IRC Logs for #crux Friday, 2012-11-30

*** guzzano has quit IRC00:06
*** Roooomster has quit IRC00:32
*** guzzano has joined #crux00:47
*** guzzano has quit IRC00:54
*** guzzano has joined #crux01:12
AmnesiahorrorStruck: thx, the bundle's still cleaner ^^01:42
*** prologic has quit IRC01:44
*** prologic has joined #crux01:44
juegood morning01:47
*** guzzano has quit IRC01:51
juebtw, curl provides the latest version of the ca bundle at, so the perl script is not really needed01:52
cruxbot[opt.git/2.8]: dovecot: update to 2.1.1202:26
cruxbot[opt.git/2.8]: cups-filters: update to 1.0.2502:26
*** Romster has quit IRC02:27
*** vaddi has joined #crux02:40
cruxbot[contrib.git/2.8]: asterisk-core-sounds-en: Updated .md5sum02:44
*** Romster has joined #crux02:50
*** mike_k has joined #crux02:53
joacimI put cacert.pem from in /etc/ssl/certs and ran c_rehash, but curl still complains about certificates.02:54
joacimwhat am i doing wrong?02:54
frinnstdoes it work if you specify with --crlfile ?02:56
joacimi forgot to mention that02:57
joacim--cacert i mean02:58
frinnstworks for me02:59
joacim(joacim@odile) % curl --crlfile /etc/ssl/certs/cacert.pem https://twitter.com02:59
joacimcurl: (82) error loading CRL file: /etc/ssl/certs/cacert.pem03:00
frinnstyeah sorry03:00
frinnstbut curl wants /etc/ssl/certs/ca-bundle.crt03:00
frinnstjust rename cacert.pem and it should work03:02
juefrinnst: I can't belive that ;)03:03
joacimstill the same problem03:03
jueworks for me ->  curl --cacert /tmp/cacert.pem https://twitter.com03:04
juecacert.pem is the file I mentioned above03:05
frinnstI must have something configured somehewhere03:05
joacimit works with --cacert /etc/ssl/certs/cacert.pem, but not with only --capath /etc/ssl/certs specified03:06
juejoacim: IIRC, c_rehash doesn't work with bundles, you need files with only one cert in it03:25
juebut don't ask me how to convert :)03:28
joacimi'm pretty sure i used a bundle like that 5 years ago with gentoo03:28
joacimi dont know how they did it03:28
*** vaddi has quit IRC03:41
*** Romster has quit IRC03:46
*** zetsu has joined #crux04:01
*** Romster has joined #crux04:01
*** Romster has quit IRC04:01
*** Romster has joined #crux04:01
joacimopenssl.cnf contains certificate = $dir/cacert.pem   # The CA certificate04:03
joacimi take it $dir means it'll go in /etc/ssl04:04
joacimand it still dont work04:04
horrorStruckjoacim: try rebuilding curl04:17
joacimdone that04:18
joacimi even did a rebuild of openssl04:18
horrorStruckah, strange.04:19
Romsteryay 6.5second lag to first hop... i hate you telstra04:20
Romstershit bandwidth04:20
Romsternot my modem i've checked with my spare.04:21
horrorStruckjue: thanks for the curl tip, it's much much simpler like this. i created those ports based on arch+gentoo which are based on debian IIRC.04:22
horrorStruckbut a single file is well... simpler04:22
joacimwould you mind sharing?04:25
Romsterdefine simplier04:26
horrorStruckRomster: one dep less, no post-install04:26
horrorStruckjoacim: sure, one sec04:27
joacimchecking default CA cert bundle/path... no04:28
joacimfrom the curl configure script04:28
horrorStruckjoacim: install this first
horrorStruckjoacim: then
horrorStruckjoacim: there is a post-install script you need to run for ca-certificates port04:28
joacimthought you had made a new one with the cacert from curl04:29
joacimbut i'll try it =)04:29
horrorStruckjoacim: yes i did04:30
horrorStruckjoacim: one sec more04:31
joacimthat works04:36
joacimyour ports + a rebuild of curl04:36
horrorStruckjoacim: i can paste it but it's pretty useless, it just grabs the file from curl site and puts it in /etc/ssl/certs/04:36
joacimAmnesia: thats the .pem that i've been trying to use up until now04:37
Amnesiait's working fine over here04:37
Amnesiado keep in mind that wget looks for /etc/ssl/cert.pem04:38
horrorStruckfor me too. for wget you have to edit /etc/wgetrc to point it to the cert file however04:38
Amnesiamight be the same for curl, check it out with strace04:38
Romsterthat si simpiler.04:38
joacimwget failed on my computer too, just like curl04:38
Romsteri dunno if i wanna deal with SSL it's broken by design04:38
Amnesiajoacim: that's because it looks for /etc/ssl/cert.pem by default04:38
Romstercan't trust any authority.04:38
AmnesiaRomster: heh04:38
Amnesiatrue that04:39
joacimAmnesia: i tried /etc/ssl/cert.pem and /etc/ssl/cacert.pem04:39
joacimin addition to just dropping it in /etc/ssl/certs04:39
Amnesiait's cert.pem and not certs.pem04:39
Amnesiacheck it out with strace04:40
AmnesiaRomster: what's the option for wgetrc?04:40
joacimcertificate = $dir/cacert.pem <- this is in my openssl.cnf04:40
Amnesiaah ca_certificate04:40
Romsterdunno never messed with them04:42
Amnesiait's "ca_certificate = $file"04:43
joacimhorrorStruck: do you put any special permissions on it?04:43
horrorStruckjoacim: this works for me: grap this and build package, rebuild curl, add ca_certificate=/etc/ssl/certs/ca-certificates.crt to /etc/wgetrc and that's it04:43
joacimthat answers my question =)04:44
*** Ator_ has joined #crux04:47
joacimyour new port dont "just work" for me04:50
joacimsame old problem with curl04:50
joacimyour debian-based port do "just work" tho04:51
*** Kaishi has quit IRC05:21
*** pshevtsov has quit IRC05:26
*** guzzano has joined #crux05:35
*** guzzano has quit IRC05:41
*** guzzano has joined #crux05:41
*** jdolan_ has joined #crux06:13
*** jdolan has quit IRC06:14
*** guzzano has quit IRC06:41
*** pshevtsov has joined #crux06:42
* jue is looking into the cert chaos now06:43
juehmm, guess I get a first picture:06:54
jue- our curl port doesn't define any default location for certs, so you have to define it either in your .curlrc or use --cacert=06:54
jue- wget asks openssl for the default cert because there's nothing defined in the wget sources, but strace shows that it looks for /ect/ssl/cert.pem06:55
jue- found the following definition in openssl/cryptlib.h:06:55
jue  #define X509_CERT_FILE  OPENSSLDIR "/cert.pem"06:56
jueso, if we put the bundle from into /etc/ssl/cert.pem wget should work without any configuration06:56
juebut we have to use .curlrc for configuration06:58
*** dkoby has joined #crux06:59
juewould be nice if someone could confirm that06:59
joacimwget works with no extra configuration with /etc/ssl/cert.pem07:02
joacimnow i'm confused. curl works again with no extra configuration. with /etc/ssl/cert.pem07:06
jueah, so it seems it uses the openssl default as well ;)07:07
joacimi have to specify with openssl tho07:11
joacimopenssl s_client -CAfile /etc/ssl/cert.pem -connect
juehmm, curl doesn't work for me07:19
*** vaddi has joined #crux07:34
horrorStruckjoacim: i'm just dumb, use this and rebuild curl and enjoy07:43
horrorStruckjue: works for me when ^07:44
horrorStruckwhen I dont do stupid things07:44
*** pshevtsov has quit IRC07:53
joacimwget and openssl works too without special configuration?07:54
horrorStruckjoacim: you still have to add: ca_certificate=/etc/ssl/certs/ca-certificates.crt to /etc/wgetrc07:56
joacimwget works fine on my system as long as i save the file as /etc/ssl/cert.pem07:57
horrorStruckjoacim: openssl path is not OK, trying to figure it out08:15
frinnstoh come ooooooooon09:00
frinnst2TB backup - 99%09:00
*** s44 has joined #crux09:27
*** spider44 has quit IRC09:30
*** Ator_ has quit IRC09:41
*** dkoby has quit IRC10:04
cruxbot[core.git/2.8]: curl: use the default path of openssl for ca-bundle10:07
horrorStruckjue: is cert.pem the official naming convention? openssl uses cacert.pem all over the place10:13
juewell, as I wrote above it's defined that way in cryptlib.h10:15
jue#define X509_CERT_FILE  OPENSSLDIR "/cert.pem"10:15
horrorStruckoh i missed that, i'll read10:17
jueand it's the path advertised by openssl, that's the reason why wget uses that cert without configuration10:18
horrorStruckjue: openssl s_client -connect won't work if we dont specify the CAfile. i've changed the paths and CA file name in openssl.cnf misc/ misc/, any idea?10:36
juehorrorStruck: sorry, no10:37
tilmanhorrorStruck: try strace -eopen to see what CA files it tries to open. if you see ENOENT anywhere that might be a clue10:39
horrorStruckoh ok thanks10:39
juenice, git seems to work too10:39
juewithout configuration10:40
juetested with the eudev github-repo10:42
juethat's the error I get without cert.pem ->
horrorStrucki think git uses curl :)11:00
jueyeah, indeed :)11:05
*** Pingax has quit IRC11:09
*** Pingax_ has joined #crux11:10
*** Pingax_ is now known as Pingax11:10
tilmanso you cannot turn the page?11:20
tilmanyou're supposed to read two pages all day long?11:20
*** lasso has joined #crux11:59
joacimi dont think you're supposed to read too much into it12:13
horrorStrucknot sure someone even uses this but anyway, fixes 2 CVEs:
*** linXea has quit IRC12:56
*** rmull has quit IRC12:56
*** linXea has joined #crux13:02
*** rmull has joined #crux13:02
*** Kaishi has joined #crux13:08
*** Kaishi has quit IRC13:14
*** Kaishi has joined #crux13:15
*** tj_ has quit IRC13:15
*** tj_ has joined #crux13:20
*** Kaishi has quit IRC13:34
*** lasso has quit IRC15:04
*** lasso has joined #crux15:07
*** guzzano has joined #crux15:08
*** lasso has quit IRC15:13
*** guzzano has quit IRC15:19
*** guzzano has joined #crux15:19
*** guzzano has quit IRC15:56
*** mike_k has quit IRC16:07
Romsterabout time my laggy dsl goes sane, last night it was so bad i couldn't do much16:09
* nogagplz cripples Romster 16:11
*** vaddi has quit IRC16:15
Romsterfigures nogagplz16:16
Romsteri had 8 second lag now its 152ms16:16
Romsteron average16:16
Romsterjumps between 20 and 200ms16:16
*** Kaishi has joined #crux16:24
cruxbot[opt.git/2.8]: wine: 1.5.17 -> 1.5.1816:25
*** zetsu has quit IRC16:32
frinnsttransmission saves everything i've deleted into a hidden fucking trash16:41
*** guzzano has joined #crux17:26
*** guzzano has quit IRC17:43
*** Rotwang has joined #crux18:29
*** Rotwang1 has joined #crux18:29
*** Rotwang has quit IRC18:30
nogagplzyeah I noticed that too with transmission18:32
*** guzzano has joined #crux19:01
*** guzzano is now known as guzzan019:03
*** guzzan0 is now known as guzzano19:03
*** tj_ has quit IRC19:36
*** tj_ has joined #crux19:49
*** tilman has quit IRC19:52
*** tilman has joined #crux19:54
*** ChanServ sets mode: +o tilman19:54
*** guzzano has quit IRC20:28
*** guzzano has joined #crux20:31
*** ___mavrick61 has quit IRC21:41
*** ____mavrick61 has joined #crux21:42
*** horrorStruck has quit IRC22:34
*** horrorStruck has joined #crux22:41
*** horrorStruck has quit IRC23:27
*** horrorStruck has joined #crux23:29
*** guzzano has quit IRC23:45

Generated by 2.11.0 by Marius Gedminas - find it at!