knofte
commented
7 years ago I can verify the same. https://gamblersplay.com https://casinojakten.se also on Cloudflare.
Closed YogSottot closed 7 years ago
knofte
commented
7 years ago I can verify the same. https://gamblersplay.com https://casinojakten.se also on Cloudflare.
YogSottot
commented
7 years ago Solution in a wiki https://wiki.tcl.tk/2630 «Using TLS in 2015 »
CloudFlare Universal SSL uses certificates that have multiple domains in the one certificate. https://dropbear.xyz/2015/06/08/checking-cloudflare-ssl/ The way that the client tells the server which website it is looking for is Server Name Indication (SNI). As part of the TLS handshaking the client tells the server “I want website www.enc.com.au”.
In tcl-tls you should use -servername option that enabled SNI. (for tcl-tls 1.6.x). In 1.7.11 added the new option -autoservername.
teeli
commented
7 years ago Thanks for reporting and looking for a solution, I'll look into this when I got the chance.
voidzero
commented
7 years ago Oh this is great. I was hoping this could be implemented. Thanks @teeli @YogSottot
voidzero
commented
7 years ago https://blog.summercat.com/google-blog-and-tls-sni.html might be helpful
teeli
commented
7 years ago Sorry it's taken me a while, but I just pushed a new version (0.5) that should support SNI. It requires TLS package version 1.6.4 or newer and falls back to old behavior for older versions.
I'd appreciate if you could test it and report any problems back here.
YogSottot
commented
7 years ago % package require tls
1.7.11eggdrop-1.8.0
Connection to https://centmin.sh/ failed
Connection to https://www.rust-lang.org/en-US/ failed
Connection to https://github.com/teeli/urltitle/issues/6 failedeggdrop v1.6.20+driftstoned
Connection to https://github.com/teeli/urltitle/issues/6 failed
Connection to https://www.rust-lang.org/en-US/ failed
Connection to https://centmin.sh/news.html failedTest eggdrop v1.6.20+driftstoned with etitle.script
> https://centmin.sh/news.html
[ News - CentminMod.com LEMP Nginx web stack for CentOS ]
https://www.rust-lang.org/en-US/
[ The Rust Programming Language ]
https://github.com/teeli/urltitle/issues/6
[ SNI support not enabled by default [cloudflare SSL error: tlsv1 alert internal error] · Issue #6 · teeli/urltitle · GitHub ]So, i suppose there is no problem with my setup.
YogSottot
commented
7 years ago ok, you just should change
if {[package vcompare $tlsVersion 1.7.11] >= 0} {
# tls version 1.7.11 should support autoservername
::tls::socket -autoservername {*}$opts $host $portto
if {[package vcompare $tlsVersion 1.7.11] >= 0} {
# tls version 1.7.11 should support autoservername
::tls::socket -autoservername true {*}$opts $host $portThen all links works ok
teeli
commented
7 years ago Thanks. I don't have tls 1.7.11 to test with, so that was a bit of shot in the dark (and apparently I was a bit hasty with docs. I've added true to -autoservername now.
voidzero
commented
7 years ago Works great. Big thanks for updating it, really appreciate it!
One really minor suggestion for a next version - change 'putserv' to 'puthelp' - the puthelp queue is supposed to be for stuff like privmsg, putserv might clog op a busy bot's queues. But that isn't happening in my case, so I'm just mentioning it as an aside.
Wow, isn't it great that we have an eggdrop urltitle grabber that supports SNI? :100:!
dev-lang/tcl-8.6.6 dev-tcltk/tcllib-1.15-r2 dev-tcltk/tls-1.6.7 net-irc/eggdrop-1.8.0
When try link from the https://centmin.sh/
https://www.rust-lang.org/en-US/
I compiled eggdrop-1.6.20 on gentoo dev-lang/tcl-8.6.6 dev-tcltk/tcllib-1.15-r2 dev-tcltk/tls-1.6.7
Also I compiled eggdrop-1.6.21 and 1.6.20 on debian tcl 8.6.0+8 tcl-tls 1.6+dfsg-3: tcllib 1.16-dfsg-2: libsqlite3-tcl 3.8.7.1-1+deb8u2
The errors absolutely the same.
This is only with sites with cloudflare SSL, other https links works ok.