Hi Fernando and Hiltjo, On Sat, Oct 29, 2022 at 08:18:22PM +0200, Hiltjo Posthuma wrote: > On Sat, Oct 29, 2022 at 11:38:10AM -0500, fernandoreyesavila3 wrote: > > I am hosting an ergo irc server with self signed certificates. > > Connecting to any public irc server works as expected. ii prints the > > following when I try to connect to my server. > > > > $ ii -s servername.com -p 6697 > > NICK nando > > USER nando localhost servername.com :nando > > > > ii: remote host closed connection: No such file or directory > > > > I patched ii with tls encryption support and ran > > > > $ ii -t -s servername.com -p 6697 > > ii: tls_handshake: certificate verification failed: self signed certificate > > > > I connected through hexchat by accepting invalid ssl certificates. > > Is there a similair option for ii? Any help would be appreciated. > > With LibreSSL libtls: you could set a certificate file: > > https://man.openbsd.org/tls_config_set_ca_file > > Maybe you could add a command-line flag that allows to set this certificate > so it > can be set per server.
For those use cases, I would just add a "don't check anything" flag. The API of libtls is to detailed, to expose every knob as an option to ii. Maybe an -F <fingerprint> option could be a compromise for selfsign certs?! I'll think about it and make a change to the tls patch. Thanks, Jan
