00:12:08 <melvster> melvster has quit (Ping timeout: 252 seconds)
01:02:26 <scor> scor (~scor@drupal.org/user/52142/view) has joined #dig
01:23:19 <scor> scor has quit (Read error: Connection reset by peer)
01:23:27 <scor> scor (~scor@drupal.org/user/52142/view) has joined #dig
05:14:22 <scor> scor has quit (Quit: scor)
08:38:27 <trueg_away> trueg_away is now known as trueg
08:43:29 <cheater> cheater has quit (Quit: leaving)
09:32:32 <jmvanel> jmvanel (~jmv@73.96.114.78.rev.sfr.net) has joined #dig
11:36:43 <melvster> melvster (~melvin@94.112.34.211) has joined #dig
12:06:42 <melvster> melvster has quit (Ping timeout: 272 seconds)
12:14:34 <Ralph_> Ralph_ (RSwick@w3cvpn1.w3.org) has joined #dig
12:14:48 <Ralph_> Ralph_ is now known as RalphS
12:21:22 <trueg> trueg is now known as trueg_away
12:54:16 <scor> scor (~scor@c-98-216-39-127.hsd1.ma.comcast.net) has joined #dig
12:54:16 <scor> scor has quit (Changing host)
12:54:16 <scor> scor (~scor@drupal.org/user/52142/view) has joined #dig
13:02:41 <timbl> timbl has quit (Ping timeout: 252 seconds)
13:16:57 <danbri_> danbri_ (~danbri@146.255.148.108) has joined #dig
13:22:42 <jmvanel> jmvanel has quit (Ping timeout: 272 seconds)
13:32:40 <rszeno> rszeno has quit (Quit: Leaving.)
13:35:01 <jmvanel> jmvanel (~jmv@deductions.pck.nerim.net) has joined #dig
14:11:11 <trueg_away> trueg_away is now known as trueg
14:22:02 <scor> scor has quit (Quit: scor)
14:44:02 <deiu> deiu (~andrei@2001:470:8b2d:7d4:d4e1:d99:5a6b:f55d) has joined #dig
14:44:02 <deiu> deiu has quit (Changing host)
14:44:02 <deiu> deiu (~andrei@unaffiliated/deiu) has joined #dig
15:19:48 <scor> scor (~scor@partners-f812c7.mgh.harvard.edu) has joined #dig
15:19:49 <scor> scor has quit (Changing host)
15:19:49 <scor> scor (~scor@drupal.org/user/52142/view) has joined #dig
16:03:23 <trueg> trueg has quit ()
16:20:48 <jmvanel> jmvanel has quit (Ping timeout: 244 seconds)
16:25:40 <trueg> trueg (~trueg@HSI-KBW-46-237-238-110.hsi.kabel-badenwuerttemberg.de) has joined #dig
16:34:01 <jmvanel> jmvanel (~jmv@73.96.114.78.rev.sfr.net) has joined #dig
16:40:44 <amy> amy has quit (Quit: restart)
16:46:29 <amy> amy (~amy@2001:470:8b2d:7d4:fa1e:dfff:fed6:2b66) has joined #dig
16:46:33 <scor> deiu: looking at WebIDauth, it requires to give the PHP access to server SSL private key (server.key). this precious key is normally not accessible to any user on the server. do you typically copy it somewhere PHP can access it (but not in the web space), or do you loosen the permissions on the path to /etc/ssl/private/server.key?
16:46:34 <amy> amy has left #dig
16:47:40 <deiu> scor, it doesn't have to be the server's key
16:48:35 <deiu> it only needs to be a key pair out of which the public key is shared with other services using the IDP
16:49:12 <scor> deiu: the comment says: "// private key belonging to server's SSL certificate"
16:50:00 <deiu> hmm, I might have put that comment when I was working on it locally
16:50:28 <scor> so if what you say is true, it is good, as otherwise it would put the whole SSL layer at risk (the one used for https)
16:50:38 <deiu> btw, the key is only needed when you rung it as an IDP service
16:50:50 <deiu> run*
16:50:56 <scor> yes, like on http://auth.my-profile.eu/ right?
16:50:59 <deiu> yes
16:51:16 <deiu> the HTTP cert needs _not_ be used for the IDP
16:51:21 <scor> sure, that's what WebIDauth is for, WebIDauth is not necessary otherwise
16:51:37 <deiu> you can still use it for local auth
16:51:39 <scor> I would say SHOULD NOT :p
16:51:58 <scor> what do you mean by that?
16:52:46 <amy> amy (~amy@2001:470:8b2d:7d4:fa1e:dfff:fed6:2b66) has joined #dig
16:53:17 <scor> deiu: "the HTTP cert needs _not_ be used for the IDP" it's probably best to generate a new cert key pair for the purpose of the IDP, instead of using the one used by the server for regular https <-- this is a good summary / recommendation right?
16:57:22 <scor> deiu: what did you mean with "you can still use it for local auth" ?
16:57:34 <jmvanel> jmvanel has quit (Ping timeout: 276 seconds)
16:59:22 <deiu> yes for #1
16:59:53 <deiu> #2 I meant that you can use it to authenticate users for your app, without going through an IDP
17:00:33 <deiu> but this also means that your server will require the client cert for each request
17:00:39 <deiu> (which is not bad)
17:04:26 <scor> deiu: so to be clear, #2 is: you can use the private key of the server SSL cert if you only perform auth against that server, and not in delegate auth scenario
17:08:48 <scor> deiu: I was trying WebIDauth last night on an ubuntu 12.10 VM, and FF and Chrome were giving different errors. chrome says FATAL: [SSL Error] TLSv1 required. (found TLSv1.1) - but FF does not complain about that
17:28:53 <melvster> melvster (~melvin@p4FF97AF4.dip.t-dialin.net) has joined #dig
17:35:21 <danbri_> danbri_ has quit (Remote host closed the connection)
17:48:33 <deiu> I thought I relaxed a bit the TLS requirements
17:48:40 <deiu> I'll look at it today
17:49:27 <deiu> scor, about #2, you don't need a private key if you authenticate local requests
17:49:54 <deiu> the private key is _only_ used when WebIDauth acts as an IDP, to sign the redirect request
17:51:20 <scor> ah, so that means that if all I want is to authenticate in my WebIDauth service, I could skip the private key thing (as an exercise durin debugging)
17:57:15 <trueg> trueg is now known as trueg_away
18:02:58 <danbri_> danbri_ (~danbri@cable-146-255-148-108.dynamic.telemach.ba) has joined #dig
18:05:27 <scor> deiu: I'm trying to see why my local instance of webIDauth isn't asking me for a cert… if I point chrome to http://auth.my-profile.eu/, it offer cert selection and let me in, but if I do the same to my local VM, it just says FATAL: [Client Error] You have to provide a certificate!
18:07:05 <scor> ok, so first of all, you are saying that "FATAL: [SSL Error] TLSv1 required. (found TLSv1.1)" is just a warning and will not prevent the rest of the auth to happen, right? so I can safely ignore it for now?
18:21:39 <danbri_> danbri_ has quit (Remote host closed the connection)
18:30:49 <deiu> no, actually it's a FATAL error
18:31:01 <deiu> but that's not the issue I guess
18:31:12 <deiu> I'll remove that check for now
18:31:25 <deiu> you still need to config the web server to ask for a certificate
18:31:40 <deiu> btw, why don't you use the VM image I made for MyProfile
18:31:46 <deiu> it comes with everything preinstalled
18:35:28 <deiu> scor, http://www.cloudiway.com/download/MyProfile/MyProfile.ova
18:35:55 <scor> deiu: I didn't know about that image!
18:36:11 <danbri_> danbri_ (~danbri@cable-146-255-148-108.dynamic.telemach.ba) has joined #dig
18:36:42 <scor> ok, I managed to get my server to ask for a cert now, and I choose my MyProfile cert, and then get FATAL: No ownership! Could not verify that the client certificate's public key matches their private key
18:37:16 <scor> this cert was generated from myprofile.eu
18:38:32 <deiu> weird
18:38:37 <scor> that is with ?verbose=on of course
18:38:42 <deiu> yeah
18:39:01 <deiu> btw, are you doing this as a side project?
18:39:04 <scor> deiu: could it be that my server is not set up propertly to do SSL handshake etc.?
18:39:08 <scor> ??
18:39:22 <scor> yeah, it's not for my main work if that's what you mean
18:39:33 <scor> it's for the Drupal integration
18:39:46 <deiu> ah ok, because I can provide in-person assistance today (before I leave tomorrow)
18:40:06 <scor> ah really? I could come to your office if you have time
18:40:11 <scor> later today
18:40:14 <deiu> sure
18:40:20 <scor> ok, what time?
18:40:32 <deiu> I'll be around until 5:30-6:00pm
18:40:39 <deiu> whenever you want (even now)
18:40:53 <scor> ok, I'll come around in a couple of hours. when do you leave tomorrow?
18:40:55 <deiu> I have nothing in particular that needs doing right now
18:41:06 <deiu> in the evening 
18:41:14 <scor> ok
18:41:29 <deiu> tomorrow I'll be at MIT until 6pm probably 
18:41:40 <scor> great, I might come tomorrow as well :)
18:41:52 <deiu> cool
18:41:54 <scor> thanks for your help deiu and see you soon
18:42:01 <deiu> I'll try to patch WebIDauth today
18:42:02 <melvster> deiu: sounds like you had a productive visit, might be awesome to round it off with a drupal integration! :)
18:42:10 <scor> lol
18:42:31 <deiu> melvster, indeed! more stuff will be revealed soon, so stay tuned!
18:42:31 <scor> deiu: yeah, if you can fix the TLSv1 error for a start that would be great
18:42:47 <scor> I'm surprrised nobody experienced it before.
18:43:03 <deiu> scor, you're using TLSv1.1 > TLSv1
18:43:17 <scor> from the comment in the code, 1.1 should work too since it's > 1
18:43:27 <deiu> not sure
18:43:28 <scor> / check for desired protocol (TLSv1 at least)
18:43:30 <deiu> I'll look into it
18:43:46 <deiu> but actually, I don't care about it in WebIDauth
18:43:55 <deiu> the web server will do the handshake first anyway
18:44:08 <deiu> I'll just remove that check 
18:44:38 <melvster> ot: http://www.wired.com/gadgetlab/2013/01/leap-motion-asus/
18:45:17 <deiu> melvster, I really want to get my hands on LEAP :)
18:47:05 <trueg_away> trueg_away is now known as trueg
18:49:42 <deiu> scor, I've removed the TLSv1 check
18:51:09 <scor> deiu: thanks
19:01:31 <timbl> timbl (~timbl@200.7.52.34) has joined #dig
19:17:12 <danbri_> danbri_ has quit (Remote host closed the connection)
19:55:26 <trueg> trueg is now known as trueg_away
20:04:58 <danbri> danbri (~danbri@cable-146-255-148-108.dynamic.telemach.ba) has joined #dig
20:07:11 <rszeno> rszeno (~rszeno@79.114.18.202) has joined #dig
20:21:02 <melvster1> melvster1 (~melvin@p5797F8D9.dip.t-dialin.net) has joined #dig
20:22:14 <melvster> melvster has quit (Ping timeout: 240 seconds)
20:41:29 <scor> deiu: on my way!
20:44:06 <scor> scor has quit (Quit: scor)
21:03:42 <scor> scor (~scor@31-33-229.wireless.csail.mit.edu) has joined #dig
21:03:42 <scor> scor has quit (Changing host)
21:03:42 <scor> scor (~scor@drupal.org/user/52142/view) has joined #dig
21:15:15 <danbri> danbri has quit (Ping timeout: 248 seconds)
21:17:35 <RalphS> RalphS has quit ()
21:30:59 <jmvanel> jmvanel (~jmv@139.239.24.109.rev.sfr.net) has joined #dig
21:36:59 <cheater__> cheater__ (~cheater@p4FD0EDBE.dip.t-dialin.net) has joined #dig
21:53:41 <scor> scor has quit (Quit: scor)
22:00:42 <deiu> deiu has quit (Quit: Leaving)
22:04:20 <cheater__> cheater__ has quit (Quit: leaving)
22:04:45 <cheater__> cheater__ (~cheater@p4FD0EDBE.dip.t-dialin.net) has joined #dig
23:11:34 <timbl> timbl has quit (Quit: timbl)