feat: client-side TLS for encrypted client connections
Accept TLS-encrypted connections from IRC clients. Auto-generates a self-signed EC P-256 listener certificate (bouncer.pem) when no custom cert is provided. Remove CTCP response items from roadmap (stealth by design -- router already suppresses all CTCP except ACTION). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
user
18
TASKS.md
18
TASKS.md
@@ -12,12 +12,20 @@
|
||||
- [x] P1: Verified SOCKS5 proxy connectivity end-to-end
|
||||
- [x] P1: Documentation update
|
||||
- [x] P1: Multi-network namespace multiplexing (`/network` suffixes)
|
||||
|
||||
- [x] P1: Bouncer control commands (`/msg *bouncer STATUS/INFO/UPTIME/NETWORKS/CREDS/HELP`)
|
||||
- [x] P1: Extended control commands (CONNECT/DISCONNECT/RECONNECT/NICK/RAW/CHANNELS/CLIENTS/BACKLOG/VERSION/REHASH/ADDNETWORK/DELNETWORK/AUTOJOIN/IDENTIFY/REGISTER/DROPCREDS)
|
||||
- [x] P1: Bouncer control commands (25+ commands via `/msg *bouncer`)
|
||||
- [x] P1: NickServ auto-registration + email verification
|
||||
- [x] P1: SASL PLAIN + EXTERNAL (CertFP) authentication
|
||||
- [x] P1: Client certificate generation + fingerprint management
|
||||
- [x] P1: PING watchdog (stale connection detection)
|
||||
- [x] P1: IRCv3 server-time capability
|
||||
- [x] P1: Push notifications (ntfy/webhook)
|
||||
- [x] P1: hCaptcha auto-solving (NoCaptchaAI)
|
||||
- [x] P1: Background account farming (ephemeral connections)
|
||||
- [x] P1: Configurable operational constants
|
||||
|
||||
## Next
|
||||
|
||||
- [ ] P2: Client-side TLS support
|
||||
- [ ] P2: SASL authentication
|
||||
- [x] P2: Client-side TLS support
|
||||
- [ ] P2: Channel key support
|
||||
- [ ] P3: Systemd service file
|
||||
- [ ] P3: Containerfile for podman deployment
|
||||
|
||||
Reference in New Issue
Block a user