Home of the Squeezebox™ & Transporter® network music players.
Page 4 of 4 FirstFirst ... 234
Results 31 to 35 of 35
  1. #31
    Senior Member
    Join Date
    Oct 2010
    Location
    UK
    Posts
    307
    Quote Originally Posted by mherger View Post
    Could you please run LMS with debugging enabled for
    network.squeeznetwork?

    --

    Michael
    Michael: attached is a log with network.squeeznetwork and network.asynchttp debug logging enabled.

    The log suggests that the mysqueezebox.com login attempt timed out after 0.6 seconds. Did it really do that (it seems a pretty short timeout) or did it just throw an error? Can I increase that timeout somewhere?

    Also note in the log that the (redirected) fetch of "https://vorboss.dl.sourceforge.net/project/bpaplugins/V153testrelease-repo.xml" seems to succeed if I am reading it right, so something is functional for https.
    Attached Files Attached Files

  2. #32
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,699

    ZyXEL NSA325 v2 NAS and LMS

    > The log suggests that the mysqueezebox.com login attempt timed out after
    > 0.6 seconds. Did it really do that (it seems a pretty short timeout) or
    > did it just throw an error? Can I increase that timeout somewhere?


    The timeout is hard-coded to 30s. Yeah, that doesn't make sense. Can you
    reach mysb.com from that computer? Do you have a proxy in front of the
    machine?

    --

    Michael

  3. #33
    Senior Member
    Join Date
    Oct 2010
    Location
    UK
    Posts
    307
    Quote Originally Posted by mherger View Post
    > The log suggests that the mysqueezebox.com login attempt timed out after
    > 0.6 seconds. Did it really do that (it seems a pretty short timeout) or
    > did it just throw an error? Can I increase that timeout somewhere?


    The timeout is hard-coded to 30s. Yeah, that doesn't make sense. Can you
    reach mysb.com from that computer? Do you have a proxy in front of the
    machine?

    --

    Michael
    No proxy, and the same LMS does login to mysqueezebox.com ok using http (if I comment out the bit in SqueezeNetwork.pm that maps changes the login url from http to https if HTTP->hasSSL(), as I posted earlier).

    I think I'll try digging around in the networking code to add some more logging, to see if I can find out a bit more about where this is failing...

  4. #34
    Senior Member
    Join Date
    Oct 2010
    Location
    UK
    Posts
    307
    Quote Originally Posted by utgg View Post
    No proxy, and the same LMS does login to mysqueezebox.com ok using http (if I comment out the bit in SqueezeNetwork.pm that maps changes the login url from http to https if HTTP->hasSSL(), as I posted earlier).

    I think I'll try digging around in the networking code to add some more logging, to see if I can find out a bit more about where this is failing...
    I finally got this working by building openssl (and openssh) again from scratch for the ffp platform (openssl-1.0.2k and openssh-7.4p1 replacing openssl-1.0.0e and openssh-5.9p1 that came with ffp). I don't know if the older openssl version is just too old to play ball with mysqueezebox.com using https, or there was something wrong with the way the standard ffp version of openssl was built. Anyway, it all seems happy now, and I presume things are more secure with the later version of openssl.

    It wasn't particularly straightforward to build and install openssl and openssh, nor for that matter to install IO::Socket::SSL. If anyone is interested in instructions, I can add them to my earlier post. Otherwise the instructions I recently updated there do give a functional LMS on the NSA325, albeit without ssl/https support.
    Last edited by utgg; 2017-02-22 at 13:23.

  5. #35
    Senior Member
    Join Date
    Oct 2010
    Location
    UK
    Posts
    307

    Adding HTTPS support to LMS 7.9 on NSA325

    For posterity, I've recorded here how to add https (ssl) support to LMS 7.9 that has been built according to my earlier instructions at post#7. This isn't essential for LMS 7.9, but it seems some 3rd party plugin repositories now use https, LMS will login to mysqueezebox.com with https if it is available, and LMS is now able to proxy some https streams and podcasts.

    To get https support we need to install the IO::Socket::SSL CPAN module - which in turn depends on the Net::SSLeay CPAN module. Net::SSLeay depends on openssl package libraries, and the openssl-1.0.0e version supplied with ffp seems to be too old (or possibly not suitably built) to work with Net::SSLeay. So we need to build a newer version of openssl, and because openssh must be built for the particular version of openssl installed, we must also build a new version of the openssh package.

    The first step is to re-enable telnet and login via telnet, since we'll temproarily need to stop ssh while we install the new packages.
    Code:
    chmod a+x /ffp/start/telnetd.sh
    /ffp/start/telnetd.sh start
    And then login via telnet as root.

    First step is to build and install a new openssl package. We'll build a package file and install that, as it makes it easier to upgrade later. We'll go for the latest openssl-1.0.* version (currently 1.0.2k), since openssl-1.1.* isn't (yet) compatible with openssh.
    Code:
    mkdir -p /mnt/HD_a2/public/additional_packages
    mkdir -p /mnt/HD_a2/public/build
    cd /mnt/HD_a2/public/build
    wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz
    tar -xvf openssl-1.0.2k.tar.gz
    cd openssl-1.0.2k
    ./config --prefix=/ffp --openssldir=/ffp/usr/local/ssl shared
    make
    make INSTALL_PREFIX=/mnt/HD_a2/public/build install_sw
    cd ..
    tar -cvf openssl-1.0.2k-arm-1.txz ffp
    rm -rf ffp
    mv openssl-1.0.2k-arm-1.txz ../addtional_packages
    cd ../additional_packages
    Before we install that, we'll stop the ssh daemon and uninstall the existing openssh and openssl.

    It turns out funpkg depends on libcrypto.so.0.0.1 from the openssl package, so we'll save a copy of that and put it back after the uninstall.
    Code:
    /ffp/start/sshd.sh stop
    cp /ffp/lib/libcrypto.so.0.0.1 /mnt/HD_a2/public/build
    funpkg -r openssh
    funpkg -r openssl
    cp /mnt/HD_a2/public/build/libcrypto.so.0.0.1 /ffp/lib
    Now we must install the new openssl package before moving on to build and install the new openssh package
    Code:
    funpkg -i openssl-1.0.2k-arm-1.txz
    I've chosen the latest openssh version from a random mirror site. Check at www.openssh.com/portable.html for a different mirror/version.

    The following builds a 'nosysconf' upgrade package for openssh, which leaves the existing config and key files as they are.
    Code:
    cd /mnt/HD_a2/public/build
    wget http://anorien.csc.warwick.ac.uk/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz
    tar -xvf openssh-7.4p1.tar.gz
    cd openssh-7.4p1
    ./configure --prefix=/ffp --sysconfdir=/ffp/etc/ssh
    make
    make DESTDIR=/mnt/HD_a2/public/build install-nosysconf
    cd ..
    tar czf openssh-7.4p1-arm-1.txz ffp/
    rm -rf ffp
    mv openssh-7.4p1-arm-1.txz ../additional_packages/
    cd ../additional_packages/
    Now we can install that and restart the sshd daemon. New keys may also need to generated.
    Code:
    funpkg -i openssh-7.4p1-arm-1.txz
    /ffp/start/sshd.sh start
    ssh-keygen -A
    Now try logging back in using ssh.

    You may find logging in as root is now disabled. If so, login as admin, change to root (with su) and edit /ffp/etc/ssh/sshd_config to uncomment the line:
    "#PermitRootLogin yes":
    Code:
    su
    sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /ffp/etc/ssh/sshd_config
    (or just use vi to edit the file)

    Disable telnet again if all is good:
    Code:
    /ffp/start/telnetd.sh stop
    chmod a-x /ffp/start/telnetd.sh
    Now we can build and install the IO::Socket::SSL and Net::SSLeay CPAN modules into the base ffp perl installation.

    We'll use the cpan utility to make this easy. But cpan first needs a first-time (interactive) setup. This is a little awkward because cpan wants to put its MyConfig.pm under /root, which is in ram and will be lost after a reboot. To keep the config, we'll copy it do disk and thereafter reference it from there:
    [CODE]
    mkdir -p /mnt/HD_a2/public/build/.cpan
    cpan -v[\CODE]
    To the first question answer 'no' and enter /mnt/HD_a2/public/.cpan for the build and cache directory. i.e.:
    Code:
    Would you like to configure as much as possible automatically? [yes] n
    CPAN build and cache directory? [/root/.cpan] /mnt/HD_a2/public/.cpan
    Choose the default (hit <return>) for all the remaining questions.

    Now we move the config file from /root to disk, and get cpan to install our IO::Socket::SSL CPAN module and its dependencies:
    Code:
    mv /root/.cpan/CPAN /mnt/HD_a2/public/.cpan
    OPENSSL_PREFIX=/ffp
    export OPENSSL_PREFIX
    cpan -j /mnt/HD_a2/public/.cpan/CPAN/MyConfig.pm -i IO::Socket::SSL
    Choose the default (hit return) for the questions asked.

    Important: Check that you see the line "Found OpenSSL-1.0.2k installed in /ffp" reported. If it says "Found OpenSSL-1.0.2k installed in /usr", something has gone wrong with setting the OPENSSL_PREFIX environment variable, and you'll get a broken build.

    Now we can start lms again, and all should be good!
    Code:
    /ffp/start/lms.sh start
    Last edited by utgg; 2017-07-20 at 04:09.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •