hybrid 703 with ssl

brian at sheard.net brian at sheard.net
Sun May 15 19:59:14 EDT 2005


Hi Tim,

Our x86 servers are working fine with the patch.  It is our non-x86 
servers that never handshake.  I am not positive, but I suspect the patch 
has endian specific code, and does not take big endian byte ordering into 
account.



On Sun, 15 May 2005, Tim Wojtulewicz wrote:

> Could it be something with your ssl libraries?  All of our servers run on x86 
> hardware and some version of NetBSD (one is 2.0.2, two are 1.6.2).  The ssl 
> patch seems to work alright with both the standard netbsd ssl libs and the 
> openssl libs on those systems.
>
> Tim
>
> On May 15, 2005, at 1:06 PM, brian at sheard.net wrote:
>
>> I had a similar problem, and have not yet resolved it.  We have the patch 
>> working on x86 linux servers, but on non x86 such as SGI and SPARC, it 
>> never handshakes with the client, and hangs on connect.
>> 
>> On Sun, 15 May 2005, Tim Wojtulewicz wrote:
>> 
>> 
>>> Hmm, I haven't ever seen that one before.  The certs were created with 
>>> the new methods from my email you quoted?  As I hate to blame the client 
>>> without first verifying it's not the server patch's problem, what client 
>>> are you using that connects with SSLv3?  I use irssi to connect and it 
>>> uses TLSv1, which seems to work just fine.
>>> 
>>> Tim
>>> 
>>> On May 6, 2005, at 10:36 PM, Alan LeVee wrote:
>>> 
>>> 
>>>> Well I implemented the SSL patch you wrote but I have hit the same 
>>>> problem I
>>>> hit the last time when I tried to integrate it with our modifications. 
>>>> This
>>>> is the error I speak of, and of course, nothing is showing up in the 
>>>> logs (I
>>>> have it in debug mode) so I cannot find out what's causing it...
>>>> --- Connection failed. Error: (336151568) error:14094410:SSL
>>>> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>>>> If you have any light on what is causing it that would be great
>>>> -----Original Message-----
>>>> From: hybrid-bounces at lists.ircd-hybrid.org
>>>> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim 
>>>> Wojtulewicz
>>>> Sent: Tuesday, May 03, 2005 1:46 AM
>>>> To: General IRCD-Hybrid Discussion
>>>> Subject: Re: hybrid 703 with ssl
>>>> I was speaking more along the lines of the problems the original
>>>> poster was having with applying and using the patch.  The current
>>>> patch applies and runs perfectly well against 7.0.3, and I've been
>>>> using it on a 3-server network for many months with no problems.  The
>>>> original poster might want to look at http://madleet.com/projects/
>>>> 703ssl.patch.  The docs for creating the certs are different (read:
>>>> correct) in that version.  I need to email the maintainer of the
>>>> patch archive and have them include the new version.
>>>> As for porting it to 7.1, that's a real trick.  I started working on
>>>> that, but never really got a chance to test the changes too much
>>>> since our network runs 7.0.3 and has no current plans to upgrade.  I
>>>> had a preliminary patch at http://madleet.com/projects/71ssl-v2.patch
>>>> if you want to take a look.  I can't recall what version of 7.1 that
>>>> was created against.
>>>> Tim
>>>> On May 2, 2005, at 7:22 PM, Rachel Llorenna wrote:
>>>> 
>>>>> Yeah. It might be better if a branch of hybrid was made instead,
>>>>> although that would require significant amounts of extra work. 
>>>>> Keeping
>>>>> patch sets current is a difficult thing to do, which is why so few
>>>>> have survived: they end up getting thrown out or merged into the 
>>>>> main
>>>>> ircd tree. It might be interesting to see client-to-server SSL as an
>>>>> option for the main ircd-hybrid tree, but I doubt that's going to
>>>>> happen any time in the near future, as it is not currently in use on
>>>>> EFnet.
>>>>> On 5/2/05, Alan LeVee <alan.levee at prometheus-designs.net> wrote:
>>>>> 
>>>>>> Well it's more about a matter of time, which I don't have a lot of
>>>>>> right now
>>>>>> since I'm relocating to another state. The patch works fine it's
>>>>>> just I have
>>>>>> to manually write it in since I can't simply apply it due to the
>>>>>> heavy
>>>>>> amount of changes to the source code that was done.
>>>>>> -----Original Message-----
>>>>>> From: hybrid-bounces at lists.ircd-hybrid.org
>>>>>> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim
>>>>>> Wojtulewicz
>>>>>> Sent: Monday, May 02, 2005 10:07 PM
>>>>>> To: General IRCD-Hybrid Discussion
>>>>>> Subject: Re: hybrid 703 with ssl
>>>>>> Did you get this resolved?  Sorry it took me so long to speak up,
>>>>>> I've been rather busy lately.
>>>>>> Tim
>>>>>> On Apr 24, 2005, at 4:52 AM, multi multi wrote:
>>>>>> 
>>>>>>> Hi,
>>>>>>> I hope i post this in the right section, .. but anyway i have 
>>>>>>> some
>>>>>>> problems
>>>>>>> with getting ssl working on ircd-hybrid-7.0.3 , i found out 
>>>>>>> during
>>>>>>> install
>>>>>>> ssl isnt enabled by default, but needed a patch to set the ssl 
>>>>>>> in
>>>>>>> the conf etc
>>>>>>> i got the patch from this website
>>>>>>> http://www.wohmart.com/ircd/pub/hybrid/3-Feature/timwoj-ssl/
>>>>>>> 703ssl.patch
>>>>>>> its all compiled and working without ssl on a normal port
>>>>>>> but as soon i connect to the ssl port, i get connected but
>>>>>>> disconnected again
>>>>>>> i made the key/pub files and the ssl cert like documentated
>>>>>>> but no go, anyway i cant find any log of ssl, only ircd startup 
>>>>>>> is
>>>>>>> logged in ircd.log, any other way to check?
>>>>>>> i tested this on 2 boxes : at home and another shell, both not
>>>>>>> working
>>>>>>> ( gentoo / debian )
>>>>>>> so i apparently must do something wrong or oversee something
>>>>>>> anyone that can help me out, or got any tips to get it working?
>>>>>>> or can tell me which hybrid version i should use with ssl , that
>>>>>>> should work?
>>>>>>> also i can post the ircd.conf later if needed
>>>>>>> Thanks in advance
>>>>>>> _________________________________________________________________
>>>>>>> MSN Webmessenger overal en altijd beschikbaar http://
>>>>>>> webmessenger.msn.com/
>>>>>>> 
>>>>>> --
>>>>>> No virus found in this incoming message.
>>>>>> Checked by AVG Anti-Virus.
>>>>>> Version: 7.0.308 / Virus Database: 266.11.1 - Release Date: 
>>>>>> 5/2/2005
>>>>>> --
>>>>>> No virus found in this outgoing message.
>>>>>> Checked by AVG Anti-Virus.
>>>>>> Version: 7.0.308 / Virus Database: 266.11.1 - Release Date: 
>>>>>> 5/2/2005
>>>>>> 
>>>>> -- 
>>>>> Regards,
>>>>> Rachel Llorenna (frequency)
>>>>> 
>>>> --No virus found in this incoming message.
>>>> Checked by AVG Anti-Virus.
>>>> Version: 7.0.308 / Virus Database: 266.11.2 - Release Date: 5/2/2005
>>>> --No virus found in this outgoing message.
>>>> Checked by AVG Anti-Virus.
>>>> Version: 7.0.308 / Virus Database: 266.11.5 - Release Date: 5/4/2005
>>>> 
>>> 
>>> 
>> 
>
>



More information about the hybrid mailing list