Posted on
by

Just a quicky, but it caught me out.

I make use of Firefox’s sync server to synchronise bookmarks, passwords etc between computers, but because I do not like the idea of having this stored on a computer that I don’t control, I run my own version of the server on my own hardware.

This was working fine, however after a recent server upgrade syncing stopped working.

On investigation, I found that exceptions were being thrown by the WSGI process, the important part being:

File "/path/to/syncserver/html/local/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 62, in 
     ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'

I did a little bit of digging, and it seems that SSLv3 has been disabled because of the protocol’s vulnerability to the POODLE attack. However, it seems that some of the Python libraries just assume that support is going to be there.

The fix was to edit /path/to/syncserver/html/local/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py itself. Open the file, and go to line 62.

Change it from this:

# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
    ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
    ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}

To this:

# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
    ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
#    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
    ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}

Which removes the mapping (and support) for SSL v3.

Hope this helps!

Posted on
by

I recently upgraded my webserver to Debian Jessie, which included an upgrade for Apache and PHP. This resulted in a few gotchas…

Mod_python and WSGI don’t play nicely

See my previous post on the subject…

Some PHP extensions not installed

Some PHP extensions didn’t seem to be automatically upgraded/reinstalled (these may have been ones previously only available through PECL), so:

apt-get install php5-gnupg php5-mongo
/etc/init.d/apache2 restart

New permissions

Apache 2.4 uses a different permissions (access / deny) arrangement than before, so you need to change these over.

So for example, where you have:

Order deny,allow
Allow from all

You’d now have:

Require all granted

Apache have a good guide here.

Random crashes with XCache

If you have XCache installed, you might start getting random crashes, often with an error about:

“`PHP Fatal error: Cannot redeclare class …“`

This is caused because the installer installs and activates the Zend Opcache module automatically, and you can’t run two opcode caches safely.

php5dismod opcache; /etc/init.d/apache2 restart

Posted on
by

Sitemaps are specially crafted XML files, usually located at https://yourdomain.com/sitemap.xml, that help search engines better crawl your site.

It came up in conversation on IRC that there was a need for a sitemap plugin for Known, and because such a plugin would be useful to myself as well as others (and because I had a little bit of time while waiting for a painfully slow set of Vagrant builds, so I thought I’d put something together.

So, over on github, I’ve put together a quick plugin that will automatically generate a basic sitemap plugin for your site, as well as update your robots.txt accordingly.

When you first visit your sitemap.xml file a sitemap will be generated and cached. When you create new posts, this file will be automatically updated.

It’s pretty simple at the moment, but as usual, pull requests are welcome!

» Visit the project on Github...