Initial work on SSL client support. Lots broken and don't work, but at least I can connect as a SSL client now (but normal clients are broken right at the moment...!)

Will look into this on another day.. Now I'm off to play with UT2003
2002-11-04 08:14:01 +00:00 · 2002-11-04 08:14:01 +00:00 · 8e37f5f5ba
commit 8e37f5f5ba
parent 754b2fe924
25 changed files with 829 additions and 836 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -306,6 +306,7 @@ include/serno.h -text
 include/setup.h.in -text
 include/setup.h_vms -text
 include/sprintf_irc.h -text
+include/ssl.h -text
 include/stdinc.h -text
 include/supported.h -text
 include/tools.h -text
@ -481,6 +482,7 @@ src/scache.c -text
 src/send.c -text
 src/snprintf.c -text
 src/sprintf_irc.c -text
+src/ssl.c -text
 src/tools.c -text
 src/version.c.SH -text
 src/version.com -text
--- a/1
+++ b/1
@ -6,6 +6,7 @@ Symbols are:
 (HP)	- Hybrid Team Patches to Hybrid Source
 * NeoIRCd Version 0.9.6 - 31st Oct (Halloween!), 2002 - Fish
 (HP)	- Hybrid Team Halloween Special :) (No suprises this time!) (RC5 Merge)
+(F)	- Initial Support for SSL connections started

 * NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish
 (S)     - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team
--- a/autoconf/configure.in
+++ b/autoconf/configure.in
@ -1,4 +1,4 @@
-dnl $Id: configure.in,v 1.6 2002/10/23 03:53:21 fishwaldo Exp $
+dnl $Id: configure.in,v 1.7 2002/11/04 08:14:00 fishwaldo Exp $
 dnl Process this file with autoconf to produce a configure script.
 dnl AC_INIT(include/class.h) <- what is this ? -TimeMr14C

@ -391,27 +391,8 @@ int main(void) {

    if test "X$cf_openssl_version_ok" = "Xyes"; then
        AC_MSG_RESULT(ok)
-        dnl Do all the HAVE_LIBCRYPTO magic -- and check for ciphers
-        save_CPPFLAGS="$CPPFLAGS"
-        CPPFLAGS="$CPPFLAGS $SSL_LIBS"
-        AC_CHECK_LIB(crypto, RSA_free)
-        if test "X$ac_cv_lib_crypto_RSA_free" = "Xyes"; then
-            cf_openssl_ciphers=''
-            AC_CHECK_FUNCS(EVP_bf_cfb,
-                cf_openssl_ciphers="${cf_openssl_ciphers}BF/256 BF/128 ")
-            AC_CHECK_FUNCS(EVP_cast5_cfb,
-                cf_openssl_ciphers="${cf_openssl_ciphers}CAST/128 ")
-            AC_CHECK_FUNCS(EVP_idea_cfb,
-                cf_openssl_ciphers="${cf_openssl_ciphers}IDEA/128 ")
-            AC_CHECK_FUNCS(EVP_rc5_32_12_16_cfb,
-                cf_openssl_ciphers="${cf_openssl_ciphers}RC5.16/128 RC5.12/128 RC5.8/128 ")
-            AC_CHECK_FUNCS(EVP_des_ede3_cfb,
-                cf_openssl_ciphers="${cf_openssl_ciphers}3DES/168 ")
-            AC_CHECK_FUNCS(EVP_des_cfb,
-                cf_openssl_ciphers="${cf_openssl_ciphers}DES/56 ")
-        fi
-        CPPFLAGS="$save_CPPFLAGS"
-        SSL_LIBS="$SSL_LIBS -lcrypto"
+        AC_DEFINE(USE_SSL)
+        SSL_LIBS="$SSL_LIBS -lcrypto -lssl"
    else
        AC_MSG_RESULT(no - OpenSSL support disabled)
    fi
@ -575,12 +556,12 @@ esac

 dnl Enable RT sigio - linux only
 AC_ARG_ENABLE(rtsigio,
-[  --enable-rtsigio             Enable SIGIO with RT Signals(Linux only).
+[  --enable-rtsigio             Enable SIGIO with RT Signals(Linux only) (UNSTABLE!).
  --disable-rtsigio            Disable SIGIO with RT Signals(Linux only). ],
 [
  case "$enableval" in
  yes)
-    echo "Forcing Linux RT Sigio to be enabled"
+    echo "Forcing Linux RT Sigio to be enabled (UNSTABLE)"
    ac_cv_func_rtsigio="yes"
    ;;
  no)
@ -625,6 +606,7 @@ if test "$SELECT_TYPE" != "kqueue" ; then
 	elif test "$ac_cv_func_rtsigio" = "yes" ; then
 		SELECT_TYPE="sigio"
 		AC_DEFINE(USE_SIGIO)
+		AC_MSG_WARN(***rtsigio might be unstable on your machine***)
 	elif test "$ac_cv_func_poll" = "yes" ; then
                SELECT_TYPE="poll"
                AC_DEFINE(USE_POLL)
@ -997,12 +979,5 @@ AC_OUTPUT(                      \
 help/Makefile                  \
 )

-if test "X${cf_openssl_ciphers}" != "X"; then
-  echo ""
-  echo "Available cryptlinks ciphers:"
-  echo ""
-  echo "${cf_openssl_ciphers}"
-  echo ""
-fi

 AC_MSG_RESULT("Server is configured with NICKLEN=$ac_cv_nicklen and MAX_CLIENTS=$ac_cv_maxclients")
--- a/542
+++ b/542
@ -841,7 +841,7 @@ Optional Features:
  --disable-kqueue             Disable kqueue() support.
  --enable-devpoll             Enable /dev/poll support.
  --disable-devpoll            Disable /dev/poll support.
-  --enable-rtsigio             Enable SIGIO with RT Signals(Linux only).
+  --enable-rtsigio             Enable SIGIO with RT Signals(Linux only) (UNSTABLE!).
  --disable-rtsigio            Disable SIGIO with RT Signals(Linux only).
  --enable-ipv6                Enable IPV6 support.
  --disable-ipv6               Disable IPV6 support.
@ -5424,534 +5424,11 @@ fi
    if test "X$cf_openssl_version_ok" = "Xyes"; then
        echo "$as_me:$LINENO: result: ok" >&5
 echo "${ECHO_T}ok" >&6
-                save_CPPFLAGS="$CPPFLAGS"
-        CPPFLAGS="$CPPFLAGS $SSL_LIBS"
-
-echo "$as_me:$LINENO: checking for RSA_free in -lcrypto" >&5
-echo $ECHO_N "checking for RSA_free in -lcrypto... $ECHO_C" >&6
-if test "${ac_cv_lib_crypto_RSA_free+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypto  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char RSA_free ();
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-RSA_free ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_crypto_RSA_free=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_crypto_RSA_free=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_RSA_free" >&5
-echo "${ECHO_T}$ac_cv_lib_crypto_RSA_free" >&6
-if test $ac_cv_lib_crypto_RSA_free = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBCRYPTO 1
+        cat >>confdefs.h <<\_ACEOF
+#define USE_SSL 1
 _ACEOF

-  LIBS="-lcrypto $LIBS"
-
-fi
-
-        if test "X$ac_cv_lib_crypto_RSA_free" = "Xyes"; then
-            cf_openssl_ciphers=''
-
-for ac_func in EVP_bf_cfb
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
- cf_openssl_ciphers="${cf_openssl_ciphers}BF/256 BF/128 "
-fi
-done
-
-
-for ac_func in EVP_cast5_cfb
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
- cf_openssl_ciphers="${cf_openssl_ciphers}CAST/128 "
-fi
-done
-
-
-for ac_func in EVP_idea_cfb
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
- cf_openssl_ciphers="${cf_openssl_ciphers}IDEA/128 "
-fi
-done
-
-
-for ac_func in EVP_rc5_32_12_16_cfb
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
- cf_openssl_ciphers="${cf_openssl_ciphers}RC5.16/128 RC5.12/128 RC5.8/128 "
-fi
-done
-
-
-for ac_func in EVP_des_ede3_cfb
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
- cf_openssl_ciphers="${cf_openssl_ciphers}3DES/168 "
-fi
-done
-
-
-for ac_func in EVP_des_cfb
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-#  ifdef __cplusplus
-     extern "C"
-#  endif
-   int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
- cf_openssl_ciphers="${cf_openssl_ciphers}DES/56 "
-fi
-done
-
-        fi
-        CPPFLAGS="$save_CPPFLAGS"
-        SSL_LIBS="$SSL_LIBS -lcrypto"
+        SSL_LIBS="$SSL_LIBS -lcrypto -lssl"
    else
        echo "$as_me:$LINENO: result: no - OpenSSL support disabled" >&5
 echo "${ECHO_T}no - OpenSSL support disabled" >&6
@ -6398,7 +5875,7 @@ if test "${enable_rtsigio+set}" = set; then

  case "$enableval" in
  yes)
-    echo "Forcing Linux RT Sigio to be enabled"
+    echo "Forcing Linux RT Sigio to be enabled (UNSTABLE)"
    ac_cv_func_rtsigio="yes"
    ;;
  no)
@ -6740,6 +6217,8 @@ _ACEOF
 #define USE_SIGIO 1
 _ACEOF

+		{ echo "$as_me:$LINENO: WARNING: ***rtsigio might be unstable on your machine***" >&5
+echo "$as_me: WARNING: ***rtsigio might be unstable on your machine***" >&2;}
 	elif test "$ac_cv_func_poll" = "yes" ; then
                SELECT_TYPE="poll"
                cat >>confdefs.h <<\_ACEOF
@ -9408,13 +8887,6 @@ if test "$no_create" != yes; then
 fi


-if test "X${cf_openssl_ciphers}" != "X"; then
-  echo ""
-  echo "Available cryptlinks ciphers:"
-  echo ""
-  echo "${cf_openssl_ciphers}"
-  echo ""
-fi

 echo "$as_me:$LINENO: result: \"Server is configured with NICKLEN=$ac_cv_nicklen and MAX_CLIENTS=$ac_cv_maxclients\"" >&5
 echo "${ECHO_T}\"Server is configured with NICKLEN=$ac_cv_nicklen and MAX_CLIENTS=$ac_cv_maxclients\"" >&6
--- a/include/client.h
+++ b/include/client.h
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: client.h,v 1.10 2002/10/31 13:01:54 fishwaldo Exp $
+ *  $Id: client.h,v 1.11 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #ifndef INCLUDED_client_h
@ -30,12 +30,19 @@
 #if !defined(CONFIG_H_LEVEL_7)
 #error Incorrect config.h for this revision of ircd.
 #endif
+#include "common.h"
+#include "stdinc.h"
+#include "ircd_defs.h"
+

 #include "ircd_defs.h"
 #include "ircd_handler.h"
 #include "linebuf.h"
 #include "channel.h"
 #include "res.h"
+
+
+
 #ifdef IPV6
 #define HOSTIPLEN	53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */
 #else
@ -222,6 +229,10 @@ struct LocalUser
  time_t            first_received_message_time;
  int               received_number_of_privmsgs;
  int               flood_noticed;
+#ifdef USE_SSL
+  SSL		    *ssl;	/* clients SSL info, if ssl client */
+  struct X509		    *ssl_cert;   /* clients SSL cert info, if ssl client */
+#endif

  /* Send and receive linebuf queues .. */
  buf_head_t        buf_sendq;
@ -277,6 +288,7 @@ struct LocalUser
  char              out_key[CIPHERKEYLEN];
 #endif

+
  int               fd;         /* >= 0, for local clients */
 #ifndef HAVE_SOCKETPAIR
  int               fd_r;       /* fd for reading */
@ -396,6 +408,7 @@ struct LocalUser
 #define FLAGS_SERVLINK     0x10000 /* servlink has servlink process */
 #define FLAGS_MARK	   0x20000 /* marked client */
 #define FLAGS_CANFLOOD	   0x40000 /* client has the ability to flood */
+#define FLAGS_SSL	   0x80000 /* client is connected via SSL */
 /* umodes, settable flags */

 #define FLAGS_SERVNOTICE   0x0001 /* server notices such as kill */
@ -455,6 +468,7 @@ struct LocalUser
 #define FLAGS2_CBURST		0x10000  /* connection burst being sent */
 #define FLAGS2_PING_COOKIE	0x20000		/* PING Cookie */
 #define FLAGS2_IDLE_LINED       0x40000
+#define FLAGS2_SSLOK		0x80000	 /* ssl connection is established */
 #define FLAGS2_FLOODDONE        0x200000      /* Flood grace period has
                                               * been ended. */

@ -501,6 +515,10 @@ struct LocalUser
 #define SetCanFlood(x)		((x)->flags |= FLAGS_CANFLOOD)
 #define ClearCanFlood(x)	((x)->flags &= FLAGS_CANFLOOD)
 #define IsCanFlood(x)		((x)->flags & FLAGS_CANFLOOD)
+#define SetSSL(x)		((x)->flags |= FLAGS_SSL)
+#define IsSSL(x)		((x)->flags & FLAGS_SSL)
+#define SetSSLOK(x)		((x)->flags2 |= FLAGS2_SSLOK)
+#define IsSSLOK(x)		((x)->flags2 & FLAGS2_SSLOK)


 /* oper flags */
--- a/include/linebuf.h
+++ b/include/linebuf.h
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: linebuf.h,v 1.3 2002/09/13 06:50:06 fishwaldo Exp $
+ *  $Id: linebuf.h,v 1.4 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #ifndef __LINEBUF_H__
@ -77,7 +77,11 @@ extern int linebuf_parse(buf_head_t *, char *, int, int);
 extern int linebuf_get(buf_head_t *, char *, int, int, int);
 extern void linebuf_putmsg(buf_head_t *, const char *, va_list *,
                           const char *, ...);
+#ifdef USE_SSL
+extern int linebuf_flush(int, buf_head_t *, SSL *);
+#else
 extern int linebuf_flush(int, buf_head_t *);
+#endif
 extern void linebuf_attach(buf_head_t *, buf_head_t *);
 extern void count_linebuf_memory(int *, u_long *);
 #endif
--- a/include/listener.h
+++ b/include/listener.h
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: listener.h,v 1.3 2002/09/13 06:50:06 fishwaldo Exp $
+ *  $Id: listener.h,v 1.4 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #ifndef INCLUDED_listener_h
@ -35,6 +35,7 @@ struct Listener {
  int              fd;                 /* file descriptor */
  int              port;               /* listener IP port */
  int              ref_count;          /* number of connection references */
+  int		   isssl;	       /* is it a ssl port? */
  int              active;             /* current state of listener */
  int              index;              /* index into poll array */
  time_t           last_accept;        /* last time listener accepted */
@ -47,7 +48,9 @@ struct Listener {
  char             vhost[HOSTLEN + 1]; /* virtual name of listener */
 };

-extern void        add_listener(int port, const char* vaddr_ip);
+#define IsPSSL(x)	((x)->isssl & 1)
+
+extern void        add_listener(int port, int isssl, const char* vaddr_ip);
 extern void        close_listener(struct Listener* listener);
 extern void        close_listeners(void);
 extern const char* get_listener_name(const struct Listener* listener);
--- a/include/setup.h.in
+++ b/include/setup.h.in
@ -196,3 +196,7 @@

 /* Define if you have the backtrace call */
 #undef HAVE_BACKTRACE
+
+/* Define if you are using SSL */
+#undef USE_SSL
+
--- a/include/ssl.h
+++ b/include/ssl.h
@ -0,0 +1,49 @@
+/*
+ *  NeoIRCd: NeoStats Group. Based on Hybird7
+ *  ssl.h: The ssl header.
+ *
+ *  Copyright (C) 2002 by the past and present ircd coders, and others.
+ *  Originally from Ultimate3, modified to work with NeoIRCd
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
+ *  USA
+ *
+ *  $Id: ssl.h,v 1.1 2002/11/04 08:14:00 fishwaldo Exp $
+ */
+
+#ifndef SSL_H
+#define SSL_H
+
+#ifdef USE_SSL
+#include <stdio.h>
+#include <sys/types.h>
+#include <stddef.h>
+#include <openssl/rsa.h>       /* OpenSSL stuff */
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include "client.h"
+
+
+int safe_SSL_read(struct Client *, void *, int);
+int safe_SSL_write(struct Client *, const void *, int);
+int safe_SSL_accept(struct Client *, int);
+int SSL_smart_shutdown(struct Client *);
+int initssl(void);
+
+#endif
+#endif
--- a/include/stdinc.h
+++ b/include/stdinc.h
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- * $Id: stdinc.h,v 1.3 2002/09/13 06:50:06 fishwaldo Exp $
+ * $Id: stdinc.h,v 1.4 2002/11/04 08:14:00 fishwaldo Exp $
 *
 */
 
@ -99,3 +99,7 @@ extern int errno;
 #ifdef VMS
 #include <sys/ioctl.h>
 #endif
+
+#ifdef USE_SSL
+#include <openssl/ssl.h>
+#endif
--- a/servlink/servlink.c
+++ b/servlink/servlink.c
@ -15,7 +15,7 @@
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
- *   $Id: servlink.c,v 1.2 2002/08/13 14:45:12 fishwaldo Exp $
+ *   $Id: servlink.c,v 1.3 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #include "setup.h"                                                   
@ -29,6 +29,7 @@
 #include <unistd.h>
 #include <fcntl.h>

+
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/evp.h>
 #include <openssl/err.h>
--- a/src/.depend
+++ b/src/.depend
@ -3,54 +3,58 @@ adns.o: adns.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/ircd_defs.h ../adns/adns.h ../include/ircd.h \
  ../include/tools.h ../include/memory.h ../include/balloc.h \
  ../include/irc_string.h ../include/sprintf_irc.h ../include/send.h \
-  ../include/s_conf.h ../include/motd.h ../include/class.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/channel.h ../include/s_bsd.h ../include/fdlist.h \
-  ../include/s_log.h ../include/event.h ../include/numeric.h \
-  ../adns/internal.h ../adns/dlist.h
+  ../include/ssl.h ../include/s_conf.h ../include/motd.h \
+  ../include/class.h ../include/client.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h ../include/s_bsd.h \
+  ../include/fdlist.h ../include/s_log.h ../include/event.h \
+  ../include/numeric.h ../adns/internal.h ../adns/dlist.h
 balloc.o: balloc.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/ircd_defs.h \
  ../include/ircd.h ../include/tools.h ../include/memory.h \
  ../include/balloc.h ../include/irc_string.h ../include/s_log.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/channel.h ../include/res.h ../include/fileio.h \
-  ../adns/adns.h ../include/sprintf_irc.h ../include/fdlist.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h ../include/res.h \
+  ../include/fileio.h ../adns/adns.h ../include/sprintf_irc.h \
+  ../include/fdlist.h
 channel.o: channel.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/channel.h ../include/ircd_defs.h ../include/channel_mode.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/hash.h \
-  ../include/list.h ../include/numeric.h ../include/s_serv.h \
-  ../include/s_user.h ../include/send.h ../include/whowas.h \
-  ../include/s_conf.h ../include/motd.h ../include/class.h \
-  ../include/event.h ../include/resv.h ../include/s_log.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/hash.h ../include/list.h \
+  ../include/numeric.h ../include/s_serv.h ../include/s_user.h \
+  ../include/send.h ../include/whowas.h ../include/s_conf.h \
+  ../include/motd.h ../include/class.h ../include/event.h \
+  ../include/resv.h ../include/s_log.h
 channel_mode.o: channel_mode.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/channel.h ../include/ircd_defs.h ../include/channel_mode.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/hash.h \
-  ../include/list.h ../include/numeric.h ../include/s_serv.h \
-  ../include/s_user.h ../include/send.h ../include/whowas.h \
-  ../include/s_conf.h ../include/motd.h ../include/class.h \
-  ../include/event.h ../include/s_log.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/hash.h ../include/list.h \
+  ../include/numeric.h ../include/s_serv.h ../include/s_user.h \
+  ../include/send.h ../include/whowas.h ../include/s_conf.h \
+  ../include/motd.h ../include/class.h ../include/event.h \
+  ../include/s_log.h
 class.o: class.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
-  ../include/class.h ../include/client.h ../include/ircd_defs.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/list.h \
-  ../include/numeric.h ../include/s_conf.h ../include/motd.h \
-  ../include/send.h ../include/s_debug.h
+  ../include/class.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_defs.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/list.h ../include/numeric.h \
+  ../include/s_conf.h ../include/motd.h ../include/send.h \
+  ../include/s_debug.h
 client.o: client.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
-  ../include/client.h ../include/ircd_defs.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/channel.h ../include/res.h \
-  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/client.h ../include/ssl.h ../include/ircd_defs.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
+  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/class.h ../include/channel_mode.h \
  ../include/common.h ../include/event.h ../include/fdlist.h \
@ -65,40 +69,40 @@ dynlink.o: dynlink.c ../include/stdinc.h ../include/config.h \
  ../include/parse.h ../include/ircd_handler.h ../include/msg.h \
  ../include/memory.h ../include/ircd_defs.h ../include/balloc.h \
  ../include/tools.h ../include/s_log.h ../include/client.h \
-  ../include/linebuf.h ../include/channel.h ../include/res.h \
-  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/ssl.h ../include/linebuf.h ../include/channel.h \
+  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/irc_string.h ../include/sprintf_irc.h ../include/send.h
 event.o: event.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/ircd.h \
  ../include/tools.h ../include/memory.h ../include/ircd_defs.h \
  ../include/balloc.h ../include/event.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h \
-  ../include/irc_string.h ../include/sprintf_irc.h ../include/send.h \
-  ../include/s_log.h
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/send.h ../include/s_log.h
 fdlist.o: fdlist.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/fdlist.h \
  ../include/ircd_defs.h ../include/res.h ../include/fileio.h \
  ../adns/adns.h ../include/ircd.h ../include/tools.h ../include/memory.h \
  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/channel.h ../include/event.h ../include/s_bsd.h \
-  ../include/send.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h ../include/event.h \
+  ../include/s_bsd.h ../include/send.h
 fileio.o: fileio.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/fileio.h \
-  ../include/irc_string.h ../include/client.h ../include/ircd_defs.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
-  ../include/channel.h ../include/res.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/sprintf_irc.h \
-  ../include/send.h ../include/fdlist.h
+  ../include/irc_string.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_defs.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/tools.h ../include/channel.h ../include/res.h ../adns/adns.h \
+  ../include/ircd.h ../include/memory.h ../include/balloc.h \
+  ../include/sprintf_irc.h ../include/send.h ../include/fdlist.h
 getopt.o: getopt.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/ircd_getopt.h
 hash.o: hash.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/tools.h ../include/s_conf.h \
  ../include/fileio.h ../include/ircd_defs.h ../include/motd.h \
-  ../include/class.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/channel.h ../include/res.h \
-  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/class.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
+  ../include/res.h ../adns/adns.h ../include/ircd.h ../include/memory.h \
  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
  ../include/common.h ../include/hash.h ../include/resv.h \
  ../include/numeric.h ../include/send.h ../include/s_debug.h \
@ -111,125 +115,131 @@ hostmask.o: hostmask.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/memory.h \
  ../include/ircd_defs.h ../include/balloc.h ../include/tools.h \
  ../include/s_conf.h ../include/fileio.h ../include/motd.h \
-  ../include/class.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/channel.h ../include/res.h \
-  ../adns/adns.h ../include/ircd.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/hostmask.h ../include/numeric.h \
-  ../include/send.h
+  ../include/class.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
+  ../include/res.h ../adns/adns.h ../include/ircd.h \
+  ../include/irc_string.h ../include/sprintf_irc.h ../include/hostmask.h \
+  ../include/numeric.h ../include/send.h
 irc_string.o: irc_string.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
-  ../include/irc_string.h ../include/client.h ../include/ircd_defs.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/sprintf_irc.h \
-  ../include/list.h
+  ../include/irc_string.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_defs.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/sprintf_irc.h ../include/list.h
 ircd.o: ircd.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/tools.h ../include/ircd.h \
  ../include/memory.h ../include/ircd_defs.h ../include/balloc.h \
  ../include/channel.h ../include/channel_mode.h ../include/class.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h \
-  ../include/irc_string.h ../include/sprintf_irc.h ../include/common.h \
-  ../include/event.h ../include/fdlist.h ../include/hash.h \
-  ../include/ircdauth.h ../include/ircd_signal.h ../include/list.h \
-  ../include/s_gline.h ../include/motd.h ../include/md5.h \
-  ../include/msg.h ../include/hostmask.h ../include/numeric.h \
-  ../include/parse.h ../include/restart.h ../include/s_auth.h \
-  ../include/s_bsd.h ../include/s_conf.h ../include/s_debug.h \
-  ../include/s_log.h ../include/s_misc.h ../include/s_serv.h \
-  ../include/s_stats.h ../include/scache.h ../include/send.h \
-  ../include/whowas.h ../include/modules.h ../include/hook.h \
-  ../include/ircd_getopt.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/event.h ../include/fdlist.h \
+  ../include/hash.h ../include/ircdauth.h ../include/ircd_signal.h \
+  ../include/list.h ../include/s_gline.h ../include/motd.h \
+  ../include/md5.h ../include/msg.h ../include/hostmask.h \
+  ../include/numeric.h ../include/parse.h ../include/restart.h \
+  ../include/s_auth.h ../include/s_bsd.h ../include/s_conf.h \
+  ../include/s_debug.h ../include/s_log.h ../include/s_misc.h \
+  ../include/s_serv.h ../include/s_stats.h ../include/scache.h \
+  ../include/send.h ../include/whowas.h ../include/modules.h \
+  ../include/hook.h ../include/ircd_getopt.h
 ircd_signal.o: ircd_signal.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/ircd_signal.h \
  ../include/ircd.h ../include/tools.h ../include/memory.h \
  ../include/ircd_defs.h ../include/balloc.h ../include/restart.h \
  ../include/s_log.h ../include/s_bsd.h ../include/fdlist.h \
  ../include/res.h ../include/fileio.h ../adns/adns.h \
-  ../include/irc_string.h ../include/sprintf_irc.h
+  ../include/irc_string.h ../include/sprintf_irc.h ../include/send.h \
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h
 kdparse.o: kdparse.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/s_log.h ../include/s_conf.h ../include/fileio.h \
  ../include/ircd_defs.h ../include/motd.h ../include/class.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/channel.h ../include/res.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/hostmask.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h ../include/res.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/hostmask.h
 linebuf.o: linebuf.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
-  ../include/client.h ../include/ircd_defs.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/channel.h ../include/res.h \
-  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/client.h ../include/ssl.h ../include/ircd_defs.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
+  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/event.h ../include/list.h \
  ../include/hook.h
 list.o: list.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/tools.h ../include/channel.h \
  ../include/ircd_defs.h ../include/class.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/res.h \
-  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/common.h ../include/list.h \
  ../include/hostmask.h ../include/numeric.h ../include/restart.h \
  ../include/s_log.h ../include/send.h
 listener.o: listener.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/listener.h \
-  ../include/ircd_defs.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/fdlist.h ../include/numeric.h \
-  ../include/s_bsd.h ../include/s_conf.h ../include/motd.h \
-  ../include/class.h ../include/s_stats.h ../include/send.h
+  ../include/ircd_defs.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/fdlist.h ../include/numeric.h ../include/s_bsd.h \
+  ../include/s_conf.h ../include/motd.h ../include/class.h \
+  ../include/s_stats.h ../include/send.h
 m_error.o: m_error.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/handlers.h \
-  ../include/client.h ../include/ircd_defs.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/numeric.h \
-  ../include/send.h ../include/s_debug.h ../include/msg.h \
-  ../include/s_log.h
+  ../include/client.h ../include/ssl.h ../include/ircd_defs.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/numeric.h ../include/send.h \
+  ../include/s_debug.h ../include/msg.h ../include/s_log.h
 match.o: match.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/irc_string.h \
-  ../include/client.h ../include/ircd_defs.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/sprintf_irc.h
+  ../include/client.h ../include/ssl.h ../include/ircd_defs.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/sprintf_irc.h
 md5.o: md5.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/memory.h ../include/ircd_defs.h \
  ../include/balloc.h ../include/tools.h ../include/s_log.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/channel.h ../include/res.h ../include/fileio.h \
-  ../adns/adns.h ../include/ircd.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/md5.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h ../include/res.h \
+  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/irc_string.h ../include/sprintf_irc.h ../include/md5.h
 memory.o: memory.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/ircd_defs.h \
  ../include/ircd.h ../include/tools.h ../include/memory.h \
  ../include/balloc.h ../include/irc_string.h ../include/list.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/channel.h ../include/res.h ../include/fileio.h \
-  ../adns/adns.h ../include/sprintf_irc.h ../include/send.h \
-  ../include/s_log.h ../include/restart.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h ../include/res.h \
+  ../include/fileio.h ../adns/adns.h ../include/sprintf_irc.h \
+  ../include/send.h ../include/s_log.h ../include/restart.h
 modules.o: modules.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/modules.h \
  ../include/parse.h ../include/ircd_handler.h ../include/msg.h \
  ../include/memory.h ../include/ircd_defs.h ../include/balloc.h \
  ../include/tools.h ../include/s_log.h ../include/ircd.h \
-  ../include/client.h ../include/linebuf.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h \
-  ../include/irc_string.h ../include/sprintf_irc.h ../include/send.h \
-  ../include/s_conf.h ../include/motd.h ../include/class.h \
-  ../include/handlers.h ../include/numeric.h ../include/list.h
+  ../include/client.h ../include/ssl.h ../include/linebuf.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/send.h ../include/s_conf.h ../include/motd.h \
+  ../include/class.h ../include/handlers.h ../include/numeric.h \
+  ../include/list.h
 motd.o: motd.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/tools.h ../include/motd.h \
  ../include/ircd_defs.h ../include/ircd.h ../include/memory.h \
  ../include/balloc.h ../include/fdlist.h ../include/res.h \
  ../include/fileio.h ../adns/adns.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/s_bsd.h ../include/s_conf.h \
-  ../include/class.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/channel.h ../include/send.h \
-  ../include/numeric.h
+  ../include/class.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
+  ../include/send.h ../include/numeric.h
 numeric.o: numeric.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/numeric.h \
  ../include/irc_string.h ../include/common.h ../include/memory.h \
@ -241,29 +251,31 @@ packet.o: packet.c ../include/stdinc.h ../include/config.h \
  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/s_conf.h ../include/motd.h \
-  ../include/class.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/channel.h ../include/s_serv.h \
-  ../include/common.h ../include/list.h ../include/parse.h \
-  ../include/packet.h ../include/hook.h ../include/send.h
+  ../include/class.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
+  ../include/s_serv.h ../include/common.h ../include/list.h \
+  ../include/parse.h ../include/packet.h ../include/hook.h \
+  ../include/send.h
 parse.o: parse.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/parse.h \
-  ../include/client.h ../include/ircd_defs.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/handlers.h ../include/common.h \
-  ../include/hash.h ../include/numeric.h ../include/s_log.h \
-  ../include/s_stats.h ../include/send.h ../include/s_debug.h \
-  ../include/msg.h ../include/s_conf.h ../include/motd.h \
-  ../include/class.h ../include/s_serv.h
+  ../include/client.h ../include/ssl.h ../include/ircd_defs.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/handlers.h ../include/common.h ../include/hash.h \
+  ../include/numeric.h ../include/s_log.h ../include/s_stats.h \
+  ../include/send.h ../include/s_debug.h ../include/msg.h \
+  ../include/s_conf.h ../include/motd.h ../include/class.h \
+  ../include/s_serv.h
 rsa.o: rsa.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/memory.h ../include/ircd_defs.h \
  ../include/balloc.h ../include/tools.h ../include/rsa.h \
  ../include/s_conf.h ../include/fileio.h ../include/motd.h \
-  ../include/class.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/channel.h ../include/res.h \
-  ../adns/adns.h ../include/ircd.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/s_log.h
+  ../include/class.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
+  ../include/res.h ../adns/adns.h ../include/ircd.h \
+  ../include/irc_string.h ../include/sprintf_irc.h ../include/s_log.h
 restart.o: restart.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/restart.h ../include/common.h ../include/fdlist.h \
@ -271,8 +283,8 @@ restart.o: restart.c ../include/stdinc.h ../include/config.h \
  ../adns/adns.h ../include/ircd.h ../include/memory.h \
  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
  ../include/send.h ../include/s_debug.h ../include/s_log.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/channel.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/channel.h
 resv.o: resv.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/tools.h ../include/restart.h \
  ../include/common.h ../include/fdlist.h ../include/ircd_defs.h \
@ -280,8 +292,8 @@ resv.o: resv.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/send.h ../include/s_debug.h \
  ../include/numeric.h ../include/s_log.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/resv.h ../include/hash.h
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/resv.h ../include/hash.h
 s_auth.o: s_auth.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/list.h ../include/memory.h ../include/ircd_defs.h \
@ -289,24 +301,24 @@ s_auth.o: s_auth.c ../include/stdinc.h ../include/config.h \
  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/irc_string.h ../include/sprintf_irc.h ../include/s_conf.h \
  ../include/motd.h ../include/class.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/common.h ../include/event.h ../include/fdlist.h \
-  ../include/ircdauth.h ../include/numeric.h ../include/packet.h \
-  ../include/s_bsd.h ../include/s_log.h ../include/s_stats.h \
-  ../include/send.h
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/common.h ../include/event.h \
+  ../include/fdlist.h ../include/ircdauth.h ../include/numeric.h \
+  ../include/packet.h ../include/s_bsd.h ../include/s_log.h \
+  ../include/s_stats.h ../include/send.h
 s_bsd.o: s_bsd.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/fdlist.h \
  ../include/ircd_defs.h ../include/res.h ../include/fileio.h \
  ../adns/adns.h ../include/ircd.h ../include/tools.h ../include/memory.h \
  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
  ../include/s_bsd.h ../include/class.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/common.h ../include/event.h ../include/ircdauth.h \
-  ../include/list.h ../include/listener.h ../include/numeric.h \
-  ../include/packet.h ../include/restart.h ../include/s_auth.h \
-  ../include/s_conf.h ../include/motd.h ../include/s_log.h \
-  ../include/s_serv.h ../include/s_stats.h ../include/send.h \
-  ../include/s_debug.h
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/common.h ../include/event.h \
+  ../include/ircdauth.h ../include/list.h ../include/listener.h \
+  ../include/numeric.h ../include/packet.h ../include/restart.h \
+  ../include/s_auth.h ../include/s_conf.h ../include/motd.h \
+  ../include/s_log.h ../include/s_serv.h ../include/s_stats.h \
+  ../include/send.h ../include/s_debug.h
 s_bsd_kqueue.o: s_bsd_kqueue.c ../include/config.h ../include/setup.h \
  ../include/defaults.h
 s_bsd_poll.o: s_bsd_poll.c ../include/config.h ../include/setup.h \
@ -315,12 +327,13 @@ s_bsd_poll.o: s_bsd_poll.c ../include/config.h ../include/setup.h \
  ../adns/adns.h ../include/ircd.h ../include/tools.h ../include/memory.h \
  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
  ../include/s_bsd.h ../include/class.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/common.h ../include/ircdauth.h ../include/list.h \
-  ../include/listener.h ../include/numeric.h ../include/packet.h \
-  ../include/restart.h ../include/s_auth.h ../include/s_conf.h \
-  ../include/motd.h ../include/s_log.h ../include/s_serv.h \
-  ../include/s_stats.h ../include/send.h ../include/s_debug.h
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/common.h ../include/ircdauth.h \
+  ../include/list.h ../include/listener.h ../include/numeric.h \
+  ../include/packet.h ../include/restart.h ../include/s_auth.h \
+  ../include/s_conf.h ../include/motd.h ../include/s_log.h \
+  ../include/s_serv.h ../include/s_stats.h ../include/send.h \
+  ../include/s_debug.h
 s_bsd_select.o: s_bsd_select.c ../include/config.h ../include/setup.h \
  ../include/defaults.h
 s_bsd_devpoll.o: s_bsd_devpoll.c ../include/config.h ../include/setup.h \
@ -331,63 +344,63 @@ s_conf.o: s_conf.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/ircd_defs.h \
  ../include/tools.h ../include/s_conf.h ../include/fileio.h \
  ../include/motd.h ../include/class.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
-  ../include/res.h ../adns/adns.h ../include/ircd.h ../include/memory.h \
-  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
-  ../include/s_serv.h ../include/resv.h ../include/s_stats.h \
-  ../include/common.h ../include/event.h ../include/hash.h \
-  ../include/list.h ../include/listener.h ../include/hostmask.h \
-  ../include/modules.h ../include/parse.h ../include/msg.h \
-  ../include/numeric.h ../include/fdlist.h ../include/s_bsd.h \
-  ../include/s_log.h ../include/send.h ../include/s_gline.h \
-  ../include/s_debug.h
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/channel.h ../include/res.h ../adns/adns.h ../include/ircd.h \
+  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
+  ../include/sprintf_irc.h ../include/s_serv.h ../include/resv.h \
+  ../include/s_stats.h ../include/common.h ../include/event.h \
+  ../include/hash.h ../include/list.h ../include/listener.h \
+  ../include/hostmask.h ../include/modules.h ../include/parse.h \
+  ../include/msg.h ../include/numeric.h ../include/fdlist.h \
+  ../include/s_bsd.h ../include/s_log.h ../include/send.h \
+  ../include/s_gline.h ../include/s_debug.h
 s_debug.o: s_debug.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/s_debug.h ../include/channel.h ../include/ircd_defs.h \
-  ../include/class.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/res.h ../include/fileio.h \
-  ../adns/adns.h ../include/ircd.h ../include/memory.h \
-  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
-  ../include/common.h ../include/fdlist.h ../include/hash.h \
-  ../include/list.h ../include/numeric.h ../include/s_conf.h \
-  ../include/motd.h ../include/s_log.h ../include/scache.h \
-  ../include/send.h ../include/whowas.h
+  ../include/class.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/res.h \
+  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
+  ../include/sprintf_irc.h ../include/common.h ../include/fdlist.h \
+  ../include/hash.h ../include/list.h ../include/numeric.h \
+  ../include/s_conf.h ../include/motd.h ../include/s_log.h \
+  ../include/scache.h ../include/send.h ../include/whowas.h
 s_gline.o: s_gline.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/handlers.h ../include/channel.h ../include/ircd_defs.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/m_kline.h \
-  ../include/hostmask.h ../include/numeric.h ../include/fdlist.h \
-  ../include/s_bsd.h ../include/s_conf.h ../include/motd.h \
-  ../include/class.h ../include/s_misc.h ../include/scache.h \
-  ../include/send.h ../include/msg.h ../include/s_serv.h \
-  ../include/s_gline.h ../include/hash.h ../include/event.h \
-  ../include/list.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/m_kline.h ../include/hostmask.h \
+  ../include/numeric.h ../include/fdlist.h ../include/s_bsd.h \
+  ../include/s_conf.h ../include/motd.h ../include/class.h \
+  ../include/s_misc.h ../include/scache.h ../include/send.h \
+  ../include/msg.h ../include/s_serv.h ../include/s_gline.h \
+  ../include/hash.h ../include/event.h ../include/list.h
 s_log.o: s_log.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/client.h \
-  ../include/ircd_defs.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/tools.h ../include/channel.h ../include/res.h \
-  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/ssl.h ../include/ircd_defs.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/tools.h ../include/channel.h \
+  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/s_log.h ../include/s_misc.h \
  ../include/event.h ../include/s_conf.h ../include/motd.h \
  ../include/class.h
 s_misc.o: s_misc.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/s_misc.h \
-  ../include/client.h ../include/ircd_defs.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/numeric.h \
-  ../include/fdlist.h ../include/s_bsd.h ../include/s_conf.h \
-  ../include/motd.h ../include/class.h ../include/s_serv.h \
-  ../include/send.h
+  ../include/client.h ../include/ssl.h ../include/ircd_defs.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/numeric.h ../include/fdlist.h \
+  ../include/s_bsd.h ../include/s_conf.h ../include/motd.h \
+  ../include/class.h ../include/s_serv.h ../include/send.h
 s_serv.o: s_serv.c ../include/stdinc.h ../include/config.h \
-  ../include/setup.h ../include/defaults.h ../include/rsa.h \
-  ../include/tools.h ../include/s_serv.h ../include/channel_mode.h \
-  ../include/ircd_defs.h ../include/class.h ../include/client.h \
+  ../include/setup.h ../include/defaults.h ../include/tools.h \
+  ../include/s_serv.h ../include/channel_mode.h ../include/ircd_defs.h \
+  ../include/class.h ../include/client.h ../include/ssl.h \
  ../include/ircd_handler.h ../include/linebuf.h ../include/channel.h \
  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
@ -397,21 +410,22 @@ s_serv.o: s_serv.c ../include/stdinc.h ../include/config.h \
  ../include/s_bsd.h ../include/s_conf.h ../include/motd.h \
  ../include/s_log.h ../include/s_stats.h ../include/s_user.h \
  ../include/scache.h ../include/send.h ../include/s_debug.h \
-  ../include/hook.h
+  ../include/hook.h ../include/resv.h ../include/s_gline.h
 s_stats.o: s_stats.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/s_stats.h \
-  ../include/client.h ../include/ircd_defs.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/numeric.h ../include/fdlist.h \
-  ../include/s_bsd.h ../include/send.h
+  ../include/client.h ../include/ssl.h ../include/ircd_defs.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/numeric.h ../include/fdlist.h ../include/s_bsd.h \
+  ../include/send.h
 s_user.o: s_user.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h \
  ../include/s_user.h ../include/channel.h ../include/ircd_defs.h \
  ../include/channel_mode.h ../include/class.h ../include/client.h \
-  ../include/ircd_handler.h ../include/linebuf.h ../include/res.h \
-  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/ssl.h ../include/ircd_handler.h ../include/linebuf.h \
+  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/common.h ../include/fdlist.h \
  ../include/hash.h ../include/list.h ../include/listener.h \
@ -422,45 +436,54 @@ s_user.o: s_user.c ../include/stdinc.h ../include/config.h \
  ../include/md5.h ../include/packet.h
 scache.o: scache.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/client.h \
-  ../include/ircd_defs.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/tools.h ../include/channel.h ../include/res.h \
-  ../include/fileio.h ../adns/adns.h ../include/ircd.h \
+  ../include/ssl.h ../include/ircd_defs.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/tools.h ../include/channel.h \
+  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
  ../include/sprintf_irc.h ../include/common.h ../include/numeric.h \
  ../include/send.h ../include/scache.h
 send.o: send.c ../include/stdinc.h ../include/config.h ../include/setup.h \
  ../include/defaults.h ../include/tools.h ../include/send.h \
  ../include/channel.h ../include/ircd_defs.h ../include/class.h \
-  ../include/client.h ../include/ircd_handler.h ../include/linebuf.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/handlers.h \
-  ../include/numeric.h ../include/fdlist.h ../include/s_bsd.h \
-  ../include/s_serv.h ../include/s_conf.h ../include/motd.h \
-  ../include/list.h ../include/s_debug.h ../include/s_log.h \
-  ../include/hook.h
+  ../include/client.h ../include/ssl.h ../include/ircd_handler.h \
+  ../include/linebuf.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/handlers.h ../include/numeric.h \
+  ../include/fdlist.h ../include/s_bsd.h ../include/s_serv.h \
+  ../include/s_conf.h ../include/motd.h ../include/list.h \
+  ../include/s_debug.h ../include/s_log.h ../include/hook.h
 sprintf_irc.o: sprintf_irc.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/sprintf_irc.h \
  ../include/irc_string.h
+ssl.o: ssl.c ../include/stdinc.h ../include/config.h ../include/setup.h \
+  ../include/defaults.h ../include/ircd_defs.h ../include/s_log.h \
+  ../include/common.h ../include/ssl.h ../include/client.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/send.h
 tools.o: tools.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/tools.h
 whowas.o: whowas.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/whowas.h \
-  ../include/ircd_defs.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/hash.h \
-  ../include/numeric.h ../include/s_serv.h ../include/s_user.h \
-  ../include/send.h ../include/s_conf.h ../include/motd.h \
-  ../include/class.h
+  ../include/ircd_defs.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/hash.h ../include/numeric.h \
+  ../include/s_serv.h ../include/s_user.h ../include/send.h \
+  ../include/s_conf.h ../include/motd.h ../include/class.h
 cloak.o: cloak.c ../include/stdinc.h ../include/config.h \
  ../include/setup.h ../include/defaults.h ../include/whowas.h \
-  ../include/ircd_defs.h ../include/client.h ../include/ircd_handler.h \
-  ../include/linebuf.h ../include/tools.h ../include/channel.h \
-  ../include/res.h ../include/fileio.h ../adns/adns.h ../include/ircd.h \
-  ../include/memory.h ../include/balloc.h ../include/irc_string.h \
-  ../include/sprintf_irc.h ../include/common.h ../include/hash.h \
-  ../include/numeric.h ../include/s_serv.h ../include/s_user.h \
-  ../include/send.h ../include/s_conf.h ../include/motd.h \
-  ../include/class.h
+  ../include/ircd_defs.h ../include/client.h ../include/ssl.h \
+  ../include/ircd_handler.h ../include/linebuf.h ../include/tools.h \
+  ../include/channel.h ../include/res.h ../include/fileio.h \
+  ../adns/adns.h ../include/ircd.h ../include/memory.h \
+  ../include/balloc.h ../include/irc_string.h ../include/sprintf_irc.h \
+  ../include/common.h ../include/hash.h ../include/numeric.h \
+  ../include/s_serv.h ../include/s_user.h ../include/send.h \
+  ../include/s_conf.h ../include/motd.h ../include/class.h \
+  ../include/s_log.h
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -1,7 +1,7 @@
 #
 # Makefile.in for ircd/src
 #
-# $Id: Makefile.in,v 1.3 2002/09/02 04:11:00 fishwaldo Exp $
+# $Id: Makefile.in,v 1.4 2002/11/04 08:14:00 fishwaldo Exp $
 #
 CC		= @CC@
 INSTALL		= @INSTALL@
@ -106,6 +106,7 @@ BASE_SRCS =                     \
  send.c                        \
  sprintf_irc.c                 \
  @SNPRINTF_C@			\
+  ssl.c				\
  tools.c                       \
  whowas.c			\
  cloak.c
--- a/src/adns.c
+++ b/src/adns.c
@ -20,7 +20,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: adns.c,v 1.4 2002/10/31 13:01:57 fishwaldo Exp $
+ *  $Id: adns.c,v 1.5 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #include "stdinc.h"
@ -29,6 +29,7 @@
 #include "fileio.h"
 #include "res.h"
 #include "send.h"
+#include "stdinc.h"
 #include "s_conf.h"
 #include "s_bsd.h"
 #include "s_log.h"
--- a/src/ircd.c
+++ b/src/ircd.c
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: ircd.c,v 1.7 2002/09/13 16:30:04 fishwaldo Exp $
+ *  $Id: ircd.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #include "stdinc.h"
@ -623,6 +623,7 @@ int main(int argc, char *argv[])
  /* Init the event subsystem */
  eventInit();
  init_sys();
+  initssl();

  if (!server_state.foreground)
  {
--- a/src/ircd_lexer.l
+++ b/src/ircd_lexer.l
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: ircd_lexer.l,v 1.7 2002/10/31 13:01:58 fishwaldo Exp $
+ *  $Id: ircd_lexer.l,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
 */

 %option case-insensitive
@ -164,6 +164,7 @@ dot_in_ip6_addr { return DOT_IN_IP6_ADDR; }
 dots_in_ident   { return DOTS_IN_IDENT; }
 egdpool_path        { return EGDPOOL_PATH; }
 email		{ return EMAIL; }
+enable_ssl	{ return ENABLESSL; }
 encrypted       { return ENCRYPTED; }
 exceed_limit    { return EXCEED_LIMIT; }
 exempt		{ return EXEMPT; }
--- a/src/ircd_parser.y
+++ b/src/ircd_parser.y
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: ircd_parser.y,v 1.12 2002/10/31 13:18:11 fishwaldo Exp $
+ *  $Id: ircd_parser.y,v 1.13 2002/11/04 08:14:00 fishwaldo Exp $
 */

 %{
@ -77,6 +77,7 @@ int   class_max_number_var;
 int   class_sendq_var;

 static char  *listener_address;
+static int listener_ssl;

 char *resv_reason;

@ -126,6 +127,7 @@ int   class_redirport_var;
 %token  DOTS_IN_IDENT
 %token  EGDPOOL_PATH
 %token  EMAIL
+%token  ENABLESSL
 %token  ENCRYPTED
 %token  EXCEED_LIMIT
 %token  EXEMPT
@ -952,17 +954,19 @@ class_sendq:    SENDQ '=' sizespec ';'
 listen_entry:   LISTEN
  {
    listener_address = NULL;
+    listener_ssl = -1;
  }
  '{' listen_items '}' ';'
  {
    MyFree(listener_address);
    listener_address = NULL;
+    listener_ssl = -1;
  };

 listen_items:   listen_items listen_item |
                listen_item;

-listen_item:    listen_port | listen_address | listen_host | error;
+listen_item:    listen_port | listen_address | listen_host | listen_ssl | error;

 listen_port: PORT '=' port_items ';' ;

@ -970,13 +974,13 @@ port_items: port_items ',' port_item | port_item;

 port_item: NUMBER
 {
-  add_listener($1, listener_address);
+  add_listener($1, listener_ssl, listener_address);
 } | NUMBER TWODOTS NUMBER
 {
  int i;
  for (i = $1; i <= $3; i++)
 	{
-	  add_listener(i, listener_address);
+	  add_listener(i, listener_ssl, listener_address);
 	}
 };

@ -984,6 +988,7 @@ listen_address: IP '=' QSTRING ';'
  {
    MyFree(listener_address);
    DupString(listener_address, yylval.string);
+
  };

 listen_host:	HOST '=' QSTRING ';'
@ -991,6 +996,11 @@ listen_host:	HOST '=' QSTRING ';'
    MyFree(listener_address);
    DupString(listener_address, yylval.string);
  };
+listen_ssl:    ENABLESSL '=' TYES ';'
+  {
+    listener_ssl = 1;
+  };
+

 /***************************************************************************
 *  section auth
--- a/src/linebuf.c
+++ b/src/linebuf.c
@ -20,7 +20,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: linebuf.c,v 1.5 2002/10/31 13:01:58 fishwaldo Exp $
+ *  $Id: linebuf.c,v 1.6 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #include "stdinc.h"
@ -629,8 +629,13 @@ linebuf_putmsg(buf_head_t *bufhead, const char *format, va_list *va_args,
 *        and tag it so that we don't re-schedule another write until
 *        we have a CRLF.
 */
+#ifdef USE_SSL
+int
+linebuf_flush(int fd, buf_head_t *bufhead, SSL *ssl)
+#else 
 int
 linebuf_flush(int fd, buf_head_t *bufhead)
+#endif
 {
  buf_line_t *bufline;
  int retval;
@ -660,9 +665,14 @@ linebuf_flush(int fd, buf_head_t *bufhead)
    }

  /* Now, try writing data */
-  retval = send(fd, bufline->buf + bufhead->writeofs, bufline->len
+#ifdef USE_SSL
+  if (ssl != NULL)
+  	retval = safe_SSL_write(ssl, bufline->buf + bufhead->writeofs, bufline->len - bufhead->writeofs);
+  else 
+#endif
+	retval = send(fd, bufline->buf + bufhead->writeofs, bufline->len
 		 - bufhead->writeofs, 0);
-   
+printf("send retval %d\n", retval);   
  /* Deal with return code */
  if (retval < 0)
    return retval;
--- a/src/listener.c
+++ b/src/listener.c
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: listener.c,v 1.4 2002/09/13 16:30:04 fishwaldo Exp $
+ *  $Id: listener.c,v 1.5 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #include "stdinc.h"
@ -60,6 +60,7 @@ make_listener(int port, struct irc_inaddr *addr)
  
  listener->name        = me.name;
  listener->fd          = -1;
+  listener->isssl	= -1;
  copy_s_addr(IN_ADDR(listener->addr),PIN_ADDR(addr));

  listener->port        = port;
@ -109,8 +110,8 @@ get_listener_name(const struct Listener* listener)
  assert(NULL != listener);
  if(listener == NULL)
    return NULL;
-  ircsprintf(buf, "%s[%s/%u]",
-             me.name, listener->name, listener->port);
+  ircsprintf(buf, "%s[%s/%u]%s",
+             me.name, listener->name, listener->port, listener->isssl ? "SSL" : "Normal");
  return buf;
 }

@ -134,7 +135,8 @@ show_ports(struct Client* source_p)
               listener->port,
               IsOperAdmin(source_p) ? listener->name : me.name,
               listener->ref_count,
-               (listener->active)?"active":"disabled");
+               (listener->active)?"active":"disabled",
+               (listener->isssl > 0)?"SSL":"NORMAL");
  }
 }

@ -271,7 +273,7 @@ find_listener(int port, struct irc_inaddr *addr)
 * the format "255.255.255.255"
 */
 void 
-add_listener(int port, const char* vhost_ip)
+add_listener(int port, int isssl, const char* vhost_ip)
 {
  struct Listener* listener;
  struct irc_inaddr   vaddr;
@ -307,6 +309,11 @@ add_listener(int port, const char* vhost_ip)
  }

  listener->fd = -1;
+  if (isssl > 0)
+	  listener->isssl = 1;
+  else 
+  	  listener->isssl = -1;
+	  

  if (inetport(listener))
    listener->active = 1;
@ -421,7 +428,11 @@ accept_connection(int pfd, void *data)
 			       get_listener_name(listener));
 	  last_oper_notice = CurrentTime;
 	}
-      send(fd, "ERROR :All connections in use\r\n", 32, 0);
+#ifdef USE_SSL
+      if(listener->isssl < 0)
+#endif
+	      send(fd, "ERROR :All connections in use\r\n", 32, 0);
+	     
      fd_close(fd);
      /* Re-register a new IO request for the next accept .. */
      comm_setselect(listener->fd, FDLIST_SERVICE, COMM_SELECT_READ,
@ -437,10 +448,16 @@ accept_connection(int pfd, void *data)
   switch (pe)
   {
    case BANNED_CLIENT:
-     send(fd, DLINE_WARNING, sizeof(DLINE_WARNING)-1, 0);
+#ifdef USE_SSL
+     if (listener->isssl < 0)
+#endif
+	     send(fd, DLINE_WARNING, sizeof(DLINE_WARNING)-1, 0);
     break;
    case TOO_FAST:
-     send(fd, TOOFAST_WARNING, sizeof(TOOFAST_WARNING)-1, 0);
+#ifdef USE_SSL
+     if (listener->isssl < 0)
+#endif
+	     send(fd, TOOFAST_WARNING, sizeof(TOOFAST_WARNING)-1, 0);
     break;
   }
   fd_close(fd);
--- a/src/messages.tab
+++ b/src/messages.tab
@ -16,7 +16,7 @@
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
- *   $Id: messages.tab,v 1.7 2002/09/21 06:26:13 fishwaldo Exp $
+ *   $Id: messages.tab,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
 */

 static  char *  replies[] = {
@ -240,7 +240,7 @@ static  char *  replies[] = {
 /* 217 RPL_STATSQLINE, */       ":%s 217 %s %c %s :%s",
 /* 218 RPL_STATSYLINE, */       ":%s 218 %s %c %s %d %d %d %lu",
 /* 219 RPL_ENDOFSTATS, */       ":%s 219 %s %s :End of /STATS report",
-/* 220 RPL_STATSPLINE, */       ":%s 220 %s %c %d %s %d :%s",
+/* 220 RPL_STATSPLINE, */       ":%s 220 %s %c %d %s %d :%s %s",
 /* 221 RPL_UMODEIS, */          ":%s 221 %s %s",
 /* 222 */	NULL,
 /* 223 */       NULL,
--- a/src/packet.c
+++ b/src/packet.c
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: packet.c,v 1.5 2002/10/31 13:01:58 fishwaldo Exp $
+ *  $Id: packet.c,v 1.6 2002/11/04 08:14:00 fishwaldo Exp $
 */
 #include "stdinc.h"
 #include "tools.h"
@ -377,8 +377,24 @@ read_packet(int fd, void *data)
   * I personally think it makes the code too hairy to make sane.
   *     -- adrian
   */
-  length = recv(fd_r, readBuf, READBUF_SIZE, 0);
+   
+#ifdef USE_SSL
+  if (IsSSL(client_p))
+  	length = safe_SSL_read(client_p, readBuf, READBUF_SIZE);
+  	if (!IsSSLOK(client_p) && length > 0) {
+		SetSSLOK(client_p);
+  		start_auth(client_p);
+  	} else if (length == 0) {
+		comm_setselect(fd_r, FDLIST_SERVICE, COMM_SELECT_READ, read_packet, client_p, 0);
+  		return;
+  	}	
+  	
+  else
+#endif
+	length = recv(fd_r, readBuf, READBUF_SIZE, 0);

+printf("leng %d\n", length);
+/* THIS WAS <= 0, should it stay? */
  if (length <= 0)
  {
    if((length == -1) && ignoreErrno(errno))
@ -428,6 +444,7 @@ read_packet(int fd, void *data)

  lclient_p->actually_read += lbuf_len;
  
+  
  /* Attempt to parse what we have */
  parse_client_queued(client_p);
  
--- a/src/s_auth.c
+++ b/src/s_auth.c
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: s_auth.c,v 1.7 2002/10/31 13:01:58 fishwaldo Exp $
+ *  $Id: s_auth.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
 */

 /*
@ -90,6 +90,9 @@ typedef enum {
 #define sendheader(c, r) \
   send((c)->localClient->fd, HeaderMessages[(r)].message, HeaderMessages[(r)].length, 0)

+#define sendsslheader(c, r) \
+   safe_SSL_write(c, HeaderMessages[(r)].message, HeaderMessages[(r)].length)
+
 /*
 */
 dlink_list auth_client_list;
@ -196,8 +199,18 @@ auth_dns_callback(void* vptr, adns_answer* reply)
      if(strlen(*reply->rrs.str) <= HOSTLEN)
        {
          strlcpy(auth->client->host, *reply->rrs.str, sizeof(auth->client->host));
-          sendheader(auth->client, REPORT_FIN_DNS);
+#ifdef USE_SSL
+	  if (IsSSL(auth->client))
+	  	sendsslheader(auth->client, REPORT_FIN_DNS);
+	  else
+#endif	  
+	        sendheader(auth->client, REPORT_FIN_DNS);
        } else
+#ifdef USE_SSL
+	  if (IsSSL(auth->client))
+	  	sendsslheader(auth->client, REPORT_HOST_TOOLONG);
+	  else
+#endif	  
          sendheader(auth->client, REPORT_HOST_TOOLONG);
    }
  else
@ -213,6 +226,11 @@ auth_dns_callback(void* vptr, adns_answer* reply)
        return;
      }
 #endif
+#ifdef USE_SSL
+	  if (IsSSL(auth->client))
+	  	sendsslheader(auth->client, REPORT_FAIL_DNS);
+	  else
+#endif	  
      sendheader(auth->client, REPORT_FAIL_DNS);
    }

@ -246,6 +264,11 @@ static void auth_error(struct AuthRequest* auth)
  auth->fd = -1;

  ClearAuth(auth);
+#ifdef USE_SSL
+	  if (IsSSL(auth->client))
+	  	sendsslheader(auth->client, REPORT_FAIL_ID);
+	  else
+#endif	  
  sendheader(auth->client, REPORT_FAIL_ID);

  if (!IsDNSPending(auth))
@ -293,6 +316,11 @@ static int start_auth_query(struct AuthRequest* auth)
      return 0;
    }

+#ifdef USE_SSL
+	  if (IsSSL(auth->client))
+	  	sendsslheader(auth->client, REPORT_DO_ID);
+	  else
+#endif	  
  sendheader(auth->client, REPORT_DO_ID);
  if (!set_non_blocking(fd))
    {
@ -404,6 +432,11 @@ void start_auth(struct Client* client)
  client->localClient->dns_query->ptr = auth;
  client->localClient->dns_query->callback = auth_dns_callback;

+#ifdef USE_SSL
+	  if (IsSSL(auth->client))
+	  	sendsslheader(auth->client, REPORT_DO_DNS);
+	  else
+#endif	  
  sendheader(client, REPORT_DO_DNS);

  /* No DNS cache now, remember? -- adrian */
@ -435,12 +468,23 @@ timeout_auth_queries_event(void *notused)
 	  if (auth->fd >= 0)
 	    fd_close(auth->fd);

-	  if (IsDoingAuth(auth))
+	  if (IsDoingAuth(auth)) {
+#ifdef USE_SSL
+		  if (IsSSL(auth->client))
+		  	sendsslheader(auth->client, REPORT_FAIL_ID);
+		  else
+#endif	  
 	    sendheader(auth->client, REPORT_FAIL_ID);
+	  }
 	  if (IsDNSPending(auth))
 	    {
 	      delete_adns_queries(auth->client->localClient->dns_query);
 	      auth->client->localClient->dns_query->query = NULL;
+#ifdef USE_SSL
+	      if (IsSSL(auth->client))
+	      	sendsslheader(auth->client, REPORT_FAIL_DNS);
+	      else
+#endif	  
 	      sendheader(auth->client, REPORT_FAIL_DNS);
 	    }
 	  ilog(L_INFO, "DNS/AUTH timeout %s",
@ -577,6 +621,11 @@ read_auth_reply(int fd, void *data)
    }
  else
    {
+#ifdef USE_SSL
+      if (IsSSL(auth->client))
+      	sendsslheader(auth->client, REPORT_FIN_ID);
+      else
+#endif	  
      sendheader(auth->client, REPORT_FIN_ID);
      ++ServerStats->is_asuc;
      SetGotId(auth->client);
--- a/src/s_bsd.c
+++ b/src/s_bsd.c
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: s_bsd.c,v 1.8 2002/10/31 13:01:58 fishwaldo Exp $
+ *  $Id: s_bsd.c,v 1.9 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #include "stdinc.h"
@ -47,9 +47,11 @@
 #include "s_stats.h"
 #include "send.h"
 #include "s_debug.h"
+#ifdef USE_SSL
+#include "ssl.h"
+#endif
 #include "memory.h"

-
 #ifndef IN_LOOPBACKNET
 #define IN_LOOPBACKNET        0x7f
 #endif
@ -350,6 +352,7 @@ void add_connection(struct Listener* listener, int fd)

  socklen_t len = sizeof(struct irc_sockaddr);
  struct irc_sockaddr   irn;
+  int ssl_ret;
  assert(NULL != listener);

 #ifdef USE_IAUTH
@ -418,10 +421,59 @@ void add_connection(struct Listener* listener, int fd)
  new_client->localClient->listener  = listener;
  ++listener->ref_count;

+#ifdef USE_SSL
+  if (listener->isssl > 0)
+  {
+  	extern SSL_CTX *ircdssl_ctx;
+  	
+  	new_client->localClient->ssl = NULL;
+  	
+  	/* init the ssl stuff */
+  	if ((new_client->localClient->ssl = SSL_new(ircdssl_ctx)) == NULL)
+  	{
+  		sendto_realops_flags(FLAGS_DEBUG, L_ALL, "SSL creation of new client failed (Client %s)", new_client->localClient->sockhost);
+		ServerStats->is_ref++;
+      		fd_close(fd);
+      		free_client(new_client);
+	        return;
+  		--listener->ref_count;
+  	}	
+	SetSSL(new_client);
+	SSL_set_fd(new_client->localClient->ssl, fd);
+  }
+#endif
+
  if (!set_non_blocking(new_client->localClient->fd))
    report_error(L_ALL, NONB_ERROR_MSG, get_client_name(new_client, SHOW_IP), errno);
  if (!disable_sock_options(new_client->localClient->fd))
    report_error(L_ALL, OPT_ERROR_MSG, get_client_name(new_client, SHOW_IP), errno);
+
+#ifdef USE_SSL  
+  /* now accept the ssl connection */
+  if (IsSSL(new_client))
+  {
+  	ssl_ret = safe_SSL_accept(new_client, fd);
+  	
+  	if (ssl_ret < 0 ) 
+  	{
+  		SSL_set_shutdown(new_client->localClient->ssl, SSL_RECEIVED_SHUTDOWN);
+  		SSL_smart_shutdown(new_client);
+  		SSL_free(new_client->localClient->ssl);
+		ServerStats->is_ref++;
+      		fd_close(fd);
+      		free_client(new_client);
+	        return;
+  		--listener->ref_count;
+		return;
+	}  
+	/* ssl still wants to talk */
+	if (ssl_ret == 0)
+		read_packet(new_client->localClient->fd, new_client);
+		return;		
+		
+	ilog(L_DEBUG, "SSL accept was successfull");
+  }
+#endif
  start_auth(new_client);
 }

--- a/src/send.c
+++ b/src/send.c
@ -19,7 +19,7 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
- *  $Id: send.c,v 1.9 2002/10/31 13:01:58 fishwaldo Exp $
+ *  $Id: send.c,v 1.10 2002/11/04 08:14:00 fishwaldo Exp $
 */

 #include "stdinc.h"
@ -296,7 +296,12 @@ send_queued_write(int fd, void *data)
  
  if (linebuf_len(&to->localClient->buf_sendq))
  {
+#ifdef USE_SSL
+
+    while((retlen = linebuf_flush(to->localClient->fd, &to->localClient->buf_sendq, to->localClient->ssl)) > 0)
+#else
    while((retlen = linebuf_flush(to->localClient->fd, &to->localClient->buf_sendq)) > 0)
+#endif    
    {
      /* We have some data written .. update counters */
 #ifndef NDEBUG
--- a/src/ssl.c
+++ b/src/ssl.c
@ -0,0 +1,273 @@
+/*
+ *  NeoIRCd: NeoStats Group. Based on Hybird7
+ *  ssl.c: Listens on a port.
+ *
+ *  Copyright (C) 2002 by the past and present ircd coders, and others.
+ *  Originally copied from Ultimate3, modified to work with NeoIRCd. 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
+ *  USA
+ *
+ *  $Id: ssl.c,v 1.1 2002/11/04 08:14:01 fishwaldo Exp $
+ */
+
+#include "stdinc.h"
+#include "config.h"
+#include "ircd_defs.h"
+#include "s_log.h"
+#include "common.h"
+#include "ssl.h"
+#include "client.h"
+#include "send.h"
+
+#ifdef USE_SSL
+#define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt"
+#define IRCDSSL_KPATH "/home/fish/ircd/etc/ircd.key"
+
+
+#define SAFE_SSL_READ	1
+#define SAFE_SSL_WRITE	2
+#define SAFE_SSL_ACCEPT	3
+
+extern int errno;
+
+SSL_CTX *ircdssl_ctx;
+int ssl_capable = 0;
+
+int
+initssl (void)
+{
+  SSL_load_error_strings ();
+  SSLeay_add_ssl_algorithms ();
+  ircdssl_ctx = SSL_CTX_new (SSLv23_server_method ());
+  if (!ircdssl_ctx)
+    {
+      ilog(L_ERROR, "initssl(): Failed to Create SSL context");
+      return 0;
+    }
+  if (SSL_CTX_use_certificate_file (ircdssl_ctx,
+				    IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0)
+    {
+      ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File");
+      SSL_CTX_free (ircdssl_ctx);
+      return 0;
+    }
+  if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx,
+				   IRCDSSL_KPATH, SSL_FILETYPE_PEM) <= 0)
+    {
+      ilog(L_ERROR, "initssl(): Failed to use Private Certificate");
+      SSL_CTX_free (ircdssl_ctx);
+      return 0;
+    }
+  if (!SSL_CTX_check_private_key (ircdssl_ctx))
+    {
+      ilog(L_ERROR, "Server certificate does not match Server key");
+      SSL_CTX_free (ircdssl_ctx);
+      return 0;
+    }
+  ilog(L_INFO, "SSL Initilized Successfully");
+  return 1;
+}
+
+static int fatal_ssl_error (int, int, struct Client *);
+
+int
+safe_SSL_read (struct Client * client_p, void *buf, int sz)
+{
+  int len, ssl_err;
+
+  len = SSL_read(client_p->localClient->ssl, buf, sz);
+printf("ssl read %s\n", buf);
+
+  if (len <= 0)
+    {
+      switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
+	{
+	case SSL_ERROR_SYSCALL:
+	  if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
+	    {
+	case SSL_ERROR_WANT_READ:
+	      errno = EWOULDBLOCK;
+#ifdef DEBUG
+	      printf("SSL_ERROR_WANT_READ\n");
+	      fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
+#endif	      
+	      return -1;
+	    }
+	case SSL_ERROR_SSL:
+#ifdef DEBUG
+		printf("SSL_ERROR_SSL\n");
+	      fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
+#endif	      
+	  if (errno == EAGAIN)
+	    return -1;
+	default:
+	  printf("fatal error\n");
+	  return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p);
+	}
+    }
+  return len;
+}
+
+int
+safe_SSL_write (struct Client *client_p, const void *buf, int sz)
+{
+  int len, ssl_err;
+
+printf("ssl write %s %d(%d)\n", buf, strlen(buf), sz);
+  len = SSL_write (client_p->localClient->ssl, buf, sz);
+printf("len %d\n", len);
+  if (len <= 0)
+    {
+      switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
+	{
+	case SSL_ERROR_SYSCALL:
+	  if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
+	    {
+	case SSL_ERROR_WANT_WRITE:
+	      errno = EWOULDBLOCK;
+	      return 0;
+	    }
+	case SSL_ERROR_SSL:
+	  if (errno == EAGAIN)
+	    return 0;
+	default:
+	  return fatal_ssl_error (ssl_err, SAFE_SSL_WRITE, client_p);
+	}
+    }
+  return len;
+}
+
+int
+safe_SSL_accept (struct Client *client_p, int fd)
+{
+
+  int ssl_err;
+
+  if ((ssl_err = SSL_accept (client_p->localClient->ssl)) <= 0)
+    {
+      switch (ssl_err = SSL_get_error (client_p->localClient->ssl, ssl_err))
+	{
+	case SSL_ERROR_SYSCALL:
+	  if (errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN)
+	case SSL_ERROR_WANT_READ:
+	case SSL_ERROR_WANT_WRITE:
+	    /* handshake will be completed later . . */
+#ifdef DEBUG
+	    fatal_ssl_error(ssl_err, SAFE_SSL_ACCEPT, client_p);
+#endif
+	    return 0;
+	default:
+	  return fatal_ssl_error (ssl_err, SAFE_SSL_ACCEPT, client_p);
+
+	}
+      /* NOTREACHED */
+      return -1;
+    }
+  return 1;
+}
+
+int
+SSL_smart_shutdown (struct Client *client_p)
+{
+  char i;
+  int rc;
+
+  rc = 0;
+  for (i = 0; i < 4; i++)
+    {
+      if ((rc = SSL_shutdown (client_p->localClient->ssl)))
+	break;
+    }
+
+  return rc;
+}
+
+static int
+fatal_ssl_error (int ssl_error, int where, struct Client *client_p)
+{
+  /* don`t alter errno */
+  int errtmp = errno;
+  char *errstr = strerror (errtmp);
+  char *ssl_errstr, *ssl_func;
+
+  switch (where)
+    {
+    case SAFE_SSL_READ:
+      ssl_func = "SSL_read()";
+      break;
+    case SAFE_SSL_WRITE:
+      ssl_func = "SSL_write()";
+      break;
+    case SAFE_SSL_ACCEPT:
+      ssl_func = "SSL_accept()";
+      break;
+    default:
+      ssl_func =
+	"undefined SSL func [this is a bug] reporto to fish@dynam.ac";
+    }
+
+  switch (ssl_error)
+    {
+    case SSL_ERROR_NONE:
+      ssl_errstr = "No error";
+      break;
+    case SSL_ERROR_SSL:
+      ssl_errstr = "Internal OpenSSL error or protocol error";
+      break;
+    case SSL_ERROR_WANT_READ:
+      ssl_errstr = "OpenSSL functions requested a read()";
+      break;
+    case SSL_ERROR_WANT_WRITE:
+      ssl_errstr = "OpenSSL functions requested a write()";
+      break;
+    case SSL_ERROR_WANT_X509_LOOKUP:
+      ssl_errstr = "OpenSSL requested a X509 lookup which didn`t arrive";
+      break;
+    case SSL_ERROR_SYSCALL:
+      ssl_errstr = "Underlying syscall error";
+      break;
+    case SSL_ERROR_ZERO_RETURN:
+      ssl_errstr = "Underlying socket operation returned zero";
+      break;
+    case SSL_ERROR_WANT_CONNECT:
+      ssl_errstr = "OpenSSL functions wanted a connect()";
+      break;
+    default:
+      ssl_errstr = "Unknown OpenSSL error (huh?)";
+    }
+
+  sendto_realops_flags(FLAGS_DEBUG,L_ALL, "%s to %s!%s@%s aborted with %serror (%s). [%s]",
+		      ssl_func, client_p->name ? client_p->name : "<unknown>",
+		      client_p->username, 
+		      client_p->host,
+		      (errno > 0) ? " " : " no ", errstr, ssl_errstr);
+  ilog (L_ERROR, "SSL error in %s: %s [%s]", ssl_func, errstr, ssl_errstr);
+
+  /* if we reply() something here, we might just trigger another
+   * fatal_ssl_error() call and loop until a stack overflow...
+   * the client won`t get the ERROR : ... string, but this is
+   * the only way to do it.
+   * IRC protocol wasn`t SSL enabled .. --vejeta
+   */
+
+  errno = errtmp ? errtmp : EIO;	/* Stick a generic I/O error */
+#if 0
+  sptr->sockerr = IRCERR_SSL;
+  sptr->flags |= FLAGS_DEADSOCKET;
+#endif 
+  return -1;
+}
+#endif