Re: did 70-006_x509 break ikectl ca ?
Hi Tobias, I kicked out the whole PKI including keys and self-signed certificate and tried again. The new keys and certificates work, but looking at the signatures, expiration dates, access rights and all the other usual suspects the old chain should have worked, too. Its still unresolved and it might come back. Regards Harri On 2021-12-13 20:28:11, Tobias Heider wrote: On Sun, Dec 12, 2021 at 10:01:20PM +0100, Harald Dunkel wrote: Hi folks, since syspatch 70-006_x509 and a reboot IKEv2 between 2 OpenBSD clusters (2 hosts on each end, carp interface, passive by default, managed via sasyncd) appears to be broken. /var/log/messages says Dec 12 21:40:28 gate5a iked[57676]: spi=0x5a7c2732b4b355e6: ikev2_dispatch_cert: peer certificate is invalid certificates have been generated using ikectl ca. How comes? I haven't changed the ca or the ike configuration since 6.8. Unfortunately rolling back the syspatch or issuing new certificates did not help. I am stuck and desperate. Every helpful comment is highly appreciated. Harri Hi Harald, i haven't heard of any problems with the syspatch you mention and I didn't manage to reproduce your problem on my 7.0 machine. From your description I'm assuming all four machines are running syspatched 7.0. Some ideas: - to verify that this is a libcrypto problem, try 'openssl verify -CAfile /path/to/ca /path/to/cert' and see if still fails. - You are saying newly generated certs don't work. Did you modify '/etc/ssl/ikeca.cnf'? If yes, see if it works with the original config. - This is just a guess, but there were a several changes in recent libcrypto versions that made the certificate parsing stricter. Does your cert maybe have multiple extensions of the same type (e.g. multiple subjectAltNames)? This is all I can say without seeing the actual certificates and/or iked log. - Tobias -- Dipl.-Ing. Harald Dunkel | Muehlenbachstr. 3| keep it simple 52134 Herzogenrath, Germany | +49 2407 565 105 |
Re: SPDIF not working with azalia(4) based card
I have that sound system connected to my TV now, but sure enough connecting it back to my desktop through spdif and running with sndiod -c0:3 fixed it! thanks for your finding! better late than never :) On 15:57 Wed 15 Dec , Edd Barrett wrote: > On Tue, Apr 10, 2018 at 07:28:03AM +0100, Ricardo Mestre wrote: > > I have an azalia(4) based card integrated in my motherboard connected to a > > receiver through SPDIF, but I can't make it output any sound, only if I > > connect > > the cable to the 3.5mm headphone jack. And yes, I already toggled the > > outputs.mode to digital through mixerctl(1). When I play something > > audioctl(1) > > shows bytes going through and the receiver blinks, which means something is > > getting there, the sound is just not being output through SPDIF. > > I'm digging up this old thread because I've just solved this very issue on my > own desktop. > > If it's the same issue as mine, the SPDIF output sends to channels 2 and 3, > but > by default sndiod will only use channels 0 and 1. > > Adding `-c0:3` to my sndiod flags made it work! > > (as already mentioned, you have to also set outputs.mode=digital in mixerctl > too) > > Credit where due, I found this solution here: > http://daemonforums.org/showthread.php?t=10953#post66355 > > -- > Best Regards > Edd Barrett > > https://www.theunixzoo.co.uk
Re: SPDIF not working with azalia(4) based card
On Tue, Apr 10, 2018 at 07:28:03AM +0100, Ricardo Mestre wrote: > I have an azalia(4) based card integrated in my motherboard connected to a > receiver through SPDIF, but I can't make it output any sound, only if I > connect > the cable to the 3.5mm headphone jack. And yes, I already toggled the > outputs.mode to digital through mixerctl(1). When I play something audioctl(1) > shows bytes going through and the receiver blinks, which means something is > getting there, the sound is just not being output through SPDIF. I'm digging up this old thread because I've just solved this very issue on my own desktop. If it's the same issue as mine, the SPDIF output sends to channels 2 and 3, but by default sndiod will only use channels 0 and 1. Adding `-c0:3` to my sndiod flags made it work! (as already mentioned, you have to also set outputs.mode=digital in mixerctl too) Credit where due, I found this solution here: http://daemonforums.org/showthread.php?t=10953#post66355 -- Best Regards Edd Barrett https://www.theunixzoo.co.uk