hybrid 703 with ssl

Tim Wojtulewicz timwoj at ieee.org
Mon May 16 00:19:31 EDT 2005 

The ones in the version on my server are correct, or at least they  
were last time I had to generate certs.  That version of the patch is  
at http://madleet.com/projects/703ssl.patch.  I need to email the  
maint of the patch library and have them update their copy, but I  
haven't gotten around to it yet.  Sorry about that.

Tim

On May 15, 2005, at 7:02 PM, Alan LeVee wrote:

> No, I figured out what it was the instructions that were given for
> generating PEM certificates were entirely wrong. Once I correctly  
> generated
> them using different instructions found on LDAP mailing lists it  
> worked
> completely fine.
>
> openssl req -new -x509 -key rsa.key -out cert.pem
>
> Is what I used
>
> -----Original Message-----
> From: hybrid-bounces at lists.ircd-hybrid.org
> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim  
> Wojtulewicz
> Sent: Sunday, May 15, 2005 7:50 PM
> To: General IRCD-Hybrid Discussion
> Subject: Re: hybrid 703 with ssl
>
> Could it be something with your ssl libraries?  All of our servers
> run on x86 hardware and some version of NetBSD (one is 2.0.2, two are
> 1.6.2).  The ssl patch seems to work alright with both the standard
> netbsd ssl libs and the openssl libs on those systems.
>
> Tim
>
> On May 15, 2005, at 1:06 PM, brian at sheard.net wrote:
>
>
>> I had a similar problem, and have not yet resolved it.  We have the
>> patch working on x86 linux servers, but on non x86 such as SGI and
>> SPARC, it never handshakes with the client, and hangs on connect.
>>
>> On Sun, 15 May 2005, Tim Wojtulewicz wrote:
>>
>>
>>
>>> Hmm, I haven't ever seen that one before.  The certs were created
>>> with the new methods from my email you quoted?  As I hate to blame
>>> the client without first verifying it's not the server patch's
>>> problem, what client are you using that connects with SSLv3?  I
>>> use irssi to connect and it uses TLSv1, which seems to work just
>>> fine.
>>>
>>> Tim
>>>
>>> On May 6, 2005, at 10:36 PM, Alan LeVee wrote:
>>>
>>>
>>>
>>>> Well I implemented the SSL patch you wrote but I have hit the
>>>> same problem I
>>>> hit the last time when I tried to integrate it with our
>>>> modifications. This
>>>> is the error I speak of, and of course, nothing is showing up in
>>>> the logs (I
>>>> have it in debug mode) so I cannot find out what's causing it...
>>>> --- Connection failed. Error: (336151568) error:14094410:SSL
>>>> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
>>>> If you have any light on what is causing it that would be great
>>>> -----Original Message-----
>>>> From: hybrid-bounces at lists.ircd-hybrid.org
>>>> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim
>>>> Wojtulewicz
>>>> Sent: Tuesday, May 03, 2005 1:46 AM
>>>> To: General IRCD-Hybrid Discussion
>>>> Subject: Re: hybrid 703 with ssl
>>>> I was speaking more along the lines of the problems the original
>>>> poster was having with applying and using the patch.  The current
>>>> patch applies and runs perfectly well against 7.0.3, and I've been
>>>> using it on a 3-server network for many months with no problems.
>>>> The
>>>> original poster might want to look at http://madleet.com/projects/
>>>> 703ssl.patch.  The docs for creating the certs are different (read:
>>>> correct) in that version.  I need to email the maintainer of the
>>>> patch archive and have them include the new version.
>>>> As for porting it to 7.1, that's a real trick.  I started  
>>>> working on
>>>> that, but never really got a chance to test the changes too much
>>>> since our network runs 7.0.3 and has no current plans to  
>>>> upgrade.  I
>>>> had a preliminary patch at http://madleet.com/projects/71ssl-
>>>> v2.patch
>>>> if you want to take a look.  I can't recall what version of 7.1  
>>>> that
>>>> was created against.
>>>> Tim
>>>> On May 2, 2005, at 7:22 PM, Rachel Llorenna wrote:
>>>>
>>>>
>>>>> Yeah. It might be better if a branch of hybrid was made instead,
>>>>> although that would require significant amounts of extra work.
>>>>> Keeping
>>>>> patch sets current is a difficult thing to do, which is why so few
>>>>> have survived: they end up getting thrown out or merged into the
>>>>> main
>>>>> ircd tree. It might be interesting to see client-to-server SSL
>>>>> as an
>>>>> option for the main ircd-hybrid tree, but I doubt that's going to
>>>>> happen any time in the near future, as it is not currently in
>>>>> use on
>>>>> EFnet.
>>>>> On 5/2/05, Alan LeVee <alan.levee at prometheus-designs.net> wrote:
>>>>>
>>>>>
>>>>>> Well it's more about a matter of time, which I don't have a  
>>>>>> lot of
>>>>>> right now
>>>>>> since I'm relocating to another state. The patch works fine it's
>>>>>> just I have
>>>>>> to manually write it in since I can't simply apply it due to the
>>>>>> heavy
>>>>>> amount of changes to the source code that was done.
>>>>>> -----Original Message-----
>>>>>> From: hybrid-bounces at lists.ircd-hybrid.org
>>>>>> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Tim
>>>>>> Wojtulewicz
>>>>>> Sent: Monday, May 02, 2005 10:07 PM
>>>>>> To: General IRCD-Hybrid Discussion
>>>>>> Subject: Re: hybrid 703 with ssl
>>>>>> Did you get this resolved?  Sorry it took me so long to speak up,
>>>>>> I've been rather busy lately.
>>>>>> Tim
>>>>>> On Apr 24, 2005, at 4:52 AM, multi multi wrote:
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>> I hope i post this in the right section, .. but anyway i have
>>>>>>> some
>>>>>>> problems
>>>>>>> with getting ssl working on ircd-hybrid-7.0.3 , i found out
>>>>>>> during
>>>>>>> install
>>>>>>> ssl isnt enabled by default, but needed a patch to set the  
>>>>>>> ssl in
>>>>>>> the conf etc
>>>>>>> i got the patch from this website
>>>>>>> http://www.wohmart.com/ircd/pub/hybrid/3-Feature/timwoj-ssl/
>>>>>>> 703ssl.patch
>>>>>>> its all compiled and working without ssl on a normal port
>>>>>>> but as soon i connect to the ssl port, i get connected but
>>>>>>> disconnected again
>>>>>>> i made the key/pub files and the ssl cert like documentated
>>>>>>> but no go, anyway i cant find any log of ssl, only ircd
>>>>>>> startup is
>>>>>>> logged in ircd.log, any other way to check?
>>>>>>> i tested this on 2 boxes : at home and another shell, both not
>>>>>>> working
>>>>>>> ( gentoo / debian )
>>>>>>> so i apparently must do something wrong or oversee something
>>>>>>> anyone that can help me out, or got any tips to get it working?
>>>>>>> or can tell me which hybrid version i should use with ssl , that
>>>>>>> should work?
>>>>>>> also i can post the ircd.conf later if needed
>>>>>>> Thanks in advance
>>>>>>> ________________________________________________________________ 
>>>>>>> _
>>>>>>> MSN Webmessenger overal en altijd beschikbaar http://
>>>>>>> webmessenger.msn.com/
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> No virus found in this incoming message.
>>>>>> Checked by AVG Anti-Virus.
>>>>>> Version: 7.0.308 / Virus Database: 266.11.1 - Release Date:
>>>>>> 5/2/2005
>>>>>> --
>>>>>> No virus found in this outgoing message.
>>>>>> Checked by AVG Anti-Virus.
>>>>>> Version: 7.0.308 / Virus Database: 266.11.1 - Release Date:
>>>>>> 5/2/2005
>>>>>>
>>>>>>
>>>>> -- 
>>>>> Regards,
>>>>> Rachel Llorenna (frequency)
>>>>>
>>>>>
>>>> --No virus found in this incoming message.
>>>> Checked by AVG Anti-Virus.
>>>> Version: 7.0.308 / Virus Database: 266.11.2 - Release Date:  
>>>> 5/2/2005
>>>> --No virus found in this outgoing message.
>>>> Checked by AVG Anti-Virus.
>>>> Version: 7.0.308 / Virus Database: 266.11.5 - Release Date:  
>>>> 5/4/2005
>>>>
>>>>
>>>
>>>
>>>
>>
>

More information about the hybrid mailing list