https://wiki.chat4all.org/api.php?action=feedcontributions&user=Siiw&feedformat=atomChat4AllFAQ - User contributions [en]2024-03-28T10:39:04ZUser contributionsMediaWiki 1.29.0https://wiki.chat4all.org/index.php?title=SSL_CA_import_instructions&diff=2894SSL CA import instructions2014-03-03T18:40:07Z<p>Siiw: /* irssi */</p>
<hr />
<div>[[Category:EN]]<br />
This article describes in detail how you can import our Certificate Authority Certificate into your IRC client. If the client you are using is not listed, please contact us in #help and we'll see if we can find out how to import it for you.<br />
<br />
=CA download=<br />
You can download the CA certificate from [https://www.chat4all.org/ircd-certificates/index.html our secure website].<br />
This should link you to https://www.chat4all.org/ircd-certificates/chat4all-ca.pem<br />
<br />
=mIRC=<br />
Screenshot for reference: http://vbprog.zonexus.net/ss/irc/mirc_ca.PNG<br />
#[[#CA_download|Download the certificate]]<br />
#Save it somewhere you can easily find it. 'My Documents' or the mIRC directory are good options.<br />
#If you are already using a trusted authorities file for one or more different networks, then you need to [[#Append_CAs_in_Windows|append the downloaded certificate]] to the existing trusted authorities file. If you need a reminder on where this file is located; the trusted authorities button has the path in it.<br />
#Within mIRC, go to: ''Tools'' > ''Options'', then in the left list navigate to ''Connect'' > ''Options''.<br />
#Provided you have installed SSL as described above, there should be an SSL button here. Click that<br />
#Click on the empty button under 'Trusted authorities file'.<br />
#Select the file you downloaded, and you are done. A reload of mIRC is not required; you should be able to connect.<br />
<br />
=Xchat=<br />
Note: Xchat does not have an in-client method for checking CAs; it uses OpenSSL's paths to read CAs. See [http://forum.xchat.org/viewtopic.php?f=2&t=5529] for the source of this information.<br />
[[#CA_download|Download the certificate]], then follow the directions specific to your OS.<br /><br />
==Windows builds==<br />
Screenshot for reference: http://vbprog.zonexus.net/ss/irc/xchat_ca.PNG<br />
#Save the CA certificate somewhere you can easily find (''%appdata%\X-Chat 2'' or ''My Documents'' are good choices)<br />
#Right click My Computer and hit Properties. Go to the Advanced tab and hit Environment Variables.<br />
#Create a User Variable (or System if you prefer it to be available systemwide should you have a multiuser computer) with the following attributes:<br />
##Variable: SSL_CERT_FILE<br />
##Value: C:\Path\Where\You\Saved\Your\Cert.pem<br />
<br />
It is recommended to reload Xchat since you are modifying an environment variable, and you should no longer see this:<br />
* * Verify E: unable to get local issuer certificate.? (20)<br />
If not, then Xchat successfully recognized the CA.<br />
<br />
==Linux builds==<br />
#Install the [[#CA_download|the certificate]] to the '''certs''' directory in the location given by openssl version -d and Xchat should pick it up.<br />
#There seems to be no way to do this on a per-user basis so that root access is not required (or at least I cannot find it)<br />
<br />
=weechat=<br />
#Locate your current '''trusted authorities file''' in WeeChat: <br />
/set weechat.network.gnutls_ca_file<br />
#This will probably mention ''"%h/ssl/CAs.pem"'', which means it's stored in ''ssl/CAs.pem'' in the weechat homedir (''~/.weechat'' by default)<br />
#[[#CA_download|Download the certificate]]<br />
#Save it in ''~/.weechat/ssl/CAs.pem'' or [[#Append_CAs_in_Linux|append it to this file]]<br />
#Set the ''ssl_verify'' option for your Chat4All server entry to "on":<br />
/set irc.server.Chat4All.ssl_verify on<br />
Now you should be able to connect to our SSL enabled ports without problems.<br />
''You might need to restart your weechat before it uses the updated certificates authorities file.''<br />
<br />
=irssi=<br />
#[[#CA_download|Download the certificate]] to ~/.irssi/chat4all-ca.pem<br />
#Add ''-ssl_cafile ~/.irssi/chat4all-ca.pem'' to your irssi server configuration:<br />
/server add -auto -ssl -ssl_cafile ~/.irssi/chat4all-ca.pem -network Chat4All irc.chat4all.org 7001<br />
#Connect to the network/server:<br />
/connect irc.chat4all.org<br />
That's all!<br />
<br />
=Quassel=<br />
Pending implementation according to [http://bugs.quassel-irc.org/issues/464 Bug-report 464 at Quassel's website]<br />
<br />
You might find some more instructions in this [http://dev.weechat.org/post/2009/12/01/SSL-certificates SSL post at weechat.org]<br />
<br />
=Append CAs in Windows=<br />
If you have CAs from other networks (like Freenode), you can append our Certificate Authority Certificate to the existing file. <br />
<br />
#Open our CA certificate in a text editor such as Notepad and copy the contents.<br />
#Open the existing trusted authorities file in another text editor and paste our copied CA certificate at the top of the file.<br />
#Save the trusted authorities file.<br />
<br />
=Append CAs in Linux=<br />
If you have CAs from other networks (like Freenode), you can append our CA Certificate to the existing file.<br />
<br />
Assume our CA certificate is called ''chat4all-ca.pem'', the existing trusted certificate authorities file is called ''CAs.pem'' and they are both in the same directory.<br />
<br />
Execute the following commands:<br />
#Backup the current trusted certificate authorities<br />
cp CAs.pem CAs.pem.backup<br />
<br />
#Concatenate our certificate into the existing trusted certificates authorities<br />
cat chat4all-ca.pem >> CAs.pem</div>Siiwhttps://wiki.chat4all.org/index.php?title=Levels&diff=2107Levels2010-09-26T11:23:27Z<p>Siiw: edited small typo</p>
<hr />
<div>== Levels ==<br />
<br />
The Levels system is an alternative to the [[xOP]] channel access system. This method allows for finer control of various channel features and user rights as opposed to the predefined VOP/HOP/AOP/SOP/ used in the xOPs system. Read on for the details.<br />
<br />
== Syntax and Enabling ==<br />
<br />
First things first, you will have to disabled the xOP system to be able to use the Levels system on your channel:<br />
/CHANSERV SET #channel XOP off <br />
Your current xOP user access list will be converted into the Levels system automatically, following this conversion table:<br />
xOP -> LEVEL<br />
-----------<br />
VOP -> 3<br />
HOP -> 4<br />
AOP -> 5<br />
SOP -> 10<br />
<br />
From here on, you will not be able to use the old xOP edit commands to maintain user accesses, unless you switch back to the xOP system (which typically isn't recommended to do). So, the following does NOT work anymore:<br />
/CHANSERV [VOP|HOP|AOP|SOP] #channel ADD nick<br />
Instead you will have to assign an access level instead, using the following command syntax:<br />
/CHANSERV ACCESS #channel ADD nickname level<br />
For instance, to grant ''aRandomUser'' the equivalent rights of HOP on your channel #testingIsFun, you have to issue the following command:<br />
/CHANSERV ACCESS #testingIsFun ADD aRandomUser 4<br />
<br />
=== Basic commands overview ===<br />
Now for some basic access list management commands:<br />
<br />
Viewing the access list:<br />
/CHANSERV ACCESS #channel LIST<br />
<br />
Adding a '''''registered''''' user to the access list:<br />
/CHANSERV ACCESS #channel ADD nickname level<br />
For instance, assigning level 5 (the equivalent of AOP) to the user ''DennisOpper'' on channel ''#filmfreaks'':<br />
/CHANSERV ACCESS #filmfreaks ADD DennisOpper 5<br />
<br />
See the complete list of possible LEVELS descriptions:<br />
/CHANSERV HELP LEVELS DESC<br />
<br />
See a rather large list of all configurable channel options and their current minimum required levels:<br />
/CHANSERV LEVELS #channel LIST<br />
This will for instance show:<br />
KICKME 5<br />
which means you'll need at least level 5 before you can kick yourself. Or you'll see:<br />
AUTOPROTECT 10<br />
which means that you need at least level 10 before you will automatically get channel-usermode +a (admin/PROTECT).<br />
<br />
A complete list of options is in the [#ChannelOptions Channel Options section].<br />
<br />
==== AutoVoice everyone ====<br />
If you want to auto-voice everyone who enters your channel, you can lower the minimum required level for AUTOVOICE to 0 (the default user level)<br />
/CHANSERV LEVELS #channel SET autovoice 0 <br />
<br />
== Channel Options ==<br />
With the Levels system comes the ability to set what level of user can use a given function or gain a specific channel status. This is the complete list as extracted from '''/CHANSERV help levels desc'''<br />
<p>Notes:<br /><br />
#Casing was added to the option names for readability<br />
#'Disabled' as the default level means 'Restricted to Founder'<br />
</p><br />
=== User statuses ===<br />
{| border="1" cellspacing="0" cellpadding="5"<br />
|-<br />
!scope="col"| Option<br />
!scope="col"| Description<br />
!scope="col"| Default Min.Level<br />
|-<br />
| AutoDeOp<br />
| Disallow a user operator access, even if someone manually ops with /mode #channel +o nickname<br />
| -1<br />
|-<br />
| AutoHalfop<br />
| Automatic halfop (+h) on join (Same effect as /CHANSERV HOP in xOP)<br />
| 4<br />
|-<br />
| AutoOp<br />
| Automatic op (+o) on join. (Same as /CHANSERV AOP in xOP)<br />
| 5<br />
|-<br />
| AutoProtect<br />
| Automatic admin/protected op (+a) on join. (Same as /CHANSERV SOP in xOP)<br />
| 10<br />
|-<br />
| AutoVoice<br />
| Automatic voice (+v) on join. (Same as /CHANSERV VOP in xOP)<br />
| 3<br />
|-<br />
| NoJoin<br />
| Disallowed to join the channel.<br />
| -2<br />
|-<br />
| SignKick<br />
| Kick messages done through [[ChanServ]] or a [[Bot|Services Bot]] will not be signed when the level is equal or above this number if /CHANSERV SET #channel SIGNKICK LEVEL is set.<br /> However, this seems to be broken currently in the Anope services, since it will always sign regardless of level.<br />
| Disabled<br />
|-<br />
| Acc-List<br />
| Permit the viewing of the access list via /CHANSERV access #channel list (useful if you want to let people see who your channel staff is)<br />
| 1<br />
|-<br />
| Acc-Change<br />
| Permit the modification of the access list<br />
| 10<br />
|-<br />
| AKick<br />
| Permit the use of the AKick command.<br />
| 10<br />
|-<br />
| Set<br />
| Permit the use of /CHANSERV SET, except for the FOUNDER and PASSWORD options which remain restricted to the channel founder.<br />
| Disabled<br />
|-<br />
| Ban<br />
| Permit the banning of users via ChanServ's /CHANSERV BAN<br />
| 5<br />
|-<br />
| BanMe<br />
| Permits you to...ban yourself! (through /CHANSERV BAN)<br />
| 5<br />
|-<br />
| Clear<br />
| Permit the use of the Clear command (/CHANSERV CLEAR)<br />
| Disabled<br />
|-<br />
| GetKey<br />
| Permit a user to get the channel key of a +k channel with /CHANSERV GETKEY<br />
| 5<br />
|-<br />
| HalfOp<br />
| Permit the use of the /CHANSERV HALFOP and /CHANSERV DEHALFOP commands on others.<br />
| 5<br />
|-<br />
| HalfOpMe<br />
| Permit the use of /CHANSERV HALFOP and /CHANSERV DEHALFOP on yourself.<br />
| 4<br />
|-<br />
| Info<br />
| Permit the viewing of the output of all info (/CHANSERV INFO #channel ALL) instead of basic info only.<br />
| Disabled<br />
|-<br />
| Kick<br />
| Permits use of /CHANSERV KICK on others<br />
| 5<br />
|-<br />
| KickMe<br />
| Permits use of /CHANSERV KICK on yourself<br />
| 5<br />
|-<br />
| Invite<br />
| Allows to INVITE yourself in the channel with /CHANSERV INVITE #channel<br />
| 5<br />
|-<br />
| OpDeop<br />
| Permits use of /CHANSERV OP and /CHANSERV DEOP on others<br />
| 5<br />
|-<br />
| OpDeopMe<br />
| Permits use of /CHANSERV OP and /CHANSERV DEOP on yourself<br />
| 5<br />
|-<br />
| Protect<br />
| Permits use of /CHANSERV PROTECT and /CHANSERV DEPROTECT on others<br />
| Disabled<br />
|-<br />
| ProtectMe<br />
| Permits use of /CHANSERV PROTECT and /CHANSERV DEPROTECT on yourself<br />
| 10<br />
|-<br />
| Topic<br />
| Permits changing of the channel topic.<br />
| Disabled<br />
|-<br />
| Unban<br />
| Permits removing all bans that would prevent you from entering the channel with /CHANSERV UNBAN #channel<br />
| 5<br />
|-<br />
| Voice<br />
| Permits use of /CHANSERV VOICE and /CHANSERV DEVOICE on others<br />
| 5<br />
|-<br />
| VoiceMe<br />
| Permits use of /CHANSERV VOICE and /CHANSERV DEVOICE on yourself<br />
| 3<br />
|-<br />
| Memo<br />
| Permits the reading of channel memos sent to the channel via [[MemoServ]] (/MEMOSERV READ #channel)<br />
| 10<br />
|-<br />
| Assign<br />
| Permits the (un)assigning of a Services Bot<br />
| Disabled<br />
|-<br />
| BadWords<br />
| Permit the manipulation of the Badwords list of a Services Bot (useless unless you have one assigned to your channel)<br />
| 10<br />
|-<br />
| Fantasia<br />
| Permit the use of 'fantasy commands', such as !op, !kick, etc. (Proper access is still required for some functions, like user statuses, kicks and bans)<br />
| 3<br />
|-<br />
| Greet<br />
| Users this level and above will have the greet message they set with NickServ displayed by a Services Bot when they join (useless without a bot assigned to your channel)<br />
| 5<br />
|-<br />
| NoKick<br />
| Users this level and above will *not* be affected by any bot kick triggers, like flood, badwords, etc<br />
| 1<br />
|-<br />
| Say<br />
| Permits the use of /BOTSERV SAY and /BOTSERV ACT, to talk through a Services Bot (useless without a bot assigned to your channel)<br />
| 5<br />
|-<br />
|}<br />
<br />
== Additional LEVELS options ==<br />
Disable the given option, restricting it to founder only<br />
/CHANSERV LEVELS #channel DISABLE option <br />
<br />
Reset all the levels on options to their default settings (which are shown in the above table):<br />
/CHANSERV LEVELS #channel RESET <br />
<br />
== Additional ACCESS options ==<br />
Delete a user from the access list (this will reset them to level 0)<br />
/CHANSERV ACCESS #channel DEL nickname<br />
For instance to revoke DennisOpper's access level on channel #filmfreaks, type:<br />
/CHANSERV ACCESS #filmfreaks DEL DennisOpper<br />
<br />
Note: You may also use the entry number from the LIST command in place of a nick. This will let you provide a list of numbers for mass removal<br />
/CHANSERV ACCESS #channel DEL 1-3,5,13 <br />
You can also first view the list of affected nicknames to be sure you have the right numbers with:<br />
/CHANSERV ACCESS #channel LIST 1-3,5,13 <br />
<br />
Wipe out the entire access list in one go<br />
/CHANSERV ACCESS #channel CLEAR <br />
<br />
== Secure Combinations ==<br />
Other useful options to use in conjunction with LEVELS:<br />
=== Secure Ops ===<br />
<br />
/CHANSERV SET #channel SECUREOPS ON <br />
<br />
Users who are not on the channel's ACCESS list, will not be allowed chanop status.<br />
<br />
=== Secure Channel ===<br />
<br />
/CHANSERV SET #channel SECURE [OFF|ON]<br />
<br />
This setting is a tricky one.. /CHANSERV HELP SET SECURE describes it as follows:<br />
Enables or disables ChanServ's security features for a channel. <br />
When SECURE is set, only users who have registered their nicknames with NickServ <br />
and IDENTIFY'd with their password will be given access to the channel as controlled by the access list. <br />
<br />
However, it does not mention how NickServ's ACCESS and SECURE settings are in effect as well.<br />
<br />
For your NickServ account you can add your current hostname to the ACCESS list (/NICKSERV ACCESS ADD *@*.your.host). This will automatically semi-identify you for your nickname if you connect from a host on your NickServ Access list. If your NickServ SECURE setting is OFF (/NICKSERV SET SECURE OFF), it will even grant you access to chanserv commands based on the access level of the nick you are using. But, only when the channel's SECURE setting is set to OFF.<br />
<br />
So, here's a quick overview of what is possible with /CHANSERV SET #channel SECURE OFF:<br />
# Your current hostname appears on the NICKSERV ACCESS list of your current nickname.<br />
# Your current nickname has NICKSERV SECURE set to OFF<br />
# The channel's CHANSERV SECURE setting is set to OFF<br />
# Your nickname is on the channels CHANSERV ACCESS list with a level greater or equal to the OPDEOPME LEVEL<br />
# You '''''can''''' use ''/CHANSERV OP #channel'' now<br />
<br />
But with /CHANSERV SET #channel SECURE ON:<br />
# Your current hostname appears on the NICKSERV ACCESS list of your current nickname.<br />
# Your current nickname has NICKSERV SECURE set to OFF<br />
# The channel's CHANSERV SECURE setting is set to ON<br />
# Your nickname is on the channels CHANSERV ACCESS list with a level greater or equal to the OPDEOPME LEVEL<br />
# You ''can '''not''''' use ''/CHANSERV OP #channel'' now<br />
<br />
The only way you can use the CHANSERV commands when ''/CHANSERV SET #channel SECURE ON'' is in effect, is by being identified for your registered nickname through NickServ.<br />
<br />
<br />
=== Restricted channel ===<br />
/CHANSERV SET #channel RESTRICTED [OFF|ON]<br />
<br />
This setting is a bit tricky too (and seems slightly broken..)<br />
/CHANSERV HELP SET RESTRICTED<br />
describes it as follows:<br />
<br />
Enables or disables the restricted access option for a channel. <br />
When restricted access is set, users who would normally be disallowed from having channel operator privileges <br />
(users with negative access levels and, if secure ops is set, users not on the access list) <br />
will instead be kicked and banned from the channel.<br />
<br />
This would mean that if you only have RESTRICTED ON and SECURE/SECUREOPS are OFF, anyone that is not on the accesslist with a negative level (-1), should be allowed in the channel.<br />
However, in practise it seems to disregard the SECUREOPS setting and disallow everyone who is NOT on the ChanServ Access list at all.<br />
<br />
So, effectively if you use:<br />
/CHANSERV SET #channel RESTRICTED ON <br />
<br />
you will automatically be kick-banned if you are not on the access list. You will also be automatically kick-banned if you are on the access list, but weren't (semi-)identified for your nickname upon joining the channel. So you need to make sure you are identified '''''before''''' you join a restricted channel.<br />
<br />
If ChanServ '''SECURE''' is also set to ON for the restricted channel, users have to be identified for their nicks through NickServ '''before''' entering the channel, otherwise they'll be kickbanned as well. <br />
If CHANSERV SECURE is off, they will also be allowed if their host matches their NickServ Access list and NickServ Secure setting.</div>Siiw