Random Friday Night Things

Saturday, April 26th, 2008 at 12:45 am | 1,337 views | trackback url

Gas Ascent

Gas prices are now up 11.71% from last week. We’ve gone from $3.32/gallon to $3.75/gallon in 7 days and the price keeps on rising. My local gas station goes up $0.01 to $0.03/day, every day.

Fixing Dovecot SSL Certificates

My local Dovecot certificates expired, so I had to re-gen some new ones… but the problem is that Debian’s dpkg-reconfigure for the dovecot-common package is a bit botched, and complains that there are SSL certs already, and does not re-gen new ones.. even when I manually rm them from /etc/ssl/certs/.

The solution? Do it all manually, of course.

First, check your existing certificate’s validity and expiry:

$ openssl x509 -in /etc/ssl/certs/dovecot.pem -noout -text| grep -A2 Validity
        Validity
            Not Before: Apr 21 12:21:07 2007 GMT
            Not After : Apr 21 12:21:07 2008 GMT

If the expiry is past-due, find and delete the existing dovecot certs:

find /etc/ssl -name 'dovecot.*' -exec rm {} \;

…and re-gen new ones… like this (this is where it gets ugly, but follow along one command/step at a time):

cd /etc/ssl/certs
PATH=$PATH:/usr/bin/ssl
HOSTNAME=`hostname -s`
FQDN=`hostname -f`
MAILNAME=`cat /etc/mailname 2> /dev/null || hostname -f`

# These next lines get run all in one command, from open parenthesis to end parenthesis. 
(openssl req -new -x509 -days 365 -nodes -out $SSL_CERT -keyout $SSL_KEY > /dev/null 2>&1 <<+
.
.
.
Dovecot mail server
$HOSTNAME.$DOMAINNAME
$FQDN
root@$MAILNAME
+
)

Now you should have two shiny new certs stored in:

/etc/ssl/certs/dovecot.pem and /etc/ssl/private/dovecot.pem

It's a good idea to examine these with the openssl command above, just to be sure they're correct. You should now see something like the following:

$ openssl x509 -in /etc/ssl/certs/dovecot.pem -noout -text| grep -A2 Validity
        Validity
            Not Before: Apr 23 06:30:49 2008 GMT
            Not After : Apr 23 06:30:49 2009 GMT

These now get poked into your /etc/dovecot/dovecot.conf file

ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem

The reason I had to go through this rigmarole was because the Thunderbird nightly build I am now using to import all of my IMAP mail archives to Gmail outright rejects the cert if it has expired.

Previous versions would issue a warning that the cert was expired, and you could continue anyway. These new versions are much less permissive, and outright block access.

To import your new Dovecot cert into Thunderbird, you have to jump through a couple of hoops.

Launch Thunderbird and go to Edit → Preferences → Certificates.

Thunderbird Preferences

Click on the "View Certificates" button and go to the "Authorities" tab.

Thunderbird Certificate Manager

Click "Import" here and a file picker dialog will pop open. Navigate to your dovecot.pem certificate (the one that was put into /etc/ssl/certs/, not the one in /etc/ssl/private), and import that.

Thunderbird CA certificate import

Ignore my ugly icons in these screenshots, they're 'broken' because I'm testing something in the background.

After this has been imported, if you go back to the Authorities tab and scroll down a bit, you should see a new certificate listed for Dovecot, as shown here:

Thunderbird Certificate Manager Dovecot

If you select this certificate and click on "View", you should see something like the following:

Thunderbird Dovecot SSL certificate details

Voila! Now you can use your Thunderbird nightly build against your local IMAP without connections being denied.

Stupid, silly Gravatars

I noticed that there is a new WordPress out with over 70 fixes. That alone plus the security issues closed merits an upgrade for me across all of the user, professional, MFA and other blogs I run and host for people.

The biggest bug fixed in this one has been affecting me for weeks now, and I've reported it and am glad to see they claim to have fixed it.

But there was something wacky with my theme, which caused user's avatars to be invisible. I trundled over to the main Gravatar site to look for answers, and saw that they have their own WordPress plugin to handle that.

I downloaded the plugin, installed it and was not surprised to find that it didn't work at all.

Sigh.

So I cracked open the source, and noticed that it flat-out was non-functional. Even their instructions say to use the following syntax:

<img src="<?php gravatar("R", 40, "http://www.somewhere.com/heatvision.jpg"); ?>" alt="" />

That url they provide in their instructions leads to a 404, because it doesn't exist. Easy problem to solve, but the code itself is never reached.

Pouring through more templates and WordPress source revealed the subtle answer:

<?php echo get_avatar($comment, 40 ); ?>

I wrapped that in a proper div with some quick inline styles, and now avatars work for public comments on posts:

<div id="gravatar" style="float:left;margin-right:0.5em;"><?php echo get_avatar($comment, 40 ); ?></div>

I wish some projects would test their code before they release it, or at the very least before they claim that it works "...just like this...".

Last Modified: Sunday, March 6th, 2016 @ 00:03

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 539 access attempts in the last 7 days.