Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve certfp/tor instructions for silly clients #386

Merged
merged 3 commits into from
Dec 20, 2024
Merged

Improve certfp/tor instructions for silly clients #386

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bd0f6bd
Improve instructions for silly clients
meldra Dec 19, 2024
ffbeac1
Update content/_guides/certfp.md
glguy Dec 20, 2024
9aec588
Apply suggestions from code review
glguy Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions content/_guides/certfp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,10 @@ punctuation (e.g. `certs/libera.pem` or `certs/Example Server.pem`).

### Konversation

Create the .pem file as per above, then place it wherever you want.
Start Konversation, then open the Identity dialogue by either pressing
<kbd>F8</kbd> or via the Settings menu entry. Choose the identity you use
for the Libera.Chat network or create a new one.
Create the .pem file as per above using `rsa:4096` instead of `ed25519`,
then place it wherever you want. Start Konversation, then open the Identity
dialogue by either pressing <kbd>F8</kbd> or via the Settings menu entry.
Choose the identity you use for the Libera.Chat network or create a new one.
In the part `Auto Identify` you have to choose `SASL External (Cert)`
as the `Type` for SASL External or `SSL CLient Certificate` for CertFP.
SASL External requires at least version 1.7 of Konversation.
Expand Down Expand Up @@ -205,3 +205,12 @@ You can then authorise your current certificate fingerprint:
In the future, any connections you make to Libera.Chat with your certificate
will be logged into your account automatically. Optionally, or if you wish to
[connect via Tor](/guides/connect), you can enable SASL with the `EXTERNAL` mechanism.

## Troubleshooting

### Expecting an rsa key

This can happen if your client does not support the `ed25519` algorithm. If
you wish to continue with this client, you will need to replace your
certificate using the same command as above, but with `rsa:4096` in place of
`ed25519`.
8 changes: 4 additions & 4 deletions content/_guides/connect.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,10 @@ This service requires public-key SASL authentication using either the
[guide on setting up CertFP](/guides/certfp.html) for more information.

Some clients lack SOCKS4a or later support. In this case you will need to
change your `torrc` file to map a private IP address to the onion service
address instead and disable TLS hostname verification in your client. Onion
service names securely identify a service. The connection will still be
secure.
either launch your client with a wrapper such as `torsocks`, or change your
`torrc` file to map a private IP address to the onion service address instead
and disable TLS hostname verification in your client. Onion service names
securely identify a service. The connection will still be secure.

The default tor configuration only optimizes some ports for long-lived
connections: For IRC, only `6667` and `6697`. If you use a different port, you
Expand Down
Loading