Dr Clèm's Blog

Taille d'une image, et plus, en ligne de commande

Thursday Jul 30, 2020 14:02

Je viens de découvrir la commande file. Celle-ci permet d'obtenir des informations rudimentaires sur un fichier. Par exemple

% file template-xenial.cfg template-xenial.cfg: ASCII text
Pour les images PNG, cette commande retourne notamment le nombre de pixels dans chaque direction
% file firefox.svg.png
firefox.svg.png: PNG image data, 2000 x 3135, 8-bit/color RGBA, non-interlaced
J'essayerai d'utiliser cette commande pour créer les champs Open Graph protocol de mes notes de blog.

Activer le plugin IPv6 dans AWStats

Tuesday Jul 28, 2020 15:46, last edition on Tuesday Jul 28, 2020 15:51

Dans AWStats, si à l’exécution de

/usr/lib/cgi-bin/awstats.pl -config=domain.tld -update
vous avez des retours sur l'impossibilité d'effectuer la résolution DNS inverse des IPv6, cela veut dire que le plugin IPv6 n'est pas activé. Ce plugin dépend de deux modules, Net::IP and Net::DNS. Sur Ubuntu, il est possible des les installer avec APT
% apt install libnet-ip-perl libnet-dns-perl
Pour activer le plugin avec Vim, vous devez ouvrir le fichier de configuration du virtual host /etc/awstats/awstats.domain.tld.conf et entrer la commande
:%s/#LoadPlugin="ipv6"/LoadPlugin="ipv6"/
La commande
/usr/lib/cgi-bin/awstats.pl -config=domain.tld -update
devrait normalement s’exécuter normalement.

Vim : Ajouter en fin de ligne et utiliser le texte yanked dans une commande

Tuesday Jul 28, 2020 12:02

Je vous présente deux petites astuces avec Vim.

Ajouter en fin de ligne

Pour ajouter en fin de ligne, il suffit de remplacer $, qui signifie fin de ligne, par ce que vous voulez ajouter. Je l'utilise pour écrire sur ce blog, par exemple pour ajouter des balises <br> lorsque je copie colle de longues sorties de terminal. Par exemple

:%s/$/a/
Ajoutera a à la fin, $ de chaque ligne du fichier, %.

utiliser le texte yanked dans une commande

Lorsque l'on cherche à faire des substitution ou lorsque l'on veut chercher un élément assez long, il arrive fréquemment qu'il soit pratique de copier coller le texte depuis la zone de texte vers l'interface en ligne de commande. Pour réaliser cette action, il faut yank le texte, rentrer de commencer à écrire sa commande avec :, puis pour coller, put, il faut faire Ctrl+R puis ".

Apache HTTP Server ne renvoie pas le bon certificat à OpenSSL

Tuesday Jul 28, 2020 10:07

J'ai utilisé OpenSSL pour vérifier le certificat de ce site fonctionnant avec Apache HTTP Server et j'ai obtenu des résultats aléatoires.

% openssl s_client -connect clementfevrier.fr:443
CONNECTED(00000005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = clementfevrier.fr
verify return:1
---
Certificate chain
0 s:CN = clementfevrier.fr
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGbzCCBVegAwIBAgISA5hZCLbOyHsuTxNLqVmT2Ux+MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA2MTAwOTA3MjBaFw0y
MDA5MDgwOTA3MjBaMBwxGjAYBgNVBAMTEWNsZW1lbnRmZXZyaWVyLmZyMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt6arsvarIBaP0LmwOYpg3J2sFH69
g23kgUXPHEg+icDl16O0yLsNZy/3OmnBS+pL1ZXT1IyfX7YC6GwOYWoBb8dfwS6V
TncKhtwTPG28FJSuXezMlcjCOSdq0cxyrmt4SHajdeaaNNGPRqRjsOAtYT1KMsTM
FhxfSAT+gbSA0iqY632m22329P3OEVpjbBgkNAXE3Nv5x5AqIrAK+GsppX2A8wr0
a5n3sF0fYb8byCoaCwVvV1Bgwa20adJHUjCTBSYOoGR1wpo3LDys/GATLAUfYSOy
bSzTP4b8DWAxspFDcm0aQuO9/PzYlOP+jeq6ShYM+3OybQe/yrmvEpckX2Jz00O/
5mx0nJLd77jaBNkC02hEdL0z5G59qq4G/mgm2em4tjHk8wvPuQ8yohnLr0lk7BPZ
bedEyFb6OM8WJYufBaR/wqo31VTRzUGzNwXJqzzVW2yZUrcYKF3/nAfhq3fivPNx
J2CqpSE7wopf1jJ2lkKITlAJXGXAnePwDpMxx1DEofhLnxvAE1xWlb81qSuyKlAQ
V2jiwflvFUoY0Y1cGJyINBzLuMBiSSJtTlpELGxw7zbQKTdWQizQxL5YEcq0zCoj
KnZMlmYD79JKQ5HfCIv6kPjyllh/r6DVS6WuKd/B0YaRoU6H+9jkb+CE3I2QU0OV
VtCIq8K5zRmJrGkCAwEAAaOCAnswggJ3MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
L8eqTvf8KwSRnt5TaPS1y2vuufEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl
7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5p
bnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
bnQteDMubGV0c2VuY3J5cHQub3JnLzAxBgNVHREEKjAoghMqLmNsZW1lbnRmZXZy
aWVyLmZyghFjbGVtZW50ZmV2cmllci5mcjBMBgNVHSAERTBDMAgGBmeBDAECATA3
BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy
eXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ALIeBcyLos2KIE6HZvkr
uYolIGdr2vpw57JJUy3vi5BeAAABcp2yzLwAAAQDAEYwRAIgaR2cyhJ0XGOo6t5j
ONvKPspMdGAp9wFf3mGj4kfAN10CIBdLdswoMfdwZ/qveOJjpLJiTRjq8LeTZzMv
UZZUwBX3AHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFynbLM
5gAABAMASDBGAiEAu3mmQ6lFg6EvA32qSvRNRoXhviRmb1cYJNi2gqn0ShICIQDR
UvdT/vhSgH7O3B8L+TkGKyHwWibis3FpdrkEH1MERDANBgkqhkiG9w0BAQsFAAOC
AQEAgOfa0V7+sn2WULujrQy3Ob837nV+oMDmQgv59SKUR9aOxU3CBAcGsXOXzS6Z
aY1AUFT9b8D4YKNCjVi/0jruEXNGEk49IviHmU+7r2blf2MuvQfoQIABjGUvKH5+
u2dP+8Y+kqwfZc/lZ04KjMCJv1+osQMzBHhzz5HQ9SR+XgBG+Ah+5XxClfzm1odu
1IGWDrC7qDzv4leqWk69uazZLjEPWDxodFsgPAlviCnYBT1Q58x8UcOoqbRVT6Fo
3Gyi0wUeMG3wx4bbzhLKpeyJEd9BxX0U1MMR3moublihWvnIh06OXday6QjxWR/r
bYOkfH/5V04jDm8tSnC3lK9C/Q==
-----END CERTIFICATE-----
subject=CN = clementfevrier.fr

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3646 bytes and written 399 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: EA567A55348D38DEC3BBB7414AB1B3B38A7E4FEFA0AA8FB0468E97650F359FC0
Session-ID-ctx:
Resumption PSK: E335C79A8C6F1F18480760304163359F1E741208AACF26D94CF49B88B87541BA0DE9592D89D2091B90C08134EDD4D6AF
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 7c 56 31 2e 2c 34 71 38-1a d8 ab 01 6c 69 0a 58 |V1.,4q8....li.X
0010 - 69 62 0c 1b 33 4f ab 0a-4e aa b6 5a 3f f5 d6 bb ib..3O..N..Z?...
0020 - 73 b8 d0 8a ff f6 9c 38-fc 31 a2 da 4a 25 62 9b s......8.1..J%b.
0030 - e9 9f 09 04 7b cd 24 71-01 42 76 d2 3d 00 e5 1b ....{.$q.Bv.=...
0040 - ff 45 ab 98 41 60 2f e2-ee d5 25 5d 69 1c 89 01 .E..A`/...%]i...
0050 - 13 ec 1a 72 b7 e0 3b 9d-51 d7 87 31 6c 89 b4 a5 ...r..;.Q..1l...
0060 - eb c4 44 83 e3 99 06 2c-e8 c1 d1 a6 e1 d2 4d 19 ..D....,......M.
0070 - 69 7e 6d 62 c7 b6 00 b5-f7 e6 ae 6e 69 bf bb 90 i~mb.......ni...
0080 - 43 87 7a be 00 75 8f 24-cb 01 17 cb fb f9 35 71 C.z..u.$......5q
0090 - fa 73 57 f9 28 cb 16 86-91 a4 14 58 cb 25 49 cf .sW.(......X.%I.
00a0 - d4 e8 2a 6a 3b 94 0b 08-72 a0 3e 2a 8c cd ff 39 ..*j;...r.>*...9
00b0 - 59 36 52 97 2c c7 2f 92-ce 99 8d 8b 24 3d 14 fc Y6R.,./.....$=..
00c0 - 2b 6e 83 07 6e da 57 35-31 c9 35 fd 53 4f 5d af +n..n.W51.5.SO].
00d0 - 4a 01 ce c5 b7 7a 3b 13-e5 b0 7a 3f 14 d1 ba f4 J....z;...z?....
00e0 - 88 9f dd 09 20 6c 76 d6-69 88 e9 6b 78 8b b3 36 .... lv.i..kx..6
00f0 - fe 04 38 bd ea 30 16 c0-b8 37 6a 5e db a5 1c 19 ..8..0...7j^....

Start Time: 1595887003
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: EDFE0B9061C93DC3C98510117D0A9824979A4423673597A76D1D10AF97969726
Session-ID-ctx:
Resumption PSK: 620FE5C493BD46AC848548F637F1FE74F2A2FF44449BAA785E4F7EEE12393FBA9533805DA1B41835F3BF1A2E232EC212
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 7c 56 31 2e 2c 34 71 38-1a d8 ab 01 6c 69 0a 58 |V1.,4q8....li.X
0010 - 95 68 d7 b3 f6 39 18 5c-36 53 f4 ef 1a dc 3a 8e .h...9.\6S....:.
0020 - 92 9b 96 4d 35 4e dc f7-1a 4c 6e 69 9b 51 cb 98 ...M5N...Lni.Q..
0030 - b9 d4 e0 bb 18 db 2c 2e-46 14 14 e2 98 73 2f a4 ......,.F....s/.
0040 - 40 55 e9 7a 59 fb 26 70-09 03 cd 41 0d 16 ce 43 @U.zY.&p...A...C
0050 - 2d 63 9d 3f 2a 52 3f d9-e3 d0 c8 b8 5a bf 9d ba -c.?*R?.....Z...
0060 - c9 e3 f3 1f 40 ba 91 c5-84 eb 57 d5 e3 51 62 1e ....@.....W..Qb.
0070 - 3c c6 65 6d 98 2e f4 f7-87 75 c3 37 f1 ae 7a 9f <.em.....u.7..z.
0080 - 85 a6 91 58 ec fc 68 7f-81 18 0b da ee 19 ab aa ...X..h.........
0090 - c9 88 d1 39 d6 7a de 21-53 8b b1 b0 9d 1d 4d ce ...9.z.!S.....M.
00a0 - a6 e9 98 79 74 75 fd eb-06 f2 60 b7 35 c7 ff d6 ...ytu....`.5...
00b0 - 0b 26 32 da c8 b1 8f e5-ec da c7 59 90 3f 47 9a .&2........Y.?G.
00c0 - fb ef 0d a8 f8 75 0a cb-f1 ea b9 24 bb cc 5a 27 .....u.....$..Z'
00d0 - f0 41 be 36 11 b3 cf e7-cd a2 a2 95 49 23 f0 f6 .A.6........I#..
00e0 - 79 40 3a b2 a7 81 ff cf-0b 35 10 32 0d b1 3e e9 y@:......5.2..>.
00f0 - 73 8a c1 6f 27 8e 96 53-3d 8d 12 7d 45 94 18 3c s..o'..S=..}E..<

Start Time: 1595887003
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
% openssl s_client -connect clementfevrier.fr:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = forumanalogue.fr
verify return:1
---
Certificate chain
0 s:/CN=forumanalogue.fr
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGbjCCBVagAwIBAgISBJpK5d6fFdQjt8g9YwVRHQi4MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA2MTAwODUzMjNaFw0y
MDA5MDgwODUzMjNaMBsxGTAXBgNVBAMTEGZvcnVtYW5hbG9ndWUuZnIwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2r4Xal8UI93cg0paqi2E185pfodRr
iMrLlqPq80XV0fttsCLsoASmKCB/XMb1dTNYwDc1sm5js0I4la2boBeN+qnlNda0
bs3ycH7tClM7mKKl3puDpl2YTTlfcBlXq21/l2bLt3peX6DjrOl4a2TLf51pqgea
NaKHLJva6k2wyDxUEHsFmNfw3oCJZaIy27VV+UcfJOtsw8UoaP1N9JTvHBdjZQUn
awNaHNuWaxG0IWyljmNtZJIrn2oGq5H9jHirC3KEg3X6D0l3SlO5PA5AZCUg0wlY
i65tVt4Hd319yD+etMiDcLZyGcN6dscYYwV2NZe9mSiY2OYAOwia5GIiBO7WOjxB
GYWH7jI1nyLZa1N/lozW/084o61W02Q76fiU20CBcQC20CaNZ6uKhXawc3KhMMnC
ZfkWA0/U+nJLu9sGYLvnaOdKEpFtBjHEB9nY2MZ75C8IpT/dM5OOkWDju7BasN1U
YqoB2L+Tb93QAioCXsmdkajUdM05n4RJcs2gFzeB+0ip661/IoeQhTzyprpW6++C
Z2HyrSDyvMaEtP3dQjmpi4CW8JBJhzj0671zhOdvIZVETo3LmDGOw2m68lc5ZVHU
RNt9e4fJHChaCIs9e6NP+cEOvJMSVbqG3g5EgiHN8rNc374B+uWTlIinhXJ2ngqI
iLCpBs8MnxWhvQIDAQABo4ICezCCAncwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTf
ZuBN3lyieTg9hUMHchYLipExyjAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmlu
dC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu
dC14My5sZXRzZW5jcnlwdC5vcmcvMC8GA1UdEQQoMCaCEiouZm9ydW1hbmFsb2d1
ZS5mcoIQZm9ydW1hbmFsb2d1ZS5mcjBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AF6nc/nfVsDntTZIfdBJ4DJ6
kZoMhKESEoQYdZaBcUVYAAABcp2mB3kAAAQDAEgwRgIhAI8BZ9sHZfyfXvHrurVg
aey40vkWsPt+0yIguqz5R1qcAiEAhnowj6V6S8L7OK5o4XUiA9dSKuBtZgRapm8A
2rVUfnsAdwAHt1wb5X1o//Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXKdpgej
AAAEAwBIMEYCIQCgpRxyo7WgNIVorX4ZD0SmOTTbbPamr7iUtgwA0372OgIhALKP
4e969RZk9LfQnTpqYv6EzgxHeBqr38TltkNTnXngMA0GCSqGSIb3DQEBCwUAA4IB
AQBB6eZGn/iEFiNxdEMD/uQlXlHL7skYIKRPWKHXqyVXF1Z6srZnM+XbecOLpCxr
ZWuZRV9O2uvkgxdXxIt2vXpxasvW0WQm2n92o2i8Mfi23e3sqqXAHgdevCRn1WDK
/k4cq0XvmISusCJWZyeOUqhZPqUby6zGFQxKPzKTpg9xIpHEXKS0PYEEw86QJPch
P2LHrdD1GPnwOvOPG1J+Q3sSKH7D+sU7XuJxFn+wbSAZz8IWMJ/XAB5YoZkQve+p
bYBiHds0RWfsKDSlybcRRZukx5vncCFQ2zye0sHUSacLs7JcspSdCALAKBHUV6PN
thR4aLG54Kp1XUGghHSskHKJ
-----END CERTIFICATE-----
subject=/CN=forumanalogue.fr
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3769 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 35C2D13A9EF98911E09237E588C6BDB54B83B32C6F453CF60E7C4821C53A3148
Session-ID-ctx:
Master-Key: 35ACDCD6ED409A658425D8B8D4135DD3B4FAAD565E1AB03DAB0B1227B9D55046C8F17E450519D937282C82270D4A7BD1
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 7c 56 31 2e 2c 34 71 38-1a d8 ab 01 6c 69 0a 58 |V1.,4q8....li.X
0010 - 47 9b 56 88 a7 52 73 5a-8d 9e 29 87 c9 3c 49 18 G.V..RsZ..).. 0020 - e3 f9 9e ef 58 cb 4e 29-43 b1 2a 92 d4 a4 d5 ef ....X.N)C.*.....
0030 - b8 4f ac c6 8f 81 c1 5a-76 b0 1b 63 65 a7 95 0b .O.....Zv..ce...
0040 - 73 f2 38 5a 04 f3 53 24-f7 b0 07 c9 75 25 ef 29 s.8Z..S$....u%.)
0050 - b8 61 b9 4d 42 24 88 ae-36 40 b9 6a 8d 1f 28 57 .a.MB$..6@.j..(W
0060 - b4 9a 7d 10 45 18 e7 7b-ea 77 fc c8 8d 2a e9 00 ..}.E..{.w...*..
0070 - e4 7a 10 64 88 62 a6 0b-9b 24 2c c8 2a 62 aa e7 .z.d.b...$,.*b..
0080 - bb 4d 43 50 f2 48 80 20-0b 40 83 1d 90 79 b5 8a .MCP.H. .@...y..
0090 - 6a d5 b0 7b cf a9 96 96-72 0f c8 a7 a5 1c 17 29 j..{....r......)
00a0 - ed 33 b4 4a 2f b9 d2 a3-b7 ae 73 70 bd f3 6f 3a .3.J/.....sp..o:
00b0 - 6c 02 29 fe b0 02 90 fd-64 5a bb fd 91 77 bb ab l.).....dZ...w..

Start Time: 1595887288
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed
Comme on peut l'observer dans la deuxième réponse, le champs CN ne correspond pas au nom du serveur indiqué à OpenSSL. Il s'avère que Apache HTTP Server renvoie aléatoirement un certificat parmi ceux des virtual hosts. Pour s'assurer d'avoir le bon certificat, il faut utiliser l'extension Server Name Indication du protocole TLS. Avec openssl, il suffit d'utiliser l'option -servername.
% openssl s_client -connect clementfevrier.fr:443 -servername clementfevrier.fr
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = clementfevrier.fr
verify return:1
---
Certificate chain
0 s:/CN=clementfevrier.fr
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGbzCCBVegAwIBAgISA5hZCLbOyHsuTxNLqVmT2Ux+MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA2MTAwOTA3MjBaFw0y
MDA5MDgwOTA3MjBaMBwxGjAYBgNVBAMTEWNsZW1lbnRmZXZyaWVyLmZyMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt6arsvarIBaP0LmwOYpg3J2sFH69
g23kgUXPHEg+icDl16O0yLsNZy/3OmnBS+pL1ZXT1IyfX7YC6GwOYWoBb8dfwS6V
TncKhtwTPG28FJSuXezMlcjCOSdq0cxyrmt4SHajdeaaNNGPRqRjsOAtYT1KMsTM
FhxfSAT+gbSA0iqY632m22329P3OEVpjbBgkNAXE3Nv5x5AqIrAK+GsppX2A8wr0
a5n3sF0fYb8byCoaCwVvV1Bgwa20adJHUjCTBSYOoGR1wpo3LDys/GATLAUfYSOy
bSzTP4b8DWAxspFDcm0aQuO9/PzYlOP+jeq6ShYM+3OybQe/yrmvEpckX2Jz00O/
5mx0nJLd77jaBNkC02hEdL0z5G59qq4G/mgm2em4tjHk8wvPuQ8yohnLr0lk7BPZ
bedEyFb6OM8WJYufBaR/wqo31VTRzUGzNwXJqzzVW2yZUrcYKF3/nAfhq3fivPNx
J2CqpSE7wopf1jJ2lkKITlAJXGXAnePwDpMxx1DEofhLnxvAE1xWlb81qSuyKlAQ
V2jiwflvFUoY0Y1cGJyINBzLuMBiSSJtTlpELGxw7zbQKTdWQizQxL5YEcq0zCoj
KnZMlmYD79JKQ5HfCIv6kPjyllh/r6DVS6WuKd/B0YaRoU6H+9jkb+CE3I2QU0OV
VtCIq8K5zRmJrGkCAwEAAaOCAnswggJ3MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
L8eqTvf8KwSRnt5TaPS1y2vuufEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl
7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5p
bnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
bnQteDMubGV0c2VuY3J5cHQub3JnLzAxBgNVHREEKjAoghMqLmNsZW1lbnRmZXZy
aWVyLmZyghFjbGVtZW50ZmV2cmllci5mcjBMBgNVHSAERTBDMAgGBmeBDAECATA3
BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy
eXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ALIeBcyLos2KIE6HZvkr
uYolIGdr2vpw57JJUy3vi5BeAAABcp2yzLwAAAQDAEYwRAIgaR2cyhJ0XGOo6t5j
ONvKPspMdGAp9wFf3mGj4kfAN10CIBdLdswoMfdwZ/qveOJjpLJiTRjq8LeTZzMv
UZZUwBX3AHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFynbLM
5gAABAMASDBGAiEAu3mmQ6lFg6EvA32qSvRNRoXhviRmb1cYJNi2gqn0ShICIQDR
UvdT/vhSgH7O3B8L+TkGKyHwWibis3FpdrkEH1MERDANBgkqhkiG9w0BAQsFAAOC
AQEAgOfa0V7+sn2WULujrQy3Ob837nV+oMDmQgv59SKUR9aOxU3CBAcGsXOXzS6Z
aY1AUFT9b8D4YKNCjVi/0jruEXNGEk49IviHmU+7r2blf2MuvQfoQIABjGUvKH5+
u2dP+8Y+kqwfZc/lZ04KjMCJv1+osQMzBHhzz5HQ9SR+XgBG+Ah+5XxClfzm1odu
1IGWDrC7qDzv4leqWk69uazZLjEPWDxodFsgPAlviCnYBT1Q58x8UcOoqbRVT6Fo
3Gyi0wUeMG3wx4bbzhLKpeyJEd9BxX0U1MMR3moublihWvnIh06OXday6QjxWR/r
bYOkfH/5V04jDm8tSnC3lK9C/Q==
-----END CERTIFICATE-----
subject=/CN=clementfevrier.fr
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3790 bytes and written 459 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 7D1F8AD8FC80D74FD7E47AD4D3B0102C9BDD438AE84EEAB0BC50F240020BD23F
Session-ID-ctx:
Master-Key: 09CA79EE5D635DF7B718DD89CBED5D0CA4226AEEFB4B532FA677487EA06480D85B0CD0DCED6971B2CCBD0685DFBBC0C9
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 7c 56 31 2e 2c 34 71 38-1a d8 ab 01 6c 69 0a 58 |V1.,4q8....li.X
0010 - a0 79 b0 db eb e7 5e 82-c7 98 17 38 b5 f4 1f 49 .y....^....8...I
0020 - b0 11 0b a0 ce 4c 29 e9-8e 99 0e eb 8b f7 fd 57 .....L)........W
0030 - cc 60 a3 ea 16 2b 85 98-8c a8 b7 15 7c 2f e5 bf .`...+......|/..
0040 - f3 3a 6e 3d 2e d3 fa 66-92 26 f2 56 ad dd 46 9f .:n=...f.&.V..F.
0050 - bc 50 70 84 39 d4 c0 93-e2 f6 c0 41 2d 1a be 78 .Pp.9......A-..x
0060 - 3d e6 46 5c 11 03 4a 87-1a b1 f3 86 7a 7f 01 08 =.F\..J.....z...
0070 - 34 55 52 f5 da ef f6 45-85 e7 05 9d cc 6e 67 95 4UR....E.....ng.
0080 - bc 80 7d 2a 83 ff 9b bb-97 e3 d7 56 8b e4 f8 4a ..}*.......V...J
0090 - e1 6b 4a 1a d0 f6 a8 f3-8a e3 73 e7 cf b4 0f 9e .kJ.......s.....
00a0 - 1e 18 bd 6c ad 6b e3 4f-02 84 eb 07 41 9a 4d 83 ...l.k.O....A.M.
00b0 - 56 7b 01 7f 62 19 89 98-94 2b 77 73 06 13 2a 67 V{..b....+ws..*g
00c0 - 5b c6 11 3c d8 c5 c8 75-de 2e 15 d5 c6 86 43 f2 [..<...u......C.

Start Time: 1595887739
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed

Captain's Log #5

Monday Jul 27, 2020 12:05
Feedback on LXD

I had an issue with LXD where its database got corrupted. In that case, there is nothing we can do. All Linux containers on every physical servers are gone. I managed to restore most of the containers using rsync, but the internal file-system management of LXD is completely screwed. I cannot export not publish my containers to backup them, nor restart my LXD configuration from scratch by exporting and importing them back. My only option is to get another physical server, I have three so far, so adding a fourth one, make a new LXD server, outside of the current cluster. Then, recreate from scratch all my containers, which will be a a task requiring a tremendous amount of time. After this, deleting the current LXD cluster, creating a new one with the three physical servers, export the containers from the temporary LXD server and finally importing the containers to the cluster. It is necessary that I perform this task as quickly as possible because I cannot perform backup.

Spam, again

Adding 212.83.46.232 to iptables (INPUT, DROP) has not enough. I added other IPs and few range of IPs, up to /16. It was not enough and it was a fastidious task. So I added a new field to the comment section. You need to answer yes. It is not case sensitive. This simple trick appears to do the job so far.

Git

My git repo were not working anymore. I forgot to enable the mods in Apache HTTP Server when I migrate from Xen to LXD.

a2enmod cgi alias env
It is now fixed. For more information, see Smart HTTP.

Statistics

Statistics were not working anymore. I use a custom version of Awstats in order to integrate smoothly the statistics in my website. Part of this script rely on the package provided by Ubuntu. When I upgrade the virtual machine from Ubuntu 16.04 LTS (Xenial Xerus) to Ubuntu 18.04 LTS (Bionic Beaver), some modifications in Awstats broke my customization. I realize that maintaining this part will be complex as it is a 22000+ lines Perl file which is difficult to edit automatically. I made a quick fix. It will most-likely broke again when I will migrate from Ubuntu 18.04 LTS (Bionic Beaver) to Ubuntu 20.04 LTS (Focal Fossa).

To Do List
TootLine

I am working on TootLine, the PHP code that allows you to share your TootLine on your blog, like the one there is on the right or bottom, depending on the size of your screen. I have couple of issues to address before publishing it, which are proper word wrapping, create a cache for the media in order to solve CSP issue, handle the NSFW content that is displayed so far.

Translations

I would like to make a French version of this blog, with most of the articles translated.

More restrictive CSP headers

I want to rewrite some part of the web site to be able to provide more secure CSP headers.

Comments

I am planning on adding a RSS feed for each commentary section so it will be easy to follow. I will also add a cookie to auto fill the fields Name and Website. I will put a check box if you want to add the cookie when you comment.

Tags

I will add the list of all tags on the right panel.

SEO

I will add proper Open Graph protocol and Twitter cards in the headers. I already updated the MySQL database, so everything is ready on this side, I just need to rewrite the headers that I include to make them dynamic.

Better looking links

I already changed the URL of some links to make them better looking, but I did not finish yet. The rewriting rules are not as simple as I expected, if you want to make them SEO compliant.

Better CMS

My work-flow is not the most efficient. Each article points to an actual file, which is not so good, because I need to create a file each I add an entry in this blog. I will improve this soon. It is one of the reason why I stopped writing here. It is too complex.

Migrating the last virtual from Xen to LXD

I need to migrate completely my photo galleries (Piwigo) from XEN to the new ones on LXD.

Home made modem/router/NAS

I bought few items in order to build my own modem/router/NAS.

RSS

Although RSS feed appears to work fine, there are PHP errors in the logs. I need to investigate.

MySQLiToRSS

Wednesday Nov 08, 2017 00:54

I wrote a new piece of code to generate a RSS feed from a MySQL database. I named it MySQLiToRSS. It is a PHP file that generate a RSS 2.0 feed. It is licensed under GPLv3. It handles sorting by date, the use of HTML in the description of an item, which allow to render the article as it appears in the feed reader, excepted for the CSS sheets, and multitag articles. It is based on Version 2.0.11 of the RSS 2.0 specification, the most up to date at the time of writing this software. Some optional items are missing because I do not use them. I might add them later (some or all). I will be pleased to add optional items if requested.

SHA1BruteForce

Wednesday Nov 08, 2017 00:05

I'm proud to announce my first (free) software, SHA1BruteForce, that performs brute-force attack to crack SHA-1 hash.
Page of the project

Why?

After my 10yo Firefox session crashed, I lost a password stored in it. But, I managed to find the hash and it turns out to be a SHA-1 hash (software installed in 2009 on my server). I could change it, I guess, but I knew that SHA-1 is now considered as a weak encryption (although the first real collision is from February), so I challenged myself to recover it by writing a piece of code that do the job. It took me a bit more than a day to achieve a working code.
After, I began to optimized it and to have fundamental questioning about C++.

It is pretty simple and it seems to perform well. It takes about 4h to crack any 6 characters password on my computer. So I decided to publish it on my server, which was not as simple as I expected.
But I also have account in the main git platforms.
So I also published it on GitHub, GitLab and FramaGit, more know by the French.

It is licensed under GPL3.

It performs the tasks on the CPU only. GPU implementation does not seems possible at the time using only free software. Indeed, CUDA required the proprietary drivers and OpenCL does not seems to work properly with Nouveau (last version of the Linux kernel, i.e.4.13, on Ubuntu 16.04). But I want to use only free software (and I cannot install Nvidia drivers anyway, they do not work on my system).

It is not a revolutionary tools that intends to bit existing ones. I did it for myself and share it for anyone interested.

It is my first published code, so there are most likely some improvements to do on how to write the manual, how to write the code so it can be used by others, how I should comment it, and so on. The same goes for the code itself. Feel free to comment, share, submit commits, report bugs, etc.


Dr Clément Février

Bonjour, Je suis Clément Février, docteur en physique théorique de l’université de Grenoble Alpes, ingénieur Recherche et Développement dans le domaine de l’imagerie médicale et de la chirurgie mini-invasive chez Surgivisio et soutien du mouvement La France Insoumise.