aronson / discord-irc

Connects Discord and IRC channels by sending messages back and forth.
MIT License
4 stars 2 forks source link

Self-signed SSL Connections #53

Closed KeiroD closed 1 year ago

KeiroD commented 1 year ago

Was helping a friend run this copy of Discord-IRC and it turns out that their server was running with a self-signed SSL certificate that Discord-IRC really didn't like and was showing strange behaviour with not very useful info with regards to that aspect. For example:

[2023/10/22 3:11:41 AM] [AGNPH] [  INFO ]: Connecting to IRC server irc.example.com:6669 with TLS
[2023/10/22 3:13:52 AM] [AGNPH] [  INFO ]: Attempting to reconnect to server irc.example.com:6669...
[2023/10/22 3:13:52 AM] [AGNPH] [ ✗ ERROR ]: Received error event from IRC
{
  "name": "TimedOut",
  "code": "ETIMEDOUT",
  "type": "connect"
}
[2023/10/22 3:13:55 AM] [AGNPH] [  INFO ]: Connecting to IRC server irc.example.com:6669 with TLS
[2023/10/22 3:13:56 AM] [AGNPH] [  DONE ]: Connected to IRC server irc.example.com:6669
[2023/10/22 3:13:56 AM] [AGNPH] [ ✗ ERROR ]: Received error event from IRC
{
  "name": "InvalidData",
  "type": "read"
}
[2023/10/22 3:13:56 AM] [AGNPH] [ ✗ ERROR ]: Received error event from IRC
{
  "name": "InvalidData",
  "type": "write"
}
[2023/10/22 3:13:56 AM] [AGNPH] [ ✗ ERROR ]: Disconnected from server irc.example.com:6669!
^C[2023/10/22 3:13:58 AM] [AGNPH] [  WARN ]: Received shutdown event! Disconnecting...
[2023/10/22 3:13:58 AM] [AGNPH] [ ✗ ERROR ]: Received error event from IRC
{
  "type": "write"
}

I was able to reproduce it with my bot by testing the above and confirming that it was yelling about the cert in a rather obtuse manner. Once they swapped to a valid Let's Encrypt cert though, the issue of course went away.

Might be worth having a config option to ignore such checks, particularly if testing this? This was happening in both Docker and non-docker modes of the bot.

aronson commented 1 year ago

Hi, the easiest way to do this is to place the certificate authority chain in your OS's certificate store. Deno can trust what your operating system trusts.

Once it is in your OS's certificate store run: export DENO_TLS_CA_STORE=system before running the binary. For docker this process is much more involved.

If you cannot do that, run from source with the --unsafely-ignore-certificate-errors flag. I'm not supporting this in configuration as one can modify the certificate store for a much more secure experience.

You will need to install Deno for your OS as well as Git. It's a one-liner command to install.

Then from a terminal:

## Clone the repo
git clone https://github.com/aronson/discord-irc.git
## copy your config.json in
cp /path/to/config.json discord-irc
## Enter source directory
cd discord-irc
## Start with deno manually with certificate validation disabled
deno run --allow-net --allow-env=CONFIG_FILE,DEBUG,VERBOSE,NODE_EXTRA_CA_CERTS --allow-read --allow-write --unsafely-ignore-certificate-errors discord-irc.ts

Untested.

KeiroD commented 1 year ago

That's fair and a good default. Excellent call.

I'll go ahead and close this then. :)

Clarity would be helpful though, in terms of errors.

aronson commented 1 year ago

The errors are somewhat outside of my control as the author of this discord-irc rewrite. You're seeing exactly what I see in code from Deno-IRC, the library that provides the IRC connection and support this bot uses. There's no way to know it's a self-signed cert here.

I'm a newfound contributor to that library so I can take a look at enhancing the error reporting on that side.

KeiroD commented 1 year ago

The errors are somewhat outside of my control as the author of this discord-irc rewrite. You're seeing exactly what I see in code from Deno-IRC, the library that provides the IRC connection and support this bot uses. There's no way to know it's a self-signed cert here.

I'm a newfound contributor to that library so I can take a look at enhancing the error reporting on that side.

Ahhh... fair enough! That makes sense. I appreciate it, honestly.