mIRC Home    About    Download    Register    News    Help

Print Thread
SSL certificate chain error for irc.hackint.org #268467 20/02/21 10:46 AM
Joined: Apr 2006
Posts: 4
P
pzYsTorM Offline OP
Self-satisfied door
OP Offline
Self-satisfied door
P
Joined: Apr 2006
Posts: 4
Hi,

at the current moment I'm not quite 100% sure if this is a bug or a misconfiguration.

While connecting to
/server irc.hackint.org +6697
I get the error "Unable to connect to server (SSL certificate chain error)"

I am still using the old Windows 7, but I have already downloaded all root and intermediate certs from https://letsencrypt.org/certificates/ and have installed them as trusted CA.
But it's still not working.

Then I discovered this cacert.pem inside the mIRC folder. I have appended all downloaded letsencrypt pem certs to that file, restarted mIRC, but it's still not working.

Then I have downgraded from 7.64 to 7.61 but it's still not working (same error).
Before that upgrading I had Version 7.56 and THAT version was working with hackint.

Any suggestion?

Re: SSL certificate chain error for irc.hackint.org [Re: pzYsTorM] #268469 20/02/21 02:57 PM
Joined: Dec 2002
Posts: 4,871
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,871
I am not seeing any issues when connecting to this server. I am using the default trusted authorities cacert.pem file that comes with mIRC.

Re: SSL certificate chain error for irc.hackint.org [Re: pzYsTorM] #268471 20/02/21 03:29 PM
Joined: Jan 2004
Posts: 1,509
maroon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 1,509
v7.56 was the 1st time mIRC switched from using OpenSSL 1.1.0 series to 1.1.1 series, so perhaps that's relevant. If you have an old OpenSSL DLL in the folder you're installing new mIRC into, perhaps there's something in that DLL version which isn't playing nice with the new OpenSSL code. If the next echo shows them pointing to mIRC itself, then that's not the problem.

//echo -a $sslversion $ssldll $ssllibdll

Are you having trouble connecting to other networks via SSL, or just that one?

/server -m chat.freenode.net +6697

Re: SSL certificate chain error for irc.hackint.org [Re: maroon] #268472 20/02/21 05:24 PM
Joined: Apr 2006
Posts: 4
P
pzYsTorM Offline OP
Self-satisfied door
OP Offline
Self-satisfied door
P
Joined: Apr 2006
Posts: 4
Thanks for your replies.

[18:19:41] * Connecting to chat.freenode.net (+6697)
[18:19:41] * Unable to connect to server (SSL certificate chain error)

Indeed, other servers also make trouble when using SSL.

Your echo gives:
1.1.1.4 G:\mIRC\mirc.exe G:\mIRC\mirc.exe
Some years ago I had some DDLs like libeay32 and libssl32 inside G:\mIRC, but these have been removed by me some years ago (as mIRC included them)

Humm, weird.... any ideas?

Re: SSL certificate chain error for irc.hackint.org [Re: pzYsTorM] #268473 20/02/21 05:44 PM
Joined: Jan 2004
Posts: 1,509
maroon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 1,509
Well, that indicates the problem is something in the SSL handling at your end, and isn't the problem with the server's side.

1.1.1.4 is the version of OpenSSL as of 7.58, so you should see that same number for all versions through 7.61, since 7.62 upgraded to 1.1.1f aka 1.1.1.6, and 7.64 uses 1.1.1i.

Can you confirm that options/connect/options/ssl shows the trusted auth file being the cacert.pem which came with mirc?

//notepad $mircini

Does the [ssl] section show anything for the key= and cert= settings? mine doesn't

If that doesn't solve it, you can try another external DLL which "works for me"

The FiSH script is at https://syndicode.org/fish_10/ - You don't need to install or use the FiSH dll, but it does contain the 2 lib*.dll files from OpenSSL 1.1.1h, though that's older than the 1.1.1i used in v7.64. You could also get a new OpenSSL and steal the DLL's from it.

You can set your mirc settings to load the external DLL during startup:
//writeini -n $qt($mircini) ssl load 1
Then unzip the 2 LIB*.DLL's into the MIRC folder and restart mirc. (don't need to reboot)

That will change the filenames and version number shown in my original echo, and it uses that version of OpenSSL regardless what's contained inside mirc.exe

Re: SSL certificate chain error for irc.hackint.org [Re: maroon] #268474 20/02/21 06:09 PM
Joined: Apr 2006
Posts: 4
P
pzYsTorM Offline OP
Self-satisfied door
OP Offline
Self-satisfied door
P
Joined: Apr 2006
Posts: 4
Oh, great, thanks thanks thanks a lot! smile
That was the problem.

I have cleared the private key and the chain file ( i dont know why something was in there at all...) and in the trusted CA field I have selected the cacert.pem from mIRC install:
[Linked Image from abload.de]