3 # InspIRCd -- Internet Relay Chat Daemon
5 # Copyright (C) 2020 Sadie Powell <sadie@witchery.services>
7 # This file is part of InspIRCd. InspIRCd is free software: you can
8 # redistribute it and/or modify it under the terms of the GNU General Public
9 # License as published by the Free Software Foundation, version 2.
11 # This program is distributed in the hope that it will be useful, but WITHOUT
12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13 # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
16 # You should have received a copy of the GNU General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 use warnings FATAL => qw(all);
26 use IO::Socket::SSL();
29 CC_BOLD => -t STDOUT ? "\e[1m" : '',
30 CC_RESET => -t STDOUT ? "\e[0m" : '',
31 CC_GREEN => -t STDOUT ? "\e[1;32m" : '',
32 CC_RED => -t STDOUT ? "\e[1;31m" : '',
35 if (scalar @ARGV < 2) {
36 say STDERR "Usage: $0 <hostip> <port> [selfsigned]";
40 # By default STDOUT is only flushed at the end of each line. This sucks for our
41 # needs so we disable it.
44 my $hostip = shift @ARGV;
45 if ($hostip =~ /[^A-Za-z0-9.:]/) {
46 say STDERR "Error: invalid hostname or IP address: $hostip";
50 my $port = shift @ARGV;
51 if ($port =~ /\D/ || $port < 1 || $port > 65535) {
52 say STDERR "Error: invalid TCP port: $port";
56 my $self_signed = shift // '' eq 'selfsigned';
58 print "Checking whether ${\CC_BOLD}$hostip/$port${\CC_RESET} is reachable ... ";
59 my $sock = IO::Socket::INET->new(
66 ${\CC_RED}no${\CC_RESET}
68 It seems like the server endpoint you specified is not reachable! Make sure that:
70 * You have specified a <bind> tag in your config for this endpoint.
71 * You have rehashed or restarted the server since adding the <bind> tag.
72 * If you are using a firewall incoming connections on TCP port $port are allowed.
73 * The endpoint your server is listening on is not local or private.
75 See https://docs.inspircd.org/3/configuration/#ltbindgt for more information.
80 say "${\CC_GREEN}yes${\CC_RESET}";
81 print "Checking whether ${\CC_BOLD}$hostip/$port${\CC_RESET} is using plaintext ... ";
82 my $error = $sock->recv(my $data, 1);
86 ${\CC_RED}error${\CC_RESET}
88 It seems like the server dropped the connection before sending anything! Make sure that:
90 * The endpoint you specified is actually your IRC server.
91 * If you are using a firewall incoming data on TCP port $port are allowed.
93 See https://docs.inspircd.org/3/configuration/#ltbindgt for more information.
96 } elsif ($data =~ /[A-Z:@]/) {
98 ${\CC_RED}yes${\CC_RESET}
100 It appears that the server endpoint is using plaintext! Make sure that:
102 * You have one or more of the following modules loaded:
107 * If you have specified one or more <sslprofile> tags then the value of
108 <bind:ssl> is the same as an <sslprofile:name> field. Otherwise, it should
109 be set to "gnutls" for the ssl_gnutls module, "openssl" for the ssl_openssl
110 module, or "mbedtls" for the ssl_mbedtls module.
112 * If you have specified the name of an <sslprofile> in <bind:ssl> then the
113 value of <sslprofile:provider> is set to "gnutls" if using the ssl_gnutls
114 module, "openssl" if using the ssl_openssl module, or "mbedtls" if using
115 the ssl_mbedtls module.
117 * If you have your SSL configuration in a file other than inspircd.conf then
118 that file is included by inspircd.conf.
120 See the following links for more information:
122 https://docs.inspircd.org/3/modules/ssl_gnutls/#configuration
123 https://docs.inspircd.org/3/modules/ssl_mbedtls/#configuration
124 https://docs.inspircd.org/3/modules/ssl_openssl/#configuration
130 say "${\CC_GREEN}no${\CC_RESET}";
131 print "Checking whether ${\CC_BOLD}$hostip/$port${\CC_RESET} can have an SSL session negotiated ... ";
132 $sock = IO::Socket::SSL->new(
135 SSL_hostname => $hostip,
136 SSL_verify_mode => $self_signed ? IO::Socket::SSL::SSL_VERIFY_NONE : IO::Socket::SSL::SSL_VERIFY_PEER,
141 ${\CC_RED}no${\CC_RESET}
143 It appears that something is wrong with your server. Make sure that:
145 - You are not using an old version of GnuTLS, mbedTLS, or OpenSSL which only
146 supports deprecated algorithms like SSLv3.
148 The error provided by the SSL library was:
150 $IO::Socket::SSL::SSL_ERROR
157 ${\CC_GREEN}yes${\CC_RESET}
159 It seems like SSL is working fine on your server. If you are having trouble
160 connecting try using a different client or connecting from a different host.
162 You may also find running some of the following commands to be helpful:
164 gnutls-cli-debug --port $port $hostip
165 openssl s_client -connect $hostip:$port -debug -security_debug
167 If you need any help working out what is wrong then visit our support channel
168 at irc.inspircd.org #inspircd.