https://gitlab.synchro.net/main/sbbs/-/commit/b5b3769123c99c8500377ebc
Modified Files:
src/sbbs3/ssl.c
Log Message:
Don't set cryptlib_initialized = true until the init is complete

is_crypt_initialized() does not depend on the once value.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/fea518c7ae55a66649a81068
Modified Files:
src/sbbs3/ssl.c
Log Message:
assert() pthread_mutex assumptions in ssl.c

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/2adf8468d63418b04cef9c2d
Modified Files:
src/sbbs3/ssl.c
Log Message:
Log a (notice-level) message when creating a self-signed cert

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/3122a36b6b0bad4296401ab3
Modified Files:
src/sbbs3/ssl.c
Log Message:
Fix failure handing in crypt initialization.

Don't add the atexit() do_cryptEnd() handler until we're not going
to call cryptEnd() ourselves.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/d1c741d07362a4a3327532f7
Modified Files:
src/sbbs3/ssl.c
Log Message:
Incremental backoff on loading SSL cert

Try for 16 seconds (14 loops) to load the SSL certificate.

On the first time through the loop, create self-signed certificate
if configured to do so.

This also splits the generation of the self-signed certificate into
a separate function.

While we're here, split the new SSL epoch out into a separate function
as well, and explicitly call it when we create a new self-signed
cert. This at least partially fixes the epoch thing, but there's
still the possibility of creating it multiple times in the same
second... the file date isn't really enough.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/1d0353858e00d5fade270854
Modified Files:
src/sbbs3/ssl.c
Log Message:
Better error reporting/handling when the ssl.cert file doesn't exist

Since "Create self-signed certificate" defaults to No, it's normal/expected to not have an ssl.cert file in many cases and the logged errors were not very helpful. We should probably change the default for this setting to Yes
(and have letsyncrypt.js disable it) or when auto-disable any SSH/TLS functionality that will expect a certificate file when the file doens't exist during initialization (startup or recycle). At least this change is a little bit of an improvement (help to the unknowing sysop). No longer just logging this unhelpful spew:
7/8 21:23:05 mail 0055 SEND connecting to port 25 on mail.synchro.net [71.95.196.36]
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:06 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:07 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:08 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:10 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:14 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:22 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert
7/8 21:23:22 mail 0055 SEND/TLS [mail.synchro.net] ERROR 'Data has not been initialised' (-11) setting private key

Thanks to Sam Alexander (BLUEBOX) for pointing this bad behavior out.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/b40af061776e4215e9ebf102
Modified Files:
src/sbbs3/ssl.c
Log Message:
Remove duplicate log message: "Creating self-signed TLS certificate"

... added in commit d1c741d07

As pointed out in issue #960

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/38e2430de193a65ce9586ec5
Modified Files:
src/sbbs3/ssl.c
Log Message:
Only fail ssl_sync() when ssl.cert doesn't exist, if not self-signing

This allows letsyncrypt.js to work when the ctrl/ssl.cert file doesn't (initially) exist. The SCFG->System->Security->Create Self-signed Certificate option must be enabled (which is the default).

This should fix issue #960

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/a0fd65fa72b75df176dfbcf3
Modified Files:
src/sbbs3/ssl.c
Log Message:
Remove the failure result form ssl_sync if ssl.ccert is missing, altogether

... even when create_self_signed_cert is false, because in some cases (e.g. creating a TLS client in JS), a certificate isn't required.

Related to issue #960

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/e3c1569fc5a74ca9bb76c62c
Modified Files:
src/sbbs3/ssl.c
Log Message:
ssl: assert CRYPTLIB_PATCHES literal is at least 32 chars (CID 483188)

CRYPTLIB_PATCHES is generated at build time by 3rdp/build/hashpatch.pl
as a 32-char MD5 plus " -" (36 bytes including NUL). If hashpatch.pl
fails to run, the macro can be left empty, and the existing
memcmp(patches, CRYPTLIB_PATCHES, 32) reads 32 bytes off the end of a
1-byte empty literal Ä Coverity flags this as OVERRUN. Add a
_Static_assert at the top of internal_do_cryptInit() so a malformed
build fails to compile instead of producing a binary that may either
overrun or run a broken patch check.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/c34274cdbba23fb7f5bcba2a
Modified Files:
src/sbbs3/ssl.c
Log Message:
ssl: suppress destroy_session false positives (CIDs 479100, 530506)

CID 530506 (psess->next MISSING_LOCK): Coverity confused the two
distinct list mutexes. sess_list nodes (and their next fields) are
protected by ssl_sess_list_mutex, which IS held at the flagged write.
The cert_list (separate list, separate mutex) shares the cert_list
struct type but has no overlap Ä a node lives in exactly one list at
a time.

CID 479100 (sess ATOMICITY across two locked sections): After sess is
removed from sess_list under ssl_sess_list_mutex, no other thread can
reach it via either list. It's thread-local until appended to
cert_list under ssl_cert_list_mutex. The "second locked section" only
touches a pointer this thread exclusively owns.

Add SUPPRESS comments documenting both invariants.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/0f04514cb45809851b631961
Modified Files:
src/sbbs3/ssl.c
Log Message:
ssl: cast DO() to void in get_ssl_cert key load (CID 544155)

The cryptGetPrivateKey result is captured via the cert_entry->cert out-parameter and the loop's 'cert == -1' check, which is the actual
condition the caller acts on. The DO() macro return is informational
only here. Make the discarded return explicit.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/a62f38d5ba9491e2c89227d7
Modified Files:
src/sbbs3/ssl.c
Log Message:
ssl: fix macOS build of internal_do_cryptInit (CID 483188 follow-up)

e3c1569fc added a _Static_assert that CRYPTLIB_PATCHES is at least
32 chars, but some build configs (macOS, exec/testbuild.js nightly)
define it empty to deliberately skip the patch-version check. The
assert tripped that build.

Replace the assert with a sizeof() runtime guard wrapping the cryptGetAttributeString / memcmp / asprintf block. Compilers fold
the sizeof comparison constant per build, so:
- When CRYPTLIB_PATCHES is the real 36-byte literal, the block is
kept and Coverity sees the memcmp is safely bounded.
- When CRYPTLIB_PATCHES is "", the block is dropped entirely and
we never attempt the 32-byte read past the empty literal.

GitLab CI pipelines pass; this only affects the nightly testbuild configurations that leave CRYPTLIB_PATCHES empty.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net