Warn user of expired cert

[michaelortmann]

Found by: michaelortmann
Patch by: michaelortmann
Fixes:

One-line summary:
Warn user of expired cert

Additional description (if needed):
This is about the cert loaded from config variable ssl-certificate
The check is done when

• the cert is loaded in ssl_init()
• daily
• when a +n owner logs in

Test cases demonstrating functionality (if applicable):

$ ./eggdrop -t BotA.conf 
[...]
WARNING: certificate expired: BotA.crt

### ENTERING DCC CHAT SIMULATION ###
[...]

[thommey]

This is a great idea, and maybe we would want to run this daily and check if it's about to expire soon (within the next 14 days or so) and generate a daily warning for that. But that'd be a different PR, this one is fine with the tiny changes.

[vanosg]

More "good ideas" to add... maybe make this warning when a +n logs in to the partyline? Would be good for more casual users who aren't on the partyline 24/7 and don't check logs

[michaelortmann]

More "good ideas" to add... maybe make this warning when a +n logs in to the partyline? Would be good for more casual users who aren't on the partyline 24/7 and don't check logs

done :)

[vanosg]

With more context for aesthetic review:

Startup:

Loading autoscripts.tcl
Writing channel file...
Userfile loaded, unpacking...
=== testbot: 1 channels, 28 users.

WARNING: SSL/TLS certificate expired.crt expired
You can generate new certificates by running 'make sslcert' from the source directory

Launched into the background  (pid: 1376595)

Partyline:

Commands start with '.' (like '.quit' or '.help')
Everything else goes out to the party line.

WARNING: SSL/TLS certificate expired.crt expired
You can generate new certificates by running 'make sslcert' from the source directory

You have no messages.
*** Geo joined the party line.

[michaelortmann]

Also enhanced openssl autoconf in aclocal.m4, so please run misc/runautotools:

Before:

$ LD_LIBRARY_PATH=/home/michael/opt/openssl-0.9.7m/lib ./configure --with-sslinc=/home/michael/opt/openssl-0.9.7m/include --with-ssllib=/home/michael/opt/openssl-0.9.7m/lib
[...]
checking whether to enable TLS support... yes
checking for openssl/ssl.h... yes
checking for openssl/x509v3.h... yes
checking for X509_digest in -lcrypto... yes
checking for SSL_accept in -lssl... yes
checking for EVP_md5... yes
checking for OPENSSL_buf2hexstr... no
checking for hex_to_string... yes
checking for OPENSSL_hexstr2buf... no
checking for string_to_hex... yes
checking for OpenSSL... yes
checking for ASN1_STRING_get0_data... no
checking for EVP_PKEY_get1_EC_KEY... no
checking for openssl/md5.h... yes
checking for MD5_Init... yes
checking for MD5_Update... yes
checking for MD5_Final... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doc/Makefile
config.status: creating scripts/Makefile
config.status: creating src/Makefile
config.status: creating src/compat/Makefile
config.status: creating src/md5/Makefile
config.status: creating src/mod/Makefile
config.status: creating config.h
config.status: executing eggint.h commands
config.status: creating eggint.h : __EGGINT_H
config.status: executing replace-if-changed commands
creating lush.h
config.status: executing catch-make-rebuild commands

Operating System: Linux 6.9.8-arch1-1
IPv6 Support: yes
Tcl version: 8.6.14 (threaded)
SSL/TLS Support: yes (OpenSSL 0.9.7m 23 Feb 2007)
Threaded DNS core: yes

If you experience any problems compiling Eggdrop, please read the
compile guide, found in doc/COMPILE-GUIDE.

Type 'make config' to configure the modules, or type 'make iconfig'
to interactively choose which modules to compile.

After:

$ LD_LIBRARY_PATH=/home/michael/opt/openssl-0.9.7m/lib ./configure --with-sslinc=/home/michael/opt/openssl-0.9.7m/include --with-ssllib=/home/michael/opt/openssl-0.9.7m/lib
[...]
checking whether to enable TLS support... yes
checking for openssl/ssl.h... yes
checking for openssl/x509v3.h... yes
checking for X509_digest in -lcrypto... yes
checking for SSL_accept in -lssl... yes
checking for EVP_sha1... yes
checking for a2i_IPADDRESS... no
checking for EVP_md5... yes
checking for OPENSSL_buf2hexstr... no
checking for hex_to_string... yes
checking for OPENSSL_hexstr2buf... no
checking for string_to_hex... yes
configure: WARNING: Cannot find OpenSSL library 0.9.8 or newer.
configure: WARNING: Please specify the path to libssl and libcrypto using --with-ssllib=path
checking for OpenSSL... no
* We tried, but couldn't find TLS libraries. If installed, please specify their paths using the configure flags above
* While not recommended, you can continue without TLS protection by specifying the --disable-tls configure flag
configure: error: TLS Libraries not found

[michaelortmann]

Additional test with openssl 0.9.8k was successful:

$ LD_LIBRARY_PATH=/home/michael/opt/openssl-0.9.8k/lib ./eggdrop -t BotA.conf
[...]
WARNING: SSL/TLS certificate BotA.crt expired
You can generate new certificates by running 'make sslcert' from the source directory
[...]
.status
[...]
TLS library: OpenSSL 0.9.8k 25 Mar 2009 (header version OpenSSL 0.9.8k 25 Mar 2009)