hybrid with ssl

multi2k5 · none Joined: 24 Apr 2005 Posts: 6

Hi,

I hope i post this in the right section, .. but anyway i have some problems
with getting ssl working on ircd-hybrid-7.0.3 , i found out during install
ssl isnt enabled by default, but needed a patch to set the ssl in the conf etc
i got the patch from this website

http://www.wohmart.com/ircd/pub/hybrid/3-Feature/timwoj-ssl/703ssl.patch

its all compiled and working without ssl on a normal port
but as soon i connect to the ssl port, i get connected but disconnected again
i made the key/pub files and the ssl cert like documentated
but no go, anyway i cant find any log of ssl, only ircd startup is logged in ircd.log, any other way to check?
i tested this on 2 boxes : at home and another shell, both not working
( gentoo / debian )

so i apparently must do something wrong or oversee something
anyone that can help me out, or got any tips to get it working?
or can tell me which hybrid version i should use with ssl , that should work?

also i can post the ircd.conf later if needed

Thanks in advance Smile

PingBad · Guru Joined: 05 Feb 2005 Posts: 2064 Location: New Zealand

I would also look into the client you are using to connect to the SSL port (for SSL to work, both server and client must be able to support it). If you have done everything in the documentation as far as setting up your IRCd for SSL, look into the Client's documentation regarding SSL Support.
If a non-ssl capable client connects on the ssl port, the IRCd usually disconnects them (happened to me when trying to add SSL support to my local testing IRCd)

nenolod · Idler Joined: 23 Jan 2004 Posts: 334 Location: A box!

multi2k5 · none Joined: 24 Apr 2005 Posts: 6

yep, ssl client is working, cos im using linknet servers also
and using psybnc to connect ( added server S= linknet server )

i compiled the ircd with the --enable-ssl=/path/to/ssl

only see like these lines in the log

[2005/4/24 14.12] Module m_sjoin.so [version: $Revision: 1.140 $] loaded at 0x835b570
[2005/4/24 14.12] Module m_squit.so [version: $Revision: 1.47 $] loaded at 0x835b8a8
[2005/4/24 14.12] Server Ready

thats about it, any more tips?

nenolod · Idler Joined: 23 Jan 2004 Posts: 334 Location: A box!

Actually, i meant when running ircd in foreground mode... that patch is a backport of one for hybrid -CURRENT, iirc.

multi2k5 · none Joined: 24 Apr 2005 Posts: 6

ok well when i start the ircd, this all what it says:

~/ircd/bin# ./ircd
ircd: version hybrid-7.0
ircd: pid 4734
ircd: running in background mode from /home

which package + patch should i use then?

nenolod · Idler Joined: 23 Jan 2004 Posts: 334 Location: A box!

Use sakura's SSL patch against a hybrid-CURRENT snapshot.

http://www.ircd-hybrid.org/snapshot/

It should work. Good luck. Smile

multi2k5 · none Joined: 24 Apr 2005 Posts: 6

allright , know ima step closer =]

getting this message now

bin $ SSL: Initialize
SSL: Client based SSL connections are enabled.

but still no go, so i must set something wrong in the config, or
i must do something wrong creating the keys and certs

ive setup a password in the ircd.conf

auth {
user = "*@*";
password = "password";

does this mean i need to setup a password in the cert 2?

multi2k5 · none Joined: 24 Apr 2005 Posts: 6

ok patched ircd-hybrid-7.1beta1.tgz with sakura's SSL

no errors found in patching and compiling

when starting :

SSL: Initialize
SSL: Client based SSL connections are enabled.
ircd: version hybrid-7.1beta1-SSL
ircd: pid 22978
ircd: running in background mode from /home/blah/

but when im trying to connect i keep getting disconnected
with this error:

<-psyBNC> Tue Apr 26 05:27:10 :Cannot create SSL-Connection for Socket 11(3) (CONNECT)

also tried with a ssl tunnel progz, no go Sad

when i check the ircd.log

i keep getting this error:

[2005/4/26 06.51] SSL_accept() to aborted (Success)
[2005/4/26 06.51] SSL_accept() to aborted (Success)
[2005/4/26 06.52] SSL_accept() to aborted (Success)
[2005/4/26 06.52] SSL_accept() to aborted (Success)
[2005/4/26 06.52] SSL_accept() to aborted (Success)
[2005/4/26 06.52] SSL_accept() to aborted (Success)
[2005/4/26 06.53] SSL_accept() to aborted (Success)
[2005/4/26 06.53] SSL_accept() to aborted (Success)
[2005/4/26 06.53] SSL_accept() to aborted (Success)
[2005/4/26 06.53] SSL_accept() to aborted (Success)

ive compiled several releases of hybrid with the ssl patch

al get me the same errors
what am i doing wrong?? :S it must be something in the certificates
but im doing it exactly as described in the example.conf

pls help Smile

thanks in advance

nenolod · Idler Joined: 23 Jan 2004 Posts: 334 Location: A box!

The instructions are wrong. Here's the commands you need to run:

openssl req -new -x509 -days 730 -nodes \
-out "path/to/cert.pem" -keyout "path/to/rsa.key"
openssl x509 -subject -dates -fingerprint -noout \
-in "path/to/cert.pem"

multi2k5 · none Joined: 24 Apr 2005 Posts: 6

YESSS !!

That worked, thanks for helping out Smile