New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls handshake failure #972
Comments
Check your certificate. You can try: /set irc.server..ssl_verify off Better /join #weechat channel |
Hi, This is not a bug, but the expected behavior. When the certificate is not trusted (in your case the issuer is unknown), WeeChat refuses to connect. |
@flashcode https://www.archlinux.org/news/ca-certificates-utils-20170307-1-upgrade-requires-manual-intervention/ ever since upgrade weechat has the handshake issue.... |
Then please check that the option |
@flashcode https://i.imgur.com/APN7shK.png changed path to /etc/ca-certificates/extracted/ca-bundle.trust.crt and still get the handshake error |
Are you sure this is the good file to use with this option? |
So I can close this issue? |
@flashcode Yeah pls close... Thxs everyone for the feedback!! |
I have the same issue in Arch and FreeBSD 11.4, guess this hasn't been fixed? |
As already said, its not a weechat issue but a problem with the certificates installed on your machine. |
I'm seeing this despite setting ssl_verify off |
@HomingHamster : with |
So, for Linux distros, there is a ca-certificates package that is usually installed by default. It installs certs (for Debian at least) to If you take a look in the directory where the certs are installed (e.g., /etc/ssl/certs), there is a file called ca-certificates.crt. You want to add that file so Weechat knows about it. You can do this by setting an environment variable as @flashcode mentioned earlier:
Turn SSL verification back on if you disabled it. NOTE: A little more work is required for FreeBSD users. See https://freenode.net/kb/answer/chat. |
FYI I ran into this bug when I copied my weechat configs from a Centos host to a Debian host, and wanted to share what I found in case anyone else runs into this issue from Googling (as I did). On Centos my
This is correct on Centos/Fedora, but not right on Debian. In fact, the default value for |
Its not a bug, its a warning ;-) This is lot easier: |
I had the same problem on openSUSE. The documentation of the distribution advises NOT to use paths in the application. Such paths can change from distribution to distribution. In fact my configuration was working on Void Linux and failed on openSUSE. This is what I found in one of the files.
So it seems weechat configuration could be made to work on any distribution by calling to the gnutls helper function? @weechatter do you know if this has been considered? |
@protoboolean: interesting, I'll make tests with this GnuTLS function and use it if it works fine. So we could have this behavior:
|
Changes actually made:
|
On macOS: |
@flashcode https://weechat.org/files/doc/devel/weechat_faq.en.html#irc_ssl_connection still points to _file |
@comradekingu: yes, this is for WeeChat ≤ 3.1, as mentioned in the sentence above. This must be removed eventually, perhaps it's time to do it. |
22:58 =!= gnutls: peer's certificate is NOT trusted
22:58 =!= gnutls: peer's certificate issuer is unknown
22:58 =!= irc: TLS handshake failed
22:58 =!= irc: error: Error in the certificate.
The text was updated successfully, but these errors were encountered: