UnrealIRCd Forums

Welcome to the UnrealIRCd Forums!
https://forums.unrealircd.org/

ulines problam

https://forums.unrealircd.org/viewtopic.php?t=225

Page 2 of 2

Posted: Thu Apr 22, 2004 6:13 pm
by Snaffels
now its like this:
set {

ssl {

certificate "/home/ircd/server.cert.pem";
key "/home/ircd/server.key.pem";
trusted-ca-file "/home/ircd/ssl.rnd";

options {

fail-if-no-clientcert;
no-self-signed;
verify-certificate;

};
};
};

and:
using OpenSSL 0.9.7a Feb 19 2003

using zlib 1.1.4

* Loading IRCd configuration ..
* Configuration loaded without any problems ..
* Loading tunefile..
* Initializing SSL.
Possible error encountered (IRCd seemily not started)
=====================================================
Check above for possible errors, and this output of
ircd.log. If you cannot solve the problem, read
Unreal.nfo on where to get support
=====================================================

wtf should i do!?!?!?

ulining normal servers == bad

Posted: Thu Apr 22, 2004 6:33 pm
by Syzop
I would like to jump in on the stuf regarding ulines where Angrywolf and aquanight were talking about.

They are both correct in saying that having your normal servers u-lined IS *VERY bad*... ULines don't only affect SVS* commands but a LOT more, it can also lead to strange things...
Just to name one of the weird things that will happen:
* Zwei does '/topic #test lalala' on 1 server: * Zwei changes topic to 'lalala'
* on the other server you see: * Zwei changes topic to 'lalala (Zwei)'
Some other things are:
* far connects/disconnects are not shown for u-lines
* joinfloods (chanmode +f) are not counted from u-lines (so if you uline all y our servers and you got a clonenet spread at say 5 servers it would only count joins on your own server... thus the limit will be exceeded by 5x if they do it well).
And a lot more....
So besides a big security risk it also leads to all kinds of weird behavior.
Which is the reason that both doc/example.conf and unreal32docs mention it's only for services.

Posted: Thu Apr 22, 2004 8:23 pm
by Snaffels
but that what i want to do...

Posted: Thu Apr 22, 2004 10:52 pm
by aquanight
There's a special subblock for the ssl options. If you RTFM you would know this.

Posted: Fri Apr 23, 2004 8:32 am
by AngryWolf
When your ircd stops after displaying "Initializing SSL", it's always good to have a look in the log file where you configured ircd to report errors to. Or else you won't know anything about the error(s). I think your problem is that either the .pem files don't exist or you specified a wrong path for them.

Generally you don't have to specify any values for set::ssl::certificate, key and trusted-ca-file, because the default values of the first two directives are server.cert.pem, server.key.pem, and the last one is only needed if you have a trusted CA file. (ssl.rnd is not a trusted CA file!) If you are using Linux, you can generate the necessary .pem files with make pem, and optionally encrypt your private key with make encpem. (On Windows these commands are makecert.bat and encpem.bat.)

I don't want to write genereal things about SSL, because it's too offtopic here, but I suppose you aren't very familiar with it, so it's the best to read some SSL tutorials if you want to know more.
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited