00:23
razzy has quit [Ping timeout: 260 seconds]
02:39
razzy has joined #picolisp
04:58
clacke has joined #picolisp
05:20
theruran has quit [Ping timeout: 268 seconds]
05:22
theruran has joined #picolisp
06:12
aw- has quit [Quit: Leaving.]
06:53
aw- has joined #picolisp
07:24
<
tankf33der >
Hi all
07:24
<
Regenaxer >
Hi tankf33der!
07:25
<
tankf33der >
Regenaxer:what openssl version on pilbox?
07:25
<
tankf33der >
i would like to repeat
07:25
<
tankf33der >
and letter?
07:25
<
Regenaxer >
OpenSSL 1.1.1l 24 Aug 2021
07:26
<
Regenaxer >
Do you have access to a PilBox?
07:27
<
razzy >
Good morning to all!
07:28
<
Regenaxer >
Hi razzy!
07:30
<
razzy >
I am waiting for beneroth to ask, how pilDB fares in comparison to other graph databases. :]
07:31
<
tankf33der >
Regenaxer:i do not have pilbox
07:32
<
Regenaxer >
ok, so you cannot test directly
07:32
<
Regenaxer >
razzy, do you have a PilBox?
07:32
<
razzy >
Regenaxer: no, sorry.
07:33
<
Regenaxer >
I'd like to know if it is a problem of my phone (OnePlus 6T), of Android 11, or what else
07:34
<
tankf33der >
But i have a system with openssl 1.1.1l
07:34
<
Regenaxer >
According to the link from tankf33der it should work
07:34
<
Regenaxer >
ok, but the same openssl works in Termux
07:34
<
Regenaxer >
but not in PilBox
07:34
<
Regenaxer >
on the same device
07:35
<
Regenaxer >
And exactly the same openssl version I have also on Debian and all works fine
07:35
<
tankf33der >
It returns first doc type line here
07:35
<
Regenaxer >
So it is only PilBox, at least on my device
07:36
<
Regenaxer >
yes, correct
07:36
<
Regenaxer >
Test is:
07:36
<
Regenaxer >
: (ssl "picolisp.com" "wiki" (line T))
07:36
<
Regenaxer >
-> "<!DOCTYPE html>"
07:36
<
Regenaxer >
This fails in PilBox REPL
07:37
<
Regenaxer >
(and in PilBox apps)
07:37
<
Regenaxer >
Thats how I noticed. Some apps failed
07:37
<
Regenaxer >
unusable
07:37
<
Regenaxer >
cause they don't communicate with the servers
07:39
<
Regenaxer >
Something wrong in PilBox
07:40
<
Regenaxer >
I use lib/libssl.so.1.1 and lib/libcrypto.so.1.1
07:40
<
Regenaxer >
The same as in Termux
07:40
<
tankf33der >
Maybe it calls openssl via android middleware
07:41
<
Regenaxer >
I don't think so
07:41
<
Regenaxer >
I use @bin/ssl -> lib/libssl
07:41
<
Regenaxer >
and lib/libssl works in Termux
07:42
<
Regenaxer >
both PilBox and Termux are normal Android apps
07:42
<
Regenaxer >
so lib/ssl should do the same thing in both
07:42
<
Regenaxer >
strange indeed
07:43
<
Regenaxer >
Perhaps some infrastructure needed in openssl is missing in PilBox?
07:43
<
Regenaxer >
root ca
07:44
<
Regenaxer >
In any case it is a cert issue
07:44
<
Regenaxer >
and it worked before
07:44
<
Regenaxer >
and it works on sites
*not* using lets encrypt
07:44
<
Regenaxer >
and fails on sites
*using* lets encrypt
07:45
<
Regenaxer >
So it must have to do with lets encrypt cert change
07:45
<
Regenaxer >
lets encrypt folks say that openssl 1.1 should work
07:54
<
Regenaxer >
My main question at the moment is whether
*other* Android devices have that PilBox problem too
07:54
<
Regenaxer >
I don't trust my OnePlus
07:55
<
Regenaxer >
other things broke too with last update a few weeks ago
07:55
<
Regenaxer >
for example, storage access broke
07:55
<
Regenaxer >
And I have no other recent device
07:58
<
tankf33der >
Missing cert db is good idea
08:00
<
Regenaxer >
My old Nexus tablet also fails
08:00
<
Regenaxer >
So it is not my OnePlus
08:06
<
razzy >
I would like to help, but i do not have working android and i have hangover from yesterday :].
08:06
<
Regenaxer >
thanks, no worry :)
08:06
<
Regenaxer >
tankf33der: How might lib/libssl access the cert db?
08:07
<
Regenaxer >
so I could build it into PilBox
08:09
<
Regenaxer >
Also interesting: The Browser PilBox-App
*does* wor. It can access any site
08:10
<
Regenaxer >
The browser app is based on WebView, a cromium based gui component
08:10
<
Regenaxer >
So it is only @bin/ssl in PicoLisp that fails
08:11
<
Regenaxer >
But the exactly, bitwise, same @bin/ssl works in Termux
08:12
<
Regenaxer >
I build @bin/ssl
*on* Termux
08:13
<
tankf33der >
I will try to repeat today
08:14
<
Regenaxer >
Thanks!
08:20
<
razzy >
I will atempt to compete at adventofcode.com with picolisp. I think it is something where picolisp will shine.
08:20
<
Regenaxer >
Great idea!
08:21
<
Regenaxer >
Do you think you are fluent enough in PicoLisp programming?
08:22
<
razzy >
i think i can be when it starts 1. december.
08:23
<
Regenaxer >
Nice thing. Advent calendar
08:25
<
razzy >
tasks do not take much time. sometimes some people return answers in 30s :D
08:59
<
tankf33der >
Razzy: adventofcode collection picolisp:
09:48
<
razzy >
tankf33der: this is awesome. it saves time with preparation thank you. would you benefit from advent-of-code API that I will try to build to save score time?
10:00
<
tankf33der >
I dont know what you talking about, i just wrote code
10:11
<
razzy >
tankf33der: ok, anyway. You helped me. Thank you.
10:26
<
Regenaxer >
tankf33der: Termux has a etc/tls/cert.pem
10:26
<
Regenaxer >
I wonder what this is for
10:26
<
Regenaxer >
It says "Certificate data from Mozilla"
10:27
<
Regenaxer >
but Termux has no Mozilla
10:28
<
Regenaxer >
Is there an environment variable used by openssl to find certificates? If so, I should put the pem into PilBox and set the env var
10:28
<
tankf33der >
Regenaxer: repeated!
10:29
<
Regenaxer >
indeed!
10:30
<
Regenaxer >
So it is a local cert somewhere
10:30
<
tankf33der >
Your source system is debian, right?
10:30
<
Regenaxer >
well, Debian is not used here
10:31
<
Regenaxer >
PilBox is stand-alone
10:31
<
Regenaxer >
So it must be some way to tell openssl where to search certs
10:31
<
Regenaxer >
And then I must make a PilBox with the cert
10:32
<
tankf33der >
do you have file links in:
10:32
<
Regenaxer >
Termux probably uses ../usr/etc/tls/cert.pem
10:33
<
tankf33der >
“/etc/ssl/certs” ?
10:33
<
Regenaxer >
There is no /etc on PilBox
10:33
<
Regenaxer >
I need an env variable
10:33
<
Regenaxer >
like PATH, LD_LIBRARY_PATH etc.
10:35
<
tankf33der >
From what system you took openssl?
10:35
<
tankf33der >
patches compiled in in binary
10:35
<
Regenaxer >
From Termux
10:35
<
tankf33der >
patches -> pathes
10:36
<
Regenaxer >
Hmm, that would be bad
10:36
<
tankf33der >
on my archlinux based system i need to repeat:
10:36
<
tankf33der >
on my archlinux based system i need this to repeat:
10:37
<
tankf33der >
remove /etc/ssl/cert.pem file
10:37
<
tankf33der >
remove dir /etc/ssl/certs
10:37
<
tankf33der >
check termux has the same
10:37
<
Regenaxer >
Yes, this I understood from the above jpeg
10:37
<
Regenaxer >
yes, see above
10:38
<
Regenaxer >
Termux probably uses ../usr/etc/tls/cert.pem
10:38
<
Regenaxer >
But why did it work before?
10:38
<
Regenaxer >
and still works for non-lets-encrypt?
10:39
<
tankf33der >
it worked before because DST expired 21.sep.2021
10:39
<
tankf33der >
it works everywhere with
*VALID* chain
10:39
<
Regenaxer >
yes, but it gets
*some* root ca
10:40
<
Regenaxer >
So it does not need ../usr/etc/tls/cert.pem
10:40
<
Regenaxer >
usually
10:40
<
tankf33der >
as i understand cert db requires to check if trusted cert can be expired
10:40
<
Regenaxer >
I think there must be some env var
10:41
<
Regenaxer >
$ openssl version -d
10:41
<
tankf33der >
this build file for openssl on archlinux
10:42
<
Regenaxer >
gives OPENSSLDIR: "/data/data/com.termux/files/usr/etc/tls"
10:42
<
tankf33der >
check for --openssldir=/etc/ssl
10:42
<
tankf33der >
# openssl version -d
10:42
<
tankf33der >
OPENSSLDIR: "/etc/ssl"
10:42
<
Regenaxer >
There must be some way to override
10:42
<
Regenaxer >
not just hard-compiled
10:42
razzy has quit [Ping timeout: 264 seconds]
10:44
razzy has joined #picolisp
10:44
<
Regenaxer >
i.e. override OPENSSLDIR
10:45
<
Regenaxer >
hmm: "There is no way to change this value"
10:46
<
tankf33der >
good we found source of issue.
10:46
<
Regenaxer >
but no fix
10:46
<
Regenaxer >
I will ignore certs then
10:46
<
Regenaxer >
Simple: (patch ssl 443 -443)
10:47
<
Regenaxer >
thanks!
10:54
<
Regenaxer >
Else I could change SSL_CTX_set_default_verify_paths(ctx) in @src/ssl.c
10:56
<
Regenaxer >
replace with SSL_CTX_load_verify_locations ?
11:05
<
Regenaxer >
Needs to change the interface for @bin/ssl though
11:07
<
Regenaxer >
tedious
11:13
<
Regenaxer >
I just see there
*is* a tls/cert.pem in PilBox
11:13
<
Regenaxer >
seems I use it already for some purpose
11:13
<
tankf33der >
Something missing then
11:14
<
Regenaxer >
I forgot what it was for
11:14
<
Regenaxer >
in PicoLisp @lib/android.l
11:15
<
Regenaxer >
(sys "SSL_CERT_FILE" "tls/cert.pem")
11:15
<
Regenaxer >
But where is it used? Why did I do that? Empty memory
11:19
<
Regenaxer >
Seems bin/lib/arm64-v8a/libcrypto.1.1.so uses that variable
11:36
razzy has quit [Ping timeout: 260 seconds]
11:37
razzy has joined #picolisp
11:55
<
Regenaxer >
It might well be that I only need to update that cert file in PilBox
11:55
<
Regenaxer >
will try later
11:55
<
Regenaxer >
afp atm
12:31
razzy has quit [Ping timeout: 260 seconds]
12:31
razzy has joined #picolisp
12:34
<
Regenaxer >
OOOhhh, indeed!
12:34
<
Regenaxer >
I'm sooo stupid!
12:35
<
Regenaxer >
Just replacing tls/cert.pem did it!
12:35
<
Regenaxer >
So SSL_CERT_FILE is the env var I was looking for
12:36
<
Regenaxer >
And it has been there all the time!
12:36
<
Regenaxer >
in @lib/android.l (sys "SSL_CERT_FILE" "tls/cert.pem")
12:39
<
tankf33der >
Is it work now?
12:40
<
Regenaxer >
But camera does not work in PilBox now :(
12:40
<
Regenaxer >
different issue
12:40
<
Regenaxer >
Will debug now
14:03
<
Regenaxer >
Give up. Camera in PilBox works fine on old Tabllet with Android 7, but not on OnePlus with Android 11
14:04
<
Regenaxer >
Probably some permission issue. I
*hate* Android!
14:04
<
Regenaxer >
I'd be happy if anyone else tests on Android 11
14:05
beneroth has joined #picolisp
15:46
aw- has quit [Ping timeout: 264 seconds]
16:44
beneroth has quit [Quit: Leaving]
16:45
<
razzy >
beneroth: did you tried compare pilDB to some other graphDB? how well it compare? thank you for answers.