Camelia, the Perl 6 bug

IRC log for #mojo, 2012-02-05

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:38 marcus joined #mojo
00:41 sri woot
00:41 sri EV 4.11 works on lion without patching
00:42 grim_fandango joined #mojo
01:29 kitt_vl joined #mojo
01:39 sri https://github.com/kraih/mojo/issues/281 # this might be a WONTFIX
01:59 vel joined #mojo
02:01 GitHub188 joined #mojo
02:01 GitHub188 [mojo] kraih pushed 1 new commit to master: http://git.io/d9XdeQ
02:01 GitHub188 [mojo/master] fixed bug that prevented newer dual-life modules to be loaded - Sebastian Riedel
02:01 GitHub188 left #mojo
02:01 sri or maybe it's fixed :)
02:52 mire joined #mojo
03:04 ki0 joined #mojo
03:08 marcus joined #mojo
03:30 slash24 Is there a way to not have a route with a trailing placeholder include the query string in the param value?
03:30 slash24 example: GET /route/this_is_placeholder?query=string
03:30 slash24 Placeholder Value: this_is_placeholder?query=string
03:34 GitHub47 joined #mojo
03:34 GitHub47 [mojo] kraih pushed 1 new commit to master: http://git.io/7RXdsw
03:34 GitHub47 [mojo/master] removed unused TLS options - Sebastian Riedel
03:34 GitHub47 left #mojo
03:45 GitHub164 joined #mojo
03:45 GitHub164 [mojo] kraih pushed 1 new commit to master: http://git.io/iktjAg
03:45 GitHub164 [mojo/master] better Mojo::IOWatcher detection tests - Sebastian Riedel
03:45 GitHub164 left #mojo
03:46 sjn 04:45 < GitHub164> [mojo] kraih pushed 1 new commit to master: http://git.io/iktjAg
03:46 * sjn curses at putty
03:51 * sri actually wanted to hack on https://github.com/kraih/mojo/issues/239 … but IO::Socket::SSL was randomly verifying bad certificates… so i gave up :(
03:52 sjn :-\
03:53 sri prolly my fault, that should really be done by an expert… like tempire *poke*
04:45 tempire I looked at 239…ssl requires motivation.
04:46 tempire I needed the other ssl thing for a work project
04:51 sri tempire: do i need more than SSL_verify_mode and SSL_ca_file?
04:51 sri i tried mode 0x01 and the ca.crt we use for unit tests and ran it against google.com
04:53 tempire it failed, I presume?
04:53 sri i'm actually willing to write the necessary tests, just need someone to help me get verify working :)
04:53 sri nope, nothing happened
04:53 sri got a response
04:54 sri http://pastie.org/3319520 # here's a minimal patch
04:54 sri and i run "MOJO_CA_FILE=t/mojo/certs/ca.crt  perl -Ilib ./script/mojo get https://google.com" against it
04:55 tempire I've never used patch :o  patch < patch.txt ?
04:57 sjn patch -p0 < somefile.patch
05:11 sri http://pastie.org/3319562 # versions, just in case
05:16 tempire well verify_peer is useless
05:17 tempire but the callback registers properly
05:17 ki0 joined #mojo
05:17 sri so it really doesn't work? :(
05:19 sri i had a unit test earlier using our test certs in reverse, it would fail 30% of the time and properly not verify in 60%
05:21 tempire hmm…looking at the start_SSL description
05:21 tempire "Note that if start_SSL() fails in SSL negotiation, $socket will remain blessed in its original class"
05:21 tempire the callback works properly, it tells you if the handshake was successful, so that's a fallback.
05:22 sri i'd expect the trap callback to get the error
05:23 sri but… http://mlkshk.com/r/4ILY
05:23 tempire it does…trying to track down the error code ref
05:23 tempire 0000001B:lib(0):func(0):reason(27)
05:24 sri for me the trap callback does not trigger
05:25 sri but 'll better let you finish :)
05:29 tempire it never triggers?
05:29 tempire https://gist.github.com/1743111
05:29 sri i meant SSL_error_trap
05:33 tempire I see what you're doing here, by the way.  acting as if I have any idea what I'm doing in order to push me into taking responsibility for it.
05:33 tempire http://i0.kym-cdn.com/photos/images/or​iginal/000/131/399/fry.PNG?1307468855
05:33 sri even if i set debug4 i don't see any hints
05:33 tempire :)
05:33 sri :D
05:44 sri could OpenSSL be messing with us?
05:44 tempire I think it's a matter of understanding the intricacy of it's design
05:44 tempire *its
05:44 sri like… using some built in ca cert because it doesn't like ours?
05:44 tempire I hadn't looked into ssl_error_trap, I'm tracking it down now
05:48 sri ok.. SSL_verify_callback => sub { 0 } does not kill it
05:48 sri :o
05:48 tempire error_trap isn't being called 'cause of something to do with Net::SSLeay's _set_rw_error
05:49 sri oh my
05:50 tempire not sure what the purpose of it is
05:50 * tempire returns to verify_call
05:50 tempire *verify_callback
05:53 tempire wonder where the reference for the openssl error codes are
05:53 tempire *is
05:58 tempire "For read and write errors on non-blocking sockets, this method may include the string SSL wants a read first! or SSL wants a write first! meaning that the other side is expecting to read from or write to the socket and wants to be satisfied before you get to do anything. But with version 0.98 you are better comparing the global exported variable $SSL_ERROR against the exported symbols SSL_WANT_READ and SSL_WANT_WRITE."
05:58 tempire from errstr() in IO::Socket::SSL
05:59 sri i've checked $SSL_ERROR too, nothing besides read/write constants
06:00 tempire it sets that error, and when the error is set, _set_rw_error returns 1, which causes fatal_ssl_error to not be called
06:02 sri are you suspecting a bug?
06:09 tempire crap.
06:09 tempire what's the --listen syntax again?
06:09 tempire nevermind
06:12 tempire ok
06:13 tempire so I got error_trap to fire
06:13 tempire but only when I used the test certificates in a mojo daemon
06:14 sri hmm
06:14 tempire I don't know enough to claim a bug.  I feel like it's just quirky functionality, though
06:14 sri did you run it a few times?
06:14 tempire yes.  I don't see any inconsistency
06:14 sri i got it to fire too with those, but it randomly failed
06:15 tempire did you get a "Read failed: Can't use an undefined value as a symbol reference at lib/Mojo/IOWatcher.pm line 31." ?
06:15 tempire (on the server)
06:15 tempire I don't have IO::Socket::IP installed, btw
06:17 sri oh
06:17 sri i got it to fire with the built in certs too
06:18 sri i think it ignores our ca cert
06:18 sri and uses a built in one
06:21 tempire hmm, I didn't catch this the first time around - the verify_callback is called for each cert in the chain
06:21 sri ok, i have two test sites
06:22 sri http://www.cacert.org/ and https://google.com
06:22 sri umm https
06:22 tempire I get differing results for those two
06:23 sri even without giving it a ca cert it will reject cacerts.org
06:23 sri but accept google
06:23 tempire yep
06:23 tempire well sort of
06:23 tempire the verify_callback reports that openssl doesn't like it
06:23 tempire it just doesn't fail
06:25 sri something is clearly not right
06:25 sri if we could hand it a ca cert google just shouldn't verify
06:26 tempire I'm concerned about why an error_trap is called when using it against a mojo daemon
06:26 sri same as cacerts.org i suppose, not signed by a credible authority
06:26 ki0 joined #mojo
06:27 tempire ooOOOoooh
06:27 tempire that seems dumb.
06:28 sri the big question is, can we make it not trust google?
06:29 tempire buy it an iphone
06:29 sri -.-
06:37 * tempire goes to watch fringe
06:40 sri boring episode
06:40 sri btw. the use lib fix from earlier already annoys me :S
06:40 tempire fix for what?
06:40 sri ./script/mojo in the git repo now uses the installed version instead of the one i'm working one
06:41 sri the one you commented on ;p
06:42 tempire direct manipulation of @INC
06:42 sri we append now instead of prepend
06:44 tempire what in particular annoys you about it?
06:44 sri testing got harder
06:44 sri perl -Ilib ./script/mojo get /
06:44 sri instead of ./script/mojo get /
06:45 sri i use commands a lot while working on new features
06:51 tempire error codes: http://opensource.apple.com/source/OpenSSL​/OpenSSL-38/openssl/crypto/x509/x509_vfy.h
06:52 tempire 2/3 down
06:53 tempire hmm
06:53 tempire http://publib.boulder.ibm.com/infocenter/tpfhelp/c​urrent/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_​put.cur%2Fgtpc2%2Fcpp_ssl_get_verify_result.html
06:53 tempire "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD There is a format error in the notAfter field of the certificate."
06:53 sri Oo
06:59 tempire http://serverfault.com/questions/355423/opens​sl-req-sets-wrong-not-after-date-overflow-bug
06:59 tempire that's assuming the error is coming from google's ca
07:00 tempire I regenerated the local certs with a 365 expiration date, same problem
07:01 ki0 joined #mojo
07:14 marcus joined #mojo
07:20 kaare joined #mojo
07:26 ki0 joined #mojo
07:59 marcus joined #mojo
08:12 marcus joined #mojo
08:14 black joined #mojo
08:15 Vandal joined #mojo
08:21 ki0 joined #mojo
08:26 melmothX joined #mojo
08:34 ki0 joined #mojo
08:54 Foxcool joined #mojo
09:04 hshong joined #mojo
09:15 lammel2 joined #mojo
09:30 mattastrophe joined #mojo
10:55 mattastrophe joined #mojo
10:57 xxtjaxx Has anybody tried using backbone.js with mojolicious? I would be very interested in how you coped with backbone.js/underscore.js templates specially since they are equal in syntax to the embedded perl syntax for templating.
11:03 sherr joined #mojo
11:40 marcus Put them in public and serve as static assets?
11:55 briang joined #mojo
13:08 noganex joined #mojo
13:11 alnewkirk joined #mojo
13:35 Vandal "mojo help generate" gives me "usage: /usr/local/bin/mojo generate GENERATOR [OPTIONS]", how to list all values of GENERATOR and [OPTIONS]?
13:37 diegok Vandal: mojo generate
13:37 purl hmmm... mojo generate is the same as mojo generate help
13:37 diegok or what purl've said ;-)
13:38 Vandal thx
13:49 xxtjaxx marcus: thats an idea...
14:53 ki0 joined #mojo
14:58 GitHub26 joined #mojo
14:58 GitHub26 [mojo] kraih pushed 1 new commit to master: http://git.io/bHNMTg
14:58 GitHub26 [mojo/master] timeout gets ignored for non-blocking handshakes - Sebastian Riedel
14:58 GitHub26 left #mojo
15:03 GitHub108 joined #mojo
15:03 GitHub108 [mojo] kraih pushed 1 new commit to master: http://git.io/Ob2c3g
15:03 GitHub108 [mojo/master] cleaned up timeout code - Sebastian Riedel
15:03 GitHub108 left #mojo
15:05 Foxcool joined #mojo
15:24 melmothX joined #mojo
16:36 sri hmm
16:36 sri something is wrong with IO::Socket::SSL
16:37 rhaen hm, it obviously is. Right.
16:38 sri http://pastie.org/3322188 # why is this script just blocking and doing nothing?
16:38 sri it actually says it is not starting the handshake
16:39 rhaen it says Can't locate IO/Sock....wait.
16:41 rhaen sri: would you buy an AMD powered laptop?
16:41 rhaen sri: is that ok in 2012?
16:41 sri in fact, so far i couldn't even find an example that didn't use certs on the client side :S
16:41 sri rhaen: i use macbooks exclusively
16:42 rhaen sri: oh, ok - so money isn't an issue. I see
16:42 sri once you go macbook everything else looks liek garbage :S
16:43 rhaen sri: http://pastie.org/3322216
16:43 rhaen I have a macbook - late 2009, but I am frustrated...
16:43 rhaen and it's too heavy, way too heavy.
16:43 rhaen and the MB Air has only 4GB of RAM.
16:43 sri macbook air
16:43 purl i think macbook air is 0.16" to 0.76". The thickest part of the MacBook Air is thinner than the thinnest part of the Sony. It fits inside a envelope
16:44 rhaen sri: does it look the same on your client?
16:44 sri nope
16:44 rhaen Darwin snowflake 11.3.0 Darwin Kernel Version 11.3.0: Thu Jan 12 18:47:41 PST 2012; root:xnu-1699.24.23~1/RELEASE_X86_64 x86_64
16:45 rhaen that's a perl 5.12 from MacPorts
16:45 sri it just blocks on "DEBUG: .../IO/Socket/SSL.pm:349: ssl handshake not started"
16:45 sri how weird
16:45 rhaen IO::Socket::SSL is 1.44
16:46 sri oh, that's very old
16:46 sri i'm on 1.54
16:49 sri i suppose your Net::SSLeay is old too then
16:51 rhaen hm. maybe. Yep. Well, should I use LDAP for the https auth, or should I use mysql?
16:58 sri anyway
16:58 sri much better question is why http://pastie.org/3322304 passes
17:02 abra joined #mojo
17:06 sri and i think i got it
17:06 ki0 joined #mojo
17:06 sri i suppose openssl on os x is modified to use /System/Library/Keychains
17:07 sri which contains a list of trusted authorities
17:08 Topic for #mojo is now Mojolicious real-time web framework  💝    http://mojolicio.us - http://irclog.perlgeek.de/mojo/today 💝
17:09 Topic for #mojo is now Mojolicious real-time web framework 💝 http://mojolicio.us 💝 http://irclog.perlgeek.de/mojo/today
17:16 sri hmm, now it starts to make sense :o
17:25 bobkare joined #mojo
17:32 sri dammit… now all my tests pass
17:32 sri it was all my fault
17:39 sri i should have solid unit tests now :)
17:50 sri on os x we can actually abuse the default behavior
17:50 sri MOJO_CA_FILE=1 perl -Ilib ./script/mojo get https://cacert.org
17:50 sri that for example will use the system ca certs
17:51 sri "Problem loading URL "https://cacert.org". (SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)"
17:52 sri for google and other servers that use trusted ca's it verification works
18:04 noganex_ joined #mojo
18:13 stephan48 sri: can you also specificy your own store?
18:13 stephan48 f.e. when you want to only allow a specific ca/set of cas?
18:14 sri how am i supposed to know?
18:15 ki0 joined #mojo
18:19 stephan48 `good question
18:31 GitHub63 joined #mojo
18:31 GitHub63 [mojo] kraih pushed 1 new commit to master: http://git.io/8h_cxw
18:31 GitHub63 [mojo/master] added experimental TLS certificate authority support to Mojo::UserAgent - Sebastian Riedel
18:31 GitHub63 left #mojo
18:31 sri tempire: think i got it, please review :)
18:33 sri real world test case: "MOJO_CA_FILE=1 mojo get https://cacert.org" vs "MOJO_CA_FILE=1 mojo get https://google.com"
18:34 sri (at least for os x)
18:34 sri the =1 case is not actually a feature, more of a side effects
18:34 sri MOJO_CA_FILE=/etc/ssl/ca.pem would be more common
18:35 sri i suppose
18:50 ki0 joined #mojo
19:14 tempire I wondered about that.  I wasn't sure osx was referencing its trusted authorities
19:14 GitHub98 joined #mojo
19:14 GitHub98 [mojo] kraih pushed 1 new commit to master: http://git.io/SGjAwA
19:14 GitHub98 [mojo/master] better examples for TLS attributes in Mojo::UserAgent - Sebastian Riedel
19:14 GitHub98 left #mojo
19:14 tempire sri: are you expecting MOJO_CA_FILE=1 mojo get https://google.com to fail?
19:15 ki0 joined #mojo
19:15 sri tempire: nope
19:15 sri just cacert.org
19:15 tempire because it doesn't have a trusted auth in /Library..etc
19:15 tempire ok
19:15 * sri nods
19:16 tempire so we still have to figure out how to ignore the installed authorities, then
19:16 sri if that's possible at all
19:17 sri the nsa spy certs have to come from somewhere after all -.-
19:17 tempire http://i0.kym-cdn.com/photos/images/or​iginal/000/131/399/fry.PNG?1307468855
19:18 sri !
19:26 tempire I'm thinking we should have the peer certificate  listed in the debug output
19:26 tempire otherwise it's a black box for people trying to make it work
19:28 tempire relatively simple, only needs a verify_callback
19:34 cosimo joined #mojo
19:39 tempire :|
19:39 tempire you can't remove system root certificates in keychain
19:40 tempire which means manual removal might break the system
19:40 tempire boo
19:48 sri tempire: how would that work?
19:49 sri debug output
19:49 purl debug output is probably just reading the request body and printing it back out
19:49 tempire verify_callback passes the information
19:49 sri but there is no way to define verify callback in Mojo::UserAgent
19:50 sri if there was it would be quite a bit of additional code to maintain
19:50 tempire MOJO_SSL_DEBUG?
19:50 * tempire hides
19:52 tempire we've got to give some sort of information.  it's a non-obvious gotcha that people dependent on the functionality could easily miss.
19:52 tempire or maybe...
19:52 purl Maybe not.
19:53 tempire what if we allow a 'match certificate name' parameter.  that would let people say, "I only want to use this certificate"
19:53 sri doesn't seem to cause much trouble with LWP
19:53 sri eww
19:53 sri now you're entering very ugly hack territory
19:54 sri also
19:54 sri can't people just hook into Net::SSLeay?
19:54 sri ssl context was a singleton or so
19:54 sri i've seen LWP hacks
19:55 sri tempire: http://api.metacpan.org/source/SULLR/IO-So​cket-SSL-1.54/example/lwp-with-verifycn.pl
19:56 sri you can hack in a verify callback that way i'm sure
19:56 tempire ah.  I guess they can use IO::Socket::SSL 'debug?' before Mojolicious is loaded anyway.
19:56 * sri nods
19:56 sri that too
19:56 tempire ok, that's acceptable.  as long as there's some way to see the ifnormation.
19:57 sri if you have a quick oneliner hack to show certs we could also add it to the pod as an example if it's not too ugly
19:58 sri perl -MIO::Socket::SSL=debug4 ./script/mojo get https://google.com
19:58 sri this works btw
20:01 tempire I feel like we should have client plugins
20:02 sri we kinda do with the start event
20:02 tempire yeah, events are sort of the same thing.  some examples to encourage the behavior, maybe
20:03 sri well, event examples are all over the place
20:03 tempire was looking in IOLoop::Client for an event I could hook into to set SSL defaults
20:03 sri why would you need a hook?
20:04 sri the context is a singleton
20:04 tempire hook in the general sense, not in the mojolicious sense
20:04 sri see the example i linked above
20:04 sri it's global
20:05 tempire I'm brainstorming for ways to make it prettier for inclusion in pod
20:06 sri https://github.com/kraih/mojo/blo​b/master/t/mojo/user_agent.t#L196
20:06 sri out of context, here's one of the crazier ua event examples
20:07 sri logs every byte that goes in and out
20:08 ki0 joined #mojo
20:08 tempire why is ->emit used in some places, and ->emit_safe in others?
20:09 sri some things just shouldn't die
20:09 tempire so no need for an eval
20:09 tempire ok
20:09 sri yes, errors go to the error event
20:09 sri emit_safe is experimental though
20:11 tempire I could really screw everyone over by making a mojocast of experimental features.
20:11 * tempire muahs!
20:11 sri -.-
20:13 sri how do you log a cert in a verify callback without affecting the verify process?
20:17 tempire you return the first argument, which is 'what openssl thinks of the certificates"
20:23 sri MOJO_CA_FILE=1 perl -Mojo -E'IO::Socket::SSL::set_ctx_​defaults(SSL_verify_callback => sub { say $_[2];return $_[0] }); g("https://google.com")'
20:23 sri ore somewhat more versatile
20:23 sri MOJO_CA_FILE=1 perl -Mojo -E'IO::Socket::SSL::set_ctx_​defaults(SSL_verify_callback => sub { say $_[2];return $_[0] }); g($ARGV[0])' https://amazon.com
20:24 tempire good enough.  I tried to manipulate it via the start event, but Client.pm overwrites it.
20:25 tempire or maybe it's just not registering
20:27 federated_life joined #mojo
20:32 migo_ joined #mojo
20:32 tempire it's still ugly, though.  if I can find a way to specify them with an event, I can make a command plugin for cpan that would list the cert info
20:33 tempire there's not enough command plugins.  would be nice to have another example, even for something this simple
20:33 sri not sure i understand what you want to achieve
20:34 tempire transparency for beginner understanding the auth process.
20:34 migo joined #mojo
20:35 sri http://pastie.org/3323480 # here's what i had in mind
20:36 tempire ok.  I thought you were going to include the whole one-liner, which seemed wrong.
20:37 sri :)
20:37 sri i don't even care about exaplaining the whole thing, it's just a hint in the right direction
20:41 GitHub30 joined #mojo
20:41 GitHub30 [mojo] kraih pushed 1 new commit to master: http://git.io/g9M9yQ
20:41 GitHub30 [mojo/master] added example for TLS certificate authority debugging - Sebastian Riedel
20:41 GitHub30 left #mojo
20:46 lukep joined #mojo
20:54 sri tempire: if you were trying to change the IO::Socket::SSL->start_SSL arguments, i'm not sure that is possible with events only
20:55 tempire indeed, I found that to be correct.
20:55 sri allowing access to that brings a lot of danger
20:58 sri it could easily prevent us from switching to a better openssl binding should one appear
20:58 sri same for IO::Socket::IP
20:58 sri i'd rather hide them as implementation details for now
20:59 tempire do you see anything wrong with this? https://gist.github.com/1747914
21:00 sri think i would check with ->isa, just to be sure, but otherwise it seems fine
21:00 tempire specifically, the ioloop/singleton/stream line
21:00 tempire k
21:01 sri it's too long ;p
21:01 sri Mojo::IOLoop->stream()
21:01 sri the stream api is also experimental
21:02 tempire I don't think it can be helped.  my $handle = Mojo::IOLoop->singleton->handle($id); is gone
21:03 sri true, you can only reach the handle with experimental apis
21:03 sri but i'm pretty sure ->handle was experimental as well ;p
21:03 tempire yep.  don't worry.  I'll be sure to complain.
21:04 tempire my tests have stopped working…not sure why.
21:47 mattastrophe joined #mojo
22:27 GitHub34 joined #mojo
22:27 GitHub34 [mojo] kraih pushed 1 new commit to master: http://git.io/S7InPA
22:27 GitHub34 [mojo/master] better camelize and decamelize examples - Sebastian Riedel
22:27 GitHub34 left #mojo
23:03 federated_life Im just starting out with mojo, and Im trying to get text displayed on a page.  Im using the simple login tutorial from guides, but can't seem to pass another string of text.  whats the deal with 'say' and would that be used to display text ?
23:50 marty federated_life:  Best way to get going is the mojocasts and the official docs.
23:51 marty Here is the mojocasts:  http://mojocasts.com/e1     (there are 5 episodes)
23:51 marty And the official docs are here http://mojolicio.us/perldoc
23:52 marty And if you are just getting going the lite tutorial is a great place to start. http://mojolicio.us/perldoc/Mojolicious/Lite

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary