Re: whats wrong with me?

2015-12-01 Thread Krzysztof Strzeszewski
Sorry, I'm beginner. I konow, my message was not logical.


uname -a:
#
OpenBSD hostname 5.8 GENERIC#0 i386
#


virtual server in httpd.conf:
#
server "hostname" {
listen on * port 80
listen on * tls port 443
log { access "access.log", error "error.log" }
tls { certificate "/etc/ssl/server.crt" key 
"/etc/ssl/private/server.key" }
root "/htdocs/hostname"
}
#


port 80 end 443 is open:
# netstat -a |grep http
#
tcp 0   0   localhost.https *.* LISTEN
tcp 0   0   *.https *.* LISTEN
#


in firefox:
#
Secure Connection Falied

An error occurred during a connection to my_domain. Cannot communicate
securely whih peer: no common encryption algorithm(s). (Error code:
ssl_error_no_cypher_overlap)
#


in log from httpd:
#
httpd: could not parse macro definition SSL
httpd[21336]: server_tls_init: failed to configure TLS - failed to read
private key: Operation not supported by device
#




Krzysztof Strzeszewski



On 30.11.2015 22:31, Alexander Salmin wrote:
> On 2015-11-30 20:52, Krzysztof Strzeszewski wrote:
>> Hi,
>> whats wrong?:
>>
>> httpd: could not parse macro definition SSL
>> httpd[21336]: server_tls_init: failed to configure TLS - failed to read
>> private key: Operation not supported by device
>>
>>
>> Krzysztof Strzeszewski
> Hey Krzysztof,
> 
> Two reasons why you did not receive much feedback on this.
> - You did not supply OpenBSD version (uname -a) so we can't replicate
> with same version.
> - You did not provide httpd.conf(8) so we can't replicate your exact setup.
> 
> A key to good free online OpenBSD support is to; "Always provide as much
> information as possible. Try to pin-point the exact problem. Give clear
> instructions on how to reproduce the problem. Try to describe the
> problem with as much accuracy and non-confusing terminology as possible,
> especially if it is not easy to reproduce." //
> http://www.openbsd.org/report.html
> 
> Continue to fail this and the world will just lead to sadness and despair.
> 
> Alexander



Re: whats wrong with me?

2015-12-01 Thread Alexander Salmin

On 2015-12-01 21:51, Krzysztof Strzeszewski wrote:

Sorry, I'm beginner. I konow, my message was not logical.


uname -a:
#
OpenBSD hostname 5.8 GENERIC#0 i386
#


virtual server in httpd.conf:
#
server "hostname" {
listen on * port 80
listen on * tls port 443
log { access "access.log", error "error.log" }
tls { certificate "/etc/ssl/server.crt" key 
"/etc/ssl/private/server.key" }
root "/htdocs/hostname"
}
#


port 80 end 443 is open:
# netstat -a |grep http
#
tcp 0   0   localhost.https *.* LISTEN
tcp 0   0   *.https *.* LISTEN
#


in firefox:
#
Secure Connection Falied

An error occurred during a connection to my_domain. Cannot communicate
securely whih peer: no common encryption algorithm(s). (Error code:
ssl_error_no_cypher_overlap)
#


in log from httpd:
#
httpd: could not parse macro definition SSL
httpd[21336]: server_tls_init: failed to configure TLS - failed to read
private key: Operation not supported by device
#


Check the following;

1) Does private key match certificate? Verify this like so
(should result in two exact same sha512 strings);
# openssl x509 -noout -modulus -in server.pem | openssl sha512
# openssl rsa -noout -modulus -in server.key | openssl sha512

2) Is httpd allowed to read key file?
# ls -lhart /etc/ssl/server.crt
# ls -lhart /etc/ssl/private/server.key

3) Check with browser random x on random other operating system y.



Re: whats wrong with me?

2015-11-30 Thread Alexander Salmin

On 2015-11-30 20:52, Krzysztof Strzeszewski wrote:

Hi,
whats wrong?:

httpd: could not parse macro definition SSL
httpd[21336]: server_tls_init: failed to configure TLS - failed to read
private key: Operation not supported by device


Krzysztof Strzeszewski

Hey Krzysztof,

Two reasons why you did not receive much feedback on this.
- You did not supply OpenBSD version (uname -a) so we can't replicate 
with same version.

- You did not provide httpd.conf(8) so we can't replicate your exact setup.

A key to good free online OpenBSD support is to; "Always provide as much 
information as possible. Try to pin-point the exact problem. Give clear 
instructions on how to reproduce the problem. Try to describe the 
problem with as much accuracy and non-confusing terminology as possible, 
especially if it is not easy to reproduce." // 
http://www.openbsd.org/report.html


Continue to fail this and the world will just lead to sadness and despair.

Alexander



Re: whats wrong with me?

2015-11-30 Thread Michel Behr
Krzysztof, dmesg output could also be helpful for people trying to help you
out.

Interesting how this applies to so many other contexts in our lives -
especially in business and overall management related matters: "Always
provide as much information as possible. Try to pin-point the exact
problem. (...) Try to describe the problem with as much accuracy and
non-confusing terminology as possible, especially if it is not easy to
reproduce."
Many problems become harder because we can't describe them precisely,
and usually because we don't understand how things work or should work in
the first place.
Worst than that: we don't know how "problem solving" works! (and that's
critically important in a group effort like the openbsd project, right?).
The poor soul's understanding is that providing an error message is enough,
without being considerate or aware of the challenges this imposes to the
very people that are willing to help him (which sometimes go as far as to
aggressively provide clear evidences of his ignorance!) - not in this case,
let me be clear!

yes, let's try to describe our problems precisely, and provide more
Information to help our helpers...

Btw (just an idea), maybe there could be a script to save last error
messages, run uname -a save its output, + any other frequently useful info
(dmesg? a sanitized copy of traceroute output?)... I know sendbug(1) does
something along those lines, but I wonder if it would be feasible to do
something similar for "support requests"...?

One of the challenges is that it's hard to separate the demand for OpenBSD
specific knowledge and the lack of understanding over "universal computer
science concepts" like network protocols for example...? And the
correspondent triage of all this in an effective and efficient way.

Anyway, sorry for the ranting, just some thoughts... ("Well, why don't YOU
go there and code this suggested tool, and send us the diff?! Easy to just
give ideas, huh?!") :-) take it easy guys, just ideas...

On Monday, 30 November 2015, Alexander Salmin  wrote:

> On 2015-11-30 20:52, Krzysztof Strzeszewski wrote:
>
>> Hi,
>> whats wrong?:
>>
>> httpd: could not parse macro definition SSL
>> httpd[21336]: server_tls_init: failed to configure TLS - failed to read
>> private key: Operation not supported by device
>>
>>
>> Krzysztof Strzeszewski
>>
> Hey Krzysztof,
>
> Two reasons why you did not receive much feedback on this.
> - You did not supply OpenBSD version (uname -a) so we can't replicate with
> same version.
> - You did not provide httpd.conf(8) so we can't replicate your exact setup.
>
> A key to good free online OpenBSD support is to; "Always provide as much
> information as possible. Try to pin-point the exact problem. Give clear
> instructions on how to reproduce the problem. Try to describe the problem
> with as much accuracy and non-confusing terminology as possible, especially
> if it is not easy to reproduce." // http://www.openbsd.org/report.html
>
> Continue to fail this and the world will just lead to sadness and despair.
>
> Alexander