gnunet-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Contributing to GNUnet


From: Tanguy Le Carrour
Subject: Re: Contributing to GNUnet
Date: Sat, 14 Mar 2020 14:55:19 +0100

Hi,


Le 03/14, Schanzenbach, Martin a écrit :
> > On 14. Mar 2020, at 12:00, Tanguy Le Carrour <address@hidden> wrote:
> > Le 03/13, Schanzenbach, Martin a écrit :
> >>> On 13. Mar 2020, at 18:32, Tanguy Le Carrour <address@hidden> wrote:
> >>> Le 03/10, Tanguy Le Carrour a écrit :
> >>>> Le 03/09, Christian Grothoff a écrit :
> >>>>> 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding
> >>>>>  the use of Letsencrypt and really directly verifying via GNS.
> >>>> I'll try this and let you know, thanks!
> >>> So, I did my homework, used a generator [1][] and ended up with this:
> >>> ```
> >>> _443._tcp.gnunet.org. IN TLSA 3 1 1 
> >>> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> >>> ```
> >>> [1]: https://www.huque.com/bin/gen_tlsa
> >>> So I now have:
> >>> ```
> >>> $ gnunet-namestore -z myself -a -e "1 d" -p -t TLSA -n gnunet -V "3 1 1 
> >>> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
> >>> $ gnunet-gns --type ANY --lookup gnunet.myself
> >>> gnunet.myself:
> >>> Got `TLSA' record: 3 1 1 
> >>> 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
> >>> Got `LEHO' record: gnunet.org
> >>> Got `A' record: 131.159.74.67
> >>> ```
> >>> I didn't know where to put the `_443._tcp` part. `gnunet-namestore` 
> >>> complained
> >>> about the name containing a `.`.
> >>> There's something in the doc [2][] about `_port._proto.`, but it's for
> >>> BOX records only.
> >> 
> >> Indeed, instead of a TLSA records, for GNS, you should add a box record 
> >> that contains a TLSA record. Like so:
> >> $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 
> >> 1 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
> >> 6 is the protocol (tcp), 443 is the service (https).
> > 
> > Unfortunately…
> > 
> > ```
> > $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 3 1 
> > 1 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
> > Value `6 443 3 1 1 
> > 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939' invalid 
> > for record type `BOX'
> > 
> > $ gnunet-namestore --version
> > gnunet-namestore v0.12.2 release
> > ```
> > 
> > From the code [1][], I could not guess what the correct format should be.
> > 
> > [1]: src/gnsrecord/plugin_gnsrecord_dns.c:656
> >     src/include/gnunet_gnsrecord_lib.h:297
> 
> Ah, the record type is missing, sorry I did that out of my head. Try:
> 
> $ gnunet-namestore -z myself -a -e "1 d" -p -t BOX -n gnunet -V "6 443 52 3 1 
> 1 26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"

Much better, thanks!

```
$  gnunet-gns --type ANY --lookup gnunet.myself
gnunet.myself:
Got `BOX' record: 6 443 52 3 1 1 
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
Got `LEHO' record: gnunet.org
Got `A' record: 131.159.74.67
```


But still, when I try to access `gnunet.myself`, I get a blank page
after 5-10 seconds and the same lines in the log:

```
$ 
/home/tanguy/.guix-extra-profiles/gnunet/current/lib/gnunet/libexec/gnunet-gns-proxy
 --log DEBUG
Mar 14 14:48:07-948036 gnunet-gns-proxy-1450 ERROR Download curl gnunet.org/ 
failed: SSL peer certificate or SSH remote key was not OK
Mar 14 14:48:24-877522 gnunet-gns-proxy-1450 ERROR Download curl 
gnunet.org/favicon.ico failed: SSL peer certificate or SSH remote key was not OK
```

The good thing is that you were right! Adding a BOX record was
apparently not needed!


Any thing else I can try?
In the meantime, I'll keep on reading the doc, learn some more and play
with the other components!

Regards

-- 
Tanguy



reply via email to

[Prev in Thread] Current Thread [Next in Thread]