Hi,
I have pretty fresh OpenBSD-current with kcaldav-0.1.7p0 from packages
installed:
$ sysctl -n kern.version
OpenBSD 6.4-current (GENERIC.MP) #743: Wed Feb 20 09:57:24 MST 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
$ pkg_info -qI kcaldav
kcaldav-0.1.7p0
# rcctl get httpd
httpd_class=daemon
httpd_flags=
httpd_rtable=0
httpd_timeout=30
httpd_user=root
# rcctl get slowcgi
slowcgi_class=daemon
slowcgi_flags=
slowcgi_rtable=0
slowcgi_timeout=30
slowcgi_user=root
Configutation of httpd(8) is basically copy-pasta of
/etc/examples/httpd.conf with added part for kcaldav from
/usr/local/share/doc/pkg-readmes/kcaldav with modified
for my domain. TLS cert is generated with acme-client(1)
and HTTP over port 443 works.
# cat /etc/httpd.conf
server "test.example.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI";
}
}
server "test.example.com" {
listen on * tls port 443
tls {
certificate "/etc/ssl/test.example.com.fullchain.pem"
key "/etc/ssl/private/test.example.com.key"
}
location "/pub/*" {
directory auto index
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "/cgi-bin/*" {
fastcgi
root "/"
}
}
I configured test user by following package readme file:
# kcaldav.passwd -C -u testing23 -e r...@test.example.com -f /var/www/caldav
# chown www:www /var/www/caldav/kcaldav.db
# chmod 640 /var/www/caldav/kcaldav.db
but when I open https://test.example.com/kcaldav/home.html and
authenticate, the `Loading kCalDAV...` spinning wheel never goes away.
In httpd(8) logs I see following:
test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:43 +0000] "GET
/kcaldav/home.html HTTP/1.1" 200 8768
test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET
/kcaldav/style.css HTTP/1.1" 200 2420
test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET
/kcaldav/md5.min.js HTTP/1.1" 200 5511
test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET
/kcaldav/script.min.js HTTP/1.1" 200 9252
test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:44 +0000] "GET
/kcaldav/home.min.js HTTP/1.1" 200 3274
test.example.com 109.232.27.122 - - [21/Feb/2019:14:13:46 +0000] "GET
/cgi-bin/kcaldav.cgi/index.json HTTP/1.1" 401 0
test.example.com 109.232.27.122 - - [21/Feb/2019:14:14:44 +0000] "<UNKNOWN> "
408 0
test.example.com 109.232.27.122 - - [21/Feb/2019:14:14:44 +0000] "<UNKNOWN> "
408 0
test.example.com 109.232.27.122 - - [21/Feb/2019:14:14:46 +0000] "<UNKNOWN> "
408 0
test.example.com 109.232.27.122 - - [21/Feb/2019:14:15:13 +0000] "GET
/cgi-bin/kcaldav.cgi/index.json HTTP/1.1" 505 0
So, what I see here is HTTP 505 error. If I do the same GET via curl I
see this:
$ curl --anyauth -u testing23 -vsSf -o -
https://test.example.com/cgi-bin/kcaldav.cgi/index.json
Enter host password for user 'testing23':
* Expire in 0 ms for 6 (transfer 0x17acc2b3b000)
...
* Expire in 5 ms for 1 (transfer 0x17acc2b3b000)
* Trying XXX.XXX.XXX.132...
* TCP_NODELAY set
* Expire in 149992 ms for 3 (transfer 0x17acc2b3b000)
* Expire in 200 ms for 4 (transfer 0x17acc2b3b000)
* Connected to test.example.com (XXX.XXX.XXX.132) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=test.example.com
* start date: Feb 21 13:03:57 2019 GMT
* expire date: May 22 13:03:57 2019 GMT
* subjectAltName: host "test.example.com" matched cert's "test.example.com"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET /cgi-bin/kcaldav.cgi/index.json HTTP/1.1
> Host: test.example.com
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Connection: keep-alive
< Date: Fri, 22 Feb 2019 07:54:49 GMT
< Server: OpenBSD httpd
< Transfer-Encoding: chunked
< WWW-Authenticate: Digest realm="kcaldav", algorithm="MD5-sess",
qop="auth,auth-int", nonce="57563766437C4E73"
<
* Ignoring the response-body
* Connection #0 to host test.example.com left intact
* Issue another request to this URL:
'https://test.example.com/cgi-bin/kcaldav.cgi/index.json'
* Found bundle for host test.example.com: 0x17acc1c60300 [can pipeline]
* Could pipeline, but not asked to!
* Re-using existing connection! (#0) with host test.example.com
* Connected to test.example.com (XXX.XXX.XXX.132) port 443 (#0)
* Expire in 0 ms for 6 (transfer 0x17acc2b3b000)
* Server auth using Digest with user 'testing23'
> GET /cgi-bin/kcaldav.cgi/index.json HTTP/1.1
> Host: test.example.com
> Authorization: Digest username="testing23", realm="kcaldav",
> nonce="57563766437C4E73", uri="/cgi-bin/kcaldav.cgi/index.json",
> cnonce="NTA5MmU3YjNkMzQwMmFkY2I5MDQ1OGFlYzc3NTQ0MmE=", nc=00000001, qop=auth,
> response="47cdd57bba933c9d2156cb08d02cdcd9", algorithm="MD5-sess"
> User-Agent: curl/7.64.0
> Accept: */*
>
* The requested URL returned error: 505 HTTP Version Not Supported
* Closing connection 0
curl: (22) The requested URL returned error: 505 HTTP Version Not Supported
Does anyone else seeing the same? Am I doing something wrong here?
--
Regards,
Mikolaj
