2024/04/23

thunderbird vs self-signed certs

A default dovecot install on AlmaLinux 9 creates a self-signed SSL certifiate. Thunderbird is now very picky about SSL certs. It used to tell you a certificate wasn't valid and allow you to create an exception. Now it just spins and does nothing. You will see the following in your dovecot logs:

Apr 23 18:47:42 sHOST dovecot[12484]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user=<>, rip=CLIENTIP, lip=HOSTIP, TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, session=<BNl+V8sWFOgKAAAF>

I spent 4-5 hours running around in circles to try and find a solution

First step is to import the key, tell dovecot to listen on port 443 (https) by adding the following lines to the service imap-login stanza in /etc/dovecot/conf.d/10-master.conf:

#service imap-login {
  inet_listener https {
    port = 443
    ssl = yes
  }

Note that you could also set up lighttpd to serve up the cert.

Restart dovecot with: 

systemctl restart dovecot

Test the above with: 

openssl s_client -connect YOURHOST:443

Then, in Thuderbird, you go into Hamburger > Preferences > Privacy & security > (scroll way down) > Manage Certificates... In the Certificate Manager window, you select the Servers tab and click Add Exception... and enter https://YOURHOST:443. Then click on Get Certificate and Confirm Security Exception.

We now have an exception for YOURHOST:443, but we want YOURHOST:993 (if you are using SSL/TLS) or YOURHOST:143 (if you are using STARTTLS). To fix the port number, you need to close Thunderbird, then modify the Thunderbird profile directly. Under Linux, this is ~USER/.thunderbird/SOMETHING-NON-OBVIOUS. I had a half dozen directories. To find the one you want:

cd ~/.thunderbird
find . -name cert_override.txt | xargs ls -l --sort=time

The most recently modified file is the one you want to edit.

YOURHOST:443    OID.2.16.840.1.101.3.4.2.1      HEX-STRING-HERE U       BASE64-STRING-HERE

Change the :443 on that line to :993 (for SSL/TLS) or :143 (for STARTTLS).

You can confirm you have the correct line by comparing the HEX-STRING-HERE with your dovecot cert's SHA256 fingerprint:

openssl x509 -sha256 -in /etc/pki/dovecot/certs/dovecot.pem -noout -fingerprint
Posted by at No comments:
File under , , , , ,

2023/11/29

AlmaLinux vs owfs

The Zeroconf interface in owserver will dump core. So you have to compile without zeroconf:

git clone --depth=1 https://github.com/owfs/owfs.git
cd owfs
./configure --prefix=/opt/owfs-v3.2p4/ --disable-avahi --disable-zero
make -j3
sudo make install
sudo joe /usr/lib/systemd/system/owserver.service # configure your 1-wire master
sudo systemctl daemon-reload
sudo systemctl start owserver
sudo systemctl status -l owserver
Posted by at No comments:
File under , ,

2023/06/01

AI genius part 2

Another REST server generated by AI:

use strict;
use warnings;
use HTTP::Server;
use JSON;
my $port = 8080;
my $server = HTTP::Server->new(
    Host => 'localhost',
    Port => $port,
);
$server->add_handler('/', sub {
    my $request = shift;
    my $method = $request->method();
    if ($method eq 'GET') {
        # GET request
        my $data = get_data();
        return JSON::encode($data);
    } elsif ($method eq 'POST') {
        # POST request
        my $content_type = $request->header('Content-Type');
        if ($content_type =~ /application\/json/) {
            my $body = $request->body();
            my $data = JSON::decode($body);
            process_data($data);
            return 'Data processed successfully';
        } else {
            return 'Invalid content type';
        }
    } else {
        return 'Invalid method';
    }
});
$server->start;
sub get_data {
    # Return some sample data
    my $data = {
        name => 'John Doe',
        age => 30,
        email => 'johndoe@example.com',
    };
    return $data;
}
sub process_data {
    # Process the data and do something with it
    my $data = shift;
    print "Received data: ", JSON::encode($data), "\n";
}

It suffers from the slight problem that HTTP::Server doesn't exist.

Posted by at No comments:
File under ,

2023/05/29

AI genis

This is some AI generating a Perl preforking HTTP server.

use IO::Prefork;
use LWP::UserAgent;
use Time::HiRes qw(gettimeofday);
use Socket;

my $prefork = IO::Prefork->new();
$prefork->listen(4000, '127.0.0.1');

sub handle_request {
    my ($req, $env) = @_;
    my $now = gettimeofday();
    print STDERR "Request received: $req\n";
    
    # fork a new process for this request
    my $pid = fork();
    if ($pid == 0) {
        # child process, handle the request
        eval {
            $prefork->handler($req, $env);
        };
        if (WANTED_EXIT_CODE) {
            exit(WANTED_EXIT_CODE);
        }
    } else {
        # parent process, wait for child to finish and handle its result
        my $child_exit_code = wait();
        die "Child process did not exit cleanly: $child_exit_code" if ($child_exit_code != 0);
        
        # send the result of the request back to the client
        my $response = $prefork->result;
        print STDERR "Sending response back to client\n";
        print $response;
    }
    
    # log the time it took to handle this request
    my $elapsed_time = $now[3] - $now[2];
    print STDERR "Request processed in $elapsed_time seconds\n";
}

$prefork->process({ 'id' => 1, 'cmd' => sub { exec("/usr/bin/php-fpm")->out(0); } });

First problem: IO::Prefork doesn't exist. And that functionality wouldn't go in the IO:: namespace anyway.

Second problem: It seems to want to do the forking in handle_request(), which would imply it's forking during each request, not before requests, as asked. I say "seems" because handle_request() isn't used anywhere, anyway.

The cherry on top is the last line, where it just execs php-fpm anyway.

Posted by at No comments:
File under , ,

2023/05/28

Stochastication

Stochastication: n. The process a LLM uses to stitch shit together and spit out an hallucination. Like masturbation, only statistical. (Courtesy of ology on IRC)
Posted by at No comments:
File under

2022/02/25

mecab-devel, where are you?

To compile MySQL from srpm on AlmaLinux8, you need mecab-devel, which doesn't seem to exist. After some digging around, this is the solution I found : 

sudo yum --enablerepo=powertools group install "Development Tools"
sudo yum install make gcc-c++ rpmbuild

mkdir -pv ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
cd ~/rpmbuild/SOURCES
wget 'https://drive.google.com/uc?export=download&id=0B4y35FiV1wh7cENtOXlicTFaRUE' -O mecab-0.996.tar.gz
cd ~/rpmbuild/SPECS
wget https://git.almalinux.org/rpms/mecab/raw/branch/c8-stream-8.0/SPECS/mecab.spec

rpmbuild -ba mecab.spec

cd ~/rpmbuild/RPMS/x86_64/
sudo yum install mecab*.rpm

This isn't perfect. Why would someone host their code on Google drive? But it seems this is what the author wanted.

Posted by at No comments:
File under , , ,

2022/02/21

Scammers

1-450-886-7026 are scammers.

Posted by at No comments:
Subscribe to: Posts (Atom)