Feedback

type to search

Welcome

Wiki pages

Top 5 groups

Top 5 users

Recent badges

SheevaPlug + bip (irc proxy) + SSL=>error « mySSL_get_cert() SSL server supplied no certificate »

Asked by , Edited by klein_stephane

Hi,

I would like to install bip (irc proxy) on my SheevaPlug.

I need to connect to SSL irc server, here named "foobar", and I've this error :

root@sheevaplug:/usr/share/doc/bip# bip -n
15-08-2012 17:53:34 [freenode] Connecting user 'stephane' using server irc.freenode.net:8000
15-08-2012 17:53:34 [foobar] Connecting user 'stephane' using server irc.foobar.com:994
15-08-2012 17:53:35 WARNING: mySSL_get_cert() SSL server supplied no certificate !
15-08-2012 17:53:35 ERROR: No certificate in SSL write_socket
15-08-2012 17:53:35 WARNING: mySSL_get_cert() SSL server supplied no certificate !
15-08-2012 17:53:35 ERROR: No certificate in SSL write_socket
15-08-2012 17:53:35 WARNING: mySSL_get_cert() SSL server supplied no certificate !
15-08-2012 17:53:35 ERROR: No certificate in SSL write_socket
15-08-2012 17:53:35 SSL cert check: now at depth=0
15-08-2012 17:53:35 Subject: /CN=irc.foobar.com
15-08-2012 17:53:35 Issuer: /CN=irc.foobar.com
15-08-2012 17:53:35 ERROR: SSL cert check failed at depth=0: self signed certificate (18)
3065808080:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1166:
15-08-2012 17:53:35 ERROR: Certificate check failed: self signed certificate (18)!
15-08-2012 17:53:35 ERROR: Error on fd 5 (state 9)
15-08-2012 17:53:35 ERROR: [foobar] read_lines error, closing...
15-08-2012 17:53:35 ERROR: [foobar] reconnecting in 120 seconds

This is my "~/.bip/bip.conf" configuration file :

# vim:ft=bip:ts=2
# Auto-generated BIP IRC Proxy configuration Wed Aug 15 17:15:58 2012 
#
### Global options
log_system = true;
ip = "0.0.0.0";
log_sync_interval = 5;
port = 7778;
log_format = "%n/%Y-%m/%c.%d.log";
pid_file = "/root/.bip/bip.pid";
log_level = 3;
log_root = "/root/.bip/logs";
client_side_ssl = false;
log = true;

### Networks
network {
    name = "FreeNode";
    ssl = false;
    server {
        host = "irc.freenode.net";
        port = 8000;
    };
};

network {
    name = "foobar";
    ssl = true;
    server {
        host = "irc.foobar.com";
        port = 994;
    };
};

### Users
user {
    name = "stephane";
    password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
    ssl_check_mode = "ca";
    ssl_check_store="/etc/ssl/certs";
    default_nick = "stephane";
    default_user = "stephane";
    default_realname = "Stephane Klein";
    backlog = true;
    connection {
        name = "freenode";
        network = "freenode";
        follow_nick = true;
        ignore_first_nick = true;
        no_client_away_msg = "stephane";
        channel {
            name = "#python-fr";
        };

        channel {
            name = "#ubuntu";
        };

        channel {
            name = "#afpy";
        };

    };

    connection {
        name = "foobar";
        network = "foobar";
        password = "xxxxxxxxxxxxxxxxx";
        follow_nick = true;
        ignore_first_nick = true;
        no_client_away_msg = "stephane";
        channel {
            name = "#channel1";
        };

        channel {
            name = "#channel2";
        };

    };

};

Have you some idea to resolve my issue ?

Thanks for your help.

Best regards
Stephane

NN comments
or Cancel

1 answer

0

hadret [ Moderator ]

Well, the issue occurred because the SSL certificates used on the IRC proxy server you are trying to reach are “local” ones, that’s basically what self-signed means. If you would open website with such SSL certificates, you would have waring message displayed (but you would be able to force it to actually accept these certificates). If you trust this proxy server, you will need to firstly accept the SSL certificates before you will try to establish connection. You can find useful information regarding this case here: http://www.debian-administration.org/articles/284

NN comments
or Cancel

Your answer

Answer by email
You need to join Debian to complete this action, click here to do so.