~emersion/soju#47: 
Support SASL External method

It would be really great if soju had support for logging in to irc servers via certificates rather than only passwords.With that addition I would be able to login to freenode via a tor proxy since that is the only method where it is allowed to do that (ECDSA-NIST256P-CHALLENGE is also allowed, but also not supported).

Status
RESOLVED FIXED
Submitter
~r4pr0n
Assigned to
No-one
Submitted
4 years ago
Updated
4 years ago
Labels
No labels applied.

~emersion 4 years ago

22:44 @emersion how to send the private key to soju?
22:44 @emersion should soju generate the private key?
22:44 @emersion should you copy-paste the multi-line private key PEM to BouncerServ?
22:44 foxcpp good question, I just keep the private key on the server weechat runs on, do you think we can do better?
22:44 foxcpp hmm..
22:45 @emersion thing is, soju users aren't expected to have shell access
22:46 foxcpp I do not see a different way then
22:46 foxcpp other than PM'ing it to some meta-user
22:46 foxcpp file transfer using DCC seems to be a bit of overkill for this
22:48 foxcpp it also needs a certificate, so that's a lot of lines
22:49 foxcpp here: "add private key" command or something, then BouncerServ waits for a sequence of PRIVMSGs until one with PEM end marker appears
22:50 foxcpp that will be the certificate and then it also reads private key the same way
22:50 foxcpp or in reverse, does not matter
23:17 @emersion yeah, i guess that's th only reasonable way

~foxcpp 4 years ago

On the second thought, I think generating a certificate by soju is more clean. Ability to add an existing key is not really important - you can connect to the network directly and add the fingerprint to list using any other means.

~emersion 4 years ago

Implemented in 203dc3df6ada

~emersion REPORTED FIXED 4 years ago

Register here or Log in to comment, or comment via email.