The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Monday, August 06, 2018

I guess we'll see how well CBOR works

The Corporate Overlords of The Corporation have spoken, and lo, they said “Worry not, for you do not have to deal with the stupidity—we shall deal.” So great, we don't have to drink the REST/HTTPS über alles Kool-Aid™, but instead query our Corporate Overlords for the data, who have drunk the REST/HTTPS über alles Kool-Aid™ (or were forced to by the company we query for the data—the end effect is the same though).

Sigh.

So for now, we still make our queries via UDP, only now in CBOR—the legacy format of DNS is apparently too arcane to support any more.

I have a Lua module but we also need one in C. There are some existing ones, but they have their issues (either an alien build system or missing some critical CBOR feature) so I've been working on a C library I started a few years ago and never finished.

It's working now, and to test it, I've been using valgrind to ensure memory safety, in addition to using /dev/urandom to generate random garbage:

GenericUnixPrompt% dd if=/dev/urandom count=2 | tee bad-data | valgrind ./testdecoder

dd is one of those relatively arcane Unix programs that I find useful on occasion (like here to generate some random data). tee I use to record the data so I can play it back when valgrind finds an issue. This is a reasonable way to fuzz a program. It did find several issues that could have lead to a crash, and I don't leak any memory so the code should be good to go.


It seems that checking the TLS API version number is useless

I've pretty much finished the Lua TLS module and before releasing it, I thought it might be nice to ensure it compiles with previous versions of libtls. The main header file contains the defined value TLS_API, which I assume is updated whenever the API is updated. So I began the arduous procedure of downloading previous versions of libtls to ensure I can compile against any version.

I started with LibreSSL version 2.7.4 (current when I started—they are now up to 2.8.0 as I write this). The defined value TLS_API had a value of “20180210”. I checked version 2.7.0 and no change in libtls. It wasn't until I got into the pre-2.7 versions that things started going south.

The previous version of TLS_API, “20170126”, was first defined in 2.5.1, and last used in 2.6.5. But the API changed quite a bit between versions 2.5.1 and 2.6.5. Five functions were added:

  1. tls_config_set_crl_file()
  2. tls_config_set_crl_mem()
  3. tls_config_set_ecdhecurves()
  4. tls_peer_cert_chain_pem()
  5. tls_unload_file()

What's the point of having a defined value like TLS_API if it doesn't change when you add new functions?

Fortunately, the defined value LIBRESSL_VERSION_NUMBER is updated per version, so at least I can use that.

Sigh.

Tuesday, August 07, 2018

All I'm asking for is some consistency between APIs and version numbers

When I first started working with libtls, I thought that TLS_API designated a change in API so that one could work with different versions of the library without breaking the compilation process. Sadly, that wasn't the case, so I switched to using LIBRESSL_VERSION_NUMBER, as that seemed to regularly change with each version.

I was doing this so that my Lua wrapper could be compiled with any version of libtls. Why break things unnecessarily? And things were going fine until I hit version 2.2.1, and well …

Mismatches in libtls between functions added, LIBRESSL_VERSION_NUMBER and TLS_API
Version Functions LIBRESSL_VERSION_NUMBER TLS_API
Version Functions LIBRESSL_VERSION_NUMBER TLS_API
2.1.2
  • tls_accept_socket()
  • tls_client()
  • tls_close()
  • tls_config_clear_keys()
  • tls_config_insecure_noverifycert()
  • tls_config_insecure_noverifyhost()
  • tls_config_set_ca_file()
  • tls_config_set_ca_path()
  • tls_config_set_cert_file()
  • tls_config_set_cert_mem()
  • tls_config_set_ciphers()
  • tls_config_set_ecdhcurve()
  • tls_config_set_key_file()
  • tls_config_set_key_mem()
  • tls_config_set_protocols()
  • tls_config_set_verify_depth()
  • tls_config_verify()
  • tls_configure()
  • tls_connect()
  • tls_connect_fds()
  • tls_connect_socket()
  • tls_error()
  • tls_free()
  • tls_init()
  • tls_read()
  • tls_reset()
  • tls_server()
  • tls_write()
0x20000000 20141031
2.1.4
  • tls_load_file()
0x20000000 20141031
2.2.0
  • tls_accept_fds()
0x20000000 20141031
2.3.0
  • tls_config_insecure_noverifytime()
  • tls_config_prefer_ciphers_client()
  • tls_config_prefer_ciphers_server()
  • tls_config_verify_client()
  • tls_config_verify_client_optional()
  • tls_conn_cipher()
  • tls_conn_version()
  • tls_handshake()
  • tls_peer_cert_contains_name()
  • tls_peer_cert_hash()
  • tls_peer_cert_issuer()
  • tls_peer_cert_provided()
  • tls_peer_cert_subject()
  • tls_read() (paramter change)
  • tls_write() (parameter change)
0x20030000 20141031
2.3.1
  • tls_peer_cert_notafter()
  • tls_peer_cert_notbefore()
0x20030001 20141031
2.4.0
  • tls_config_keypair_file()
  • tls_config_keypair_mem()
0x2040000f 20141031
2.5.0
  • tls_accept_cbs()
  • tls_config_add_keypair_file()
  • tls_config_add_keypair_mem()
  • tls_config_alpn()
  • tls_conn_alpn_selected()
  • tls_conn_servername()
  • tls_connect_cbs()
0x2050000f 20160904
2.5.1
  • tls_ocsp_process_response()
  • tls_peer_ocsp_cert_status()
  • tls_peer_ocsp_this_update()
  • tls_peer_ocsp_url()
  • tls_config_add_keypair_ocsp_file()
  • tls_config_add_keypair_ocsp_mem()
  • tls_config_add_ticket_key()
  • tls_config_keypair_ocsp_file()
  • tls_config_keypair_ocsp_mem()
  • tls_config_ocsp_require_stapling()
  • tls_config_ocsp_staple_file()
  • tls_config_ocsp_staple_mem()
  • tls_config_session_id()
  • tls_config_session_lifetime()
  • tls_peer_ocsp_crl_reason()
  • tls_peer_ocsp_next_udpate()
  • tls_peer_ocsp_response_status()
  • tls_peer_ocsp_revocation_time()
0x2050100f 20170126
2.6.0
  • tls_config_crl_file()
  • tls_config_crl_mem()
  • tls_peer_cert_chain_pem()
  • tls_unload_file()
0x2060000f 20170126
2.6.1
  • tls_config_echdecurves()
0x2060100f 20170126
2.7.0
  • tls_config_session_fd()
  • tls_conn_session_resumed()
0x2070000f 20180210

I'm not asking for much. I'm not asking for slavish adherance to semantic versioning. I'm just asking for a consistent way to check an API to I can support earlier versions of a library.

Don't get me wrong, I'm glad that libtls exists, and as an API, it's much nicer than the eldritch horror of OpenSSL.

I just wish they had updated TLS_API (or LIBRESSL_VERSION_NUMBER) consistently. Otherwise, why have them in the first place?


Oh wait … I see now … send a completely crazy email so I'll post it

I get quite a bit of spam asking to add links to old entries. It's clear that they do a search for something like “Lost Wages” and spam the XXXX out of people who link to any page dealing with their search term. But the one I received yesterday …

From
Adam Conrad <adam@shihtzuexpert.com>
To
sean@conman.org
Subject
Article Contribution on Boston.Conman.Org
Date
Mon, 6 Aug 2018 23:38:14 -0700

Sean,

I really like the post on your site at http://boston.conman.org/2007/12/27.1

I’ve also, been writing about Shih Tzu and other small, toy or medium breed dogs and related issues like health, food etc at

The Shih Tzu Expert

http://shihtzuexpert.com/canine-distemper/

I would love the chance to write a unique and an interesting guest post for your blog.

I can write about any topic related to pets.

Our articles are 700+ words, written by native English speakers/writers.

Our content is unique, fresh, detailed, and thoroughly researched.

If it covers medical issues or advice, we always require our in house veterinarian to check accuracy of facts before publication.

A selection of titles we are proposing

If there is any topic you want us to cover, please feel free to let us know.

Please feel free to contact me if you have any questions.

Best regards,

Adam Conrad

ShihTzuExpert.com

Seriously … WTF?

The page Adam linked to?

Nothing to do with dogs!

I have entries where I talk about dogs. And cats. And dogs and cats. It's not like Adam lacked entries to choose from.

But nooo! Adam choose one sans dogs.

What?


Notes on an overheard conversation in a typical company lunch room

“Nice music.”

“It's classical.”

“Classical? That's modern jazz.”

“It's Gershwin. He's white, and he's dead. Therefore, it's classical.”

“So is Kurt Cobain, but I don't consider his music classical.”

Friday, August 10, 2018

Just a small observation about an email I received at work

I'm checking the work email and lo, there's email from our Vice President of Product Management requesting us, unironically, to wear our Corporate flair.

Obligatory Picture

[“Only the highest fidelity images are used for identification purposes!”

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: http://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

http://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2018 by Sean Conner. All Rights Reserved.