Subject: Re: server crashes after upgrade to 942
Good thinking, and we'll definitely have to look at the threadsafeness of that call. Is your restored 941 image working properly now? If so, that does suggest that the updated certificate management code has something to do with it. Thanks for actively participating in the search for a fix -- very much appreciated!
The updated code that you're looking at hasn't been released yet, but if we have to wrap it in a mutex then that's fine. It should only get called once, and even then only when it sees a new key or certificate. The bug you discovered caused it to get called over and over again when the key is newer than the certificate -- something that theoretically should never happen, since the certificate is generated *from* the key.
I'll see if we can get it to crash by making that code get called *every* time whether it needs to or not, and then slamming it with connections.
After downgrade to 941 the server works fine. And I use the 943 version's code comment out the update_key_and_cert_if_needed() line in serv_crypto.c, build a new docker image, this image works too, never crashed.
Base on alphabet citadel.cer is in front of citadel.key, my files are copied from another server, so the cert file's modified time is before the key file's.
Subject: Re: server crashes after upgrade to 942
The patch you applied will reduce the crashes to almost nil since it's only vulnerable at the split second the certificate is *actually* changed, but I'm going to go in and fix it right.
Thanks again for such an intelligently investigated bug report. You made it easy :)
Happy to help~
Thank you for your work on citadel!
Hi,
I'm using my own built 943 image without the update_key_and_cert_if_needed, and encountered another server crash. Here's the log.
In the past we went through this elaborate process of cleanly closing everything we opened - file handles, sockets, library functions, allocated memory -- so that we could run Valgrind and see if there were any memory leaks. This turned out to be quite a liability, because in production it would often take too long and the server process was killed either by the operator or by the system before it could get to the part where it closed the database. Once we decided to just go straight for the database we had a lot less people reporting that their databases got corrupted.
Newer code (particularly webcit-ng) simply reports the size of the heap from time to time so that we can observe if we have a memory leak. So far it's been a good strategy.
Yes I was shutting down the server, and it seems like doing double free in smtp_cleanup_function and server crashed there....If it happens again I'll try to get more information, I did forget to collect the ctdlvisor outputs this time(but not sure if this kind of server crash would have any..).
I just finished installing my server using the easyinstaller method and it installed successfully and is running. But when I logged in and entered my admin credentials, I don't see the main dashboard, I just see this message: didn't find Template [roombanner] 10 10. Not sure where to go from here....
I just finished installing my server on raspberrypi 3 using the easy installer method, and it installed successfully and is running, but when I login as admin, I don't see the dashboard, I just see this message: didn't find Template [roombanner] 10 10. Any idea as to what I have that's not setup right?
hi, i am new to citidel...i am trying to use the easy-install on a CentOS7 server. at some point in the process, i get this:
crypto.o: In function `bind_to_key_and_certificate':
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to `TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
Citadel Easy Install is aborting.
The last few lines above this message may indicate what went wrong.
Linux RedHat 7.9.2009(Core 3.10.0-1160.49.1.el7.x86_64 x86_64)
can some one give me a hand with this, not sure where to go from here..
thanks in advance... here is a longer log paste
Compiler: gcc -I/usr/local/ctdlsupport/include -g -Wall -DHAVE_CONFIG_H -D_REENTRANT -c -o buildinfo
Linker: gcc -L/usr/local/ctdlsupport/lib -Wl,--rpath -Wl,/usr/local/ctdlsupport/lib -lssl -lcrypto -lexpat -lcitadel -lical -lz -lpthread
CC webserver.c
CC context_loop.c
CC ical_dezonify.c
CC cookie_conversion.c
CC locate_host.c
CC summary.c
CC webcit.c
CC auth.c
CC sockets.c
CC mainmenu.c
CC serv_func.c
CC who.c
CC marchlist.c
CC roomops.c
CC roomlist.c
CC roomtokens.c
CC roomviews.c
CC blogview_renderer.c
CC msg_renderers.c
CC jsonview_renderer.c
CC mailview_renderer.c
CC bbsview_renderer.c
CC messages.c
CC paging.c
CC sysmsgs.c
CC useredit.c
CC vcard_edit.c
vcard_edit.c: In function 'parse_vcard':
vcard_edit.c:424:6: warning: variable 'is_b64' set but not used [-Wunused-but-set-variable]
int is_b64 = 0;
^
CC preferences.c
CC html2html.c
CC listsub.c
CC roomchat.c
CC graphics.c
CC netconf.c
CC siteconfig.c
CC subst.c
CC calendar.c
CC calendar_tools.c
calendar_tools.c: In function 'partstat_as_string':
calendar_tools.c:195:2: warning: enumeration value 'ICAL_PARTSTAT_FAILED' not handled in switch [-Wswitch]
switch(partstat) {
^
CC calendar_view.c
CC tasks.c
CC event.c
CC smtpqueue.c
CC availability.c
CC iconbar.c
CC icontheme.c
CC crypto.c
crypto.c: In function 'bind_to_key_and_certificate':
crypto.c:39:2: warning: implicit declaration of function 'TLS_server_method' [-Wimplicit-function-declaration]
if (!(new_ctx = SSL_CTX_new(TLS_server_method()))) {
^
crypto.c:39:2: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [enabled by default]
In file included from webcit.h:95:0,
from crypto.c:14:
/usr/include/openssl/ssl.h:2087:10: note: expected 'const struct SSL_METHOD *' but argument is of type 'int'
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
^
CC inetconf.c
CC notes.c
CC wiki.c
CC dav_main.c
CC dav_get.c
CC dav_propfind.c
CC dav_report.c
CC fmt_date.c
CC dav_options.c
CC autocompletion.c
CC gettext.c
CC tabs.c
CC sieve.c
CC sitemap.c
CC dav_delete.c
CC dav_put.c
CC http_datestring.c
CC downloads.c
CC addressbook_popup.c
CC pushemail.c
CC sysdep.c
CC openid.c
CC decode.c
CC modules_init.c
CC paramhandling.c
CC utils.c
Running scripts/get_ical_data.sh
CC ical_maps.c
CC ical_subst.c
CC static.c
CC feed_generator.c
LD: webcit
crypto.o: In function `bind_to_key_and_certificate':
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to `TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
Citadel Easy Install is aborting.
The last few lines above this message may indicate what went wrong.
Linux RedHat 7.9.2009(Core 3.10.0-1160.49.1.el7.x86_64 x86_64)
[root@ffc-p-mail-1 ~]#
So I just got my server installed with the easyinstaller, and I want to know if its possible to change the server storage location or do I have to reinstall the whole process. If I run the setup command with the -hHome option will it just move the data storage location or will it do a new install and map to that location?
Subject: Re: easy-install of citidel on CentOS7 errors
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to
`TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
Geez. Ok, I've just pushed an update to Easy Install to fix this, so you should be able to try again.
TLS_server_method() is supposed to be the replacement for SSLv23_server_method() but apparently CentOS 7 still has the old name and not the new one. They both do the same thing. Try it now.
Subject: Re: changing server storage location
So I just got my server installed with the easyinstaller, and I want
to know if its possible to change the server storage location or do I
have to reinstall the whole process. If I run the setup command
with the -hHome option will it just move the data storage location or
will it do a new install and map to that location?
The build you get with Easy Install really wants to use /usr/local/citadel, but if you specify another location it should work... just keep in mind that you'll need to move your data files there manually if you want to keep them.
Honestly though, you're probably better off symlinking /usr/local/citadel/data to the place where you want your data.
Wed Jan 12 2022 14:31:55 EST from IGnatius T Foobar Subject: Re: easy-install of citidel on CentOS7 errors/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to
`TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
Geez. Ok, I've just pushed an update to Easy Install to fix this, so you should be able to try again.
TLS_server_method() is supposed to be the replacement for SSLv23_server_method() but apparently CentOS 7 still has the old name and not the new one. They both do the same thing. Try it now.
hey, that did it....i was able to install and get into the gui...i did see some warnings in the install like this:
vcard_edit.c: In function 'parse_vcard':
vcard_edit.c:424:6: warning: variable 'is_b64' set but not used [-Wunused-but-set-variable]
int is_b64 = 0;
^
but since the install was successful...i guess i can ignore?
thanks again!
sorry for such a noob question, but i have looked at the faq and documentation...i don't see any mention of upgrades...so how do i do it?
thanks
sorry for such a noob question, but i have looked at the faq and
documentation...i don't see any mention of upgrades...so how do i do
it?
Depends on how you initially installed it.
If you originally used Easy Install, just run Easy Install again and it will do the right thing.
If you have the Docker image, just erase it and install the new image, and point it at your existing data directory.
Or if you used the Debian packages ... you've got some work to do because they're no longer maintained.
Ok so starting back up on trying to get a reverse proxy running here so i can everything on port 80 ( and 443 ), and just use DNS names to redirect internally.
For the most part its all setup again and was going down the list of apps to change over to 80. Got to citadel and i did a easy install/upgrade ( needed it anyway ) and switched it native from 8080 to 80. Works fine locally, or if change my router to not use the proxy and just redirect 8080 to 80. But if i hit it from the via proxy i get the below mess instead. ( and this worked last time i tried, but script kiddies were pounding my ports and killing the proxy )
Something obvious i'm missing before i waste a lot of time beating my head against the desk?
ya, i know, url is in the image, i dont care now, its public. . and no, not tackled ssl yet. I wanted to get everything running "regular" first.
Tinyproxy, configured to be a reverse proxy only. Stock config other than disabling forward proxy, adding the redirects, and adding a few extra threads. My other 3 apps, plus a extra 'test' one that was just listing the calling URL, are working at this point.
It worked last time i tried this, other than script kiddies flooding my port 80 and causing the proxy to die after about 10 minutes so i gave up at the time. But it was a good year or 2 ago, so an older version of citadel.