Comments on: Freenode, SSL and SASL Authentication with Irssi https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/ Linux. GNU. Freedom. Tue, 31 Oct 2017 18:00:46 +0000 hourly 1 https://wordpress.org/?v=5.0-alpha-42127 By: Akash Gangil https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-262884 Sat, 30 Apr 2016 02:51:07 +0000 http://pthree.org/?p=1255#comment-262884 /server add -auto -ssl -ssl_cacert /etc/ssl/certs/GandiStandardSSLCA.pem -network freenode irc.freenode.net 6697

New version of irssi have no option --ssl_cacert. Instead use --ssl_cafile.

]]>
By: Elronnd https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-230198 Fri, 27 Mar 2015 14:28:25 +0000 http://pthree.org/?p=1255#comment-230198 Real nice. Thank you!!!

]]>
By: centos user https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-197574 Sat, 13 Sep 2014 22:12:33 +0000 http://pthree.org/?p=1255#comment-197574 This process does not work with centos 6.5.

Getting:

warning Could not verify SSL servers certificate: unable to get local issuer certificate

]]>
By: helloworld https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-126905 Mon, 24 Jun 2013 02:17:56 +0000 http://pthree.org/?p=1255#comment-126905 many thanks

]]>
By: Ivan Kovnatsky https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-126642 Tue, 04 Jun 2013 07:36:36 +0000 http://pthree.org/?p=1255#comment-126642 Aaron, thanks for the post.

Really helpful.

Ivan.

]]>
By: friend https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-123952 Thu, 31 Jan 2013 19:55:05 +0000 http://pthree.org/?p=1255#comment-123952 Excellent documentation, this was exactly what i was looking for ... worked like a charm

]]>
By: SSL and SASL for Irssi « ootput burst! https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-116582 Thu, 07 Jun 2012 09:46:28 +0000 http://pthree.org/?p=1255#comment-116582 [...] officially supports SSL connections and SASL certificate authentication (more details here ). This site provides instructions on how to enable secure connections to Freenode with Irssi on Debian. Share [...]

]]>
By: SSL and SASL for Irssi « ootput burst! https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-116581 Thu, 07 Jun 2012 09:35:28 +0000 http://pthree.org/?p=1255#comment-116581 [...] officially supports SSL connections and SASL certificate authentication (more details here ). This site provides instructions on how to enable secure connections to Freenode with Irssi on Debian. Share [...]

]]>
By: Panagiotis Atmatzidi https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-116521 Thu, 12 Apr 2012 20:52:04 +0000 http://pthree.org/?p=1255#comment-116521 Awesome tutorial, thanks for sharing. Mora than 20 # simultaneously? Seriously???

]]>
By: ml https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-115709 Tue, 19 Apr 2011 17:29:12 +0000 http://pthree.org/?p=1255#comment-115709 This worked great. Thanks for this guide.

]]>
By: Michael Cheselka https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111530 Sun, 21 Nov 2010 06:24:53 +0000 http://pthree.org/?p=1255#comment-111530 Aaron, please fix my post.
openssl x509 -inform der -outform pem < /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.crt > GandiStandardSSLCA.pem

]]>
By: Michael Cheselka https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111529 Sun, 21 Nov 2010 06:23:07 +0000 http://pthree.org/?p=1255#comment-111529 Part of the above post needs correcting due to html vs. cli issues:
openssl x509 -inform der -outform pem > /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.crt < GandiStandardSSLCA.pem

]]>
By: Michael Cheselka https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111528 Sun, 21 Nov 2010 06:19:04 +0000 http://pthree.org/?p=1255#comment-111528 I was able to get this working on a up-to-date Fedora 13 system:

as "root":
yum install perl-Crypt-Blowfish perl-Crypt-DH perl-Crypt-OpenSSL-Bignum
mkdir /etc/pki/tls/certs/gandi.net
cd /etc/pki/tls/certs/gandi.net
wget -c http://crt.gandi.net/GandiStandardSSLCA.crt -O GandiStandardSSLCA.crt
openssl x509 -inform der -outform pem GandiStandardSSLCA.pem
ln -s /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.pem /etc/pki/tls/certs/GandiStandardSSLCA.pem
chcon -h -u system_u /etc/pki/tls/certs/gandi.net /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.crt /etc/pki/tls/certs/gandi.net/GandiStandardSSLCA.pem /etc/pki/tls/certs/GandiStandardSSLCA.pem
cd

as "user":
cd ~/.irssi/scripts/
wget http://freenode.net/sasl/cap_sasl.pl
cd autorun
ln -s ../cap_sasl.pl cap_sasl.pl
cd
mesg n ; irssi -\!
/server add -auto -ssl -ssl_verify -network freenode irc.freenode.net 7000
/RUN cap_sasl.pl
/sasl set freenode primary-nick password DH-BLOWFISH
/sasl save
/save

I did not need to use -ssl_capath.

]]>
By: Ivan Tsvetanov https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-111114 Fri, 27 Aug 2010 18:39:26 +0000 http://pthree.org/?p=1255#comment-111114 On RHEL based systems like CentOS/Fedora the needed packages for the SASL perl script can be installed as:

yum install perl-Crypt-OpenSSL-Bignum perl-Crypt-Blowfish perl-Crypt-DH

Useful guide. Thank you!

]]>
By: ootput burst! :: SSL and SASL With Irssi to Freenode https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110944 Tue, 08 Jun 2010 12:17:33 +0000 http://pthree.org/?p=1255#comment-110944 [...] out that, months ago, Freenode had made the switch to a more feature-full IRC daemon. I then found instructions on how to make the most of this exciting discovery. The instructions given for both Debian and [...]

]]>
By: Bryan https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110703 Sun, 14 Feb 2010 21:07:03 +0000 http://pthree.org/?p=1255#comment-110703 Thanks for the quick guide, very helpful.

]]>
By: Aaron https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110699 Mon, 08 Feb 2010 11:38:41 +0000 http://pthree.org/?p=1255#comment-110699 @Michael Witten /RUN isn't deprecated. It's an alias for /script load.

]]>
By: Michael Witten https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110698 Mon, 08 Feb 2010 01:42:56 +0000 http://pthree.org/?p=1255#comment-110698 Rather than using the deprecated:

/RUN cap_sasl.pl

I suggest the more modern:

/script load cap_sasl.pl

Also, I've created a Crypt/DH AUR package for Arch Linux.

]]>
By: Aaron https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110691 Thu, 04 Feb 2010 11:11:59 +0000 http://pthree.org/?p=1255#comment-110691 @StooJ Right. If you read the post, you'll see that Irssi is having a problem verifying the SSL certificate Freenode is giving you with that CA certificate. There is no typo. That line, that you pasted, won't work. If you read further, you'll find that this is the line you should be using:

/server add -auto -ssl -ssl_verify -ssl_capath /etc/ssl/certs -network freenode irc.freenode.net 7000

What you have done, doesn't make any sense. The "-ssl_cert" option is for Irssi to present a certificate to the server. In this case, you're presenting the Gandi CA certificate to Freenode. This doesn't make sense, because CA certificates are used to verify signed certificates from others, in our case, Freenode.

So, you don't want to be giving Freenode your CA cert. Rather, you want to take the signed SSL certificate Freenode is giving YOU and verify that it's valid with the CA certificate from Gandi. As mentioned in the post, Irss can't do this right now. However, because the certificate Freenode presents is signed by a CA authority chain, you can verify the first signature on the certificate with a different CA cert than the Gandi one. This is why "-ssl_capath" is used.

Long story short, read the post.

]]>
By: StooJ https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110690 Thu, 04 Feb 2010 06:20:28 +0000 http://pthree.org/?p=1255#comment-110690 Think there might be a typo here?
/server add -auto -ssl -ssl_cacert /etc/ssl/certs/GandiStandardSSLCA.pem -network freenode irc.freenode.net 7000
This line didn't work for me until I changed the -ssl_cacert argument to be -ssl_cert

]]>
By: Aaron https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110669 Sun, 31 Jan 2010 18:15:03 +0000 http://pthree.org/?p=1255#comment-110669 @bloogle Yeah, but the SASL auth is every bit as good, if not better if using DH-BLOWFISH

]]>
By: bloogle https://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/#comment-110668 Sun, 31 Jan 2010 11:43:16 +0000 http://pthree.org/?p=1255#comment-110668 Shame they don't allow auto-identification using client-side SSL certificates, like OFTC does.

]]>