WeeChat dev news - Tag - sslWeeChat development blog2024-01-22T17:53:19+01:00urn:md5:edd364dae4d94114a2ba146603903683DotclearSSL in Relay pluginurn:md5:8770afac63ef35c82959b9421481f4d62012-07-27T18:11:00+02:002017-05-07T14:21:16+02:00Sébastien Helleupluginsrelayssl <p>SSL support has been added in Relay plugin, for irc and weechat protocols.</p>
<p>A new option has been added to set the certificate and private key to use:</p>
<ul>
<li>relay.network.ssl_cert_key: path to file with certificate and private key (default: <em>~/.weechat/ssl/relay.pem</em>)</li>
</ul>
<p>The file can be created with following commands:</p>
<pre>$ mkdir -p ~/.weechat/ssl
$ cd ~/.weechat/ssl
$ openssl req -nodes -newkey rsa:2048 -keyout relay.pem -x509 -days 365 -out relay.pem</pre>
<p>In WeeChat :</p>
<pre>/relay sslcertkey</pre>
<p>And add relays with SSL, for example:</p>
<pre>/relay add ssl.irc.freenode 8001
/relay add ssl.weechat 9001</pre>
<p>And now WeeChat will serve clients on these ports using SSL, enjoy!</p>SSL certificatesurn:md5:3dbc93624c6649c93888928617ea0e1a2009-12-07T07:32:00+01:002017-04-27T14:55:25+02:00Sébastien Helleupluginsircssl <p>New options have been added to check SSL certificates when connecting to IRC servers, thanks to kolter's patch:</p>
<ul>
<li>weechat.network.gnutls_ca_file: path to file with certificate authorities (by default: "%h/ssl/CAs.pem")</li>
<li>irc.server.xxx.ssl_cert: ssl certificate file used to automatically identify your nick (CertFP on oftc for example, see below)</li>
<li>irc.server.xxx.ssl_dhkey_size: replaces old option weechat.network.gnutls_dh_prime_bitsmax_lines, new default value is 2048 (safer than old default value which was 512)</li>
<li>irc.server.xxx.ssl_verify: check that the ssl connection is fully trusted (on by default)</li>
</ul>
<p>Please note that ssl_verify is on by default, so verification is now <strong>stricter</strong>, and may fail even if it was ok with previous versions of WeeChat.</p>
<p><strong>First example:</strong> connect to oftc and check certificate:</p>
<ul>
<li>import certificate:
<ul>
<li>mkdir ~/.weechat/ssl</li>
<li>wget -O ~/.weechat/ssl/CAs.pem http://www.spi-inc.org/ca/spi-cacert.crt</li>
</ul></li>
<li>in weechat:
<ul>
<li>/connect oftc</li>
</ul></li>
</ul>
<p>Note: it is possible to concatenate many CAs in file CAs.pem.</p>
<p><strong>Second example:</strong> connect to oftc using CertFP (certificate to auto identify your nick):</p>
<ul>
<li>create certificate:
<ul>
<li>openssl req -nodes -newkey rsa:2048 -keyout nick.key -x509 -days 365 -out nick.cer</li>
<li>cat nick.cer nick.key > ~/.weechat/ssl/nick.pem</li>
</ul></li>
<li>in weechat:
<ul>
<li>/set irc.server.oftc.ssl_cert "%h/ssl/nick.pem"</li>
<li>/connect oftc</li>
<li>/msg nickserv cert add</li>
</ul></li>
</ul>
<p>For more information, please look at <a href="https://www.oftc.net/NickServ/CertFP">https://www.oftc.net/NickServ/CertFP</a>.</p>