DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422024-02-02T16:43:52ZDuckCorp Projects
Redmine Bip - Bug #792 (New): Handle CAP request/reply on client connectionshttps://projects.duckcorp.org/issues/7922024-02-02T16:43:52ZLoïc Gomez
<p>Some clients will expect BIP to send a CAP reply on client connect.<br />For example, Goguma on Android will send something like this:<br /><pre>
02-02-2024 17:45:21 DEBUG: "CAP LS 302"
02-02-2024 17:45:21 DEBUG: "NICK kyoshiro"
02-02-2024 17:45:21 DEBUG: "USER kyoshiro 0 * kyoshiro"
02-02-2024 17:45:21 DEBUG: "CAP REQ sasl"
02-02-2024 17:45:21 DEBUG: "AUTHENTICATE PLAIN"
02-02-2024 17:45:21 DEBUG: "AUTHENTICATE REDACTED_B64"
02-02-2024 17:45:21 DEBUG: "CAP END"
</pre></p> DuckCorp Infrastructure - Bug #783 (In Progress): Move Services out of Orfeohttps://projects.duckcorp.org/issues/7832023-07-09T13:51:58ZMarc Dequènesduck@duckcorp.org
Orfeo's RAID ! has one disk down, so let's move certain services out of it for now:
<ul>
<li>✅ PostgreSQL database -> Toushirou</li>
<li>✅ webmail -> Toushirou</li>
<li>✅ mailing-lists -> Toushirou</li>
<li>✅ XMPP -> Jinta</li>
<li>🔳 IRC services</li>
<li>🔳 (maybe, or later if things gets bad) NS1 & DDNS -> Toushirou</li>
</ul> Bip - Anonymous #780 (In Progress): Openssl 3.0https://projects.duckcorp.org/issues/7802022-09-16T10:33:33ZAnonymous
<p>Trying to build with OpenSSL 3, it fails with:<br /><pre><code class="c syntaxhl" data-language="c"><span class="n">gcc</span> <span class="o">-</span><span class="n">DHAVE_CONFIG_H</span> <span class="o">-</span><span class="n">I</span><span class="p">.</span> <span class="o">-</span><span class="n">Wall</span> <span class="o">-</span><span class="n">Wextra</span> <span class="o">-</span><span class="n">Werror</span> <span class="o">-</span><span class="n">O2</span> <span class="o">-</span><span class="n">D_FORTIFY_SOURCE</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">fstack</span><span class="o">-</span><span class="n">protector</span><span class="o">-</span><span class="n">strong</span> <span class="o">-</span><span class="n">fstack</span><span class="o">-</span><span class="n">clash</span><span class="o">-</span><span class="n">protection</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">relro</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">now</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">noexecstack</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">z</span><span class="p">,</span><span class="n">separate</span><span class="o">-</span><span class="n">code</span> <span class="o">-</span><span class="n">Wpedantic</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">truncation</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">security</span> <span class="o">-</span><span class="n">Wnull</span><span class="o">-</span><span class="n">dereference</span> <span class="o">-</span><span class="n">Wstack</span><span class="o">-</span><span class="n">protector</span> <span class="o">-</span><span class="n">Wtrampolines</span> <span class="o">-</span><span class="n">Walloca</span> <span class="o">-</span><span class="n">Wvla</span> <span class="o">-</span><span class="n">Warray</span><span class="o">-</span><span class="n">bounds</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wimplicit</span><span class="o">-</span><span class="n">fallthrough</span><span class="o">=</span><span class="mi">3</span> <span class="o">-</span><span class="n">Wtraditional</span><span class="o">-</span><span class="n">conversion</span> <span class="o">-</span><span class="n">Wshift</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">Wcast</span><span class="o">-</span><span class="n">qual</span> <span class="o">-</span><span class="n">Wstringop</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">4</span> <span class="o">-</span><span class="n">Wconversion</span> <span class="o">-</span><span class="n">Warith</span><span class="o">-</span><span class="n">conversion</span> <span class="o">-</span><span class="n">Wlogical</span><span class="o">-</span><span class="n">op</span> <span class="o">-</span><span class="n">Wduplicated</span><span class="o">-</span><span class="n">cond</span> <span class="o">-</span><span class="n">Wduplicated</span><span class="o">-</span><span class="n">branches</span> <span class="o">-</span><span class="n">Wformat</span><span class="o">-</span><span class="n">signedness</span> <span class="o">-</span><span class="n">Wshadow</span> <span class="o">-</span><span class="n">Wstrict</span><span class="o">-</span><span class="n">overflow</span><span class="o">=</span><span class="mi">4</span> <span class="o">-</span><span class="n">Wundef</span> <span class="o">-</span><span class="n">Wstrict</span><span class="o">-</span><span class="n">prototypes</span> <span class="o">-</span><span class="n">Wswitch</span><span class="o">-</span><span class="k">default</span> <span class="o">-</span><span class="n">Wswitch</span><span class="o">-</span><span class="k">enum</span> <span class="o">-</span><span class="n">Wstack</span><span class="o">-</span><span class="n">usage</span><span class="o">=</span><span class="mi">1000000</span> <span class="o">-</span><span class="n">Wcast</span><span class="o">-</span><span class="n">align</span><span class="o">=</span><span class="n">strict</span> <span class="o">-</span><span class="n">O2</span> <span class="o">-</span><span class="n">g</span> <span class="o">-</span><span class="n">pipe</span> <span class="o">-</span><span class="n">Wformat</span> <span class="o">-</span><span class="n">Werror</span><span class="o">=</span><span class="n">format</span><span class="o">-</span><span class="n">security</span> <span class="o">-</span><span class="n">Wp</span><span class="p">,</span><span class="o">-</span><span class="n">D_FORTIFY_SOURCE</span><span class="o">=</span><span class="mi">2</span> <span class="o">-</span><span class="n">fstack</span><span class="o">-</span><span class="n">protector</span> <span class="o">--</span><span class="n">param</span><span class="o">=</span><span class="n">ssp</span><span class="o">-</span><span class="n">buffer</span><span class="o">-</span><span class="n">size</span><span class="o">=</span><span class="mi">4</span> <span class="o">-</span><span class="n">fasynchronous</span><span class="o">-</span><span class="n">unwind</span><span class="o">-</span><span class="n">tables</span> <span class="o">-</span><span class="n">DPIC</span> <span class="o">-</span><span class="n">fPIC</span> <span class="o">-</span><span class="n">c</span> <span class="o">-</span><span class="n">o</span> <span class="n">libbip_a</span><span class="o">-</span><span class="n">connection</span><span class="p">.</span><span class="n">o</span> <span class="err">`</span><span class="n">test</span> <span class="o">-</span><span class="n">f</span> <span class="err">'</span><span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="err">'</span> <span class="o">||</span> <span class="n">echo</span> <span class="err">'</span><span class="p">.</span><span class="o">/</span><span class="err">'`</span><span class="n">connection</span><span class="p">.</span><span class="n">c</span>
<span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span> <span class="n">In</span> <span class="n">function</span> <span class="err">'</span><span class="n">ctx_set_dh</span><span class="err">'</span><span class="o">:</span>
<span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span><span class="mi">1184</span><span class="o">:</span><span class="mi">9</span><span class="o">:</span> <span class="n">error</span><span class="o">:</span> <span class="err">'</span><span class="n">PEM_read_DHparams</span><span class="err">'</span> <span class="n">is</span> <span class="n">deprecated</span><span class="o">:</span> <span class="n">Since</span> <span class="n">OpenSSL</span> <span class="mi">3</span><span class="p">.</span><span class="mi">0</span> <span class="p">[</span><span class="o">-</span><span class="n">Werror</span><span class="o">=</span><span class="n">deprecated</span><span class="o">-</span><span class="n">declarations</span><span class="p">]</span>
<span class="mi">1184</span> <span class="o">|</span> <span class="n">dh</span> <span class="o">=</span> <span class="n">PEM_read_DHparams</span><span class="p">(</span><span class="n">f</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">);</span>
<span class="o">|</span> <span class="o">^~</span>
<span class="n">In</span> <span class="n">file</span> <span class="n">included</span> <span class="n">from</span> <span class="n">connection</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">37</span><span class="p">,</span>
<span class="n">from</span> <span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span><span class="mi">18</span><span class="o">:</span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">pem</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">469</span><span class="o">:</span><span class="mi">1</span><span class="o">:</span> <span class="n">note</span><span class="o">:</span> <span class="n">declared</span> <span class="n">here</span>
<span class="mi">469</span> <span class="o">|</span> <span class="n">DECLARE_PEM_rw_attr</span><span class="p">(</span><span class="n">OSSL_DEPRECATEDIN_3_0</span><span class="p">,</span> <span class="n">DHparams</span><span class="p">,</span> <span class="n">DH</span><span class="p">)</span>
<span class="o">|</span> <span class="o">^~~~~~~~~~~~~~~~~~~</span>
<span class="n">connection</span><span class="p">.</span><span class="n">c</span><span class="o">:</span><span class="mi">1199</span><span class="o">:</span><span class="mi">9</span><span class="o">:</span> <span class="n">error</span><span class="o">:</span> <span class="err">'</span><span class="n">DH_free</span><span class="err">'</span> <span class="n">is</span> <span class="n">deprecated</span><span class="o">:</span> <span class="n">Since</span> <span class="n">OpenSSL</span> <span class="mi">3</span><span class="p">.</span><span class="mi">0</span> <span class="p">[</span><span class="o">-</span><span class="n">Werror</span><span class="o">=</span><span class="n">deprecated</span><span class="o">-</span><span class="n">declarations</span><span class="p">]</span>
<span class="mi">1199</span> <span class="o">|</span> <span class="n">DH_free</span><span class="p">(</span><span class="n">dh</span><span class="p">);</span>
<span class="o">|</span> <span class="o">^~~~~~~</span>
<span class="n">In</span> <span class="n">file</span> <span class="n">included</span> <span class="n">from</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">dsa</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">51</span><span class="p">,</span>
<span class="n">from</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">x509</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">37</span><span class="p">,</span>
<span class="n">from</span> <span class="n">connection</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">35</span><span class="o">:</span>
<span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">include</span><span class="o">/</span><span class="n">openssl</span><span class="o">/</span><span class="n">dh</span><span class="p">.</span><span class="n">h</span><span class="o">:</span><span class="mi">200</span><span class="o">:</span><span class="mi">28</span><span class="o">:</span> <span class="n">note</span><span class="o">:</span> <span class="n">declared</span> <span class="n">here</span>
<span class="mi">200</span> <span class="o">|</span> <span class="n">OSSL_DEPRECATEDIN_3_0</span> <span class="kt">void</span> <span class="nf">DH_free</span><span class="p">(</span><span class="n">DH</span> <span class="o">*</span><span class="n">dh</span><span class="p">);</span>
<span class="o">|</span> <span class="o">^~~~~~~</span>
</code></pre><br />With GCC12</p> Bip - Anonymous #777 (In Progress): Build fails on FreeBSD Clang https://projects.duckcorp.org/issues/7772022-08-25T13:15:31ZAnonymous
<pre>
./configure && make
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking for gcc... no
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether cc accepts -g... yes
checking for cc option to enable C11 features... unsupported
checking for cc option to enable C99 features... unsupported
checking for cc option to enable C89 features... unsupported
checking whether cc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of cc... gcc3
checking for ar... ar
checking the archiver (ar) interface... ar
checking for ranlib... ranlib
checking for flex... flex
checking for lex output file root... lex.yy
checking for lex library... none needed
checking for library containing yywrap... -lfl
checking whether yytext is a pointer... yes
checking for bison... bison -y
checking for pkg-config... /usr/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for libssl >= 0.9.8 libcrypto >= 0.9.8... no
checking whether cc accepts PIE flags... yes
checking for check >= 0.9.6... yes
checking for backtrace_symbols_fd... no
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
OPENSSL: no
PIE: yes
TESTS: yes
Making all in src
make all-am
cc -DHAVE_CONFIG_H -I. -Wall -Wextra -Werror -O2 -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wtraditional-conversion -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Warith-conversion -Wlogical-op -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 -Wcast-align=strict -g -O2 -fPIE -MT bip-bip_main.o -MD -MP -MF .deps/bip-bip_main.Tpo -c -o bip-bip_main.o `test -f 'bip_main.c' || echo './'`bip_main.c
cc: error: -Wl,-z,relro: 'linker' input unused [-Werror,-Wunused-command-line-argument]
cc: error: -Wl,-z,now: 'linker' input unused [-Werror,-Wunused-command-line-argument]
cc: error: -Wl,-z,noexecstack: 'linker' input unused [-Werror,-Wunused-command-line-argument]
cc: error: -Wl,-z,separate-code: 'linker' input unused [-Werror,-Wunused-command-line-argument]
*** Error code 1
Stop.
make[2]: stopped in /usr/home/SCRUBBED_USERNAME/bip/bip-0.9.3/src
*** Error code 1
Stop.
make[1]: stopped in /usr/home/SCRUBBED_USERNAME/bip/bip-0.9.3/src
*** Error code 1
Stop.
make: stopped in /usr/home/SCRUBBED_USERNAME/bip/bip-0.9.3
</pre>
<p>Using -Wno-unused-command-line-argument results in:<br /><pre>
error: unknown warning option '-Wformat-overflow=2'; did you mean '-Wshift-overflow'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wformat-truncation=2' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wtrampolines' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Warray-bounds=2'; did you mean '-Warray-bounds'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wimplicit-fallthrough=3'; did you mean '-Wimplicit-fallthrough'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wtraditional-conversion'; did you mean '-Wliteral-conversion'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wshift-overflow=2'; did you mean '-Wshift-overflow'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wstringop-overflow=4'; did you mean '-Wshift-overflow'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Warith-conversion' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wlogical-op'; did you mean '-Wlong-long'? [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wduplicated-cond' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wduplicated-branches' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wformat-signedness' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wstack-usage=1000000' [-Werror,-Wunknown-warning-option]
error: unknown warning option '-Wcast-align=strict'; did you mean '-Wcast-align'? [-Werror,-Wunknown-warning-option]
</pre></p> Bip - Enhancement #758 (In Progress): Load new certificates on /BIP RELOAD / SIGHUPhttps://projects.duckcorp.org/issues/7582022-03-15T19:51:15ZLoïc Gomez
<p>We need to find a way to re-read SSL cert/key for use with new client connections.<br />Most people probably use Let's Encrypt, which means they need to restart BIP every 3 months.</p> DuckCorp Infrastructure - Enhancement #657 (In Progress): OOB management for Toushirouhttps://projects.duckcorp.org/issues/6572019-07-04T13:48:43ZMarc Dequènesduck@duckcorp.org
<p>This involves, plugging the cable, network configuration with Hivane, configuration on the server and documentation.</p>
<p>As Toushirou recently crashed for no reason that could be explained I raised the priority a bit.</p> DuckCorp Infrastructure - Bug #656 (New): Raise the backup system from the deadhttps://projects.duckcorp.org/issues/6562019-07-04T13:45:01ZMarc Dequènesduck@duckcorp.org
<p>Old files from Nicecity-OLD needs to be retrieved and put in the right place.</p>
<p>Then we need to resume the work around the new backup system which was left unfinished in <a class="issue tracker-2 status-7 priority-4 priority-default parent" title="Enhancement: Change Backup System (In Progress)" href="https://projects.duckcorp.org/issues/497">#497</a>.</p>
<p>If there's any reason to change our mind that's the right moment. I personally have no problem with the current plan.<br />If we go on then we need to create a new simpler burp role as explained by Pilou on IRC.</p> DuckCorp Infrastructure - Enhancement #652 (In Progress): Orfeo would like a brand new bodyhttps://projects.duckcorp.org/issues/6522019-05-08T16:47:00ZMarc Dequènesduck@duckcorp.org
<p>It is a followup of <a class="issue tracker-2 status-3 priority-4 priority-default closed parent" title="Enhancement: Toushirou would like a brand new body (Resolved)" href="https://projects.duckcorp.org/issues/537">#537</a> for Orfeo only.</p>
<p>Orfeo is old too and even if we do not need more power now it crashed last year for an undetermined reason and we should think of the future.</p>
<p>I'm still looking into the possibility of hosting it on a Elwing container using LXD. My internet connection is better even if not wonderful. And my complicated network config and Hivane L2TP tunnel are stable now. As we might never have the ability to change the machine in the current hosting I guess it's even more an interesting possibility to explore.</p> DuckCorp Infrastructure - Bug #603 (New): Organize Regular Maintenance taskshttps://projects.duckcorp.org/issues/6032017-09-30T16:24:50ZMarc Dequènesduck@duckcorp.org
<p>In the deprecated Admin wiki there was a page documenting this. I wish to raise this subject because this is such a pain to be alone doing all this and in the end I'm not doing all of them or not properly.</p>
The tasks (from the old wiki, including estimated workload level in parenthesis, with minor changes):
<ul>
<li>MP/DC Mailing-lists moderation (moderate): once per week, check Mailman pending posts</li>
<li><del>DSPAM special accounts and MP/DC Mailing-list accounts management (moderate): train and check quarantine</del> (removed, see <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: DSPAM has no future (Resolved)" href="https://projects.duckcorp.org/issues/435">#435</a>)</li>
<li>Reports check (high): check machines reports (logcheck, rkhunter, scripts report, ...) and fix urgent problems or add less-important ones to the todolist</li>
<li>Backup check (low): check backup is working well and not missing important data (once a month?) (monitoring may help)</li>
<li>Supervision check (moderate/high): check supervision on a regular basis and fix problems / tune settings</li>
<li>IRC maintenance (low): check linking / services / bots problems, and defends against devils' attacks</li>
</ul>
<p>The Reports check includes using the reports on the ML, some possibly only sent to root@, and an external mailbox hosted at Nerim (in case everything is down and for security alerts if an intruder hides its traces). This should be documented.</p>
This ticket is about:
<ul>
<li>clarifying:
<ul>
<li>the list or regular tasks</li>
<li>tasks check frequency</li>
<li>specific credentials and tooling necessary to accomplish these tasks</li>
</ul>
</li>
<li>deciding who can help on which task</li>
<li>improving workflow or tooling (might involve creating other tickets)</li>
<li>documenting all the previous points (we may use the Redmine wiki for this)</li>
</ul> Bip - Bug #500 (New): bip 0.8.9 and 0.9.0 often fail on SSL/TLS connection to Freenodehttps://projects.duckcorp.org/issues/5002016-11-24T20:22:11ZAdam Williamsonadamw@happyassassin.net
<p>After rebooting my Bip server today, I noticed it frequently fails on attempts to connect to Freenode via SSL/TLS, like this:</p>
<pre><code>Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 [freenode] Connecting user 'adamw' using server chat.freenode.net:7000<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 No SSL certificate check store configured. Default store will be used.<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 WARNING: mySSL_get_cert() SSL server supplied no certificate !<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 ERROR: No certificate in SSL write_socket<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 WARNING: mySSL_get_cert() SSL server supplied no certificate !<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 ERROR: No certificate in SSL write_socket<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 WARNING: mySSL_get_cert() SSL server supplied no certificate !<br /> Nov 24 12:14:20 ircproxy.happyassassin.net bip[1342]: 24-11-2016 12:14:20 ERROR: No certificate in SSL write_socket</code></pre>
<p>It's rather strange, because it suggests that `SSL_get_peer_certificate()` is failing, and I don't know why it would do that (and it doesn't seem very easy to debug. Man I hate openssl.) I can only think there must, somehow, be something wrong with the SSL context.</p>
<p>I don't think there is a server issue here, as HexChat seems to always work when I try it (with SSL). I do note that Hexchat seems to wait for `SSL_is_init_finished` to be true before doing `SSL_get_cert_info`...</p> DuckCorp Infrastructure - Bug #463 (In Progress): Replace our Ancient Galleryhttps://projects.duckcorp.org/issues/4632015-07-12T21:18:23ZMarc Dequènesduck@duckcorp.org
<p>Gallery2 is not supported anymore, it is old and ugly, probably with security issues. It also uses old libraries, probably having security issues too, like Smarty.</p>
<p>We need to find a proper replacement.</p>
<p>Requirements:<br /> - not too ugly and some kind of responsive JS slideshow<br /> - method to hook into LDAP for auth (direct LDAP support or PAM)<br /> - direct access to the media files in the filesystem<br /> - a webapp using a daemon for background tasks and inotify support would be nice<br /> - an Android app would be nice</p>
<p>Pyoto from Kilobug had some of these features but not all. Maybe we could work with him to improve it.</p> Bip - Bug #431 (New): bip is leaking file descriptorshttps://projects.duckcorp.org/issues/4312015-01-15T02:01:19ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>fran wrote:</p>
<blockquote>
<p>bip is leaking file descriptors on my server, and the fix is pretty easy: on connection.c, on read_socket, whenever read returns <1 and errno is different to EAGAIN and EINTR, the socket MUST be closed <br />because read will not return 0 on the following iterations of select (cause it's not added to the read fd_set after that), plus after read failing with fatal error it keeps returning -1</p>
</blockquote> DuckCorp Infrastructure - Bug #242 (In Progress): Mails to unmanaged domains are delivered locall...https://projects.duckcorp.org/issues/2422011-08-25T07:53:39ZMarc Dequènesduck@duckcorp.org
<p>The problem has been spotted with the user <em>pilou</em>. He has an emailAccount only to use the SMTP relay. When a mail is sent to its primary address, which is not on a managed domain, it is not relayed outside but delivered locally.</p> Bip - Bug #186 (New): Bip crash after using "/QUOTE BIP TRUST OK" on a new connectionhttps://projects.duckcorp.org/issues/1862011-01-18T02:29:38ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<a name="How-to-reproduce"></a>
<h1 >How to reproduce:<a href="#How-to-reproduce" class="wiki-anchor">¶</a></h1>
<ol>
<li>/etc/bip.conf: add a new ssl connection </li>
<li>restart bip (Debian: <em>/etc/init.d/bip restart</em>)</li>
<li>use <em>/QUOTE BIP TRUST OK</em><br /> # all client connections are disconnected</li>
</ol>
<a name="Logs"></a>
<h1 >Logs<a href="#Logs" class="wiki-anchor">¶</a></h1>
<a name="Client-logs"></a>
<h2 >Client logs:<a href="#Client-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>03:12:08 oftc | irc: connecting to server irc-bouncer/7778...<br />03:12:08 oftc | irc: connected to irc-bouncer<br />03:12:08 oftc -- | b.i.p (b.i.p): This server SSL certificate was not accepted because it is not in your store of trusted certificates:<br />03:12:08 oftc -- | b.i.p (b.i.p): Subject: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): Issuer: /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=<a class="email" href="mailto:hostmaster@spi-inc.org">hostmaster@spi-inc.org</a><br />03:12:08 oftc -- | b.i.p (b.i.p): MD5 fingerprint: 2A:47:9F:60:BB:83:74:6F:01:03:D7:0B:0D:F6:0D:78<br />03:12:08 oftc -- | b.i.p (b.i.p): WARNING: if you've already trusted a certificate for this server before, that probably means it has changed.<br />03:12:08 oftc -- | b.i.p (b.i.p): If so, YOU MAY BE SUBJECT OF A MAN-IN-THE-MIDDLE ATTACK! PLEASE DON'T TRUST THIS CERTIFICATE IF YOU'RE NOT SURE THIS IS NOT THE CASE.<br />03:12:08 oftc -- | b.i.p (b.i.p): Type /QUOTE BIP TRUST OK to trust this certificate, /QUOTE BIP TRUST NO to discard it.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): ==== Certificate now trusted.<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): No more certificates waiting awaiting user trust, thanks!<br />03:12:20 oftc -- | irc.bip.net (irc.bip.net): If the certificate is trusted, bip should be able to connect to the server on the next retry. Please wait a while and try connecting your client again.</p>
</blockquote>
<a name="Bip-logs"></a>
<h2 >Bip logs:<a href="#Bip-logs" class="wiki-anchor">¶</a></h2>
<blockquote>
<p>18-01-2011 03:12:12 ERROR: No certificate in SSL write_socket<br />18-01-2011 03:12:12 ERROR: SSL cert check failed at depth=3: certificate rejected (28)<br />18-01-2011 03:12:12 ERROR: Certificate check failed: certificate rejected (28)!<br />18-01-2011 03:12:12 ERROR: Error on fd 31 (state 9)<br />18-01-2011 03:12:12 ERROR: [oftc] read_lines error, closing...<br />18-01-2011 03:12:12 ERROR: [oftc] reconnecting in 240 seconds<br />18-01-2011 03:12:54 ERROR: No certificate in SSL write_socket</p>
</blockquote> LdapShadows - Enhancement #33 (New): Design and Rework the external APIhttps://projects.duckcorp.org/issues/332010-04-05T18:16:15ZMarc Dequènesduck@duckcorp.org
<p>Work with the CyborgHood project to design an usuable and well-abstracted API for their use, ti should be a good start.</p>