View Issue Details

IDProjectCategoryView StatusLast Update
0004679unrealircdpublic2017-09-09 16:19
ReportersyzopAssigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.0.3.1 
Target VersionFixed in Version4.0.10 
Summary0004679: allow SSL certificates per-port
DescriptionSuggestion from GTAXL: allow one to specify an SSL certificate for ports, eg: a serversonly port. This so you can use a long-lived self-signed certificate on server linking ports, and use short-lived letsencrypt SSL certificates on other ports.
(Naturally then you need the same in link { } outgoing...)

It would be one way to solve the problem letsencrypt creates with regards to using certificates for server linking. Not entirely sure if it's the best one. It's safer than falling back to IP blocks and passwords at least.
TagsNo tags attached.
3rd party modules

Activities

syzop

2016-12-29 08:40

administrator   ~0019576

Last edited: 2016-12-29 08:40

View 2 revisions

Massive amount of work but... done.
https://github.com/unrealircd/unrealircd/commit/aae0971cf497a2837970109026824edeced8c251

commit aae0971cf497a2837970109026824edeced8c251
Author: Bram Matthys <syzop@vulnscan.org>
Date: Thu Dec 29 08:37:15 2016 +0100

    Add the ability to set specific ssl options in listen blocks and link blocks.
    This allows you to for example specify a specific certificate/key on an
    serversonly port and in link block (a self-signed 10 year valid certificate)
    and use a short-lived (XX day) Let's Encrypt certificate on the other ports.
    And several other uses, of course.


Will write a wiki article on let's encrypt...

Issue History

Date Modified Username Field Change
2016-05-09 17:42 syzop New Issue
2016-12-29 08:40 syzop Assigned To => syzop
2016-12-29 08:40 syzop Status new => resolved
2016-12-29 08:40 syzop Resolution open => fixed
2016-12-29 08:40 syzop Fixed in Version => 4.0.10
2016-12-29 08:40 syzop Note Added: 0019576
2016-12-29 08:40 syzop Note Edited: 0019576 View Revisions