ngIRCd Users December 2013

ngircd@lists.barton.de

8 participants
7 discussions

SSL issue.
by k0nsl 14 Dec '13

14 Dec '13

Hi all, I have compiled ngircd as per the usual steps, everything does work, except the most crucial bit for me - SSL. This is what it shows during debug: [root@feisty ngircd-20.3]# /usr/local/sbin/ngircd -n [26473:5 0] ngIRCd 21~19-g444308c-IRCPLUS+SSL+SYSLOG+ZLIB-x86_64/unknown/linux-gnu started. [26473:6 0] Using configuration file "/usr/local/etc/ngircd.conf" ... [26473:6 0] OpenSSL 1.0.1e-fips 11 Feb 2013 initialized. [26473:6 0] ServerUID must not be root(0), using "nobody" instead. [26473:6 0] Running as user nobody(99), group nobody(99), with PID 26473. [26473:6 0] Not running with changed root directory. [26473:6 0] IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 3). [26473:6 0] Created pre-defined channel "#k0nsl". [26473:6 0] Now listening on [0.0.0.0]:6668 (socket 6). [26473:6 0] Now listening on [0.0.0.0]:6669 (socket 7). [26473:6 0] Now listening on [0.0.0.0]:6667 (socket 8). [26473:6 0] Now listening on [0.0.0.0]:6697 (socket 9). [26473:5 54] Client unregistered (connection 10): SSL accept error, closing socket. [26473:6 54] Connection 10 with "x.x.x.x:38879" closed (in: 0.0k, out: 0.0k). [26473:6 62] Accepted connection 10 from "x.x.x.x:39102" on socket 8. [26473:3 62] SSL protocol error: SSL_accept (error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) [26473:6 62] Shutting down connection 10 (SSL accept error, closing socket) with "x.x.x.x:39102" ... [26473:5 62] Client unregistered (connection 10): SSL accept error, closing socket. [26473:6 62] Connection 10 with "x.x.x.x:39102" closed (in: 0.0k, out: 0.0k). [26473:6 64] Accepted connection 10 from "x.x.x.x:39148" on socket 8. [26473:3 65] SSL protocol error: SSL_accept (error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) [26473:6 65] Shutting down connection 10 (SSL accept error, closing socket) with "x.x.x.x:39148" ... [26473:5 65] Client unregistered (connection 10): SSL accept error, closing socket. [26473:6 65] Connection 10 with "x.x.x.x:39148" closed (in: 0.0k, out: 0.0k). [26473:6 66] Accepted connection 10 from "x.x.x.x:39216" on socket 8. [26473:3 66] SSL protocol error: SSL_accept (error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol) [26473:6 66] Shutting down connection 10 (SSL accept error, closing socket) with "x.x.x.x:39216" ... [26473:5 66] Client unregistered (connection 10): SSL accept error, closing socket. [26473:6 66] Connection 10 with "x.x.x.x:39216" closed (in: 0.0k, out: 0.0k). ^C[26473:5 67] Server going down NOW! [26473:6 67] Shutting down all listening sockets (4 total) ... [26473:6 67] ngIRCd done, served 10 connections. Any ideas? Faithfully, Kuensl

2 1

ngIRCd 21 with Open Watcom 1.9: fails to complete autoconf
by Götz Hoffart 06 Dec '13

06 Dec '13

Hi, I'm having problems compiling ngIRCd 21 with Open Watcom 1.9. I’ve gotten so far that the compiler is recognized and accepted by autoconf 2.67 [1], but it fails shortly after that: <https://s1.hoffart.de/temp/ngircd-21-on-watcom.txt> I searched for the given error message, but it seems to be known since 2003 and a lot of different explanations, not necessarily Watcom-related. Should I search for Open Watcom specific problems or should I stay here with that problem? [1]: Machine: x86_64, Debian GNU/Linux 6.x, newest patchlevel Regards Götz -- ③rz :: Regionales Retro-Rechenzentrum, Freiburg :: http://www.3rz.org Für Freunde außer-gewöhnlicher elektronischer Datenverarbeitung

1 0

SSL error: Could not negotiate a supported cipher suite
by Nicolas Leclercq 03 Dec '13

03 Dec '13

Hello gentlemen, I am trying to set up a 2 node ngIRCd cluster. Clients can connect to both nodes with SSL enabled (tested with irssi or znc), but the 2 servers does not want to talk together : SSL error: Could not negotiate a supported cipher suite. [gnutls_handshake] Packages version : libgnutls26 2.12.23-1ubuntu1.1 ngircd 21-1 Here is my configurations : IRC0 : [SSL] CertFile = /etc/ngircd/irc0_crt.pem DHFile = /etc/ngircd/dh.pem KeyFile = /etc/ngircd/irc0_privatekey.pem Ports = 50799 [Server] Name = irc2.xxx.net Host = irc2.xxx.net Port = 50799 PeerPassword = toto MyPassword = tata SSLConnect = yes Group = 1 IRC2 : [SSL] CertFile = /etc/ngircd/irc2_crt.pem DHFile = /etc/ngircd/dh.pem KeyFile = /etc/ngircd/irc2_privatekey.pem Ports = 50799 [Server] Name = irc0. xxx.net Host = irc0. xxx.net Port = 50799 Passive = yes MyPassword = tata PeerPassword = toto SSLConnect = yes Group = 1 And the log messages : IRC0 : Dec 2 17:42:43 maxwell ngircd[23501]: /etc/ngircd/ngircd.conf: line 148: "Ident = yes", but ngircd was built without IDENT support! Dec 2 17:42:43 maxwell ngircd[23501]: Can't read help text file "/usr/share/doc/ngircd/Commands.txt": No such file or directory Dec 2 17:42:43 maxwell ngircd[23501]: No help text available, HELP command will be of limited use. Dec 2 17:42:43 maxwell ngircd[23501]: ngIRCd 21-IPv6+IRCPLUS+SSL+SYSLOG+ZLIB-i686/pc/linux-gnu started. Dec 2 17:42:43 maxwell ngircd[23501]: Using configuration file "/etc/ngircd/ngircd.conf" ... Dec 2 17:42:43 maxwell ngircd[23501]: GnuTLS 2.12.23 initialized. Dec 2 17:42:43 maxwell ngircd[23502]: Running as user irc(39), group irc(39), with PID 23502. Dec 2 17:42:43 maxwell ngircd[23502]: Not running with changed root directory. Dec 2 17:42:43 maxwell ngircd[23502]: IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 4). Dec 2 17:42:43 maxwell ngircd[23502]: Created pre-defined channel "#hnng". Dec 2 17:42:43 maxwell ngircd[23502]: Now listening on [0::]:50799 (socket 8). Dec 2 17:42:43 maxwell ngircd[23502]: Now listening on [0.0.0.0]:50799 (socket 9). Dec 2 17:42:44 maxwell ngircd[23502]: Preparing to establish a new server link for "irc2.xxx.net" ... Dec 2 17:42:44 maxwell ngircd[23502]: Establishing connection for "irc2.xxx.net" to "irc2.xxx.net:50799 » (—.—.—.—), socket 10 ... Dec 2 17:42:44 maxwell ngircd[23502]: SSL error: A TLS packet with unexpected length was received. [gnutls_handshake]. Dec 2 17:42:44 maxwell ngircd[23502]: SSL connection on socket 10 failed! Dec 2 17:42:44 maxwell ngircd[23502]: Shutting down connection 10 (Can't connect) with "irc2.xxx.net:50799" ... Dec 2 17:42:44 maxwell ngircd[23502]: Client unregistered (connection 10): Can't connect. Dec 2 17:42:44 maxwell ngircd[23502]: Connection 10 with "irc2.xxx.net:50799" closed (in: 0.0k, out: 0.0k). IRC2: Dec 2 17:43:01 ampere ngircd[28153]: Accepted connection 15 from "—.—.—.—:38933" on socket 9. Dec 2 17:43:01 ampere ngircd[28153]: SSL error: Could not negotiate a supported cipher suite. [gnutls_handshake]. Dec 2 17:43:01 ampere ngircd[28153]: Shutting down connection 15 (SSL accept error, closing socket) with "—.—.—.—:38933" ... Dec 2 17:43:01 ampere ngircd[28153]: Client unregistered (connection 15): SSL accept error, closing socket. Dec 2 17:43:01 ampere ngircd[28153]: Connection 15 with "—.—.—.—:38933" closed (in: 0.0k, out: 0.0k). Thanks in advance for your help. -- Nicolas

2 1

Patch submission
by Matt Pepe 03 Dec '13

03 Dec '13

Hello, A couple of months ago, I started searching for a well-maintained IRC server that I could use as a basis for internal use at my organization. We are fairly security-conscious and we needed a solid server that supported SSL and PAM authentication. So, first - thanks for the great work you all are doing. We had a couple of other requirements, especially if we were going to expose the port on an externally-accessible address. The first was to allow only authorized connections from clients who presented a valid SSL certificate. This is the first half of the patch. If linked with GNUTLS, the patch will allow the admin to limit connections to clients that present a valid cert, signed by a valid CA in the server cert's chain of trust. It also supports revocation lists. Second is the addition of a new caching process called authcache. We wire up authentication through PAM and on to an one-time password infrastructure. We chose to do this since IRC clients don't bother trying to keep that password protected... at all.. It is even written to the client's history files in many cases. To shorten the window of opportunity for exposed credentials, the user enters an OTP when authenticating. Naturally, with the manner and frequency in which IRC clients disconnect and reconnect, entering credentials repeatedly would be infuriating (and impossible with most clients.) Authcache will create a token from the hash of the original IRC name, source connection hostname/address, and if SSL is enabled, the client certificate's hash, and store it in a table for a user-configurable amount of time. This table is consulted when a new connection is made and bypasses the internal authentication step if a record is found. A user or admin directed logoff will clear the connection's entry. Known issues... 1. Requires GNUTLS 3.x. I chose to use newer methods for CRL and verification checks. I would like to figure out what version of GNUTLS is installed and call the appropriate methods, but this leads me into the next item... 2. Lack of good Autoconf checks. As noted above, it requires GNUTLS 3.x. I am sadly not familiar enough with autoconf to put together a robust means of testing for that. 3. I have not yet written an equivalent CRL and Client cert check for libssl. 4. No changes to your unit tests. I hang my head in shame... I know there are a few items in that list that are solvable after some research and fiddling (autoconf, libssl). I haven't had a chance to fix those items yet - I hope to at some point, but who knows when. As you can tell by the dates in the patchfile, I've been sitting on the changes for a bit, hoping for time to get autoconf sorted out. Its been months, so I figured I'd put the patches out there in case they are useful in this configuration. Again, thanks for an awesome server - I hope you find these patches as useful as I have. - Matt

1 0

ngIRCd 21 with nwcc
by Götz Hoffart 03 Dec '13

03 Dec '13

ngIRCd 21 builds and works fine with nwcc: ngIRCd 21 has been configured with the following options: Host: x86_64-unknown-linux-gnu Compiler: /opt/nwcc/bin/nwcc Compiler flags: -g -DSYSCONFDIR='"$(sysconfdir)"' -DDOCDIR='"$(docdir)"' Libraries: -lz 'ngircd' binary: /usr/local/sbin Configuration file: /usr/local/etc Manual pages: /usr/local/share/man Documentation: /usr/local/share/doc/ngircd Syslog support: yes Enable debug code: no zlib compression: yes IRC sniffer: no Use TCP Wrappers: no Strict RFC mode: no IDENT support: no IRC+ protocol: yes IPv6 protocol: no I/O backend: epoll(), select() PAM support: no SSL support: no libiconv support: no the executable works ("runs") as expected --+ tests run successfully ("make check") --+ | ngIRCd compiles ("make") --+ | | ./configure works --+ | | | | | | | Platform Compiler ngIRCd Date Tester C M T R * --------------------------- ------------ ---------- -------- -------- - - - - - x86_64/unknown/linux-gnu nwcc 0.8.2 21 13-12-01 goetz Y Y Y Y 1 Grüße Götz

2 1

ngIRCd on NetBSD 1.5.2: -o-
by Götz Hoffart 03 Dec '13

03 Dec '13

Works (I can connect with clients), but checks fail: ngIRCd 21 has been configured with the following options: Host: i386-unknown-netbsdelf1.5.2 Compiler: gcc Compiler flags: -g -O2 -pipe -W -Wall -Wpointer-arith -Wstrict-prototypes -DSYSCONFDIR='"$(sysconfdir)"' -DDOCDIR='"$(docdir)"' Libraries: -lz 'ngircd' binary: /usr/local/sbin Configuration file: /usr/local/etc Manual pages: /usr/local/share/man Documentation: /usr/local/share/doc/ngircd Syslog support: yes Enable debug code: no zlib compression: yes IRC sniffer: no Use TCP Wrappers: no Strict RFC mode: no IDENT support: no IRC+ protocol: yes IPv6 protocol: no I/O backend: poll() PAM support: no SSL support: no libiconv support: no the executable works ("runs") as expected --+ tests run successfully ("make check") --+ | ngIRCd compiles ("make") --+ | | ./configure works --+ | | | | | | | Platform Compiler ngIRCd Date Tester C M T R * --------------------------- ------------ ---------- -------- -------- - - - - - i386/unknown/netbsdelf1.5.2 egcs-1.1.2 21 13-11-25 goetz Y Y N Y # uname -a NetBSD 1.5.2 NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001 he@hamster.urc.uninett.no:/usr/src/sys/arch/i386/compile/GENERIC i386

2 1

ngircd build failure on raspbian
by peter green 02 Dec '13

02 Dec '13

I run a debian derivative called raspbian aimed primerally at the raspberry pi. While building ngircd on the raspbian jessie autobuilders I got a testsuite failure with an explicit request to report to this email address, so I am doing so. running misc-test ... failure! FAIL: misc-test <--snip--> running who-test ... failure! FAIL: who-test <--snip--> =========================================== 2 of 16 tests failed Please report to ngircd-ml(a)ngircd.barton.de =========================================== The full log is available at http://buildd.raspbian.org/status/fetch.php?pkg=ngircd&arch=armhf&ver=21-1&…

2 2

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

ngIRCd Users December 2013