hybrid 703 with ssl

Alan LeVee alan.levee at prometheus-designs.net
Sun May 15 22:02:33 EDT 2005


No, I figured out what it was the instructions that were given for
generating PEM certificates were entirely wrong. Once I correctly generated
them using different instructions found on LDAP mailing lists it worked
completely fine.

openssl req -new -x509 -key rsa.key -out cert.pem

Is what I used

-----Original Message-----
From: hybrid-bounces at lists.ircd-hybrid.org
[mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim Wojtulewicz
Sent: Sunday, May 15, 2005 7:50 PM
To: General IRCD-Hybrid Discussion
Subject: Re: hybrid 703 with ssl

Could it be something with your ssl libraries?  All of our servers  
run on x86 hardware and some version of NetBSD (one is 2.0.2, two are  
1.6.2).  The ssl patch seems to work alright with both the standard  
netbsd ssl libs and the openssl libs on those systems.

Tim

On May 15, 2005, at 1:06 PM, brian at sheard.net wrote:

> I had a similar problem, and have not yet resolved it.  We have the  
> patch working on x86 linux servers, but on non x86 such as SGI and  
> SPARC, it never handshakes with the client, and hangs on connect.
>
> On Sun, 15 May 2005, Tim Wojtulewicz wrote:
>
>
>> Hmm, I haven't ever seen that one before.  The certs were created  
>> with the new methods from my email you quoted?  As I hate to blame  
>> the client without first verifying it's not the server patch's  
>> problem, what client are you using that connects with SSLv3?  I  
>> use irssi to connect and it uses TLSv1, which seems to work just  
>> fine.
>>
>> Tim
>>
>> On May 6, 2005, at 10:36 PM, Alan LeVee wrote:
>>
>>
>>> Well I implemented the SSL patch you wrote but I have hit the  
>>> same problem I
>>> hit the last time when I tried to integrate it with our  
>>> modifications. This
>>> is the error I speak of, and of course, nothing is showing up in  
>>> the logs (I
>>> have it in debug mode) so I cannot find out what's causing it...
>>> --- Connection failed. Error: (336151568) error:14094410:SSL
>>> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>>> If you have any light on what is causing it that would be great
>>> -----Original Message-----
>>> From: hybrid-bounces at lists.ircd-hybrid.org
>>> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim  
>>> Wojtulewicz
>>> Sent: Tuesday, May 03, 2005 1:46 AM
>>> To: General IRCD-Hybrid Discussion
>>> Subject: Re: hybrid 703 with ssl
>>> I was speaking more along the lines of the problems the original
>>> poster was having with applying and using the patch.  The current
>>> patch applies and runs perfectly well against 7.0.3, and I've been
>>> using it on a 3-server network for many months with no problems.   
>>> The
>>> original poster might want to look at http://madleet.com/projects/
>>> 703ssl.patch.  The docs for creating the certs are different (read:
>>> correct) in that version.  I need to email the maintainer of the
>>> patch archive and have them include the new version.
>>> As for porting it to 7.1, that's a real trick.  I started working on
>>> that, but never really got a chance to test the changes too much
>>> since our network runs 7.0.3 and has no current plans to upgrade.  I
>>> had a preliminary patch at http://madleet.com/projects/71ssl- 
>>> v2.patch
>>> if you want to take a look.  I can't recall what version of 7.1 that
>>> was created against.
>>> Tim
>>> On May 2, 2005, at 7:22 PM, Rachel Llorenna wrote:
>>>
>>>> Yeah. It might be better if a branch of hybrid was made instead,
>>>> although that would require significant amounts of extra work.  
>>>> Keeping
>>>> patch sets current is a difficult thing to do, which is why so few
>>>> have survived: they end up getting thrown out or merged into the  
>>>> main
>>>> ircd tree. It might be interesting to see client-to-server SSL  
>>>> as an
>>>> option for the main ircd-hybrid tree, but I doubt that's going to
>>>> happen any time in the near future, as it is not currently in  
>>>> use on
>>>> EFnet.
>>>> On 5/2/05, Alan LeVee <alan.levee at prometheus-designs.net> wrote:
>>>>
>>>>> Well it's more about a matter of time, which I don't have a lot of
>>>>> right now
>>>>> since I'm relocating to another state. The patch works fine it's
>>>>> just I have
>>>>> to manually write it in since I can't simply apply it due to the
>>>>> heavy
>>>>> amount of changes to the source code that was done.
>>>>> -----Original Message-----
>>>>> From: hybrid-bounces at lists.ircd-hybrid.org
>>>>> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim
>>>>> Wojtulewicz
>>>>> Sent: Monday, May 02, 2005 10:07 PM
>>>>> To: General IRCD-Hybrid Discussion
>>>>> Subject: Re: hybrid 703 with ssl
>>>>> Did you get this resolved?  Sorry it took me so long to speak up,
>>>>> I've been rather busy lately.
>>>>> Tim
>>>>> On Apr 24, 2005, at 4:52 AM, multi multi wrote:
>>>>>
>>>>>> Hi,
>>>>>> I hope i post this in the right section, .. but anyway i have  
>>>>>> some
>>>>>> problems
>>>>>> with getting ssl working on ircd-hybrid-7.0.3 , i found out  
>>>>>> during
>>>>>> install
>>>>>> ssl isnt enabled by default, but needed a patch to set the ssl in
>>>>>> the conf etc
>>>>>> i got the patch from this website
>>>>>> http://www.wohmart.com/ircd/pub/hybrid/3-Feature/timwoj-ssl/
>>>>>> 703ssl.patch
>>>>>> its all compiled and working without ssl on a normal port
>>>>>> but as soon i connect to the ssl port, i get connected but
>>>>>> disconnected again
>>>>>> i made the key/pub files and the ssl cert like documentated
>>>>>> but no go, anyway i cant find any log of ssl, only ircd  
>>>>>> startup is
>>>>>> logged in ircd.log, any other way to check?
>>>>>> i tested this on 2 boxes : at home and another shell, both not
>>>>>> working
>>>>>> ( gentoo / debian )
>>>>>> so i apparently must do something wrong or oversee something
>>>>>> anyone that can help me out, or got any tips to get it working?
>>>>>> or can tell me which hybrid version i should use with ssl , that
>>>>>> should work?
>>>>>> also i can post the ircd.conf later if needed
>>>>>> Thanks in advance
>>>>>> _________________________________________________________________
>>>>>> MSN Webmessenger overal en altijd beschikbaar http://
>>>>>> webmessenger.msn.com/
>>>>>>
>>>>> --
>>>>> No virus found in this incoming message.
>>>>> Checked by AVG Anti-Virus.
>>>>> Version: 7.0.308 / Virus Database: 266.11.1 - Release Date:  
>>>>> 5/2/2005
>>>>> --
>>>>> No virus found in this outgoing message.
>>>>> Checked by AVG Anti-Virus.
>>>>> Version: 7.0.308 / Virus Database: 266.11.1 - Release Date:  
>>>>> 5/2/2005
>>>>>
>>>> -- 
>>>> Regards,
>>>> Rachel Llorenna (frequency)
>>>>
>>> --No virus found in this incoming message.
>>> Checked by AVG Anti-Virus.
>>> Version: 7.0.308 / Virus Database: 266.11.2 - Release Date: 5/2/2005
>>> --No virus found in this outgoing message.
>>> Checked by AVG Anti-Virus.
>>> Version: 7.0.308 / Virus Database: 266.11.5 - Release Date: 5/4/2005
>>>
>>
>>
>




More information about the hybrid mailing list