Comments on: Freenode, SSL and SASL Authentication with Irssi http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/ Linux. GNU. Freedom. Fri, 17 May 2013 20:46:35 +0000 hourly 1 http://wordpress.org/?v=3.6-beta2-24176 By: friend http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-123952 friend Thu, 31 Jan 2013 19:55:05 +0000 http://pthree.org/?p=1255#comment-123952 Excellent documentation, this was exactly what i was looking for … worked like a charm

]]> By: SSL and SASL for Irssi « ootput burst! http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-116582 SSL and SASL for Irssi « ootput burst! Thu, 07 Jun 2012 09:46:28 +0000 http://pthree.org/?p=1255#comment-116582 [...] officially supports SSL connections and SASL certificate authentication (more details here ). This site provides instructions on how to enable secure connections to Freenode with Irssi on Debian. Share [...]

]]> By: SSL and SASL for Irssi « ootput burst! http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-116581 SSL and SASL for Irssi « ootput burst! Thu, 07 Jun 2012 09:35:28 +0000 http://pthree.org/?p=1255#comment-116581 [...] officially supports SSL connections and SASL certificate authentication (more details here ). This site provides instructions on how to enable secure connections to Freenode with Irssi on Debian. Share [...]

]]> By: Panagiotis Atmatzidi http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-116521 Panagiotis Atmatzidi Thu, 12 Apr 2012 20:52:04 +0000 http://pthree.org/?p=1255#comment-116521 Awesome tutorial, thanks for sharing. Mora than 20 # simultaneously? Seriously???

]]> By: ml http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-115709 ml Tue, 19 Apr 2011 17:29:12 +0000 http://pthree.org/?p=1255#comment-115709 This worked great. Thanks for this guide.

]]> By: Michael Cheselka http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111530 Michael Cheselka Sun, 21 Nov 2010 06:24:53 +0000 http://pthree.org/?p=1255#comment-111530 Aaron, please fix my post.
openssl x509 -inform der -outform pem < /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.crt > GandiStandardSSLCA.pem

]]> By: Michael Cheselka http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111529 Michael Cheselka Sun, 21 Nov 2010 06:23:07 +0000 http://pthree.org/?p=1255#comment-111529 Part of the above post needs correcting due to html vs. cli issues:
openssl x509 -inform der -outform pem > /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.crt < GandiStandardSSLCA.pem

]]> By: Michael Cheselka http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111528 Michael Cheselka Sun, 21 Nov 2010 06:19:04 +0000 http://pthree.org/?p=1255#comment-111528 I was able to get this working on a up-to-date Fedora 13 system:

as “root”:
yum install perl-Crypt-Blowfish perl-Crypt-DH perl-Crypt-OpenSSL-Bignum
mkdir /etc/pki/tls/certs/gandi.net
cd /etc/pki/tls/certs/gandi.net
wget -c http://crt.gandi.net/GandiStandardSSLCA.crt -O GandiStandardSSLCA.crt
openssl x509 -inform der -outform pem GandiStandardSSLCA.pem
ln -s /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.pem /etc/pki/tls/certs/GandiStandardSSLCA.pem
chcon -h -u system_u /etc/pki/tls/certs/gandi.net /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.crt /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.pem /etc/pki/tls/certs/GandiStandardSSLCA.pem
cd

as “user”:
cd ~/.irssi/scripts/
wget http://freenode.net/sasl/cap_sasl.pl
cd autorun
ln -s ../cap_sasl.pl cap_sasl.pl
cd
mesg n ; irssi -\!
/server add -auto -ssl -ssl_verify -network freenode irc.freenode.net 7000
/RUN cap_sasl.pl
/sasl set freenode primary-nick password DH-BLOWFISH
/sasl save
/save

I did not need to use -ssl_capath.

]]> By: Ivan Tsvetanov http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111114 Ivan Tsvetanov Fri, 27 Aug 2010 18:39:26 +0000 http://pthree.org/?p=1255#comment-111114 On RHEL based systems like CentOS/Fedora the needed packages for the SASL perl script can be installed as:

yum install perl-Crypt-OpenSSL-Bignum perl-Crypt-Blowfish perl-Crypt-DH

Useful guide. Thank you!

]]> By: ootput burst! :: SSL and SASL With Irssi to Freenode http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110944 ootput burst! :: SSL and SASL With Irssi to Freenode Tue, 08 Jun 2010 12:17:33 +0000 http://pthree.org/?p=1255#comment-110944 [...] out that, months ago, Freenode had made the switch to a more feature-full IRC daemon. I then found instructions on how to make the most of this exciting discovery. The instructions given for both Debian and [...]

]]> By: Bryan http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110703 Bryan Sun, 14 Feb 2010 21:07:03 +0000 http://pthree.org/?p=1255#comment-110703 Thanks for the quick guide, very helpful.

]]> By: Aaron http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110699 Aaron Mon, 08 Feb 2010 11:38:41 +0000 http://pthree.org/?p=1255#comment-110699 @Michael Witten /RUN isn’t deprecated. It’s an alias for /script load.

]]> By: Michael Witten http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110698 Michael Witten Mon, 08 Feb 2010 01:42:56 +0000 http://pthree.org/?p=1255#comment-110698 Rather than using the deprecated:

/RUN cap_sasl.pl

I suggest the more modern:

/script load cap_sasl.pl

Also, I’ve created a Crypt/DH AUR package for Arch Linux.

]]> By: Aaron http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110691 Aaron Thu, 04 Feb 2010 11:11:59 +0000 http://pthree.org/?p=1255#comment-110691 @StooJ Right. If you read the post, you’ll see that Irssi is having a problem verifying the SSL certificate Freenode is giving you with that CA certificate. There is no typo. That line, that you pasted, won’t work. If you read further, you’ll find that this is the line you should be using:

/server add -auto -ssl -ssl_verify -ssl_capath /etc/ssl/certs -network freenode irc.freenode.net 7000

What you have done, doesn’t make any sense. The “-ssl_cert” option is for Irssi to present a certificate to the server. In this case, you’re presenting the Gandi CA certificate to Freenode. This doesn’t make sense, because CA certificates are used to verify signed certificates from others, in our case, Freenode.

So, you don’t want to be giving Freenode your CA cert. Rather, you want to take the signed SSL certificate Freenode is giving YOU and verify that it’s valid with the CA certificate from Gandi. As mentioned in the post, Irss can’t do this right now. However, because the certificate Freenode presents is signed by a CA authority chain, you can verify the first signature on the certificate with a different CA cert than the Gandi one. This is why “-ssl_capath” is used.

Long story short, read the post.

]]> By: StooJ http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110690 StooJ Thu, 04 Feb 2010 06:20:28 +0000 http://pthree.org/?p=1255#comment-110690 Think there might be a typo here?
/server add -auto -ssl -ssl_cacert /etc/ssl/certs/GandiStandardSSLCA.pem -network freenode irc.freenode.net 7000
This line didn’t work for me until I changed the -ssl_cacert argument to be -ssl_cert

]]>