Project

General

Profile

Client-Core SSL support » History » Version 2

seezer, 07/02/2009 06:46 PM

1 1 seezer
h1. Client-Core SSL support
2 1 seezer
3 2 seezer
If you wish to setup an SSL connection between the core and client, you must have compiled both with the "-DWITH_OPENSSL=ON" cmake option.
4 2 seezer
In case you use a binary version, verify that it was built with SSL support.
5 1 seezer
6 2 seezer
You don't know where to look for whether SSL support is available in your core?
7 2 seezer
8 2 seezer
>Start your core once and look out for warnings like:
9 2 seezer
<pre>Warning: SslServer: Certificate file /home/quassel/.config/quassel-irc.org/quasselCert.pem does not exist
10 2 seezer
Warning: SslServer: Unable to set certificate file
11 2 seezer
Quassel Core will still work, but cannot provide SSL for client connections.</pre>
12 2 seezer
13 2 seezer
Then you need to generate a certificate file to be used for the connections.
14 2 seezer
As the user that starts quassel-core, issue something like the following command on the server running the core:
15 2 seezer
16 2 seezer
*Version 0.4 and later*
17 2 seezer
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.config/quassel-irc.org/quasselCert.pem -out ~/.config/quassel-irc.org/quasselCert.pem</pre>
18 2 seezer
>You might use a different configuration directory. Check if your core gets started with the --configdir command-line option.
19 2 seezer
20 1 seezer
*Version before 0.4*
21 1 seezer
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.quassel/quasselCert.pem -out ~/.quassel/quasselCert.pem</pre>
22 1 seezer
>The "~/.quassel/" directory may differ if the --datadir option was specified for quasselcore.
23 1 seezer
24 1 seezer
25 1 seezer
Note that Kubuntu packages for Jaunty (9.04) and later do this step for you.
26 1 seezer
27 1 seezer
Start the core and select SSL in your Client as shown below: