From 11f66cd381e00fcd553c349711fc5e07134e663f Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Fri, 2 Oct 2015 09:02:28 +0300 Subject: [PATCH] 2015-02-24-znc160-ssl.md: fix cut sentence --- _posts/2015-02-24-znc160-ssl.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/_posts/2015-02-24-znc160-ssl.md b/_posts/2015-02-24-znc160-ssl.md index ce4aab3..b45ad2f 100644 --- a/_posts/2015-02-24-znc160-ssl.md +++ b/_posts/2015-02-24-znc160-ssl.md @@ -1,4 +1,4 @@ ---- +-- layout: post comments: true title: "ZNC 1.6.0 & SSL certificate verification" @@ -97,8 +97,12 @@ network. 1. You don't have `ca-certificates` package installed, so your system trusts no certificate authority. Install it and try again. -2. You are connecting to wrong address. freenode's certificate is vaid for - \*.freenode.net, but some other domains are CNAMEs to it and get +2. You are connecting to wrong address. freenode's certificate is valid for + \*.freenode.net, but there are CNAMEs pointing there. If you connect to + CNAME and the certificate isn't valid for that CNAME, the certificate + is invalid. + * You should always connect to either `irc.freenode.net` or + `chat.freenode.net` where it points to. 3. There is MITM which is unlikely, but unlikely is not impossible. Validating the certificates either by trusted certificates or verifying the fingerprints securely manually protect you from this. If MITM is the