weechat-irc-gitter-im.md

Start weechat if you haven't already:

$ weechat

open up browser and go to: https://irc.gitter.im/ retrieve your /PASS

In weecaht run (thanks to raine):

/server add gitter irc.gitter.im -ssl -ssl_verify -ssl_dhkey_size=1024 -password=GET_THIS_FROM_IRC_GITTER_IM

If you receive an error about certifications like this:

               │15:56:35   gitter  -- | irc: connecting to server irc.gitter.im/6667 (SSL)...
               │15:56:35   gitter  -- | gnutls: connected using 1024-bit Diffie-Hellman shared secret exchange
               │15:56:35   gitter  -- | gnutls: receiving 2 certificates
               │15:56:35   gitter  -- |  - certificate[1] info:
               │15:56:35   gitter  -- |    - subject `OU=Domain Control Validated,OU=Gandi Standard Wildcard SSL,CN=*.gitter.im', issuer `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA',
               │                      | RSA key 2048 bits, signed using RSA-SHA1, activated `2014-10-27 00:00:00 UTC', expires `2015-11-20 23:59:59 UTC', SHA-1 fingerprint
               │                      | `0f519b2d14ede0a82689ef42e328403fda5052a2'
               │15:56:35   gitter  -- |  - certificate[2] info:
               │15:56:35   gitter  -- |    - subject `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', issuer `C=US,ST=UT,L=Salt Lake City,O=The USERTRUST
               │                      | Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware', RSA key 2048 bits, signed using RSA-SHA1, activated `2008-10-23 00:00:00
               │                      | UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `a9f79883a075ce82d20d274d1368e876140d33b3'
               │15:56:35   gitter =!= | gnutls: peer's certificate is NOT trusted
               │15:56:35   gitter =!= | gnutls: peer's certificate issuer is unknown
               │15:56:35   gitter =!= | irc: TLS handshake failed
               │15:56:35   gitter =!= | irc: error: Error in the certificate.

Take the last SHA-1 fingerprint received (in my case it's 0f519b2d14ede0a82689ef42e328403fda5052a2 - yours will be different).

Then in weechat run:

/set irc.server.gitter.ssl_fingerprint YOUR_FINGER_PRINT

This will hopefully give you:

                   │09:56:13   gitter  -- | - Message of the Day -
                   │09:56:13   gitter  -- | Welcome to Gitter
                   │09:56:13   gitter  -- | (null)
                   │09:56:13   gitter  -- | Please provide your password token using /PASS <token> and your GitHub username as your /NICK.
                   │09:56:13   gitter  -- | (null)
                   │09:56:13   gitter  -- | If you don't have a password token, please visit https://irc.gitter.im.
                   │09:56:13   gitter  -- | (null)
                   │09:56:13   gitter  -- | To join room, simply type /JOIN #owner/repo or /JOIN #orgname.
                   │09:56:13   gitter  -- | (null)
                   │09:56:13   gitter  -- | This service is still very much in Beta. To report any issues, please visit http://support.gitter.im.
                   │09:56:13   gitter  -- | (null)
                   │09:56:13   gitter  -- | Be nice, have fun
                   |
                   

From there you should be good to go - enter in the /NICK & /PASS info from irc.gitter.im

the firsh SHA-1 is the fingerprint of the cert and the second is the fingerprint of the CA. I had to use the first one and now it's working. thanks!

Thanks @oren

Moreover, this seems to work only without using the secure function in Weechat. e.g., if I put the following settings:

/secure set gitter mypassssss
/set irc.server.gitter.sasl_password "${sec.data.freenode}"

and set autoconnect and autojoin, it will not connect automatically with the server, unless the

irc.server.gitter.password

option is specified (making the sasl setting useless). Don't know if this depends on Gitter's SASL support or something else. Has anyone else experienced this?

Cheers

Apparently, the port is now 6697, which can be changed afterwards with:

/set irc.server.gitter.addresses "irc.gitter.im/6697"

For new users, just add the non-default port to the /server add command.

/server add gitter irc.gitter.im/6697 -ssl -ssl_verify -ssl_dhkey_size=1024 -password=*******************************

irc: connecting to server irc.gitter.im/6697 (SSL)...
gnutls: connected using 1024-bit Diffie-Hellman shared secret exchange
gnutls: receiving 3 certificates
  - certificate[1] info:
    - subject 'OU=Domain Control Validated,OU=Gandi Standard Wildcard SSL,CN=*.gitter.im', issuer 'C=FR,ST=Paris,L=Paris,O=Gandi,CN=Gandi Standard SSL CA 2', RSA key 2048 bits, 
               signed using RSA-SHA256, activated '2015-11-11 00:00:00 UTC', expires '2016-11-11 23:59:59 UTC', SHA-1 fingerprint 'xxxeed2243f08bf7357e9810e270f82fcb150xxx'
...
...
...
gnutls: peer's certificate is NOT trusted
gnutls: peer's certificate issuer is unknown
irc: TLS handshake failed
irc: error: Error in the certificate.

/set irc.server.gitter.ssl_fingerprint xxxeed2243f08bf7357e9810e270f82fcb150xxx

👍 Works!

looks like final irc.config should looks like

[server]
gitter.addresses = "irc.gitter.im/6697"
gitter.ssl = on
gitter.ssl_dhkey_size = 1024
gitter.ssl_fingerprint = "fingerprint from certificate[1] info goes here"
gitter.ssl_verify = on
gitter.password = "your password"

@fradeve I haven't seen anything to suggest that Gitter supports SASL, but you can still use the secure feature for the password.

As of today, I found no need to explicitly specify the fingerprint nor set -ssl_dhkey_size (which is higher than 1024 by default in my weechat version), and -ssl_verify is also on by default. So the whole thing is simplified to this:

/server add gitter irc.gitter.im -ssl
/secure set gitter mypass
/set irc.server.gitter.password ${sec.data.gitter}
/connect gitter

I wish one of you awsome devs would port the slack weechat script functionality to like gitter script.

@MBuchaus that could be done... but why? Gitter provides IRC functionality, shouldn't that be preferred?

@sudoforge a gitter plugin for weechat could potentatially have a lot of features, such as, seeing own messages from other clients, and nick completion. wee-slack even shows when other people are typing.

For the record, a lot of problems with failure to verify the ssl connection are solved in weechat by ensuring the ca certificates are configured correctly:

https://weechat.org/files/doc/devel/weechat_faq.en.html#irc_ssl_freenode