[ngIRCd-ML] Support fir OpenSSL CipherList

lists at packetmail.net lists at packetmail.net
Sat Sep 7 18:19:06 CEST 2013


On 09/07/2013 05:00 AM, ngircd-ml-request at arthur.barton.de wrote:
> Hi, 
> 
>   I attached a fix for the last patch.
>   - important: verifying CipherLists are applied successfully
>   - if SSL initialization failes, daemon should exit and not run without SSL
> 
>   Q: Is it welcome to provide patches on the ML?

I certainly appreciate you taking the time to write the patch, correct it, and
share it again.  This is a feature that I am very happy to see implemented and I
thank you for taking the time to do this and share with the community.

It seems I still have the same issue with the latest patch on ngircd-20.3 --

# patch -p0 < ../ngircd_ssl_cipherlist.patch
patching file ./doc/sample-ngircd.conf.tmpl
Hunk #1 succeeded at 237 (offset -23 lines).
patching file ./src/ngircd/conf.c
Hunk #1 succeeded at 106 (offset -11 lines).
Hunk #2 succeeded at 431 (offset -15 lines).
Hunk #3 succeeded at 1842 with fuzz 2 (offset -32 lines).
patching file ./src/ngircd/conf.h
patching file ./src/ngircd/conn-ssl.c
Hunk #1 succeeded at 275 with fuzz 1 (offset -28 lines).
patching file ./src/ngircd/ngircd.c
Hunk #1 succeeded at 671 (offset -2 lines).

# Log
Sep  7 11:15:47 localhost ngircd[27467]: /usr/local/etc/ngircd.conf, line 166
(section "SSL"): Unknown variable "CipherList"!
Sep  7 11:15:47 localhost ngircd[27467]: ngIRCd
20.3-IPv6+IRCPLUS+SSL+SYSLOG+ZLIB-i686/pc/linux-gnu started.
Sep  7 11:15:47 localhost ngircd[27467]: Using configuration file
"/usr/local/etc/ngircd.conf" ...
Sep  7 11:15:47 localhost ngircd[27467]: Configuration option "DHFile" not set!
Sep  7 11:15:47 localhost ngircd[27467]: SSL using default CipherList
Sep  7 11:15:47 localhost ngircd[27467]: OpenSSL 1.0.1 14 Mar 2012 initialized.

# grep -B 10 "CipherList" /usr/local/etc/ngircd.conf

        # password to decrypt SSLKeyFile (OpenSSL only)
        ;KeyFilePassword = secret

        # SSL Server Key Certificate
        CertFile = /etc/apache2/ssl/ssl.crt

        # Diffie-Hellman parameters
        ;DHFile = /usr/local/etc/ngircd/ssl/dhparams.pem

        # SSL_CipherList.patch, Sep 06 2013
        CipherList = ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Thanks,
Nathan Fowler







More information about the ngIRCd-ML mailing list