IRSSI: Connect to a server which uses a self-signed certificate
In order to connect to a friend's IRC, I had to accept his self-signed certificate. This is quite a simple process of downloading the cert and referencing it as part of your IRSSI config.
Step 1 - Download cert
josh@joshserver:~ $ openssl s_client -showcerts -connect irc.example.com:6697
CONNECTED(00000003)
depth=0 C = UK, ST = Place, O = example.com, OU = IRCd, CN = irc.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = UK, ST = Place, O = example.com, OU = IRCd, CN = irc.example.com
verify return:1
---
Certificate chain
0 s:/C=UK/ST=Place/O=example.com/OU=IRCd/CN=irc.example.com
i:/C=UK/ST=Place/O=example.com/OU=IRCd/CN=irc.example.com
-----BEGIN CERTIFICATE-----
[Certificate Data]
-----END CERTIFICATE-----
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 2213 bytes and written 385 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key: THING
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1482173239
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
:irc.example.com NOTICE * :*** Looking up your hostname...
:irc.example.com NOTICE * :*** Found your hostname (cached)
Note that this will also connect to the IRC server, as shown by the last two lines. You can disconnect by pressing CTRL-C
Step 2 - Add the certificate to IRSSI
Copy all the data between -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
(including these tags)
Place this into a file accessible by your user. In this case, I put it in ~/.irssi/irc.example.com.crt
Then, open your IRSSI config.
In the 'server' section, add the following parameter:
ssl_cafile=~/.irssi/irc.example.com.crt;
When you are finished, your config will look like:
{
address = "irc.example.com";
chatnet = "Example";
port = "6697";
use_ssl = "yes";
ssl_verify = "yes";
autoconnect = "yes";
ssl_cafile = "~/.irssi/irc.example.com.crt";
}
Now, restart IRSSI, and the connection should be successful!