9front - general discussion about 9front
 help / color / mirror / Atom feed
From: william@thinktankworkspaces.com
To: 9front@9front.org
Subject: [9front] https exec header invalid
Date: Sat, 23 Apr 2022 16:08:09 -0700	[thread overview]
Message-ID: <5B43321A8E0FFD20AE16BA7E52DCF895@thinktankworkspaces.com> (raw)

Struggle with https. Never got around to figuring this out.  But in theory

Create key with rsagen, convert to x509 and pemencode it. Cat it to factotum on boot using
cpustart. Make sure both services are created. One for port 80 and the other for 443.

Why am I getting: exec header invalid. not much more in the logs and nothing in /sys/log/http

I will rebuild the key and pem for security but I think I'm missing something. Here is my configuration 
steps. 

	ramfs -p
	cd /tmp
	auth/rsagen -t 'service=tls role=client owner=*' > think.key
	chmod 600 think.key
	cp think.key /sys/lib/tls/think.key

	auth/rsa2x509 'C=US CN=thinktankworkspaces.com' /sys/lib/tls/think.key | \
		auth/pemencode CERTIFICATE > /sys/lib/tls/think.pem

	cat /cfg/$sysname/cpustart
	cat /sys/lib/tls/think.key >> /mnt/factotum/ctl

	cat /bin/service.auth/tcp443
 	#!/bin/rc
 	exec tlssrv -D -c /sys/lib/tls/think.pem -l /sys/log/https /bin/service/tcp80 $*

	cat tcp80
	#!/bin/rc
	exec /rc/bin/rc-httpd/rc-httpd >>[2]/sys/log/www


tail /sys/log/listen
maat Apr 23 15:44:01 tcp: /cfg/maat/service.www/tcp443: exec header invalid

tail/sys/log/www
45.79.94.76/ -  - GET - md_handler sites/45.79.94.76/index.md - lib/default_master.tpl
Sat Apr 23 15:49:47 PDT 2022 :: 45.79.94.76 :: GET / HTTP/1.1 :: :: 200 ::

I feel like the cert is wrong and will rebuild it after this email. 

cat think.pem
-----BEGIN CERTIFICATE-----
MIIC1zCCAb+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAvMQswCQYDVQQGEwJVUzEg
MB4GA1UEAxMXdGhpbmt0YW5rd29ya3NwYWNlcy5jb20wHhcNMjIwNDIzMjIwMjU4
WhcNMjUwNDI1MjIwMjU4WjAvMQswCQYDVQQGEwJVUzEgMB4GA1UEAxMXdGhpbmt0
YW5rd29ya3NwYWNlcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDzGShZv2cAxpRsJEqGOhSWom7zUdWe3zJU4FSY2V1UWlr/Aw0fjkh1kDiNFuUX
arZ1ekMMBZQXQte+YnPZ/AdZy+4ovwEqG5R7k/AzFgonhPQrFFjySjmzGpeKc4We
dwiCgW28zDOCg2dr4CC9C2b6HonJH4/dyFF2Jx54sRC9NxuHtJYl/64BzYxxKkOQ
7czrnkoZ3BQCIzDcQFXn58NKCZSj9jI4ps8tChrLoJiGD7bjBqmvdoppfvrZOmTk
WBiLTdyj3q7C6rqWbYCX+v6VHWN+Rsh0q1B28umEYluUtK2AcxitC6pzkxmR/wsz
JWZ0GQr3DH2bZ6zfdZVWD3R1AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHIMtrrV
toCAqHRpYnDp5bgZlMk7EClX8H7LK1naFOBbEjfceuBqBanxqe0NwNGTqqPI/EWb
efFW12r6GWyztTiEdideoGTh+KwN8rKWqfrLi68xtfPuAFQIBdjrjP4ZyKVFs31z
hN9e9Nf8bdXzSMomKtgCO6qZmymw4YtZUz0oqJCxmu98o3nPVinLVolhyJoFiB2w
FOhxTVSpfqctXMIhNijPaFoPzRcaFnJ1YGX9ZOKbk14Gv6vyC0s9wkqDJg0S4V+L
0ORt2cvOhIyw41Ppimld+gNUVU3MpQNtzijYcYj+1PvUZn922Hn9cpwUwx/WdRbF
NM8NXDafMS2uHP4=
-----END CERTIFICATE-----

cat think.key
key proto=rsa service=tls role=client owner=* size=2048 ek=10001 !dk=C3BEB72A05200894DE0071FC7C369A4B6D020FF50E20FE3205FC18C2770C5A96E2FCC25537DA96E7EB384E0B686EC1A3A7D6C9D40D4DE0A917159B2B1414874ABC15CA437AC99029B0943FEEB2C97C66E7412502361EA4755E6D35B3AD9D1AD60457F9A7F3796A972A98C7813517D0548870843D60D7C1AC2E8A7353D5A7D7E27B6D568856D802279B5E5D4A1F52018E4C54E3A5F0EFADB59125C2092889ABAF9FB540EF88C36B10D78D5245B67AB3BD60ADC3B2302494ABCC98F5B871FED3452DD0A74DA14B76BF654290D84C606B319BF54A8C2F593D0CD451C4AA79BEF502D4B7B1A35023E455200CA1ECE8CCE96A72EBB6EFEB4309F408668710B2669865 n=F3192859BF6700C6946C244A863A1496A26EF351D59EDF3254E05498D95D545A5AFF030D1F8E487590388D16E5176AB6757A430C05941742D7BE6273D9FC0759CBEE28BF012A1B947B93F033160A2784F42B1458F24A39B31A978A73859E770882816DBCCC338283676BE020BD0B66FA1E89C91F8FDDC85176271E78B110BD371B87B49625FFAE01CD8C712A4390EDCCEB9E4A19DC14022330DC4055E7E7C34A0994A3F63238A6CF2D0A1ACBA098860FB6E306A9AF768A697EFAD93A64E458188B4DDCA3DEAEC2EABA966D8097FAFE951D637E46C874AB5076F2E984625B94B4AD807318AD0BAA73931991FF0B33256674190AF70C7D9B67ACDF7595560F7475 !p=853EE71EF67CC6350C6CB747B05EAC6E5FACC777FE8B2C51E91CD17990B668C6CC5FE886225827F5BD23E154EB68C8CFFCC21B9F1001301B5C92DEFB94E98C1FB2CAD1B3AA585E543B2BF3CE275B4C50FA2940DABFF6F145FA4DE6844E888327BBE53E437B430275EC96AFCDAB0DA44A4A217C09484DAD688F38DC75AA350383 !q=1D30E3C206F7DD10DFD77AF17FF6B8399C02906E5147EBA2673DCD0C95241514EFFFFE7A6F30ABC3C0B1DAB4A78A95A05EC706D38E9D027120484F7690B058E29DDBF412EB6A4CC079533DECE2B041B86B94764CF9F776ECF1B667FF83633D5EA99F40281C67240069817086E8E03D61875FBD674B5B62B6D22216994D4430EA7 !kp=5F269C45301FCA2AF7C46ADD76C524BD6CF5253C3B39875CB6EB2D6B723BD076A65B96E0B285E1834A9DE4BB8FA03446D2688AF0FBACDD7DAC8DF54E12F8F4676E76076A15AB2531614FF1BAB5C02CAF66F52EAB078A80A1482D78FFE254F9D3D609CE7CC1F90838CDCA8DA081162CCC2043E91F77D28092BA3410BAB5E145B !kq=84E1E9ED788B1D6D938DF7BD26289ABAA5D78664AADE1B6C514EA400836C9E0B91FE671432D5FD14403D62BCBF73BF6F2C0418AF36A6C856F1FE3ABE222AA475F8E72F4E711C96081A4535C106B0167CD03E25CA849E606280733B398D8255FC776CDB41BD0A487917D085CF9E8C2CDFACC1C8145096D1E82CEBC0B45D67EEC5 !c2=18A7AD290DD6A4B2C50C1F5191C8F14D4DEFB3109B9F8F01FA629AC8E75B54008440CE322080F3E6DDC55EA8CEB94DCBD5481DCB98D15237C532F3BB475D69EBBEB9BBCA27D12E9F58B1600B6ADD2A46E97B02877564D8826130547366BAF53E113EDA5C197448931CD1138022DE0BC6075294886C6276F3D0E32A94E68060E30

             reply	other threads:[~2022-04-23 23:09 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-23 23:08 william [this message]
2022-04-24  1:37 ` ori
2022-04-24 21:08   ` william
2022-04-26 23:00     ` ori

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5B43321A8E0FFD20AE16BA7E52DCF895@thinktankworkspaces.com \
    --to=william@thinktankworkspaces.com \
    --cc=9front@9front.org \
    --subject='Re: [9front] https exec header invalid' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).