This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

1.8 CVS Problem

General support and discussion of Eggdrop bots.
Post Reply
r
rrc55
Voice
Posts: 29
Joined: Wed Mar 11, 2009 9:33 am

1.8 CVS Problem

Post by rrc55 »

I've just upgraded my bot from 1.6.19 to 1.8 and followed the instructions to setup SSL to the best of my ability but I can't seem to connect to any ssl servers. I've tried various eggdrop.conf settings, eggdrop generated keys + certs, creating openssl key + certs + CA and specifying the path in eggdrop.conf, and changing file permissions.

Here's my output:

Code: Select all

[T3256@GURY eggdrop]$ ./eggdrop -n eggdrop.conf

Eggdrop v1.8.0+publistennoident (C) 1997 Robey Pointer (C) 2010 Eggheads
[16:35:07] Allocated bind table unld (flags 1)
[16:35:07] Allocated bind table time (flags 1)
[16:35:07] Allocated bind table cron (flags 1)
[16:35:07] Allocated bind table note (flags 0)
[16:35:07] Allocated bind table nkch (flags 1)
[16:35:07] Allocated bind table load (flags 1)
[16:35:07] Allocated bind table link (flags 1)
[16:35:07] Allocated bind table filt (flags 1)
[16:35:07] Allocated bind table disc (flags 1)
[16:35:07] Allocated bind table dcc (flags 0)
[16:35:07] Allocated bind table chpt (flags 1)
[16:35:07] Allocated bind table chon (flags 1)
[16:35:07] Allocated bind table chof (flags 1)
[16:35:07] Allocated bind table chjn (flags 1)
[16:35:07] Allocated bind table chat (flags 1)
[16:35:07] Allocated bind table bot (flags 0)
[16:35:07] Allocated bind table bcst (flags 1)
[16:35:07] Allocated bind table away (flags 1)
[16:35:07] Allocated bind table act (flags 1)
[16:35:07] Allocated bind table evnt (flags 1)
[16:35:07] Allocated bind table die (flags 1)
[16:35:07] Allocated bind table log (flags 1)
[16:35:07] Allocated bind table tls (flags 1)
[16:35:07] --- Loading eggdrop v1.8.0+publistennoident (Wed Mar 16 2011)
[17:35:07] Module loaded: blowfish        
[17:35:07] Module loaded: dns             
[17:35:07] Module loaded: channels        
[17:35:07] Allocated bind table wall (flags 1)
[17:35:07] Allocated bind table raw (flags 1)
[17:35:07] Allocated bind table notc (flags 1)
[17:35:07] Allocated bind table msgm (flags 1)
[17:35:07] Allocated bind table msg (flags 0)
[17:35:07] Allocated bind table flud (flags 1)
[17:35:07] Allocated bind table ctcr (flags 1)
[17:35:07] Allocated bind table ctcp (flags 1)
[17:35:07] Allocated bind table out (flags 1)
[17:35:07] Module loaded: server          
[17:35:07] Module loaded: ctcp            
[17:35:07] Allocated bind table topc (flags 1)
[17:35:07] Allocated bind table splt (flags 1)
[17:35:07] Allocated bind table sign (flags 1)
[17:35:07] Allocated bind table rejn (flags 1)
[17:35:07] Allocated bind table part (flags 1)
[17:35:07] Allocated bind table nick (flags 1)
[17:35:07] Allocated bind table mode (flags 1)
[17:35:07] Allocated bind table kick (flags 1)
[17:35:07] Allocated bind table join (flags 1)
[17:35:07] Allocated bind table pubm (flags 1)
[17:35:07] Allocated bind table pub (flags 0)
[17:35:07] Allocated bind table need (flags 1)
[17:35:07] Module loaded: irc             
[17:35:07] Allocated bind table rcvd (flags 1)
[17:35:07] Allocated bind table sent (flags 1)
[17:35:07] Allocated bind table lost (flags 1)
[17:35:07] Allocated bind table tout (flags 1)
[17:35:07] LANG: Section loaded: transfer
[17:35:07] LANG: 59 messages of 66 lines loaded from ./language/transfer.english.lang
[17:35:07] LANG: 59 adds, 0 updates to message table
[17:35:07] Module loaded: transfer         (with lang support)
[17:35:07] LANG: Section loaded: notes
[17:35:07] LANG: 42 messages of 48 lines loaded from ./language/notes.english.lang
[17:35:07] LANG: 42 adds, 0 updates to message table
[17:35:07] Module loaded: notes            (with lang support)
[17:35:07] LANG: Section loaded: console
[17:35:07] LANG: 10 messages of 16 lines loaded from ./language/console.english.lang
[17:35:07] LANG: 10 adds, 0 updates to message table
[17:35:07] Module loaded: console          (with lang support)
[17:35:07] Userinfo TCL v1.07 loaded (URL BF GF IRL EMAIL DOB PHONE ICQ).
[17:35:07] use '.help userinfo' for commands.
[17:35:07] Userfile loaded, unpacking...
[17:35:07] === Bot3256: 0 channels, 1 users.
[17:35:07] main: entering loop
[17:35:07] Trying server [irc.paraphysics.net]:+6697
[17:35:07] DNS Resolver: Creating new record
[17:35:07] DNS Resolver: Sent domain lookup request for "irc.paraphysics.net".
[17:35:07] DNS Resolver: Received nameserver reply. (qd:1 an:1 ns:0 ar:0)
[17:35:07] DNS Resolver: answered domain query: "irc.paraphysics.net"
[17:35:07] DNS Resolver: TTL: 1h
[17:35:07] DNS Resolver: TYPE: A: host address
[17:35:07] DNS Resolver: Lookup successful: irc.paraphysics.net
[17:35:07] DNS resolved irc.paraphysics.net to 198.3.160.3
[17:35:07] TLS: attempting SSL negotiation...
[17:35:07] TLS: state change: before/connect initialization
[17:35:07] TLS: state change: before/connect initialization
[17:35:07] TLS: state change: SSLv2/v3 write client hello B
[17:35:07] TLS: handshake in progress
[17:35:07] TLS: state change: SSLv2/v3 write client hello B
[17:35:09] TLS: state change: SSLv2/v3 write client hello B
[17:35:09] TLS: state change: SSLv2/v3 read server hello A
[17:35:09] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:09] TLS: state change: SSLv2/v3 read server hello A
[17:35:09] dequeue_sockets(): errno = 11 (Resource temporarily unavailable) on 5
[17:35:09] TLS: state change: SSLv3 read server hello A
[17:35:09] TLS: X509 has no subjectAltName extension
[17:35:09] TLS: state change: SSLv3 read server certificate A
[17:35:09] TLS: state change: SSLv3 read server key exchange A
[17:35:09] TLS: state change: SSLv3 read server key exchange A
[17:35:09] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:09] TLS: state change: SSLv3 read server key exchange A
[17:35:09] dequeue_sockets(): errno = 11 (Resource temporarily unavailable) on 5
[17:35:09] TLS: state change: SSLv3 read server key exchange A
[17:35:09] TLS: state change: SSLv3 read server done A
[17:35:09] TLS: state change: SSLv3 write client key exchange A
[17:35:09] TLS: state change: SSLv3 write change cipher spec A
[17:35:09] TLS: state change: SSLv3 write finished A
[17:35:09] TLS: state change: SSLv3 flush data
[17:35:09] TLS: state change: SSLv3 read finished A
[17:35:09] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:09] TLS: state change: SSLv3 read finished A
[17:35:09] dequeue_sockets(): errno = 11 (Resource temporarily unavailable) on 5
[17:35:09] TLS: state change: SSLv3 read finished A
[17:35:09] TLS: handshake successful. Secure connection established.
[17:35:09] TLS: certificate subject: C=US, ST=Texas, L=Houston, O=Paraphysics Special Effects, OU=Online, CN=Mark Miller, emailAddress=mark@pyromasters.com
[17:35:09] TLS: certificate issuer: C=US, ST=Texas, L=Houston, O=Paraphysics Special Effects, OU=Online, CN=Mark Miller, emailAddress=mark@pyromasters.com
[17:35:09] TLS: certificate MD5 Fingerprint: 9E:69:3B:07:5F:B2:96:74:EC:23:DC:7A:0F:71:07:8B
[17:35:09] TLS: certificate SHA1 Fingerprint: 80:FE:B3:AC:D1:36:01:21:8A:77:52:0C:9D:66:EE:76:FB:89:2F:34
[17:35:09] TLS: certificate valid from Dec 10 09:20:59 2008 GMT to Dec 10 09:20:59 2009 GMT
[17:35:09] TLS: cipher used: DHE-RSA-AES256-SHA TLSv1/SSLv3; 256 bits (256 secret)
[17:35:09] TLS: cipher details: DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1

[17:35:09] TLS: state change: SSL negotiation finished successfully
[17:35:09] TLS: state change: SSL negotiation finished successfully
[17:35:09] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:09] net: connect! sock 5
[17:35:09] Connected to irc.paraphysics.net
[17:35:09] -NOTICE- *** Processing connection to irc.paraphysics.net
[17:35:09] -NOTICE- *** Looking up your hostname...
[17:35:09] -NOTICE- *** Checking Ident
[17:35:09] -NOTICE- *** Found your hostname
[17:35:21] -NOTICE- *** No Ident response
[17:35:21] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:21] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:21] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:21] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:21] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:21] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[17:35:21] CTCP VERSION:  from ParaDMON (services@paraphysics.services)
It just hangs on the last line.

Here's my ssl settings in eggdrop.conf:

Code: Select all

##### SSL SETTINGS #####

# Settings in this section take effect when eggdrop is compiled with TLS
# support.

# File containing your private key, needed for the SSL certificate
# (see below). You can create one issuing the following command:
#
#   openssl genrsa -out eggdrop.key 2048
#
# It will create a 2048 bit RSA key, strong enough for eggdrop.
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-privatekey "/etc/ssl/eggdrop/CA/Assimilator-key.pem"

# Specify the filename where your SSL certificate is located. If you
# don't set this, eggdrop will not be able to act as a server in SSL
# connections, as with most ciphers a certificate and a private key
# are required on the server side. Must be in PEM format.
# If you don't have one, you can create it using the following command:
#
#   openssl req -new -key eggdrop.key -x509 -out eggdrop.crt -days 365
#
# This is required for SSL hubs/listen ports, secure file transfer and
# /ctcp botnick schat
# For your convenience, you can type 'make sslcert' after 'make install'
# and you'll get a key and a certificate in your DEST directory.
set ssl-certificate "/etc/ssl/eggdrop/CA/Assimilator-cert.pem"

# Sets the maximum depth for the certificate chain verification that will
# be allowed for ssl. When certificate verification is enabled, any chain
# exceeding this depth will fail verification.
#set ssl-verify-depth 9

# Specify the location at which CA certificates for verification purposes
# are located. These certificates are trusted. If you don't set this,
# certificate verification will not work.
set ssl-capath "/etc/ssl/eggdrop/CA"
set ssl-cafile "/etc/ssl/eggdrop/CA/cacert.pem"

# Specify the list of ciphers (in order of preference) allowed for use with
# ssl. The cipher list is one or more cipher strings separated by colons,
# commas or spaces. Unavailable ciphers are silently ignored unless no useable
# cipher could be found. For the list of possible cipher strings and their
# meanings, please refer to the ciphers(1) manual.
# Note: if you set this, the value replaces any ciphers OpenSSL might use by
# default. To include the default ciphers, you can put DEFAULT as a cipher
# string in the list.
# For example:
#
#   set ssl-ciphers "DEFAULT ADH"
#
# This will make eggdrop allow the default OpenSSL selection plus anonymous
# DH ciphers.
#
#   set ssl-ciphers "ALL"
#
# This will make eggdrop allow all ciphers supported by OpenSSL, in a
# reasonable order.
set ssl-ciphers "ALL"

# Enable certificate authorization. Set to 1 to allow users and bots to
# identify automatically by their certificate fingerprints. Setting it
# to 2 to will force fingerprint logins. With a value of 2, users without
# a fingerprint set or with a certificate UID not matching their handle
# won't be allowed to login on SSL enabled telnet ports. Fingerprints
# must be set in advance with the .fprint and .chfinger commands.
# NOTE: this setting has no effect on plain-text ports.
set ssl-cert-auth 1

# You can control SSL certificate verification using the following variables.
# All of them are flag-based. You can set them by adding together the numbers
# for all exceptions you want to enable. By default certificate verification
# is disabled and all certificates are assumed to be valid. The numbers are
# the following:
#
# Enable certificate verification - 1
# Allow self-signed certificates - 2
# Don't check peer common or alt names - 4
# Allow expired certificates - 8
# Allow certificates which are not valid yet - 16
# Allow revoked certificates - 32
# A value of 0 disables verification.

# Control certificate verification for DCC chats (only /dcc chat botnick)
set ssl-verify-dcc 11

# Control certificate verification for linking to hubs
#set ssl-verify-bots 0

# Control cerfificate verification for SSL listening ports. This includes
# leaf bots connecting, users telneting in and /ctcp bot chat.
set ssl-verify-clients 11
I'm just assuming the problem is ssl related but I really don't know. I'd appreciate some help. Thank you.
Last edited by rrc55 on Sun Mar 20, 2011 8:07 am, edited 5 times in total.
p
pseudo
Halfop
Posts: 88
Joined: Mon Nov 23, 2009 4:52 am
Location: Bulgaria
Contact:

Post by pseudo »

This output suggests that the problem might be somewhere else and not in the SSL code. It gets past the connect phase and hangs later.

Can you reproduce the problem on a plaintext port? I don't see in your log any additional scripts being loaded, but just in case, do you have some non-standard scripts in your config? Can you also try with different SSL servers?
r
rrc55
Voice
Posts: 29
Joined: Wed Mar 11, 2009 9:33 am

Post by rrc55 »

I actually didn't think to try that. It does work fine on normal ports. I did try other servers for SSL and they all hanged. I'm not loading any extra scripts either.

Just tried a different network and got this in case it helps
[16:44:48] === Bot3256: 0 channels, 1 users.
[16:44:49] main: entering loop
[16:44:49] Trying server [Snoke.NL.EU.GameSurge.net]:+7000
[16:44:49] DNS Resolver: Creating new record
[16:44:49] DNS Resolver: Sent domain lookup request for "Snoke.NL.EU.GameSurge.net".
[16:44:49] DNS Resolver: Received nameserver reply. (qd:1 an:0 ns:1 ar:0)
[16:44:49] DNS Resolver: answered domain query: "GameSurge.net"
[16:44:49] DNS Resolver: Received nameserver reply. (qd:1 an:1 ns:0 ar:0)
[16:44:49] DNS Resolver: answered domain query: "Snoke.NL.EU.GameSurge.net"
[16:44:49] DNS Resolver: TTL: 1d
[16:44:49] DNS Resolver: TYPE: A: host address
[16:44:49] DNS Resolver: Lookup successful: Snoke.NL.EU.GameSurge.net
[16:44:49] DNS resolved Snoke.NL.EU.GameSurge.net to 217.67.230.218
[16:44:49] TLS: attempting SSL negotiation...
[16:44:49] TLS: state change: before/connect initialization
[16:44:49] TLS: state change: before/connect initialization
[16:44:49] TLS: state change: SSLv2/v3 write client hello B
[16:44:49] TLS: handshake in progress
[16:44:49] TLS: state change: SSLv2/v3 write client hello B
[16:44:50] TLS: state change: SSLv2/v3 write client hello B
[16:44:50] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:51] TLS: state change: SSLv2/v3 write client hello B
[16:44:51] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:52] TLS: state change: SSLv2/v3 write client hello B
[16:44:52] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:53] TLS: state change: SSLv2/v3 write client hello B
[16:44:53] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:54] TLS: state change: SSLv2/v3 write client hello B
[16:44:54] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:55] TLS: state change: SSLv2/v3 write client hello B
[16:44:55] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:56] TLS: state change: SSLv2/v3 write client hello B
[16:44:56] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:57] TLS: state change: SSLv2/v3 write client hello B
[16:44:57] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:58] TLS: state change: SSLv2/v3 write client hello B
[16:44:58] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:44:59] TLS: state change: SSLv2/v3 write client hello B
[16:44:59] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:00] TLS: state change: SSLv2/v3 write client hello B
[16:45:00] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:01] TLS: state change: SSLv2/v3 write client hello B
[16:45:01] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:02] TLS: state change: SSLv2/v3 write client hello B
[16:45:02] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:03] TLS: state change: SSLv2/v3 write client hello B
[16:45:03] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:04] TLS: state change: SSLv2/v3 write client hello B
[16:45:04] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:05] TLS: state change: SSLv2/v3 write client hello B
[16:45:05] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:06] TLS: state change: SSLv2/v3 write client hello B
[16:45:06] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:07] TLS: state change: SSLv2/v3 write client hello B
[16:45:07] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:08] TLS: state change: SSLv2/v3 write client hello B
[16:45:08] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:09] TLS: state change: SSLv2/v3 write client hello B
[16:45:09] sockread EAGAIN: 5 11 (Resource temporarily unavailable)
[16:45:10] TLS: state change: SSLv2/v3 write client hello B
[16:45:10] sockread(): SSL error = error:00000000:lib(0):func(0):reason(0)
[16:45:10] net: eof!(read) socket 5
[16:45:10] Disconnected from Snoke.NL.EU.GameSurge.net
r
rrc55
Voice
Posts: 29
Joined: Wed Mar 11, 2009 9:33 am

Post by rrc55 »

Everything works fine. I just assumed it hung because I didn't see the motd. But it's definitely connected. Silly me.
Post Reply