Hi,
I'm having problems compiling ngIRCd 21 with Open Watcom 1.9. I’ve gotten so far that the compiler is recognized and accepted by autoconf 2.67 [1], but it fails shortly after that:
<https://s1.hoffart.de/temp/ngircd-21-on-watcom.txt>
I searched for the given error message, but it seems to be known since 2003 and a lot of different explanations, not necessarily Watcom-related. Should I search for Open Watcom specific problems or should I stay here with that problem?
[1]: Machine: x86_64, Debian GNU/Linux 6.x, newest patchlevel
Regards
Götz
--
③rz :: Regionales Retro-Rechenzentrum, Freiburg :: http://www.3rz.org
Für Freunde außer-gewöhnlicher elektronischer Datenverarbeitung
Hello gentlemen,
I am trying to set up a 2 node ngIRCd cluster.
Clients can connect to both nodes with SSL enabled (tested with irssi or znc), but the 2 servers does not want to talk together : SSL error: Could not negotiate a supported cipher suite. [gnutls_handshake]
Packages version :
libgnutls26 2.12.23-1ubuntu1.1
ngircd 21-1
Here is my configurations :
IRC0 :
[SSL]
CertFile = /etc/ngircd/irc0_crt.pem
DHFile = /etc/ngircd/dh.pem
KeyFile = /etc/ngircd/irc0_privatekey.pem
Ports = 50799
[Server]
Name = irc2.xxx.net
Host = irc2.xxx.net
Port = 50799
PeerPassword = toto
MyPassword = tata
SSLConnect = yes
Group = 1
IRC2 :
[SSL]
CertFile = /etc/ngircd/irc2_crt.pem
DHFile = /etc/ngircd/dh.pem
KeyFile = /etc/ngircd/irc2_privatekey.pem
Ports = 50799
[Server]
Name = irc0. xxx.net
Host = irc0. xxx.net
Port = 50799
Passive = yes
MyPassword = tata
PeerPassword = toto
SSLConnect = yes
Group = 1
And the log messages :
IRC0 :
Dec 2 17:42:43 maxwell ngircd[23501]: /etc/ngircd/ngircd.conf: line 148: "Ident = yes", but ngircd was built without IDENT support!
Dec 2 17:42:43 maxwell ngircd[23501]: Can't read help text file "/usr/share/doc/ngircd/Commands.txt": No such file or directory
Dec 2 17:42:43 maxwell ngircd[23501]: No help text available, HELP command will be of limited use.
Dec 2 17:42:43 maxwell ngircd[23501]: ngIRCd 21-IPv6+IRCPLUS+SSL+SYSLOG+ZLIB-i686/pc/linux-gnu started.
Dec 2 17:42:43 maxwell ngircd[23501]: Using configuration file "/etc/ngircd/ngircd.conf" ...
Dec 2 17:42:43 maxwell ngircd[23501]: GnuTLS 2.12.23 initialized.
Dec 2 17:42:43 maxwell ngircd[23502]: Running as user irc(39), group irc(39), with PID 23502.
Dec 2 17:42:43 maxwell ngircd[23502]: Not running with changed root directory.
Dec 2 17:42:43 maxwell ngircd[23502]: IO subsystem: epoll (hint size 100, initial maxfd 100, masterfd 4).
Dec 2 17:42:43 maxwell ngircd[23502]: Created pre-defined channel "#hnng".
Dec 2 17:42:43 maxwell ngircd[23502]: Now listening on [0::]:50799 (socket 8).
Dec 2 17:42:43 maxwell ngircd[23502]: Now listening on [0.0.0.0]:50799 (socket 9).
Dec 2 17:42:44 maxwell ngircd[23502]: Preparing to establish a new server link for "irc2.xxx.net" ...
Dec 2 17:42:44 maxwell ngircd[23502]: Establishing connection for "irc2.xxx.net" to "irc2.xxx.net:50799 » (—.—.—.—), socket 10 ...
Dec 2 17:42:44 maxwell ngircd[23502]: SSL error: A TLS packet with unexpected length was received. [gnutls_handshake].
Dec 2 17:42:44 maxwell ngircd[23502]: SSL connection on socket 10 failed!
Dec 2 17:42:44 maxwell ngircd[23502]: Shutting down connection 10 (Can't connect) with "irc2.xxx.net:50799" ...
Dec 2 17:42:44 maxwell ngircd[23502]: Client unregistered (connection 10): Can't connect.
Dec 2 17:42:44 maxwell ngircd[23502]: Connection 10 with "irc2.xxx.net:50799" closed (in: 0.0k, out: 0.0k).
IRC2:
Dec 2 17:43:01 ampere ngircd[28153]: Accepted connection 15 from "—.—.—.—:38933" on socket 9.
Dec 2 17:43:01 ampere ngircd[28153]: SSL error: Could not negotiate a supported cipher suite. [gnutls_handshake].
Dec 2 17:43:01 ampere ngircd[28153]: Shutting down connection 15 (SSL accept error, closing socket) with "—.—.—.—:38933" ...
Dec 2 17:43:01 ampere ngircd[28153]: Client unregistered (connection 15): SSL accept error, closing socket.
Dec 2 17:43:01 ampere ngircd[28153]: Connection 15 with "—.—.—.—:38933" closed (in: 0.0k, out: 0.0k).
Thanks in advance for your help.
--
Nicolas
Hello,
A couple of months ago, I started searching for a well-maintained IRC
server that I could use as a basis for internal use at my organization. We
are fairly security-conscious and we needed a solid server that supported
SSL and PAM authentication. So, first - thanks for the great work you all
are doing.
We had a couple of other requirements, especially if we were going to
expose the port on an externally-accessible address. The first was to
allow only authorized connections from clients who presented a valid SSL
certificate. This is the first half of the patch. If linked with GNUTLS,
the patch will allow the admin to limit connections to clients that present
a valid cert, signed by a valid CA in the server cert's chain of trust. It
also supports revocation lists.
Second is the addition of a new caching process called authcache. We wire
up authentication through PAM and on to an one-time password
infrastructure. We chose to do this since IRC clients don't bother trying
to keep that password protected... at all.. It is even written to the
client's history files in many cases. To shorten the window of opportunity
for exposed credentials, the user enters an OTP when authenticating.
Naturally, with the manner and frequency in which IRC clients disconnect
and reconnect, entering credentials repeatedly would be infuriating (and
impossible with most clients.) Authcache will create a token from the
hash of the original IRC name, source connection hostname/address, and if
SSL is enabled, the client certificate's hash, and store it in a table for
a user-configurable amount of time. This table is consulted when a new
connection is made and bypasses the internal authentication step if a
record is found. A user or admin directed logoff will clear the
connection's entry.
Known issues...
1. Requires GNUTLS 3.x. I chose to use newer methods for CRL and
verification checks. I would like to figure out what version of GNUTLS is
installed and call the appropriate methods, but this leads me into the next
item...
2. Lack of good Autoconf checks. As noted above, it requires GNUTLS 3.x.
I am sadly not familiar enough with autoconf to put together a robust means
of testing for that.
3. I have not yet written an equivalent CRL and Client cert check for
libssl.
4. No changes to your unit tests. I hang my head in shame...
I know there are a few items in that list that are solvable after some
research and fiddling (autoconf, libssl). I haven't had a chance to fix
those items yet - I hope to at some point, but who knows when. As you can
tell by the dates in the patchfile, I've been sitting on the changes for a
bit, hoping for time to get autoconf sorted out. Its been months, so I
figured I'd put the patches out there in case they are useful in this
configuration.
Again, thanks for an awesome server - I hope you find these patches as
useful as I have.
- Matt
ngIRCd 21 builds and works fine with nwcc:
ngIRCd 21 has been configured with the following options:
Host: x86_64-unknown-linux-gnu
Compiler: /opt/nwcc/bin/nwcc
Compiler flags: -g -DSYSCONFDIR='"$(sysconfdir)"' -DDOCDIR='"$(docdir)"'
Libraries: -lz
'ngircd' binary: /usr/local/sbin
Configuration file: /usr/local/etc
Manual pages: /usr/local/share/man
Documentation: /usr/local/share/doc/ngircd
Syslog support: yes Enable debug code: no
zlib compression: yes IRC sniffer: no
Use TCP Wrappers: no Strict RFC mode: no
IDENT support: no IRC+ protocol: yes
IPv6 protocol: no I/O backend: epoll(), select()
PAM support: no SSL support: no
libiconv support: no
the executable works ("runs") as expected --+
tests run successfully ("make check") --+ |
ngIRCd compiles ("make") --+ | |
./configure works --+ | | |
| | | |
Platform Compiler ngIRCd Date Tester C M T R *
--------------------------- ------------ ---------- -------- -------- - - - - -
x86_64/unknown/linux-gnu nwcc 0.8.2 21 13-12-01 goetz Y Y Y Y 1
Grüße
Götz
Works (I can connect with clients), but checks fail:
ngIRCd 21 has been configured with the following options:
Host: i386-unknown-netbsdelf1.5.2
Compiler: gcc
Compiler flags: -g -O2 -pipe -W -Wall -Wpointer-arith -Wstrict-prototypes -DSYSCONFDIR='"$(sysconfdir)"' -DDOCDIR='"$(docdir)"'
Libraries: -lz
'ngircd' binary: /usr/local/sbin
Configuration file: /usr/local/etc
Manual pages: /usr/local/share/man
Documentation: /usr/local/share/doc/ngircd
Syslog support: yes Enable debug code: no
zlib compression: yes IRC sniffer: no
Use TCP Wrappers: no Strict RFC mode: no
IDENT support: no IRC+ protocol: yes
IPv6 protocol: no I/O backend: poll()
PAM support: no SSL support: no
libiconv support: no
the executable works ("runs") as expected --+
tests run successfully ("make check") --+ |
ngIRCd compiles ("make") --+ | |
./configure works --+ | | |
| | | |
Platform Compiler ngIRCd Date Tester C M T R *
--------------------------- ------------ ---------- -------- -------- - - - - -
i386/unknown/netbsdelf1.5.2 egcs-1.1.2 21 13-11-25 goetz Y Y N Y
# uname -a
NetBSD 1.5.2 NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001 he@hamster.urc.uninett.no:/usr/src/sys/arch/i386/compile/GENERIC i386
I run a debian derivative called raspbian aimed primerally at the
raspberry pi.
While building ngircd on the raspbian jessie autobuilders I got a
testsuite failure with an explicit request to report to this email
address, so I am doing so.
running misc-test ... failure!
FAIL: misc-test
<--snip-->
running who-test ... failure!
FAIL: who-test
<--snip-->
===========================================
2 of 16 tests failed
Please report to ngircd-ml(a)ngircd.barton.de
===========================================
The full log is available at
http://buildd.raspbian.org/status/fetch.php?pkg=ngircd&arch=armhf&ver=21-1&…