Default connection to Freenode fails

[jidanni]

https://github.com/jorgenschaefer/circe/wiki/Manual says

At the following prompt, you can either enter a server name or a network name. By default, the network Freenode is configured. Just hit TAB to expand it. If you use a server name, Circe will also ask you for a port number. Usually, that would be 6667.

Alas the default connection to Freenode stalls. Also one notes it says 6697.

[jorgenschaefer]

The port number depends on the IRC server you are connecting to. I'm unsure what you are reporting, though – you are trying to connect to Freenode and the connection hangs? Does it work outside of Emacs, e.g. with nc or similar?

[jidanni]

Try this:

1. $ emacs RET
2. M-x circe RET
3. RET

This will produce a "irc.freenode.net" buffer that is stuck "Connecting..."

[jorgenschaefer]

By default this should connect to irc.freenode.net:6697, as that's the default SSL port for Freenode. Is your system configured to allow this connection?

[jidanni]

You will find the above experiment fails. With an empty .emacs file. However

(setq circe-network-options `(("OFTC" :channels ("#debconf-team"))))
(defun irc () "Connect to IRC" (interactive) (progn (circe "OFTC")))

works.

[jidanni]

openssl: Installed: 1.1.0h-2

[jorgenschaefer]

You will find the above experiment fails. With an empty .emacs file.

No, it works for me. That's why I am asking whether the TCP connection to irc.freenode.net:6697 works in general from your machine.

[jidanni]

I need a test script to run to be able to tell. I found https://gist.github.com/vivien/3b1c2efb80f3f3dde001 but it doesn't tell me if it failed.

[jorgenschaefer]

nc -vvv irc.freenode.net 6697

[jidanni]

It this a correct test?

 20:18 ~$ echo INFO | nc -vvv irc.freenode.net 6697
 Connection to irc.freenode.net 6697 port [tcp/ircs-u] succeeded!
 20:20 ~$

Same thing if I use /INFO. Hangs for a minute and then exits.

[jorgenschaefer]

That means your computer can connect. I do not know why Circe stalls, then :-(

[jidanni]

Isn't there some kind of test where I can send some line (echo ...|nc), and the server can reply one line, and thus we can see if they are really talking?

If I can't get the server to ever say anything, how can I tell if they are really fully talking? Thanks.

[jorgenschaefer]

(echo NICK test4223 ; echo USER 0 0 0 0 ; sleep 20 ; echo QUIT :Bye) | openssl s_client -connect irc.freenode.net:6697

[jidanni]

I see. I cannot connect from Taiwan

:wolfe.freenode.net NOTICE * :*** Looking up your hostname...
:wolfe.freenode.net NOTICE * :*** Checking Ident
:wolfe.freenode.net NOTICE * :*** Found your hostname
:wolfe.freenode.net NOTICE * :*** No Ident response
:wolfe.freenode.net NOTICE test4223 :*** Notice -- You need to identify via SASL to use this server
ERROR :Closing Link: 111-246-84-107.dynamic-ip.hinet.net (SASL access only)
closed

[jorgenschaefer]

Still, Circe should show that error …

[jcmdln]

I apologize if you're already aware of this, though on Fedora I must install gnutls-utils in order to use Circe. It may be that this package is missing, because without it I experience the mentioned behavior when connecting to Freenode.

[computersarecool]

I can connect to Freenode from rcirc and erc but circe just shows Connecting.... Is there a verbose output option so I can see why this is stalling out?

[jorgenschaefer]

You can try setting irc-debug-log to t.

[daewok]

I just ran into this as well after upgrading to OpenSSL 1.1.0 from 1.0.2. The issue is that openssl s_client -connect in 1.1 ends the info section with

    Verify return code: 0 (ok)
    Extended master secret: no
---

while 1.0 ends it with:

    Verify return code: 0 (ok)
---

I fixed it by adding this to my emacs config:

(setq tls-end-of-info
      (concat
       "\\("
       ;; `openssl s_client' regexp.  See ssl/ssl_txt.c lines 219-220.
       ;; According to apps/s_client.c line 1515 `---' is always the last
       ;; line that is printed by s_client before the real data.
       "^    Verify return code: .+\n\\(\\|^    Extended master secret: .+\n\\)---\n\\|"
       ;; `gnutls' regexp. See src/cli.c lines 721-.
       "^- Simple Client Mode:\n"
       "\\(\n\\|"                           ; ignore blank lines
       ;; According to GnuTLS v2.1.5 src/cli.c lines 640-650 and 705-715
       ;; in `main' the handshake will start after this message.  If the
       ;; handshake fails, the programs will abort.
       "^\\*\\*\\* Starting TLS handshake\n\\)*"
       "\\)"))

That should work for both OpenSSL 1.0 and 1.1 if my emacs regex foo didn't fail me.

I'm guessing this is unlikely to be fixed upstream (tls-end-of-info comes from emacs' tls.el) since that file has been obsoleted.

[luismbo]

FWIW, I'm getting the same results as @computersarecool on Windows with Emacs 26.3. While ERC is able to connect via SSL, circe is stuck at "Connecting...". @daewok fix works for me.

[hperrey]

The fix proposed by @daewok works for me after a slight modification adding one more line to filter out:

(setq tls-end-of-info
      (concat
       "\\("
       ;; `openssl s_client' regexp.  See ssl/ssl_txt.c lines 219-220.
       ;; According to apps/s_client.c line 1515 `---' is always the last
       ;; line that is printed by s_client before the real data.
       "^    Verify return code: .+\n\\(\\|^    Extended master secret: .+\n\\)\\(\\|^    Max Early Data: .+\n\\)---\n\\|"
       ;; `gnutls' regexp. See src/cli.c lines 721-.
       "^- Simple Client Mode:\n"
       "\\(\n\\|"                           ; ignore blank lines
       ;; According to GnuTLS v2.1.5 src/cli.c lines 640-650 and 705-715
       ;; in `main' the handshake will start after this message.  If the
       ;; handshake fails, the programs will abort.
       "^\\*\\*\\* Starting TLS handshake\n\\)*"
       "\\)"))

This is on OpenSSL 1.1.1a (Ubuntu Mate 19.10) and Emacs 26.3.

[wasamasa]

This workaround should no longer be necessary with Emacs 26.1 or newer, see https://github.com/jorgenschaefer/circe/issues/377 for details.