ulines problam

These are old archives. They are kept for historic purposes only.
Snaffels
Posts: 25
Joined: Sun Apr 18, 2004 1:50 pm
Contact:

Post by Snaffels »

now its like this:
set {

ssl {

certificate "/home/ircd/server.cert.pem";
key "/home/ircd/server.key.pem";
trusted-ca-file "/home/ircd/ssl.rnd";

options {

fail-if-no-clientcert;
no-self-signed;
verify-certificate;

};
};
};

and:
using OpenSSL 0.9.7a Feb 19 2003

using zlib 1.1.4

* Loading IRCd configuration ..
* Configuration loaded without any problems ..
* Loading tunefile..
* Initializing SSL.
Possible error encountered (IRCd seemily not started)
=====================================================
Check above for possible errors, and this output of
ircd.log. If you cannot solve the problem, read
Unreal.nfo on where to get support
=====================================================

wtf should i do!?!?!?
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

ulining normal servers == bad

Post by Syzop »

I would like to jump in on the stuf regarding ulines where Angrywolf and aquanight were talking about.

They are both correct in saying that having your normal servers u-lined IS *VERY bad*... ULines don't only affect SVS* commands but a LOT more, it can also lead to strange things...
Just to name one of the weird things that will happen:
* Zwei does '/topic #test lalala' on 1 server: * Zwei changes topic to 'lalala'
* on the other server you see: * Zwei changes topic to 'lalala (Zwei)'
Some other things are:
* far connects/disconnects are not shown for u-lines
* joinfloods (chanmode +f) are not counted from u-lines (so if you uline all y our servers and you got a clonenet spread at say 5 servers it would only count joins on your own server... thus the limit will be exceeded by 5x if they do it well).
And a lot more....
So besides a big security risk it also leads to all kinds of weird behavior.
Which is the reason that both doc/example.conf and unreal32docs mention it's only for services.
Snaffels
Posts: 25
Joined: Sun Apr 18, 2004 1:50 pm
Contact:

Post by Snaffels »

but that what i want to do...
aquanight
Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight »

There's a special subblock for the ssl options. If you RTFM you would know this.
AngryWolf
Posts: 554
Joined: Sat Mar 06, 2004 10:53 am
Location: Hungary
Contact:

Post by AngryWolf »

When your ircd stops after displaying "Initializing SSL", it's always good to have a look in the log file where you configured ircd to report errors to. Or else you won't know anything about the error(s). I think your problem is that either the .pem files don't exist or you specified a wrong path for them.

Generally you don't have to specify any values for set::ssl::certificate, key and trusted-ca-file, because the default values of the first two directives are server.cert.pem, server.key.pem, and the last one is only needed if you have a trusted CA file. (ssl.rnd is not a trusted CA file!) If you are using Linux, you can generate the necessary .pem files with make pem, and optionally encrypt your private key with make encpem. (On Windows these commands are makecert.bat and encpem.bat.)

I don't want to write genereal things about SSL, because it's too offtopic here, but I suppose you aren't very familiar with it, so it's the best to read some SSL tutorials if you want to know more.
Post Reply