(λ (x) (create x) '(knowledge))

OFTC

x509 Cert Auth with Weechat · July 8th, 2021

Anyone who uses IRC these days is aware of what happened to Freenode, so I won't go into details on any of that, but for me the exodus from Freenode resulted in a trifurcation of weechat configuration nonsense. I went from accessing everything on Freenode, to accessing three different servers just to keep in touch with the same people. Fortunately enough my little circle of friends had made an exodus to a self hosted server prior to Freenode's collapse, so I was already kind of aware of the process I needed to add Libera and OFTC to the mix.

What I wasn't aware of, and have been very meh about fussing over, is setting up x509 auth and properly identifying on OTFC's network. Normally that's not an issue, but same channels have restricted themselves to identified and secured accounts online, like #alpine-devel. So for about two months I've been missing out on all of the alpine Linux development chatter, and its been sorely missed. To rectify the issue I came up with this simple script which will generate an x509 cert and throw out some simple commands to get weechat configured to use those newly generated certs to authenticate and identify yourself on OFTC. It's a little specific but the same-ish method should work for Libera or any other IRC network that supports cert based authentication.

#!/bin/ash #Create x509 cert for IRC login nick=$1 if [-d $nick ]; then printf "Please provide a nick, or name for your x509 cert\n" && exit 1 ; fi openssl req -nodes -newkey rsa:2048 -keyout $nick.key -x509 -days 3650 -out $nick.cer chmod 400 $nick.key openssl x509 -noout -fingerprint -SHA1 -text < $nick.cer cat $nick.cer $nick.key > $nick.pem chmod 400 $nick.pem if [ -d ~/.weechat/certs ]; then mkdir ~/.weechat/certs; fi mv $nick.{key,cer,pem} ~/.weechat./certs printf "Do the following in Weechat: /disconnect oftc /server del oftc /server add oftc irc.oftc.net/6697 -ssl -ssl_verify -autoconnect /set irc.server.oftc.ssl_cert %%h/certs/$nick.pem /reconnect /msg nickserv identify $nick PASSWORD /set irc.server.oftc.command = \"/msg nickserv regain $nick\" /reconnect\n"

I'm sure this could easily be improved upon, but it was just a quick thing thrown together from OFTC's official documents on the matter. Maybe it'll provide a turnkey solution to someone unfamiliar with x509 certs and make OFTC a little bit more accessible.