egghelp.org community Forum Index
[ egghelp.org home | forum home ]
egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How link 1.8.4 bots

 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Eggdrop Help
View previous topic :: View next topic  
Author Message
Paladinz
Voice


Joined: 17 Jul 2017
Posts: 7

PostPosted: Tue Nov 22, 2022 10:26 am    Post subject: How link 1.8.4 bots Reply with quote

I have several 1.8.4 bots and have generated the .key and .cert files on the hub which are in the eggdrops folder, the hubs config contains

Quote:
set ssl-privatekey "eggdrop.key"
set ssl-certificate "eggdrop.crt"
set ssl-capath "/etc/ssl/"
set ssl-ciphers "ALL"
set ssl-cert-auth 0
set ssl-verify-dcc 0
set ssl-verify-bots 0
set ssl-verify-clients 0


When I try to get a leaf bot to link to the hub the hub shows

Quote:
Sent STARTTLS to Leaf1...
Challenging Leaf1...
TLS: alert during read: fatal (unknown CA).


The leafe bot shows

Quote:

Linking to Hub at REDACTED ...
Got STARTTLS from Hub. Replying...
Received challenge from Hub... sending response ...
TLS: certificate validation failed. Certificate subject does not match peer.
TLS: alert during write: fatal (unknown CA).


I'm obviously doing something wrong which isn't surprising as I know nothing about SSL/TLS and certificates Laughing

Can someone ELI5 what I am doing wrong or point me to some directions on how to link 1.8.4 bots beyond the instructions in the Docs that just tell you how to make the certs.
Back to top
View user's profile Send private message
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1183

PostPosted: Tue Nov 22, 2022 11:42 am    Post subject: Re: How link 1.8.4 bots Reply with quote

Hello,

First - I am not a bot linking wizard. Smile So as we go over this, if someone else sees something that I've said that isn't quite right - please jump in here.

Next - I do have some 1.8.4 bots linked. I don't really USE the links, I just did it for the heck of it. Probably to try to help answer some question in here, and just left them linked. This means that I can go look at my .conf files for you. And that's how I'm going to proceed. Wink


Paladinz wrote:
I have several 1.8.4 bots and have generated the .key and .cert files on the hub which are in the eggdrops folder,


I don't know if all the bots are on the same server yet, or not. Please advise.

I don't know if bots will not like it, if all bots on same server are trying to use the same .key and .cert files.

I do see that - for some reason (it's been a long time. I don't remember why.) - I do not use eggdrop.key and eggdrop.crt as filenames.
I use botnick.key and botnick.crt .
Yes, my eggdrop dir has several .key and .crt files in it.

That way, each bot has its own unique files to load.
I do not know if this is necessary, or not. Sorry.

But, it is the way mine is set up, and mine connects, and it *might* make a difference - so I'm letting you know.

Quote:

the hubs config contains

Quote:
set ssl-privatekey "eggdrop.key"
set ssl-certificate "eggdrop.crt"
set ssl-capath "/etc/ssl/"
set ssl-ciphers "ALL"
set ssl-cert-auth 0
set ssl-verify-dcc 0
set ssl-verify-bots 0
set ssl-verify-clients 0



I looked at these lines that you've mentioned.

Here is copy-and-paste from my hub bot:
Code:

set ssl-privatekey "lb1.key"
set ssl-certificate "lb1.crt"
set ssl-capath "/etc/ssl/"
#set ssl-ciphers ""
#set ssl-cert-auth 0
#set ssl-verify-dcc 0
#set ssl-verify-bots 0
#set ssl-verify-clients 0


As you can see, several of the commands that you are using, are simply commented out and unused in mine.

Quote:

I'm obviously doing something wrong which isn't surprising as I know nothing about SSL/TLS and certificates Laughing

That's two of us! Smile

Quote:

Can someone ELI5 what I am doing wrong or point me to some directions on how to link 1.8.4 bots beyond the instructions in the Docs that just tell you how to make the certs.


I will gladly - as time permits - compare what I've got, to what you've got, back and forth with you, until you get it going. And if we keep chatting about it in here, perhaps somebody else that DOES know specifics will jump in. Smile

But I cannot tell you if the settings are ideal. At best, if you get it going, then you now have a known starting point, to return to as you tweak and tune it yourself.

I hope this helps.
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
Paladinz
Voice


Joined: 17 Jul 2017
Posts: 7

PostPosted: Tue Nov 22, 2022 11:54 am    Post subject: Reply with quote

Many thanks for the reply willyw,

When I started using computers we used punched cards so SSL/TLS is something new to me Surprised

The bots are on different hosts, I've no idea if they all require their own certificates or copies of the hubs as the Doc only mentions making one for the hub.

Commenting out the same lines as in your paste gives the same errors as before.
Back to top
View user's profile Send private message
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1183

PostPosted: Tue Nov 22, 2022 12:37 pm    Post subject: Reply with quote

Paladinz wrote:

...
When I started using computers we used punched cards so SSL/TLS is something new to me Surprised


Don't drop your stack of cards!
(Don't ask me how I know ... heheheeh )

Quote:

The bots are on different hosts, I've no idea if they all require their own certificates or copies of the hubs as the Doc only mentions making one for the hub.


I wasn't clear. I was referring to ONLY if multiple bots were being run from the same directory.

Quote:

Commenting out the same lines as in your paste gives the same errors as before.


hmmphh!... Sad
Now, we probably need somebody else.

Did you apply the changes with a simple rehash? Or a restart?
I don't know if this is one of those times that that could make a difference...

By the way, can you successfully telnet into both bots yourself?
Just want to be sure that is working. We don't want to have a situation where somehow either of the shell servers is blocking telnet.

... thinking ...
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
Paladinz
Voice


Joined: 17 Jul 2017
Posts: 7

PostPosted: Tue Nov 22, 2022 2:01 pm    Post subject: Reply with quote

Yes, telnet and dcc work fine, the bots connect to each other, it just seems to be the certificates thats messing things up.
Back to top
View user's profile Send private message
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1183

PostPosted: Tue Nov 22, 2022 2:11 pm    Post subject: Reply with quote

Paladinz wrote:
Yes, telnet and dcc work fine,


Good.

Quote:

the bots connect to each other,


??
I thought that was the problem... that the connecting failed.

Quote:

it just seems to be the certificates thats messing things up.


Something just popped to mind.
Have you tried deleting all the .key and .crt files and making them new?
Perhaps this time with minimal changes from the default example, if you made any? I forgot to say that... changing the filename to be generated is the only change that I make.
And I make them by copy-and-pasting the command line that is an example in the comments in the .conf file. I just now remembered that there is some other way to make them, too. I don't think I've ever tried it. For what that is worth...
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
Paladinz
Voice


Joined: 17 Jul 2017
Posts: 7

PostPosted: Tue Nov 22, 2022 2:22 pm    Post subject: Reply with quote

willyw wrote:
I thought that was the problem... that the connecting failed.


The bots do connect to each other, which is when the SSL/TLS exchange starts, fails and the connection drops. If the bots didn't connect it would never get to the TLS exchange stage.

willyw wrote:
Something just popped to mind.
Have you tried deleting all the .key and .crt files and making them new?
Perhaps this time with minimal changes from the default example, if you made any? I forgot to say that... changing the filename to be generated is the only change that I make.
And I make them by copy-and-pasting the command line that is an example in the comments in the .conf file. I just now remembered that there is some other way to make them, too. I don't think I've ever tried it. For what that is worth...


Yes and I've tested the .key and .crt files with openssl and they show no errors.
Back to top
View user's profile Send private message
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1183

PostPosted: Tue Nov 22, 2022 2:29 pm    Post subject: Reply with quote

Paladinz wrote:
willyw wrote:
I thought that was the problem... that the connecting failed.


The bots do connect to each other, which is when the SSL/TLS exchange starts, fails and the connection drops. If the bots didn't connect it would never get to the TLS exchange stage.
...


Ah. Ok. I was thinking, "connects successfully, all is well, and can stay connected for a month" when I read the word, "connect" in your post.

You were cutting it a bit finer.

All well and good.

Now we are communicating. Smile

Thank you.
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
Paladinz
Voice


Joined: 17 Jul 2017
Posts: 7

PostPosted: Thu Nov 24, 2022 10:04 am    Post subject: Reply with quote

Thanks for all the help on IRC willyw even though we didn't resolve it!

Can anyone else shed some light on the problem?
Back to top
View user's profile Send private message
willyw
Revered One


Joined: 15 Jan 2009
Posts: 1183

PostPosted: Thu Nov 24, 2022 10:14 am    Post subject: Reply with quote

Paladinz wrote:

...
Can anyone else shed some light on the problem?



Maybe post the link to this thread in #eggdrop on Libera ?

It's an idea ...
_________________
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Back to top
View user's profile Send private message
Paladinz
Voice


Joined: 17 Jul 2017
Posts: 7

PostPosted: Thu Nov 24, 2022 10:16 am    Post subject: Reply with quote

Thanks, I will if nobody responds here, I dislike duplicating requests for help in different places at the same time.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Eggdrop Help All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber