From: Florian Westphal Date: Fri, 9 Jan 2009 20:30:43 +0000 (+0100) Subject: documentation: gnutls does not support password-protected privkeys X-Git-Tag: rel-14-rc1~24 X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commitdiff_plain;h=0acef7c598765e4cd786b875395c6601f7e41a19 documentation: gnutls does not support password-protected privkeys already mentioned in man page and sample config file, but for completeness also document it in doc/SSL.txt. --- diff --git a/doc/SSL.txt b/doc/SSL.txt index 6b590b86..7207f1bf 100644 --- a/doc/SSL.txt +++ b/doc/SSL.txt @@ -20,8 +20,11 @@ options of the ./configure script to enable it: --with-openssl enable SSL support using OpenSSL --with-gnutls enable SSL support using GnuTLS -You need a SSL certificate, see below for how to create a self-signed one. +You also need a key/certificate, see below for how to create a self-signed one. +From a feature point of view, ngIRCds support for both libraries is +comparable. The only major difference (at this time) is that ngircd with gnutls +does not support password protected private keys. Configuration ~~~~~~~~~~~~~ @@ -64,7 +67,7 @@ Create DH parameters (optional): Alternate approach using stunnel(1) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Alternatively (or if you are using ngIRCd without compiled without support +Alternatively (or if you are using ngIRCd compiled without support for GnuTLS/OpenSSL), you can use external programs/tools like stunnel(1) to get SSL encrypted connections: @@ -101,4 +104,7 @@ short "how-to", thanks Stefan! That's it. Don't forget to activate ssl support in your irc client ;) + The main drawback of this approach compared to using builtin ssl + is that from ngIRCds point of view, all ssl-enabled client connections will + originate from the host running stunnel. === snip ===