already exists

Posted on 2018-12-14 [Friday] by jj5

2017-12-09 jj5 – TODO: document this on my blog…

On Debian GNU/Linux 9.1 (stretch) when I try to open an *.desktop (application/x-desktop) link in a browser I get:

A folder named ~/.cache/kioexec/krun/13821_0/ already exists.

Searching for:

A folder named kioexec krun already exists

turned up diddly squat.

I solved the issue (for me) by changing:

System Settings -> Personalization -> Applications -> Default Application s-> Web Browser

from:

Open http and https URLs in an application based on the contents of the URL

to:

Open http and https URLs in the following browser: firefox

Installing Subversion on Mac OS X with WebDAV support (serf library)

Posted on 2014-11-22 [Saturday] by jj5

cd ~/Development/svn-install
wget http://prdownloads.sourceforge.net/scons/scons-2.3.4.tar.gz
wget http://mirror.ventraip.net.au/apache/apr/apr-1.5.1.tar.gz
wget http://mirror.ventraip.net.au/apache/apr/apr-util-1.5.4.tar.gz
wget http://mirror.ventraip.net.au/apache/subversion/subversion-1.8.10.tar.gz
tar xzf scons-2.3.4.tar.gz
tar xzf apr-1.5.1.tar.gz 
tar xzf apr-util-1.5.4.tar.gz
tar xzf subversion-1.8.10.tar.gz
cd scons-2.3.4
sudo python setup.py install
cd ../apr-1.5.1
./configure --prefix=/usr/local
make
sudo make install
cd ../apr-util-1.5.4
./configure --with-apr=/usr/local --prefix=/usr/local
make
sudo make install
cd ../subversion-1.8.10
sh get-deps.sh serf
cd serf
scons APR=/usr/local APU=/usr/local OPENSSL=/usr/local PREFIX=/usr/local
sudo scons PREFIX=/usr/local install
cd ..
./configure --with-openssl --with-serf=/usr/local --prefix=/usr/local
make
sudo make install

Nuff said!

Oh, wait… there’s a problem with misconfigured CA certificates…

cd ~/Development/svn-install
wget https://distfiles.macports.org/MacPorts/MacPorts-2.3.3-10.10-Yosemite.pkg

Run the MackPorts*.pkg…

xcode-select --install

Then…

sudo /opt/local/bin/port install curl-ca-bundle

Then…

sudo -s
cd /System/Library/OpenSSL/certs/
ln -s /opt/local/etc/openssl/cert.pem cert.pem
cd /usr/local/etc/openssl/certs
ln -s /opt/local/etc/openssl/cert.pem cert.pem

Testing:

openssl s_client -connect www.progclub.org:443 -CApath /opt/local/etc/openssl/

Using MacPorts OpenSSL:

sudo port install openssl
cd ~/Development/svn-install/subversion-1.8.10/serf/
scons APR=/usr/local APU=/usr/local OPENSSL=/opt/local PREFIX=/usr/local
sudo scons PREFIX=/usr/local install

Done!

Enable/Show “http://” and “https://” URL Prefix in Firefox Location Bar

Posted on 2014-09-25 [Thursday] by jj5

Found this article which said:

Open about:config and disable browser.urlbar.trimURLs. Easy peasy!

gnutls_handshake failed using git

Posted on 2014-09-03 [Wednesday] by jj5

Today I ran into this error:

jj5@mercy:~/public-git$ git push origin master
error: gnutls_handshake() failed: A TLS warning alert has been received. while accessing https://demo@demo.personalserver.com/public/git/info/refs

The solution, of all things, was to add a ServerName spec into my Apache configuration file /etc/apache2/sites-enabled/default-ssl.conf, e.g.:

ServerName demo.personalserver.com

Bug fixed!!

PHP curl_exec

Posted on 2013-08-31 [Saturday] by jj5

Today I learned about curl_exec which is a HTTP client for use in PHP.

BlackHat USA 2011: SSL And The Future Of Authenticity

Posted on 2012-07-16 [Monday] by jj5

A talk on the future of authenticity:
BlackHat USA 2011: SSL And The Future Of Authenticity.

Clearing SSL session state in Firefox

Posted on 2012-03-16 [Friday] by jj5

Sometimes I have a problem where I connect to my server without using a certificate, and then later need to connect using a certificate. But if I’ve already selected not to use a certificate then Firefox doesn’t prompt again so I have been having to restart my browser when that happens, which was a real pain, until now!

To clear your SSL session state in Firefox choose History -> Clear Recent History… and then select “Active Logins” and click “Clear Now”. Then the next time you connect to your SSL server Firefox will prompt for which certificate to use.

HTTPS+SSLVerifyClient require in <Directory>+big POST = Apache error

Posted on 2012-02-24 [Friday] by jj5

I was configuring MediaWiki to allow uploads and was getting an error in the browser about the POST data being too large (“does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.”). I had a look in the Apache error log and found:

[Thu Feb 23 16:12:45 2012] [error] [client 60.240.67.126] request body exceeds m
aximum size (131072) for SSL buffer, referer: https://www.jj5.net/morpheus/Speci
al:Upload
[Thu Feb 23 16:12:45 2012] [error] [client 60.240.67.126] could not buffer messa
ge body to allow SSL renegotiation to proceed, referer: https://www.jj5.net/morp
heus/Special:Upload

So I did some research. I found this document, File upload size which suggested editing /etc/php5/apache2/php.ini which I did:

upload_max_filesize = 20M
post_max_size = 80M

That didn’t fix the problem though. I found Request entity too large which suggested checking my setting for LimitRequestBody, but that wasn’t the problem either.

Eventually I found Bug 491763 – HTTPS+SSLVerifyClient require in <Directory>+big POST = Apache error which suggested I needed to apply the SSLRenegBufferSize directive which I did like this:

  <Location /morpheus>
    SSLVerifyClient require
    SSLVerifyDepth 1
    SSLRenegBufferSize 20971520
  </Location>

And then after restarting Apache the problem was solved.

HTTPS and Client Certificates

Posted on 2012-02-16 [Thursday] by jj5

I’m half-way through setting up my web-server for client certificate authentication. Have to get a few other things done first so I’m going to come back to this. Here are my notes so far.

I’m reading OpenSSL and Certificates over on Ubuntu help, and that seems to be a fairly good guide for setting up the server side of things.

I read this article on Email Certificates but that wasn’t that useful for what I’m doing.

I learned a little bit about the update-ca-certificates command that is part of the ca-certificates package, and maybe that will be useful down the track.

In my travels I discovered NSS and SSL Error Codes, but that’s probably not too useful either.

The OpenSSL FAQ was a really useful read. I’ll probably be referring back to that.

I learned about cacert.org which is interesting but probably something I won’t be using.

There’s an SSL Certificates HOWTO over on TLDP and if I can find the time I’d like to read that whole thing, although from what I’ve read so far it’s not complete.

The mod_ssl project has a really handy Reference for all the Apache configuration options, worth a read of.

And that’s it for now. I’ll pick this up again in a day or two.

Apache and SSL (HTTPS)

Posted on 2012-02-08 [Wednesday] by jj5

According to NameBasedSSLVHosts it’s possible to configure Apache so that it supports both SSL and name based virtual hosts. There’s notes on another method at HTTPS Virtual Hosts in Apache.

In other news: on my reading list is the SSL/TLS Strong Encryption: FAQ.

ProgClub

…because every programmer needs a good club!

Tag Archives: https