DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422022-08-28T14:08:34ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Bug #779 (Resolved): Upgrade NextCloud (from 23.0.8 to 24.0.4)https://projects.duckcorp.org/issues/7792022-08-28T14:08:34ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p>
<pre>
2022-08-28T15:34:59+00:00 Disabled incompatible app: breezedark
2022-08-28T15:34:59+00:00 Disabled incompatible app: end_to_end_encryption
2022-08-28T15:34:59+00:00 Disabled incompatible app: epubreader
2022-08-28T15:34:59+00:00 Disabled incompatible app: spreed
2022-08-28T15:34:59+00:00 Disabled incompatible app: twofactor_admin
2022-08-28T15:34:59+00:00 Disabled incompatible app: weather
</pre>
Supported apps:
<ul>
<li><a href="https://apps.nextcloud.com/apps/end_to_end_encryption" class="external">end_to_end_encryption</a></li>
<li><a href="https://apps.nextcloud.com/apps/breezedark" class="external">breezedark</a></li>
<li><a href="https://apps.nextcloud.com/apps/spreed" class="external">spreed</a></li>
</ul>
Unsupported/Unmaintained apps:
<ul>
<li>weather (disabled): <a class="external" href="https://github.com/nextcloud/weather/issues/102">https://github.com/nextcloud/weather/issues/102</a></li>
<li>twofactor_admin (enabled but the <code>occ</code> command <code> twofactorauth:admin:generate-code</code> doesn't appears ?): <a class="external" href="https://github.com/ChristophWurst/twofactor_admin/issues/229">https://github.com/ChristophWurst/twofactor_admin/issues/229</a></li>
</ul>
Patch applied:
<ul>
<li>epubreader: <a class="external" href="https://github.com/e-alfred/epubreader/issues/44">https://github.com/e-alfred/epubreader/issues/44</a> (patch attached)</li>
</ul> DuckCorp Infrastructure - Bug #778 (Resolved): Upgrade NextCloud (from 23.0.7 to 23.0.8)https://projects.duckcorp.org/issues/7782022-08-28T12:36:32ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Upgrade instructions: <code>toushirou</code>@<code>/srv/www/sites/stuff.milkypond.org/README.Duck</code>.</p> DuckCorp Infrastructure - Bug #776 (Resolved): Users are unable to register to projects.duckcorp.orghttps://projects.duckcorp.org/issues/7762022-07-10T10:42:55ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>There is an issue related to the captcha:<br /><pre>
Oops, we failed to validate your reCAPTCHA response. Please try again.
</pre><br />I tried with firefox and chromium.</p>
<p><code>/var/log/redmine/dc/production.log</code> from the <code>redmine</code> LXC container:<br /><pre>
Started POST "/account/register" for 185.238.6.46 at 2022-07-10 12:53:52 +0000
Processing by AccountController#register as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[REDACTED]", "user"=>{"login"=>"pilou_test", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "firstname"=>"pilou", "lastname"=>"pilou_test", "mail"=>"pilou_test@ir5.eu", "language"=>"fr"}, "g-recaptcha-response"=>"[REDACTED]", "commit"=>"Soumettre"}
Current user: anonymous
Rendering plugins/recaptcha/app/views/account/register.html.erb within layouts/base
Rendered plugins/recaptcha/app/views/account/register.html.erb within layouts/base (8.8ms)
Completed 200 OK in 3022ms (Views: 14.7ms | ActiveRecord: 1.4ms)
</pre></p> DuckCorp Infrastructure - Bug #775 (Resolved): Ninjabot doesn't handle unreachable networkhttps://projects.duckcorp.org/issues/7752022-07-10T09:29:08ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Ninjabot was unable to reconnect after encountering a temporarily unreachable network:<br /><pre>
Jul 07 00:40:11 orthos.duckcorp.org ninjabot[1608725]: <= {} None PING ['irc2.duckcorp.org']
Jul 07 00:41:31 orthos.duckcorp.org ninjabot[1608725]: [126B blob data]
Jul 07 00:42:08 orthos.duckcorp.org ninjabot[1608725]: [132B blob data]
Jul 07 00:46:31 orthos.duckcorp.org ninjabot[1608725]: [129B blob data]
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: Traceback (most recent call last):
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/opt/ninjabot/venv/bin/ninjabot", line 8, in <module>
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: sys.exit(ninjabot.cli())
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/opt/ninjabot/venv/lib/python3.9/site-packages/ninjabot/ninjabot.py", line 38, in cli
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: client.start()
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/opt/ninjabot/venv/lib/python3.9/site-packages/py_irc/irc.py", line 99, in start
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: buf = self.socket.recv(4096)
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/usr/lib/python3.9/ssl.py", line 1226, in recv
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: return self.read(buflen)
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: File "/usr/lib/python3.9/ssl.py", line 1101, in read
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: return self._sslobj.read(len)
Jul 07 00:58:02 orthos.duckcorp.org ninjabot[1608725]: OSError: [Errno 101] Network is unreachable
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: [127B blob data]
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: Connection broke up
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: Attemting to connect to irc.milkypond.org
Jul 07 04:56:32 orthos.duckcorp.org ninjabot[1608725]: Connected to irc.milkypond.org
</pre><br />The bot wasn't connected at <code>04:56:32</code>, a manual restart of the service was required.</p> DuckCorp Infrastructure - Bug #774 (Resolved): slapd service was stopped on toushirouhttps://projects.duckcorp.org/issues/7742022-06-27T05:22:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>unattended-upgrades restarted slapd process but slapd wasn't able to start due to other slapd being also restarted by unattended-upgrades:<br /><pre>
Log started: 2022-06-27 06:24:52
[...]
Restarting services...
systemctl restart apache2.service clamav-daemon.service clamav-freshclam.service dovecot.service fail2ban.service mariadb.service matrix-appservice-irc.service matrix-synapse.service named.service nslcd.service php7.4-fpm.service postfix-mta-sts-resolver.service postfix@-.service proftpd.service redis-server.service rspamd.service slapd.service smokeping.service spoolinger.service ssh.service stunnel4.service systemd-journald.service systemd-udevd.service thelounge.service tt-rss.service xl2tpd.service
</pre><br /><pre>
Jun 27 06:25:14 Toushirou slapd[51648]: Stopping OpenLDAP: slapd
Jun 27 06:25:14 Toushirou slapd[51914]: failed!
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Control process exited, code=exited, status=1/FAILURE
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Failed with result 'exit-code'.
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Unit process 3026804 (slapd) remains running after unit stopped.
Jun 27 06:25:14 Toushirou systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Consumed 23min 5.763s CPU time.
Jun 27 06:25:14 Toushirou systemd[1]: slapd.service: Found left-over process 3026804 (slapd) in control group while starting unit. Ignoring.
Jun 27 06:25:14 Toushirou systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jun 27 06:25:14 Toushirou systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jun 27 06:25:14 Toushirou slapd[51915]: Starting OpenLDAP: slapd.
Jun 27 06:25:14 Toushirou systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Jun 27 06:26:16 Toushirou slapd[3026804]: slap_client_connect: URI=ldaps://db-ldap-3.duckcorp.org DN="cn=[REDACTED],cn=config" ldap_sasl_bind_s failed (-1)
Jun 27 06:26:16 Toushirou slapd[3026804]: do_syncrepl: rid=103 rc -1 retrying
Jun 27 06:29:16 Toushirou slapd[3026804]: slap_client_connect: URI=ldaps://db-ldap-3.duckcorp.org DN="cn=[REDACTED],cn=config" ldap_sasl_bind_s failed (-1)
Jun 27 06:29:16 Toushirou slapd[3026804]: do_syncrepl: rid=003 rc -1 retrying
Jun 27 06:29:16 Toushirou slapd[3026804]: conn=-1 op=0 syncprov_checkpoint: running checkpoint
Jun 27 06:29:16 Toushirou slapd[3026804]: DIGEST-MD5 common mech free
Jun 27 06:29:16 Toushirou slapd[3026804]: DIGEST-MD5 common mech free
Jun 27 06:29:16 Toushirou slapd[3026804]: slapd stopped.
Jun 27 06:29:16 Toushirou slapd[52543]: Stopping OpenLDAP: slapd.
Jun 27 06:29:16 Toushirou systemd[1]: slapd.service: Succeeded.
Jun 27 08:55:22 Toushirou systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Jun 27 08:55:22 Toushirou slapd[117269]: @(#) $OpenLDAP: slapd 2.5.6+dfsg-1~exp1 (Aug 10 2021 03:50:37) $
Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
</pre></p> DuckCorp Infrastructure - Bug #772 (Resolved): toushirou: matrix-appservice-irc.service is failedhttps://projects.duckcorp.org/issues/7722022-06-14T23:14:23ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<pre>
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● matrix-appservice-irc.service loaded failed failed Matrix AppService IRC
# journalctl -u matrix-appservice-irc.service
Jun 15 03:06:58 Toushirou systemd[1]: matrix-synapse.service: Scheduled restart job, restart counter is at 169177.
Jun 15 03:06:58 Toushirou systemd[1]: Stopped Synapse Matrix homeserver.
Jun 15 03:06:58 Toushirou systemd[1]: Starting Synapse Matrix homeserver...
Jun 15 03:06:59 Toushirou python3[1288189]: ERROR:root:Needed matrix-common==1.0.0, got matrix-common==1.1.0
Jun 15 03:06:59 Toushirou python3[1288189]: Missing Requirements: "matrix-common==1.0.0"
Jun 15 03:06:59 Toushirou python3[1288189]: To install run:
Jun 15 03:06:59 Toushirou python3[1288189]: pip install --upgrade --force "matrix-common==1.0.0"
Jun 15 03:06:59 Toushirou systemd[1]: matrix-synapse.service: Control process exited, code=exited, status=1/FAILURE
Jun 15 03:06:59 Toushirou systemd[1]: matrix-synapse.service: Failed with result 'exit-code'.
Jun 15 03:06:59 Toushirou systemd[1]: Failed to start Synapse Matrix homeserver.
# apt policy matrix-synapse
matrix-synapse:
Installed: 1.52.0-1~bpo11+1
Candidate: 1.57.1-1~bpo11+1
Version table:
1.57.1-1~bpo11+1 100
100 https://deb.debian.org/debian bullseye-backports/main amd64 Packages
*** 1.52.0-1~bpo11+1 100
100 /var/lib/dpkg/status
1.40.0-1~fto11+1 100
100 https://fasttrack.debian.net/debian bullseye-fasttrack/main amd64 Packages
# apt install -t bullseye-backports matrix-synapse
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● matrix-appservice-irc.service loaded failed failed Matrix AppService IRC
# systemctl restart matrix-appservice-irc.service
# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.
</pre> DuckCorp Infrastructure - Bug #771 (Resolved): Toushirou: leftovers related to 00d55fd3 (apache2 ...https://projects.duckcorp.org/issues/7712022-06-05T18:45:48ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Following <a class="changeset" title="guihome: reorganize DDNS account" href="https://projects.duckcorp.org/projects/dc-admin/repository/duckcorp-infra/revisions/00d55fd33fe9c2d59cfb99ecf4d299e0cad81325">00d55fd3</a>, <code>logrotate</code> failed to reload <code>apache2</code>.</p>
I removed the following files:
<ul>
<li><code>/etc/apache2/sites-enabled/www.<redacted>.eu_ssl.conf</code></li>
<li><code>/etc/php/7.{3,4}/fpm/pool.d/www.<redacted>.eu.conf</code></li>
</ul>
<p>and reloaded <code>apache2.service</code>, restarted both <code>php7.4-fpm.service</code> and <code>logrotate.service</code>.</p>
<p>Then I checked status and logs of these services.</p> DuckCorp Infrastructure - Bug #769 (Rejected): Toushirou get stuck randomly at boothttps://projects.duckcorp.org/issues/7692022-04-15T23:36:48ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Toushirou get stuck randomly at boot.</p>
Another reboot party needs to be planned in order to assess this issue:
<ul>
<li><a href="https://www.askapache.com/linux/linux-debugging/" class="external">kernel parameters</a>: <code>debug ignore_loglevel log_buf_len=10M print_fatal_signals=1 LOGLEVEL=8 earlyprintk=vga,keep sched_debug console=ttyS0,115200 systemd.log_level=debug</code></li>
<li><a href="https://www.suse.com/support/kb/doc/?id=000019461" class="external">step by step systemd boot process</a></li>
<li><a class="external" href="https://wiki.debian.org/systemd#systemd_hangs_on_startup_or_shutdown">https://wiki.debian.org/systemd#systemd_hangs_on_startup_or_shutdown</a></li>
</ul>
<p>Pictures:<br /><img src="https://projects.duckcorp.org/attachments/download/167/2022-04-13-185627_001.jpeg" loading="lazy" style="width: 50%;" alt="" /><br /><img src="https://projects.duckcorp.org/attachments/download/168/2022-04-13-185651_001.jpeg" loading="lazy" style="width: 50%;" alt="" /></p> DuckCorp Infrastructure - Bug #767 (New): mailman3-web internal errorhttps://projects.duckcorp.org/issues/7672022-03-27T19:49:44ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>I just tried to use mailmain3-web to remove my old email address from the the dc-admins list. I encountered an HTTP 500 (twice).<br /><pre>
ERROR 2022-03-27 21:43:42,082 1507813 postorius Mailman REST API not available
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 532, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 718, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 445, in _make_request
six.raise_from(e, None)
File "<string>", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 440, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.9/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib/python3.9/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.9/http/client.py", line 276, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 107, in call
response = request(
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py", line 52, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py", line 109, in dispatch
return super().dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/postorius/views/generic.py", line 74, in dispatch
return super(MailingListView, self).dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py", line 97, in dispatch
return handler(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 183, in post
return self._member_post(request, role)
File "/usr/lib/python3/dist-packages/postorius/views/list.py", line 135, in _member_post
self.mailing_list.unsubscribe(member)
File "/usr/lib/python3/dist-packages/mailmanclient/restobjects/mailinglist.py", line 414, in unsubscribe
self._connection.call(path, method='DELETE')
File "/usr/lib/python3/dist-packages/mailmanclient/restbase/connection.py", line 135, in call
raise MailmanConnectionError(
mailmanclient.restbase.connection.MailmanConnectionError: ('Could not connect to Mailman API: ', "ConnectionError(ProtocolError('Connection aborted.', RemoteDisconnected('Remote end closed connection without response')))")
ERROR 2022-03-27 21:43:42,091 1507813 django.request Service Unavailable: /postorius/lists/dc-admins.lists.duckcorp.org/members/member/
</pre></p> DuckCorp Infrastructure - Bug #766 (Resolved): Orfeo postman[1643199]: /usr/lib/ruby/vendor_ruby/...https://projects.duckcorp.org/issues/7662022-03-27T19:32:48ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<pre>
Mar 27 23:29:04 Orfeo postman[1643199]: /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require': cannot load such file -- active_ldap (LoadError)
Mar 27 23:29:04 Orfeo postman[1643199]: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
Mar 27 23:29:04 Orfeo postman[1643199]: from /opt/cyborghood/lib/cyborghood/objects/ldap.rb:24:in `<top (required)>'
Mar 27 23:29:04 Orfeo postman[1643199]: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
Mar 27 23:29:04 Orfeo postman[1643199]: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
Mar 27 23:29:04 Orfeo postman[1643199]: from /opt/cyborghood/lib/cyborghood/objects.rb:20:in `<top (required)>'
Mar 27 23:29:04 Orfeo postman[1643199]: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
Mar 27 23:29:04 Orfeo postman[1643199]: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
Mar 27 23:29:04 Orfeo postman[1643199]: from /opt/cyborghood/lib/cyborghood/mail.rb:22:in `<top (required)>'
Mar 27 23:29:04 Orfeo postman[1643199]: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
Mar 27 23:29:04 Orfeo postman[1643199]: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
Mar 27 23:29:04 Orfeo postman[1643199]: from /opt/cyborghood/bin/postman:30:in `<main>'
Mar 27 23:29:04 Orfeo systemd[1]: cyborghood_postman.service: Main process exited, code=exited, status=1/FAILURE
</pre> DuckCorp Infrastructure - Enhancement #460 (Resolved): SSL/TLS: check ciphershttps://projects.duckcorp.org/issues/4602015-07-09T00:02:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
Checks:
<ul>
<li>NULL,EXPORT,LOW,3DES,aNULL must be disabled</li>
<li>RC4 must be disabled</li>
<li>SSLv2,SSLv3 must be disabled</li>
<li>TLSv1.1,TLSv1.2 must be enabled</li>
<li>PFS must be enabled</li>
</ul>
<ul>
<li>SSL Compression must be disabled</li>
</ul>
Configuration updates needed:
<ul>
<li>Postgresql (default conf used <code>HIGH:MEDIUM:+3DES:!aNULL</code>)</li>
<li>Apache (<code>RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW</code>)</li>
</ul>
<ul>
<li>References
<ul>
<li><a class="external" href="https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher">https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher</a></li>
<li><a class="external" href="https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/">https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/</a></li>
<li><a class="external" href="http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html">http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html</a></li>
<li><a class="external" href="https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations">https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations</a></li>
<li><a class="external" href="https://github.com/ioerror/duraconf">https://github.com/ioerror/duraconf</a></li>
</ul>
</li>
<li>Tools:
<ul>
<li><a class="external" href="https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh">https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh</a></li>
</ul></li>
</ul> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote> Bip - Enhancement #270 (Resolved): GIT: use signed taghttps://projects.duckcorp.org/issues/2702012-01-10T01:53:49ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Signed tags must be used.</p> Bip - Bug #269 (Resolved): buffer overflow when number of open file descriptors >= FD_SETSIZEhttps://projects.duckcorp.org/issues/2692012-01-07T10:28:05ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Reported by Julien Tinnes, thanks to him!</p>
<p>Bip doesn't check if fd is equal or larger than FD_SETSIZE.</p>
<p>From select man page:</p>
<blockquote>
<p>Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.</p>
</blockquote> Bip - Bug #186 (New): Bip crash after using "/QUOTE BIP TRUST OK" on a new connectionhttps://projects.duckcorp.org/issues/1862011-01-18T02:29:38ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h1 >How to reproduce:<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h1>
<ol>
<li>/etc/bip.conf: add a new ssl connection </li>
<li>restart bip (Debian: <em>/etc/init.d/bip restart</em>)</li>
<li>use <em>/QUOTE BIP TRUST OK</em><br /> # all client connections are disconnected</li>
</ol>
<a name="Logs"></a>
<h1 >Logs<a href="#Logs" class="wiki-anchor">¶</a></h1>
<a name="Client-logs"></a>
<h2 >Client logs:<a href="#Client-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>03:12:08 oftc | irc: connecting to server irc-bouncer/7778...<br />03:12:08 oftc | irc: connected to irc-bouncer<br />03:12:08 oftc -- | b.i.p (b.i.p): This server SSL certificate was not accepted because it is not in your store of trusted certificates:<br />03:12:08 oftc -- | b.i.p (b.i.p): Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): MD5 fingerprint: 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78<br />03:12:08 oftc -- | b.i.p (b.i.p): WARNING: if you've already trusted a certificate for this server before, that probably means it has changed.<br />03:12:08 oftc -- | b.i.p (b.i.p): If so, YOU MAY BE SUBJECT OF A MAN-IN-THE-MIDDLE ATTACK! PLEASE DON'T TRUST THIS CERTIFICATE IF YOU'RE NOT SURE THIS IS NOT THE CASE.<br />03:12:08 oftc -- | b.i.p (b.i.p): Type /QUOTE BIP TRUST OK to trust this certificate, /QUOTE BIP TRUST NO to discard it.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): ==== Certificate now trusted.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): No more certificates waiting awaiting user trust, thanks!<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): If the certificate is trusted, bip should be able to connect to the server on the next retry. Please wait a while and try connecting your client again.</p>
</blockquote>
<a name="Bip-logs"></a>
<h2 >Bip logs:<a href="#Bip-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>18-01-2011 03:12:12 ERROR: No certificate in SSL write_socket<br />18-01-2011 03:12:12 ERROR: SSL cert check failed at depth=3: certificate rejected (28)<br />18-01-2011 03:12:12 ERROR: Certificate check failed: certificate rejected (28)!<br />18-01-2011 03:12:12 ERROR: Error on fd 31 (state 9)<br />18-01-2011 03:12:12 ERROR: [oftc] read_lines error, closing...<br />18-01-2011 03:12:12 ERROR: [oftc] reconnecting in 240 seconds<br />18-01-2011 03:12:54 ERROR: No certificate in SSL write_socket</p>
</blockquote>