Just in case someone don't know, there's a non root-required client
for Let's Encrypt:
https://github.com/diafygi/letsencrypt-nosudo
There's some perl scripts too, so you don't have to download python.
Also, after you generate and sign the certificate, you don't have
to keep the script.
While checking proot, it would be probably good to have an
option for ldconfig to work with specified root directory
like it is the case for linux ldconfig. So it would scan and
save hints file under specified "root" dir.
j.
> I dislike the idea.
>
> For one, it does not stop a MITM by itself.
>
> In addition, enforced encryption makes it hard to cache and/or use
> proper http proxies with the site.
>
> Purely informative sites don't need TLS. The user can opt to use TLS
> if he thinks the content he needs to read i
- Original Message -
> (By the way, httpd(8) doesn't support SNI yet--what do you use a web
> server? I found that apache2's chroot and https combo didn't pass the
> "can I set this up in less than five minutes" sniff test--I ended up
> using nginx.)
OpenBSD httpd :)
If you need to serve
Hi Kristaps,
Kristaps Dzonsons wrote on Tue, May 10, 2016 at 11:37:42AM +0200:
> (1) download ... couldn't find ... didn't require bash
> (2) aforementioned script in a cronjob
> (2b) user to have access to
> (3) doas rule
> (4) doas rule
> (5) [another?] script from a cronjob
You must be joking
>> (By the way, httpd(8) doesn't support SNI yet--what do you use a
>> web server? I found that apache2's chroot and https combo didn't
>> pass the "can I set this up in less than five minutes" sniff
>> test--I ended up using nginx.)
>
> OpenBSD httpd :) If you need to serve more than one website
On 2016-05-10, Ingo Schwarze wrote:
> Hi Kristaps,
>
> Kristaps Dzonsons wrote on Tue, May 10, 2016 at 11:37:42AM +0200:
>
>> (1) download ... couldn't find ... didn't require bash
>> (2) aforementioned script in a cronjob
>> (2b) user to have access to
>> (3) doas rule
>> (4) doas rule
>> (5) [an
On 2016-05-10, arrowscr...@mail.com wrote:
> Just in case someone don't know, there's a non root-required client
> for Let's Encrypt:
> https://github.com/diafygi/letsencrypt-nosudo
The original Python client doesn't need root either, just setup
permissions appropriately. (btw, that client is mov
Hi,
I am trying to create an IPSEC tunnel between an OpenBSD 5.8 and VMWare's
vcloud air cloud platform.
The options that I can set from the vmware side (they provide a GUI) are
specific and they are the following:
-Local networks
-Remote networks
-Peer
-Pre shared key
-Encryption (3DES)
On the
On Tue, 10 May 2016, Ingo Schwarze wrote:
> Hi Kristaps,
>
> Kristaps Dzonsons wrote on Tue, May 10, 2016 at 11:37:42AM +0200:
>
>> (1) download ... couldn't find ... didn't require bash
>> (2) aforementioned script in a cronjob
>> (2b) user to have access to
>> (3) doas rule
>> (4) doas rule
>> (
Em maio 9, 2016 18:39 Theo de Raadt escreveu:
Giancarlo Razzolini wrote:
> It is really nice to finally see TLS on openbsd.org. How about
redirecting
> http to https?
I dislike the idea.
Let me be more clear, both of you.
Those decisions will made by the people (Bob et all) who maintain th
Em maio 10, 2016 1:29 Bob Beck escreveu:
And statements like this - and people that think this is a good idea,
are why I spoof DNS answers in bars and coffee shops, and why I don't
read misc@. This is never a good idea, unless you want the
connections intercepted and MITM'ed.
I don't see the
On Tue, 10 May 2016, Giancarlo Razzolini wrote:
> Until every UA is changed to first try TLS and *only then* fall back
> to clear text http, this kind of measure has its uses.
This is of limited usefulness.
All you need to do (as a mitm) is to block the connection on port 443,
client will now au
Em maio 10, 2016 9:07 Kamil Cholewiński escreveu:
On Tue, 10 May 2016, Giancarlo Razzolini wrote:
This is of limited usefulness.
All you need to do (as a mitm) is to block the connection on port 443,
client will now automagically fall back to using 80 and plain text...
It's even easier than fi
On Tue, May 10, 2016 at 05:23:07AM -0400, Jiri B wrote:
> While checking proot, it would be probably good to have an
> option for ldconfig to work with specified root directory
> like it is the case for linux ldconfig. So it would scan and
> save hints file under specified "root" dir.
What would t
> It's still relatively young and the clients are improving.
I actually don't think they are improving.
I don't see any with priviledge seperation, nor any which could
plausibly be pledged.
2016-05-10 01:20 に Jeremie Courreges-Anglas さんは書きました:
m...@pmars.jp writes:
Hi,
Thanks a lot for all the really nice job you re doing here.
I'm trying to install Claws-mail without Dbus but that seems not
possible.
The ports tree tries to provide packages usable by most. What if
another use
I started using the wonderfull malloc.conf,
setting it to CFGJPRSU. This works on amd64 and macppc and i386,
but on a freshly upgraded current/armv7 (a BeagleBone Black),
some programs report
malloc() warning: unknown char in MALLOC_OPTIONS
Each of the flags is documented in the malloc.co
On Tue, May 10, 2016 at 11:39:44AM +, Giancarlo Razzolini wrote:
> Em maio 10, 2016 1:29 Bob Beck escreveu:
> >
> > And statements like this - and people that think this is a good idea,
> > are why I spoof DNS answers in bars and coffee shops, and why I don't
> > read misc@. This is never a g
To report back.
After waiting a day for packages to be in association with snapshot,
it all installed fine.
Thanks all, who helped me to understand an issue.
Zoran
hans schreef op 10 mei 2016 17:12:23 CEST:
>I started using the wonderfull malloc.conf,
>setting it to CFGJPRSU. This works on amd64 and macppc and i386,
>but on a freshly upgraded current/armv7 (a BeagleBone Black),
>some programs report
>
> malloc() warning: unknown char in MALLOC_OPTIONS
On May 10 18:02:12, o...@drijf.net wrote:
> hans schreef op 10 mei 2016 17:12:23 CEST:
> >I started using the wonderfull malloc.conf,
> >setting it to CFGJPRSU. This works on amd64 and macppc and i386,
> >but on a freshly upgraded current/armv7 (a BeagleBone Black),
> >some programs report
> >
> >
hans wrote:
> On May 10 18:02:12, o...@drijf.net wrote:
> > hans schreef op 10 mei 2016 17:12:23 CEST:
> > >I started using the wonderfull malloc.conf,
> > >setting it to CFGJPRSU. This works on amd64 and macppc and i386,
> > >but on a freshly upgraded current/armv7 (a BeagleBone Black),
> > >some
On May 10 12:29:16, t...@tedunangst.com wrote:
> hans wrote:
> > On May 10 18:02:12, o...@drijf.net wrote:
> > > hans schreef op 10 mei 2016 17:12:23 CEST:
> > > >I started using the wonderfull malloc.conf,
> > > >setting it to CFGJPRSU. This works on amd64 and macppc and i386,
> > > >but on a fre
On 2016-05-10, Theo de Raadt wrote:
>> It's still relatively young and the clients are improving.
>
> I actually don't think they are improving.
>
> I don't see any with priviledge seperation, nor any which could
> plausibly be pledged.
For months there wasn't anything other than the official cli
> > I don't see any with priviledge seperation, nor any which could
> > plausibly be pledged.
>
> For months there wasn't anything other than the official client. After
> the service started operating and showed itself to not be vapourware
> people started writing their own, but obviously the ones
> > Also, after you generate and sign the certificate, you don't have
> > to keep the script.
>
> Validity on the letsencrypt CA is 90 days max. (Partly to restrict
> usefulness of a bad cert because they don't do CRLs, which are pretty
> much useless anyway, and partly to encourage users to aut
On Tue, May 10, 2016 at 02:38:37PM +0200, Marc Espie wrote:
> On Tue, May 10, 2016 at 05:23:07AM -0400, Jiri B wrote:
> > While checking proot, it would be probably good to have an
> > option for ldconfig to work with specified root directory
> > like it is the case for linux ldconfig. So it would
On 2016-05-10, Kevin Chadwick wrote:
>> > Also, after you generate and sign the certificate, you don't have
>> > to keep the script.
>>
>> Validity on the letsencrypt CA is 90 days max. (Partly to restrict
>> usefulness of a bad cert because they don't do CRLs, which are pretty
>> much useless
Dear Misc,
I could not find a separate mailing list for openiked. Hence posting here.
web manpage links appear to be broken on:
1) http://www.openiked.org/
2) http://www.openiked.org/manual.html
The referenced links are
1A) http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd
2A) http://www.ope
You need to complain at reyk - since these web pages are not in the
openbsd www/ tree they didn't get fixed when we converted to
man.openbsd.org
On Tue, May 10, 2016 at 10:52 PM, Vivek Vinod wrote:
> Dear Misc,
>
> I could not find a separate mailing list for openiked. Hence posting here.
>
> web
31 matches
Mail list logo
