koldfront

Patched ejabberd (erlang-p1-tls) to support multiple ECDH curves #free software #programming

After the upgrade to Debian 9 (stretch) yesterday I hit this problem where my ejabberd would not talk a Prosody server.

The problem seems to be that the two servers each support exactly one ECDH curve, and it is not the same one.

There is an ejabberd issue from May 5 on the subject: TLS ECDH curve selection.

Reading that lead me to an issue on the tls package used by ejabberd from November 9, 2015: Allow specification of ECC named curve used in ECDH key exchange.

Hm, couldn't I just patch my erlang-p1-tls package, to fix the problem? I tried:

--- erlang-p1-tls-1.0.7.orig/c_src/fast_tls_drv.c
+++ erlang-p1-tls-1.0.7/c_src/fast_tls_drv.c
@@ -384,16 +384,15 @@ static int verify_callback(int preverify
 static void setup_ecdh(SSL_CTX *ctx)
 {
    EC_KEY *ecdh;
+   static int curves[] = {NID_X9_62_prime256v1, NID_secp384r1};
 
    if (SSLeay() < 0x1000005fL) {
       return;
    }
 
-   ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+   SSL_CTX_set1_curves(ctx, curves, 2);
+   SSL_CTX_set_ecdh_auto(ctx, 1);
    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
-   SSL_CTX_set_tmp_ecdh(ctx, ecdh);
-
-   EC_KEY_free(ecdh);
 }
 #endif

The result? It works, my ejabberd can now talk to the Prosody server! - I hope it can talk to other ejabberd's as well.

Free software - software you can fix yourself!

 (0 comments)

Upgraded server to Debian 9 (stretch) #debian

I upgraded my home server to Debian 9 (stretch) today - as stretch was released during the weekend.

The upgrade was uneventful - just the way I like it.

Only two things broke severely:

And then there were a couple of hickups with older websites, and I had to upgrade the website of Feedbase to Spock 0.12.0, which took a little fiddling.

But overall I think this is the smoothest Debian upgrade yet. Kudos!

 (0 comments)

Haskell WAI middleware to remove a header #feedbase #haskell #programming

Fe The website of Feedbase is a Haskell application, built using the Spock framework. It's my first Haskell program that does something non-trivial in the "real" world.

Recently I was mucking about with cookies in another context, and noticed that the Feedbase website sets a cookie, spockcookie.

This is part of Spock's built-in session handling. I don't use sessions, so I'd rather not set the cookie (given the EU's weird cookie rules and what have you).

You can't turn them off in Spock easily, so I started thinking that maybe some "middleware" could be used.

After some searching I found a StackOverflow question, and combined with looking at the source code of the Network.WAI.Middleware.Gzip module I cobbled together my own little "NoCookies" module:

{-# LANGUAGE OverloadedStrings #-}
module NoCookies where
 
-- Remove all Set-Cookie headers on responses.
 
import Network.Wai (Middleware)
import Network.Wai.Internal (Response(..))
import Network.HTTP.Types (Header)
 
-- Function to hook into middleware:
nocookies :: Middleware
nocookies application request sendResponse = application request $ sendResponse . removeHeader
 
-- Handle all the various kinds of responses:
removeHeader :: Response -> Response
removeHeader (ResponseFile s h b1 b2) = ResponseFile s (filterSetCookie h) b1 b2
removeHeader (ResponseBuilder s h b) = ResponseBuilder s (filterSetCookie h) b
removeHeader (ResponseStream s h b) = ResponseStream s (filterSetCookie h) b
removeHeader r@(ResponseRaw _ _) = r
 
-- Remove Set-Cookie from headers:
filterSetCookie :: [Header] -> [Header]
filterSetCookie hs = filter notSetCookie hs
  where
    notSetCookie (x, _) = x /= "Set-Cookie"

A couple of odd things: the Network.HTTP.Types module defines a bunch of constants for headers, but not hSetCookie.

As you can see, most of my module consists of lines pattern matching the Response type - it seems odd that there should be no smarter way of doing this.

As usual in Haskell the reader of documentation is assumed to always know how to put things together. Unfortunately I don't always know that. So here's how I added my module to the Main.hs of my application:

 ...
import NoCookies
 
app :: SpockCtxM ctx Pg.Connection session state ()
app = do
  logger <- liftIO $ mkRequestLogger def { outputFormat = Apache FromFallback }
  middleware logger
  middleware $ gzip def
  middleware (staticPolicy (addBase "static"))
  middleware nocookies
   ...

 (0 comments)

EBR-I tour

First four light bulbs lit by an nuclear reactor This series of 5 "home videos" from a tour of one of the first nuclear reactors in the world, EBR-I, is fascinating:

Ray Haroldsen, who worked there, explains and reminisces brilliantly, while the tour guide listens.

Via Atlas Obscura.

 (0 comments)

Feedbase documentation #feedbase

Last year I created Feedbase, providing Atom/RSS-feeds via nntp.

Today I finally got my act together and updated the documentation-page with a short section on how to set up Gnus, a screencast on how to use Feedbase in Thunderbird and a section on using slrn to access Feedbase.

I hope this will help anyone interested to get started. I'm enjoying Feedbase a lot.

 (0 comments)

Dear New York Times #email

nytimes.com says a valid email address is invalid This email address is perfectly valid - '+' is allowed in the local-part, i.e. before the '@' sign.

 (0 comments)

I ♥ Free Software #free software #ilovefs

I ♥ Free Software Debian, GNU Emacs, Linux, Gnus, XMonad, Perl, Python, Apache, jabber.el, PostgreSQL, Xorg, git, GHC, LaTeX, Gimp, mpd, vlc, Firefox, etc. etc.

 (0 comments)

Archive... Search... Keywords...
Publisher at Google+
Sommerhus 2015

Today

Atari Inc. (45).

τ day.

Tomorrow

GNU GPL v3 (10).

0.0324 s
webcustodian@koldfront.dk