hosted services

Today proved that every day I can learn something new. I spend my working day on a LAN without a route to the internet. Instead things have to go via squid or socks proxies, which is fine. Today I needed to log onto an IRC channel using SSL. Which is normal, in most cases. However, as many readers may already be aware, I like to turn off my computer at night. The system which is on most of the time is Solaris 5.10, with an ancient version of irrsi lacking SSL.

What was required was something that could talk SSL through a SOCKS gateway and leave a plain text connection open for irssi to talk to.

The answer came in two parts, both parts named socat, which needed downloading and compiling:

wget http://www.dest-unreach.org/socat/download/socat-1.7.2.0.tar.gz ; \
gunzip -c socat-1.7.2.0.tar.gz | tar xvf - \
  && cd socat-1.7.2.0 \
  && ./configure --{exec-,}prefix=$HOME/bin/socat-1.7.2.0 \
  && gmake && gmake install

Part 1 was to open a connection to the remote end point through the SOCKS gateway.

./bin/socat/bin/socat \
   TCP4-LISTEN:65500,fork,bind=0,reuseaddr \
   SOCKS4:local-socks-server:chat.freenode.net:6697

The above left a connection open between the local host and the remote server – not plain text yet. This just shovels bytes from endpoint to endpoint.

Part 2 talks SSL to the local host connection.

./bin/socat/bin/socat \
  TCP4-LISTEN:65501,fork,bind=0,reuseaddr \
  'OPENSSL:127.0.0.1:65500,verify=0,cert=mycert.pem'

What we do above is tell socat to talk to the local host as SSL and create a server on port 65501 for irssi.

From within irssi it's now possible to connect to the local host (using /connect localhost 65501), which is a tunnel over ssl to a socks server which connects to the freenode IRC server. A little convoluted but does the job.