Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document minimum library versions #1641

Merged
merged 6 commits into from
Jul 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion doc/sphinx_source/install/readme.rst
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,25 @@ System Pre-Requisites

Before you can compile Eggdrop, Tcl must be installed on your system. Many systems have Tcl installed on them by default (you can check by trying the command "tclsh"; if you are given a '%' for a prompt, it is, and you can type 'exit' to exit the Tcl shell. However, Eggdrop also requires the Tcl development header files to be installed. They can often be installed via an OS package manager, usually called something similar to 'tcl-dev' for the package name. You can also download Tcl source from `<https://www.tcl.tk/software/tcltk/download.html>`_.

It is also strongly recommended to install openssl (and its development headers) in order to enable SSL/TLS protection of network data. The header files are often called something similar to 'libssl-dev'.
Eggdrop also requires openssl (and its development headers) in order to enable SSL/TLS protection of network data. The header files are often called something similar to 'libssl-dev'. While not advised, this requirement can be removed by compilling using ``./configure --disable-tls``, but you will not be able to connect to TLS-protected IRC servers nor utilize secure botnet communication.

Minimum Requirements
--------------------

Some components of Eggdrop relies on a variety of third-party libraries, documented here.

+-------------------------------+-------------------+-------------------+
| Functionality | Package | Minimum Version |
+===============================+===================+===================+
| Tcl interpreter (required) | Tcl Dev Library | 8.5.0 |
+-------------------------------+-------------------+-------------------+
| Secure communication | OpenSSL | 0.9.8 |
+-------------------------------+-------------------+-------------------+
| Python module | Python | 3.8.0 |
+-------------------------------+-------------------+-------------------+
| Compression module | zlib | Any |
+-------------------------------+-------------------+-------------------+


Quick Startup
-------------
Expand Down
14 changes: 7 additions & 7 deletions doc/sphinx_source/using/tls.rst
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ TLS support
===========

This document provides information about TLS support which is a new
eggdrop feature since version 1.8.0.
Eggdrop feature since version 1.8.0.

-----
About
-----

Eggdrop can be optionally compiled with TLS support. This requires OpenSSL
0.9.8 or more recent installed on your system.
0.9.8 or later installed on your system.
TLS support includes encryption for IRC, DCC, botnet, telnet and scripted
connections as well as certificate authentication for users and bots.

Expand Down Expand Up @@ -82,7 +82,7 @@ Eggdrop can use TLS connections to protect botnet links if it is compiled with T
| +port | listen port | fail as leaf only wants TLS |
+------------------------------+----------------------------+-------------------------------+

In short, a bot added to your Eggdrop with a +port in the address can only connect to a bot listening with a +port in the config. Conversely, a bot added to your eggdrop without a + prefix can only connect to a bot listening without a + prefix in the config.
In short, a bot added to your Eggdrop with a +port in the address can only connect to a bot listening with a +port in the config. Conversely, a bot added to your Eggdrop without a + prefix can only connect to a bot listening without a + prefix in the config.

If TLS negotiation fails, the connection is deliberately aborted and no clear text is ever sent by the TLS-requiring party.

Expand All @@ -106,7 +106,7 @@ Scripts can open or connect to TLS ports the usual way specifying the
port with a plus sign. Alternatively, the connection could be
established as plaintext and later switched on with the starttls Tcl
command. (Note that the other side should also switch to TLS at the same
time - the synchronization is the script's job, not eggdrop's.)
time - the synchronization is the script's job, not Eggdrop's.)

-------------------------------------
Keys, certificates and authentication
Expand All @@ -118,7 +118,7 @@ bots and TLS listening ports. General information about certificates and
public key infrastructure can be obtained from Internet. This document
only contains eggdrop-specific information on the subject.
The easy way to create a key and a certificate is to type 'make sslcert'
after compiling your bot (If you installed eggdrop to a non-standard
after compiling your bot (If you installed Eggdrop to a non-standard
location, use make sslcert DEST=/path/to/eggdrop). This will generate a
4096-bit private key (eggdrop.key) and a certificate (eggdrop.crt) after
you fill in the required fields. Alternatively, you can use 'make sslsilent'
Expand All @@ -130,12 +130,12 @@ make a ssl certificate for yourself and enable ssl-cert-auth in the config
file. Then either connect to the bot using TLS and type ".fprint +" or
enter your certificate fingerprint with .fprint SHA1-FINGERPRINT.
To generate a ssl certificate for yourself, you can run the following
command from the eggdrop source directory::
command from the Eggdrop source directory::

openssl req -new -x509 -nodes -keyout my.key -out my.crt -config ssl.conf

When asked about bot's handle, put your handle instead. How to use your
new certificate to connect to eggdrop, depends on your irc client.
new certificate to connect to Eggdrop, depends on your irc client.
To connect to your bot from the command line, you can use the OpenSSL
ssl client::

Expand Down