[3 BTC Bounty] TLS Support for .bit Domains
Re: [3 BTC Bounty] TLS Support for .bit Domains
Here is version 0.10 :
http://dot-bit.org/files/Convergence.xpi
Changes :
- fixed lowercase fingerprints
- added automatic update from http://dot-bit.org/
The ID of the plugin has changed, so you need to remove the old Convergence plugin if you already have it.
ps : firefox plugins must be signed for automatic updates to work. So, each release I make are signed with my private key and firefox verify it.
http://dot-bit.org/files/Convergence.xpi
Changes :
- fixed lowercase fingerprints
- added automatic update from http://dot-bit.org/
The ID of the plugin has changed, so you need to remove the old Convergence plugin if you already have it.
ps : firefox plugins must be signed for automatic updates to work. So, each release I make are signed with my private key and firefox verify it.
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
Re: [3 BTC Bounty] TLS Support for .bit Domains
Setting TLS up with nginx went pretty smoothly. To test I simply load modified data into nmcontrol. Also I use the nmcontrol built in dns server (via acrylic dns proxy).
I generated the certificate like this:
openssl req -new -x509 -nodes -out server.crt -keyout server.key
(from http://dracoblue.net/dev/https-nginx-wi ... icate/188/)
For "Common Name" I entered the domainname and tld of my testdomain: nmctls.bit - is that right? Besides that I simply hit enter all the time. NGiNX digests the certificate and I can browse by adding an exception to regular firefox.
I created the fingerprint like this:
openssl x509 -in server.crt -sha1 -noout -fingerprint
But now I ran into some problem: Invalid Certificate / ssl_error_bad_cert_domain
Any ideas?
I generated the certificate like this:
openssl req -new -x509 -nodes -out server.crt -keyout server.key
(from http://dracoblue.net/dev/https-nginx-wi ... icate/188/)
For "Common Name" I entered the domainname and tld of my testdomain: nmctls.bit - is that right? Besides that I simply hit enter all the time. NGiNX digests the certificate and I can browse by adding an exception to regular firefox.
I created the fingerprint like this:
openssl x509 -in server.crt -sha1 -noout -fingerprint
But now I ran into some problem: Invalid Certificate / ssl_error_bad_cert_domain
Any ideas?
What about automatically updating nmcontrol database, too? As a lightweight .bit support with dot-bit authority TLS system.khal wrote:Here is version 0.10 :
http://dot-bit.org/files/Convergence.xpi
Changes :
- fixed lowercase fingerprints
- added automatic update from http://dot-bit.org/
The ID of the plugin has changed, so you need to remove the old Convergence plugin if you already have.
Re: [3 BTC Bounty] TLS Support for .bit Domains
It just occurred to me I had not yet restarted nginx... it's working now.
biolizard89, please pm me btc and nmc addresses and info on which domains you would like.
note: this is not a public domain
biolizard89, please pm me btc and nmc addresses and info on which domains you would like.
note: this is not a public domain
Re: [3 BTC Bounty] TLS Support for .bit Domains
If people want to test, this one is configured : https://dot-bit.bit/Main_Pagephelix wrote:note: this is not a public domain
Does it work for you ?
(edit: for info, the IP of your domain need to return the same certificate for now. As SNI support is broken, it'll only look for the certificate for the ip [the default certificate configured for example], not the domain)
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
PM sent.phelix wrote:It just occurred to me I had not yet restarted nginx... it's working now.
biolizard89, please pm me btc and nmc addresses and info on which domains you would like.
note: this is not a public domain
Re: [3 BTC Bounty] TLS Support for .bit Domains
If added the possility to read names from a file instead of namecoind, in v0.8 I guess.phelix wrote:What about automatically updating nmcontrol database, too? As a lightweight .bit support with dot-bit authority TLS system.
On linux, simply do "namecoin name_list > data/namecoin.dat", and change the file "conf/plugin-data.conf" :
Code: Select all
import.from = file
import.file = data/namecoin.dat
Is what you mean ?
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T
Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent
Re: [3 BTC Bounty] TLS Support for .bit Domains
Maybe the spec should be changed to hold the fingerprint in another format.
I can see the blockchain being filled up with colons : :: : : : : : :
btw: bounty sent
I can see the blockchain being filled up with colons : :: : : : : : :
btw: bounty sent
Re: [3 BTC Bounty] TLS Support for .bit Domains
yeah, that is what I used to modify the domain data. very handy.khal wrote:If added the possility to read names from a file instead of namecoind, in v0.8 I guess.phelix wrote:What about automatically updating nmcontrol database, too? As a lightweight .bit support with dot-bit authority TLS system.
On linux, simply do "namecoin name_list > data/namecoin.dat", and change the file "conf/plugin-data.conf" :Code: Select all
import.from = file import.file = data/namecoin.dat
I meant from an url to have a lightweight system working without namecoind.I also planned to enable update from namecoin (or an url ?) and export it to the same file (data/namecoin.dat)
Is what you mean ?
Would it be possible to transmit the fingerprint from a namecoin dns server to nmcontrol together with the dns request? That would be interesting, too. De facto you would make your dns server your certificate authoritayh. Admittedly not so safe.
A pity DNSSEC is not available yet in browsers or we could simply use that instead of the plugin.
Re: [3 BTC Bounty] TLS Support for .bit Domains
like a charmkhal wrote:If people want to test, this one is configured : https://dot-bit.bit/Main_Pagephelix wrote:note: this is not a public domain
Does it work for you ?
I don't understand what you are saying.(edit: for info, the IP of your domain need to return the same certificate for now. As SNI support is broken, it'll only look for the certificate for the ip [the default certificate configured for example], not the domain)
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: [3 BTC Bounty] TLS Support for .bit Domains
Thanks, bounty received.phelix wrote:Maybe the spec should be changed to hold the fingerprint in another format.
I can see the blockchain being filled up with colons : :: : : : : : :
btw: bounty sent