[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Contributing to GNUnet

From: Tanguy Le Carrour
Subject: Re: Contributing to GNUnet
Date: Tue, 10 Mar 2020 17:51:40 +0100


Le 03/09, Christian Grothoff a écrit :
> On 3/9/20 4:08 PM, Tanguy Le Carrour wrote:
> > In the `gnunet-gns-proxy` logs I only have 2
> > lines:
> > 
> > ```
> > Mar 09 15:41:41-485690 gnunet-gns-proxy-18131 ERROR Download curl 
> > failed: SSL peer certificate or SSH remote key was not OK
> > Mar 09 15:41:58-358297 gnunet-gns-proxy-18131 ERROR Download curl 
> > failed: SSL peer certificate or SSH remote key was 
> > not OK
> > ```
> > 
> > Any idea?! Have I done something wrong (again)?!
> Hard to say. I can't tell if curl fails to accept the Letsencrypt CA, or
> if we lack the LEHO somehow. AFAIK Martin was fixing some LEHO-related
> bugs in GNS, so MAYBE that is hitting you here.
> To find out:
> 1) check if curl is happy downloading directly
>    (thus checking curl is installed properly and finds its root CAs)


> 2) try adding a TLSA record for to GNS, thereby avoiding
>    the use of Letsencrypt and really directly verifying via GNS.

I'll try this and let you know, thanks!

> 3) Maybe enable more logging (-L DEBUG) ;-).

Tried, but it didn't say more! :-(

> 4) Also, given that I have not tried this for a while, there is a
>    possibility that we have a regression -> Martin or I should also
>    try (but I can't this week).
> > The patch to `gnunet-gns-proxy-setup-ca` is trivial. Should I submit it
> > somewhere? Or, as it's a "Guix problem", I can just patch it in the Guix 
> > package!?
> I am pretty sure this is an 'upstream' issue and that we should patch
> gnunet-gns-proxy-setup-ca. So please do send the patch (to me personally
> will suffice, I'm happy to review and apply).

I'm attaching 2 versions of the patch.

> > And one last question: why is `gnunet-gns-proxy` in 
> > `/usr/lib/gnunet/libexec/` and
> > not in `bin`?
> The idea is that the gnunet-gns-proxy is launched via gnunet-arm like
> other GNUnet services, instead of being started manually.

Makes perfect sense! The command on the "use" page is just so we can
see the logs, I guess.



Attachment: 0001-import-CA-into-Icecat-v1.patch
Description: Text document

Attachment: 0001-import-CA-into-Icecat-v2.patch
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]