Re: TLS now supported on openbsd.org?

> >It's great to see OpenBSD Project supporting Let's Encrypt. > > I am absolutely not supporting Let's Encrypt. The client scares the > shit out of me, and shows me how low the bar has become. "client effectively containing millions of lines of code, connects to server on the internet to get a

Re: ftp/www.openbsd.org will be down for an upgrade today.

it has been back for quite some time On Mon, May 9, 2016 at 1:02 PM, Markus Rosjat wrote: > Hi there, > > just a short question about the site coming up again. > Since our spamd-setup tries to get some blacklists form the site I was > wondering if there is any info about the

Re: TLS now supported on openbsd.org?

>It's great to see OpenBSD Project supporting Let's Encrypt. I am absolutely not supporting Let's Encrypt. The client scares the shit out of me, and shows me how low the bar has become. Considering all I need is put something on a web site that I can convince a DNS server is the one they'll

Remove translated versions of donations.html in the robots.txt file.

These are the lines from the robots.txt [1] file. Disallow: /cs/donations.html Disallow: /de/donations.html Disallow: /es/donations.html Disallow: /fr/donations.html Disallow: /hu/donations.html Disallow: /ja/donations.html Disallow: /lt/donations.html Disallow: /nl/donations.html Disallow:

Re: apache-httpd-openbsd?

On 5/9/16 4:26 PM, Daniel Jakots wrote: On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross wrote: Trying to install apache-httpd-openbsd in -current https://marc.info/?l=openbsd-ports-cvs=146186762111571=2 Hmm--I went through all of the ports@ messages looking for a removal

Re: apache-httpd-openbsd?

On 5/9/16 4:25 PM, Fred wrote: On 05/09/16 22:58, Jeff Ross wrote: On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line

Re: apache-httpd-openbsd?

On 5/9/16 4:30 PM, Stuart Henderson wrote: On 2016-05-09, Jeff Ross wrote: Trying to install apache-httpd-openbsd in -current and it seems the package is no longer available. Correct. Options: - (preferred) migrate your configuration to a maintained http server

Re: apache-httpd-openbsd?

On 2016-05-09, Jeff Ross wrote: > Trying to install apache-httpd-openbsd in -current and it seems the > package is no longer available. Correct. Options: - (preferred) migrate your configuration to a maintained http server version. - install 5.9 release. - checkout an

Re: apache-httpd-openbsd?

On 05/09/16 22:58, Jeff Ross wrote: On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line says, apache-httpd-openbsd. Jeff

Re: apache-httpd-openbsd?

On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross wrote: > Trying to install apache-httpd-openbsd in -current https://marc.info/?l=openbsd-ports-cvs=146186762111571=2

Re: apache-httpd-openbsd?

On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line says, apache-httpd-openbsd. Jeff

Re: TLS now supported on openbsd.org?

On Mon, May 09, 2016 at 08:42:32PM +, Stuart Henderson wrote: > On 2016-05-09, arrowscr...@mail.com wrote: > > - Do you plan to support ftp.openbsd.org? Would be great to > > download packages with more security > > https is meant to provide privacy from eavesdroppers

Re: TLS now supported on openbsd.org?

> Giancarlo Razzolini wrote: > > It is really nice to finally see TLS on openbsd.org. How about redirecting > > http to https? > > I dislike the idea. Let me be more clear, both of you. Those decisions will made by the people (Bob et all) who maintain the back end. They

Re: TLS now supported on openbsd.org?

> Giancarlo Razzolini wrote: > > It is really nice to finally see TLS on openbsd.org. How about redirecting > > http to https? > > I dislike the idea. And noone cares what you like or dislike. It is not your site.

Re: TLS now supported on openbsd.org?

Giancarlo Razzolini wrote: > It is really nice to finally see TLS on openbsd.org. How about redirecting > http to https? I dislike the idea. An http->https redirect does not prevent a MITM by itself. It also prevents the easy use of caching or proper proxies with the

Re: watchdog issues ?

On Sun, May 08, 2016 at 11:46:11AM +0200, Sjöholm Per-Olov wrote: > > On 08 May 2016, at 00:39, Sjöholm Per-Olov wrote: > > > > Hi > > > > I have skipped all major releases of OpenBSD after 5.4 for one firewall due > to > > watchdog timeout resets on the em driver. Earlier today

Re: kernel logs "v_type 1" and "f_type 1"

Hi Ville, > Am 09.05.2016 um 18:04 schrieb Ville Valkonen : > > On 9 May 2016 at 16:03, Axel Rau wrote: >> A firewall box (dual Atom N270, 2GB, 5 nics, running 5.8-current > (GENERIC.MP) >> #1219) >> suddenly started logging >>v_type 1 >>

Re: TLS now supported on openbsd.org?

Giancarlo Razzolini wrote: > It is really nice to finally see TLS on openbsd.org. How about redirecting > http to https? I dislike the idea. For one, it does not stop a MITM by itself. In addition, enforced encryption makes it hard to cache and/or use proper http

apache-httpd-openbsd?

try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz

apache-httpd-openbsd?

Hi all, Trying to install apache-httpd-openbsd in -current and it seems the package is no longer available. I cvs uped my src and ports and built the system from source but when I try to install apache-httpd-openbsd from ports I'm getting the "reading plist|Error: unknown fragment SHARED at

Re: TLS now supported on openbsd.org?

On 2016-05-09, arrowscr...@mail.com wrote: > - Do you plan to support ftp.openbsd.org? Would be great to > download packages with more security https is meant to provide privacy from eavesdroppers on the network path between the endpoints. security is a different matter

Re: TLS now supported on openbsd.org?

On Mon, May 09, 2016 at 06:23:51PM +, Giancarlo Razzolini wrote: > > Let's Encrypt uses 4096. > > > > I think lets encrypt uses by default 2048, not 4096. You're right. The default is 2048. > Also, 4096 might indeed cause trouble with some old software. I recall > issues with mono and

kernel: protection fault trap, code=0

Hi, I got a "kernel: protection fault trap, code=0" on OpenBSD 5.9-current (GENERIC.MP) #2008: Sat May 7 08:16:29 MDT 2016 snapshot. It seems that this is not a kernel panic: ddb{2}> show panic the kernel did not panic If you need more info just ask. kernel: protection fault trap,

Re: TLS now supported on openbsd.org?

On 2016-05-09, arrowscr...@mail.com wrote: > - The RSA is 4096 bits. If I remember correctly, reyk@ said once > that 4096 is overkill. Any specific reason to use 4096 instead of > 2048? That was then, this is now. -- Christian "naddy" Weisgerber

IKED Host to Host VPN

I have a couple questions regarding IKED use that I couldn’t find in the docs: Is it capable of use for host-to-host tunnels or just net-to-net? In my case I’m trying to do a simple tunnel between hosts for spamd synching and a few other misc things. Running OpenBSD 5.9. PF rules: set skip on

IKED Host to Host VPN

I have a couple questions regarding IKED use that I couldn’t find in the docs: Is it capable of use for host-to-host tunnels or just net-to-net? In my case I’m trying to do a simple tunnel between hosts for spamd synching and a few other misc things. Running OpenBSD 5.9. PF rules: set skip on

generic.mp #2018 amd64 install and packages.

Hi misc@, Just a user experience for your consideration. I picked up a new bsd.rd from snapshots in toronto. Checked the sha256 and signify to make sure it's good. Moved it to / and rebooted with: boot> hd0a:/bsd.rd selected Install with standard options. clean download from the mirror followed

Re: TLS now supported on openbsd.org?

On Mon, May 9, 2016 12:57 pm, arrowscr...@mail.com wrote: > > - I don't know in modern browsers, but Links 2.12 say that the > certificate is not valid. It's just old browsers, or firefox also > have this same problem? Make sure you go to www.openbsd.org as it seems the cert is not valid for

Re: generic.mp #2018 amd64 install and packages.

> Just a user experience for your consideration. > > I picked up a new bsd.rd from snapshots in toronto. Checked the sha256 > and signify to make sure it's good. Moved it to / and rebooted with: > > boot> hd0a:/bsd.rd > selected Install with standard options. > clean download from the mirror

Re: ftp/www.openbsd.org will be down for an upgrade today.

Hi there, just a short question about the site coming up again. Since our spamd-setup tries to get some blacklists form the site I was wondering if there is any info about the the time schedule for the maintenance? Regards Markus Am 08.05.2016 um 23:44 schrieb Stefan Wollny: Am 05/08/16

Re: TLS now supported on openbsd.org?

Let's Encrypt uses 4096. I think lets encrypt uses by default 2048, not 4096. Also, 4096 might indeed cause trouble with some old software. I recall issues with mono and older java versions. It is really nice to finally see TLS on openbsd.org. How about redirecting http to https? Also, it

Re: TLS now supported on openbsd.org?

2016-05-09 18:57 GMT+02:00 : > - I don't know in modern browsers, but Links 2.12 say that the > certificate is not valid. It's just old browsers, or firefox also > have this same problem? All's good. See

Re: TLS now supported on openbsd.org?

On Mon, May 09, 2016 at 06:57:52PM +0200, arrowscr...@mail.com wrote: > It's great to see OpenBSD Project supporting Let's Encrypt. I don't > know if you folks still configuring it, but there's some points > that I noticed: > - I don't know in modern browsers, but Links 2.12 say that the >

TLS now supported on openbsd.org?

It's great to see OpenBSD Project supporting Let's Encrypt. I don't know if you folks still configuring it, but there's some points that I noticed: - I don't know in modern browsers, but Links 2.12 say that the certificate is not valid. It's just old browsers, or firefox also have this same

Re: Claws-mail without Dbus

m...@pmars.jp writes: > Hi, > Thanks a lot for all the really nice job you re doing here. > > I'm trying to install Claws-mail without Dbus but that seems not > possible. The ports tree tries to provide packages usable by most. What if another user wants claws-mail linked against dbus, but not

Re: ftp/www.openbsd.org will be down for an upgrade today.

On 2016-05-08, Stefan Wollny wrote: > Am 05/08/16 um 20:03 schrieb Bob Beck: >> There will be an extended downtime of the main ftp and www sites for >> an upgrade today starting in approximately one hour's time from now. >> >> The mirror sites should be unaffected - so use

Re: kernel logs "v_type 1" and "f_type 1"

On 9 May 2016 at 16:03, Axel Rau wrote: > A firewall box (dual Atom N270, 2GB, 5 nics, running 5.8-current (GENERIC.MP) > #1219) > suddenly started logging > v_type 1 > f_type 1 > (up to 40 times/sec) and stopped routing. > > The effect went away after

Claws-mail without Dbus

Hi, Thanks a lot for all the really nice job you re doing here. I'm trying to install Claws-mail without Dbus but that seems not possible. Is there a way to do that via pkg_add or pkg_delete? I saw smtg on the man with the -D option and 'libdepends' value, stating the lib might not be

kernel logs "v_type 1" and "f_type 1"

A firewall box (dual Atom N270, 2GB, 5 nics, running 5.8-current (GENERIC.MP) #1219) suddenly started logging v_type 1 f_type 1 (up to 40 times/sec) and stopped routing. The effect went away after disconnecting all but one nic. Any help appreciated, Axel --- PGP-Key:29E99DD6 ☀

Re: ftp/www.openbsd.org will be down for an upgrade today.

Hello, on 08.05.2016 23:44, Stefan Wollny wrote: Anyone know of an up2date mirror of 'current.html'? (Google just found one with the latest entries from 2005...) :-( In case of doubt, http://web.archive.org/web/20160401125246/http://www.openbsd.org/faq/current.html isn't far too "way

Re: NFS over IPSec (NAT-T)

On Fri, Jun 12, 2015 at 10:46:48AM +0100, Zé Loff wrote: > Hi all > > I have a IKEv1 setup that allows my roaming laptop (amd64 -current) to > connect to the office LAN (i386 patched 5.6) using outgoing NAT. Everything* > works fine, I can ssh machines, browse internal websites, the works. > >

Re: ftp/www.openbsd.org will be down for an upgrade today.

On 08/05/16 18:44, Stefan Wollny wrote: Am 05/08/16 um 20:03 schrieb Bob Beck: There will be an extended downtime of the main ftp and www sites for an upgrade today starting in approximately one hour's time from now. The mirror sites should be unaffected - so use a mirror if you discover the

Re: rdomain and dhcrelay

> Am 05/09/16 um 08:20 schrieb Holger Glaess: >> hi >> >> is there an possiblity to forward dhcp request from >> an rdomain X to the runing dhcp server in rdomain 0 ? >> >> >> if i start the dhcrelay -i em1 192.168.131.250, >> >> i see that he forward the request but never reach the server. >> >>

Re: rdomain and dhcrelay

Am 05/09/16 um 08:20 schrieb Holger Glaess: > hi > > is there an possiblity to forward dhcp request from > an rdomain X to the runing dhcp server in rdomain 0 ? > > > if i start the dhcrelay -i em1 192.168.131.250, > > i see that he forward the request but never reach the server. > > the

rdomain and dhcrelay

hi is there an possiblity to forward dhcp request from an rdomain X to the runing dhcp server in rdomain 0 ? if i start the dhcrelay -i em1 192.168.131.250, i see that he forward the request but never reach the server. the clients in rdoamin 0 works with the dhcp server. or it is need to