Re: libressl on OpenBSD7.3 - x509_extensions crlDistributionPoints being ignored

> On Sep 26, 2023, at 11:33 PM, stephane Tranchemer wrote: > >>> >>> Another trouble I found, maybe it's my conf again(?) is that I am unable to >>> use a section to call out to define common options for x509extensions. >>> Example, this does not work: >>> >>> [ ca ] default_ca = Domain-CA

Re: OpenBSD website down

On Tue, Jan 12, 2021 at 05:56:28PM +0100, Florian Obser wrote: > On Tue, Jan 12, 2021 at 09:52:03AM -0700, Bob Beck wrote: > > > > > > > > On Tue, Jan 12, 2021 at 05:47:36PM +0100, Florian Obser wrote: > > > On Tue, Jan 12, 2021 at 09:40:51AM -0700, Bob Beck

Re: OpenBSD website down

On Tue, Jan 12, 2021 at 05:47:36PM +0100, Florian Obser wrote: > On Tue, Jan 12, 2021 at 09:40:51AM -0700, Bob Beck wrote: > > > > On Tue, Jan 12, 2021 at 04:45:32PM +0100, Solene Rapenne wrote: > > > Hello, > > > > > > it seems www.openbsd.org i

Re: OpenBSD website down

y hour to restart it if it dies feels like the garbage I have to do on linux. > > Bob Beck wrote: > > > > > > > On Tue, Jan 12, 2021 at 04:45:32PM +0100, Solene Rapenne wrote: > > > Hello, > > > > > > it seems www.openbsd.

Re: OpenBSD website down

On Tue, Jan 12, 2021 at 04:45:32PM +0100, Solene Rapenne wrote: > Hello, > > it seems www.openbsd.org is down since 14h46 UTC > If I remember correctly you are the right person to tell about it. > > Regards > Sol??ne Yes, It appears that httpd ran low on file descriptors, and decided to fix

Re: openssl smime and openssl cms unexpected behavior

On Fri, Dec 04, 2020 at 01:54:53PM +, Stuart Henderson wrote: > On 2020/12/04 12:21, avv. Nicola Dell'Uomo wrote: > > Hi, > > > > when I try to verify an email in 6.8 GENERIC.MP#206 amd64, I get the > > following error: > > > > openssl smime -verify -in /path/to/file.eml > > Verification

Re: CApath issue using openssl and apache

Hi Julien, This is a known issue with 6.8 that is fixed in current. On Mon, Nov 23, 2020 at 03:57:52PM +0100, Julien Robert wrote: > Hello, > > I'm working to upgrade apache reverse proxy server running in OpenBSD 6.5 > to latest version 6.8 doing from scratch install. > But in the 6.8 ,

Re: DRM update randomly and temporarily locks up x250 with Firefox

> > FWIW, I have an x1 gen3 wich is essentially the same hardware. I see > no such issues, but I mostly run chrome and I do have 8G of memory. > > To me this sounds like you are running out of memory. The DRM code is > supposed to give up any spare graphics buffers when asked to do so by >

www.openbsd.org kernel hang, May 2 kernel.

May 2 kernel. This may have since been fixed, and I will be sysupgrading. Just recording here in case it hasn't been. lots of stuff in fltamapcopy when I broke into ddb ddb{0}> ps PID TID PPIDUID S FLAGS WAIT COMMAND 32360 384138 87480 0 20x100010

Re: lockspool getting killed by pledge on OpenBSD 6.7

On Mon, May 25, 2020 at 04:15:24PM -0600, Todd C. Miller wrote: > On Mon, 25 May 2020 16:04:25 -0600, Bob Beck wrote: > > > getlock()'s behaviour changes in the case of a writeable mail spool. if we > > want to keep supporting this, I we can modify the pledge as follows:

Re: lockspool getting killed by pledge on OpenBSD 6.7

On Mon, May 25, 2020 at 04:05:47PM -0600, Theo de Raadt wrote: > > + if (pledge("id flock stdio rpath wpath getpw cpath fattr", NULL) == > > -1) > > Please wait for other pledge people to respond. > > But re-order. Add the new things to the end. > Ack

Re: lockspool getting killed by pledge on OpenBSD 6.7

On Mon, May 25, 2020 at 11:07:12PM +0200, Dawid Czelu??niak wrote: > After changing permissions of /var/mail directory to 755: > > $ chmod 755 /var/mail > > everything is fine and seteuid(2) is not called: > 92121 lockspool NAMI "/var/mail/root.lock" > 92121 lockspool RET unlink 0 > 92121

Re: obsd v6.6-stable: Kernel crash

Rupert, please go away. You are not useful, and you're being an asshole. You belong in a different community. Please go rant somewhere else about how horrible we are, and stop abusing our volunteer developers with your abuse. -Bob On Tue, May 05, 2020 at 08:09:44AM +, Rupert

Re: CA certificate number differs in OpenBSD 6.6

On Tue, Apr 14, 2020 at 11:18:04AM +0100, Helmut Kiessling BT wrote: > Hi, > > > > I have a strange CA certificate (GoDaddy) serial number issue after upgraded > one of our servers into OpenBSD 6.6 see below: > > > > In OpenBSD 6.4 serial number is: > > > > # openssl version > >

Re: OpenSMTPD ssl certificate verification fails on wildcard certs

On Fri, Apr 10, 2020 at 02:41:22PM -0400, David Goerger wrote: > Friday, 20200410 12:04-0600, Bob Beck wrote: > > > > So doing a little digging: > > > > obtuse1# dig hostedmail.com mx > > ; <<>> dig 9.10.8-P1 <<>> hostedmail.com mx > &

Re: OpenSMTPD ssl certificate verification fails on wildcard certs

get that debug line tho :) Cheers -Bob On Fri, Apr 10, 2020 at 01:01:16PM -0400, David Goerger wrote: > Friday, 20200410 10:48-0600, Bob Beck wrote: > > > > What makes you believe your certificate failure is due to the wildcard > > DNSname > > and not d

Re: OpenSMTPD ssl certificate verification fails on wildcard certs

I found another place to connect to it from and dumped the cert. On Fri, Apr 10, 2020 at 10:50:11AM -0600, Theo de Raadt wrote: > David, you should put an unfiltered reproducer on the internet. > > > I can't connect to that host from where I am, obviously it does some > > sort of port 25

Re: OpenSMTPD ssl certificate verification fails on wildcard certs

What makes you believe your certificate failure is due to the wildcard DNSname and not due to some other reason (like the certificate not being trusted, or failing a critical extension, etc.) A quick scan of the wildcard matching code in smtpd looks correct to me, but it won't get in there if

Re: -current 100% CPU, softdep related

makes sense to me and has my ok. could we see if bluhm@ can be sure this still works with his workload? On Tue, Mar 3, 2020 at 08:43 Todd C. Miller wrote: > Here is a minimal fix that only addresses the tight CPU loop in > softdep_process_worklist(). It will exit the loop if we cannot >

Re: readlink -f / Bug|Glitch|Feature

On Thu, Nov 21, 2019 at 3:53 AM Raimo Niskanen wrote: > > On OpenBSD 6.6 amd64 patch 006, i get peculiar results from readlink(1) > with arguments -f with a symlink to / > > $ readlink -f / > / > > $ ln -s / test; readlink -f test; rm test > readlink: test: Is a directory > > $ readlink -f /. > /

Re: readlink -f / Bug|Glitch|Feature

On Thu, Nov 21, 2019 at 10:28 AM Todd C. Miller wrote: > > On Thu, 21 Nov 2019 11:52:53 +0100, Raimo Niskanen wrote: > > > On OpenBSD 6.6 amd64 patch 006, i get peculiar results from readlink(1) > > with arguments -f with a symlink to / > > > > $ readlink -f / > > / > > > > $ ln -s / test;

Re: openat(2) after unveil(2) bug

> Benjamin Baier wrote: > > > using openat(2) after unveil(2) seems to misbehave. > > Isolated test case below. I expect the code to succesfully end with > > exit code 0 but it fails with exit code 6. > > > > Greetings Ben > > > > > > #include > > #include > > #include > > #include > >

Re: unveil(2): new corner case: failure on using a directory if not already exists

We should clarify the man page. trying to think about wording. On Sat, Jun 8, 2019 at 01:10 Theo de Raadt wrote: > > solene@ reported on ports an error with unveil(2) on creating > > subdirectories on previously not existent directory, for a port she > > tried to unveiled. > > Step back for a

Re: libssl problem : "invalid digest length" when connecting to outlook.office365.com:993

On Tue, Nov 13, 2018 at 7:11 AM Stuart Henderson wrote: > > On 2018/11/13 14:41, Sebastien Marie wrote: > > On Tue, Nov 13, 2018 at 11:28:23AM +, Stuart Henderson wrote: > > > On 2018/11/13 09:37, Sebastien Marie wrote: > > > > Hi, > > > > > > > > Moving the thread to bugs@ has it seems to be

Re: libssl problem : "invalid digest length" when connecting to outlook.office365.com:993

This is fixed, I had the wrong hash NID in the legacy sigalgs. Interesting fact: when the client sends sigalgs in order of preference, mircosoft processes all of them for every cipher type, and therefore chooses the weakest ;) On Tue, Nov 13, 2018 at 4:28 AM Stuart Henderson wrote: > > On

Re: Easily reproducible kernel panic on reboot with 2018-09-14 snapshot (amd64)

> supported OpenBSD configuration. Please do not email misc@ asking > > > for > > > help. If you have a question or a bug to report, please post to the > > > mailing list, submit an issue on GitLab, or email me directly." > > > > > > Please reproduce the

Re: Easily reproducible kernel panic on reboot with 2018-09-14 snapshot (amd64)

Please give me some details of your setup to reproduce this. (since I don't use "resflash") On Sat, Sep 15, 2018 at 12:35 PM Jarkko Oranen wrote: > > As the summary says, this is rather easy to reproduce. > > I use resflash to build myself router images based on OpenBSD. Today I > built an

Re: Double fee when using openssl ocsp

I'm replying on behalf of Philip, who is email challenged a the momemet.. "Yeah, combining -url with any of -host, -port, or -path should simply be an error, as -url specifies all three of them (plus http vs https). What's happening is that with -url we have to parse the argument into

Re: ASN1_GENERALIZEDTIME_print: vfprintf %s NULL

yeah, do it that way On Mon, Apr 3, 2017 at 7:00 AM, Joel Sing wrote: > On Monday 03 April 2017 11:37:19 Stuart Henderson wrote: > > On 2017/04/03 11:19, Stuart Henderson wrote: > > > That format string doesn't show up in nginx at all. But it is in > > >

Re: libressl ocsp aborts with a passphrase in the rkey file

just committed the fix. On Fri, Jan 20, 2017 at 1:10 AM, Bob Beck <b...@openbsd.org> wrote: > This will certainly be because it's not tty pledged, and it will ask for > the password for his private key > > > On Fri, Jan 20, 2017 at 12:51 AM, Sebastien Marie <se

Re: libressl ocsp aborts with a passphrase in the rkey file

This will certainly be because it's not tty pledged, and it will ask for the password for his private key On Fri, Jan 20, 2017 at 12:51 AM, Sebastien Marie wrote: > On Fri, Jan 20, 2017 at 12:45:10AM +0100, Xavier Sanchez wrote: > > >Synopsis: libressl aborted when

Re: 014: SECURITY FIX: December 9, 2014

Indeed. Understand that patches are signed using an offline key. It does not speak to the internet. We are not invoking a manual process to change a minor typo, and have even one person lose any sleep over repatching systems because the patch signature changed. While I realize it may offend you

Re: online changing partition id with fdisk causes kernel panic

On Fri, Jun 20, 2014 at 08:27:55AM -0400, Jiri B wrote: I changed partition id from A6 to NTFS of running OpenBSD 5.5 (16.-18.6. amd64 snapshot) and after a while OS freezed. I think doing that is unadvised. Right up there with rm -rf / dd if=/dev/zero of=/dev/rsd0c picture of OpenBSD machine

Re: Issues with spamd (/var/db/spamd corruption)

Sounds like whatever you fed it from (not knowing what you are using to jam stuff in there) had some sort of issues. File's corrupt, you can dump it out textually with spamdb and re-create it, or blow it away and start over. On Mon, Jun 9, 2014 at 7:17 AM, Kamil Andrusz w...@mniam.net wrote:

Re: Download releases via Torrent

Really, if the project is not operating them I don't think we should be sanctioning any sort of third party site, or somehow adding some sort of legitimacy to it by suggesting people go there, or cranking up the page rank of some torrent site by linking it. We link the stuff the project sanctions

Re: Download releases via Torrent

On Thu, May 1, 2014 at 1:16 PM, Stuart Henderson st...@openbsd.org wrote: london 440Mbit/sec Stuart.. Allow me to express this thought in the kindest way possible.. I hate you.. you bastard... :)

Re: spamd traps mail to postmaster@[i.p.a.dress] when ip is not listed in spamd.alloweddomains. RFC 1123/2142/2821 violation

If a users wants this they are free to add the IP address to alloweddomains, Most users have absolutely no desire to accept mail directed to an IP address, so I don't believe this is a serious issue, other an allowing in spam addressed to the ip address. Users of the alloweddomains file want

Re: Please remove CAcert.org certificate from rootcerts

Geoffrey, I have security concerns about every CA in the list, not just CACert. That notwithstanding, CACert has not proven to be less crap than any of the others that have, IMO, plenty of issues of their own. I don't buy the argument that a non-profit CA hasn't signed up and paid for

X server segfault using IntelDRM - Lenovo x200 - *AFTER* rebooting from windows

OK, I've used this machine constantly without issues from the X server. I recently rebooted *after* having booted windows (which I don't do that often on this machine) and the X server segfaulted. Attached is the relevant bits. [demime 1.01d removed an attachment of type application/octet-stream

Re: Why I chose FreeBSD

This conversation is not appropriate for bugs@.. All of you who know better, stop feeding the fucking trolls. On Wed, Apr 24, 2013 at 1:02 AM, Jorge Armendariz tedeumjo...@lavabit.com wrote: On 04/23/2013 08:06 PM, Ted Unangst wrote: On Tue, Apr 23, 2013 at 19:02, Jorge Armendariz wrote: It

Re: uvm_fault(0xfffffe801a9eaa98, 0x0, 0, 2) - e

I can see it fine. null pointer deref in cpu_switchto during a sys_select. tmux appears to be on the cpu in the ps listing. On Sat, Dec 29, 2012 at 8:44 PM, Juan Francisco Cantero Hurtado i...@juanfra.info wrote: On Sun, Dec 30, 2012 at 03:50:42AM +0100, Mike Belopuhov wrote: On 29

Re: broken link - http://www.openbsd.org/faq/anoncvs.html link broken, referenced from http://www.openbsd.org/faq//faq5.html#BldGetSrc

I bet you're using chrome. This appears to be a bug in chrome - it is not parsing the relative url ../anoncvs.html correctly. If you look at in firefox it works just fine. On Sun, Nov 18, 2012 at 4:03 PM, Luke Duguid luke.dug...@gmail.com wrote: * http://www.openbsd.org/faq/anoncvs.html link

Re: broken link - http://www.openbsd.org/faq/anoncvs.html link broken, referenced from http://www.openbsd.org/faq//faq5.html#BldGetSrc

Aha nope, it's the double slashes - that breaks the relative URL stuff. it's not chrome. On Mon, Nov 19, 2012 at 4:50 AM, Bob Beck b...@obtuse.com wrote: I bet you're using chrome. This appears to be a bug in chrome - it is not parsing the relative url ../anoncvs.html correctly. If you look

Re: ntpd fails to adjust very large deltas

On Tue, Sep 18, 2012 at 8:12 AM, Christian Weisgerber na...@mips.inka.de wrote: Otto Moerbeek o...@drijf.net wrote: ntpd is never going to be able to correct these large offets within reasonable time. It was designed to adjust clocks that have offsets of a couple of minutes. Seeing the

Re: Cannot open whatis database for `OpenBSD Current'

This seems to be a side effect of /usr/share/man/whatis.db dissapearing from base in snaps. I'll check with ingo and see what we want to do about that. On 12 January 2012 07:26, Alexey Suslikov alexey.susli...@gmail.com wrote: hello bugs@ http://www.openbsd.org/cgi-bin/man.cgi says Cannot open

Re: [OpenBSD-5.0-amd64] Panic: non dma-reachable buffer

Please get a full traceback for us. Without that your report is fascinating, but we probably can't find the bug. On 24 November 2011 15:53, Olivier Burelli oliv...@burelli.fr wrote: hello, sorry for my bad english. after 3 upgrade succesfull i decided a fresh install for OpenBSD-5.0 on my

Re: DDB OUTPUT

On 23 February 2011 20:52, Philip Guenther guent...@sendmail.com wrote: On Feb 23, 2011, at 6:27 PM, Silvio Bandeira silviobande...@gmail.com wrote: so how to include those outputs when bug reporting? I used to use a pen and paper, copying down the output, and then typing it in. Cheap cell

Re: user/6467: spamd(8) sometimes keeps TRAPPED entries in pf spamd-white

Though I do wonder if the spamlogd received to whitelist should be seperated from the sent to/manual whitelist and the blacklist (spamd.conf) should override the received to whitelist in case an update to the blacklist comes in after an auto whitelist. Or alternatively with this change, if