Contributed by tj on 2016-04-11 from the crowdsourcing dept.

We here at Undeadly are looking to move the site to HTTPS-only. It's been discussed for quite a while, but there's one roadblock that we're looking for some help to overcome.

The authentication system (how you log in to post comments) is currently an stunnel instance listening on port 443, while the main site is OpenBSD's httpd running on port 80. httpd serves static content and the Undeadly CGI binary. stunnel's only job is checking credentials and (if successful) handing out a cookie. Getting rid of this old "split" setup requires code changes so that everything can be behind TLS, not just the authenticating bit.

In general, a lot of the code needs some major cleanup as well, so this may be a big project. We'd like to see a lot of the security constructs completely redone in a better way.

If you're a C coder, the source for the site can be found here. Send us an email if you're interested in helping.