freenode/#lisp - IRC Chatlog
Search
20:11:12
jasom
Anybody know the most recent version of ASDF for which the package ASDF/PACKAGE exists as a nickname for UIOP/PACKAGE?
20:22:32
shrdlu68
Got some time to work on cl-tls. I edited a version of dexador to test with, and ran into an issue where some servers are sending records that are bigger in length than the spec allows for. Very weird.
20:41:36
fe[nl]ix
shrdlu68: have you tried extracting the conformance test suites from other ssl libraries and running them against cl-tls ?
20:44:04
shrdlu68
fe[nl]ix: Nope, apart from the openssl and gnutls command-line tools. Might you know of any?
20:49:12
shrdlu68
If I comment out the code that checks that the fragment length does not exceed the maximum fragment length it all works fine. I can see in wireshark that the records are indeed past the allowed size limit (2^14).
20:52:36
fe[nl]ix
there are two types of test suites: the ones that send ostensibly correct packetes and check the server configuration for features that are vulnerable to attacks
20:53:15
fe[nl]ix
and the ones that send incorrect packets and try to detect bugs in the protocol state machine
20:56:14
shrdlu68
I'm aware of ssllabs, I think it tests for poor configuration rather than implementation bugs.
20:58:07
shrdlu68
There are hardly more sophisticated tls test suits than fuzzers, which are, in my experience, not very effective in the case of tls/ssl.
21:01:07
fe[nl]ix
I know there are proprietary suites that were built by going through the standard and implementing a contrary test every time there's a MUST or a SHOULD
21:03:02
shrdlu68
For example, cl-tls reports that the certificate that signs microsoft.com's ocsp responses does not have the ocsp-sign bit set.
21:03:12
fe[nl]ix
setting up a business and finding the first customers might not be easy, but doable
21:04:51
shrdlu68
Another example: A bunch of ocsp responders have much longer update intervals than I had initially set as the maximum in cl-tls, forcing me to lower the standards. The spec only says the interval should be "sufficiently recent". This gives people the freedom to set update intervals that I thought no sane person would set for an ocsp responder.
21:09:45
shrdlu68
One concept I learned in writing cl-tls was "bug-compliance" and "bug-compatibility", from Peter Gutmann's blogs. When a major company misreads the specs and creates a buggy x509/tls implementation, everyone else is forced to introduce this bug as well in order to be bug-compatible with the big guys.
21:55:59
shrdlu68
How should write-byte and write-sequence behave when attempting to write to a closed stream?
21:58:12
specbot
Open and Closed Streams: http://www.lispworks.com/reference/HyperSpec/Body/21_aaab.htm
21:58:23
Shinmera
"Except as explicitly specified otherwise, the consequences are undefined when a closed stream is used where a stream is called for.
22:02:24
shrdlu68
I'm trying to determine what's the correct way to handle such a situation in cl-tls. I'm currently raising an error but cl:stream-error might be a better idea.
2:03:50
jasom
emaczen: oh, I guess it's not part of the spec, see trivial-garbage for a portable library
2:22:17
jasom
https://github.com/jasom/ql2nix/tree/overlay <-- an overlay that contains ~75% of the systems in quiciklisp for nix; you should be able to use it to make working dev environments for projects on nix
2:32:21
jasom
it's not well tested (if the system loads with no errors, it gets included), *but* all foreign libraries that are loaded with the system should be correctly included
3:22:55
lexicall
Hi, I'm on OSX using sbcl 1.3.21 with slime 2.14 and I caught "Error while compiling ~/quicklisp/dists/quicklisp/software/slime-2.14/contrib/swank-sbcl-exts.lisp"
3:30:11
happy_gnu[m]
Look I have no idea because I am a begginer at programming, but usually GNU/Linux bistros come with everything packaged in a simpler way
3:33:56
pjb
(ok, it's a commercial unix system so it has a lot of problems (uncorrected bugs) like all commercial software, but still…
3:34:42
happy_gnu[m]
I didn't say it won't work on Mac I just said usually is easier to install things from GNu/Linux than mac
3:34:50
pjb
1- check your rc files. Don't load any thing provided by the packaging system if you used one to install sbcl!
3:35:07
pjb
(this is why using ccl is nice: no packaging system provides ccl! You have to install it yourself :-))
3:36:57
lexicall
I'm using homebrew, which installed slime 2.20 but I don't know exactly how to link that one with quicklisp or emacs.
3:37:12
takitus
It's silly to talk about how easy is to install things on 'Linux'. It depends entirely on which distro.