Irssi core bugs

Notice: Undefined index: tasklist_type in /var/www/ : eval()'d code on line 85 Notice: Undefined index: tasklist_type in /var/www/ : eval()'d code on line 90
  • Status New
  • Percent Complete
  • Task Type Feature Request
  • Category proxy
  • Assigned To No-one
  • Operating System All
  • Severity Medium
  • Priority Normal
  • Reported Version Irssi SVN
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 0
  • Private No
Attached to Project: Irssi core bugs
Opened by Christian Sachs (chrisxx) - 2009-02-27
Last edited by Wouter Coekaerts (coekie) - 2009-03-29

FS#645 - [PATCH] irssiproxy SSL support


irssiproxy seems to lack support for SSL encryption (that'd be server-side).
I've checked google for it, but as the only messages I've found about the topic were quite some years old; I assumed no one was currently working on it.

I've created this patch (on SVN/r5021) which adds SSL encryption to irssiproxy. (The proxy then acts as a SSL server, the client used to connect to it will need to support SSL.)
It's been tested on Linux and Mac OS X. Unless someone stumbles upon bugs I've missed, maybe the patch could be merged.
I know that adding a small wrapper might not be the most elegant solution, but taking a look at the existing irssi SSL code makes it appear pretty client centric;
I assumed it might be more adequate to add this by changing the proxy code alone, not the basic network code.

(Apply by using patch < proxysslserver.diff in src/irc/proxy)
It's enabled by compiling irssi SSL enabled; encryption then needs a server certificate and can be enabled network-wise.
One can switch SSL on by adding :/path/to/certkey.pem to the irssiproxy_ports setting.
e.g. /set irssiproxy_ports QuakeNet=7777:/home/user/.irssi/servercert.pem
The certificate/key file must contain both cert&key, and be in PEM format. If one is familiar with PKI, obviously a proper cert can be used.
For basic security, a simple cert/key can be made using the following command: openssl req -new -x509 -nodes -newkey rsa:2048 -keyout yourcert.pem -out yourcert.pem -days 365
(Obviously checking the cert for trustability must be disabled in this case on the client side.)


Christian Sachs

This task does not depend on any other tasks.

Wouter Coekaerts (coekie)
Sunday, 29 March 2009, 10:07 GMT
This would indeed be a nice feature...

It seems strange to me that the path to the certificate is per network, and not just one global setting though. Is there really a use for having different certificates for different proxy ports; or only having ssl enabled for some of them?
Georg (fetzkochl)
Saturday, 22 October 2011, 17:20 GMT
Any reason this is not included?
Edd (vext01)
Friday, 23 May 2014, 20:29 GMT
Registering interest in this feature in 2014...