Subject: Re: Docker version, reporting some bugs with aliases
Unfortunately after repeating the steps several times; neither the primary address nor the aliases are preserved in the mentioned boxes.
It seems that something is missing in this version of Docker that works on your side.
Randomly something is left in the primary address, hard to know which one is going to be left and as at the moment my Citadel-docker is not in production I don't know if it is preserving the other aliases; I will check my notes I think I remember we once mentioned how to do a test mailing for any of the addresses I may have; if it works with the primary address or invisible aliases I will comment later.
Regards.
To edit the email aliases for a user:
1. From the main screen, select "Administration"
2. Under the "User account management" menu, select "Add, change, delete user accounts"
3. Select the user to be edited, and click "Edit configuration"
(do not click "Edit address book entry". It is not there anymore.)4. On this screen, "Primary Internet e-mail address" is the address that will be used for all outgoing mail. The user can also receive mail at this address.
5. "Internet e-mail aliases" is where you would put any additional addresses for the user, separated by commas. The user can receive mail at any of these addresses.
You can also edit a user's email addresses in the text mode client, using the .Aide User-edit command.
Again, there is no longer any ability to edit email addresses from the user's address book entry. That was a hack that has been removed.
On 12/15/21 13:59, s3cr3to wrote:
Good day
I have some issues with the docker version unning Citadel 941 with WebCit 941, server build 941
Issue 1. I cannot find a shortcut to edit my address and aliases.
You get the warning about a self-signed certificate, and you can
accept the exception
The majority of support issues these days seem to center around certificate management. These are being heard loud and clear, and we are going to make some big changes in the next release.
I think what we need to do is eliminate the requirement for Citadel Server and WebCit to have different certificate directories (even though you can link them together), and manage it all together. This implies that WebCit will always have to run on the same host as Citadel Server, but I think everyone is doing that already. Shout out if you have any other configuration.
The system will be modified to allow the certificate to be changed without restarting, and support for the ACME HTTP-01 challenge, which should allow us to use Let's Encrypt certificates.
I was browsing the setup menus and found entries for NNTP ports. Cool! Citadel can do Usenet? I searched the GUI but I can't find where they are. Will someone enlighten me please?
It was built as part of a project that ended before we added read-write and server-to-server support. We are exploring other ways of joining Citadel into federated social networks; these days it doesn't look like NNTP is it, but if that ever changes we can expand on our existing work.
Meanwhile, if you find the existing service useful, enjoy it!
There is a very basic, undocumented, read-only NNTP service in Citadel Server.
It was built as part of a project that ended before we added read-write and server-to-server support. We are exploring other ways of joining Citadel into federated social networks; these days it doesn't look like NNTP is it, but if that ever changes we can expand on our existing work.
Meanwhile, if you find the existing service useful, enjoy it!
Well thanks for the info and satisfying my curiosity :)
Hi,
I'm using the docker version of citadel, and after upgrade to 942, it constantly crashes, and it may results in a db error.
I'm guessing it may have something to do with the changes in serv_crypto.c ?
Found something....
according to the code cert_time is the mtime of cert file, but in my case my key file's mtime is always after the cert's, bind_to_key_and_certificate will be called every time.
Subject: Re: server crashes after upgrade to 942
I've tried cleanup on the first crash, that doesn't help, I have to use a backup and roll back to 941 version image. SSL_CTX_use_certificate_chain_file in the bind_to_key_and_certificate is not thread safe right? I think when multiple threads entered this function can cause the server crash.
I see the new commit on serv_crypto.c file, and I think it still can cause server crash on some condition. When the key or cert file did change, meanwhile multiple pop3s connection come in, all these threads may call the SSL_CTX_use_certificate_chain_file function in the same time and causing to server crash. There may need a lock to prevent multiple threads cert&key reload operations.
Subject: Re: server crashes after upgrade to 942
Good thinking, and we'll definitely have to look at the threadsafeness of that call. Is your restored 941 image working properly now? If so, that does suggest that the updated certificate management code has something to do with it. Thanks for actively participating in the search for a fix -- very much appreciated!
The updated code that you're looking at hasn't been released yet, but if we have to wrap it in a mutex then that's fine. It should only get called once, and even then only when it sees a new key or certificate. The bug you discovered caused it to get called over and over again when the key is newer than the certificate -- something that theoretically should never happen, since the certificate is generated *from* the key.
I'll see if we can get it to crash by making that code get called *every* time whether it needs to or not, and then slamming it with connections.
After downgrade to 941 the server works fine. And I use the 943 version's code comment out the update_key_and_cert_if_needed() line in serv_crypto.c, build a new docker image, this image works too, never crashed.
Base on alphabet citadel.cer is in front of citadel.key, my files are copied from another server, so the cert file's modified time is before the key file's.
Subject: Re: server crashes after upgrade to 942
The patch you applied will reduce the crashes to almost nil since it's only vulnerable at the split second the certificate is *actually* changed, but I'm going to go in and fix it right.
Thanks again for such an intelligently investigated bug report. You made it easy :)
Happy to help~
Thank you for your work on citadel!
Hi,
I'm using my own built 943 image without the update_key_and_cert_if_needed, and encountered another server crash. Here's the log.
In the past we went through this elaborate process of cleanly closing everything we opened - file handles, sockets, library functions, allocated memory -- so that we could run Valgrind and see if there were any memory leaks. This turned out to be quite a liability, because in production it would often take too long and the server process was killed either by the operator or by the system before it could get to the part where it closed the database. Once we decided to just go straight for the database we had a lot less people reporting that their databases got corrupted.
Newer code (particularly webcit-ng) simply reports the size of the heap from time to time so that we can observe if we have a memory leak. So far it's been a good strategy.
Yes I was shutting down the server, and it seems like doing double free in smtp_cleanup_function and server crashed there....If it happens again I'll try to get more information, I did forget to collect the ctdlvisor outputs this time(but not sure if this kind of server crash would have any..).
I just finished installing my server using the easyinstaller method and it installed successfully and is running. But when I logged in and entered my admin credentials, I don't see the main dashboard, I just see this message: didn't find Template [roombanner] 10 10. Not sure where to go from here....
I just finished installing my server on raspberrypi 3 using the easy installer method, and it installed successfully and is running, but when I login as admin, I don't see the dashboard, I just see this message: didn't find Template [roombanner] 10 10. Any idea as to what I have that's not setup right?
hi, i am new to citidel...i am trying to use the easy-install on a CentOS7 server. at some point in the process, i get this:
crypto.o: In function `bind_to_key_and_certificate':
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to `TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
Citadel Easy Install is aborting.
The last few lines above this message may indicate what went wrong.
Linux RedHat 7.9.2009(Core 3.10.0-1160.49.1.el7.x86_64 x86_64)
can some one give me a hand with this, not sure where to go from here..
thanks in advance... here is a longer log paste
Compiler: gcc -I/usr/local/ctdlsupport/include -g -Wall -DHAVE_CONFIG_H -D_REENTRANT -c -o buildinfo
Linker: gcc -L/usr/local/ctdlsupport/lib -Wl,--rpath -Wl,/usr/local/ctdlsupport/lib -lssl -lcrypto -lexpat -lcitadel -lical -lz -lpthread
CC webserver.c
CC context_loop.c
CC ical_dezonify.c
CC cookie_conversion.c
CC locate_host.c
CC summary.c
CC webcit.c
CC auth.c
CC sockets.c
CC mainmenu.c
CC serv_func.c
CC who.c
CC marchlist.c
CC roomops.c
CC roomlist.c
CC roomtokens.c
CC roomviews.c
CC blogview_renderer.c
CC msg_renderers.c
CC jsonview_renderer.c
CC mailview_renderer.c
CC bbsview_renderer.c
CC messages.c
CC paging.c
CC sysmsgs.c
CC useredit.c
CC vcard_edit.c
vcard_edit.c: In function 'parse_vcard':
vcard_edit.c:424:6: warning: variable 'is_b64' set but not used [-Wunused-but-set-variable]
int is_b64 = 0;
^
CC preferences.c
CC html2html.c
CC listsub.c
CC roomchat.c
CC graphics.c
CC netconf.c
CC siteconfig.c
CC subst.c
CC calendar.c
CC calendar_tools.c
calendar_tools.c: In function 'partstat_as_string':
calendar_tools.c:195:2: warning: enumeration value 'ICAL_PARTSTAT_FAILED' not handled in switch [-Wswitch]
switch(partstat) {
^
CC calendar_view.c
CC tasks.c
CC event.c
CC smtpqueue.c
CC availability.c
CC iconbar.c
CC icontheme.c
CC crypto.c
crypto.c: In function 'bind_to_key_and_certificate':
crypto.c:39:2: warning: implicit declaration of function 'TLS_server_method' [-Wimplicit-function-declaration]
if (!(new_ctx = SSL_CTX_new(TLS_server_method()))) {
^
crypto.c:39:2: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [enabled by default]
In file included from webcit.h:95:0,
from crypto.c:14:
/usr/include/openssl/ssl.h:2087:10: note: expected 'const struct SSL_METHOD *' but argument is of type 'int'
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
^
CC inetconf.c
CC notes.c
CC wiki.c
CC dav_main.c
CC dav_get.c
CC dav_propfind.c
CC dav_report.c
CC fmt_date.c
CC dav_options.c
CC autocompletion.c
CC gettext.c
CC tabs.c
CC sieve.c
CC sitemap.c
CC dav_delete.c
CC dav_put.c
CC http_datestring.c
CC downloads.c
CC addressbook_popup.c
CC pushemail.c
CC sysdep.c
CC openid.c
CC decode.c
CC modules_init.c
CC paramhandling.c
CC utils.c
Running scripts/get_ical_data.sh
CC ical_maps.c
CC ical_subst.c
CC static.c
CC feed_generator.c
LD: webcit
crypto.o: In function `bind_to_key_and_certificate':
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to `TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
Citadel Easy Install is aborting.
The last few lines above this message may indicate what went wrong.
Linux RedHat 7.9.2009(Core 3.10.0-1160.49.1.el7.x86_64 x86_64)
[root@ffc-p-mail-1 ~]#