels;
 char *away_reason;

src/core/server-setup-rec.h

@@ -11,12 +11,12 @@ char *password;
 int sasl_mechanism;
 char *sasl_password;
 
-char *ssl_cert;
+char *tls_cert;
-char *ssl_pkey;
+char *tls_pkey;
-char *ssl_pass;
+char *tls_pass;
-char *ssl_cafile;
+char *tls_cafile;
-char *ssl_capath;
+char *tls_capath;
-char *ssl_ciphers;
+char *tls_ciphers;
 
 char *own_host; /* address to use when connecting this server */
 IPADDR *own_ip4, *own_ip6; /* resolved own_address if not NULL */
@@ -28,7 +28,7 @@ unsigned int no_proxy:1;
 unsigned int last_failed:1; /* if last connection attempt failed */
 unsigned int banned:1; /* if we're banned from this server */
 unsigned int dns_error:1; /* DNS said the host doesn't exist */
-unsigned int use_ssl:1; /* this connection uses SSL */
+unsigned int use_tls:1; /* this connection uses TLS */
-unsigned int ssl_verify:1;
+unsigned int tls_verify:1;
 
 GHashTable *module_data;

src/core/servers-reconnect.c

@@ -192,13 +192,13 @@ server_connect_copy_skeleton(SERVER_CONNECT_REC *src, int connect_info)
 	dest->no_autosendcmd = src->no_autosendcmd;
 	dest->unix_socket = src->unix_socket;
 
-	dest->use_ssl = src->use_ssl;
+	dest->use_tls = src->use_tls;
-	dest->ssl_cert = g_strdup(src->ssl_cert);
+	dest->tls_cert = g_strdup(src->tls_cert);
-	dest->ssl_pkey = g_strdup(src->ssl_pkey);
+	dest->tls_pkey = g_strdup(src->tls_pkey);
-	dest->ssl_verify = src->ssl_verify;
+	dest->tls_verify = src->tls_verify;
-	dest->ssl_cafile = g_strdup(src->ssl_cafile);
+	dest->tls_cafile = g_strdup(src->tls_cafile);
-	dest->ssl_capath = g_strdup(src->ssl_capath);
+	dest->tls_capath = g_strdup(src->tls_capath);
-	dest->ssl_ciphers = g_strdup(src->ssl_ciphers);
+	dest->tls_ciphers = g_strdup(src->tls_ciphers);
 
 	return dest;
 }

src/core/servers-setup.c

@@ -167,20 +167,20 @@ static void server_setup_fill_server(SERVER_CONNECT_REC *conn,
 	if (sserver->port > 0 && conn->port <= 0)
 		conn->port = sserver->port;
 
-	conn->use_ssl = sserver->use_ssl;
+	conn->use_tls = sserver->use_tls;
-	if (conn->ssl_cert == NULL && sserver->ssl_cert != NULL && sserver->ssl_cert[0] != '\0')
+	if (conn->tls_cert == NULL && sserver->tls_cert != NULL && sserver->tls_cert[0] != '\0')
-		conn->ssl_cert = g_strdup(sserver->ssl_cert);
+		conn->tls_cert = g_strdup(sserver->tls_cert);
-	if (conn->ssl_pkey == NULL && sserver->ssl_pkey != NULL && sserver->ssl_pkey[0] != '\0')
+	if (conn->tls_pkey == NULL && sserver->tls_pkey != NULL && sserver->tls_pkey[0] != '\0')
-		conn->ssl_pkey = g_strdup(sserver->ssl_pkey);
+		conn->tls_pkey = g_strdup(sserver->tls_pkey);
-	if (conn->ssl_pass == NULL && sserver->ssl_pass != NULL && sserver->ssl_pass[0] != '\0')
+	if (conn->tls_pass == NULL && sserver->tls_pass != NULL && sserver->tls_pass[0] != '\0')
-		conn->ssl_pass = g_strdup(sserver->ssl_pass);
+		conn->tls_pass = g_strdup(sserver->tls_pass);
-	conn->ssl_verify = sserver->ssl_verify;
+	conn->tls_verify = sserver->tls_verify;
-	if (conn->ssl_cafile == NULL && sserver->ssl_cafile != NULL && sserver->ssl_cafile[0] != '\0')
+	if (conn->tls_cafile == NULL && sserver->tls_cafile != NULL && sserver->tls_cafile[0] != '\0')
-		conn->ssl_cafile = g_strdup(sserver->ssl_cafile);
+		conn->tls_cafile = g_strdup(sserver->tls_cafile);
-	if (conn->ssl_capath == NULL && sserver->ssl_capath != NULL && sserver->ssl_capath[0] != '\0')
+	if (conn->tls_capath == NULL && sserver->tls_capath != NULL && sserver->tls_capath[0] != '\0')
-		conn->ssl_capath = g_strdup(sserver->ssl_capath);
+		conn->tls_capath = g_strdup(sserver->tls_capath);
-	if (conn->ssl_ciphers == NULL && sserver->ssl_ciphers != NULL && sserver->ssl_ciphers[0] != '\0')
+	if (conn->tls_ciphers == NULL && sserver->tls_ciphers != NULL && sserver->tls_ciphers[0] != '\0')
-		conn->ssl_ciphers = g_strdup(sserver->ssl_ciphers);
+		conn->tls_ciphers = g_strdup(sserver->tls_ciphers);
 
 	server_setup_fill_reconn(conn, sserver);
 
@@ -362,9 +362,10 @@ SERVER_SETUP_REC *server_setup_find(const char *address, int port,
 static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node)
 {
 	SERVER_SETUP_REC *rec;
-        CHATNET_REC *chatnetrec;
+	CHATNET_REC *chatnetrec;
 	char *server, *chatnet, *family;
 	int port;
+	char *value = NULL;
 
 	g_return_val_if_fail(node != NULL, NULL);
 
@@ -390,7 +391,7 @@ static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node)
 		chatnet_create(chatnetrec);
 	}
 
-        family = config_node_get_str(node, "family", "");
+	family = config_node_get_str(node, "family", "");
 
 	rec = CHAT_PROTOCOL(chatnetrec)->create_server_setup();
 	rec->type = module_get_uniq_id("SERVER SETUP", 0);
@@ -400,18 +401,45 @@ static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node)
 		(g_ascii_strcasecmp(family, "inet") == 0 ? AF_INET : 0);
 	rec->address = g_strdup(server);
 	rec->password = g_strdup(config_node_get_str(node, "password", NULL));
-	rec->use_ssl = config_node_get_bool(node, "use_ssl", FALSE);
+
-	rec->ssl_cert = g_strdup(config_node_get_str(node, "ssl_cert", NULL));
+	rec->use_tls = config_node_get_bool(node, "use_tls", FALSE) || config_node_get_bool(node, "use_ssl", FALSE);
-	rec->ssl_pkey = g_strdup(config_node_get_str(node, "ssl_pkey", NULL));
+	rec->tls_verify = config_node_get_bool(node, "tls_verify", FALSE) || config_node_get_bool(node, "ssl_verify", FALSE);
-	rec->ssl_pass = g_strdup(config_node_get_str(node, "ssl_pass", NULL));
+
-	rec->ssl_verify = config_node_get_bool(node, "ssl_verify", FALSE);
+	value = config_node_get_str(node, "tls_cert", NULL);
-	rec->ssl_cafile = g_strdup(config_node_get_str(node, "ssl_cafile", NULL));
+	if (value == NULL)
-	rec->ssl_capath = g_strdup(config_node_get_str(node, "ssl_capath", NULL));
+		value = config_node_get_str(node, "ssl_cert", NULL);
-	rec->ssl_ciphers = g_strdup(config_node_get_str(node, "ssl_ciphers", NULL));
+	rec->tls_cert = g_strdup(value);
-	if (rec->ssl_cafile || rec->ssl_capath)
+
-		rec->ssl_verify = TRUE;
+	value = config_node_get_str(node, "tls_pkey", NULL);
-	if (rec->ssl_cert != NULL || rec->ssl_verify)
+	if (value == NULL)
-		rec->use_ssl = TRUE;
+		value = config_node_get_str(node, "ssl_pkey", NULL);
+	rec->tls_pkey = g_strdup(value);
+
+	value = config_node_get_str(node, "tls_pass", NULL);
+	if (value == NULL)
+		value = config_node_get_str(node, "ssl_pass", NULL);
+	rec->tls_pass = g_strdup(value);
+
+	value = config_node_get_str(node, "tls_cafile", NULL);
+	if (value == NULL)
+		value = config_node_get_str(node, "ssl_cafile", NULL);
+	rec->tls_cafile = g_strdup(value);
+
+	value = config_node_get_str(node, "tls_capath", NULL);
+	if (value == NULL)
+		value = config_node_get_str(node, "ssl_capath", NULL);
+	rec->tls_capath = g_strdup(value);
+
+	value = config_node_get_str(node, "tls_ciphers", NULL);
+	if (value == NULL)
+		value = config_node_get_str(node, "ssl_ciphers", NULL);
+	rec->tls_ciphers = g_strdup(value);
+
+	if (rec->tls_cafile || rec->tls_capath)
+		rec->tls_verify = TRUE;
+	if (rec->tls_cert != NULL || rec->tls_verify)
+		rec->use_tls = TRUE;
+
 	rec->port = port;
 	rec->autoconnect = config_node_get_bool(node, "autoconnect", FALSE);
 	rec->no_proxy = config_node_get_bool(node, "no_proxy", FALSE);
@@ -463,14 +491,16 @@ static void server_setup_save(SERVER_SETUP_REC *rec)
 
 	iconfig_node_set_int(node, "port", rec->port);
 	iconfig_node_set_str(node, "password", rec->password);
-	iconfig_node_set_bool(node, "use_ssl", rec->use_ssl);
+
-	iconfig_node_set_str(node, "ssl_cert", rec->ssl_cert);
+	iconfig_node_set_bool(node, "use_tls", rec->use_tls);
-	iconfig_node_set_str(node, "ssl_pkey", rec->ssl_pkey);
+	iconfig_node_set_str(node, "tls_cert", rec->tls_cert);
-	iconfig_node_set_str(node, "ssl_pass", rec->ssl_pass);
+	iconfig_node_set_str(node, "tls_pkey", rec->tls_pkey);
-	iconfig_node_set_bool(node, "ssl_verify", rec->ssl_verify);
+	iconfig_node_set_str(node, "tls_pass", rec->tls_pass);
-	iconfig_node_set_str(node, "ssl_cafile", rec->ssl_cafile);
+	iconfig_node_set_bool(node, "tls_verify", rec->tls_verify);
-	iconfig_node_set_str(node, "ssl_capath", rec->ssl_capath);
+	iconfig_node_set_str(node, "tls_cafile", rec->tls_cafile);
-	iconfig_node_set_str(node, "ssl_ciphers", rec->ssl_ciphers);
+	iconfig_node_set_str(node, "tls_capath", rec->tls_capath);
+	iconfig_node_set_str(node, "tls_ciphers", rec->tls_ciphers);
+
 	iconfig_node_set_str(node, "own_host", rec->own_host);
 
 	iconfig_node_set_str(node, "family",
@@ -514,12 +544,12 @@ static void server_setup_destroy(SERVER_SETUP_REC *rec)
 	g_free_not_null(rec->own_ip6);
 	g_free_not_null(rec->chatnet);
 	g_free_not_null(rec->password);
-	g_free_not_null(rec->ssl_cert);
+	g_free_not_null(rec->tls_cert);
-	g_free_not_null(rec->ssl_pkey);
+	g_free_not_null(rec->tls_pkey);
-	g_free_not_null(rec->ssl_pass);
+	g_free_not_null(rec->tls_pass);
-	g_free_not_null(rec->ssl_cafile);
+	g_free_not_null(rec->tls_cafile);
-	g_free_not_null(rec->ssl_capath);
+	g_free_not_null(rec->tls_capath);
-	g_free_not_null(rec->ssl_ciphers);
+	g_free_not_null(rec->tls_ciphers);
 	g_free(rec->address);
 	g_free(rec);
 }

src/core/servers.c

@@ -219,7 +219,7 @@ static void server_real_connect(SERVER_REC *server, IPADDR *ip,
 		own_ip = IPADDR_IS_V6(ip) ? server->connrec->own_ip6 : server->connrec->own_ip4;
 		port = server->connrec->proxy != NULL ?
 			server->connrec->proxy_port : server->connrec->port;
-		handle = server->connrec->use_ssl ?
+		handle = server->connrec->use_tls ?
 			net_connect_ip_ssl(ip, port, own_ip, server) : net_connect_ip(ip, port, own_ip);
 	} else {
 		handle = net_connect_unix(unix_socket);
@@ -237,7 +237,7 @@ static void server_real_connect(SERVER_REC *server, IPADDR *ip,
 			}
 			server->no_reconnect = TRUE;
 		}
-		if (server->connrec->use_ssl && errno == ENOSYS)
+		if (server->connrec->use_tls && errno == ENOSYS)
 			server->no_reconnect = TRUE;
 
 		server->connection_lost = TRUE;
@@ -245,7 +245,7 @@ static void server_real_connect(SERVER_REC *server, IPADDR *ip,
 		g_free(errmsg2);
 	} else {
 		server->handle = net_sendbuffer_create(handle, 0);
-		if (server->connrec->use_ssl)
+		if (server->connrec->use_tls)
 			server_connect_callback_init_ssl(server, handle);
 		else
 		server->connect_tag =
@@ -622,22 +622,22 @@ void server_connect_unref(SERVER_CONNECT_REC *conn)
 	g_free_not_null(conn->own_ip4);
 	g_free_not_null(conn->own_ip6);
 
-        g_free_not_null(conn->password);
+	g_free_not_null(conn->password);
-        g_free_not_null(conn->nick);
+	g_free_not_null(conn->nick);
-        g_free_not_null(conn->username);
+	g_free_not_null(conn->username);
 	g_free_not_null(conn->realname);
 
-	g_free_not_null(conn->ssl_cert);
+	g_free_not_null(conn->tls_cert);
-	g_free_not_null(conn->ssl_pkey);
+	g_free_not_null(conn->tls_pkey);
-	g_free_not_null(conn->ssl_pass);
+	g_free_not_null(conn->tls_pass);
-	g_free_not_null(conn->ssl_cafile);
+	g_free_not_null(conn->tls_cafile);
-	g_free_not_null(conn->ssl_capath);
+	g_free_not_null(conn->tls_capath);
-	g_free_not_null(conn->ssl_ciphers);
+	g_free_not_null(conn->tls_ciphers);
 
 	g_free_not_null(conn->channels);
-        g_free_not_null(conn->away_reason);
+	g_free_not_null(conn->away_reason);
 
-        conn->type = 0;
+	conn->type = 0;
 	g_free(conn);
 }
 

src/core/session.c

@@ -150,8 +150,7 @@ static void session_save_server(SERVER_REC *server, CONFIG_REC *config,
 
 	node = config_node_section(config, node, NULL, NODE_TYPE_BLOCK);
 
-	config_node_set_str(config, node, "chat_type",
+	config_node_set_str(config, node, "chat_type", chat_protocol_find_id(server->chat_type)->name);
-			    chat_protocol_find_id(server->chat_type)->name);
 	config_node_set_str(config, node, "address", server->connrec->address);
 	config_node_set_int(config, node, "port", server->connrec->port);
 	config_node_set_str(config, node, "chatnet", server->connrec->chatnet);
@@ -159,13 +158,13 @@ static void session_save_server(SERVER_REC *server, CONFIG_REC *config,
 	config_node_set_str(config, node, "nick", server->nick);
 	config_node_set_str(config, node, "version", server->version);
 
-	config_node_set_bool(config, node, "use_ssl", server->connrec->use_ssl);
+	config_node_set_bool(config, node, "use_tls", server->connrec->use_tls);
-	config_node_set_str(config, node, "ssl_cert", server->connrec->ssl_cert);
+	config_node_set_str(config, node, "tls_cert", server->connrec->tls_cert);
-	config_node_set_str(config, node, "ssl_pkey", server->connrec->ssl_pkey);
+	config_node_set_str(config, node, "tls_pkey", server->connrec->tls_pkey);
-	config_node_set_bool(config, node, "ssl_verify", server->connrec->ssl_verify);
+	config_node_set_bool(config, node, "tls_verify", server->connrec->tls_verify);
-	config_node_set_str(config, node, "ssl_cafile", server->connrec->ssl_cafile);
+	config_node_set_str(config, node, "tls_cafile", server->connrec->tls_cafile);
-	config_node_set_str(config, node, "ssl_capath", server->connrec->ssl_capath);
+	config_node_set_str(config, node, "tls_capath", server->connrec->tls_capath);
-	config_node_set_str(config, node, "ssl_ciphers", server->connrec->ssl_ciphers);
+	config_node_set_str(config, node, "tls_ciphers", server->connrec->tls_ciphers);
 
 	handle = g_io_channel_unix_get_fd(net_sendbuffer_handle(server->handle));
 	config_node_set_int(config, node, "handle", handle);

src/fe-common/core/fe-server.c

@@ -154,42 +154,55 @@ static void cmd_server_add_modify(const char *data, gboolean add)
         else if (g_hash_table_lookup(optlist, "4"))
 		rec->family = AF_INET;
 
-	if (g_hash_table_lookup(optlist, "ssl"))
+	if (g_hash_table_lookup(optlist, "tls") || g_hash_table_lookup(optlist, "ssl"))
-		rec->use_ssl = TRUE;
+		rec->use_tls = TRUE;
 
-	value = g_hash_table_lookup(optlist, "ssl_cert");
+	value = g_hash_table_lookup(optlist, "tls_cert");
+	if (value == NULL)
+		value = g_hash_table_lookup(optlist, "ssl_cert");
 	if (value != NULL && *value != '\0')
-		rec->ssl_cert = g_strdup(value);
+		rec->tls_cert = g_strdup(value);
 
-	value = g_hash_table_lookup(optlist, "ssl_pkey");
+	value = g_hash_table_lookup(optlist, "tls_pkey");
+	if (value == NULL)
+		value = g_hash_table_lookup(optlist, "ssl_pkey");
 	if (value != NULL && *value != '\0')
-		rec->ssl_pkey = g_strdup(value);
+		rec->tls_pkey = g_strdup(value);
 
-	value = g_hash_table_lookup(optlist, "ssl_pass");
+	value = g_hash_table_lookup(optlist, "tls_pass");
+	if (value == NULL)
+		value = g_hash_table_lookup(optlist, "ssl_pass");
 	if (value != NULL && *value != '\0')
-		rec->ssl_pass = g_strdup(value);
+		rec->tls_pass = g_strdup(value);
 
-	if (g_hash_table_lookup(optlist, "ssl_verify"))
+	if (g_hash_table_lookup(optlist, "tls_verify") || g_hash_table_lookup(optlist, "ssl_verify"))
-		rec->ssl_verify = TRUE;
+		rec->tls_verify = TRUE;
 
-	value = g_hash_table_lookup(optlist, "ssl_cafile");
+	value = g_hash_table_lookup(optlist, "tls_cafile");
+	if (value == NULL)
+		value = g_hash_table_lookup(optlist, "ssl_cafile");
 	if (value != NULL && *value != '\0')
-		rec->ssl_cafile = g_strdup(value);
+		rec->tls_cafile = g_strdup(value);
 
-	value = g_hash_table_lookup(optlist, "ssl_capath");
+	value = g_hash_table_lookup(optlist, "tls_capath");
+	if (value == NULL)
+		value = g_hash_table_lookup(optlist, "ssl_capath");
 	if (value != NULL && *value != '\0')
-		rec->ssl_capath = g_strdup(value);
+		rec->tls_capath = g_strdup(value);
 
-	value = g_hash_table_lookup(optlist, "ssl_ciphers");
+	value = g_hash_table_lookup(optlist, "tls_ciphers");
+	if (value == NULL)
+		value = g_hash_table_lookup(optlist, "ssl_ciphers");
 	if (value != NULL && *value != '\0')
-		rec->ssl_ciphers = g_strdup(value);
+		rec->tls_ciphers = g_strdup(value);
 
-	if ((rec->ssl_cafile != NULL && rec->ssl_cafile[0] != '\0')
-	||  (rec->ssl_capath != NULL && rec->ssl_capath[0] != '\0'))
-		rec->ssl_verify = TRUE;
 
-	if ((rec->ssl_cert != NULL && rec->ssl_cert[0] != '\0') || rec->ssl_verify == TRUE)
+	if ((rec->tls_cafile != NULL && rec->tls_cafile[0] != '\0')
-		rec->use_ssl = TRUE;
+	||  (rec->tls_capath != NULL && rec->tls_capath[0] != '\0'))
+		rec->tls_verify = TRUE;
+
+	if ((rec->tls_cert != NULL && rec->tls_cert[0] != '\0') || rec->tls_verify == TRUE)
+		rec->use_tls = TRUE;
 
 	if (g_hash_table_lookup(optlist, "auto")) rec->autoconnect = TRUE;
 	if (g_hash_table_lookup(optlist, "noauto")) rec->autoconnect = FALSE;
@@ -409,8 +422,9 @@ void fe_server_init(void)
 	command_bind("server remove", NULL, (SIGNAL_FUNC) cmd_server_remove);
 	command_bind_first("server", NULL, (SIGNAL_FUNC) server_command);
 	command_bind_first("disconnect", NULL, (SIGNAL_FUNC) server_command);
-	command_set_options("server add", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers auto noauto proxy noproxy -host -port noautosendcmd");
+
-	command_set_options("server modify", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers auto noauto proxy noproxy -host -port noautosendcmd");
+	command_set_options("server add", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers auto noauto proxy noproxy -host -port noautosendcmd");
+	command_set_options("server modify", "4 6 !! ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +ssl_ciphers +ssl_fingerprint tls +tls_cert +tls_pkey +tls_pass tls_verify +tls_cafile +tls_capath +tls_ciphers auto noauto proxy noproxy -host -port noautosendcmd");
 
 	signal_add("server looking", (SIGNAL_FUNC) sig_server_looking);
 	signal_add("server connecting", (SIGNAL_FUNC) sig_server_connecting);

src/fe-common/irc/fe-irc-server.c

@@ -108,23 +108,23 @@ static void cmd_server_list(const char *data)
 			g_string_append(str, "autoconnect, ");
 		if (rec->no_proxy)
 			g_string_append(str, "noproxy, ");
-		if (rec->use_ssl) {
+		if (rec->use_tls) {
-			g_string_append(str, "ssl, ");
+			g_string_append(str, "tls, ");
-			if (rec->ssl_cert) {
+			if (rec->tls_cert) {
-				g_string_append_printf(str, "ssl_cert: %s, ", rec->ssl_cert);
+				g_string_append_printf(str, "tls_cert: %s, ", rec->tls_cert);
-				if (rec->ssl_pkey)
+				if (rec->tls_pkey)
-					g_string_append_printf(str, "ssl_pkey: %s, ", rec->ssl_pkey);
+					g_string_append_printf(str, "tls_pkey: %s, ", rec->tls_pkey);
-				if (rec->ssl_pass)
+				if (rec->tls_pass)
 					g_string_append_printf(str, "(pass), ");
 			}
-			if (rec->ssl_verify)
+			if (rec->tls_verify)
-				g_string_append(str, "ssl_verify, ");
+				g_string_append(str, "tls_verify, ");
-			if (rec->ssl_cafile)
+			if (rec->tls_cafile)
-				g_string_append_printf(str, "ssl_cafile: %s, ", rec->ssl_cafile);
+				g_string_append_printf(str, "tls_cafile: %s, ", rec->tls_cafile);
-			if (rec->ssl_capath)
+			if (rec->tls_capath)
-				g_string_append_printf(str, "ssl_capath: %s, ", rec->ssl_capath);
+				g_string_append_printf(str, "tls_capath: %s, ", rec->tls_capath);
-			if (rec->ssl_ciphers)
+			if (rec->tls_ciphers)
-				g_string_append_printf(str, "ssl_ciphers: %s, ", rec->ssl_ciphers);
+				g_string_append_printf(str, "tls_ciphers: %s, ", rec->tls_ciphers);
 
 		}
 		if (rec->max_cmds_at_once > 0)

src/irc/core/irc-servers.c

@@ -310,7 +310,7 @@ SERVER_REC *irc_server_init_connect(SERVER_CONNECT_REC *conn)
 
 	if (server->connrec->port <= 0) {
 		server->connrec->port =
-			server->connrec->use_ssl ? 6697 : 6667;
+			server->connrec->use_tls ? 6697 : 6667;
 	}
 
 	server->cmd_queue_speed = ircconn->cmd_queue_speed > 0 ?
@@ -328,7 +328,7 @@ SERVER_REC *irc_server_init_connect(SERVER_CONNECT_REC *conn)
 		ircconn->max_whois : DEFAULT_MAX_WHOIS;
 	server->max_msgs_in_cmd = ircconn->max_msgs > 0 ?
 		ircconn->max_msgs : DEFAULT_MAX_MSGS;
-	server->connrec->use_ssl = conn->use_ssl;
+	server->connrec->use_tls = conn->use_tls;
 
 	modes_server_init(server);
 

src/perl/perl-common.c

@@ -301,7 +301,8 @@ void perl_connect_fill_hash(HV *hv, SERVER_CONNECT_REC *conn)
 	(void) hv_store(hv, "no_autojoin_channels", 20, newSViv(conn->no_autojoin_channels), 0);
 	(void) hv_store(hv, "no_autosendcmd", 14, newSViv(conn->no_autosendcmd), 0);
 	(void) hv_store(hv, "unix_socket", 11, newSViv(conn->unix_socket), 0);
-	(void) hv_store(hv, "use_ssl", 7, newSViv(conn->use_ssl), 0);
+	(void) hv_store(hv, "use_ssl", 7, newSViv(conn->use_tls), 0);
+	(void) hv_store(hv, "use_tls", 7, newSViv(conn->use_tls), 0);
 	(void) hv_store(hv, "no_connect", 10, newSViv(conn->no_connect), 0);
 }