This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

eggdrop 1.8.4 no connect whit SSL

General support and discussion of Eggdrop bots.
Post Reply
S
Suratka
Voice
Posts: 19
Joined: Sat Jun 25, 2016 4:56 pm
Contact:

eggdrop 1.8.4 no connect whit SSL

Post by Suratka »

ERROR: TLS: unable to set CA certificates location: error:02001002:system library:fopen:No such file or directory


I can't get my eggdrop 1.8.4 to work with ssl.

I'm screwing something up but I don't understand what.
who can help me with a step by step procedure?[/b]



I tried to delete everything and start again and now it gives me this error:

Tcl error in file 'eggdrop.conf':
invalid command name "certificate"
while executing
"certificate verification will not work."
(file "eggdrop.conf" line 270)
* CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
Lory@vps7382:~/eggdrop$ Tcl error in file 'eggdrop.conf':
No command 'Tcl' found, did you mean:
Command 'mcl' from package 'mcl' (universe)
Command 'cl' from package 'cl-launch' (universe)
Command 'ccl' from package 'cclive' (universe)
Command 'ecl' from package 'ecl' (universe)
Command 'ncl' from package 'ncl-ncarg' (universe)
Command 'gcl' from package 'gcl' (universe)
Tcl: command not found
aktarus@vps738288:~/eggdrop$ invalid command name "certificate"
invalid: command not found
lory@vps7382:~/eggdrop$ while executing
> "certificate verification will not work."
> (file "eggdrop.conf" line 270)
> * CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
-bash: syntax error near unexpected token `('
Lory@vps7382:~/eggdrop$





to say that I don't even know if l eggdrop.conf is well configured in the "SSL setting" department


this is my eggdrop.conf


##### SSL SETTINGS #####

# Settings in this section take effect when eggdrop is compiled with TLS
# support.

# File containing your private key, needed for the SSL certificate
# (see below). You can create one issuing the following command:
#
# openssl genrsa -out eggdrop.key 2048
#
# It will create a 2048 bit RSA key, strong enough for eggdrop.
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-privatekey "eggdrop1.key"

# Specify the filename where your SSL certificate is located. If you
# don't set this, eggdrop will not be able to act as a server in SSL
# connections, as with most ciphers a certificate and a private key
# are required on the server side. Must be in PEM format.
# If you don't have one, you can create it using the following command:
#
# openssl req -new -key eggdrop.key -x509 -out eggdrop.crt -days 365
#
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-certificate "eggdrop1.crt"

# Sets the maximum depth for the certificate chain verification that will
# be allowed for ssl. When certificate verification is enabled, any chain
# exceeding this depth will fail verification.
#set ssl-verify-depth 9

# Specify the location at which CA certificates for verification purposes
# are located. These certificates are trusted. If you don't set this,
certificate verification will not work.

set ssl-capath "/etc/ssl/certs/"
set ssl-cafile "/etc/ssl/certs/CA.pem"

#set ssl-cafile ""

# Specify the list of ciphers (in order of preference) allowed for use with
# ssl. The cipher list is one or more cipher strings separated by colons,
# commas or spaces. Unavailable ciphers are silently ignored unless no useable
# cipher could be found. For the list of possible cipher strings and their
# meanings, please refer to the ciphers(1) manual.
# Note: if you set this, the value replaces any ciphers OpenSSL might use by
# default. To include the default ciphers, you can put DEFAULT as a cipher
# string in the list.
# For example:
#
set ssl-ciphers "DEFAULT ADH"
#
# This will make eggdrop allow the default OpenSSL selection plus anonymous
# DH ciphers.
#
set ssl-ciphers "ALL"
#
# This will make eggdrop allow all ciphers supported by OpenSSL, in a
# reasonable order.
set ssl-ciphers "DEFAULT ADH"

# Enable certificate authorization. Set to 1 to allow users and bots to
# identify automatically by their certificate fingerprints. Setting it
# to 2 to will force fingerprint logins. With a value of 2, users without
# a fingerprint set or with a certificate UID not matching their handle
# won't be allowed to login on SSL enabled telnet ports. Fingerprints
# must be set in advance with the .fprint and .chfinger commands.
# NOTE: this setting has no effect on plain-text ports.
set ssl-cert-auth 2

# You can control SSL certificate verification using the following variables.
# All of them are flag-based. You can set them by adding together the numbers
# for all exceptions you want to enable. By default certificate verification
# is disabled and all certificates are assumed to be valid. The numbers are
# the following:
#
# Enable certificate verification - 1
# Allow self-signed certificates - 2
# Don't check peer common or alt names - 4
# Allow expired certificates - 8
# Allow certificates which are not valid yet - 16
# Allow revoked certificates - 32
# A value of 0 disables verification.

# Control certificate verification for DCC chats (only /dcc chat botnick)
set ssl-verify-dcc 1

# Control certificate verification for linking to hubs
#set ssl-verify-bots 0

# Control cerfificate verification for SSL listening ports. This includes
# leaf bots connecting, users telneting in and /ctcp bot chat.
set ssl-verify-clients 1
Last edited by Suratka on Sun Aug 15, 2021 7:13 pm, edited 1 time in total.
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Re: eggdrop 1.8.4 no connect whit SSL

Post by willyw »

Suratka wrote: ...
Tcl error in file 'eggdrop.conf':
invalid command name "certificate"
while executing
"certificate verification will not work."
(file "eggdrop.conf" line 270)
* CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
...
Let's start with just this much.


In the text that you provided in your post, from your eggdrop.conf, is:
# Specify the location at which CA certificates for verification purposes
# are located. These certificates are trusted. If you don't set this,
certificate verification will not work.
See the problem?

There is no # as the first character on the last line that I quoted, to make that line a comment line.
Therefore, it is an active line, and eggdrop tries to read it - and obviously chokes on it.

My guess is that you accidentally deleted the original # that was there. Put it back.

Then see what happens then.

I hope this helps.
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Post Reply