[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Contributing to GNUnet
From: |
Tanguy Le Carrour |
Subject: |
Re: Contributing to GNUnet |
Date: |
Tue, 10 Mar 2020 17:51:40 +0100 |
Hi,
Le 03/09, Christian Grothoff a écrit :
> On 3/9/20 4:08 PM, Tanguy Le Carrour wrote:
> > In the `gnunet-gns-proxy` logs I only have 2
> > lines:
> >
> > ```
> > Mar 09 15:41:41-485690 gnunet-gns-proxy-18131 ERROR Download curl
> > gnunet.org/ failed: SSL peer certificate or SSH remote key was not OK
> > Mar 09 15:41:58-358297 gnunet-gns-proxy-18131 ERROR Download curl
> > gnunet.org/favicon.ico failed: SSL peer certificate or SSH remote key was
> > not OK
> > ```
> >
> > Any idea?! Have I done something wrong (again)?!
>
> Hard to say. I can't tell if curl fails to accept the Letsencrypt CA, or
> if we lack the LEHO somehow. AFAIK Martin was fixing some LEHO-related
> bugs in GNS, so MAYBE that is hitting you here.
>
> To find out:
> 1) check if curl is happy downloading https://gnunet.org/ directly
> (thus checking curl is installed properly and finds its root CAs)
Checked!
> 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding
> the use of Letsencrypt and really directly verifying via GNS.
I'll try this and let you know, thanks!
> 3) Maybe enable more logging (-L DEBUG) ;-).
Tried, but it didn't say more! :-(
> 4) Also, given that I have not tried this for a while, there is a
> possibility that we have a regression -> Martin or I should also
> try (but I can't this week).
>
> > The patch to `gnunet-gns-proxy-setup-ca` is trivial. Should I submit it
> > somewhere? Or, as it's a "Guix problem", I can just patch it in the Guix
> > package!?
>
> I am pretty sure this is an 'upstream' issue and that we should patch
> gnunet-gns-proxy-setup-ca. So please do send the patch (to me personally
> will suffice, I'm happy to review and apply).
I'm attaching 2 versions of the patch.
> > And one last question: why is `gnunet-gns-proxy` in
> > `/usr/lib/gnunet/libexec/` and
> > not in `bin`?
>
> The idea is that the gnunet-gns-proxy is launched via gnunet-arm like
> other GNUnet services, instead of being started manually.
Makes perfect sense! The command on the "use" page is just so we can
see the logs, I guess.
Regards
--
Tanguy
0001-import-CA-into-Icecat-v1.patch
Description: Text document
0001-import-CA-into-Icecat-v2.patch
Description: Text document
- Contributing to GNUnet, Tanguy Le Carrour, 2020/03/04
- Re: Contributing to GNUnet, Christian Grothoff, 2020/03/04
- Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/04
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/05
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/09
- Re: Contributing to GNUnet, Christian Grothoff, 2020/03/09
- Re: Contributing to GNUnet,
Tanguy Le Carrour <=
- Re: Contributing to GNUnet, Christian Grothoff, 2020/03/10
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/13
- Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/13
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
- Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/14
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
- Re: Contributing to GNUnet, Schanzenbach, Martin, 2020/03/14
- Re: Contributing to GNUnet, Tanguy Le Carrour, 2020/03/14
- Re: Contributing to GNUnet, Martin Schanzenbach, 2020/03/14
- Re: Contributing to GNUnet, Martin Schanzenbach, 2020/03/14