From b8730cbf8695b785c54e6aa69e07fa51eb91f400 Mon Sep 17 00:00:00 2001 From: Valery Yatsko Date: Mon, 7 Apr 2008 15:45:15 +0400 Subject: [PATCH] SSL options added to configuration files --- doc/example.conf | 41 ++++++++++++++++++++++++++----------- doc/reference.conf | 51 +++++++++++++++++++++++++++++++++++----------- 2 files changed, 68 insertions(+), 24 deletions(-) diff --git a/doc/example.conf b/doc/example.conf index 74c8e158..34b2497e 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -43,19 +43,24 @@ serverinfo { /* for IPv6 */ #vhost6 = "3ffe:80e8:546::2"; - /* ssl_private_key: our ssl private key */ - ssl_private_key = "etc/test.key"; - - /* ssl_cert: certificate for our ssl server */ - ssl_cert = "etc/test.cert"; - - /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ - ssl_dh_params = "etc/dh.pem"; + /* ssl_private_key: our ssl private key */ + ssl_private_key = "etc/test.key"; - /* default max clients: the default maximum number of clients - * allowed to connect. This can be changed once ircd has started by - * issuing: - * /quote set maxclients + /* ssl_cert: certificate for our ssl server */ + ssl_cert = "etc/test.cert"; + + /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ + ssl_dh_params = "etc/dh.pem"; + + /* ssld_count: number of ssld processes you want to start, if you have a really busy + * server, using N-1 where N is the number of cpu/cpu cores you have might be useful + */ + ssld_count = 1; + + /* default max clients: the default maximum number of clients + * allowed to connect. This can be changed once ircd has started by + * issuing: + * /quote set maxclients */ default_max_clients = 1024; }; @@ -113,10 +118,12 @@ listen { */ #host = "192.169.0.1"; port = 5000, 6665 .. 6669; + sslport = 9999; /* Listen on IPv6 (if you used host= above). */ #host = "3ffe:1234:a:b:c::d"; #port = 5000, 6665 .. 6669; + #sslport = 9999; }; /* auth {}: allow users to connect to the ircd (OLD I:) @@ -261,6 +268,16 @@ connect "irc.uplink.com" { #aftype = ipv6; }; +connect "ssl.uplink.com" { + host = "192.168.0.1"; + send_password = "password"; + accept_password = "anotherpassword"; + port = 9999; + hub_mask = "*"; + class = "server"; + flags = ssl, topicburst; +}; + service { name = "services.int"; }; diff --git a/doc/reference.conf b/doc/reference.conf index 8096b9cd..16aefa8a 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -116,19 +116,24 @@ serverinfo { */ #vhost6 = "3ffe:80e8:546::2"; - /* ssl_private_key: our ssl private key */ - ssl_private_key = "etc/test.key"; - - /* ssl_cert: certificate for our ssl server */ - ssl_cert = "etc/test.cert"; - - /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ - ssl_dh_params = "etc/dh.pem"; + /* ssl_private_key: our ssl private key */ + ssl_private_key = "etc/test.key"; - /* default max clients: the default maximum number of clients - * allowed to connect. This can be changed once ircd has started by - * issuing: - * /quote set maxclients + /* ssl_cert: certificate for our ssl server */ + ssl_cert = "etc/test.cert"; + + /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ + ssl_dh_params = "etc/dh.pem"; + + /* ssld_count: number of ssld processes you want to start, if you have a really busy + * server, using N-1 where N is the number of cpu/cpu cores you have might be useful + */ + ssld_count = 1; + + /* default max clients: the default maximum number of clients + * allowed to connect. This can be changed once ircd has started by + * issuing: + * /quote set maxclients */ default_max_clients = 1024; }; @@ -252,20 +257,28 @@ listen { /* port: the specific port to listen on. if no host is specified * before, it will listen on all available IPs. * + * sslport: the specific port to listen ssl connections on. if no + * host is specified before, it will listen on all available IPs. + * * ports are seperated via a comma, a range may be specified using ".." */ /* port: listen on all available IPs, ports 5000 and 6665 to 6669 */ port = 5000, 6665 .. 6669; + + /* sslport: listen for ssl connections on all available IPs, port 9999 */ + sslport = 9999; /* host: set a specific IP/host the ports after the line will listen * on. This may be ipv4 or ipv6. */ host = "1.2.3.4"; port = 7000, 7001; + sslport = 9000, 9001; host = "3ffe:1234:a:b:c::d"; port = 7002; + sslport = 9002; }; /* auth {}: allow users to connect to the ircd (OLD I:) */ @@ -454,6 +467,7 @@ connect "irc.uplink.com" { * autoconn - automatically connect to this server * compressed - compress traffic via ziplinks * topicburst - burst topics between servers + * ssl - ssl/tls encrypted server connections */ flags = compressed, topicburst; }; @@ -475,6 +489,19 @@ connect "ipv6.some.server" { class = "server"; }; +connect "ssl.uplink.com" { + /* Example of ssl server-to-server connection, ssl flag doesn't need + * compressed flag, 'cause it uses own compression + */ + host = "192.168.0.1"; + send_password = "password"; + accept_password = "anotherpassword"; + port = 9999; + hub_mask = "*"; + class = "server"; + flags = ssl, topicburst; +}; + /* cluster {}; servers that we propagate things to automatically. * NOTE: This does NOT grant them privileges to apply anything locally, * you must add a seperate shared block for that. Clustering will