- rediff pathes, rebuild with openssl 3.0.0, rel 2

[packages/eggdrop.git] / eggdrop-ssl.patch

--- Makefile.in 2004-03-27 06:50:00.000000000 +0000
+++ Makefile.in 2004-03-27 06:50:00.000000000 +0000
@@ -62,6 +62,10 @@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 
+# Stuff for SSL
+XSSL_LIBS = @SSL_LIBS@
+XSSL_INCLUDE = @SSL_INCLUDE@
+
 # Stuff for Tcl
 TCLLIB = @TCLLIB@
 TCLLIBFN = @TCLLIBFN@
@@ -95,7 +99,8 @@
 MAKE_MODEGG = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(MOD_CC)' 'LD=$(MOD_LD)' \
 'STRIP=$(MOD_STRIP)' 'RANLIB=$(RANLIB)' 'CFLGS=$(CFLGS)' \
 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' \
-'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(standard build)' 'MODOBJS='
+'XSSL_LIBS=$(XSSL_LIBS)' 'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' \
+'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'EGGBUILD=' 'MODOBJS='
 
 MAKE_MODULES = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(SHLIB_CC)' 'LD=$(SHLIB_LD)' \
 'STRIP=$(SHLIB_STRIP)' 'CFLGS=$(CFLGS)' 'XLIBS=$(XLIBS)' \
@@ -105,12 +110,13 @@
 'STRIP=$(STRIP)' 'RANLIB=$(RANLIB)' 'CFLGS=$(CFLGS) -DSTATIC' \
 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' \
 'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(static version)' \
-'MODOBJS=mod/*.o'
+'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'XSSL_LIBS=$(XSSL_LIBS)' 'MODOBJS=mod/*.o'
 
 MAKE_DEBEGG = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(MOD_CC)' 'LD=$(MOD_LD)' \
 'STRIP=touch' 'RANLIB=$(RANLIB)' 'CFLGS=$(DEBCFLGS) $(CFLGS)' \
 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' \
-'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(debug version)' 'MODOBJS='
+'XSSL_LIBS=$(XSSL_LIBS)' 'XLIBS=$(XLIBS)' 'EGGEXEC=$(EGGEXEC)' \
+'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'EGGBUILD=(debug version)' 'MODOBJS='
 
 MAKE_DEBMODULES = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(SHLIB_CC)' 'LD=$(SHLIB_LD)' \
 'XLIBS=$(XLIBS)' 'STRIP=touch' 'CFLGS=$(DEBCFLGS) $(CFLGS)' \
@@ -119,7 +125,8 @@
 MAKE_SDEBUG = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(CC)' 'LD=$(LD)' \
 'STRIP=touch' 'RANLIB=$(RANLIB)' 'CFLGS=$(DEBCFLGS) $(CFLGS) -DSTATIC' \
 'TCLLIB=$(TCLLIB)' 'TCLLIBFN=$(TCLLIBFN)' 'XREQS=$(XREQS)' 'XLIBS=$(XLIBS)' \
-'EGGEXEC=$(EGGEXEC)' 'EGGBUILD=(static debug version)' 'MODOBJS=mod/*.o'
+'XSSL_INCLUDE=$(XSSL_INCLUDE)' 'XSSL_LIBS=$(XSSL_LIBS)' 'EGGEXEC=$(EGGEXEC)' \
+'EGGBUILD=(static and debug version)' 'MODOBJS=mod/*.o'
 
 MAKE_DEPEND = $(MAKE) 'MAKE=$(MAKE)' 'CC=$(CC)'
 
--- aclocal.m4  2004-03-27 06:50:00.000000000 +0000
+++ aclocal.m4  2012-03-31 19:46:26.881862392 +0300
@@ -37,6 +37,64 @@
 ])
 
 
+dnl  EGG_SSL_CRAP()
+dnl
+AC_DEFUN(EGG_SSL_CRAP, [dnl
+#ssl checks
+AC_MSG_CHECKING(whether to include SSL support)
+AC_ARG_WITH(ssl,
+[  --with-ssl[=PATH]         Include SSL support (DIR is OpenSSL's install dir).],
+[
+  case "$withval" in
+    no)
+      AC_MSG_RESULT(no) ;;
+    yes)
+      AC_MSG_RESULT(yes)
+      AC_CHECK_LIB(ssl,SSL_accept,[AC_DEFINE(EGG_SSL_EXT)
+      SSL_LIBS="-lssl -lcrypto"],[AC_MSG_ERROR([You requested SSL support, but OpenSSL was not found. Please supply a pathname to OpenSSL])],-lcrypto)
+      ;;
+    *)
+dnl A whole whack of possible places where this might be
+      test -f $withval/openssl/ssl.h && SSL_INCLUDE="$withval"
+      test -f $withval/include/openssl/ssl.h && SSL_INCLUDE="$withval/include"
+
+      test -f $withval/lib/libssl.a && SSL_LIB="$withval/lib"
+      test -f $withval/lib/ssl/libssl.a && SSL_LIB="$withval/lib/ssl"
+      test -f $withval/lib/openssl/libssl.a && SSL_LIB="$withval/lib/openssl/ssl"
+      test -f $withval/libssl.a && SSL_LIB="$withval"
+      test -f $withval/ssl/libssl.a && SSL_LIB="$withval/ssl"
+      test -f $withval/openssl/libssl.a && SSL_LIB="$withval/openssl"
+
+      test -f $withval/lib/libcrypto.a && CRYPTO_LIB="$withval/lib"
+      test -f $withval/lib/ssl/libcrypto.a && CRYPTO_LIB="$withval/lib/ssl"
+      test -f $withval/lib/openssl/libcrypto.a && CRYPTO_LIB="$withval/lib/openssl/ssl"
+      test -f $withval/libcrypto.a && CRYPTO_LIB="$withval"
+      test -f $withval/ssl/libcrypto.a && CRYPTO_LIB="$withval/ssl"
+      test -f $withval/openssl/libcrypto.a && CRYPTO_LIB="$withval/openssl"
+
+      if test -n "$SSL_INCLUDE" && test -n "$SSL_LIB" && test -n "$CRYPTO_LIB"; then
+        SSL_LIBS="-lssl -lcrypto -L$SSL_LIB -L$CRYPTO_LIB";
+        AC_DEFINE([EGG_SSL_EXT], [], [SSL support])
+        AC_MSG_RESULT(yes)
+      else
+        AC_MSG_RESULT(no)
+        AC_MSG_ERROR([You requested SSL support, but OpenSSL was not found. Please supply a pathname to OpenSSL])
+      fi ;;
+  esac
+],[
+    AC_MSG_RESULT(will try to find)
+    AC_CHECK_LIB(ssl,SSL_accept,[AC_DEFINE(EGG_SSL_EXT)
+     SSL_LIBS="-lssl -lcrypto"],[AC_MSG_ERROR([OpenSSL was not found. Please supply a pathname to OpenSSL])],-lcrypto)
+    AC_CHECK_HEADERS("openssl/ssl.h",,[AC_MSG_ERROR([OpenSSL was not found. Please supply a pathname to OpenSSL])],)
+
+    AC_SUBST(SSL_LIBS)dnl
+    AC_SUBST(SSL_INCLUDE)dnl
+])
+
+#end of ssl checks
+])dnl
+
+
 dnl EGG_MSG_CONFIGURE_END()
 dnl
 AC_DEFUN([EGG_MSG_CONFIGURE_END],
--- config.h.in 2004-03-27 06:50:00.000000000 +0000
+++ config.h.in 2004-03-27 06:50:00.000000000 +0000
@@ -62,6 +62,9 @@
    */
 #undef HAVE_DECL_TZNAME
 
+/* Defines ssl mode  */
+#undef EGG_SSL_EXT 
+
 /* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
    */
 #undef HAVE_DIRENT_H
--- configure.ac        2004-03-27 06:50:00.000000000 +0000
+++ configure.ac        2004-03-27 06:50:00.000000000 +0000
@@ -151,6 +151,7 @@
                 /usr/local/pkgs/tcl/include /sys/include \
                 /usr/pkg/lib /beos/system/include /beos/devel/include $HOME"
 
+EGG_SSL_CRAP
 
 # We save the cache (if used) here to speed things up if we can't find Tcl.
 AC_CACHE_SAVE
--- src/Makefile.in     2004-03-27 06:50:00.000000000 +0000
+++ src/Makefile.in     2004-03-27 06:50:00.000000000 +0000
@@ -11,6 +11,8 @@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
+XSSL_LIBS = @SSL_LIBS@
+XSSL_INCLUDE = @SSL_INCLUDE@
 
 CC = @CC@
 LD = @CC@
@@ -37,7 +39,7 @@
        @echo "Linking eggdrop $(EGGBUILD)."
        @echo ""
        @touch mod/mod.xlibs
-       $(LD) -o ../$(EGGEXEC) $(eggdrop_objs) $(MODOBJS) $(XLIBS) md5/md5c.o compat/*.o `cat mod/mod.xlibs`
+       $(LD) -o ../$(EGGEXEC) $(eggdrop_objs) $(MODOBJS) $(XLIBS) md5/md5c.o compat/*.o `cat mod/mod.xlibs` $(XSSL_LIBS) $(XSSL_INCLUDE)
        $(STRIP) ../$(EGGEXEC)
        @echo ""
        @echo "Successful compile: $(EGGEXEC)"
--- src/dcc.c   2004-03-27 06:50:00.000000000 +0000
+++ src/dcc.c   2004-03-27 06:50:00.000000000 +0000
@@ -32,7 +32,11 @@
 #include "tandem.h"
 
 /* Includes for botnet md5 challenge/response code <cybah> */
+#ifndef EGG_SSL_EXT
 #include "md5/md5.h"
+#else
+#include "openssl/md5.h"
+#endif
 
 extern struct userrec *userlist;
 extern struct chanset_t *chanset;
--- src/dccutil.c       2004-03-27 06:50:00.000000000 +0000
+++ src/dccutil.c       2004-03-27 06:50:00.000000000 +0000
@@ -33,6 +33,7 @@
 #include "chan.h"
 #include "modules.h"
 #include "tandem.h"
+#include "net.h"
 
 extern struct dcc_t *dcc;
 extern int dcc_total, dcc_flood_thr, backgrd, copy_to_tmp, max_socks;
--- src/eggdrop.h       2004-03-27 06:50:00.000000000 +0000
+++ src/eggdrop.h       2004-03-27 06:50:00.000000000 +0000
@@ -678,15 +678,6 @@
   ClientData cd;
 };
 
-typedef struct sock_list {
-  int sock;
-  short flags;
-  union {
-    struct sock_handler sock;
-    struct tclsock_handler tclsock;
-  } handler;
-} sock_list;
-
 enum {
   EGG_OPTION_SET = 1,           /* Set option(s).               */
   EGG_OPTION_UNSET = 2          /* Unset option(s).             */
--- src/main.c  2004-03-27 06:50:00.000000000 +0000
+++ src/main.c  2004-03-27 06:50:00.000000000 +0000
@@ -164,6 +164,10 @@
 int cx_ptr = 0;
 #endif
 
+#ifdef EGG_SSL_EXT
+void init_ssl();
+int clean_ssl();
+#endif
 
 void fatal(const char *s, int recoverable)
 {
@@ -174,6 +178,9 @@
   for (i = 0; i < dcc_total; i++)
     if (dcc[i].sock >= 0)
       killsock(dcc[i].sock);
+  #ifdef EGG_SSL_EXT
+  clean_ssl();
+  #endif
   unlink(pid_file);
   if (!recoverable) {
     bg_send_quit(BG_ABORT);
@@ -1029,6 +1036,9 @@
   init_userent();
   init_misc();
   init_bots();
+#ifdef EGG_SSL_EXT
+  init_ssl();
+#endif
   init_modules();
   if (backgrd)
     bg_prepare_split();
--- src/md5/md5.h       2004-03-27 06:50:00.000000000 +0000
+++ src/md5/md5.h       2004-03-27 06:50:00.000000000 +0000
@@ -5,6 +5,9 @@
  * Written by Solar Designer <solar@openwall.com> in 2001, and placed in
  * the public domain.  See md5c.c for more information.
  */
+#include "../config.h"
+#ifndef EGG_SSL_EXT
+
 
 #ifndef _MD5_H
 #define _MD5_H
@@ -24,3 +27,4 @@
 extern void MD5_Final(unsigned char *result, MD5_CTX *ctx);
 
 #endif
+#endif
--- src/md5/md5c.c      2004-03-27 06:50:00.000000000 +0000
+++ src/md5/md5c.c      2004-03-27 06:50:00.000000000 +0000
@@ -17,9 +17,23 @@
 
 #include <string.h>
 
+#ifndef EGG_SSL_EXT
 #include "md5.h"
+#else
+#include "openssl/md5.h"
+#endif
+
 #include "compat/compat.h"
 
+typedef unsigned long MD5_u32plus;
+
+typedef struct {
+       MD5_u32plus lo, hi;
+       MD5_u32plus a, b, c, d;
+       unsigned char buffer[64];
+       MD5_u32plus block[16];
+} MD5_CTX;
+
 /*
  * The basic MD5 functions.
  *
--- src/mod/compress.mod/compress.c     2004-03-27 06:50:00.000000000 +0000
+++ src/mod/compress.mod/compress.c     2004-03-27 06:50:00.000000000 +0000
@@ -36,6 +36,8 @@
 #include "src/mod/module.h"
 #include "share.mod/share.h"
 
+#include <zlib.h>
+
 #ifdef HAVE_MMAP
 #  undef panic
 #  include <sys/types.h>
--- src/mod/irc.mod/chan.c      2004-03-27 06:50:00.000000000 +0000
+++ src/mod/irc.mod/chan.c      2004-03-27 06:50:00.000000000 +0000
@@ -991,10 +991,10 @@
         q = strchr(p, ' ');
         if (q != NULL) {
           *q = 0;
-          set_key(chan, p);
+          set_keyegg(chan, p);
           strcpy(p, q + 1);
         } else {
-          set_key(chan, p);
+          set_keyegg(chan, p);
           *p = 0;
         }
       }
--- src/mod/irc.mod/irc.c       2004-03-27 06:50:00.000000000 +0000
+++ src/mod/irc.mod/irc.c       2004-03-27 06:50:00.000000000 +0000
@@ -256,7 +256,7 @@
 
 /* Set the key.
  */
-static void set_key(struct chanset_t *chan, char *k)
+static void set_keyegg(struct chanset_t *chan, char *k)
 {
   nfree(chan->channel.key);
   if (k == NULL) {
--- src/mod/irc.mod/irc.h       2004-03-27 06:50:00.000000000 +0000
+++ src/mod/irc.mod/irc.h       2004-03-27 06:50:00.000000000 +0000
@@ -68,7 +68,7 @@
 
 static void reset_chan_info(struct chanset_t *, int);
 static void recheck_channel(struct chanset_t *, int);
-static void set_key(struct chanset_t *, char *);
+static void set_keyegg(struct chanset_t *, char *);
 static void maybe_revenge(struct chanset_t *, char *, char *, int);
 static int detect_chan_flood(char *, char *, char *, struct chanset_t *, int,
                              char *);
--- src/mod/irc.mod/mode.c      2004-03-27 06:50:00.000000000 +0000
+++ src/mod/irc.mod/mode.c      2004-03-27 06:50:00.000000000 +0000
@@ -1209,7 +1209,7 @@
           if (!(chan = modebind_refresh(ch, from, &user, NULL, NULL)))
             return 0;
           if (ms2[0] == '+') {
-            set_key(chan, op);
+            set_keyegg(chan, op);
             if (channel_active(chan))
               got_key(chan, nick, from, op);
           } else {
@@ -1220,7 +1220,7 @@
                        !chan_master(user) && !match_my_nick(nick))
                 add_mode(chan, '+', 'k', chan->key_prot);
             }
-            set_key(chan, NULL);
+            set_keyegg(chan, NULL);
           }
           break;
         case 'o':
--- src/mod/module.h~   2012-03-31 15:38:27.000000000 +0300
+++ src/mod/module.h    2012-03-31 15:44:10.254563119 +0300
@@ -473,8 +473,13 @@
 /* 284 - 287 */
 #define quiet_reject (*(int *)(global[284]))
 #define file_readable ((int (*) (char *))global[285])
+#ifdef EGG_SSL_EXT
+#define net_switch_to_ssl ((int (*)(int))global[286])
+#define ssl_use (*(int *)global[287]) /* kyotou */
+#else
 /* IPv6 leftovers: 286 */
 /* IPv6 leftovers: 287 */
+#endif
 /* 288 - 291 */
 /* IPv6 leftovers: 288 */
 #define strip_mirc_codes ((void (*)(int, char *))global[289])
--- src/mod/server.mod/servmsg.c        2004-03-27 06:50:00.000000000 +0000
+++ src/mod/server.mod/servmsg.c        2004-03-27 06:50:00.000000000 +0000
@@ -1360,6 +1360,14 @@
       fatal("NO SERVERS WILL ACCEPT MY CONNECTION.", 0);
   } else {
     dcc[servidx].sock = serv;
+       #ifdef EGG_SSL_EXT
+       if (ssl_use) {
+               if (net_switch_to_ssl(serv)==0) {
+                       putlog(LOG_SERV, "*", "SSL %s %s (Error while switching to SSL)", IRC_FAILEDCONNECT, dcc[servidx].host);
+                       lostdcc(servidx);    
+               }
+       }    
+       #endif
     /* Queue standard login */
     dcc[servidx].timeval = now;
     SERVER_SOCKET.timeout_val = &server_timeout;
--- src/modules.c       2004-03-27 06:50:00.000000000 +0000
+++ src/modules.c       2004-03-27 06:50:00.000000000 +0000
@@ -29,9 +29,17 @@
 #include "main.h"
 #include "modules.h"
 #include "tandem.h"
+
+#ifndef EGG_SSL_EXT
 #include "md5/md5.h"
+#else
+#include "openssl/md5.h"
+#endif
+
 #include "users.h"
 
+#include "net.h"
+
 #ifndef STATIC
 #  ifdef MOD_USE_SHL
 #    include <dl.h>
@@ -94,6 +102,10 @@
            password_timeout, force_expire, protect_readonly, reserved_port_min,
            reserved_port_max, copy_to_tmp, quiet_reject;
 
+#ifdef EGG_SSL_EXT
+extern int      ssl_use;
+#endif
+
 extern party_t *party;
 extern time_t now, online_since;
 extern tand_t *tandbot;
@@ -128,6 +140,10 @@
 }
 #endif /* STATIC */
 
+#ifdef EGG_SSL_EXT
+int net_switch_to_ssl(int);
+#endif
+
 
 /* The null functions */
 void null_func()
@@ -561,8 +576,13 @@
   /* 284 - 287 */
   (Function) & quiet_reject,      /* int                                 */
   (Function) file_readable,
+#ifdef EGG_SSL_EXT
+  (Function) net_switch_to_ssl,   /* 286 */
+  (Function) &ssl_use,           /* 287 kyotou  */
+#else
   (Function) 0,                   /* IPv6 leftovers: 286                 */
   (Function) 0,                   /* IPv6 leftovers: 287                 */
+#endif
   /* 288 - 291 */
   (Function) 0,                   /* IPv6 leftovers: 288                 */
   (Function) strip_mirc_codes,
--- src/net.c   2004-03-27 06:50:00.000000000 +0000
+++ src/net.c   2004-03-27 06:50:00.000000000 +0000
@@ -52,6 +52,18 @@
 #  endif
 #endif
 
+#ifdef EGG_SSL_EXT
+#  ifndef EGG_SSL_INCS
+#    include <openssl/ssl.h>
+#    include <openssl/err.h>
+#    include <openssl/rand.h>
+#    define EGG_SSL_INCS 1
+#  endif
+#endif
+
+#include "net.h"
+
+
 extern struct dcc_t *dcc;
 extern int backgrd, use_stderr, resolve_timeout, dcc_total;
 extern unsigned long otraffic_irc_today, otraffic_bn_today, otraffic_dcc_today,
@@ -64,7 +76,11 @@
 int firewallport = 1080;      /* Default port of socks 4/5 firewalls.         */
 char botuser[21] = "eggdrop"; /* Username of the user running the bot.        */
 int dcc_sanitycheck = 0;      /* Do some sanity checking on dcc connections.  */
-
+#ifdef EGG_SSL_EXT
+SSL_CTX *ssl_ctx=NULL;
+char   *tls_rand_file = NULL;
+int     ssl_use = 0;
+#endif
 sock_list *socklist = NULL;   /* Enough to be safe.                           */
 sigjmp_buf alarmret;          /* Env buffer for alarm() returns.              */
 
@@ -87,6 +103,73 @@
   return ret;
 }
 
+#ifdef EGG_SSL_EXT
+int seed_PRNG(void)
+{
+    char stackdata[1024];
+    static char rand_file[300];
+    FILE *fh;
+
+#if OPENSSL_VERSION_NUMBER >= 0x00905100
+    if (RAND_status())
+      return 0;     /* PRNG already good seeded */
+#endif
+    /* if the device '/dev/urandom' is present, OpenSSL uses it by default.
+     * check if it's present, else we have to make random data ourselfs.
+     */
+    if ((fh = fopen("/dev/urandom", "r"))) {
+      fclose(fh);
+      return 0;
+    }
+    if (RAND_file_name(rand_file, sizeof(rand_file)))
+      tls_rand_file = rand_file;
+    else
+      return 1;
+    if (!RAND_load_file(rand_file, 1024)) {
+      /* no .rnd file found, create new seed */
+      unsigned int c;
+      c = time(NULL);
+      RAND_seed(&c, sizeof(c));
+      c = getpid();
+      RAND_seed(&c, sizeof(c));
+      RAND_seed(stackdata, sizeof(stackdata));
+    }
+#if OPENSSL_VERSION_NUMBER >= 0x00905100
+    if (!RAND_status())
+      return 2;   /* PRNG still badly seeded */
+#endif
+    return 0;
+}
+
+void init_ssl()
+{
+  int i;
+  struct threaddata *td = threaddata();
+ 
+  for (i = 0; i < td->MAXSOCKS; i++) {
+    td->socklist[i].ssl = NULL;
+  }
+
+  SSL_load_error_strings();
+  OpenSSL_add_ssl_algorithms();
+  ssl_ctx=SSL_CTX_new(SSLv23_client_method());
+  if (!ssl_ctx)
+  fatal("SSL_CTX_new() failed",0);
+  if (seed_PRNG())
+    fatal("Wasn't able to properly seed the PRNG!",0);
+}
+
+int clean_ssl() {
+   if (ssl_ctx) {
+      SSL_CTX_free(ssl_ctx);
+      ssl_ctx = NULL;
+  }
+  if (tls_rand_file)
+      RAND_write_file(tls_rand_file);
+ return 0;
+}
+#endif
+
 int expmem_net()
 {
   int i, tot = 0;
@@ -249,6 +332,7 @@
       td->socklist[i].handler.sock.outbuflen = 0;
       td->socklist[i].flags = options;
       td->socklist[i].sock = sock;
+      td->socklist[i].ssl = NULL;
       return i;
     }
   }
@@ -345,6 +429,13 @@
 
   for (i = 0; i < td->MAXSOCKS; i++) {
     if ((td->socklist[i].sock == sock) && !(td->socklist[i].flags & SOCK_UNUSED)) {
+#ifdef EGG_SSL_EXT
+      if (td->socklist[i].ssl) {
+        SSL_shutdown(td->socklist[i].ssl);
+        SSL_free(td->socklist[i].ssl);
+        td->socklist[i].ssl = NULL;
+      }
+#endif
       if (!(td->socklist[i].flags & SOCK_TCL)) { /* nothing to free for tclsocks */
         close(td->socklist[i].sock);
         if (td->socklist[i].handler.sock.inbuf != NULL) {
@@ -508,6 +599,65 @@
   return sock;
 }
 
+#ifdef EGG_SSL_EXT
+int net_switch_to_ssl(int sock) {
+int err;
+int i=0;
+struct threaddata *td = threaddata();
+
+    debug0("net_switch_to_ssl()");
+    while (i < td->MAXSOCKS) {
+     if (td->socklist[i].sock==sock) {
+      break;
+     }
+     i++;
+    }
+    if (i == td->MAXSOCKS) {
+        debug0("Error while swithing to SSL - sock not found in list");
+       return 0;
+    }
+
+    if (td->socklist[i].ssl) {
+        debug0("Error while swithing to SSL - already in ssl");
+       return 0;
+    }
+    td->socklist[i].ssl = SSL_new(ssl_ctx);
+    if (!td->socklist[i].ssl) {
+        debug0("Error while swithing to SSL - SSL_new() error");
+       return 0;
+    }
+
+     SSL_set_fd(td->socklist[i].ssl, td->socklist[i].sock);
+     err = SSL_connect(td->socklist[i].ssl);
+   
+     while (err <= 0) {
+        int errs;
+        errs=SSL_get_error(td->socklist[i].ssl,err);
+        if ((errs!=SSL_ERROR_WANT_READ)&&(errs!=SSL_ERROR_WANT_WRITE)&&
+               (errs!=SSL_ERROR_WANT_X509_LOOKUP)) {
+               putlog(LOG_DEBUG,"*", "SSL_connect() = %d, %s", err,
+                       (char *)ERR_error_string(ERR_get_error(), NULL));
+               SSL_shutdown(td->socklist[i].ssl);
+               SSL_free(td->socklist[i].ssl);
+               td->socklist[i].ssl = NULL;
+               return 0;           
+        }
+        usleep(1000);
+        err = SSL_connect(td->socklist[i].ssl);
+     }
+
+     if (err==1) {
+      debug0("SSL_connect() success"); 
+      return 1;
+     }
+     debug0("Error while SSL_connect()"); 
+     SSL_shutdown(td->socklist[i].ssl);
+     SSL_free(td->socklist[i].ssl); 
+     td->socklist[i].ssl = NULL;
+     return 0;
+}
+#endif
+
 /* Ordinary non-binary connection attempt */
 int open_telnet(char *server, int port)
 {
@@ -715,6 +865,9 @@
     for (i = 0; i < slistmax; i++) {
       if (!tclonly && ((!(slist[i].flags & (SOCK_UNUSED | SOCK_TCL))) &&
           ((FD_ISSET(slist[i].sock, &fdr)) ||
+#ifdef EGG_SSL_EXT
+          ((slist[i].ssl)&&(SSL_pending(slist[i].ssl))) ||
+#endif
           ((slist[i].sock == STDOUT) && (!backgrd) &&
           (FD_ISSET(STDIN, &fdr)))))) {
         if (slist[i].flags & (SOCK_LISTEN | SOCK_CONNECT)) {
@@ -739,7 +892,33 @@
         if ((slist[i].sock == STDOUT) && !backgrd)
           x = read(STDIN, s, grab);
         else
-          x = read(slist[i].sock, s, grab);
+#ifdef EGG_SSL_EXT
+        {
+          if (slist[i].ssl) {
+            x = SSL_read(slist[i].ssl, s, grab);
+
+            if (x < 0) {
+              int err = SSL_get_error(slist[i].ssl, x);
+              x = -1;
+
+              switch (err) {
+                case SSL_ERROR_WANT_READ:
+                  errno = EAGAIN;
+                  break;
+                case SSL_ERROR_WANT_WRITE:
+                  errno = EAGAIN;
+                  break;
+                case SSL_ERROR_WANT_X509_LOOKUP:
+                  errno = EAGAIN;
+                  break;
+              }
+            }
+          } else
+            x = read(slist[i].sock, s, grab);
+        }
+#else
+        x = read(slist[i].sock, s, grab);
+#endif
         if (x <= 0) {           /* eof */
           if (errno != EAGAIN) { /* EAGAIN happens when the operation would
                                   * block on a non-blocking socket, if the
@@ -1046,6 +1225,26 @@
         socklist[i].handler.sock.outbuflen += len;
         return;
       }
+#ifdef EGG_SSL_EXT
+      if (socklist[i].ssl) {
+       x=SSL_write(socklist[i].ssl,s,len);
+          if (x < 0) {
+           int err = SSL_get_error(socklist[i].ssl, x);
+           x = -1;
+           switch (err) {
+               case SSL_ERROR_WANT_READ:
+                       errno = EAGAIN;
+                   break;
+               case SSL_ERROR_WANT_WRITE:
+                   errno = EAGAIN;
+                   break;
+               case SSL_ERROR_WANT_X509_LOOKUP:
+                   errno = EAGAIN;
+                   break;
+               }
+          }
+      } else
+#endif      
       /* Try. */
       x = write(z, s, len);
       if (x == -1)
@@ -1113,6 +1312,29 @@
         (socklist[i].handler.sock.outbuf != NULL) && (FD_ISSET(socklist[i].sock, &wfds))) {
       /* Trick tputs into doing the work */
       errno = 0;
+#ifdef EGG_SSL_EXT
+      if (socklist[i].ssl) {
+         x = write(socklist[i].sock, socklist[i].handler.sock.outbuf,
+              socklist[i].handler.sock.outbuflen);
+
+         if (x < 0) {
+           int err = SSL_get_error(socklist[i].ssl, x);
+           x = -1;
+
+           switch (err) {
+             case SSL_ERROR_WANT_READ:
+               errno = EAGAIN;
+               break;
+             case SSL_ERROR_WANT_WRITE:
+               errno = EAGAIN;
+               break;
+             case SSL_ERROR_WANT_X509_LOOKUP:
+               errno = EAGAIN;
+               break;
+             }
+          }
+       } else
+#endif
       x = write(socklist[i].sock, socklist[i].handler.sock.outbuf, socklist[i].handler.sock.outbuflen);
       if ((x < 0) && (errno != EAGAIN)
 #ifdef EBADSLT
--- src/net.h   1970-01-01 01:00:00.000000000 +0100
+++ src/net.h   2004-03-27 06:50:00.000000000 +0000
@@ -0,0 +1,26 @@
+#ifndef _EGG_NET_H
+#define _EGG_NET_H
+#ifdef EGG_SSL_EXT
+# ifndef EGG_SSL_INCS
+#  include <openssl/ssl.h>
+#  include <openssl/err.h>
+#  include <openssl/rand.h>
+#  define EGG_SSL_INCS 1
+# endif
+#endif
+
+/* This is used by the net module to keep track of sockets and what's
+ * queued on them
+ */
+typedef struct sock_list {
+  int sock;
+#ifdef EGG_SSL_EXT
+  SSL *ssl;
+#endif
+  short flags;
+  union {
+    struct sock_handler sock;
+    struct tclsock_handler tclsock;
+  } handler;
+} sock_list;
+#endif                         /* _EGG_NET_H */
--- src/patch.h 2004-03-27 06:50:00.000000000 +0000
+++ src/patch.h 2004-03-27 06:50:00.000000000 +0000
@@ -36,7 +36,9 @@
  *
  *
  */
-/* PATCH GOES HERE */
+#ifdef EGG_SSL_EXT
+  patch("SSL");
+#endif
 /*
  *
  *
--- src/proto.h 2004-03-27 06:50:00.000000000 +0000
+++ src/proto.h 2004-03-27 06:50:00.000000000 +0000
@@ -33,6 +33,7 @@
 
 #include "lush.h"
 #include "misc_file.h"
+#include "net.h"
 
 #define dprintf dprintf_eggdrop
 
--- src/tcl.c   2004-03-27 06:50:00.000000000 +0000
+++ src/tcl.c   2004-03-27 06:50:00.000000000 +0000
@@ -44,6 +44,9 @@
 
 
 extern time_t online_since;
+#ifdef EGG_SSL_EXT
+extern int      ssl_use;
+#endif
 
 extern char origbotname[], botuser[], motdfile[], admin[], userfile[],
             firewall[], helpdir[], notify_new[], hostname[], myip[], moddir[],
@@ -553,6 +556,9 @@
   {"enable-simul",          &enable_simul,         0}, /* compat */
   {"debug-output",          &debug_output,         0}, /* compat */
   {"use-console-r",         &use_console_r,        0}, /* compat */
+#ifdef EGG_SSL_EXT
+  {"use-ssl",                  &ssl_use,               0},
+#endif
   {NULL,                    NULL,                  0}
 };
 
--- src/tclhash.h       2004-03-27 06:50:00.000000000 +0000
+++ src/tclhash.h       2004-03-27 06:50:00.000000000 +0000
@@ -25,6 +25,7 @@
 #ifndef _EGG_TCLHASH_H
 #define _EGG_TCLHASH_H
 
+#include "net.h"
 
 #define TC_DELETED   0x0001     /* This command/trigger was deleted. */
 
--- src/tclmisc.c       2004-03-27 06:50:00.000000000 +0000
+++ src/tclmisc.c       2004-03-27 06:50:00.000000000 +0000
@@ -26,7 +26,12 @@
 #include "main.h"
 #include "modules.h"
 #include "tandem.h"
+
+#ifndef EGG_SSL_EXT
 #include "md5/md5.h"
+#else
+#include "openssl/md5.h"
+#endif
 
 #ifdef TIME_WITH_SYS_TIME
 #  include <sys/time.h>