znc icon indicating copy to clipboard operation
znc copied to clipboard

Published 20 hours ago verified publisher icon znc

Need the ability to specify able to specify different certificates for different listeners

Open khronosschoty opened this issue 10 years ago • 5 comments

This reason is because people use different web address to access znc, one for the web admin and one for a irc client to connect to, plus znc is designed to service more then one user, and so one should be able to give different users different addresses or ports , and of course give them their own ssl file.

In short this needs fixed for convenience and security sake.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

khronosschoty avatar Dec 22 '14 20:12 khronosschoty

znc is designed to service more then one user, and so one should be able to give different users different addresses

Interesting logic. May you explain?

and of course give them their own ssl file

Why?

In short this needs fixed for convenience and security sake.

How exactly it increases security?

DarthGandalf avatar Dec 22 '14 22:12 DarthGandalf

It increases security because you can optionally require the ssl file to have a password phrase, unique to each user.

khronosschoty avatar Dec 23 '14 01:12 khronosschoty

require the ssl file to have a password phrase, unique to each user.

And how this increases security?

Password-protected certificates are not supported currently, but even if they were, only ZNC administrator needs to know the password, and to type it on ZNC startup. So administrator will need to type multiple certificate passwords, one per user? [sarcasm]Sounds very convenient.[/sarcasm]

If you're speaking about authenticating users via certificates, nothing stops certauth to work with a single server-side certificate.

DarthGandalf avatar Dec 23 '14 21:12 DarthGandalf

It looks like nothing has happened with this issue either, so closing?

Mikaela avatar Sep 09 '15 12:09 Mikaela

This would be quite useful to me, it would allow me to use a VPN port with its own TLS certificate.

To elaborate: My ISP (in fact, most of the German DSL ISPs) disconnect the PPPoE session every 24 hours. Using a VPN to connect to the ZNC host would permit me to skip the daily "lost connection, reconnecting to server" cycle in my weechat setup. On ZNC, I'd have a znchost.example.com and znchost.vpn, so I could connect to znchost.vpn using a self-signed cert from weechat while trusting the TLS fingerprint, and to znchost.example.com using a Lets Encrypt certificate.

fireglow avatar Jan 02 '20 00:01 fireglow