View Issue Details

IDProjectCategoryView StatusLast Update
0006021unrealircdpublic2021-12-29 08:47
Reporterarcanefeenix Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status acknowledgedResolutionopen 
PlatformLinuxOSDebianOS Version11.1
Product Version6.0.0-rc2 
Summary0006021: spkifp command does not honor non-standard cert/key names/locations
DescriptionWhen running `./unrealircd spkifp`, it stated:

Could not open certificate: /home/csrv/unrealircd/conf/tls/server.cert.pem

With our setup, we have the cert/key in the same directory but it is not named the same. This was specified in the unrealircd.conf file with the set::tls::certificate and set::tls::key directives.

It seems like this value is either hardcoded or it is not reading the config first and accepting defaults.
Steps To ReproduceConfigure UnrealIRCd with the set::tls::certificate and set::tls::key directives pointing to different locations/filenames and run `./unrealircd spkifp`
Tagsconf, spkifp, SSL
3rd party modules

Relationships

has duplicate 0006040 closedsyzop ./unrealircd spkifp use default certificates 

Activities

syzop

2021-12-08 07:24

administrator   ~0022240

Last edited: 2021-12-08 07:25

Right now it doesn't parse the config file, in fact it doesn't run the unrealircd binary at all.. it uses openssl to generate the spkifp. So yeah.
Fortunately it clearly prints the file that the spkifp is generated for at the top, so that's good.

I'm going to leave it as a feature request for now.

Oh, and, just so you know, you can specify a file as an argument explicitly: ./unrealircd spkifp conf/tls/mynicecert.pem

arcanefeenix

2021-12-08 09:30

reporter   ~0022241

That is good to know. Maybe that can be added to the documentation as a workaround for now.

syzop

2021-12-28 18:33

administrator   ~0022310

Last edited: 2021-12-28 18:35

CrazyCat hit this issue as well in 0006040.

Until a final fix (which may not be soon) I have updated the documentation / output, which should help a lot. Thanks for that suggestion.

In current git, future 6.0.1, it now shows this:
$ ./unrealircd spkifp
NOTE: This script uses the default certificate location (any set::tls settings
are ignored). If this is not what you want then specify a certificate
explicitly via: ./unrealircd spkifp conf/tls/example.pem

[.. and then the regular output..]


Commit: https://github.com/unrealircd/unrealircd/commit/fa5526a44bc956ed6473c2316519225f0dad9dfd

Issue History

Date Modified Username Field Change
2021-12-07 04:42 arcanefeenix New Issue
2021-12-07 04:42 arcanefeenix Tag Attached: conf
2021-12-07 04:42 arcanefeenix Tag Attached: spkifp
2021-12-07 04:42 arcanefeenix Tag Attached: SSL
2021-12-08 07:24 syzop Severity minor => feature
2021-12-08 07:24 syzop Note Added: 0022240
2021-12-08 07:25 syzop Note Edited: 0022240
2021-12-08 09:30 arcanefeenix Note Added: 0022241
2021-12-28 18:20 syzop Relationship added has duplicate 0006040
2021-12-28 18:33 syzop Note Added: 0022310
2021-12-28 18:34 syzop Note Edited: 0022310
2021-12-28 18:34 syzop Note Edited: 0022310
2021-12-28 18:34 syzop Note Edited: 0022310
2021-12-28 18:35 syzop Note Edited: 0022310
2021-12-29 08:47 syzop Status new => acknowledged