ChanServ changed the topic of #picolisp to: PicoLisp language | Channel Log: https://irclog.whitequark.org/picolisp/ | Check also http://www.picolisp.com for more information
mgoelzer2 has joined #picolisp
mgoelzer2 has quit [Killed (Sigyn (Spam is off topic on freenode.))]
orivej has quit [Ping timeout: 244 seconds]
freemint has quit [Remote host closed the connection]
Nascher16 has joined #picolisp
Nascher16 has quit [Remote host closed the connection]
libertas has joined #picolisp
ubLIX has quit [Quit: ubLIX]
freemint has joined #picolisp
freemint has quit [Client Quit]
alexshendi has quit [Ping timeout: 252 seconds]
pierpal has quit [Quit: Poof]
pierpal has joined #picolisp
pierpal has quit [Ping timeout: 272 seconds]
pierpal has joined #picolisp
pierpal has quit [Read error: Connection reset by peer]
pierpal has joined #picolisp
pierpal has quit [Read error: Connection reset by peer]
pierpal has joined #picolisp
pierpal has quit [Ping timeout: 244 seconds]
pierpal has joined #picolisp
pierpal has quit [Read error: Connection reset by peer]
freemint has joined #picolisp
freemint has quit [Client Quit]
orivej has joined #picolisp
shnee has joined #picolisp
shnee has quit [Remote host closed the connection]
Nistur has quit [Ping timeout: 246 seconds]
Nistur has joined #picolisp
pierpal has joined #picolisp
aw- has quit [Read error: Connection reset by peer]
rob_w has joined #picolisp
aw- has joined #picolisp
karjala9 has joined #picolisp
karjala9 has quit [Remote host closed the connection]
pierpal has quit [Ping timeout: 264 seconds]
pierpal has joined #picolisp
orivej has quit [Ping timeout: 244 seconds]
NB0X-Matt-CA has quit [Excess Flood]
NB0X-Matt-CA has joined #picolisp
pierpal has quit [Read error: Connection reset by peer]
pierpal has joined #picolisp
pierpal has quit [Read error: Connection reset by peer]
Nistur has quit [Ping timeout: 252 seconds]
Nistur has joined #picolisp
orivej has joined #picolisp
freemint has joined #picolisp
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #picolisp
pierpal has joined #picolisp
pierpal has quit [Ping timeout: 272 seconds]
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #picolisp
<Regenaxer> tankf33der here?
<tankf33der> here
<tankf33der> hi
<Regenaxer> Hi :)
<Regenaxer> I have a strange error with @bin/ssl
<Regenaxer> 540571417240:error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:ssl/record/rec_layer_s3.c:1528:SSL alert number 112
<Regenaxer> Do you have an idea?
<Regenaxer> I called:
<Regenaxer> : (download "software-lab.de" "hello.zip" "a.zip")
<Regenaxer> 'download' is from @lib/misc.l
<Regenaxer> : (de download (Host Src Dst)
<Regenaxer> (let (F (tmp 'download) Size)
<Regenaxer> (in (list "@bin/ssl" Host 443 Src)
<Regenaxer> (and
<Regenaxer> (tail '("2" "0" "0" " " "O" "K") (line))
<Regenaxer> (from "Content-Length:")
<Regenaxer> (setq Size (read))
<Regenaxer> (from "^M^J^M^J")
<Regenaxer> (out F (echo))
<Regenaxer> (= Size (car (info F)))
<Regenaxer> (=0 (native "@" "rename" 'I F Dst)) ) ) ) )
<Regenaxer> Other servers work
<Regenaxer> Must be something with SSL_CTX_xxx() routines
<Regenaxer> Or is it only the fault of software-lab.de (i.e. the Strato provider)
<tankf33der> i will look in 10mins
<Regenaxer> Great, thanks!
<freemint> (de download (Host Src Dst)  (let (F (tmp 'download) Size)  (in (list "@bin/ssl" Host 443 Src)  (and 
mmmonk6 has joined #picolisp
orivej has quit [Ping timeout: 250 seconds]
<Regenaxer> Hi freemint
<freemint> Hi
<freemint> this is beYond my scope
<Regenaxer> Must be some protocol mismatch
<Regenaxer> But I can't complain to the provider before I know it is not my own fault
mmmonk6 has quit [Ping timeout: 250 seconds]
<Regenaxer> Testing can be done also on the shell
<Regenaxer> $ bin/ssl software-lab.de 443 index.html
<Regenaxer> 140133919007168:error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112
<Regenaxer> ssl: Can't connect
<aw-> Regenaxer: hi
<aw-> the problem is your version of openssl is too old
<Regenaxer> Hi aw-!
<beneroth> hi aw- :)
<Regenaxer> It is not mine, but of that provider
<aw-> hi beneroth
<Regenaxer> hmm, problem
<aw-> Regenaxer: yes, likely an old version of openssl which doesn't support the newer protocols provided by the endpoints you're trying to reach
<beneroth> the sslabs result say the server does only support TLS v1.1 and upwards, not TLS v1
<tankf33der> strato disable tsl 1.0
<tankf33der> tls 1.0
<beneroth> its arguably a good thing.
<aw-> beneroth: exactly
<Regenaxer> yeah
<aw-> so either downgrade TLS on the server, or upgrade openssl
<beneroth> Regenaxer, your client needs upgrade
<Regenaxer> I have no control over that server
<Regenaxer> just an FTP space
<Regenaxer> So what is wrong in src/ssl.c then?
<aw-> Regenaxer: everything
<aw-> ;)
<Regenaxer> openssl libs?
<aw-> openssl binary or libs, need v1.0+
<Regenaxer> I have Debian testing here
<Regenaxer> can't be so old
<beneroth> openssl version
<aw-> (call 'openssl "version")
<Regenaxer> OpenSSL 1.1.1 11 Sep 2018
<Regenaxer> It must be my source
<beneroth> Openssl versions till 1.0.0h supports SSLv2, SSLv3 and TLSv1.0. From Openssl 1.0.1 onward support for TLSv1.1 and TLSv1.2 is added.
<beneroth> seems so
<aw-> yes perhaps
<tankf33der> needs just updade ssl.c
<Regenaxer> I call SSL_CTX_new(SSLv23_client_method())
<beneroth> the Ciphers[] within ssl.c need an update?
<tankf33der> i dont think so
<tankf33der> googling.
<Regenaxer> hmm, but what is the right way?
<Regenaxer> openssl is such a mess ...
<Regenaxer> I also would think it is not the Ciphers
<Regenaxer> sounds more like a version or support issue
<Regenaxer> With SSL_CTX_new(SSLv23_client_method()) I suspect it means to accept only 2 and 3
<Regenaxer> So strato needs 1 ?
<Regenaxer> We (tankf33der and I) removed 1 a long time ago iirc
<beneroth> strato requireds TSL 1.1 or TSL 1.2
<Regenaxer> aw- the quality labs page gives A to that server, right?
<beneroth> yes
<Regenaxer> beneroth, really only 1?
<beneroth> SSL 2 and SSL 3 is lower than TSL 1.1
<Regenaxer> oh
<Regenaxer> grr
<beneroth> SSL2 -> SSL 3 -> TLS 1.0 - these are all considered outdated/insecure
<Regenaxer> OK
<beneroth> TLS 1.1 and TLS 1.0 is currently recommended
<Regenaxer> So what is the right way of function calls in ssl.c?
<beneroth> TLS 1.3 is about to be released soon whenever (bank lobbyists want to make it insecure)
<Regenaxer> bank lobbyists?
<beneroth> no idea. I guess you don't make TLS 1.1 in there
<Regenaxer> rather governments
<Regenaxer> Can't be that openssl is *that* outdated
<Regenaxer> OpenSSL 1.1.1 11 Sep 2018
<Regenaxer> Newest
<beneroth> no, banks. gov too, but mostly banks. because they usually have to surveillance their employees. TLS 1.3 would require (original plan) to customize all included network nodes, which apparently is too much work to them (while technically possible)
<beneroth> over a year they are discussing this shit now
<Regenaxer> Anyway
<Regenaxer> this breaks pilbox now
<Regenaxer> I need to talk with strato
<beneroth> the problem will only get worse when other servers will drop support for TLS 1.0 and below
<beneroth> you will eventually have to fix this in the bin/ssl
<Regenaxer> So if I use TLS instead of SSL_CTX_new(SSLv23_client_method(), something else will break
<Regenaxer> That's what I'm talking about all the time!!!!
<Regenaxer> src/ssl.c!
<beneroth> probably true. you probably have to determine first which TLS version the server supports, and then do your initialization.
<beneroth> or something like that. I have no idea.
<Regenaxer> No
<Regenaxer> usually you give a list of allowed protocols
<Regenaxer> we removed SSL1 some time ago
<tankf33der> 14:36 <tankf33der> needs just updade ssl.c
<Regenaxer> yes
<Regenaxer> easy then
<Regenaxer> haha
<Regenaxer> Must find docs for client methods probably
<Regenaxer> the CTX_new
<Regenaxer> const SSL_METHOD *TLSv1_2_client_method(void);
<Regenaxer> or better just TLS_client_method() ?
<Regenaxer> looks good
<Regenaxer> I hope it does not break other connections
<Regenaxer> it says indeed that SSLv23_client_method() is deprecated
<Regenaxer> Nobody told me ;)
<aw-> sorry was afk, yeah versions of openssl differ quite a bit, if you were coding against 0.9.8, a lot of stuff breaks when jumping to 1.0 and 1.1
<Regenaxer> I have no indea about 0.9.8 or 1.0
<aw-> it was a big breaking version "upgrade"
<Regenaxer> I'm not aware I coded "against" any special version
<aw-> Regenaxer: yes exactly, it just happened hahaha
<Regenaxer> Not sure, so far I changed only SSLv23_client_method() to TLS_client_method()
<Regenaxer> Not enough?
<Regenaxer> testing now
<Regenaxer> did not help at all. Same error
Vq5 has joined #picolisp
<Regenaxer> So where are the specialists?
<aw-> you might also need to specify your client TLS version
<Regenaxer> how?
<aw-> no clue
<aw-> sorry :\
<Regenaxer> np
<Regenaxer> Why do you suspect the version is critical?
<Regenaxer> Which version btw?
orivej has joined #picolisp
<Regenaxer> include file perhaps?
<Regenaxer> #include <openssl/x509v3.h>
<Regenaxer> hmm, perhaps also SSL_CTX_set_options(ctx, ...
Vq5 has quit [Remote host closed the connection]
<Regenaxer> Now I did:
<Regenaxer> < /* 01apr18abu
<Regenaxer> > /* 18sep18abu
<Regenaxer> ---
<Regenaxer> 179c179
<Regenaxer> < if (!(ctx = SSL_CTX_new(SSLv23_client_method())) || !SSL_CTX_set_default_ve
<Regenaxer> ---
<Regenaxer> > if (!(ctx = SSL_CTX_new(TLS_client_method())) || !SSL_CTX_set_default_verif
<Regenaxer> 183,184c183
<Regenaxer> < SSL_CTX_set_options(ctx,
<Regenaxer> < SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_ALL | SSL_OP_NO_COMPRESSION )
<Regenaxer> ---
<Regenaxer> > SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_COMPRESSION);
<Regenaxer> but doesn't work
<Regenaxer> I wonder why the SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 options were there
<Regenaxer>
<Regenaxer> Also strange, the error says "tlsv1 unrecognized name"
<Regenaxer> So it does not like TLS1 ?
<beneroth> maybe this helps a bit
TheJulia9 has joined #picolisp
<Regenaxer> I think it is not good to *prevent* it
<Regenaxer> in the client
<beneroth> that are answers saying too
<Regenaxer> What does the error "tlsv1 unrecognized name" actually *mean*?
<Regenaxer> Which side?
<Regenaxer> The above talks about "my server is compiled against an older version of OpenSSL"
<Regenaxer> here it is opposite
<Regenaxer> Strato seems newer
<Regenaxer> But I can't believe it will not accept older protocols
<Regenaxer> So my question is still: What exactly is wrong"
<Regenaxer> ?
<beneroth> it does not accept older protocols
TheJulia9 has quit [Killed (Sigyn (Spam is off topic on freenode.))]
<beneroth> because that could be abused by an MitM-attacker to downgrade the conneciton
<Regenaxer> No others than which?
<Regenaxer> TLSv1_method()
<beneroth> TLS 1.1 and TLS 1.2. recommended state of the art is TLS 1.2
<beneroth> is there a TLSv1_1_method?
<Regenaxer> yes, but compiler says warning: ‘TLSv1_method’ is deprecated [
<Regenaxer> ah
<beneroth> 1 vs 1_1
<Regenaxer> yes
<Regenaxer> What are the DTLSv1* methods?
<beneroth> TLS_client_method()
<Regenaxer> warning: ‘TLSv1_2_client_method’ is deprecated
<beneroth> see first paragraph in notes
freemint has quit [Ping timeout: 245 seconds]
<Regenaxer> TLS_client_method() I did try first, see the diff above
freemint has joined #picolisp
<Regenaxer> why is ‘TLSv1_2_client_method’ deprecated?
pozlop- has joined #picolisp
<beneroth> "All version-specific methods were deprecated in OpenSSL 1.1.0."
<beneroth> thats why you get the deprecated warnings
<Regenaxer> yes, I see
<Regenaxer> but TLS_client_method() is not correct or not enough
<Regenaxer> BTW, the same problem must be in httpGate too
<beneroth> hm
<beneroth> doesn't even use TSL_client
freeemint has joined #picolisp
<Regenaxer> haha, this says method = SSLv23_method();
<Regenaxer> T
<beneroth> outdated
<Regenaxer> httpGate worries me even more now
<beneroth> depends on how fast the browsers deprecate old SSL/TLS versions...
<beneroth> but yeah
freemint has quit [Ping timeout: 245 seconds]
<beneroth> ctx = SSL_CTX_new(TLSv1_2_client_method());
<Regenaxer> Not only browsers
freeemint_ has joined #picolisp
<beneroth> T
<beneroth> clients
<Regenaxer> all RPC goes via httpGate
<Regenaxer> well, and ssl, so it matches :)
<beneroth> but I would say browsers are the first to update
<Regenaxer> yes, but browsers stay tolerant is long as possible
pozlop- has quit [Remote host closed the connection]
freeemint has quit [Ping timeout: 252 seconds]
<beneroth> in theory. in practice, Google politics.
pierpal has joined #picolisp
<tankf33der> still googling.
<Regenaxer> thanks!
orivej has quit [Ping timeout: 252 seconds]
pierpal has quit [Ping timeout: 250 seconds]
freeemint_ has quit [Ping timeout: 252 seconds]
freemint has joined #picolisp
<tankf33der> problem not in ssl.c too
<tankf33der> i have two apache servers, with and without TLS1.0
<tankf33der> both works.
<Regenaxer> oh
<Regenaxer> Hmm, confused
<tankf33der> a very.
<tankf33der> still under investigation.
<tankf33der> try run this
<tankf33der> the same, right ?
<Regenaxer> not exactly
rob_w has quit [Remote host closed the connection]
<Regenaxer> tlsv1 unrecognized name:
<Regenaxer> alert number 112
<Regenaxer> instead of alert number 70
<Regenaxer> not sure
<Regenaxer> But something is wrong with strato too
<Regenaxer> tankfeeder, why did you try with -tls1 ?
orivej has joined #picolisp
<Regenaxer> Without it, it gives Protocol : TLSv1.2 and looks good
<Regenaxer> So how could I achieve the same?
<tankf33der> -tls1 just test
<Regenaxer> yeah
<Regenaxer> but deprecated, right?
<tankf33der> yea
<tankf33der> bug at the same time wget works
<tankf33der> checking sources.
<Regenaxer> ok
<tankf33der> this is openssl part where fails
<tankf33der> function: MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
<tankf33der> code:
<Regenaxer> this is what throws the error?
<tankf33der> yeap
<tankf33der> but wget still works :)
<freemint> wget into named pipe?
<tankf33der> ha
<tankf33der> wget works because it uses gnutls, not openssl
<beneroth> wow
<tankf33der> curl use openssl, switch to curl sources
<tankf33der> simple verbose session
<Regenaxer> ok, so strato is clean
freeemint has joined #picolisp
freemint has quit [Ping timeout: 244 seconds]
<Regenaxer> Now I've also tried options SSL_OP_NO_TLSv1 and SSL_OP_NO_TLSv1_1
<Regenaxer> No avail
freemint has joined #picolisp
<Regenaxer> Strange thing is that *only* strato does not work
<beneroth> you could put the other servers into SSLabs test, and compare the output for configuration differences
freeemint has quit [Ping timeout: 252 seconds]
<Regenaxer> yes, for example bin/ssl strato.de 443 index.html works!
<Regenaxer> So Strato itself works
<Regenaxer> Both say Protocol : TLSv1.2
pierpal has joined #picolisp
pierpal has quit [Client Quit]
pierpal has joined #picolisp
<tankf33der> i did it
<tankf33der> works
<tankf33der> burning patch to show.
<Regenaxer> Which change?
<tankf33der> wait, testing.
<Regenaxer> sure :)
<Regenaxer> Looking forward
<tankf33der> testing run on old openssl
<beneroth> tankf33der, huurrraaayy
* beneroth claps
<tankf33der> so
<tankf33der> 1. add SSL_OP_NO_TLSv1 just to be modern.
<tankf33der> 2. SSL_set_tlsext_host_name adds SNI support
<tankf33der> =
<tankf33der> ==================
<tankf33der> 1. optional
<tankf33der> 2. mandatory.
<Regenaxer> cool!
<Regenaxer> testing
<Regenaxer> I had SSL_OP_NO_TLSv1, but removed it again
<Regenaxer> Wow!! Works!!
<Regenaxer> You are fantastic tankf33der!
<Regenaxer> How did you find out?
<tankf33der> yea :)
<Regenaxer> BTW, I also changed to TLS_client_method() to be more modern ;)
<tankf33der> no
<tankf33der> i need wrappers around version
<Regenaxer> not good?
<tankf33der> i dont think you want wrappers
<Regenaxer> yes, no warning here
<tankf33der> you dont want this abobe
<tankf33der> above
<Regenaxer> ok
<tankf33der> openssl 1.0.0 dont work at all
<tankf33der> even with patch.
<Regenaxer> So we stay better with SSLv23_client_method() and change it lata
<Regenaxer> later?
<tankf33der> yeap
<Regenaxer> ok, let me know when you think time is ready for TLS_client_method()
<tankf33der> ....
<tankf33der> Typically you should always use SSLv23_method in preference to the version specific methods.
<tankf33der> ...
<tankf33der> i belive they have handlers for this
<Regenaxer> yes, I saw examples, despite they are "deprecated" ;)
<Regenaxer> What do you think about httpGate?
<Regenaxer> Does it need SSL_set_tlsext_host_name too?
<Regenaxer> hmm
<Regenaxer> nonsense!
<Regenaxer> There is no hostname ;)
<Regenaxer> OK, so I will release. Can you test again?
<tankf33der> yeap
<tankf33der> inside picoLisp.tgz ?
<Regenaxer> yes, in a minute
<tankf33der> let me know.
<Regenaxer> Released :)
<tankf33der> ok
<tankf33der> doing
<Regenaxer> Now building PilBox
<tankf33der> : (version)
<tankf33der> 18.9.16
<tankf33der> 18.9.18 ?
<tankf33der> ha
<tankf33der> no
<tankf33der> maybe browser cache
<tankf33der> yes version is ok, this was a cache
<tankf33der> works.
<tankf33der> openssl 1.1.1 and 1.0.2k
<tankf33der> let me test openbsd and libressl
<Regenaxer> Uhh, in PilBox it still does not work
<tankf33der> # openssl version
<tankf33der> LibreSSL 2.7.2
<tankf33der> works, as should.
<tankf33der> you have openssl, right ?
<Regenaxer> Now I get 4004099468:error:140840FF:SSL routines:ssl3_connect:unknown state:s3_clnt.c:641:
<tankf33der> what version ?
<Regenaxer> hmm, it is the arm eabi
<tankf33der> openssl 1.0.0 doesnt work too.
<tankf33der> is it openssl /
<tankf33der> ?
<Regenaxer> not sure, deeply embedded in the toolchain
<Regenaxer> must dig into it
<Regenaxer> I think it is openssl-1.0.2k
pierpal has quit [Read error: Connection reset by peer]
<tankf33der> but openssl 1.0.2k works
<tankf33der> on my centos7
<Regenaxer> good to know
<Regenaxer> The error is different
<Regenaxer> Again, only for software-lab.de
<tankf33der> are you sure you have latest picoLisp.tgz ?
<Regenaxer> yes, build script
<Regenaxer> and the error changed now
<tankf33der> openssl 1.0.1e, centos 6 works
pierpal has joined #picolisp
<Regenaxer> hmm
<tankf33der> my patch adds SNI support
<tankf33der> try to google arm eabi and SNI
<tankf33der> i imagine they could disable support for this
<tankf33der> !!!
<tankf33der> afk
<tankf33der> checking channel passive from phone.
<tankf33der> see you.
<Regenaxer> thanks tankf33der!!
<tankf33der> o/
<tankf33der> you could check for SNI
<tankf33der> wait
<tankf33der> of course
<Regenaxer> SNI ?
<tankf33der> sni!
<tankf33der> if (!SSL_set_tlsext_host_name(ssl, av[1]);) {fprintf(stderr, "no SNI\n");}
<tankf33der> try this line
<tankf33der> should fail.
<tankf33der> should fail on pilbox.
<tankf33der> plus
<tankf33der> find the version
<tankf33der> afk.
freeemint has joined #picolisp
freemint has quit [Ping timeout: 246 seconds]
fletom26 has joined #picolisp
<rick42> Regenaxer: ssllabs gives software-lab.de an A grade now. was it lower before?
fletom26 has quit [Remote host closed the connection]
<rick42> beneroth: ^^
<Regenaxer> rick42, I have never looked, as I have no control. It is not my server
<Regenaxer> tankf33der, it does *not* print "no SNI\n"
<Regenaxer> I inserted other debug output, so I'm sure I tested correctly
Reina1411 has joined #picolisp
<rick42> ah
<Regenaxer> Must also go for a short time. bbl
<rick42> bye!
Reina1411 has quit [Remote host closed the connection]
BladedThesis4 has joined #picolisp
freemint has joined #picolisp
BladedThesis4 has quit [Ping timeout: 252 seconds]
freeemint has quit [Ping timeout: 252 seconds]
<Regenaxer> ret
ubLIX has joined #picolisp
<Regenaxer> OOOooohhh
<Regenaxer> I'm stupid. My fault!
<Regenaxer> Didn't properly update the app
<Regenaxer> tankf33der, sorry, it works
<tankf33der> super
<tankf33der> good
<Regenaxer> :)
<Regenaxer> was confused
<Regenaxer> Now I can also release PilBox, need it tomorrow
orivej has quit [Ping timeout: 240 seconds]
<beneroth> so the problem was that 1) TLS 1.1+ required 2) new OpenSSL requires SNI to be explicitly activated (I would think SNI was used before too, no?) ?
freemint has quit [Ping timeout: 240 seconds]
<Regenaxer> I don't know well ...
<tankf33der> first, strato may change something
<Regenaxer> What does tlsext_host_name have to do with SNI?
<tankf33der> because they reverse proxy
freemint has joined #picolisp
pierpal has quit [Ping timeout: 246 seconds]
RetardedOnion2 has joined #picolisp
RetardedOnion2 has quit [Remote host closed the connection]
<tankf33der> cant connect from home to software-lab by openssl s_client and bin/ssl
<tankf33der> but curl works
<Regenaxer> At home still old version?
<beneroth> Regenaxer, SNI is protocol to get the right certificate (the one for your domain) from a server who servers multiple virtual hosts (as in host header in HTTP)
freemint has quit [Ping timeout: 240 seconds]
freemint has joined #picolisp
<Regenaxer> beneroth, thanks
<Regenaxer> makes sense
<beneroth> SNI = Server Name Indication. aka client tells server to which host it wants to connect so server can show it the right certificate
<beneroth> because the host header within HTTP is within the encrypted TLS connection, the encrypted connection which can't be started without the right server certificate
<freemint> Regenaxer how would you go about a web service/pilbox app who has a background process which populates the database with new data.
<beneroth> freemint, second process (started with fork) which does (loop (wait)).
<beneroth> save Pid of that background process in a globale, e.g. *BackgroundWorker, and use (tell *BackgroundWorker (do-something 'arg 'arg))
<freemint> i thought of that too. about pil box? how to make sure energy saving does not kill my process?
<beneroth> so I do it on unix servers.
<freemint> That with the background worker is cool
<beneroth> I think there is a android api function to call to tell the android that it should keep that process around
<Regenaxer> freemint, in fact I have two such applications now
<Regenaxer> Synchronizing DBs between server and mobiles
<Regenaxer> (you know, beneroth, Messe Spedition)
<Regenaxer> But it is hard to explain here
beneroth has quit [Remote host closed the connection]
<freemint> that sounds cool but a little more than i need right now.
<freemint> How do you a secure connection?
beneroth has joined #picolisp
pierpal has joined #picolisp
<beneroth> Regenaxer, natural approach.
<Regenaxer> freemint, what we talked here all the time
<freemint> over https? ok
<Regenaxer> yes, @bin/ssl
<Regenaxer> -> @bin/httpGate
<Regenaxer> A few background tasks
<Regenaxer> in fact, using the new 'tasks' function
<beneroth> Regenaxer, about SNI: there is also a trick to connect straight away via TLS with a server cert the server is also hosting (e.g. google.com) and then declare another host within the HTTP within the encrypted connection. TOR and Signal messenger app use (or used) this to conceal their protocol, looking for surveillance like normal HTTPS to google.com, but being actually TOR/signal traffic. only possible because they're hosted on Google/Amazon/etc and know t
<beneroth> hat the same server also servers one of this common domains.
<beneroth> Not sure if this still works. I long believed Google supported this actively, but actually it seems this was a unintended neat trick and they want to shut it down (or already did)
<Regenaxer> Wow, tricky
<freemint> completely other question. I want to port a small embedded OS to a CPU architecture... where and how would i best document that struggle? The result will be mostly open.
<beneroth> a blog?
<beneroth> or a wiki about the hardware, if still one exists
<beneroth> s/still/already
<Regenaxer> How about https://wiki.osdev.org ?
<freemint> Mhh any thoughts about version control can you recommend something along those lines?
<beneroth> semver.org, ubuntu/windows/picolisp-style, or arbitrary
<beneroth> Knuth-style if you really want to be exotic (his version numbers are approximations to PI)
<beneroth> or just a plain integer
<freemint> Version control as in git-like
<beneroth> ah
<beneroth> git ?
<beneroth> mercury
<beneroth> or Regenaxer-style picolisp snapshot
<beneroth> git is the most used one
<beneroth> mercury has similar powers, and is said to be easier to be used, but I never used it, so I don't know.
<beneroth> SVN is still used in some companies, but its slow and inflexible and gets replaced with git everywhere
<beneroth> I'm using git with a private git server I set up myself
<beneroth> if you work with many people, than something like gitlab (can be self-hosted) or github is probably more comfortable
<beneroth> (e.g. different access rights to different people, nice web gui to configure and view all the stuff)
<freemint> i will soon get an FPGA board from America or Japan or both. On these runs a simulated CPU of an "fork" of a CPU architecture. GCC support and Co exists, even an no mmu Linux port and the OS was already ported to the predecessor(before fork).
<beneroth> wow, nice project freemint :)
<freemint> and the CPU architecture is open source
<freemint> and i will probably have to do without an MMU in the beginning
<freemint> beneroth thanks i hope to manage to pull that trough: good thing i got an dead line
ubLIX has quit [Quit: ubLIX]
<Regenaxer> ret
ubLIX has joined #picolisp
<beneroth> freemint, I think you can do it! it's hard work, but you will gain a really good understanding of CPU architecture. Afterwards you can learn pilASM and teach me :)
<freemint> luckily all the super hard work was atleast done once already
<freemint> beneroth what fascinates you about pil assembly?
<beneroth> well I want to understand everything in picolisp eventually. understanding the VM means I can fully understand how a certain software runs on a computer including the hardware level.
<beneroth> also I might need/want to do changes on pil ASM level eventually (bugfixes, or new features to pil DB)
<freemint> i got a list of candidates for that too
<beneroth> the most important thing about new feature is saying NO to them, only accepting them when it is a real step forward and all costs considered.
<Regenaxer> yes, that's the hard thing sometimes
grp has joined #picolisp
<tankf33der> still cant connect
<tankf33der> openssl s_client -connect software-lab.de:443
<tankf33der> doesnt work from home.
<tankf33der> strange.
<Regenaxer> What output?
<Regenaxer> At work it was OK, right?
<Regenaxer> here it works too
<tankf33der> from work ok.
<tankf33der> i tried make a connection with and without SNI by openssl
<Regenaxer> Interesting! Now you got this "alert number 112" too
<Regenaxer> as I had in @bin/ssl
<Regenaxer> So openssl has the same problem :)
<tankf33der> 1
<tankf33der> If you are using OpenSSL 1.1.1, you need add -noservername flag to openssl s_client.
<tankf33der> If you are using OpenSSL 1.1.0 or earlier version, use openssl s_client -connect $ip:$port, and OpenSSL wouldn't enable the SNI extension
<tankf33der> down vote
<Regenaxer> I'm getting confused again. It is all a mess
<tankf33der> yeah.
<beneroth> OpenSSL 1.0 to 1.1 was a big big change
<Regenaxer> I see
<beneroth> I saw it in the news when 1.1 first came out, but then I forgot
<beneroth> maybe you can find some changelogs / howtos related to the 1.1. release
<tankf33der> gnutls-cli with and without SNI
<tankf33der> this one works. good.
<tankf33der> i cant read all this :)
<tankf33der> so
<Regenaxer> Is gnutls easier to use?
<tankf33der> i dont think so.
<beneroth> afaik it has other weaknesses
<tankf33der> openssl is not bad.
<tankf33der> just opensource.
<tankf33der> leave is as.
<beneroth> libreSSL ought to be better than openSSL, but I dont know
<Regenaxer> ok
<beneroth> libreSSL is the fork of openSSL by the OpenBSD guys after the heartbleed disaster
<tankf33der> 99% of users should not care.
<beneroth> I agree, better stay with the faults you know than going with the faults you don't know yet
<tankf33der> as i tested above ssl.c works under libressl :)
<Regenaxer> The API is far too complicated
<tankf33der> yeap
<tankf33der> so
<Regenaxer> You have to care about many low-level details
<beneroth> T
<tankf33der> issue closed, right ?
<beneroth> and the documentation is bad
<Regenaxer> Anyway, now I'm happy for the near future
<beneroth> thanks to tankf33der !
<Regenaxer> What I need works
<Regenaxer> indeed!
<tankf33der> ok
<tankf33der> afk
<beneroth> and thanks Regenaxer for keeping improving pil stack :)
<Regenaxer> Lots of thanks
<Regenaxer> :)
ubLX has joined #picolisp
ubLIX has quit [Ping timeout: 252 seconds]
ubLIX has joined #picolisp
ubLX has quit [Ping timeout: 240 seconds]
freeemint has joined #picolisp
freeemint_ has joined #picolisp
freemint has quit [Ping timeout: 252 seconds]
freeemint has quit [Ping timeout: 252 seconds]
beneroth has quit [Remote host closed the connection]
rmanak19 has joined #picolisp
rmanak19 has quit [Remote host closed the connection]
orivej has joined #picolisp
freemint has joined #picolisp
freeemint_ has quit [Ping timeout: 252 seconds]
TingPing3 has joined #picolisp
TingPing3 has quit [Remote host closed the connection]
pierpal has quit [Quit: Poof]
pierpal has joined #picolisp
<tankf33der> btw
<tankf33der> this one is promising replacement for tls protocol
<tankf33der> wireguard is also based on noise ecosystem
<tankf33der> modern and very easy to use blablabla
<freemint> tankf33der do browser speak it?
<tankf33der> of course no
<tankf33der> only whatsapp use it now everywhere
<freemint> mhh it is simpler but do you know how the key exchange is done when read over the paper i could not find it. Does the protocol need hard coded keyd
lifeeth0 has joined #picolisp
lifeeth0 has quit [Remote host closed the connection]
dsirrine16 has joined #picolisp
dsirrine16 has quit [Killed (Sigyn (Spam is off topic on freenode.))]
orivej has quit [Ping timeout: 252 seconds]
freeemint has joined #picolisp
freeemint_ has joined #picolisp
freemint has quit [Ping timeout: 252 seconds]
freeemint_ has quit [Client Quit]
freemint has joined #picolisp
freeemint has quit [Ping timeout: 252 seconds]
grp has quit [Quit: box shutting down...]
erkin has joined #picolisp
freeemint has joined #picolisp
freemint has quit [Ping timeout: 252 seconds]
freeemint has quit [Ping timeout: 272 seconds]
freemint has joined #picolisp
ubLIX has quit [Quit: ubLIX]