This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

How link 1.8.4 bots

General support and discussion of Eggdrop bots.
Post Reply
P
Paladinz
Voice
Posts: 7
Joined: Mon Jul 17, 2017 5:54 pm

How link 1.8.4 bots

Post by Paladinz »

I have several 1.8.4 bots and have generated the .key and .cert files on the hub which are in the eggdrops folder, the hubs config contains
set ssl-privatekey "eggdrop.key"
set ssl-certificate "eggdrop.crt"
set ssl-capath "/etc/ssl/"
set ssl-ciphers "ALL"
set ssl-cert-auth 0
set ssl-verify-dcc 0
set ssl-verify-bots 0
set ssl-verify-clients 0
When I try to get a leaf bot to link to the hub the hub shows
Sent STARTTLS to Leaf1...
Challenging Leaf1...
TLS: alert during read: fatal (unknown CA).
The leafe bot shows
Linking to Hub at REDACTED ...
Got STARTTLS from Hub. Replying...
Received challenge from Hub... sending response ...
TLS: certificate validation failed. Certificate subject does not match peer.
TLS: alert during write: fatal (unknown CA).
I'm obviously doing something wrong which isn't surprising as I know nothing about SSL/TLS and certificates :lol:

Can someone ELI5 what I am doing wrong or point me to some directions on how to link 1.8.4 bots beyond the instructions in the Docs that just tell you how to make the certs.
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Re: How link 1.8.4 bots

Post by willyw »

Hello,

First - I am not a bot linking wizard. :) So as we go over this, if someone else sees something that I've said that isn't quite right - please jump in here.

Next - I do have some 1.8.4 bots linked. I don't really USE the links, I just did it for the heck of it. Probably to try to help answer some question in here, and just left them linked. This means that I can go look at my .conf files for you. And that's how I'm going to proceed. ;)

Paladinz wrote:I have several 1.8.4 bots and have generated the .key and .cert files on the hub which are in the eggdrops folder,
I don't know if all the bots are on the same server yet, or not. Please advise.

I don't know if bots will not like it, if all bots on same server are trying to use the same .key and .cert files.

I do see that - for some reason (it's been a long time. I don't remember why.) - I do not use eggdrop.key and eggdrop.crt as filenames.
I use botnick.key and botnick.crt .
Yes, my eggdrop dir has several .key and .crt files in it.

That way, each bot has its own unique files to load.
I do not know if this is necessary, or not. Sorry.

But, it is the way mine is set up, and mine connects, and it *might* make a difference - so I'm letting you know.
the hubs config contains
set ssl-privatekey "eggdrop.key"
set ssl-certificate "eggdrop.crt"
set ssl-capath "/etc/ssl/"
set ssl-ciphers "ALL"
set ssl-cert-auth 0
set ssl-verify-dcc 0
set ssl-verify-bots 0
set ssl-verify-clients 0
I looked at these lines that you've mentioned.

Here is copy-and-paste from my hub bot:

Code: Select all

set ssl-privatekey "lb1.key"
set ssl-certificate "lb1.crt"
set ssl-capath "/etc/ssl/"
#set ssl-ciphers ""
#set ssl-cert-auth 0
#set ssl-verify-dcc 0
#set ssl-verify-bots 0
#set ssl-verify-clients 0
As you can see, several of the commands that you are using, are simply commented out and unused in mine.
I'm obviously doing something wrong which isn't surprising as I know nothing about SSL/TLS and certificates :lol:
That's two of us! :)
Can someone ELI5 what I am doing wrong or point me to some directions on how to link 1.8.4 bots beyond the instructions in the Docs that just tell you how to make the certs.
I will gladly - as time permits - compare what I've got, to what you've got, back and forth with you, until you get it going. And if we keep chatting about it in here, perhaps somebody else that DOES know specifics will jump in. :)

But I cannot tell you if the settings are ideal. At best, if you get it going, then you now have a known starting point, to return to as you tweak and tune it yourself.

I hope this helps.
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
P
Paladinz
Voice
Posts: 7
Joined: Mon Jul 17, 2017 5:54 pm

Post by Paladinz »

Many thanks for the reply willyw,

When I started using computers we used punched cards so SSL/TLS is something new to me :o

The bots are on different hosts, I've no idea if they all require their own certificates or copies of the hubs as the Doc only mentions making one for the hub.

Commenting out the same lines as in your paste gives the same errors as before.
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Post by willyw »

Paladinz wrote: ...
When I started using computers we used punched cards so SSL/TLS is something new to me :o
Don't drop your stack of cards!
(Don't ask me how I know ... heheheeh )
The bots are on different hosts, I've no idea if they all require their own certificates or copies of the hubs as the Doc only mentions making one for the hub.
I wasn't clear. I was referring to ONLY if multiple bots were being run from the same directory.
Commenting out the same lines as in your paste gives the same errors as before.
hmmphh!... :(
Now, we probably need somebody else.

Did you apply the changes with a simple rehash? Or a restart?
I don't know if this is one of those times that that could make a difference...

By the way, can you successfully telnet into both bots yourself?
Just want to be sure that is working. We don't want to have a situation where somehow either of the shell servers is blocking telnet.

... thinking ...
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
P
Paladinz
Voice
Posts: 7
Joined: Mon Jul 17, 2017 5:54 pm

Post by Paladinz »

Yes, telnet and dcc work fine, the bots connect to each other, it just seems to be the certificates thats messing things up.
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Post by willyw »

Paladinz wrote:Yes, telnet and dcc work fine,
Good.
the bots connect to each other,
??
I thought that was the problem... that the connecting failed.
it just seems to be the certificates thats messing things up.
Something just popped to mind.
Have you tried deleting all the .key and .crt files and making them new?
Perhaps this time with minimal changes from the default example, if you made any? I forgot to say that... changing the filename to be generated is the only change that I make.
And I make them by copy-and-pasting the command line that is an example in the comments in the .conf file. I just now remembered that there is some other way to make them, too. I don't think I've ever tried it. For what that is worth...
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
P
Paladinz
Voice
Posts: 7
Joined: Mon Jul 17, 2017 5:54 pm

Post by Paladinz »

willyw wrote:I thought that was the problem... that the connecting failed.
The bots do connect to each other, which is when the SSL/TLS exchange starts, fails and the connection drops. If the bots didn't connect it would never get to the TLS exchange stage.
willyw wrote:Something just popped to mind.
Have you tried deleting all the .key and .crt files and making them new?
Perhaps this time with minimal changes from the default example, if you made any? I forgot to say that... changing the filename to be generated is the only change that I make.
And I make them by copy-and-pasting the command line that is an example in the comments in the .conf file. I just now remembered that there is some other way to make them, too. I don't think I've ever tried it. For what that is worth...
Yes and I've tested the .key and .crt files with openssl and they show no errors.
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Post by willyw »

Paladinz wrote:
willyw wrote:I thought that was the problem... that the connecting failed.
The bots do connect to each other, which is when the SSL/TLS exchange starts, fails and the connection drops. If the bots didn't connect it would never get to the TLS exchange stage.
...
Ah. Ok. I was thinking, "connects successfully, all is well, and can stay connected for a month" when I read the word, "connect" in your post.

You were cutting it a bit finer.

All well and good.

Now we are communicating. :)

Thank you.
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
P
Paladinz
Voice
Posts: 7
Joined: Mon Jul 17, 2017 5:54 pm

Post by Paladinz »

Thanks for all the help on IRC willyw even though we didn't resolve it!

Can anyone else shed some light on the problem?
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Post by willyw »

Paladinz wrote: ...
Can anyone else shed some light on the problem?

Maybe post the link to this thread in #eggdrop on Libera ?

It's an idea ...
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
P
Paladinz
Voice
Posts: 7
Joined: Mon Jul 17, 2017 5:54 pm

Post by Paladinz »

Thanks, I will if nobody responds here, I dislike duplicating requests for help in different places at the same time.
User avatar
ComputerTech
Master
Posts: 399
Joined: Sat Feb 22, 2020 10:29 am
Contact:

Post by ComputerTech »

I recall having this error back when i was linking eggdrop 1.8.4's like a mad man around 2 years ago, i believe i have a couple still linked, so i'll go test later on them. :lol:
ComputerTech
Post Reply