DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422022-08-28T14:08:34ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #779 (Resolved): Upgrade NextCloud (from 23.0.8 to 24.0.4)https://projects.duckcorp.org/issues/7792022-08-28T14:08:34ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p>
<pre>
2022-08-28T15:34:59+00:00 Disabled incompatible app: breezedark
2022-08-28T15:34:59+00:00 Disabled incompatible app: end_to_end_encryption
2022-08-28T15:34:59+00:00 Disabled incompatible app: epubreader
2022-08-28T15:34:59+00:00 Disabled incompatible app: spreed
2022-08-28T15:34:59+00:00 Disabled incompatible app: twofactor_admin
2022-08-28T15:34:59+00:00 Disabled incompatible app: weather
</pre>
Supported apps:
<ul>
<li><a href="https://apps.nextcloud.com/apps/end_to_end_encryption" class="external">end_to_end_encryption</a></li>
<li><a href="https://apps.nextcloud.com/apps/breezedark" class="external">breezedark</a></li>
<li><a href="https://apps.nextcloud.com/apps/spreed" class="external">spreed</a></li>
</ul>
Unsupported/Unmaintained apps:
<ul>
<li>weather (disabled): <a class="external" href="https://github.com/nextcloud/weather/issues/102">https://github.com/nextcloud/weather/issues/102</a></li>
<li>twofactor_admin (enabled but the <code>occ</code> command <code> twofactorauth:admin:generate-code</code> doesn't appears ?): <a class="external" href="https://github.com/ChristophWurst/twofactor_admin/issues/229">https://github.com/ChristophWurst/twofactor_admin/issues/229</a></li>
</ul>
Patch applied:
<ul>
<li>epubreader: <a class="external" href="https://github.com/e-alfred/epubreader/issues/44">https://github.com/e-alfred/epubreader/issues/44</a> (patch attached)</li>
</ul> DuckCorp Infrastructure - Bug #778 (Resolved): Upgrade NextCloud (from 23.0.7 to 23.0.8)https://projects.duckcorp.org/issues/7782022-08-28T12:36:32ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p> DuckCorp Infrastructure - Bug #776 (Resolved): Users are unable to register to projects.duckcorp.orghttps://projects.duckcorp.org/issues/7762022-07-10T10:42:55ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>There is an issue related to the captcha:<br /><pre>
Oops, we failed to validate your reCAPTCHA response. Please try again.
</pre><br />I tried with firefox and chromium.</p>
<p><code>/var/log/redmine/dc/production.log</code> from the <code>redmine</code> LXC container:<br /><pre>
Started POST "/account/register" for 185.238.6.46 at 2022-07-10 12:53:52 +0000
Processing by AccountController#register as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[REDACTED]", "user"=>{"login"=>"pilou_test", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "firstname"=>"pilou", "lastname"=>"pilou_test", "mail"=>"pilou_test@ir5.eu", "language"=>"fr"}, "g-recaptcha-response"=>"[REDACTED]", "commit"=>"Soumettre"}
Current user: anonymous
Rendering plugins/recaptcha/app/views/account/register.html.erb within layouts/base
Rendered plugins/recaptcha/app/views/account/register.html.erb within layouts/base (8.8ms)
Completed 200 OK in 3022ms (Views: 14.7ms | ActiveRecord: 1.4ms)
</pre></p> DuckCorp Infrastructure - Bug #774 (Resolved): slapd service was stopped on toushirouhttps://projects.duckcorp.org/issues/7742022-06-27T05:22:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>unattended-upgrades restarted slapd process but slapd wasn't able to start due to other slapd being also restarted by unattended-upgrades:<br /><pre>
Log started: 2022-06-27 06:24:52
[...]
Restarting services...
systemctl restart apache2.service clamav-daemon.service clamav-freshclam.service dovecot.service fail2ban.service mariadb.service matrix-appservice-irc.service matrix-synapse.service named.service nslcd.service php7.4-fpm.service postfix-mta-sts-resolver.service postfix@-.service proftpd.service redis-server.service rspamd.service slapd.service smokeping.service spoolinger.service ssh.service stunnel4.service systemd-journald.service systemd-udevd.service thelounge.service tt-rss.service xl2tpd.service
</pre><br /><pre>
Jun 27 06:25:14 Toushirou slapd[51648]: Stopping OpenLDAP: slapd
Jun 27 06:25:14 Toushirou slapd[51914]: failed!
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Control process exited, code=exited, status=1/FAILURE
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Failed with result 'exit-code'.
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Unit process 3026804 (slapd) remains running after unit stopped.
Jun 27 06:25:14 Toushirou systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Consumed 23min 5.763s CPU time.
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Found left-over process 3026804 (slapd) in control group while starting unit. Ignoring.
Jun 27 06:25:14 Toushirou systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jun 27 06:25:14 Toushirou systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jun 27 06:25:14 Toushirou slapd[51915]: Starting OpenLDAP: slapd.
Jun 27 06:25:14 Toushirou systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jun 27 06:26:16 Toushirou slapd[3026804]: slap_client_connect: URI=ldaps://db-ldap-3.duckcorp.org DN="cn=[REDACTED],cn=config" ldap_sasl_bind_s failed (-1)
Jun 27 06:26:16 Toushirou slapd[3026804]: do_syncrepl: rid=103 rc -1 retrying
Jun 27 06:29:16 Toushirou slapd[3026804]: slap_client_connect: URI=ldaps://db-ldap-3.duckcorp.org DN="cn=[REDACTED],cn=config" ldap_sasl_bind_s failed (-1)
Jun 27 06:29:16 Toushirou slapd[3026804]: do_syncrepl: rid=003 rc -1 retrying
Jun 27 06:29:16 Toushirou slapd[3026804]: conn=-1 op=0 syncprov_checkpoint: running checkpoint
Jun 27 06:29:16 Toushirou slapd[3026804]: DIGEST-MD5 common mech free
Jun 27 06:29:16 Toushirou slapd[3026804]: DIGEST-MD5 common mech free
Jun 27 06:29:16 Toushirou slapd[3026804]: slapd stopped.
Jun 27 06:29:16 Toushirou slapd[52543]: Stopping OpenLDAP: slapd.
Jun 27 06:29:16 Toushirou systemd[1]: slapd.service: Succeeded.
Jun 27 08:55:22 Toushirou systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jun 27 08:55:22 Toushirou slapd[117269]: @(#) $OpenLDAP: slapd 2.5.6+dfsg-1~exp1 (Aug 10 2021 03:50:37) $
Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
</pre></p> DuckCorp Infrastructure - Bug #772 (Resolved): toushirou: matrix-appservice-irc.service is failedhttps://projects.duckcorp.org/issues/7722022-06-14T23:14:23ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<pre>
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● matrix-appservice-irc.service loaded failed failed Matrix AppService IRC
# journalctl -u matrix-appservice-irc.service
Jun 15 03:06:58 Toushirou systemd[1]: matrix-synapse.service: Scheduled restart job, restart counter is at 169177.
Jun 15 03:06:58 Toushirou systemd[1]: Stopped Synapse Matrix homeserver.
Jun 15 03:06:58 Toushirou systemd[1]: Starting Synapse Matrix homeserver...
Jun 15 03:06:59 Toushirou python3[1288189]: ERROR:root:Needed matrix-common==1.0.0, got matrix-common==1.1.0
Jun 15 03:06:59 Toushirou python3[1288189]: Missing Requirements: "matrix-common==1.0.0"
Jun 15 03:06:59 Toushirou python3[1288189]: To install run:
Jun 15 03:06:59 Toushirou python3[1288189]: pip install --upgrade --force "matrix-common==1.0.0"
Jun 15 03:06:59 Toushirou systemd[1]: matrix-synapse.service: Control process exited, code=exited, status=1/FAILURE
Jun 15 03:06:59 Toushirou systemd[1]: matrix-synapse.service: Failed with result 'exit-code'.
Jun 15 03:06:59 Toushirou systemd[1]: Failed to start Synapse Matrix homeserver.
# apt policy matrix-synapse
matrix-synapse:
Installed: 1.52.0-1~bpo11+1
Candidate: 1.57.1-1~bpo11+1
Version table:
1.57.1-1~bpo11+1 100
100 https://deb.debian.org/debian bullseye-backports/main amd64 Packages
*** 1.52.0-1~bpo11+1 100
100 /var/lib/dpkg/status
1.40.0-1~fto11+1 100
100 https://fasttrack.debian.net/debian bullseye-fasttrack/main amd64 Packages
# apt install -t bullseye-backports matrix-synapse
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● matrix-appservice-irc.service loaded failed failed Matrix AppService IRC
# systemctl restart matrix-appservice-irc.service
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.
</pre> DuckCorp Infrastructure - Bug #771 (Resolved): Toushirou: leftovers related to 00d55fd3 (apache2 ...https://projects.duckcorp.org/issues/7712022-06-05T18:45:48ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Following <a class="changeset" title="guihome: reorganize DDNS account" href="https://projects.duckcorp.org/projects/dc-admin/repository/duckcorp-infra/revisions/00d55fd33fe9c2d59cfb99ecf4d299e0cad81325">00d55fd3</a>, <code>logrotate</code> failed to reload <code>apache2</code>.</p>
I removed the following files:
<ul>
<li><code>/etc/apache2/sites-enabled/www.<redacted>.eu_ssl.conf</code></li>
<li><code>/etc/php/7.{3,4}/fpm/pool.d/www.<redacted>.eu.conf</code></li>
</ul>
<p>and reloaded <code>apache2.service</code>, restarted both <code>php7.4-fpm.service</code> and <code>logrotate.service</code>.</p>
<p>Then I checked status and logs of these services.</p> DuckCorp Infrastructure - Bug #759 (In Progress): redmine instances don't send any notificationhttps://projects.duckcorp.org/issues/7592022-03-15T21:29:07ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Since the redmine instances are hosted within a LXC container, email notifications are no longer sent.</p>
<p>It looks like the issue comes from the Redmine configuration and 127.0.0.1:25 being used within the container.</p>
<p>The following configuration update isn't sufficient:<br /><pre>
--- /etc/redmine/dc/configuration.yml 2022-03-15 22:28:00.095274510 +0000
+++ /etc/redmine/dc/configuration.yml.new 2022-03-15 22:27:44.102827009 +0000
@@ -4,8 +4,8 @@
email_delivery:
delivery_method: :smtp
smtp_settings:
- address: 127.0.0.1
- domain: ''
+ address: 10.0.7.1
+ domain: 'projects.duckcorp.org'
enable_starttls_auto: false
port: 25
</pre><br />due to the grey listing configuration:<br /><pre>
Mar 15 23:12:37 Toushirou postfix/smtpd[1597691]: connect from unknown[10.0.7.2]
Mar 15 23:12:37 Toushirou postfix/smtpd[1597691]: 4KJ71x5crKz4Bs: client=unknown[10.0.7.2]
Mar 15 23:12:37 Toushirou postfix/cleanup[1597693]: 4KJ71x5crKz4Bs: message-id=<redmine.journal-2400.20220315221237.3bd6c5f55c0c0d17@projects.duckcorp.org>
Mar 15 23:12:38 Toushirou postfix/cleanup[1597693]: 4KJ71x5crKz4Bs: milter-reject: END-OF-MESSAGE from unknown[10.0.7.2]: 4.7.1 Try again later; from=<issues@projects.duckcorp.org> to=<[redacted]@ir5.eu> proto=ESMTP helo=<projects.duckcorp.org>
</pre></p>
<p><a class="user active user-mention" href="https://projects.duckcorp.org/users/3">@Marc Dequènes</a> should the grey listing be disabled for 10.0.7.2 or is there another way ?</p> DuckCorp Infrastructure - Bug #754 (Resolved): Redmine: unable to use some unicode unicode charac...https://projects.duckcorp.org/issues/7542022-03-12T03:39:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>While commenting <a class="issue tracker-8 status-3 priority-5 priority-high3 closed" title="Review: SASL authentication support (PLAIN/EXTERNAL) (Resolved)" href="https://projects.duckcorp.org/issues/748#note-7">#748#note-7</a>, I found out that some unicode characters raise an error. For example: U+1F4E3, U+1F389.</p>
<p>In the following error message, I replaced these characters with U+1F4E3/U+1F389 (in order to be able to create this issue :)<br /><pre>
Started PUT "/journals/2382" for 86.245.117.73 at 2022-03-12 04:31:38 +0000
Processing by JournalsController#update as JS
Parameters: {"utf8"=>"✓", "journal"=>{"notes"=>"[U+1F4E3] committed commit:dc43d75d1f7e7c01d943f085120f704d2dac831d [U+1F389]\r\n\r\nThanks Loïc ㊗️❤️!", "private_notes"=>"0"}, "commit"=>"Save", "id"=>"2382"}
Current user: pilou (id=4)
Completed 500 Internal Server Error in 21ms (ActiveRecord: 8.9ms)
ActiveRecord::StatementInvalid (Mysql2::Error: Incorrect string value: '\xF0\x9F\x93\xA3 c...' for column `redmine_dc`.`journals`.`notes` at row 1: UPDATE `journals` SET `notes` = '[U+1F4E3] committed commit:dc43d75d1f7e7c01d943f085120f704d2dac831d [U+1F389]\r\n\r\nThanks Loïc ㊗️❤️!' WHERE `journals`.`id` = 2382):
app/models/journal.rb:81:in `save'
app/controllers/journals_controller.rb:90:in `update'
lib/redmine/sudo_mode.rb:63:in `sudo_mode'
</pre></p> DuckCorp Infrastructure - Bug #744 (Resolved): Remove obsolete Buster packageshttps://projects.duckcorp.org/issues/7442021-11-24T09:42:32ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>From a security status mail received today:<br /><pre>
Security report based on the bullseye release
*** Available security updates
CVE-2021-25219 In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21,...
<https://security-tracker.debian.org/tracker/CVE-2021-25219>
- libdns-export1104, libisc-export1100
</pre></p>
<pre>
root@orthos:~# apt policy libdns-export1104
libdns-export1104:
Installed: 1:9.11.5.P4+dfsg-5.1+deb10u3
Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u3
Version table:
*** 1:9.11.5.P4+dfsg-5.1+deb10u3 100
100 /var/lib/dpkg/status
</pre>
<p>According to the [Debian security tracker](<a class="external" href="https://security-tracker.debian.org/tracker/CVE-2021-25219">https://security-tracker.debian.org/tracker/CVE-2021-25219</a>) <code>1:9.11.5.P4+dfsg-5.1+deb10u5</code> is vulnerable. This package is buster only and should be removed.</p>
I will remove every buster only (thanks to <code>apt-forktracer</code>).
<ul>
<li>✅ Elwing</li>
<li>❔ Jinta (libgcc1 gcc-8-base e2fslibs libcomerr2 multiarch-support linux-image-4.19.0-18-amd64)</li>
<li>✅ Nicecity (libffi6 libnettle6 libgcc1 libapt-pkg5.0 libip4tc0 gcc-8-base libmpx2 e2fslibs libcomerr2 libreadline7 libapt-inst2.0 linux-headers-4.19.0-5-common cpp-8 libip6tc0 multiarch-support linux-image-4.19.0-18-amd64 libisl19 libhogweed4 linux-kbuild-4.19)</li>
<li>✅ Orfeo (libgcc1 libgupnp-1.0-4 gcc-8-base e2fslibs libcomerr2 libreadline5 libgssdp-1.0-3 el-get linux-image-4.19.0-18-amd64)</li>
<li>✅ Orthos (libapt-pkg5.0 libnettle6 libffi6 libprocps7 libjson-c3 libapt-inst2.0 gcc-8-base libip4tc0 libip6tc0 libhogweed4 perl-modules-5.28 libisc-export1100 libdns-export1104 linux-image-4.19.0-14-amd64</li>
<li>✅ Thorfinn (libgcc1 libtexlua52 gcc-8-base e2fslibs libcomerr2 libbtparse1 el-get multiarch-support linux-image-4.19.0-18-amd64)</li>
<li>✅ Toushirou (libgdbm3 libisc-export160 libhogweed4 echoping linux-image-4.19.0-18-amd64 multiarch-support libip6tc0 libprocps6 libapt-inst2.0 libreadline7 libcomerr2 e2fslibs gcc-8-base libip4tc0 liblogging-stdlog0 linux-image-4.9.0-6-amd64 ttf-dejavu-core libapt-pkg5.0 libgcc1 libunistring0 libnettle6 libffi6 libcryptsetup4)</li>
</ul>
There are some packages not upgraded to bullseyes:
<ul>
<li>molly-guard: ✅ <code>0.7.2.0</code> is now used instead of <code>0.7.2.0~buster</code> on every host</li>
<li>rspamd: this package is upgraded manually, the upgrade requires to perform some manual checks</li>
</ul>
There are some used packages without any bullseyes version:
<ul>
<li>incron: ❔</li>
</ul>
<a class="user active user-mention" href="https://projects.duckcorp.org/users/3">@Marc Dequènes</a> on Jinta, could these packages be removed:
<ul>
<li><a href="https://packages.debian.org/stretch/dict-freedict-all" class="external">dict-freedict-all</a> It looks like there isn't a dict meta package anymore ? Should we update a playbook in order to ensure all other dict packages are installed ?</li>
<li>dict-moby-thesaurus, dict-bouvier, dict-gazetteer2k</li>
</ul> DuckCorp Infrastructure - Bug #742 (Resolved): NextCloud: fix security warning related to unused ...https://projects.duckcorp.org/issues/7422021-11-02T14:50:01ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<pre>
Avertissements de sécurité & configuration
Il est important pour la sécurité et la performance de votre instance que celle-ci soit correctement configurée. Afin de vous aider, votre instance Nextcloud effectue des vérifications automatiques. Pour de plus amples informations, veuillez consulter la documentation liée.
Il y a quelques avertissements concernant votre configuration.
Certains certificats SSL importés par les utilisateurs sont présents et ne sont plus utilisés avec Nextcloud 21. Ils peuvent être importés par l'interface en ligne de commande via la commande "occ security:certificates:import". Leurs chemins dans le dossier data sont affichés ci-dessous.
pilou/files_external/uploads/cloudindiehost.crt
</pre> DuckCorp Infrastructure - Enhancement #460 (Resolved): SSL/TLS: check ciphershttps://projects.duckcorp.org/issues/4602015-07-09T00:02:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
Checks:
<ul>
<li>NULL,EXPORT,LOW,3DES,aNULL must be disabled</li>
<li>RC4 must be disabled</li>
<li>SSLv2,SSLv3 must be disabled</li>
<li>TLSv1.1,TLSv1.2 must be enabled</li>
<li>PFS must be enabled</li>
</ul>
<ul>
<li>SSL Compression must be disabled</li>
</ul>
Configuration updates needed:
<ul>
<li>Postgresql (default conf used <code>HIGH:MEDIUM:+3DES:!aNULL</code>)</li>
<li>Apache (<code>RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW</code>)</li>
</ul>
<ul>
<li>References
<ul>
<li><a class="external" href="https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher">https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher</a></li>
<li><a class="external" href="https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/">https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/</a></li>
<li><a class="external" href="http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html">http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html</a></li>
<li><a class="external" href="https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations">https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations</a></li>
<li><a class="external" href="https://github.com/ioerror/duraconf">https://github.com/ioerror/duraconf</a></li>
</ul>
</li>
<li>Tools:
<ul>
<li><a class="external" href="https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh">https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh</a></li>
</ul></li>
</ul> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote> Bip - Enhancement #270 (Resolved): GIT: use signed taghttps://projects.duckcorp.org/issues/2702012-01-10T01:53:49ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Signed tags must be used.</p> Bip - Bug #269 (Resolved): buffer overflow when number of open file descriptors >= FD_SETSIZEhttps://projects.duckcorp.org/issues/2692012-01-07T10:28:05ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Reported by Julien Tinnes, thanks to him!</p>
<p>Bip doesn't check if fd is equal or larger than FD_SETSIZE.</p>
<p>From select man page:</p>
<blockquote>
<p>Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.</p>
</blockquote> Bip - Bug #186 (New): Bip crash after using "/QUOTE BIP TRUST OK" on a new connectionhttps://projects.duckcorp.org/issues/1862011-01-18T02:29:38ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h1 >How to reproduce:<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h1>
<ol>
<li>/etc/bip.conf: add a new ssl connection </li>
<li>restart bip (Debian: <em>/etc/init.d/bip restart</em>)</li>
<li>use <em>/QUOTE BIP TRUST OK</em><br /> # all client connections are disconnected</li>
</ol>
<a name="Logs"></a>
<h1 >Logs<a href="#Logs" class="wiki-anchor">¶</a></h1>
<a name="Client-logs"></a>
<h2 >Client logs:<a href="#Client-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>03:12:08 oftc | irc: connecting to server irc-bouncer/7778...<br />03:12:08 oftc | irc: connected to irc-bouncer<br />03:12:08 oftc -- | b.i.p (b.i.p): This server SSL certificate was not accepted because it is not in your store of trusted certificates:<br />03:12:08 oftc -- | b.i.p (b.i.p): Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): MD5 fingerprint: 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78<br />03:12:08 oftc -- | b.i.p (b.i.p): WARNING: if you've already trusted a certificate for this server before, that probably means it has changed.<br />03:12:08 oftc -- | b.i.p (b.i.p): If so, YOU MAY BE SUBJECT OF A MAN-IN-THE-MIDDLE ATTACK! PLEASE DON'T TRUST THIS CERTIFICATE IF YOU'RE NOT SURE THIS IS NOT THE CASE.<br />03:12:08 oftc -- | b.i.p (b.i.p): Type /QUOTE BIP TRUST OK to trust this certificate, /QUOTE BIP TRUST NO to discard it.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): ==== Certificate now trusted.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): No more certificates waiting awaiting user trust, thanks!<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): If the certificate is trusted, bip should be able to connect to the server on the next retry. Please wait a while and try connecting your client again.</p>
</blockquote>
<a name="Bip-logs"></a>
<h2 >Bip logs:<a href="#Bip-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>18-01-2011 03:12:12 ERROR: No certificate in SSL write_socket<br />18-01-2011 03:12:12 ERROR: SSL cert check failed at depth=3: certificate rejected (28)<br />18-01-2011 03:12:12 ERROR: Certificate check failed: certificate rejected (28)!<br />18-01-2011 03:12:12 ERROR: Error on fd 31 (state 9)<br />18-01-2011 03:12:12 ERROR: [oftc] read_lines error, closing...<br />18-01-2011 03:12:12 ERROR: [oftc] reconnecting in 240 seconds<br />18-01-2011 03:12:54 ERROR: No certificate in SSL write_socket</p>
</blockquote>