[GLLUG] irssi and ssl
John Edwards
john at cornerstonelinux.co.uk
Mon Nov 15 14:58:23 UTC 2021
Hi Henrik
On Mon, Nov 15, 2021 at 02:38:56PM +0000, Henrik Morsing via GLLUG wrote:
>
> Hi all,
>
> My ISP started enforcing SSL on their IRC channel, and I have not been able to connect since. I get:
>
> 14:33 -!- Irssi: warning Could not verify TLS servers certificate: unable to get local
> issuer certificate
>
> Lots of Googling says a "Certificate bundle" is missing from /etc/ssl/certs. I've copied the file people mention from /usr/share (from memory) to /etc/ssl/certs. /etc/openssl.conf also mentions /etc/ssl/certs, so looks right.
>
> Still not working. Found another discussion where people says to run openssl
> to pull the certificate from the IRC server and save it in a file and use
> that. Doesn't work either.
>
> I may not be entirely clear on what the certificate is for. There is a big difference between a cerificate coming with the OS and one you get from the server you are connection to.
>
> Any ideas? This is on Debian, anyone here use Debian and irssi -ssl? I also tried adding -ssl_capath (or something similar, mentioned in a discussion), but that didn't help either.
>
> Regards,
> Henrik Morsing
Been a long time since I've used IRC and never with SSL, but I wonder
if you have tired to verify the SSL certificate outside of irssi?
You could try the OpenSSL s_client command:
openssl s_client -connect localhost:443
It has lots of little fiddly command line switches about verification
and certificate trust ('man s_client' for the gory details). It might
help you separate out if the problem is with irssi, OpenSSL, your
certificate store, the remote certificate, or the verification process.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20211115/e25c703b/attachment.sig>
More information about the GLLUG
mailing list