mIRC Home    About    Download    Register    News    Help

Print Thread
Safe/Trusted SSL list #157442 25/08/06 08:29 AM
Joined: Jul 2003
Posts: 655
Om3n Offline OP
Fjord artisan
OP Offline
Fjord artisan
Joined: Jul 2003
Posts: 655
Some kind of safe list for ssl sever connections, where you can enter $network and $server values that mirc to accept the certificate from without prompt. ($server values would be wildcard matchable, ie *.networkname.net)

Basically just a way to automatically accept certificates from networks you specify as trusted or safe. I dont know about other people but i find it quite annoying if im away and come back to a server connection that has been offline for several hours due to lack of certificate acceptance. (one such network i use ssl on i am in a channel that is business related). I know you can save a certificate so you dont have to accept that particular one again, however some networks dont allow you to see links of maps, or allow direct leaf connection. Which leaves you in the dark as to which server your going to get and weather or not you will need to accept the certificate.

If this can already be done (moderately easy) with one of the file selections in the ssl options i apologise, and if so a little information about it in the help file (and in this thread to point me in the right direction) would be nice.


"Allen is having a small problem and needs help adjusting his attitude" - Flutterby
Re: Safe/Trusted SSL list #157443 26/08/06 03:49 AM
Joined: Feb 2004
Posts: 201
J
Jae Offline
Fjord artisan
Offline
Fjord artisan
J
Joined: Feb 2004
Posts: 201
The /map and /links commands may be blocked, but nothing ever stops anyone listing all ip's in a dns pool for irc.<ircnetwork.host>.
Meaning you would have a the ip's for their servers then can connect and in a sence get a lookup and listing of all servers, and saving the certificates for all servers.
Alternatively, there may be something you are after avaliable, or it might be updated to be better in future versions.
-edit-
Perhaps an option to accept all ip's in a given dns pool for a network that you are using to connect to the network.

Last edited by Jae; 26/08/06 03:51 AM.
Re: Safe/Trusted SSL list #157444 26/08/06 03:54 PM
Joined: Jul 2003
Posts: 655
Om3n Offline OP
Fjord artisan
OP Offline
Fjord artisan
Joined: Jul 2003
Posts: 655
I realise the sketchyness of the suggestion, since automated acceptance in any form borders on defeating the purpose of having the accept them at all.

I realise i could go through and connect and accept the certificates for every ip in the dns pool of a network, but not only is that extremely tedious for a large network, but it also does not account for any changes or additions to the pool. So the result of connecting to a new leaf or a leaf you have not been on before is the same nontheless.

I'm open to suggetions of ways around having to manually accept certificates all the time if their is a way without putting something into mirc. Otherwise any way within mirc itself would be very useful.

I can't be the only one that has been aggrivated at one point or another because of this?


"Allen is having a small problem and needs help adjusting his attitude" - Flutterby
Re: Safe/Trusted SSL list #157445 28/08/06 06:40 AM
Joined: Dec 2002
Posts: 235
T
Talon Offline
Fjord artisan
Offline
Fjord artisan
T
Joined: Dec 2002
Posts: 235
well, you can use a subclassing dll to monitor for that certificate box and send a mouse click to it, so it seemingly automates the process. I don't use SSL connections to IRC servers so I do not know what the box looks like, if the box contains information you could probably iterate through the children of that box, and gettext from the proper hwnd to be able to parse the data contained in the box for a possible match case to automatically accept this certificate. All and all, I think this wouldnt be too difficult to implement yourself.

Re: Safe/Trusted SSL list #157446 29/08/06 10:50 AM
Joined: Feb 2004
Posts: 201
J
Jae Offline
Fjord artisan
Offline
Fjord artisan
J
Joined: Feb 2004
Posts: 201
Well i was trying to give an intermediate *quick* solution...
But being able to accept all connections to ip's on a networks dns pool would be useful and perhaps acheive what you are after. Perhaps opn connection saying in the status window it accepted the certificate for this reason?