WeeChat DevCenter

Tag - ssl

Entries feed

Friday, July 27 2012

SSL in Relay plugin

SSL support has been added in Relay plugin, for irc and weechat protocols.

A new option has been added to set the certificate and private key to use:

  • relay.network.ssl_cert_key: path to file with certificate and private key (default: ~/.weechat/ssl/relay.pem)

The file can be created with following commands:

$ mkdir -p ~/.weechat/ssl
$ cd ~/.weechat/ssl
$ openssl req -nodes -newkey rsa:2048 -keyout relay.pem -x509 -days 365 -out relay.pem

In WeeChat :

/relay sslcertkey

And add relays with SSL, for example:

/relay add ssl.irc.freenode 8001
/relay add ssl.weechat 9001

And now WeeChat will serve clients on these ports using SSL, enjoy!

Monday, December 7 2009

SSL certificates

New options have been added to check SSL certificates when connecting to IRC servers, thanks to kolter's patch:

  • weechat.network.gnutls_ca_file: path to file with certificate authorities (by default: "%h/ssl/CAs.pem")
  • irc.server.xxx.ssl_cert: ssl certificate file used to automatically identify your nick (CertFP on oftc for example, see below)
  • irc.server.xxx.ssl_dhkey_size: replaces old option weechat.network.gnutls_dh_prime_bitsmax_lines, new default value is 2048 (safer than old default value which was 512)
  • irc.server.xxx.ssl_verify: check that the ssl connection is fully trusted (on by default)

Please note that ssl_verify is on by default, so verification is now stricter, and may fail even if it was ok with previous versions of WeeChat.

First example: connect to oftc and check certificate:

  • import certificate:
    • mkdir ~/.weechat/ssl
    • wget -O ~/.weechat/ssl/CAs.pem http://www.spi-inc.org/ca/spi-cacert.crt
  • in weechat:
    • /connect oftc

Note: it is possible to concatenate many CAs in file CAs.pem.

Second example: connect to oftc using CertFP (certificate to auto identify your nick):

  • create certificate:
    • openssl req -nodes -newkey rsa:2048 -keyout nick.key -x509 -days 365 -out nick.cer
    • cat nick.cer nick.key > ~/.weechat/ssl/nick.pem
  • in weechat:
    • /set irc.server.oftc.ssl_cert "%h/ssl/nick.pem"
    • /connect oftc
    • /msg nickserv cert add

For more information, please look at http://www.oftc.net/oftc/NickServ/CertFP.