egghelp/eggheads community Discussion of eggdrop bots, shell accounts and tcl scripts. 2021-08-15T19:13:23-04:00 https://forum.eggheads.org/app.php/feed/topic/20684 2019-11-05T19:20:19-04:00 2019-11-05T19:20:19-04:00 https://forum.eggheads.org/viewtopic.php?p=107921#p107921 <![CDATA[Re: eggdrop 1.8.4 no connect whit SSL]]>
...
Tcl error in file 'eggdrop.conf':
invalid command name "certificate"
while executing
"certificate verification will not work."
(file "eggdrop.conf" line 270)
* CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
...
Let's start with just this much.


In the text that you provided in your post, from your eggdrop.conf, is:
# Specify the location at which CA certificates for verification purposes
# are located. These certificates are trusted. If you don't set this,
certificate verification will not work.
See the problem?

There is no # as the first character on the last line that I quoted, to make that line a comment line.
Therefore, it is an active line, and eggdrop tries to read it - and obviously chokes on it.

My guess is that you accidentally deleted the original # that was there. Put it back.

Then see what happens then.

I hope this helps.

Statistics: Posted by willyw — Tue Nov 05, 2019 7:20 pm

]]> 2021-08-15T19:13:23-04:00 2019-11-05T17:57:27-04:00 https://forum.eggheads.org/viewtopic.php?p=107920#p107920 <![CDATA[eggdrop 1.8.4 no connect whit SSL]]>

I can't get my eggdrop 1.8.4 to work with ssl.

I'm screwing something up but I don't understand what.
who can help me with a step by step procedure?[/b]



I tried to delete everything and start again and now it gives me this error:

Tcl error in file 'eggdrop.conf':
invalid command name "certificate"
while executing
"certificate verification will not work."
(file "eggdrop.conf" line 270)
* CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
Lory@vps7382:~/eggdrop$ Tcl error in file 'eggdrop.conf':
No command 'Tcl' found, did you mean:
Command 'mcl' from package 'mcl' (universe)
Command 'cl' from package 'cl-launch' (universe)
Command 'ccl' from package 'cclive' (universe)
Command 'ecl' from package 'ecl' (universe)
Command 'ncl' from package 'ncl-ncarg' (universe)
Command 'gcl' from package 'gcl' (universe)
Tcl: command not found
aktarus@vps738288:~/eggdrop$ invalid command name "certificate"
invalid: command not found
lory@vps7382:~/eggdrop$ while executing
> "certificate verification will not work."
> (file "eggdrop.conf" line 270)
> * CONFIG FILE NOT LOADED (NOT FOUND, OR ERROR)
-bash: syntax error near unexpected token `('
Lory@vps7382:~/eggdrop$





to say that I don't even know if l eggdrop.conf is well configured in the "SSL setting" department


this is my eggdrop.conf


##### SSL SETTINGS #####

# Settings in this section take effect when eggdrop is compiled with TLS
# support.

# File containing your private key, needed for the SSL certificate
# (see below). You can create one issuing the following command:
#
# openssl genrsa -out eggdrop.key 2048
#
# It will create a 2048 bit RSA key, strong enough for eggdrop.
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-privatekey "eggdrop1.key"

# Specify the filename where your SSL certificate is located. If you
# don't set this, eggdrop will not be able to act as a server in SSL
# connections, as with most ciphers a certificate and a private key
# are required on the server side. Must be in PEM format.
# If you don't have one, you can create it using the following command:
#
# openssl req -new -key eggdrop.key -x509 -out eggdrop.crt -days 365
#
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-certificate "eggdrop1.crt"

# Sets the maximum depth for the certificate chain verification that will
# be allowed for ssl. When certificate verification is enabled, any chain
# exceeding this depth will fail verification.
#set ssl-verify-depth 9

# Specify the location at which CA certificates for verification purposes
# are located. These certificates are trusted. If you don't set this,
certificate verification will not work.

set ssl-capath "/etc/ssl/certs/"
set ssl-cafile "/etc/ssl/certs/CA.pem"

#set ssl-cafile ""

# Specify the list of ciphers (in order of preference) allowed for use with
# ssl. The cipher list is one or more cipher strings separated by colons,
# commas or spaces. Unavailable ciphers are silently ignored unless no useable
# cipher could be found. For the list of possible cipher strings and their
# meanings, please refer to the ciphers(1) manual.
# Note: if you set this, the value replaces any ciphers OpenSSL might use by
# default. To include the default ciphers, you can put DEFAULT as a cipher
# string in the list.
# For example:
#
set ssl-ciphers "DEFAULT ADH"
#
# This will make eggdrop allow the default OpenSSL selection plus anonymous
# DH ciphers.
#
set ssl-ciphers "ALL"
#
# This will make eggdrop allow all ciphers supported by OpenSSL, in a
# reasonable order.
set ssl-ciphers "DEFAULT ADH"

# Enable certificate authorization. Set to 1 to allow users and bots to
# identify automatically by their certificate fingerprints. Setting it
# to 2 to will force fingerprint logins. With a value of 2, users without
# a fingerprint set or with a certificate UID not matching their handle
# won't be allowed to login on SSL enabled telnet ports. Fingerprints
# must be set in advance with the .fprint and .chfinger commands.
# NOTE: this setting has no effect on plain-text ports.
set ssl-cert-auth 2

# You can control SSL certificate verification using the following variables.
# All of them are flag-based. You can set them by adding together the numbers
# for all exceptions you want to enable. By default certificate verification
# is disabled and all certificates are assumed to be valid. The numbers are
# the following:
#
# Enable certificate verification - 1
# Allow self-signed certificates - 2
# Don't check peer common or alt names - 4
# Allow expired certificates - 8
# Allow certificates which are not valid yet - 16
# Allow revoked certificates - 32
# A value of 0 disables verification.

# Control certificate verification for DCC chats (only /dcc chat botnick)
set ssl-verify-dcc 1

# Control certificate verification for linking to hubs
#set ssl-verify-bots 0

# Control cerfificate verification for SSL listening ports. This includes
# leaf bots connecting, users telneting in and /ctcp bot chat.
set ssl-verify-clients 1

Statistics: Posted by Suratka — Tue Nov 05, 2019 5:57 pm

]]>