00:25:33  * fdagostinojoined
00:32:08  * fdagostinoquit (Ping timeout: 252 seconds)
00:39:10  * DarkGodquit (Quit: Leaving)
00:48:50  <rphillips>i have a feeling that was pre go 1.5
00:49:10  <rphillips>the GC sucked and is greatly improved in 1.5+
00:50:42  * fdagostinojoined
00:55:27  <creationix>surely, the new C is pretty new
00:55:38  <creationix>but still, yay for more big companies using rust
00:57:26  <creationix>rphillips: I just added a really neat ability to the super-agent. It was tricky to route properly but it will be awesome for power-users like the RPC engineers
00:59:19  <creationix>you can spawn a tty session and it will inject it with a special environment variable identifying the client browser session that started it
00:59:57  <creationix>the agent is also in the user's path and acts as a way to call API endpoints that exist in the browser
01:00:41  <creationix>so I can do something like `rax edit *.lua` in some folder on the vm, the new instance of the agent will resolve the args to cwd and connect to the daemon process passing along the environment variable and arguments, this will then tell the aep to route the command to the browser using the key
01:01:00  <creationix>the browser can then open it's graphical editor using the relative path that was given on the command line
01:14:26  * fdagostinoquit (Quit: Page closed)
02:00:31  <rphillips>that is sweet
07:51:18  * rendarjoined
08:20:58  * DarkGodjoined
13:52:29  <rphillips>good morning
17:14:30  <creationix>mornin'
18:16:31  * DarkGodquit (Ping timeout: 268 seconds)
18:22:18  * Haragethjoined
18:58:42  * DarkGodjoined
19:53:40  * rendarquit (Ping timeout: 252 seconds)
19:59:59  * rendarjoined
20:34:24  * Haragethchanged nick to Adam_____
20:34:52  <Adam_____>rphillips: creationix and I had a question for you regarding self signed certificates and coro-net
20:36:13  <creationix>Adam_____ fyi I don't think rphillips has done much with coro-net, but he knows a bit about openssl and certs
20:36:30  <Adam_____>ahhhh ok
20:36:31  <creationix>and worked on the monitoring agent that verifies certs using luvit
20:45:35  <rphillips>sure
20:45:36  <rphillips>Adam_____: whats up
20:46:09  <rphillips>You will need to pass down the chain as an array
21:02:26  <Adam_____>Ok so I load in the key/cert (tls = {key = ..., cert = ...}) on the aep and use it to bind to port 8443.
21:04:23  <Adam_____>I guess I don't really understand what you mean by pass it down the chain as an array
21:10:11  <creationix>Adam_____ in the agent, your server should be good
21:10:26  * a__quit (Remote host closed the connection)
21:11:16  * a__joined
21:12:28  <Adam_____>aaaaaa... yeah we had attempted to connect without giving the agent the cert expecting that the connection would be refused (it wasn't)
21:15:55  <creationix>rphillips, yep that was it https://github.com/luvit/lit/blob/master/deps/secure-socket/context.lua#L61-L68
21:16:15  <creationix>so we just need to pass tls = {ca = ... } coro-net's options for the client
21:16:34  <creationix>well, assuming this will work, we'll see
21:24:51  <creationix>rphillips, ok so the problem is coro-net won't refuse a connection if the server cert doesn't checkout
21:25:00  <creationix>is there a special flag I need to enable verification?
21:25:37  <creationix>it appears I'm using the default verify mode and not setting one explicitly in case of a cert chain https://github.com/luvit/lit/blob/master/deps/secure-socket/context.lua#L80-L84
21:30:52  <creationix>rphillips maybe I need to call getpeerverification somewhere before or after handshake https://github.com/luvit/luvit/blob/master/deps/tls/common.lua#L198
21:35:26  <rphillips>yep
21:35:28  <rphillips>that should do it
21:35:54  <rphillips>you probably want a flag to allow for insecure mode
21:38:09  <rphillips>creationix: it's after the handshake
21:38:16  <creationix>thanks
21:39:10  <rphillips>we defer the check after the handshake so we can customize it
21:39:25  <rphillips>usually it would be done in the ctx.context:verify_mode() function
21:39:27  <rphillips>https://github.com/luvit/luvit/blob/master/deps/tls/common.lua#L426
21:40:20  <creationix>so my plan is to set verify mode to either peer or none (depending on the insecure flag in options)
21:40:27  <creationix>and then just always verify after handshake?
21:40:47  <rphillips>right
21:41:12  <rphillips>the FSM is in my previous common.lua paste
21:44:43  <creationix>rphillips, I think I don't understand the terms
21:44:50  <creationix>does the aep need to verify the agent's cert?
21:45:14  <rphillips>no. it's all client side
21:45:22  <rphillips>the agents don't have certificates
21:45:29  <rphillips>just the CA certificate of the server
21:45:35  <creationix>but it could be done in SSL/TLS right?
21:46:01  <rphillips>it could be done, but we never implemented it
21:46:14  <creationix>I think I accidentally made my aep verify the agent
21:46:20  <rphillips>that is a valid use case in node
21:46:33  <rphillips>i think luvit it does it
21:46:43  <rphillips>but the agent just ships with a CA that the agent validated
21:46:46  <rphillips>validates*
21:49:13  <creationix>so what is ssl:peer() for?
21:49:22  <creationix>and ssl:getpeerverification()
21:49:31  <creationix>and they mean different things if called by client and server
21:49:33  <creationix>?
21:52:51  <rphillips>yeal, ssl:peer() will return the x509 certificate the client has presented
21:52:59  <rphillips>if they present a certificate
21:58:02  <rphillips>hmm. at least that I what I thought it returned. I bet it returns the entire cert chain presented from the client
22:06:40  <creationix>I got it working!
22:14:55  <rphillips>yay!
22:36:07  * rendarquit (Quit: std::lower_bound + std::less_equal *works* with a vector without duplicates!)
23:44:09  * Adam_____quit (Quit: Leaving...)