diff --git a/doc/sphinx_source/install/readme.rst b/doc/sphinx_source/install/readme.rst index 29cc7e8f3..6d365a880 100644 --- a/doc/sphinx_source/install/readme.rst +++ b/doc/sphinx_source/install/readme.rst @@ -98,7 +98,25 @@ System Pre-Requisites Before you can compile Eggdrop, Tcl must be installed on your system. Many systems have Tcl installed on them by default (you can check by trying the command "tclsh"; if you are given a '%' for a prompt, it is, and you can type 'exit' to exit the Tcl shell. However, Eggdrop also requires the Tcl development header files to be installed. They can often be installed via an OS package manager, usually called something similar to 'tcl-dev' for the package name. You can also download Tcl source from ``_. - It is also strongly recommended to install openssl (and its development headers) in order to enable SSL/TLS protection of network data. The header files are often called something similar to 'libssl-dev'. + Eggdrop also requires openssl (and its development headers) in order to enable SSL/TLS protection of network data. The header files are often called something similar to 'libssl-dev'. While not advised, this requirement can be removed by compilling using ``./configure --disable-tls``, but you will not be able to connect to TLS-protected IRC servers nor utilize secure botnet communication. + +Minimum Requirements +-------------------- + +Some components of Eggdrop relies on a variety of third-party libraries, documented here. + ++-------------------------------+-------------------+-------------------+ +| Functionality | Package | Minimum Version | ++===============================+===================+===================+ +| Tcl interpreter (required) | Tcl Dev Library | 8.5.0 | ++-------------------------------+-------------------+-------------------+ +| Secure communication | OpenSSL | 0.9.8 | ++-------------------------------+-------------------+-------------------+ +| Python module | Python | 3.8.0 | ++-------------------------------+-------------------+-------------------+ +| Compression module | zlib | Any | ++-------------------------------+-------------------+-------------------+ + Quick Startup ------------- diff --git a/doc/sphinx_source/using/tls.rst b/doc/sphinx_source/using/tls.rst index 6d73e79bf..b4628d2b7 100644 --- a/doc/sphinx_source/using/tls.rst +++ b/doc/sphinx_source/using/tls.rst @@ -6,14 +6,14 @@ TLS support =========== This document provides information about TLS support which is a new -eggdrop feature since version 1.8.0. +Eggdrop feature since version 1.8.0. ----- About ----- Eggdrop can be optionally compiled with TLS support. This requires OpenSSL -0.9.8 or more recent installed on your system. +0.9.8 or later installed on your system. TLS support includes encryption for IRC, DCC, botnet, telnet and scripted connections as well as certificate authentication for users and bots. @@ -82,7 +82,7 @@ Eggdrop can use TLS connections to protect botnet links if it is compiled with T | +port | listen port | fail as leaf only wants TLS | +------------------------------+----------------------------+-------------------------------+ -In short, a bot added to your Eggdrop with a +port in the address can only connect to a bot listening with a +port in the config. Conversely, a bot added to your eggdrop without a + prefix can only connect to a bot listening without a + prefix in the config. +In short, a bot added to your Eggdrop with a +port in the address can only connect to a bot listening with a +port in the config. Conversely, a bot added to your Eggdrop without a + prefix can only connect to a bot listening without a + prefix in the config. If TLS negotiation fails, the connection is deliberately aborted and no clear text is ever sent by the TLS-requiring party. @@ -106,7 +106,7 @@ Scripts can open or connect to TLS ports the usual way specifying the port with a plus sign. Alternatively, the connection could be established as plaintext and later switched on with the starttls Tcl command. (Note that the other side should also switch to TLS at the same -time - the synchronization is the script's job, not eggdrop's.) +time - the synchronization is the script's job, not Eggdrop's.) ------------------------------------- Keys, certificates and authentication @@ -118,7 +118,7 @@ bots and TLS listening ports. General information about certificates and public key infrastructure can be obtained from Internet. This document only contains eggdrop-specific information on the subject. The easy way to create a key and a certificate is to type 'make sslcert' -after compiling your bot (If you installed eggdrop to a non-standard +after compiling your bot (If you installed Eggdrop to a non-standard location, use make sslcert DEST=/path/to/eggdrop). This will generate a 4096-bit private key (eggdrop.key) and a certificate (eggdrop.crt) after you fill in the required fields. Alternatively, you can use 'make sslsilent' @@ -130,12 +130,12 @@ make a ssl certificate for yourself and enable ssl-cert-auth in the config file. Then either connect to the bot using TLS and type ".fprint +" or enter your certificate fingerprint with .fprint SHA1-FINGERPRINT. To generate a ssl certificate for yourself, you can run the following -command from the eggdrop source directory:: +command from the Eggdrop source directory:: openssl req -new -x509 -nodes -keyout my.key -out my.crt -config ssl.conf When asked about bot's handle, put your handle instead. How to use your -new certificate to connect to eggdrop, depends on your irc client. +new certificate to connect to Eggdrop, depends on your irc client. To connect to your bot from the command line, you can use the OpenSSL ssl client::