anarcat
anarcat
related? https://bugs.launchpad.net/ubuntu/+source/socat/+bug/1936407 https://groups.google.com/g/ganeti/c/BV8GvyN93w0
> Disk 0 failed to send data: Exited with status 1 (recent output: socat: E certificate is valid but its commonName does not match hostname "ganeti.example.com") oh, i did get...
> did you manage to get a sample of what the daemon actually executes on your end? i managed to do an execsnoop and catch this: ``` socat 14118 14114...
i managed to extract the full commandline with bpftrace: ``` 592586 68380 /usr/bin/socat -ls -d -d -b1048576 -u stdin OPENSSL:204.8.99.102:43419,connect-timeout=20,retry=10,intervall=1,keepalive,keepidle=60,keepintvl=10,keepcnt=5,verify=1,cipher=HIGH:-DES:-3DES:-EXPORT:-DH,compress=none,key=/var/run/ganeti/crypto/x509-2023-03-15_16_54_20-q4e8scoz/key,cert=/var/run/ganeti/crypto/x509-2023-03-15_16_54_20-q4e8scoz/cert,cafile=/var/run/ganeti/import-export/export-disk2-2023-03-15_17_03_50-3p2a6wa7/ca,pf=ipv4,openssl-commonname=ganeti.example.com ```
okay, so i did this test. 1. generate a self-signed certificate: `openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -nodes -subj '/CN=ganeti.example.com' -days 1` 2. start a socat...
well shit: ``` root@chi-node-08:~# certtool -i < /run/ganeti/crypto/x509-2023-03-15_18_19_00-scnvnih3/cert | grep Subject: Subject: CN=chi-node-08.torproject.org ``` that's doing a `move-instance`, while the backup is being exported, before the `socat`, and on the...
okay, I got this to work! i had to do some pretty nasty stuff like resolving the IP address given to impexpd as I can't figure out why or where...
> So we are down to "replace the crypto/x509 library with possible side-effects" or "still rely on DNS, just at a different stage". i'm not sure i can follow you...
works now.
i would close this in favor of #59 which has more details, including news from the Mozilla developers that they now include U2F support straight in FF 57!