Improve certfp/tor instructions for silly clients (#386)

* Improve instructions for silly clients * Update content/_guides/certfp.md * Apply suggestions from code review --------- Co-authored-by: Eric Mertens <[email protected]>
Libera-Chat · Dec 20, 2024 · 3706e49 · 3706e49
1 parent d1a8f90
commit 3706e49
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 8 deletions.
diff --git a/content/_guides/certfp.md b/content/_guides/certfp.md
@@ -138,10 +138,10 @@ punctuation (e.g. `certs/libera.pem` or `certs/Example Server.pem`).
 
 ### Konversation
 
-Create the .pem file as per above, then place it wherever you want.
-Start Konversation, then open the Identity dialogue by either pressing
-<kbd>F8</kbd> or via the Settings menu entry. Choose the identity you use
-for the Libera.Chat network or create a new one.
+Create the .pem file as per above using `rsa:4096` instead of `ed25519`,
+then place it wherever you want. Start Konversation, then open the Identity
+dialogue by either pressing <kbd>F8</kbd> or via the Settings menu entry.
+Choose the identity you use for the Libera.Chat network or create a new one.
 In the part `Auto Identify` you have to choose `SASL External (Cert)`
 as the `Type` for SASL External or `SSL CLient Certificate` for CertFP.
 SASL External requires at least version 1.7 of Konversation.
@@ -205,3 +205,12 @@ You can then authorise your current certificate fingerprint:
 In the future, any connections you make to Libera.Chat with your certificate
 will be logged into your account automatically. Optionally, or if you wish to
 [connect via Tor](/guides/connect), you can enable SASL with the `EXTERNAL` mechanism.
+
+## Troubleshooting
+
+### Expecting an rsa key
+
+This can happen if your client does not support the `ed25519` algorithm. If
+you wish to continue with this client, you will need to replace your
+certificate using the same command as above, but with `rsa:4096` in place of
+`ed25519`.
diff --git a/content/_guides/connect.md b/content/_guides/connect.md
@@ -77,10 +77,10 @@ This service requires public-key SASL authentication using either the
 [guide on setting up CertFP](/guides/certfp.html) for more information.
 
 Some clients lack SOCKS4a or later support. In this case you will need to
-change your `torrc` file to map a private IP address to the onion service
-address instead and disable TLS hostname verification in your client. Onion
-service names securely identify a service. The connection will still be
-secure.
+either launch your client with a wrapper such as `torsocks`, or change your
+`torrc` file to map a private IP address to the onion service address instead
+and disable TLS hostname verification in your client. Onion service names
+securely identify a service. The connection will still be secure.
 
 The default tor configuration only optimizes some ports for long-lived
 connections: For IRC, only `6667` and `6697`. If you use a different port, you