irssi and Slackware: Connecting to Freenode with SSL/SASL

Early in 2010 Freenode switched their IRCd from hyperion to their replacement IRCD ircd-seven which amongst other things has made it possible to connect to Freenode over SSL and to authenticate passwords with SASL. A plethora of guides have sprung up showing the various Linux distros how to configure an SSL/SASL connection with irssi but Slackware has its own methods and I aim to document on this page the method that worked for me under irssi 0.8.15 and Slackware 13.0. Hopefully this brief page may help other Slackware users and I welcome any comments and suggestions for improvements via the email link at the base of this page.

Setup...

I should make it very clear at the outset that I do not intend to delve into the fundamentals of setting up irssi itself, there are many guides available for this purpose, instead I aim to provide details only of the SSL/SASL connection to Freenode. So I will now jump straight into the deep end with the required setup for the SSL certificate:

Setup for the SSL Certificate...

There are a few different methods for setting up the required certificate and rather than extract the specific certificate that is required by Freenode I would recommend that you install rworkman's ca-certificates bundle which places certificates acceptable to Freenode as well as many others in /etc/ssl/certs, which incidentally is where version 0.8.15 of irssi will now look by default. An alternative is to acquire the actual certificate required by Freenode and set this up correctly with OpenSSL and irssi, I might investigate this in the future, but for the time being you will find the certificate pack I have suggested is quite workable. So with the certificate pack in place it is time to setup for SASL authentication:

Setup for SASL Authentication...

A handful of Perl modules are also required to allow SASL authentication with irssi. I personally use cpan2tgz for such work and there is a Slackbuild script available for it from Slackbuilds.org, but of course you can use whatever method you wish as long as the modules get installed:

# cpan2tgz Crypt::Blowfish Crypt::DH Crypt::OpenSSL::Bignum Math::BigInt \
           Math::BigInt::FastCalc Math::BigInt::GMP

I personally expand this command a little with use of the --pkgdir and --build-tag options but I shall leave you to explore this on your own. With all of the necessary modules installed for SASL now we need to download the Freenode script cap_sasl.pl which allows irssi to use SASL with Freenode:

$ mkdir -pv $HOME/.irssi/scripts/autorun && cd $HOME/.irssi/scripts
$ wget http://freenode.net/sasl/cap_sasl.pl
$ cd autorun
$ ln -sv ../cap_sasl.pl

Finally all the background work has been done and it is time to open irssi and complete the setup:

Setting up irssi...

The easiest part of the whole process follows now as first we need to setup the SSL connection from within irssi, I would suggest removing any existing Freenode information before running the following:

/network add Freenode
/server add -auto -ssl -ssl_verify -network Freenode irc.freenode.net 7000
/save

Note that version 0.8.15 of irssi looks by default to /etc/ssl/certs for certificates when none are specified in this command, however older versions of irssi may need to include the path to the certificates in the SSL command with this syntax: -ssl_capath /etc/ssl/certs. It is a painless upgrade to the current version of irssi and I would recommend you do so. Now also to setup the SASL authentication from within irssi:

/script load cap_sasl.pl
/sasl set Freenode <primary-nick> <password> DH-BLOWFISH
/sasl save
/save

With any luck that completes your setup and it remains to test your setup, a successful setup will have no SSL errors, a +Zi next to your nick in the irssi status bar, your /whois information will show "is using a secure connection" and your SASL success will be confirmed with the following: "SASL authentication successful". If any errors are seen simply retrace your steps and carefully run through this guide again, it works flawlessly on my system and should on yours as well.

And in conclusion...

I wish you all the best with one of the truly great Linux console programs! Please send me an email to let me know if you have found this page at all useful and as well to suggest any corrections that feel should be made. Feel free to do the same on ##slackware where I can be seen as andrew_46. Remember as well the most important thing: "Have Fun!".