[racket-users] raco pkg migrate

[Curtis Dutton]

after I install the newest racket package on my linux servers I always need
to run raco pkg migrate to reinstall dependant packages. trouble is I can
never figure out the version name of the previous install. Is there a raco
pkg migrate command that can just migrate the packages from the latest
previously installed version?

Ideally I'd like to automate that so when I apt-get upgrade the packages
are migrated for me.

Thanks,
Curt

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/CAPChLEoWdT4BrQnLgXen4g4A%2BCorxmQeQ61uu2x5oxQ2ibF2dQ%40mail.gmail.com.

[racket-users] Re: DB hangs with postgres and broken network link

[Curtis Dutton]

Ok well on additional investigation this appears only to happen while using
virtual connections. If a raw postgresql-connect is used it does raise a
tcp timeout error.

On Fri, Jul 3, 2020 at 10:51 AM Curtis Dutton  wrote:

> I'm in the process of writing a simple daemon that periodically checks in
> with a postgres database. I'm trying to make it resilient with network
> outages.
>
>
> If you connect to the database.
> Unplug the network cable.
> Run a query.
>
> The query will hang for what appears to be forever without throwing an
> exception.
>
> Is this expected behavior?
>
>
> Thanks,
> Curtis
>

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/CAPChLEqzeN3FjhD59tTHUf3EFgW8Bo0xi_3e3Va5kPg2Ut7miA%40mail.gmail.com.

[racket-users] DB hangs with postgres and broken network link

[Curtis Dutton]

I'm in the process of writing a simple daemon that periodically checks in
with a postgres database. I'm trying to make it resilient with network
outages.


If you connect to the database.
Unplug the network cable.
Run a query.

The query will hang for what appears to be forever without throwing an
exception.

Is this expected behavior?


Thanks,
Curtis

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/CAPChLEqQgoSxFVp1p8uxWZW-kGrFWO6s7jHFur6fACDsfhgXqA%40mail.gmail.com.

[racket-users] raco pkg migrate previous versions

[Curtis Dutton]

Is there a way to view the previous versions that were installed from raco
using raco pkg migrate?

I always find myself trying to guess the previous version number after an
upgrade to migrate from. Does raco pkg have the ability to list previously
instlalled versions like drracket does?


Thanks,
   Curt

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/CAPChLEqeQO0VVH3yTxFWYhGoUAj8hHJxEpcm8Oyc06RhtNj99Q%40mail.gmail.com.

[racket-users] make-output-port events

[Curtis Dutton]

I'm trying to create an output port that wraps a set of foreign interface
functions.

The ffi has a bytes_writable function which tells how many bytes can be
written as well as a write_bytes function that does the writing.

In this case I need to poll with bytes_writable until it returns more than
0 before I can make the event ready.

what is a good way to implement the event?

Thanks,
   Curt

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[racket-users] CQRS and EventSourcing

[Curtis Dutton]

I've been investigating the CQRS and EventSourcing way of doing things.
Here is a paper about it in case you have not heard of it.
https://cqrs.files.wordpress.com/2010/11/cqrs_documents.pdf


I guess it is one of those new old things and an alternative to the CRUD
way of building an application. It seems to me like racket would be a great
fit with the CQRS/EventSourcing model.


Has anyone here investigated or used CQRS/EventSourcing. I'm mostly just
fishing for opinions, experiences, and good information that you may have.

Thanks,
   Curt

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [racket] Is it possible to write uuids to postgres with the racket db?

[Curtis Dutton]

My workaround which was conducive to the database architecture, was use a
view that exposes the uuid as text along with other related columns. Then
upon insert or update, a rewrite rule casts it back to the uuid type into
the actual backing table.


On Sun, Jul 20, 2014 at 9:07 PM,  wrote:

>
> Hey all,
>
> Anyone know how to get Racket's db to write to a uuid column in Postgres?
>  I keep getting "unsupported type".  The documentation suggests casting as
> a workaround, but the example is a select - I doubt that will work as well
> for an insert...?
>
>
> Thanks,
> joshua
> 
>   Racket Users list:
>   http://lists.racket-lang.org/users
>

  Racket Users list:
  http://lists.racket-lang.org/users

Re: [racket] Possible bug with DB virtual-connections and connection-pools

[Curtis Dutton]

Thank you for taking a look.

For my scenario, your fix is great for me. It is a rare occurrence when
this problem occurs, and the end result is that a user of my websites has
to hit the refresh button once.


On Thu, Jun 12, 2014 at 7:02 PM, Ryan Culpepper  wrote:

> On 06/11/2014 11:40 AM, Curtis Dutton wrote:
>
>> I ran into a problem while using virtual-connections with
>> connection-pooling in my webserver.
>>
>> With a postgres database. If the database itself gets restarted after a
>> connection is formed from the webserver, then I cannot re-establish a
>> connection afterword.
>>
>> In production the database and webserver are on different hosts, but my
>> development box those the same symptoms.
>>
>>
>> So here is what I see
>>
>> (require db)
>>
>> (define conn #f)
>>
>> (define (reset)
>>(set! conn (virtual-connection (connection-pool (λ ()
>>  (postgresql-connect
>> #:server "localhost"
>> #:user "postgres"
>> #:password "postgres"
>> #:database "test"))
>> #:max-idle-connections 5
>>
>> (define (go)
>>(query conn "SELECT * FROM test"))
>>
>> (reset)
>>
>> (go)
>> ;get results
>>
>> ;now restart my postgres server
>>
>> (go)
>> . . tcp-write: error writing
>>system error: Unknown error; errno=10054
>>
>> ;ok what now?
>> (disconnect conn)
>> (go)
>> . . tcp-write: error writing
>>system error: Unknown error; errno=10054
>>
>> ;now what
>> (reset)
>> (go)
>> ;I get my results again
>>
>>
>> I think what I expect is that the connection would be renegotiated for
>> me. Or maybe at least renegotiated if I run disconnect afterword. If
>> that isn't the case, that is fine... How should I handle this case?
>>
>
> I've just pushed a partial fix for this issue. The main problem was that
> the internal client connection didn't realize that the server had
> disconnected after a fatal error.
>
> After the change, you will see an interaction like this instead:
>
> (go)
> ;; => results
> ;; Restart the server
> (go)
> ;; => query: terminating connection due to administrator command
> ;;  SQLSTATE: 57P01
> (go)
> ;; => results
>
> That is, the virtual connection will raise a "fatal" error, but then when
> you use it again, it will create a new internal connection and work fine.
>
> (At least, that's what I see on postgresql 9.1.13; I was never able to
> reproduce the precise interaction you included in your email.)
>
> Unfortunately, getting rid of that error in the middle seems difficult.
> The problem is that the server takes the time to say goodbye. Since there's
> input pending, the internal connection is still considered connected, so
> the virtual connection commits to using that internal connection rather
> than creating a new one.
>
> Thanks for reporting this problem!
>
> Ryan
>

  Racket Users list:
  http://lists.racket-lang.org/users

[racket] Possible bug with DB virtual-connections and connection-pools

[Curtis Dutton]

I ran into a problem while using virtual-connections with
connection-pooling in my webserver.


With a postgres database. If the database itself gets restarted after a
connection is formed from the webserver, then I cannot re-establish a
connection afterword.

In production the database and webserver are on different hosts, but my
development box those the same symptoms.


So here is what I see

(require db)



(define conn #f)

(define (reset)
  (set! conn (virtual-connection (connection-pool (λ ()
(postgresql-connect
#:server "localhost"

#:user "postgres"

#:password "postgres"

#:database "test"))
  #:max-idle-connections
5


(define (go)
  (query conn "SELECT * FROM test"))

(reset)

(go)
;get results

;now restart my postgres server

(go)
. . tcp-write: error writing
  system error: Unknown error; errno=10054

;ok what now?
(disconnect conn)
(go)
. . tcp-write: error writing
  system error: Unknown error; errno=10054

;now what
(reset)
(go)
;I get my results again


I think what I expect is that the connection would be renegotiated for me.
Or maybe at least renegotiated if I run disconnect afterword. If that isn't
the case, that is fine... How should I handle this case?

Thanks,
   Curtis

  Racket Users list:
  http://lists.racket-lang.org/users

Re: [racket] New web pages!

[Curtis Dutton]

My only regret with programming was not finding lisp until my late 20's. I
remember having only 1 day of a class in college that went over lisp. It
was a crappy copy of McCarthy's lisp paper, so of course the impression
that an immature 20 year old took was, 'that was history; so interesting
but not relevant to my (c++ ) world.' I think that the oil-changers
metaphor has some truth to it. I wanted to build spaceships before I knew
about "cars". But from where I sat, that was just the only way I could
figure on getting there. What would be different if I had understood lisp
before I got on to the notion of oil-changes as a means to an end?

I think that there is a subset of oil-changers that will always come to
lisp. There is a subset that come to lisp only when they are randomly
adopted by a space engineer. There is a subset that will always change oil.

Not to dehumanize people by comparing them to dogs, but with dogs, if you
get to training them within about the first 1-1/2 years of age, their
temperament, within limits, can be molded. After that, you can still train
them tricks and commands, but their temperament becomes set.

Is their a subset of "future oil-changers" that may be adoptable up until a
certain age but not after they eat semi-colon kibble for too long?

How big of a subset could that be?

I think they are the ones who most need evangelized and are hardest to
capture.

-Curt


On Sun, Mar 16, 2014 at 5:50 PM, Neil Van Dyke  wrote:

> This is the weekend, and I'm off the clock.
>
> I think there is a balance to be achieved in advocacy/evanglism, but I get
> tired of it, especially when it gets one hung up arguing minutiae that
> people found boring years ago.
>
> Are we really arguing about slowness, WITH JAVA PROGRAMMERS?  (Do they not
> know their own people's recent history?  Next, will we have client-side Web
> programmers trying to school everyone about computational efficiency?)  And
> do we really have to talk about parentheses?  (Didn't the respectability of
> languages like Python get us past the everything-has-to-look-like-C/Java,
> quite some years ago?)  And who still thinks that Lisp is about AI.
> (Hint: AI changed decades ago, and some Lisp descendants have changed a lot
> since then, too.)
>
> This is the 21st century, and the smart programmers tend to be conversant
> on topics in software development outside the thinking of corporate
> open-plan office workpods.  I wouldn't want to disturb the workpods that
> don't want to be distracted from their policies and procedures.  I'd rather
> spend my time talking with people who are interested in domain-specific
> languages, multi-paradigm programming, algorithms, software engineering
> process (as opposed to cargo cults), and the various innovations that come
> when people learn lots of things and think about and beyond that.
>
> A story...
>
> The bulk of the software programming world is automobile technicians who
> just change oil all day.
>
> Many of them get really good at changing the oil, and maybe making modest
> repairs to particular series of cars.
>
> A handful of those people will look beyond that, and become master
> mechanics, but most won't get experience or be able to see beyond oil
> changes and other rote procedures.
>
> Then there are the people who always wanted to design cars or spaceships.
>  They learn how to change oil and do repairs early on, but they also go off
> and learn a lot more, and possibly end up working for Lamborghini or Tesla
> or their own company.
>
> These Tesla engineers then reach out to promising young oil-changers they
> see, saying unto them, "Come, hit the books, and join us in searching for
> better ways of doing things."
>
> But the oil-changers cry out, "Get real, spaceman.  I can't even find the
> oil on your toy car.  And what the hell kind of bolt head is that?  Don't
> you know how the real world works?  Now leave me alone; I've got oil to
> change."
>
> The Tesla engineers weep for the oil-changers.  Then cheer up themselves
> by checking their stock options.
>
> Maybe the Tesla engineers should let the children who want to design cars
> and spaceships come to them.
>
> Neil V.
>
> 
>  Racket Users list:
>  http://lists.racket-lang.org/users
>

  Racket Users list:
  http://lists.racket-lang.org/users

[racket] using raco setup to create systemwide commands

[Curtis Dutton]

I'm working on a small utility to help me backup virtual guest disks over
slow links. I'll make an announcement about it once I get it to beta state.

I would really like to make it a one line command to install to the system.

So far I'm able to install it like so

1. raco link -i /usr/local/guest-lvm-backup
2. raco setup -l guest-lvm-backup
 raco setup creates launchers in the racket install directory named
guest-lvm-backup and guest-lvm-tape

3. I install symbolic links to /usr/local/bin for my commands
guest-lvm-backup and guest-lvm-tape

So my question is How do I get raco setup to create the links to the
launchers in /usr/local/bin?


Thanks,
   Curt

  Racket Users list:
  http://lists.racket-lang.org/users

Re: [racket] racket/db - query-rows: connection is permanently locked due to a terminated thread

[Curtis Dutton]

I've been running with the kill-safe-connection's for a few weeks now.

This seems to have fixed the problem, or at least hidden it to a point that
I no longer am affected by it.

Thanks for your help.

On Thu, Feb 2, 2012 at 2:53 AM, Ryan Culpepper  wrote:

> On 02/01/2012 10:09 PM, Curtis Dutton wrote:
>
>> I'm receiving this error after my webserver is running for a few days.
>>
>> Hosting a plt webserver on Ubuntu server, I'm using the racket/db
>> library to access a local postgres database. After a few hundred
>> requests, over a period of days, I eventually get this error message.
>> "query-rows: connection is permanently locked due to a terminated thread"
>>
>> Once this error is generated all calls made to the database then fail,
>> and continue to fail until I restart the webserver process.
>>
>> I am using the virtual connection pooling interface as well.
>>
>> Has anyone seen this yet?
>>
>> I submitted  bug #12530.
>>
>> I have not been able to reproduce this manually. It happens after a few
>> days. I'm willing to instrument or hack at it to help determine the
>> issue but a little guidance would be very welcome.
>>
>
> I'll look into it. If the error has a stack trace, that would be very
> helpful.
>
> You could also try wrapping the postgresql connection in a
> kill-safe-connection proxy. That is, change
>
>  (postgresql-connect )
>
> to
>
>  (kill-safe-connection (postgresql-connect ))
>
> and see if that makes a difference.
>
> Ryan
>

  Racket Users list:
  http://lists.racket-lang.org/users

Re: [racket] Racket consultants

[Curtis Dutton]

Sorry, I've been too busy to get to the email list. Just found this.


I use racket extensively in my client work. The only trouble is, most of my
work is website oriented, so my clients aren't much aware of it. Most of my
clients are small business owners and I build/manage their web properties
for them. If I didn't have racket as my secret weapon, i would be spending
90% of my time building and managing their websites instead of 10% of my
time. This allows me to actually focus on satisfying their business needs
instead of trying to keep up with them.

I have on occasion provided applications that they use in house. One of my
customers needed help costing large steam pipe sections used in power
generation. I whipped up a very simple racket application that helped them
compute the surface area of these piping sections. They did not know or
care what language it was done in, but racket allowed me to build an app in
about 2 days instead of who knows how long otherwise

Also most of my clients are not technically savvy so they don't really care
much which languages I use for them. If I could actually find someone to
say "hey we need this done in racket" that would just be fantastic. I like
working in racket so much more than anything else, I would almost pay to do
it. :-)


I'm always open to do racket based project work / consulting and am very
interested in getting racket based work.


Thanks,
   Curtis


On Sun, Feb 19, 2012 at 5:55 AM, Neil Van Dyke  wrote:

> I've heard privately from several people, and will be getting back to each
> of them individually.  It seems there's a good amount of interest in Racket
> consulting.  I'll see what information I can distill for this email list
> without spilling anyone's beans.
>
>
> --
> http://www.neilvandyke.org/
> 
>  Racket Users list:
>  http://lists.racket-lang.org/**users 
>

  Racket Users list:
  http://lists.racket-lang.org/users

[racket] racket/db - query-rows: connection is permanently locked due to a terminated thread

[Curtis Dutton]

I'm receiving this error after my webserver is running for a few days.

Hosting a plt webserver on Ubuntu server, I'm using the racket/db library
to access a local postgres database. After a few hundred requests, over a
period of days, I eventually get this error message. "query-rows:
connection is permanently locked due to a terminated thread"

Once this error is generated all calls made to the database then fail, and
continue to fail until I restart the webserver process.

I am using the virtual connection pooling interface as well.

Has anyone seen this yet?

I submitted  bug #12530.



I have not been able to reproduce this manually. It happens after a few
days. I'm willing to instrument or hack at it to help determine the issue
but a little guidance would be very welcome.


Thanks,
 Curtis

  Racket Users list:
  http://lists.racket-lang.org/users

[racket] Not eof evt...

[Curtis Dutton]

I see that there is an eof-evt that goes ready once an input port hits eof.

I am in need of an event for an input port, that is ready only when a
non-eof would be read from that port, and is never ready once an eof is hit.


For some reason, I'm having difficulty composing my own (like say by using
guard-evt)...

Does anybody know of a nice way of doing this?


Thanks,
Curtis
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

[racket] DB library - postgres and user defined errors...

[Curtis Dutton]

What is a good way to get user defined exceptions, written inside of
postrges function to be reflected to the end user?


Say I have an item table in a database and it has a unique 'name' column.

When I call my 'create_item' function in the postgres database, and the
name given conflicts with an existing row in that table, I would like the
exception returned to be 'that name already exists' and then pass that
message through my web interface down to the user.


Of course other types of exceptions, that I didn't anticipate, don't
ultimately get sent to my client and they just see an "OOPS!" message.


This sort of extends the principal that racket has of "raise-user-error"
being different than "raise" in racket, and applying that concept down
inside of postgres functions... (which the racket database library can
follow through with in its own runtime environment)


Thanks,
Curtis
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

Re: [racket] Ryanc db.plt, Postgres and bytea []

[Curtis Dutton]

That was my mistake. I was using a bytea[] on my column definition and I
only need to use was bytea.

Thanks for the info and setting right.



On Fri, Oct 28, 2011 at 2:18 PM, Ryan Culpepper  wrote:

> On 10/28/2011 06:21 AM, Curtis Dutton wrote:
>
>> I've been using db.plt package and it has been working well for me.
>>
>> Thanks to Ryan for making it.
>>
>
> You're welcome!
>
> BTW, the db package will be included in the next release as a standard
> Racket library.
>
>
>  I would like to store and retrieve some binary data in my postgres
>> databases. Unfortunatly db.plt says it doesn't support bytea types yet.
>>
>> How likely or doable would it be to get support for byta[] in the db.plt
>> library. I'm willing to add or help out in any way to get this
>> working... Even some pointers on where to start or what the solution
>> should look like would be greatly appreciated.
>>
>
> The type "bytea" should work fine. If it doesn't work for you, could you
> send me a short program that illustrates the problem?
>
> Here's a query that returns bytea:
>
> > (query-value c "select cast('abc' as bytea)")
> #"abc"
>
> What doesn't work is PostgreSQL's general array types, like "int[]" or
> "bytea[]". Is that what you have? If so, I can look into adding support
> this weekend. If you want to look around yourself, the relevant code
> (reading and writing) is in db/private/postgresql/**dbsystem.rkt, but
> you'll also need information from the postgresql source for the array
> binary format and the pg_type system table for the array type OIDs.
>
> Ryan
>
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

[racket] Ryanc db.plt, Postgres and bytea []

[Curtis Dutton]

I've been using db.plt package and it has been working well for me.

Thanks to Ryan for making it.

I would like to store and retrieve some binary data in my postgres
databases. Unfortunatly db.plt says it doesn't support bytea types yet.

How likely or doable would it be to get support for byta[] in the db.plt
library. I'm willing to add or help out in any way to get this working...
Even some pointers on where to start or what the solution should look like
would be greatly appreciated.



Thanks,
Curtis
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

Re: [racket] Garbage collection informaton

[Curtis Dutton]

Thank you very much guys!

-Curtis

On Thu, Sep 29, 2011 at 8:40 PM, Vincent St-Amour wrote:

> At Thu, 29 Sep 2011 18:12:32 -0600,
> Matthew Flatt wrote:
> >  * If you create a log receiver within Racket, you can look for
> >messages that have a `gc-info' prefab struct (10 fields) value,
> >which provides all the information in the string message plus start
> >and end times in real time (like `current-inexact-milliseconds').
> >See section 15.4 in the Reference for more information.
>
> If you decide to go that way, the unstable/logging collection provides
> a higher-level programmatic interface to the logging system.
>
> Vincent
>
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

[racket] Garbage collection informaton

[Curtis Dutton]

I'm in the midst of writing a nice performance/stress testing harness for
racket.

To measure performance with a GC language, it is very important to be able
to log accurate GC occurrences, along with how long they take.

The debug log seems to really output what I need except maybe a call to
(current-inexact-milliseconds) at the the start of the gc. Is there any sort
of way for me to determine exactly what time the GC begins along with other
sorts of good GC relatied information?

Is there any lower level hook I could get into?

Thanks,
Curtis
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

[racket] "read"ing sets

[Curtis Dutton]

I can "write" a set.

(write (set 1 2 3 4)) => "#"

However when I try to read that...

(with-input-from-string "#" read) =>  read: bad syntax `#<'

Is there a technical reason why sets can't be read just like lists, hashes,
numbers etc? (Other than via serialization)

I'd like to hook into it with a reader extension somehow but the reader
documentation seems a bit terse in that area.

Does anyone know of some good places to look in the source for guidance?


Thanks,
Curtis Dutton
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

[racket] Rejoindre mon réseau sur LinkedIn

[Curtis Dutton via LinkedIn]

LinkedIn
Curtis Dutton souhaite se connecter à vous sur LinkedIn :
--

Je vous invite à faire partie de mon réseau professionnel en ligne sur le site 
LinkedIn.

Accepter l'invitation de Curtis Dutton
http://www.linkedin.com/e/-mh1v86-gmy5ln1g-6x/IM1vsSrKrwDHVrZ6NvJkHNm49S5FJAGaNLJX-knxVzs/blk/I100567359_25/1BpC5vrmRLoRZcjkkZt5YCpnlOt3RApnhMpmdzgmhxrSNBszYRcBYVdjcTdzkMc359bRl3tSBaoDhFbP8NejgPe30SdP8LrCBxbOYWrSlI/EML_comm_afe/

Voir l'invitation de Curtis Dutton
http://www.linkedin.com/e/-mh1v86-gmy5ln1g-6x/IM1vsSrKrwDHVrZ6NvJkHNm49S5FJAGaNLJX-knxVzs/blk/I100567359_25/3kOnPARcPsSdj0MckALqnpPbOYWrSlI/svi/
--

SAVEZ-VOUS que vous pouvez être le premier informé quand un membre de votre 
réseau change de poste ? Les "Nouvelles du réseau" sur votre page d'accueil 
LinkedIn vous informe des évolutions de carrière dans votre réseau. Soyez le/la 
premier(e) informé(e) ! 
http://www.linkedin.com/

 
-- 
(c) 2011, LinkedIn Corporation_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

Re: [racket] openssl - authenticating clients via certificates

[Curtis Dutton]

Ok so I have made some changed to the ssl code and have something working
now (openssl collection). Open ssl supports a "try verify" mode that will
still accept an ssl connection even if a client cannot provide a valid
certificate. This allows me to support the scenario of a public https usage
for anonymous users, and allows my webserver to also verify clients with
approved certficates.

I'd like to solicit any thoughts/advice on my api additions.

*ssl-try-verify!* - identical to ssl-set-verify! however it will try to
verify if possible but still allow the connection to proceed if verification
fails
*ssl-peer-verified?* - given an ssl port determines if the remote peer of a
specific ssl port was verified
*ssl-peer-subject-name* - given an ssl port returns a string that is the
full subject name of the certificate issued by the peer or false if the peer
is unverified
*ssl-peer-issuer-name* - given an ssl port returns a string that is the full
certificate name of the certificate issued by the peer or false if the peer
is unverified

I would ultimately like to integrate these changes back into racket. This
would be my first time contributing to racket. What is the next step to
getting these changes integrated?



Now finally.

Some errors related to chrome and safari. When using those browsers to
connect to my server (also repros with the stock ssl racket collection) I
see a lot of these...

"Connection error: ssl-accept/enable-break: accept failed (input terminated
prematurely)"

however the browsers behave as if everything is working correctly. Sound
like a familiar issue to anyone?


Thanks,
Curtis

On Wed, Jan 5, 2011 at 7:37 AM, Curtis Dutton  wrote:

> I am interested in implementing authentication via client browser
> certificates with a racket webserver.
>
> I have a small online store website that has both a public side, for
> anybody, and a set of pages that are private for the management interface of
> that website.
>
> But I don't like the risk of only using a password to access the admin
> side. I'd like to be able to issue certificates to my client's browsers such
> that only a set few computers on their business premises can access the
> admin interface and ultimately get to sensitive customer information.
>
> Something nice to have would also be the ability to blacklist certificates
> (similar to how OpenVPN can reject specific user's certificates) just in
> case a certificate ever became compromised.
>
>
> Has anybody figured out a way to do this yet?
>
>  I am willing to volunteer some effort to help implement. Any pointers on
> where to get started, design considerations, etc... are appreciated if that
> is the case.
>
>
> Thanks,
>   Curtis
>
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

Re: [racket] openssl - authenticating clients via certificates

[Curtis Dutton]

Using apache is probably how I will solve this in the short term.

It seems though, if there was some way to determine what public key was
given by the "other" side of an ssl connection, then one could pretty much
implement authentication outside of the ssl layer.

That may not be too much of a stretch as far as modifications to the open
ssl code goes. I'm still playing with the openssl package and learning how
it works.



On Wed, Jan 5, 2011 at 4:12 PM, Neil Van Dyke  wrote:

> Curtis Dutton wrote at 01/05/2011 07:37 AM:
>
>  I am interested in implementing authentication via client browser
>> certificates with a racket webserver.
>>
>
> One way I have seen HTTPS SSL client certificate authentication done for
> Racket (actually, PLT Scheme, a while ago) on the server side is to simply
> use Apache as a front-end Web Server, and have an Apache module do the
> authentication before the connection gets to Racket.  Then your Racket code
> can get from Apache a string of a DN or some other identifying info from the
> valid certificate, which you can use for authorization or possibly
> additional authentication.  I think that will do everything you want,
> including letting you lock out users (based on DN, without having to mess
> with cert revocation lists).
>
> There might also be other reasons to use a front-end HTTPS server in front
> of your Racket Web Server, so perhaps you're already doing this.  If for
> some reason you wanted connections direct to your Racket Web Server, not
> through a front-end like Apache, I don't know whether Racket's SSL support
> currently supports client cert authn on the server side.
>
> --
> http://www.neilvandyke.org/
>
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users

[racket] openssl - authenticating clients via certificates

[Curtis Dutton]

I am interested in implementing authentication via client browser
certificates with a racket webserver.

I have a small online store website that has both a public side, for
anybody, and a set of pages that are private for the management interface of
that website.

But I don't like the risk of only using a password to access the admin side.
I'd like to be able to issue certificates to my client's browsers such that
only a set few computers on their business premises can access the admin
interface and ultimately get to sensitive customer information.

Something nice to have would also be the ability to blacklist certificates
(similar to how OpenVPN can reject specific user's certificates) just in
case a certificate ever became compromised.


Has anybody figured out a way to do this yet?

 I am willing to volunteer some effort to help implement. Any pointers on
where to get started, design considerations, etc... are appreciated if that
is the case.


Thanks,
  Curtis
_
  For list-related administrative tasks:
  http://lists.racket-lang.org/listinfo/users