sueden.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Eine Community für alle, die sich dem Süden hingezogen fühlen. Wir können alles außer Hochdeutsch.

Serverstatistik:

1,8 Tsd.
aktive Profile

#openssl

3 Beiträge3 Beteiligte1 Beitrag heute

Another commit landed in #OpenSSL: github.com/openssl/openssl/com

This time, it's a drive-by thing inspired by @jwildeboer who's working on S/MIME X.509 certificates: the X.509 standards renamed one of the bits in the keyUsage extension from `nonRepudiation` to `contentCommitment`, and OpenSSL only understood the old name.

Slowly improving the world one commit at a time.

GitHubx509: Accept 'contentCommitment' as alias · openssl/openssl@6b93db7ITU-T X.509 (10/2019) section 9.2.2.3 [1] defines 'contentCommitment' as the current name for what had previously been called 'nonRepudiation', and deprecates the old name: > It...

Improving the world, one PR at a time: github.com/smallstep/crypto/pu

The next release of #smallstep step-ca will accept the old name "nonRepudiation" in the X.509v3 keyUsage extension as a UX improvement for users coming from, e.g., #OpenSSL.

Inspired by @jwildeboer: social.wildeboer.net/@jwildebo
This stuff is hard enough without such pitfalls, no need to make it more complicated by green bikesheds, er, naming discussions.

I finally tried to replace #openssl with #aws-lc on some of my services. Unfortunately, #nginx and #mosquitto lack support for it. Instead, I successfully switched #BIND to use aws-lc.

I later also noticed that the #rustls compatibility shim is in nixpkgs 25.05, but here BIND is missing some variables. And despite the wrapper being explicitly made for nginx, it also fails here with

/nix/store/mkvc0lnnpmi604rqsjdlv1pmhr638nbd-binutils-2.44/bin/ld: objs/src/stream/ngx_stream_ssl_module.o: in function `ngx_stream_ssl_servername':
/build/nginx-1.28.0/src/stream/ngx_stream_ssl_module.c:606:(.text+0xd59): undefined reference to `SSL_SESSION_get0_hostname'

A shame. I wanted to change to more modern libraries.

Untested: #dovecot and #postfix (they lack a services.(dovecot2|postfix).package variable to easily change the used package. A PR for dovecot is already open to add support for it.

Decided to not use #libev and use #libevent instead for socket/timer/event loop/callback system. Other than I trust it more, I like the baked in #openssl support (will use for #telnet+tls later).

Additionally, going to try out sqlcipher (#sqlite3 + AES encryption baked in) for data storage. Everything will be stored in a sqlite3 database.

Using cmake and pkg-config, #C, sqlite3 (sqlcipher), libevent, and openssl.

Decided to just focus on developing the software on KDE neon distro (Ubuntu LTS) and worry about other OSes later. I spent too much time worrying about ease of build/install instructions for other operating systems instead of just deciding and moving forward.

Just released: #swad 0.12 🥂

swad is the "Simple Web Authentication Daemon". It basically offers adding form + #cookie #authentication to your reverse proxy (designed for and tested with #nginx "auth_request"). I created it mainly to defend against #malicious_bots, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same #crypto #challenge known from #Anubis.

swad is written in pure #C with minimal dependencies (#zlib, #OpenSSL or compatible, and optionally #PAM), and designed to work on any #POSIX system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).

This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.

Read more about it, download the .tar.xz, build and install it .... here:

github.com/Zirias/swad

GitHubGitHub - Zirias/swad: Simple Web Authentication DaemonSimple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.