mIRC Homepage
Posted By: Om3n Safe/Trusted SSL list - 25/08/06 08:29 AM
Some kind of safe list for ssl sever connections, where you can enter $network and $server values that mirc to accept the certificate from without prompt. ($server values would be wildcard matchable, ie *.networkname.net)

Basically just a way to automatically accept certificates from networks you specify as trusted or safe. I dont know about other people but i find it quite annoying if im away and come back to a server connection that has been offline for several hours due to lack of certificate acceptance. (one such network i use ssl on i am in a channel that is business related). I know you can save a certificate so you dont have to accept that particular one again, however some networks dont allow you to see links of maps, or allow direct leaf connection. Which leaves you in the dark as to which server your going to get and weather or not you will need to accept the certificate.

If this can already be done (moderately easy) with one of the file selections in the ssl options i apologise, and if so a little information about it in the help file (and in this thread to point me in the right direction) would be nice.
Posted By: Jae Re: Safe/Trusted SSL list - 26/08/06 03:49 AM
The /map and /links commands may be blocked, but nothing ever stops anyone listing all ip's in a dns pool for irc.<ircnetwork.host>.
Meaning you would have a the ip's for their servers then can connect and in a sence get a lookup and listing of all servers, and saving the certificates for all servers.
Alternatively, there may be something you are after avaliable, or it might be updated to be better in future versions.
-edit-
Perhaps an option to accept all ip's in a given dns pool for a network that you are using to connect to the network.
Posted By: Om3n Re: Safe/Trusted SSL list - 26/08/06 03:54 PM
I realise the sketchyness of the suggestion, since automated acceptance in any form borders on defeating the purpose of having the accept them at all.

I realise i could go through and connect and accept the certificates for every ip in the dns pool of a network, but not only is that extremely tedious for a large network, but it also does not account for any changes or additions to the pool. So the result of connecting to a new leaf or a leaf you have not been on before is the same nontheless.

I'm open to suggetions of ways around having to manually accept certificates all the time if their is a way without putting something into mirc. Otherwise any way within mirc itself would be very useful.

I can't be the only one that has been aggrivated at one point or another because of this?
Posted By: Talon Re: Safe/Trusted SSL list - 28/08/06 06:40 AM
well, you can use a subclassing dll to monitor for that certificate box and send a mouse click to it, so it seemingly automates the process. I don't use SSL connections to IRC servers so I do not know what the box looks like, if the box contains information you could probably iterate through the children of that box, and gettext from the proper hwnd to be able to parse the data contained in the box for a possible match case to automatically accept this certificate. All and all, I think this wouldnt be too difficult to implement yourself.
Posted By: Jae Re: Safe/Trusted SSL list - 29/08/06 10:50 AM
Well i was trying to give an intermediate *quick* solution...
But being able to accept all connections to ip's on a networks dns pool would be useful and perhaps acheive what you are after. Perhaps opn connection saying in the status window it accepted the certificate for this reason?
© mIRC Discussion Forums