View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006028 | unreal | ircd | public | 2021-12-19 12:35 | 2021-12-19 13:09 |
| Reporter | LesterClayton | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Product Version | 6.0.0 | ||||
| Summary | 0006028: Unreal configtest validates against hard-coded filenames | ||||
| Description | When doing an "unrealircd configtest", validation will fail if you do not have tls files with the hard coded name "server.cert.pem" (and possibly also server.key.pem), and an error is thrown as shown under "Additional Information" Workaround: copy your certificate file to be "server.cert.pem", and place in the correct location. Possible other workaround: Manually change "unrealircd" script to use the correct filename, as that is where it is hard coded. | ||||
| Steps To Reproduce | When compiling unrealircd say no to generating certificate files. Copy certificate files generated by third party (in my case, certbot) into conf/tls folder, and then specify those filenames in your listen block, as shown below. listen { ip *; port 6697; options { tls; } tls-options { certificate "tls/fullchain.pem"; key "tls/privkey.pem"; }; } | ||||
| Additional Information | tl@ns3114080:~/unrealircd$ ./unrealircd configtest _ _ _ ___________ _____ _ | | | | | |_ _| ___ \/ __ \ | | | | | |_ __ _ __ ___ __ _| | | | | |_/ /| / \/ __| | | | | | '_ \| '__/ _ \/ _` | | | | | / | | / _` | | |_| | | | | | | __/ (_| | |_| |_| |\ \ | \__/\ (_| | \___/|_| |_|_| \___|\__,_|_|\___/\_| \_| \____/\__,_| v6.0.0 UnrealIRCd is brought to you by Bram Matthys (Syzop), Krzysztof Beresztant (k4be), Gottem and i Using the following libraries: * OpenSSL 1.1.1f 31 Mar 2020 * libsodium 1.0.18 * c-ares 1.15.0 * PCRE2 10.34 2019-11-21 This server can handle 16384 concurrent sockets (16376 clients + 8 reserve) [info] Loading IRCd configuration.. [info] Testing IRCd configuration.. [error] Failed to load TLS certificate /home/tl/unrealircd/conf/tls/server.cert.pem [error] error:02001002:system library:fopen:No such file or directory [error] error:20074002:BIO routines:file_ctrl:system lib [error] error:140DC002:SSL routines:use_certificate_chain_file:system lib [info] Configuration loaded [error] Failed to load TLS certificate /home/tl/unrealircd/conf/tls/server.cert.pem [error] error:02001002:system library:fopen:No such file or directory [error] error:20074002:BIO routines:file_ctrl:system lib [error] error:140DC002:SSL routines:use_certificate_chain_file:system lib [error] Failed to load TLS (see errors above). UnrealIRCd can not start. tl@ns3114080:~/unrealircd$ tl@ns3114080:~/unrealircd$ ls conf/tls/ -al total 224 drwx------ 2 tl tl 4096 Dec 19 11:17 . drwx------ 6 tl tl 4096 Dec 19 11:21 .. -rw------- 1 tl tl 208065 Dec 19 10:40 curl-ca-bundle.crt -rw-r--r-- 1 tl tl 5592 Dec 19 11:17 fullchain.pem -rw------- 1 tl tl 1708 Dec 19 11:17 privkey.pem tl@ns3114080:~/unrealircd$ | ||||
| 3rd party modules | |||||
|
|
If you want to use different files/paths for the TLS certificate and key, and really don't use the default certificate/key path, then you have to change the set::tls block: https://www.unrealircd.org/docs/Set_block#set::tls::certificate (and further) The TLS certificate and key (and ca bundle) is not only used in the listen block. It is also used for outgoing connections etc. So if you really only want to use the certificate/key that you mentioned, then I suggest removing the items from the listen::tls-options and just putting them in set::tls. That way they will be used for everything: listen, link, etc. |
|
|
Yes, adding it here works all good - thank you. Sorry for false alarm :) |
|
|
Good! And no problem :) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-12-19 12:35 | LesterClayton | New Issue | |
| 2021-12-19 12:58 | syzop | Note Added: 0022261 | |
| 2021-12-19 12:58 | syzop | Note Edited: 0022261 | |
| 2021-12-19 13:03 | LesterClayton | Note Added: 0022262 | |
| 2021-12-19 13:05 | syzop | Assigned To | => syzop |
| 2021-12-19 13:05 | syzop | Status | new => closed |
| 2021-12-19 13:05 | syzop | Resolution | open => no change required |
| 2021-12-19 13:05 | syzop | Note Added: 0022263 | |
| 2021-12-19 13:09 | syzop | Note Edited: 0022263 |
