From: william@thinktankworkspaces.com
To: 9front@9front.org
Subject: [9front] https exec header invalid
Date: Sat, 23 Apr 2022 16:08:09 -0700 [thread overview]
Message-ID: <5B43321A8E0FFD20AE16BA7E52DCF895@thinktankworkspaces.com> (raw)
Struggle with https. Never got around to figuring this out. But in theory
Create key with rsagen, convert to x509 and pemencode it. Cat it to factotum on boot using
cpustart. Make sure both services are created. One for port 80 and the other for 443.
Why am I getting: exec header invalid. not much more in the logs and nothing in /sys/log/http
I will rebuild the key and pem for security but I think I'm missing something. Here is my configuration
steps.
ramfs -p
cd /tmp
auth/rsagen -t 'service=tls role=client owner=*' > think.key
chmod 600 think.key
cp think.key /sys/lib/tls/think.key
auth/rsa2x509 'C=US CN=thinktankworkspaces.com' /sys/lib/tls/think.key | \
auth/pemencode CERTIFICATE > /sys/lib/tls/think.pem
cat /cfg/$sysname/cpustart
cat /sys/lib/tls/think.key >> /mnt/factotum/ctl
cat /bin/service.auth/tcp443
#!/bin/rc
exec tlssrv -D -c /sys/lib/tls/think.pem -l /sys/log/https /bin/service/tcp80 $*
cat tcp80
#!/bin/rc
exec /rc/bin/rc-httpd/rc-httpd >>[2]/sys/log/www
tail /sys/log/listen
maat Apr 23 15:44:01 tcp: /cfg/maat/service.www/tcp443: exec header invalid
tail/sys/log/www
45.79.94.76/ - - GET - md_handler sites/45.79.94.76/index.md - lib/default_master.tpl
Sat Apr 23 15:49:47 PDT 2022 :: 45.79.94.76 :: GET / HTTP/1.1 :: :: 200 ::
I feel like the cert is wrong and will rebuild it after this email.
cat think.pem
-----BEGIN CERTIFICATE-----
MIIC1zCCAb+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAvMQswCQYDVQQGEwJVUzEg
MB4GA1UEAxMXdGhpbmt0YW5rd29ya3NwYWNlcy5jb20wHhcNMjIwNDIzMjIwMjU4
WhcNMjUwNDI1MjIwMjU4WjAvMQswCQYDVQQGEwJVUzEgMB4GA1UEAxMXdGhpbmt0
YW5rd29ya3NwYWNlcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDzGShZv2cAxpRsJEqGOhSWom7zUdWe3zJU4FSY2V1UWlr/Aw0fjkh1kDiNFuUX
arZ1ekMMBZQXQte+YnPZ/AdZy+4ovwEqG5R7k/AzFgonhPQrFFjySjmzGpeKc4We
dwiCgW28zDOCg2dr4CC9C2b6HonJH4/dyFF2Jx54sRC9NxuHtJYl/64BzYxxKkOQ
7czrnkoZ3BQCIzDcQFXn58NKCZSj9jI4ps8tChrLoJiGD7bjBqmvdoppfvrZOmTk
WBiLTdyj3q7C6rqWbYCX+v6VHWN+Rsh0q1B28umEYluUtK2AcxitC6pzkxmR/wsz
JWZ0GQr3DH2bZ6zfdZVWD3R1AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHIMtrrV
toCAqHRpYnDp5bgZlMk7EClX8H7LK1naFOBbEjfceuBqBanxqe0NwNGTqqPI/EWb
efFW12r6GWyztTiEdideoGTh+KwN8rKWqfrLi68xtfPuAFQIBdjrjP4ZyKVFs31z
hN9e9Nf8bdXzSMomKtgCO6qZmymw4YtZUz0oqJCxmu98o3nPVinLVolhyJoFiB2w
FOhxTVSpfqctXMIhNijPaFoPzRcaFnJ1YGX9ZOKbk14Gv6vyC0s9wkqDJg0S4V+L
0ORt2cvOhIyw41Ppimld+gNUVU3MpQNtzijYcYj+1PvUZn922Hn9cpwUwx/WdRbF
NM8NXDafMS2uHP4=
-----END CERTIFICATE-----
cat think.key
key proto=rsa service=tls role=client owner=* size=2048 ek=10001 !dk=C3BEB72A05200894DE0071FC7C369A4B6D020FF50E20FE3205FC18C2770C5A96E2FCC25537DA96E7EB384E0B686EC1A3A7D6C9D40D4DE0A917159B2B1414874ABC15CA437AC99029B0943FEEB2C97C66E7412502361EA4755E6D35B3AD9D1AD60457F9A7F3796A972A98C7813517D0548870843D60D7C1AC2E8A7353D5A7D7E27B6D568856D802279B5E5D4A1F52018E4C54E3A5F0EFADB59125C2092889ABAF9FB540EF88C36B10D78D5245B67AB3BD60ADC3B2302494ABCC98F5B871FED3452DD0A74DA14B76BF654290D84C606B319BF54A8C2F593D0CD451C4AA79BEF502D4B7B1A35023E455200CA1ECE8CCE96A72EBB6EFEB4309F408668710B2669865 n=F3192859BF6700C6946C244A863A1496A26EF351D59EDF3254E05498D95D545A5AFF030D1F8E487590388D16E5176AB6757A430C05941742D7BE6273D9FC0759CBEE28BF012A1B947B93F033160A2784F42B1458F24A39B31A978A73859E770882816DBCCC338283676BE020BD0B66FA1E89C91F8FDDC85176271E78B110BD371B87B49625FFAE01CD8C712A4390EDCCEB9E4A19DC14022330DC4055E7E7C34A0994A3F63238A6CF2D0A1ACBA098860FB6E306A9AF768A697EFAD93A64E458188B4DDCA3DEAEC2EABA966D8097FAFE951D637E46C874AB5076F2E984625B94B4AD807318AD0BAA73931991FF0B33256674190AF70C7D9B67ACDF7595560F7475 !p=853EE71EF67CC6350C6CB747B05EAC6E5FACC777FE8B2C51E91CD17990B668C6CC5FE886225827F5BD23E154EB68C8CFFCC21B9F1001301B5C92DEFB94E98C1FB2CAD1B3AA585E543B2BF3CE275B4C50FA2940DABFF6F145FA4DE6844E888327BBE53E437B430275EC96AFCDAB0DA44A4A217C09484DAD688F38DC75AA350383 !q=1D30E3C206F7DD10DFD77AF17FF6B8399C02906E5147EBA2673DCD0C95241514EFFFFE7A6F30ABC3C0B1DAB4A78A95A05EC706D38E9D027120484F7690B058E29DDBF412EB6A4CC079533DECE2B041B86B94764CF9F776ECF1B667FF83633D5EA99F40281C67240069817086E8E03D61875FBD674B5B62B6D22216994D4430EA7 !kp=5F269C45301FCA2AF7C46ADD76C524BD6CF5253C3B39875CB6EB2D6B723BD076A65B96E0B285E1834A9DE4BB8FA03446D2688AF0FBACDD7DAC8DF54E12F8F4676E76076A15AB2531614FF1BAB5C02CAF66F52EAB078A80A1482D78FFE254F9D3D609CE7CC1F90838CDCA8DA081162CCC2043E91F77D28092BA3410BAB5E145B !kq=84E1E9ED788B1D6D938DF7BD26289ABAA5D78664AADE1B6C514EA400836C9E0B91FE671432D5FD14403D62BCBF73BF6F2C0418AF36A6C856F1FE3ABE222AA475F8E72F4E711C96081A4535C106B0167CD03E25CA849E606280733B398D8255FC776CDB41BD0A487917D085CF9E8C2CDFACC1C8145096D1E82CEBC0B45D67EEC5 !c2=18A7AD290DD6A4B2C50C1F5191C8F14D4DEFB3109B9F8F01FA629AC8E75B54008440CE322080F3E6DDC55EA8CEB94DCBD5481DCB98D15237C532F3BB475D69EBBEB9BBCA27D12E9F58B1600B6ADD2A46E97B02877564D8826130547366BAF53E113EDA5C197448931CD1138022DE0BC6075294886C6276F3D0E32A94E68060E30
next reply other threads:[~2022-04-23 23:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-23 23:08 william [this message]
2022-04-24 1:37 ` ori
2022-04-24 21:08 ` william
2022-04-26 23:00 ` ori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5B43321A8E0FFD20AE16BA7E52DCF895@thinktankworkspaces.com \
--to=william@thinktankworkspaces.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).