SSL options added to configuration files

This commit is contained in:
Valery Yatsko 2008-04-07 15:45:15 +04:00
parent f6f5f9c2c7
commit b8730cbf86
2 changed files with 68 additions and 24 deletions

View file

@ -44,13 +44,18 @@ serverinfo {
#vhost6 = "3ffe:80e8:546::2";
/* ssl_private_key: our ssl private key */
ssl_private_key = "etc/test.key";
ssl_private_key = "etc/test.key";
/* ssl_cert: certificate for our ssl server */
ssl_cert = "etc/test.cert";
ssl_cert = "etc/test.cert";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
ssl_dh_params = "etc/dh.pem";
/* ssld_count: number of ssld processes you want to start, if you have a really busy
* server, using N-1 where N is the number of cpu/cpu cores you have might be useful
*/
ssld_count = 1;
/* default max clients: the default maximum number of clients
* allowed to connect. This can be changed once ircd has started by
@ -113,10 +118,12 @@ listen {
*/
#host = "192.169.0.1";
port = 5000, 6665 .. 6669;
sslport = 9999;
/* Listen on IPv6 (if you used host= above). */
#host = "3ffe:1234:a:b:c::d";
#port = 5000, 6665 .. 6669;
#sslport = 9999;
};
/* auth {}: allow users to connect to the ircd (OLD I:)
@ -261,6 +268,16 @@ connect "irc.uplink.com" {
#aftype = ipv6;
};
connect "ssl.uplink.com" {
host = "192.168.0.1";
send_password = "password";
accept_password = "anotherpassword";
port = 9999;
hub_mask = "*";
class = "server";
flags = ssl, topicburst;
};
service {
name = "services.int";
};

View file

@ -117,13 +117,18 @@ serverinfo {
#vhost6 = "3ffe:80e8:546::2";
/* ssl_private_key: our ssl private key */
ssl_private_key = "etc/test.key";
ssl_private_key = "etc/test.key";
/* ssl_cert: certificate for our ssl server */
ssl_cert = "etc/test.cert";
ssl_cert = "etc/test.cert";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
ssl_dh_params = "etc/dh.pem";
/* ssld_count: number of ssld processes you want to start, if you have a really busy
* server, using N-1 where N is the number of cpu/cpu cores you have might be useful
*/
ssld_count = 1;
/* default max clients: the default maximum number of clients
* allowed to connect. This can be changed once ircd has started by
@ -252,20 +257,28 @@ listen {
/* port: the specific port to listen on. if no host is specified
* before, it will listen on all available IPs.
*
* sslport: the specific port to listen ssl connections on. if no
* host is specified before, it will listen on all available IPs.
*
* ports are seperated via a comma, a range may be specified using ".."
*/
/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
port = 5000, 6665 .. 6669;
/* sslport: listen for ssl connections on all available IPs, port 9999 */
sslport = 9999;
/* host: set a specific IP/host the ports after the line will listen
* on. This may be ipv4 or ipv6.
*/
host = "1.2.3.4";
port = 7000, 7001;
sslport = 9000, 9001;
host = "3ffe:1234:a:b:c::d";
port = 7002;
sslport = 9002;
};
/* auth {}: allow users to connect to the ircd (OLD I:) */
@ -454,6 +467,7 @@ connect "irc.uplink.com" {
* autoconn - automatically connect to this server
* compressed - compress traffic via ziplinks
* topicburst - burst topics between servers
* ssl - ssl/tls encrypted server connections
*/
flags = compressed, topicburst;
};
@ -475,6 +489,19 @@ connect "ipv6.some.server" {
class = "server";
};
connect "ssl.uplink.com" {
/* Example of ssl server-to-server connection, ssl flag doesn't need
* compressed flag, 'cause it uses own compression
*/
host = "192.168.0.1";
send_password = "password";
accept_password = "anotherpassword";
port = 9999;
hub_mask = "*";
class = "server";
flags = ssl, topicburst;
};
/* cluster {}; servers that we propagate things to automatically.
* NOTE: This does NOT grant them privileges to apply anything locally,
* you must add a seperate shared block for that. Clustering will