now its like this:
set {
ssl {
certificate "/home/ircd/server.cert.pem";
key "/home/ircd/server.key.pem";
trusted-ca-file "/home/ircd/ssl.rnd";
options {
fail-if-no-clientcert;
no-self-signed;
verify-certificate;
};
};
};
and:
using OpenSSL 0.9.7a Feb 19 2003
using zlib 1.1.4
* Loading IRCd configuration ..
* Configuration loaded without any problems ..
* Loading tunefile..
* Initializing SSL.
Possible error encountered (IRCd seemily not started)
=====================================================
Check above for possible errors, and this output of
ircd.log. If you cannot solve the problem, read
Unreal.nfo on where to get support
=====================================================
wtf should i do!?!?!?
ulines problam
ulining normal servers == bad
I would like to jump in on the stuf regarding ulines where Angrywolf and aquanight were talking about.
They are both correct in saying that having your normal servers u-lined IS *VERY bad*... ULines don't only affect SVS* commands but a LOT more, it can also lead to strange things...
Just to name one of the weird things that will happen:
* Zwei does '/topic #test lalala' on 1 server: * Zwei changes topic to 'lalala'
* on the other server you see: * Zwei changes topic to 'lalala (Zwei)'
Some other things are:
* far connects/disconnects are not shown for u-lines
* joinfloods (chanmode +f) are not counted from u-lines (so if you uline all y our servers and you got a clonenet spread at say 5 servers it would only count joins on your own server... thus the limit will be exceeded by 5x if they do it well).
And a lot more....
So besides a big security risk it also leads to all kinds of weird behavior.
Which is the reason that both doc/example.conf and unreal32docs mention it's only for services.
They are both correct in saying that having your normal servers u-lined IS *VERY bad*... ULines don't only affect SVS* commands but a LOT more, it can also lead to strange things...
Just to name one of the weird things that will happen:
* Zwei does '/topic #test lalala' on 1 server: * Zwei changes topic to 'lalala'
* on the other server you see: * Zwei changes topic to 'lalala (Zwei)'
Some other things are:
* far connects/disconnects are not shown for u-lines
* joinfloods (chanmode +f) are not counted from u-lines (so if you uline all y our servers and you got a clonenet spread at say 5 servers it would only count joins on your own server... thus the limit will be exceeded by 5x if they do it well).
And a lot more....
So besides a big security risk it also leads to all kinds of weird behavior.
Which is the reason that both doc/example.conf and unreal32docs mention it's only for services.
When your ircd stops after displaying "Initializing SSL", it's always good to have a look in the log file where you configured ircd to report errors to. Or else you won't know anything about the error(s). I think your problem is that either the .pem files don't exist or you specified a wrong path for them.
Generally you don't have to specify any values for set::ssl::certificate, key and trusted-ca-file, because the default values of the first two directives are server.cert.pem, server.key.pem, and the last one is only needed if you have a trusted CA file. (ssl.rnd is not a trusted CA file!) If you are using Linux, you can generate the necessary .pem files with make pem, and optionally encrypt your private key with make encpem. (On Windows these commands are makecert.bat and encpem.bat.)
I don't want to write genereal things about SSL, because it's too offtopic here, but I suppose you aren't very familiar with it, so it's the best to read some SSL tutorials if you want to know more.
Generally you don't have to specify any values for set::ssl::certificate, key and trusted-ca-file, because the default values of the first two directives are server.cert.pem, server.key.pem, and the last one is only needed if you have a trusted CA file. (ssl.rnd is not a trusted CA file!) If you are using Linux, you can generate the necessary .pem files with make pem, and optionally encrypt your private key with make encpem. (On Windows these commands are makecert.bat and encpem.bat.)
I don't want to write genereal things about SSL, because it's too offtopic here, but I suppose you aren't very familiar with it, so it's the best to read some SSL tutorials if you want to know more.