Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HOPM doesn't respect 'tls_hostname_verification' setting #43

Closed
TehPeGaSuS opened this issue Feb 1, 2021 · 3 comments
Closed

HOPM doesn't respect 'tls_hostname_verification' setting #43

TehPeGaSuS opened this issue Feb 1, 2021 · 3 comments
Labels
invalid

Comments

@TehPeGaSuS
Copy link

TehPeGaSuS commented Feb 1, 2021
edited
Loading

On my IRCd (UnrealIRCd), I've tried to connect HOPM via localhost + ssl.

HOPM refuses to connect with the error below, even with tls_hostname_verification = no;.

[2021-02-01T22:49:10+0000] CONFIG -> Loading /home/unrealircd/hopm/etc/hopm.conf
[2021-02-01T22:49:10+0000] IRC -> Attempting to connect to 127.0.0.4[127.0.0.4]:6697
[2021-02-01T22:49:10+0000] IRC -> connect(): error performing TLS handshake with 127.0.0.4: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
[2021-02-01T22:49:10+0000] IRC -> Connection to (127.0.0.4) failed, reconnecting.
[2021-02-01T22:56:24+0000] MAIN -> HOPM TRUNK started.

Bug or some configuration setting that I'm overlooking?
@TehPeGaSuS TehPeGaSuS changed the title HOPM doesn't respect tls_hostname_verification setting HOPM doesn't respect 'tls_hostname_verification' setting Feb 1, 2021
@Adam-
Copy link
Member

Adam- commented Feb 2, 2021

tls_hostname_verification verifies that the served certificate matches the hostname you are connecting to. Regardless of that setting it will check the validity of the remote cert though (eg. issued by a trusted CA), which is what this error is.

@TehPeGaSuS
Copy link
Author

Would it be possible to add an option probably named tls_certificate_verify, so that HOPM can ignore the certificate validity?

I know this is a very specific usecase but I believe that it would be helpful for others.

Cheers

@miwob
Copy link
Member

miwob commented Feb 2, 2021

Yes, this is already planned.

@miwob miwob closed this as completed Feb 2, 2021
@miwob miwob added the invalid label Feb 2, 2021
Adam- pushed a commit that referenced this issue Feb 3, 2021
- Add irc::tls_disable_certificate_verification configuration optio…
0370366 
…n as requested in github issue #43

git-svn-id: svn://svn.ircd-hybrid.org/svnroot/hopm/trunk@9920 82007160-df01-0410-b94d-b575c5fd34c7
Adam- pushed a commit that referenced this issue Jun 14, 2021
- Add irc::tls_disable_certificate_verification configuration optio…
93ef9a1 
…n as requested in github issue #43

git-svn-id: svn://svn.ircd-hybrid.org/svnroot/hopm/branches/1.1.x@9919 82007160-df01-0410-b94d-b575c5fd34c7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Adam- @miwob @TehPeGaSuS