From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 8324 invoked from network); 13 Sep 2023 21:54:57 -0000
Received: from tb-ob20.topicbox.com (173.228.157.66)
  by inbox.vuxu.org with ESMTPUTF8; 13 Sep 2023 21:54:57 -0000
Received: from tb-mx1.topicbox.com (tb-mx1.nyi.icgroup.com [10.90.30.61])
	by tb-ob20.topicbox.com (Postfix) with ESMTP id D6634363C0
	for <ml@inbox.vuxu.org>; Wed, 13 Sep 2023 17:54:54 -0400 (EDT)
	(envelope-from bounce.mMf1c7195bd89fa92ac5074379.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com)
Received: by tb-mx1.topicbox.com (Postfix, from userid 1132)
	id 85CF92481BFF; Wed, 13 Sep 2023 17:54:54 -0400 (EDT)
ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key
 sha256) header.d=gmail.com header.i=@gmail.com header.b=Nx3Ww5Jj
 header.a=rsa-sha256 header.s=20221208 x-bits=2048; dmarc=pass
 policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; spf=pass
 smtp.mailfrom=skip.tavakkolian@gmail.com smtp.helo=mail-pj1-f52.google.com;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=
	topicbox.com; h=mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type:content-transfer-encoding
	:list-help:list-id:list-post:list-subscribe:reply-to
	:list-unsubscribe; s=sysmsg-1; t=1694642094; bh=I2Q8cS9YrD92RH78
	9kXCgvkrbhcRn7ZD1FNBWKXBC+U=; b=bsN1NluuhkPFQYh0NEgIJSZv8E+ZYQGG
	De6x3KIl/0RluT3eWsrWcZzA5Pm/LVF1Df+mx+7ns4m3Bbzq24W5DCruiQ5839HD
	RIFadr3EBRIc3/hbVl2qYHCd7pULG4wZxdzUSAXpApwWKrgFQYUEpvLuKcaFSsGA
	ZnZ7CsxtDNg=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t=
	1694642094; b=eBFt7M2Ako44SaVvYCvaKNSvjgbmAoAwGfsx58MjOuhGPIxZ6p
	goXDA3RTHXIE/8gau2JEnSu8D0LnKiNb3gwncQYsCutQ/Syx8vi4YRtI3vzWCZ6y
	4JHw97BJq+TFRVZ4s2E7aHX53pa8z54OizDGoSb8EA5LW15XOjPQwkZ7o=
Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key
 sha256) header.d=gmail.com header.i=@gmail.com header.b=Nx3Ww5Jj
 header.a=rsa-sha256 header.s=20221208 x-bits=2048; dmarc=pass
 policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; spf=pass
 smtp.mailfrom=skip.tavakkolian@gmail.com smtp.helo=mail-pj1-f52.google.com;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
X-Received-Authentication-Results: tb-mx0.topicbox.com; arc=none (no
 signatures found); bimi=skipped (DMARC Policy is not at enforcement);
 dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com
 header.b=Nx3Ww5Jj header.a=rsa-sha256 header.s=20221208 x-bits=2048;
 dmarc=pass policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; iprev=pass
 smtp.remote-ip=209.85.216.52 (mail-pj1-f52.google.com); spf=pass
 smtp.mailfrom=skip.tavakkolian@gmail.com smtp.helo=mail-pj1-f52.google.com;
 x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key)
 header.d=1e100.net header.i=@1e100.net header.b=Rr7tMk1j; x-me-sender=none;
 x-ptr=pass smtp.helo=mail-pj1-f52.google.com
 policy.ptr=mail-pj1-f52.google.com; x-return-mx=pass header.domain=gmail.com
 policy.is_org=yes (MX Records found:
 alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=
	mime-version:references:in-reply-to:from:date:message-id:subject
	:to:content-type:content-transfer-encoding:list-help:list-id
	:list-post:list-subscribe:reply-to:list-unsubscribe; s=dkim-1;
	 t=1694642094; x=1694728494; bh=jbtDBGjtjLqdNq08RKD4XxDe/WvkWhTz
	wykXh0D6QNg=; b=XUQQAoXSIToh8tcrYrXCKo06YcTukRg45FtlmfrfVm66YhFi
	sL6IqgK3bbKFJ3pGcyaf9vIdk2sv9la9IfjdNLNB7EjwxbLL5H1KqizssXgNBg4z
	qxT/u1KlZa8eI72F493AVAKTrgxK+WggBSXgpTcD+M4rQ+yJFAgQNC6a0z8=
Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1])
	by tb-mx0.topicbox.com (Postfix) with ESMTP id 762AF28F839D
	for <9fans@9fans.net>; Wed, 13 Sep 2023 17:54:44 -0400 (EDT)
	(envelope-from skip.tavakkolian@gmail.com)
Received: from tb-mx0.topicbox.com (localhost [127.0.0.1])
    by tb-mx0.topicbox.com (Authentication Milter) with ESMTP
    id B4F0DB7514A;
    Wed, 13 Sep 2023 17:54:44 -0400
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t=
    1694642084; b=r+PMshsFRLJNS+ucGRNuW9EFiqgGzwAuGBK4AIhT2MVGdNOY7x
    q0GfLWquDzAntcGxXgs2oJ7c/PjP8IOKEXfs3tCa6qVTsmRINoXp2PEHFXMHGowY
    FW8oBV0ZM6Nz30ulCok0nUdO8EJg3wNsBnpYLghotlCceLuPwhwswhFGkUPEiCOO
    eaXcUAg30kVc58gb1aMIJLNFLJVndFD0gbTSXtyLYnS7KnvSBCnzHXZ8D+GQ+Ng9
    LsxZO4cbFqlvctOEfbLMdh4rcg5ioOGoewPmDL5/PMoNy/kzKXVYbM1fGh62WICh
    saV7/DhKkaG5KIFlMzEF9b0NeNGsdU/Z+jZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    topicbox.com; h=mime-version:references:in-reply-to:from:date
    :message-id:subject:to:content-type:content-transfer-encoding;
    s=arcseal; t=1694642084; bh=RBlJj3B+PhzuI2sE/r1A704ACoZhfXuQySc
    gfqvPvp4=; b=Qiaz0yqEBLspbrHxo6bguCaPcLb5JrLCGJPYpezb9Lx7vhP4wdm
    uqUqWy8T5JABdWP/8ykJFtUzNMp3gI3Ok0h9Q4Ek3EzqQx30NpVNRb5E4eShfo2E
    VEaxY+qob4+JAmW3tSXXsxOT+DVkJ0qzKjrXwjAX6IoZXnZyCyaEvzsVjny656NR
    +C8k7nK1CaKYrctCN9RpzIeVR41ghU9q2aeMBWbRogqtZtGt7Yq3dM0y19uhCilR
    yte9AnyzZW2WxsDP8lR/BZbQGbI7Esm9OmONVIpGoRVSNm76hsBMFkuskxvs9cx8
    kCRezBdEMZDKZOGZHy1aMK3OQiqtRRcElbg==
ARC-Authentication-Results: i=1; tb-mx0.topicbox.com;
    arc=none (no signatures found);
    bimi=skipped (DMARC Policy is not at enforcement);
    dkim=pass (2048-bit rsa key sha256) header.d=gmail.com
    header.i=@gmail.com header.b=Nx3Ww5Jj header.a=rsa-sha256
    header.s=20221208 x-bits=2048;
    dmarc=pass policy.published-domain-policy=none
    policy.published-subdomain-policy=quarantine
    policy.applied-disposition=none policy.evaluated-disposition=none
    (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p
    header.from=gmail.com;
    iprev=pass smtp.remote-ip=209.85.216.52 (mail-pj1-f52.google.com);
    spf=pass smtp.mailfrom=skip.tavakkolian@gmail.com
    smtp.helo=mail-pj1-f52.google.com;
    x-aligned-from=pass (Address match);
    x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net
    header.i=@1e100.net header.b=Rr7tMk1j;
    x-me-sender=none;
    x-ptr=pass smtp.helo=mail-pj1-f52.google.com
    policy.ptr=mail-pj1-f52.google.com;
    x-return-mx=pass header.domain=gmail.com policy.is_org=yes
    (MX Records found: alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com);
    x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes
    (MX Records found: alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com);
    x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384
    smtp.bits=256/256;
    x-vs=clean score=0 state=0
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedviedrudeiledgtdegucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
    rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpeggfhgjhf
    ffkffuvfgtgfesthhqredttddtjeenucfhrhhomhepufhkihhpucfvrghvrghkkhholhhi
    rghnuceoshhkihhprdhtrghvrghkkhholhhirghnsehgmhgrihhlrdgtohhmqeenucggtf
    frrghtthgvrhhnpefgieehudekieeujeelvddvhfeihedtudffgfellefgueejueeuhedu
    gedtiedvieenucffohhmrghinhephhhtthhpqdhoshihshiffiifmhihughomhgrihhnrd
    gtohhmpdhmhiguohhmrghinhdrtghomhdphhhtthhpshifihhthhgruhiglhhishhtvghn
    udhttghpgeegfehtlhhsshhrvhdqtghshihslhhisghtlhhsrggtmhgvughmhiguohhmrg
    hinhdrtghomhenucfkphepvddtledrkeehrddvudeirdehvdenucevlhhushhtvghrufhi
    iigvpedtnecurfgrrhgrmhepihhnvghtpedvtdelrdekhedrvdduiedrhedvpdhhvghloh
    epmhgrihhlqdhpjhduqdhfhedvrdhgohhoghhlvgdrtghomhdpmhgrihhlfhhrohhmpeeo
    shhkihhprdhtrghvrghkkhholhhirghnsehgmhgrihhlrdgtohhmqe
X-ME-VSScore: 0
X-ME-VSCategory: clean
Received-SPF: pass
    (gmail.com ... _spf.google.com: Sender is authorized to use 'skip.tavakkolian@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched))
    receiver=tb-mx0.topicbox.com;
    identity=mailfrom;
    envelope-from="skip.tavakkolian@gmail.com";
    helo=mail-pj1-f52.google.com;
    client-ip=209.85.216.52
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tb-mx0.topicbox.com (Postfix) with ESMTPS
	for <9fans@9fans.net>; Wed, 13 Sep 2023 17:54:43 -0400 (EDT)
	(envelope-from skip.tavakkolian@gmail.com)
Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-27405bafa2eso240690a91.2
        for <9fans@9fans.net>; Wed, 13 Sep 2023 14:54:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694642083; x=1695246883;
        h=content-transfer-encoding:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=RBlJj3B+PhzuI2sE/r1A704ACoZhfXuQyScgfqvPvp4=;
        b=Rr7tMk1jKQh+XF2NqEDi/UlQ5XjZGzP/rqNndZpPd8Eas0aSS0SWivSDk6UGzLxPrr
         TWtX3ngELsfiCMrvSG2o08YbBspDSgd86tk/j66L7u+CCyERBJdfJLmMteA5C1avb6iF
         lisG780K8W6Z9r8+cAM1HiTgCCfl7UnP4hApsWmQK5H8NsBCBcZvy6UtUHJe71/vgIxW
         UXae/COXJISoKoMnWQUYUkoOGMmmL61K8av+9nTwGkUshfYfRSwimIOGmul6EONjeFS5
         qyR/BR/CXvMOq9p3bQzyfjNlgd+8TF/zocFdyIEsRQ11oF+/tIbJpiAZbobP3XT783uB
         ekIw==
X-Gm-Message-State: AOJu0YxyNKiom2crA2HwN/2mdYwbCi8tWc9Z8vKEvXlEqRYdug/c7OWZ
	0ujhOGuKjJ/OqBKYZZUhnGScFUfU1uPN6TaRgvo+XGik/T4=
X-Google-Smtp-Source: AGHT+IGGGJuUGUrp0S3ZvW+EkKWpHcFWBslhRZg5if63L+rAh7NvRq6IMIOhWYUVVuWZaAXg1mBXgQ+nuOFPojZeHJY=
X-Received: by 2002:a17:90a:7186:b0:273:e255:2235 with SMTP id
 i6-20020a17090a718600b00273e2552235mr2963760pjk.49.1694642082477; Wed, 13 Sep
 2023 14:54:42 -0700 (PDT)
MIME-Version: 1.0
References: <16946300170.afaf613.904485@composer.9fans.topicbox.com>
In-Reply-To: <16946300170.afaf613.904485@composer.9fans.topicbox.com>
From: Skip Tavakkolian <skip.tavakkolian@gmail.com>
Date: Wed, 13 Sep 2023 14:54:30 -0700
Message-ID: <CAJSxfmLO+7Pxz3kbM1+S=F2ydEUOw9OAfzUs=8H=k7j8hcqjRg@mail.gmail.com>
Subject: Re: [9fans] problem with factotum
To: 9fans <9fans@9fans.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Topicbox-Policy-Reasoning: allow: sender is a member
Topicbox-Message-UUID: 28ef17fe-5280-11ee-a1b5-7f4dfc8b7b06
Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?=
 =?UTF-8?B?ZmFucy9UZTgyZGY5ODQxOWUzODUwNC1NZjFjNzE5NWJkODlmYTkyYWM1MDc0?=
 =?UTF-8?B?Mzc5Pg==?=
List-Help: <https://9fans.topicbox.com/groups/9fans>
List-Id: "9fans" <9fans.9fans.net>
List-Post: <mailto:9fans@9fans.net>
List-Software: Topicbox v0
List-Subscribe: <https://9fans.topicbox.com/groups/9fans>
Precedence: list
Reply-To: 9fans <9fans@9fans.net>
List-Unsubscribe: <https://9fans.topicbox.com/groups/9fans>,
 <mailto:9fans+unsubscribe@9fans.net?subject=x-tx-unsubscribe:2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Mf1c7195bd89fa92ac5074379:1:WO1XAZxmSHeiATwAIgy2Bj7aNaUY6Of1gMERz6nt5X8>
Topicbox-Delivery-ID:
 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Mf1c7195bd89fa92ac5074379:1:ODqTEVtqFCka_VBjKLDwFaOMWIHcZ8Utc6veGPSam30

Do you have the right factotum in the namespace you're working on?
Listing /srv should give a clue.

On Wed, Sep 13, 2023 at 2:03=E2=80=AFPM Iban Nieto <iban.nieto@gmail.com> w=
rote:
>
> Hello!
>
> I'm trying to serve https (443) and gemini (1965) under 9front.
>
> I've already a working rc-httpd (80) setup and now I would like to start =
using letsencrypt certificates.
> Also rc-gemd (gemini server) needs a certificate in order to work.
>
> I manage to get the certificate with acmed using the following procedure:
>
> ramfs -p
> cd /tmp
> auth/rsagen -t 'service=3Dacme role=3Dsign hash=3Dsha256 acct=3Diban@mydo=
main.com' >iban@mydomain.com.key
> auth/rsa2jwk iban@mydomain.com.key >/sys/lib/tls/acmed/iban@mydomain.com.=
pub
> cat iban@mydomain.com.key >/mnt/factotum/ctl
> auth/rsagen -t 'service=3Dtls role=3Dclient owner=3D*' >mydomain.com.key
> chmod 600 iban@mydomain.com.key mydomain.com.key
> cp iban@mydomain.com.key mydomain.com.key /sys/lib/tls/acmed/
> auth/rsa2csr 'CN=3Dmydomain.com' /sys/lib/tls/acmed/mydomain.com.key >/sy=
s/lib/tls/acmed/mydomain.com.csr
>
> webfs
> auth/acmed -t http -o /sys/www/mydomain.com/.well-known/acme-challenge ib=
an@mydomain.com /sys/lib/tls/acmed/mydomain.com.csr >/sys/lib/tls/acmed/myd=
omain.com.crt
>
> I think acmed do the job because the certificate is generated and stored =
in the proper location.
> DNS is in place and working fine, the dir /sys/www/mydomain.com/.well-kno=
wn/acme-challenge is already in place as is served by rc-httpd.
>
> This a (trimmed) decode of the certificate:
> auth/pemdecode 'CERTIFICATE' /sys/lib/tls/acmed/mydomain.com.crt | auth/x=
5092pub
> key proto=3Drsa size=3D2048 ek=3D10001 n=3D1E71BLABLABLABLABAE0CA13254122=
D600BLABLABLABD4D89D18EB7D7E0BLABLABLABLAC69 subject=3Dmydomain.com
>
> Then I try to serve https with:
> aux/listen1 tcp!*!443 tlssrv -c /sys/lib/tls/acmed/mydomain.com.crt /rc/b=
in/rc-httpd/rc-httpd
>
> And rc-gemd with:
> aux/listen1 tcp!*!1965 tlssrv -c /sys/lib/tls/acmed/mydomain.com.crt /rc/=
bin/rc-gemd/rc-gemd
>
> Problem is when I try to connect to https://mydomain.com I got this from =
the server side:
> tlssrv:  tls reports failed: factotum_rsa_open: no key matches proto=3Drs=
a service=3Dtls role=3Dclient
>
> The same error occurs when I try to connect to gemini using a client:
> tlssrv:  tls reports failed: factotum_rsa_open: no key matches proto=3Drs=
a service=3Dtls role=3Dclient
>
> Trying to add the keys to factotum using this:
> cat /sys/lib/tls/acmed/iban@mydomain.com.key >/mnt/factotum/ctl
> cat /sys/lib/tls/acmed/mydomain.com.key >/mnt/factotum/ctl
>
> I'm still wondering if factotum is aware of these keys... anyway I checke=
d if the factotum process is running:
>
> cpu% pstree | grep -i factotum
> 130         =E2=94=9Cfactotum
> 408         =E2=94=82=E2=94=94factotum
> 4986        =E2=94=9Cfactotum
> 5119        =E2=94=82=E2=94=94factotum
> 11793       =E2=94=82=E2=94=94grep -i factotum
>
> But I still got the same error from factotum when I try to use the certif=
icates using tlssrv :-(
>
> What I'm missing? How to debug the problem?
>
> Any help very appreciated :)
>
> Many thanks in advance.
>
> Iban.
> 9fans / 9fans / see discussions + participants + delivery options Permali=
nk

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Te82df98419e38504-Mf1c71=
95bd89fa92ac5074379
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription