Client-Core SSL support » History » Version 2
Version 1 (seezer, 07/02/2009 06:21 PM) → Version 2/15 (seezer, 07/02/2009 06:46 PM)
h1. Client-Core SSL support
If you wish to setup an SSL connection between the core and client, you must have compiled both with the "-DWITH_OPENSSL=ON" cmake option.
In case you use Generate a binary version, verify that it was built key with SSL support.
You don't know where to look for whether SSL support is available in your core?
>Start your core once and look out for warnings like:
<pre>Warning: SslServer: Certificate file /home/quassel/.config/quassel-irc.org/quasselCert.pem does not exist
Warning: SslServer: Unable to set certificate file
Quassel Core will still work, but cannot provide SSL for client connections.</pre>
Then you need to generate a certificate file to be used for the connections.
As the user that starts quassel-core, issue something like the following command on the server running the core:
*Version 0.4 and later* before 0.4*
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.config/quassel-irc.org/quasselCert.pem ~/.quassel/quasselCert.pem -out ~/.config/quassel-irc.org/quasselCert.pem</pre> ~/.quassel/quasselCert.pem</pre>
>You might use a different configuration directory. Check >The "~/.quassel/" directory may differ if your core gets started with the --configdir command-line option. --datadir option was specified for quasselcore.
*Version before 0.4* 0.4 and later*
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.quassel/quasselCert.pem ~/.config/quassel-irc.org/quasselCert.pem -out ~/.quassel/quasselCert.pem</pre> ~/.config/quassel-irc.org/quasselCert.pem</pre>
>The "~/.quassel/" default config directory may differ if has changed in version 0.4 and the core's --datadir option was specified for quasselcore.
has been renamed to --configdir.
Note that Kubuntu packages for Jaunty (9.04) and later do this step for you.
Start the core and select SSL in your Client as shown below:
If you wish to setup an SSL connection between the core and client, you must have compiled both with the "-DWITH_OPENSSL=ON" cmake option.
In case you use Generate a binary version, verify that it was built key with SSL support.
You don't know where to look for whether SSL support is available in your core?
>Start your core once and look out for warnings like:
<pre>Warning: SslServer: Certificate file /home/quassel/.config/quassel-irc.org/quasselCert.pem does not exist
Warning: SslServer: Unable to set certificate file
Quassel Core will still work, but cannot provide SSL for client connections.</pre>
Then you need to generate a certificate file to be used for the connections.
As the user that starts quassel-core, issue something like the following command on the server running the core:
*Version 0.4 and later* before 0.4*
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.config/quassel-irc.org/quasselCert.pem ~/.quassel/quasselCert.pem -out ~/.config/quassel-irc.org/quasselCert.pem</pre> ~/.quassel/quasselCert.pem</pre>
>You might use a different configuration directory. Check >The "~/.quassel/" directory may differ if your core gets started with the --configdir command-line option. --datadir option was specified for quasselcore.
*Version before 0.4* 0.4 and later*
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.quassel/quasselCert.pem ~/.config/quassel-irc.org/quasselCert.pem -out ~/.quassel/quasselCert.pem</pre> ~/.config/quassel-irc.org/quasselCert.pem</pre>
>The "~/.quassel/" default config directory may differ if has changed in version 0.4 and the core's --datadir option was specified for quasselcore.
has been renamed to --configdir.
Note that Kubuntu packages for Jaunty (9.04) and later do this step for you.
Start the core and select SSL in your Client as shown below: