SSL options added to configuration files

2008-04-07 15:45:15 +04:00 · 2008-04-07 15:45:15 +04:00 · b8730cbf86
commit b8730cbf86
parent f6f5f9c2c7
2 changed files with 68 additions and 24 deletions
--- a/doc/example.conf
+++ b/doc/example.conf
@ -43,19 +43,24 @@ serverinfo {
 	/* for IPv6 */
 	#vhost6 = "3ffe:80e8:546::2";
 	
-	/* ssl_private_key: our ssl private key */
-        ssl_private_key = "etc/test.key";
-
-	/* ssl_cert: certificate for our ssl server */
-        ssl_cert = "etc/test.cert";
-
-	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
-        ssl_dh_params = "etc/dh.pem";
+	/* ssl_private_key: our ssl private key */
+	ssl_private_key = "etc/test.key";

-	/* default max clients: the default maximum number of clients
-	 * allowed to connect.  This can be changed once ircd has started by
-	 * issuing:
-	 *   /quote set maxclients <limit>
+	/* ssl_cert: certificate for our ssl server */
+	ssl_cert = "etc/test.cert";
+
+	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
+	ssl_dh_params = "etc/dh.pem";
+
+	/* ssld_count: number of ssld processes you want to start, if you have a really busy 
+	 * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
+	 */
+	ssld_count = 1;
+
+	/* default max clients: the default maximum number of clients
+	 * allowed to connect.  This can be changed once ircd has started by
+	 * issuing:
+	 *   /quote set maxclients <limit>
 	 */
 	default_max_clients = 1024;
 };
@ -113,10 +118,12 @@ listen {
 	 */
 	#host = "192.169.0.1";
 	port = 5000, 6665 .. 6669;
+	sslport = 9999;

 	/* Listen on IPv6 (if you used host= above). */
 	#host = "3ffe:1234:a:b:c::d";
        #port = 5000, 6665 .. 6669;
+        #sslport = 9999;
 };

 /* auth {}: allow users to connect to the ircd (OLD I:)
@ -261,6 +268,16 @@ connect "irc.uplink.com" {
 	#aftype = ipv6;
 };

+connect "ssl.uplink.com" {
+	host = "192.168.0.1";
+	send_password = "password";
+	accept_password = "anotherpassword";
+	port = 9999;
+	hub_mask = "*";
+	class = "server";
+	flags = ssl, topicburst;
+};
+
 service {
 	name = "services.int";
 };
--- a/doc/reference.conf
+++ b/doc/reference.conf
@ -116,19 +116,24 @@ serverinfo {
 	 */
 	#vhost6 = "3ffe:80e8:546::2";
 	
-	/* ssl_private_key: our ssl private key */
-        ssl_private_key = "etc/test.key";
-
-	/* ssl_cert: certificate for our ssl server */
-        ssl_cert = "etc/test.cert";
-
-	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
-        ssl_dh_params = "etc/dh.pem";
+	/* ssl_private_key: our ssl private key */
+	ssl_private_key = "etc/test.key";

-	/* default max clients: the default maximum number of clients
-	 * allowed to connect.  This can be changed once ircd has started by
-	 * issuing:
-	 *   /quote set maxclients <limit>
+	/* ssl_cert: certificate for our ssl server */
+	ssl_cert = "etc/test.cert";
+
+	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
+	ssl_dh_params = "etc/dh.pem";
+
+	/* ssld_count: number of ssld processes you want to start, if you have a really busy 
+	 * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
+	 */
+	ssld_count = 1;
+
+	/* default max clients: the default maximum number of clients
+	 * allowed to connect.  This can be changed once ircd has started by
+	 * issuing:
+	 *   /quote set maxclients <limit>
 	 */
 	default_max_clients = 1024;
 };
@ -252,20 +257,28 @@ listen {
 	/* port: the specific port to listen on.  if no host is specified
 	 * before, it will listen on all available IPs.
 	 *
+	 * sslport: the specific port to listen ssl connections on. if no 
+	 * host is specified before, it will listen on all available IPs.
+	 *
 	 * ports are seperated via a comma, a range may be specified using ".."
 	 */
 	
 	/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
 	port = 5000, 6665 .. 6669;
+	
+	/* sslport: listen for ssl connections on all available IPs, port 9999 */
+	sslport = 9999;

 	/* host: set a specific IP/host the ports after the line will listen 
 	 * on.  This may be ipv4 or ipv6.
 	 */
 	host = "1.2.3.4";
 	port = 7000, 7001;
+	sslport = 9000, 9001;

 	host = "3ffe:1234:a:b:c::d";
        port = 7002;
+        sslport = 9002;
 };

 /* auth {}: allow users to connect to the ircd (OLD I:) */
@ -454,6 +467,7 @@ connect "irc.uplink.com" {
 	 * autoconn	- automatically connect to this server
 	 * compressed	- compress traffic via ziplinks
 	 * topicburst	- burst topics between servers
+	 * ssl		- ssl/tls encrypted server connections
 	 */
 	flags = compressed, topicburst;
 };
@ -475,6 +489,19 @@ connect "ipv6.some.server" {
        class = "server";
 };

+connect "ssl.uplink.com" {
+	/* Example of ssl server-to-server connection, ssl flag doesn't need
+	 * compressed flag, 'cause it uses own compression
+	 */
+	host = "192.168.0.1";
+	send_password = "password";
+	accept_password = "anotherpassword";
+	port = 9999;
+	hub_mask = "*";
+	class = "server";
+	flags = ssl, topicburst;
+};
+
 /* cluster {}; servers that we propagate things to automatically.
 * NOTE: This does NOT grant them privileges to apply anything locally,
 *       you must add a seperate shared block for that.  Clustering will