Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to specify ca certificates per network #438

Open
tyll opened this issue Jun 8, 2015 · 7 comments · May be fixed by #613 or #1262
Open

Allow to specify ca certificates per network #438

tyll opened this issue Jun 8, 2015 · 7 comments · May be fixed by #613 or #1262
Labels
feature New feature request

Comments

@tyll
Copy link

tyll commented Jun 8, 2015

I would like to connect to the hackint IRC network via TLS. They use their own root CA which I would like to specify only for the hackint network: http://hackint.eu/
However this does not seem to be possible, since there seems to be only a globel CA certificate setting. But setting it to the hackint CA would break accessing the Freenote IRC network. Therefore please allow to set the CA per IRC network additionally to the global default setting.
@Mikaela
Copy link
Contributor

Mikaela commented Jun 8, 2015

ZNC has similar issue znc/znc#909 and on ZNC side it's know that there are more networks having their own root CA. I thought that issue mentioned them, but it doesn't seem to and I remember at least two other names in addition to hackint:

  • OFTC
  • EUnetIRC (or something similar)

@stfnm
Copy link
Contributor

stfnm commented Jun 8, 2015

👍 I'd like this too.

@flashcode flashcode added the feature New feature request label Jun 8, 2015
@flokli
Copy link

flokli commented Jul 22, 2015

+1

@ghost
Copy link

ghost commented Sep 7, 2015

can confirm this and would like to see a point in the future where one can set per network root ca files

@Mikaela Mikaela mentioned this issue Nov 1, 2015
Open
@ManiacTwister ManiacTwister linked a pull request Nov 30, 2015 that will close this issue
Open
@monkz
Copy link

monkz commented Jun 28, 2017

Work around is:

wget https://hackint.eu/crt/rootca.crt
cat rootca.crt /etc/ssl/certs/ca-certificates.crt > weechat-rootca.crt

And inside weechat
/set weechat.network.gnutls_ca_file PATH/TO/weechat-rootca.crt
Please remember: This allows the owner of the HackInt CA to sign certificates for other networks! So it is far from ideal!

@shibumi
Copy link

shibumi commented Jul 16, 2018

any update on this issue?

@weechatter
Copy link
Contributor

no

sim642 added a commit to sim642/weechat that referenced this issue Sep 14, 2018
@sim642
irc: allow specifying SSL CA per server (weechat#438)
5088489
sim642 added a commit to sim642/weechat that referenced this issue Sep 14, 2018
@sim642
irc: don't use global SSL CAs when one specified for server (weechat#438
df8ab98 
)
@sim642 sim642 linked a pull request Oct 6, 2018 that will close this issue
Open
sim642 added a commit to sim642/weechat that referenced this issue Oct 10, 2019
@sim642
irc: allow specifying SSL CA per server (weechat#438)
ed2ecf3
sim642 added a commit to sim642/weechat that referenced this issue Oct 10, 2019
@sim642
irc: don't use global SSL CAs when one specified for server (weechat#438
f3e1d2a 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature request
Projects
None yet
Milestone
No milestone
8 participants
@flokli @tyll @stfnm @monkz @Mikaela @weechatter @flashcode @shibumi