Using SSL to connect to freenode in weechat
March 2019
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
About
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Recent Comments
Recent Trackbacks
Categories
OpenBSD (9 items)
BSD (0 items)
FreeBSD (19 items)
Linux (3 items)
Security (3 items)
Python (22 items)
Zope (13 items)
Daily (144 items)
e-shell (9 items)
Hacks (14 items)
PostgreSQL (3 items)
OSX (8 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (3 items)
Nintendo Wii (1 items)
Django (24 items)
Music (12 items)
Plone (7 items)
Varnish (0 items)
Lugo (2 items)
Sendmail (0 items)
europython (7 items)
Cherokee (1 items)
self (1 items)
Nature (1 items)
Hiking (0 items)
uwsgi (0 items)
nginx (0 items)
cycling (10 items)
Networking (1 items)
DNS (0 items)
Archives

Syndicate this site (XML)

RSS/RDF 0.91

16 mayo
2011

Using SSL to connect to freenode in weechat

Just another reminder for myself.

If NickServ is right, I've been using Freenode for more than 10 years:

NickServ (NickServ@services.): Registered : May 09 23:49:42 2001 (10 years, 1 week, 1 day, 21:51:41 ago)

During all that time, I've used a variety of IRC clients like BitchX, Epic4, Irssi and, lately, WeeChat.

Today I had to connect to the network from an insecure connection. Usually in a situation like that, I just open an ssh connection to a safe host and then I connect to Freenode from that host.

But today I did remember that Freenode offers the posibility to use SSL encrypted connections when connecting to the network.

In order to get that working in WeeChat, you only have to download the SSL CA cert from http://freenode.net/faq.shtml#sslaccess and save it somewhere in your home directory (~/.weechat/ would be a perfect place for that). Then you have to edit your configuration file (~/.weechat/irc.conf in recent versions of WeeChat) and locate the ssl settings:

ssl = off
ssl_cert = ""
ssl_dhkey_size = 2048
ssl_verify = on

By default ssl is disabled, you only have to enable it, set the path to the SSL CA cert you've downloaded from the Freenode website and, important, modify the value of the ssl_dhkey_size parameter, from the default value (2048) to 1024 (otherwise weechat will complain and refuse to connect to the server). You will end with something like:

ssl = on
ssl_cert = "/home/wu/.weechat/GandiStandardSSLCA.crt"
ssl_dhkey_size = 1024
ssl_verify = on

Then you will have to modify the address parameter of your freenode connection, from the non-ssl configuration:

freenode.addresses = "chat.freenode.net/6667"

to the ssl-enabled one:

freenode.addresses = "chat.freenode.net/7000"

And finally you can start WeeChat and you will notice you are using an SSL-enabled connection because your user will be marked with the Z flag:

[00:02] [8] [irc] 1:server[freenode] [Lag: 0,090] [Act: 7,5,6,2,8]
[Wu(Zi)]

Posted by wu at 22:14 | Comments (0) | Trackbacks (0)
<< OpenSSH port-forwarding only account | Main | 7-J, el día que perdí a un ser querido >>
Comments
Re: Using SSL to connect to freenode in weechat

This option may have been moved or renamed:
From the current WeeChat docs:

weechat.network.gnutls_ca_file

path to file with certificate authorities (by default: "%h/ssl/CAs.pem")
irc.server.xxx.ssl_cert

SSL certificate file used to automatically identify your nick

So weechat.network.gnutls_ca_file is the option you need to set - affects all server connections so you're best to check what certificates your system recognises or concatenate the Gandi cert into your system certs...

Posted by: Adam Baxter at enero 01,2012 05:57
Trackbacks
Please send trackback to:http://blog.e-shell.org/289/tbping
There are no trackbacks.
Post a comment