Project

General

Profile

Client-Core SSL support » History » Version 3

Version 2 (seezer, 07/02/2009 06:46 PM) → Version 3/15 (seezer, 07/02/2009 06:47 PM)

h1. Client-Core SSL support

If you wish to setup an SSL connection between the core and client, you must have compiled both with the "-DWITH_OPENSSL=ON" cmake option.
In case you use a binary version, verify that it was built with SSL support.

You don't know where to look for whether SSL support is available in your core?

>Start your core once and look out for warnings like:
<pre>Warning: SslServer: Certificate file /home/quassel/.config/quassel-irc.org/quasselCert.pem does not exist
Warning: SslServer: Unable to set certificate file
Quassel Core will still work, but cannot provide SSL for client connections.</pre>

Then you need to generate a certificate file to be used for the connections.
As the user that starts quassel-core, issue something like the following command on the server running the core:

*Version 0.4 and later*
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.config/quassel-irc.org/quasselCert.pem -out ~/.config/quassel-irc.org/quasselCert.pem</pre>
>You might use a different configuration directory. Check if your core gets started with the --configdir command-line option.

*Version before 0.4*
<pre>openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ~/.quassel/quasselCert.pem -out ~/.quassel/quasselCert.pem</pre>
>The "~/.quassel/" directory may differ if the --datadir option was specified for quasselcore.

Note that Kubuntu packages for Jaunty (9.04) and later do this step for you.

Start the core and select SSL in your Client as shown below:

!ssl_dialog_client.png!