27 Dub
2020
27 Dub
'20
16:48
if you dont auth every request then it is possible to connect 1 day before a cert expires,
and leave it connected for the next year without having to renew, i think?
On 27 Apr 2020, at 17:45, Piotr Przybył
<piotr(a)przybyl.org> wrote:
Hello
Please let me add my two cents... ;-)
1. EPP is not REST-ish.
2. For better performance it's worth to keep established connection & session, so
there's no need to
authenticate for every request.
If something custom is needed, then one should first establish TLS connection (not HTTPs,
as it's
using certificates on both ends), then it's "only" a matter of sending XML
requests and responses
back and forth.
Hope that helps
Piotr
On 27.04.2020 09:24, Jaromir Talir wrote:
Hi Lem,
unfortunatelly, it is not possible to use curl as EPP client. EPP over
TLS protocol (see RFC5734) is different from HTTPS. You need to use
some EPP client, the best is FRED's internal fred-client.
Regards,
Jaromir
On Sun, 2020-04-26 at 16:02 +0600, Lem wrote:
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users Hi,
My name is Lem.
I tried to use curl to check EPP and got in log:
[26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
61959] Client connected
[26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
61959] Corba call (epp-cmd hello)
[26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
61959] Corba call ok
[26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
61959] Invalid epp frame length (1347375952 bytes)
[26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
61959] Session ended
Please help me. What do I wrong?
Output for curl:
root# curl -k --cert /usr/share/fred-client/ssl/test-cert.pem --
cacert /usr/share/fred-client/ssl/test-cert.pem --key
/usr/share/fred-client/ssl/test-key.pem -vvvv -d '<?xml version="1.0"
encoding="utf-8" standalone="no"?><epp
xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-
1.0.xsd"><command><login><clID>REG-
CZ</clID><pw>qazQAZ123</pw><options><version>1.0</version><lang>en</l
ang></options><svcs><objURI>
http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>http://ww…
https://192.168.0.7:700
* Rebuilt URL to: https://192.168.0.7:700/
* Trying 192.168.0.7...
* Connected to 192.168.0.7 (192.168.0.7) port 700 (#0)
* found 1 certificates in /usr/share/fred-client/ssl/test-cert.pem
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: 192.168.0.7 (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #1
* subject: C...CN=192.168.0.7
* start date: Fri, 24 Apr 2020 07:19:19 GMT
* expire date: Mon, 22 Apr 2030 07:19:19 GMT
* issuer: C...CN=192.168.0.7
* compression: NULL
* ALPN, server accepted to use http/1.1
* Connection #0 to host 192.168.0.7 left
intact
Sincerely, Lem.
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users
POST / HTTP/1.1
Host: 192.168.0.7:700
User-Agent: curl/7.47.0
Accept: */*
Content-Length: 700
Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 700 out of 700 bytes
t<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-
1.0.xsd"><greeting><svID>EPP server
(DSDng)</svID><svDate>2020-04-
26T15:31:16+06:00</svDate><svcMenu><version>1.0</version><lang>en</la
ng><lang>cs</lang><objURI>
http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>http://ww…