Hi, I have pretty fresh OpenBSD-current with kcaldav-0.1.7p0 from packages installed:
$ sysctl -n kern.version OpenBSD 6.4-current (GENERIC.MP) #743: Wed Feb 20 09:57:24 MST 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP $ pkg_info -qI kcaldav kcaldav-0.1.7p0 # rcctl get httpd httpd_class=daemon httpd_flags= httpd_rtable=0 httpd_timeout=30 httpd_user=root # rcctl get slowcgi slowcgi_class=daemon slowcgi_flags= slowcgi_rtable=0 slowcgi_timeout=30 slowcgi_user=root Configutation of httpd(8) is basically copy-pasta of /etc/examples/httpd.conf with added part for kcaldav from /usr/local/share/doc/pkg-readmes/kcaldav with modified for my domain. TLS cert is generated with acme-client(1) and HTTP over port 443 works. # cat /etc/httpd.conf server "test.example.com" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://$HTTP_HOST$REQUEST_URI" } } server "test.example.com" { listen on * tls port 443 tls { certificate "/etc/ssl/test.example.com.fullchain.pem" key "/etc/ssl/private/test.example.com.key" } location "/pub/*" { directory auto index } location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location "/cgi-bin/*" { fastcgi root "/" } } I configured test user by following package readme file: # kcaldav.passwd -C -u testing23 -e r...@test.example.com -f /var/www/caldav # chown www:www /var/www/caldav/kcaldav.db # chmod 640 /var/www/caldav/kcaldav.db but when I open https://test.example.com/kcaldav/home.html and authenticate, the `Loading kCalDAV...` spinning wheel never goes away. In httpd(8) logs I see following: test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:43 +0000] "GET /kcaldav/home.html HTTP/1.1" 200 8768 test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET /kcaldav/style.css HTTP/1.1" 200 2420 test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET /kcaldav/md5.min.js HTTP/1.1" 200 5511 test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET /kcaldav/script.min.js HTTP/1.1" 200 9252 test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET /kcaldav/home.min.js HTTP/1.1" 200 3274 test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:46 +0000] "GET /cgi-bin/kcaldav.cgi/index.json HTTP/1.1" 401 0 test.example.com 109.232.27.122 - - [21/Feb/2019:14:14:44 +0000] "<UNKNOWN> " 408 0 test.example.com 109.232.27.122 - - [21/Feb/2019:14:14:44 +0000] "<UNKNOWN> " 408 0 test.example.com 109.232.27.122 - - [21/Feb/2019:14:14:46 +0000] "<UNKNOWN> " 408 0 test.example.com 109.232.27.122 - - [21/Feb/2019:14:15:13 +0000] "GET /cgi-bin/kcaldav.cgi/index.json HTTP/1.1" 505 0 So, what I see here is HTTP 505 error. If I do the same GET via curl I see this: $ curl --anyauth -u testing23 -vsSf -o - https://test.example.com/cgi-bin/kcaldav.cgi/index.json Enter host password for user 'testing23': * Expire in 0 ms for 6 (transfer 0x17acc2b3b000) ... * Expire in 5 ms for 1 (transfer 0x17acc2b3b000) * Trying XXX.XXX.XXX.132... * TCP_NODELAY set * Expire in 149992 ms for 3 (transfer 0x17acc2b3b000) * Expire in 200 ms for 4 (transfer 0x17acc2b3b000) * Connected to test.example.com (XXX.XXX.XXX.132) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=test.example.com * start date: Feb 21 13:03:57 2019 GMT * expire date: May 22 13:03:57 2019 GMT * subjectAltName: host "test.example.com" matched cert's "test.example.com" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. > GET /cgi-bin/kcaldav.cgi/index.json HTTP/1.1 > Host: test.example.com > User-Agent: curl/7.64.0 > Accept: */* > < HTTP/1.1 401 Unauthorized < Connection: keep-alive < Date: Fri, 22 Feb 2019 07:54:49 GMT < Server: OpenBSD httpd < Transfer-Encoding: chunked < WWW-Authenticate: Digest realm="kcaldav", algorithm="MD5-sess", qop="auth,auth-int", nonce="57563766437C4E73" < * Ignoring the response-body * Connection #0 to host test.example.com left intact * Issue another request to this URL: 'https://test.example.com/cgi-bin/kcaldav.cgi/index.json' * Found bundle for host test.example.com: 0x17acc1c60300 [can pipeline] * Could pipeline, but not asked to! * Re-using existing connection! (#0) with host test.example.com * Connected to test.example.com (XXX.XXX.XXX.132) port 443 (#0) * Expire in 0 ms for 6 (transfer 0x17acc2b3b000) * Server auth using Digest with user 'testing23' > GET /cgi-bin/kcaldav.cgi/index.json HTTP/1.1 > Host: test.example.com > Authorization: Digest username="testing23", realm="kcaldav", > nonce="57563766437C4E73", uri="/cgi-bin/kcaldav.cgi/index.json", > cnonce="NTA5MmU3YjNkMzQwMmFkY2I5MDQ1OGFlYzc3NTQ0MmE=", nc=00000001, qop=auth, > response="47cdd57bba933c9d2156cb08d02cdcd9", algorithm="MD5-sess" > User-Agent: curl/7.64.0 > Accept: */* > * The requested URL returned error: 505 HTTP Version Not Supported * Closing connection 0 curl: (22) The requested URL returned error: 505 HTTP Version Not Supported Does anyone else seeing the same? Am I doing something wrong here? -- Regards, Mikolaj