[GLLUG] irssi and ssl

John Edwards john at cornerstonelinux.co.uk
Mon Nov 15 14:58:23 UTC 2021 

Hi Henrik

On Mon, Nov 15, 2021 at 02:38:56PM +0000, Henrik Morsing via GLLUG wrote:
> 
> Hi all,
> 
> My ISP started enforcing SSL on their IRC channel, and I have not been able to connect since. I get:
> 
> 14:33 -!- Irssi: warning Could not verify TLS servers certificate: unable to get local
>           issuer certificate
> 
> Lots of Googling says a "Certificate bundle" is missing from /etc/ssl/certs. I've copied the file people mention from /usr/share (from memory) to /etc/ssl/certs. /etc/openssl.conf also mentions /etc/ssl/certs, so looks right.
> 
> Still not working. Found another discussion where people says to run openssl
> to pull the certificate from the IRC server and save it in a file and use
> that. Doesn't work either.
> 
> I may not be entirely clear on what the certificate is for. There is a big difference between a cerificate coming with the OS and one you get from the server you are connection to.
> 
> Any ideas? This is on Debian, anyone here use Debian and irssi -ssl? I also tried adding -ssl_capath (or something similar, mentioned in a discussion), but that didn't help either.
> 
> Regards,
> Henrik Morsing

Been a long time since I've used IRC and never with SSL, but I wonder
if you have tired to verify the SSL certificate outside of irssi?

You could try the OpenSSL s_client command:
	openssl s_client -connect localhost:443

It has lots of little fiddly command line switches about verification
and certificate trust ('man s_client' for the gory details). It might
help you separate out if the problem is with irssi, OpenSSL, your
certificate store, the remote certificate, or the verification process.


-- 
#---------------------------------------------------------#
|    John Edwards   Email: john at cornerstonelinux.co.uk    |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20211115/e25c703b/attachment.sig>

More information about the GLLUG mailing list