From 2382a93e9c71b097b528fde885b6e2ac84ecc7d6 Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Wed, 11 Dec 2019 20:14:54 +0000
Subject: [PATCH] Add experimental Binkp/TLS option to [node:*] sections of
 sbbsecho.ini (defaults to false) Set to BinkpTLS=true to use BinkP over TLS
 for a specified node.

---
 exec/binkit.js       | 4 +++-
 exec/load/binkp.js   | 7 ++++++-
 exec/load/fidocfg.js | 1 +
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/exec/binkit.js b/exec/binkit.js
index 0efd5aae72..5c87a981a5 100644
--- a/exec/binkit.js
+++ b/exec/binkit.js
@@ -596,6 +596,7 @@ function callout(addr, scfg, locks, bicfg)
 	var bp = new BinkP(version_notice, undefined, rx_callback, tx_callback);
 	var port;
 	var host;
+	var tls = false;
 	var f;
 	var success = false;
 	var src_addr;
@@ -618,6 +619,7 @@ function callout(addr, scfg, locks, bicfg)
 		bp.cb_data.binkitpw = bp.cb_data.binkitcfg.node[addr].pass;
 		port = bp.cb_data.binkitcfg.node[addr].port;
 		host = bp.cb_data.binkitcfg.node[addr].host;
+		tls = bp.cb_data.binkitcfg.node[addr].tls;
 		if (bp.plain_auth_only) {
 			bp.require_md5 = false;
 			bp.require_crypt = false;
@@ -657,7 +659,7 @@ function callout(addr, scfg, locks, bicfg)
 
 	log(LOG_DEBUG, format("connecting to %s at %s", addr, host));
 	// We won't add files until the auth finishes...
-	success = bp.connect(addr, bp.cb_data.binkitpw, callout_auth_cb, port, host);
+	success = bp.connect(addr, bp.cb_data.binkitpw, callout_auth_cb, port, host, tls);
 	// Statistics
 	update_stats(stats.callout[success], addr, bp, host);
 	update_totals(stats.totals, addr, bp, true, success);
diff --git a/exec/load/binkp.js b/exec/load/binkp.js
index 42e2217c43..06844aa117 100644
--- a/exec/load/binkp.js
+++ b/exec/load/binkp.js
@@ -402,7 +402,7 @@ BinkP.prototype.parseArgs = function(data)
  * parameter string send with the M_OK message... hopefully either "secure"
  * or "non-secure"
  */
-BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)
+BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host, tls)
 {
 	var pkt;
 	var i;
@@ -455,6 +455,11 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)
 
 	log(LOG_DEBUG, "Connection to "+inet_host+":"+port+" successful");
 
+	if(tls === true) {
+		log(LOG_INFO, "Negotiating TLS");
+		this.sock.ssl_session = true;
+	}
+
 	this.authenticated = undefined;
 	if (this.crypt_support && !this.plain_auth_only && password !== '-')
 		this.sendCmd(this.command.M_NUL, "OPT CRYPT");
diff --git a/exec/load/fidocfg.js b/exec/load/fidocfg.js
index 0b5a61a57f..905e5d3e63 100644
--- a/exec/load/fidocfg.js
+++ b/exec/load/fidocfg.js
@@ -387,6 +387,7 @@ function BinkITCfg()
 			this.node[sec].host = f.iniGetValue(section, 'BinkpHost');
 			this.node[sec].inbox = f.iniGetValue(section, 'inbox');
 			this.node[sec].outbox = f.iniGetValue(section, 'outbox');
+			this.node[sec].tls = f.iniGetValue(section, 'BinkpTLS', false);
 		}, this);
 		f.close();
 	}
-- 
GitLab