egghelp.org community Forum Index
[ egghelp.org home | forum home ]
egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

eggdrop 1.8.4 no connect whit SSL

 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Eggdrop Help
View previous topic :: View next topic  
Author Message
Suratka
Voice


Joined: 25 Jun 2016
Posts: 4

PostPosted: Tue Nov 05, 2019 5:57 pm    Post subject: eggdrop 1.8.4 no connect whit SSL Reply with quote

ERROR: TLS: unable to set CA certificates location: error:02001002:system library:fopen:No such file or directory


I can't get my eggdrop 1.8.4 to work with ssl.

I'm screwing something up but I don't understand what.
who can help me with a step by step procedure?[/b]



I tried to delete everything and start again and now it gives me this error:

Tcl error in file 'eggdrop.conf':
invalid command name "certificate"
while executing
"certificate verification will not work."
(file "eggdrop.conf" line 270)
* CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
Lory@vps7382:~/eggdrop$ Tcl error in file 'eggdrop.conf':
No command 'Tcl' found, did you mean:
Command 'mcl' from package 'mcl' (universe)
Command 'cl' from package 'cl-launch' (universe)
Command 'ccl' from package 'cclive' (universe)
Command 'ecl' from package 'ecl' (universe)
Command 'ncl' from package 'ncl-ncarg' (universe)
Command 'gcl' from package 'gcl' (universe)
Tcl: command not found
aktarus@vps738288:~/eggdrop$ invalid command name "certificate"
invalid: command not found
lory@vps7382:~/eggdrop$ while executing
> "certificate verification will not work."
> (file "eggdrop.conf" line 270)
> * CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
-bash: syntax error near unexpected token `('
Lory@vps7382:~/eggdrop$





to say that I don't even know if l eggdrop.conf is well configured in the "SSL setting" department


this is my eggdrop.conf


##### SSL SETTINGS #####

# Settings in this section take effect when eggdrop is compiled with TLS
# support.

# File containing your private key, needed for the SSL certificate
# (see below). You can create one issuing the following command:
#
# openssl genrsa -out eggdrop.key 2048
#
# It will create a 2048 bit RSA key, strong enough for eggdrop.
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-privatekey "eggdrop1.key"

# Specify the filename where your SSL certificate is located. If you
# don't set this, eggdrop will not be able to act as a server in SSL
# connections, as with most ciphers a certificate and a private key
# are required on the server side. Must be in PEM format.
# If you don't have one, you can create it using the following command:
#
# openssl req -new -key eggdrop.key -x509 -out eggdrop.crt -days 365
#
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-certificate "eggdrop1.crt"

# Sets the maximum depth for the certificate chain verification that will
# be allowed for ssl. When certificate verification is enabled, any chain
# exceeding this depth will fail verification.
#set ssl-verify-depth 9

# Specify the location at which CA certificates for verification purposes
# are located. These certificates are trusted. If you don't set this,
certificate verification will not work.

set ssl-capath "/etc/ssl/certs/"
set ssl-cafile "/etc/ssl/certs/CA.pem"

#set ssl-cafile ""

# Specify the list of ciphers (in order of preference) allowed for use with
# ssl. The cipher list is one or more cipher strings separated by colons,
# commas or spaces. Unavailable ciphers are silently ignored unless no useable
# cipher could be found. For the list of possible cipher strings and their
# meanings, please refer to the ciphers(1) manual.
# Note: if you set this, the value replaces any ciphers OpenSSL might use by
# default. To include the default ciphers, you can put DEFAULT as a cipher
# string in the list.
# For example:
#
set ssl-ciphers "DEFAULT ADH"
#
# This will make eggdrop allow the default OpenSSL selection plus anonymous
# DH ciphers.
#
set ssl-ciphers "ALL"
#
# This will make eggdrop allow all ciphers supported by OpenSSL, in a
# reasonable order.
set ssl-ciphers "DEFAULT ADH"

# Enable certificate authorization. Set to 1 to allow users and bots to
# identify automatically by their certificate fingerprints. Setting it
# to 2 to will force fingerprint logins. With a value of 2, users without
# a fingerprint set or with a certificate UID not matching their handle
# won't be allowed to login on SSL enabled telnet ports. Fingerprints
# must be set in advance with the .fprint and .chfinger commands.
# NOTE: this setting has no effect on plain-text ports.
set ssl-cert-auth 2

# You can control SSL certificate verification using the following variables.
# All of them are flag-based. You can set them by adding together the numbers
# for all exceptions you want to enable. By default certificate verification
# is disabled and all certificates are assumed to be valid. The numbers are
# the following:
#
# Enable certificate verification - 1
# Allow self-signed certificates - 2
# Don't check peer common or alt names - 4
# Allow expired certificates - 8
# Allow certificates which are not valid yet - 16
# Allow revoked certificates - 32
# A value of 0 disables verification.

# Control certificate verification for DCC chats (only /dcc chat botnick)
set ssl-verify-dcc 1

# Control certificate verification for linking to hubs
#set ssl-verify-bots 0

# Control cerfificate verification for SSL listening ports. This includes
# leaf bots connecting, users telneting in and /ctcp bot chat.
set ssl-verify-clients 1
Back to top
View user's profile Send private message AIM Address
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1045

PostPosted: Tue Nov 05, 2019 7:20 pm    Post subject: Re: eggdrop 1.8.4 no connect whit SSL Reply with quote

Suratka wrote:

...
Tcl error in file 'eggdrop.conf':
invalid command name "certificate"
while executing
"certificate verification will not work."
(file "eggdrop.conf" line 270)
* CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
...


Let's start with just this much.


In the text that you provided in your post, from your eggdrop.conf, is:
Quote:

# Specify the location at which CA certificates for verification purposes
# are located. These certificates are trusted. If you don't set this,
certificate verification will not work.



See the problem?

There is no # as the first character on the last line that I quoted, to make that line a comment line.
Therefore, it is an active line, and eggdrop tries to read it - and obviously chokes on it.

My guess is that you accidentally deleted the original # that was there. Put it back.

Then see what happens then.

I hope this helps.
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Eggdrop Help All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber