| *** Agatha <Agatha!~agatha@50.38.41.156> has joined #bzflag | 00:15 | |
| *** alfa1 <alfa1!~alfa1@host30.181-14-186.telecom.net.ar> has joined #bzflag | 00:32 | |
| alfa1 | It works (both user and server)! I had to update "openssl" and related packages (while still older than 1.0.2, their built dates are 2014-2016; 1.0.2 is from January 2015) before doing the "quit/add files" thing (and I restored the changes before updating it). | 00:33 |
|---|---|---|
| blast007 | did you get firefox working too? | 00:33 |
| alfa1 | I already had another browser working previously which is more modern (SeaMonkey). But I stopped testing Firefox because I realized it is not installed/native but a [mobile] version. | 00:35 |
| alfa1 | (I have to accept new certificate and then it works anyway; but for lots of sites sadly) | 00:36 |
| blast007 | okay. I was going to mention that Mozilla generally doesn't use the system certificates, so you'd have to load the new root certificate into the browser as well (and possibly remove the old expired root) | 00:37 |
| alfa1 | you are right: the folder into /usr/share/ca-certificates/mozilla, which the system uses for all, are the firefox native version ones | 00:39 |
| alfa1 | I will have to try that later | 00:39 |
| alfa1 | s/folder/certificates/ | 00:40 |
| blast007 | I don't think the files in /usr/share/ca-certificates/mozilla are used by Firefox/SeaMonkey. I think those are just a bundle of certs that Mozilla *provides*. | 00:40 |
| blast007 | For instance, those files are on my headless server | 00:41 |
| blast007 | the Firefox/SeaMonkey/Thunderbird/etc certificates are managed within the browser | 00:41 |
| blast007 | for Firefox ESR 74, it's Preferences > Privacy & Security > View Certificates, and then the Authorities tab | 00:42 |
| blast007 | 78* | 00:42 |
| alfa1 | my Seamonkey is under Wine :) | 00:43 |
| blast007 | it's the same thing on the Windows version | 00:43 |
| alfa1 | but it is using surely other sources since it worked previously (and I think it is not [mobile]) | 00:43 |
| blast007 | Mozilla browsers have their own certificate store that you need to update, at least if the browser itself isn't up to date | 00:44 |
| alfa1 | I updated those too | 00:45 |
| alfa1 | just before | 00:45 |
| alfa1 | still it was not present the one we needed | 00:45 |
| alfa1 | I checked | 00:45 |
| alfa1 | (or at least the pair "quit/add") | 00:45 |
| alfa1 | names were not repeated | 00:46 |
| alfa1 | or similar | 00:46 |
| alfa1 | but mozilla firefox uses the system certificates if it is installed I guess; checking... | 00:47 |
| alfa1 | (if firefox is installed) | 00:47 |
| blast007 | I don't think it does... the Windows version of Firefox *might*, at least in some cases, if it's recent. I seem to recall that was added. Might be behind an optional setting though. | 00:48 |
| blast007 | yeah, there's an option to allow FF to use system certs, but I don't know if that works on Linux. | 00:53 |
| alfa1 | I see the option into browser certificates management, yes: I will try to delete and import | 00:53 |
| blast007 | yup, that's the way I'd recommend | 00:54 |
| alfa1 | ok; working! thanks! | 00:58 |
| alfa1 | I didn't delete X3 but stopped trusting on it for web sites (unchecked it) | 00:59 |
| alfa1 | changing topic: using space at start of a line on the chat makes it not logged as before? | 01:00 |
| alfa1 | does make it* | 01:02 |
| alfa1 | test | 01:03 |
| blast007 | I have no idea. We're using an entirely different bot, so that might not apply. | 01:10 |
| alfa1 | ok | 01:12 |
| alfa1 | which is the nick of the bot? | 01:14 |
| blast007 | BZNotify | 01:15 |
| alfa1 | the log one? | 01:16 |
| alfa1 | ah "ChannelLogger", I see | 01:17 |
| alfa1 | blast007: must be the variable "noLogPrefix"; it would be good to be set to space again IMO | 01:34 |
| *** alfa1 <alfa1!~alfa1@host30.181-14-186.telecom.net.ar> has quit IRC (Remote host closed the connection) | 03:04 | |
| *** Zehra <Zehra!~Yukari@user/yukari> has quit IRC (Quit: Quit.) | 04:06 | |
| *** _I_Died_Once <_I_Died_Once!~I_Died_On@c-73-184-170-223.hsd1.ga.comcast.net> has quit IRC (Ping timeout: 252 seconds) | 08:17 | |
| *** blast007[m] <blast007[m]!~blast007m@2001:470:69fc:105::7ec> has quit IRC (Quit: You have been kicked for being idle) | 09:00 | |
| *** Sgeo <Sgeo!~Sgeo@user/sgeo> has quit IRC (Read error: Connection reset by peer) | 09:57 | |
| *** the_map <the_map!~the_map@user/the-map/x-5158391> has quit IRC (Ping timeout: 250 seconds) | 14:23 | |
| *** the_map <the_map!~the_map@user/the-map/x-5158391> has joined #bzflag | 15:07 | |
| *** I_Died_Once <I_Died_Once!~I_Died_On@c-73-184-170-223.hsd1.ga.comcast.net> has joined #bzflag | 16:03 | |
| *** root4 <root4!~root@host101.190-137-39.telecom.net.ar> has joined #bzflag | 18:15 | |
| root4 | hi, im alfa1; I am having trouble now connecting to the graphic interface of linux after updating [openssl] and others iirc; any idea what is happening? | 18:17 |
| *** blast007[m] <blast007[m]!~blast007m@2001:470:69fc:105::7ec> has joined #bzflag | 18:18 | |
| root4 | (I can join with console) | 18:18 |
| blast007 | hard to say | 18:21 |
| blast007 | check logs and also inspect what you upgraded (which may also be in the logs) | 18:21 |
| root4 | I think never happened before; I try logging in several times and every time it fails and returns to the login screen | 18:22 |
| blast007 | tried adding a new user and logging in with that new user? that would narrow down if it's system-wide or just something broken with your account. | 18:23 |
| root4 | log doesn't say anything as far as I saw; good idea: new user (I tried with 2 and failed)... | 18:24 |
| root4 | sorry I am loggued as root, rejoining | 18:25 |
| *** root4 <root4!~root@host101.190-137-39.telecom.net.ar> has quit IRC (Quit: WeeChat 0.3.3) | 18:25 | |
| *** nb_j <nb_j!~nb_j@host101.190-137-39.telecom.net.ar> has joined #bzflag | 18:26 | |
| *** nb_j <nb_j!~nb_j@host101.190-137-39.telecom.net.ar> has quit IRC (Client Quit) | 18:26 | |
| *** alfa1 <alfa1!~nb_j@host101.190-137-39.telecom.net.ar> has joined #bzflag | 18:28 | |
| alfa1 | sorry | 18:29 |
| *** alfa1 <alfa1!~nb_j@host101.190-137-39.telecom.net.ar> has quit IRC (Client Quit) | 18:29 | |
| *** Sgeo <Sgeo!~Sgeo@user/sgeo> has joined #bzflag | 18:46 | |
| *** alfa1 <alfa1!~alfa1@host58.190-224-209.telecom.net.ar> has joined #bzflag | 20:27 | |
| alfa1 | I restored the versions of the packages to the initial values then I am able to join again... but now bz doesn't work :( (I needed to check it, just in case, because I was trying yesterday by using firefox sometimes not bzflag). | 20:34 |
| alfa1 | I got openssl versions mismatch on ~/.xsession-errors on both users. I researched and all solutions seemed a bit risky. (New user created was able to join as well as an old user which was not logged yesterday.) | 20:34 |
| alfa1 | Just wanted to shared it. Still don't know what to do for now. I surely will keep thinking later. | 20:34 |
| alfa1 | and the second 2 users used to research/downgrade are able to join now as well (then not behaving like the first 2) | 20:36 |
| alfa1 | a bit/a lot risky since some were telling to break dependencies (to uninstall "openssh" and install it again or something similar) | 20:39 |
| alfa1 | openssl* (some were talking of "openssh" as well) | 20:39 |
| alfa1 | I guess Firefox works with the simple interchange of the certificates because it is more modern than my system | 20:42 |
| alfa1 | it uses libssl3.so | 20:44 |
| blast007 | alfa1: check if these two commands work (I would expect the first to fail, but I wonder if the second works): | 20:44 |
| blast007 | curl -I https://one.secure.porteighty.org/ | 20:44 |
| blast007 | curl -I https://three.secure.porteighty.org/ | 20:44 |
| alfa1 | yes: first fails; second works | 20:47 |
| blast007 | cool. I'll be switching the BZFlag servers over to work like the second link. | 20:47 |
| alfa1 | oh nice, thank you! | 20:48 |
| alfa1 | if I may know: what is the difference? | 20:52 |
| alfa1 | (or tell me later when you finish) | 20:53 |
| blast007 | the second is generated without a workaround for older android devices, which confuses OpenSSL versions older than 1.1.0 | 20:53 |
| blast007 | but leaving the workaround out won't break old android devices until the end of September 2024 | 20:54 |
| blast007 | ("old" in this case being older than 7.1.1) | 20:54 |
| alfa1 | ah, nice | 20:55 |
| alfa1 | apart: computers are more important than cellulars :) | 20:56 |
| alfa1 | I know my system is old btw | 20:57 |
| alfa1 | (still working but near to need upgrade) | 20:57 |
| blast007 | just trying to think of the best way to do this, since I also need to update certbot to be able to do this | 21:00 |
| blast007 | on my test system I just used pip to get the current version, but I don't like using system-wide pip installed software | 21:01 |
| alfa1 | 7.1.1 - December 1, 2016 | 21:02 |
| blast007 | yeah, I'm not too concerned about android | 21:02 |
| alfa1 | nice | 21:02 |
| alfa1 | take your time; don't worry for me | 21:03 |
| alfa1 | I still can join and play | 21:03 |
| alfa1 | and thanks all! | 21:04 |
| *** alfa1 <alfa1!~alfa1@host58.190-224-209.telecom.net.ar> has quit IRC (Remote host closed the connection) | 21:04 | |
Generated by irclog2html.py 2.17.3.dev0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!