walter SSL Support: smtp.lua requires luaossl but OpenBSD has luasec #74

New issue

Closed

opened 2025-06-22 18:49:11 +02:00 by Michael · 1 comment

Michael commented 2025-06-22 18:49:11 +02:00 (Migrated from gitea.dragons-at-work.de)

Copy link

Problem

walter HTTP-Server läuft perfekt, aber E-Mail-Tests schlagen fehl wegen fehlendem SSL-Support für SMTP Port 465.

Current Status

• ✅ HTTP-Server: läuft auf 127.0.0.1:8080
• ✅ Config-Detection: /usr/local/etc/furt/environment geladen
• ✅ SMTP-Config: noreply@dragons-at-work.de erkannt
• ❌ SSL-Library: require('ssl') nicht verfügbar

Technical Details

smtp.lua Requirements:

• local ssl = require("ssl") -- luaossl API

OpenBSD Packages:

• walter: pkg_info -Q lua | grep ssl (empty)
• walter: pkg_info -Q luasec shows luasec-1.2.0 (Available alternative)

luaossl vs luasec API Differences:

• luaossl (smtp.lua current): local ssl = require("ssl")
• luasec (OpenBSD available): local ssl = require("ssl.core")

Solution Options

Option 1: luasec Adaptation (Recommended)

• walter: doas pkg_add luasec
• smtp.lua modification: Add compatibility layer for both luaossl and luasec

Option 2: openssl Command Fallback

• Use system openssl command for SMTP connections
• Simpler but less integrated

Option 3: STARTTLS (Port 587)

• Plain connection → STARTTLS → SSL upgrade
• Might be easier than SSL direct connect

Acceptance Criteria

• walter kann SSL-SMTP-Verbindungen aufbauen
• E-Mail-Test funktioniert: walter → mail.dragons-at-work.de:465
• Health-Check zeigt weiterhin smtp_configured: true
• Lösung funktioniert auch auf anderen OpenBSD-Systemen

Implementation Steps

1. Install luasec: doas pkg_add luasec
2. Test luasec: lua -e require ssl.core
3. Modify smtp.lua: Add compatibility layer
4. Test SMTP: End-to-end E-Mail-Versand
5. Update start.sh: Optional - bessere SSL-Detection

Priority

MEDIUM - walter läuft für HTTP, SSL für vollständige E-Mail-Tests

Related Issues

• Issue #68: Universal Config Detection (parent issue)
• karl regression (separate issue)
• Config-Strategy-Überarbeitung (separate issue)

Technical Context

• SMTP-Server: mail.dragons-at-work.de:465 (SSL direct)
• Config: /usr/local/etc/furt/environment (funktional)
• User: _furt (funktional)
• Structure: /usr/local/furt/furt-lua/ (korrekt)

Alternative Investigation

• Port 587 available? STARTTLS might be easier
• Server-Config: Does mail server support multiple ports?
• Authentication: Beyond SSL, SMTP auth working?

## Problem walter HTTP-Server läuft perfekt, aber E-Mail-Tests schlagen fehl wegen fehlendem SSL-Support für SMTP Port 465. ## Current Status - ✅ **HTTP-Server:** läuft auf 127.0.0.1:8080 - ✅ **Config-Detection:** /usr/local/etc/furt/environment geladen - ✅ **SMTP-Config:** noreply@dragons-at-work.de erkannt - ❌ **SSL-Library:** require('ssl') nicht verfügbar ## Technical Details ### **smtp.lua Requirements:** - local ssl = require("ssl") -- luaossl API ### **OpenBSD Packages:** - walter: pkg_info -Q lua | grep ssl (empty) - walter: pkg_info -Q luasec shows luasec-1.2.0 (Available alternative) ### **luaossl vs luasec API Differences:** - luaossl (smtp.lua current): local ssl = require("ssl") - luasec (OpenBSD available): local ssl = require("ssl.core") ## Solution Options ### **Option 1: luasec Adaptation (Recommended)** - walter: doas pkg_add luasec - smtp.lua modification: Add compatibility layer for both luaossl and luasec ### **Option 2: openssl Command Fallback** - Use system openssl command for SMTP connections - Simpler but less integrated ### **Option 3: STARTTLS (Port 587)** - Plain connection → STARTTLS → SSL upgrade - Might be easier than SSL direct connect ## Acceptance Criteria - [ ] walter kann SSL-SMTP-Verbindungen aufbauen - [ ] E-Mail-Test funktioniert: walter → mail.dragons-at-work.de:465 - [ ] Health-Check zeigt weiterhin smtp_configured: true - [ ] Lösung funktioniert auch auf anderen OpenBSD-Systemen ## Implementation Steps 1. Install luasec: doas pkg_add luasec 2. Test luasec: lua -e require ssl.core 3. Modify smtp.lua: Add compatibility layer 4. Test SMTP: End-to-end E-Mail-Versand 5. Update start.sh: Optional - bessere SSL-Detection ## Priority **MEDIUM** - walter läuft für HTTP, SSL für vollständige E-Mail-Tests ## Related Issues - Issue #68: Universal Config Detection (parent issue) - karl regression (separate issue) - Config-Strategy-Überarbeitung (separate issue) ## Technical Context - **SMTP-Server:** mail.dragons-at-work.de:465 (SSL direct) - **Config:** /usr/local/etc/furt/environment (funktional) - **User:** _furt (funktional) - **Structure:** /usr/local/furt/furt-lua/ (korrekt) ## Alternative Investigation - **Port 587 available?** STARTTLS might be easier - **Server-Config:** Does mail server support multiple ports? - **Authentication:** Beyond SSL, SMTP auth working?

Michael commented 2025-06-23 08:33:34 +02:00 (Migrated from gitea.dragons-at-work.de)

Copy link

✅ RESOLVED: walter SSL Support erfolgreich implementiert

Solution Summary

walter SSL-Problem komplett gelöst durch universelle smtp.lua mit Auto-Detection für luaossl (Arch) und luasec (OpenBSD).

Implementation Details

• ✅ Universal SSL Compatibility Layer - Automatische Erkennung verfügbarer SSL-Libraries
• ✅ walter: luasec Integration - Native OpenBSD Package (luasec-1.2.0)
• ✅ karl: luaossl Backward-Compatibility - Bestehende Funktionalität erhalten
• ✅ API-Abstraction - Transparente Behandlung unterschiedlicher SSL-APIs

Test Results

karl (Arch Linux):

curl -X POST http://localhost:8080/v1/mail/send -H "Content-Type: application/json" -d '{"name":"Karl Test","email":"test@example.com","subject":"luaossl Test","message":"Testing"}'
# Result: {"success":true,"message":"Mail sent","request_id":"1750657091-8561"}
# E-Mail erfolgreich empfangen mit DKIM auth=pass

walter (OpenBSD):

doas -u _furt sh -c "cd /usr/local/furt/furt-lua && ./scripts/start.sh"
curl -X POST http://127.0.0.1:8080/v1/mail/send -H "Content-Type: application/json" -d '{"name":"Walter Test","email":"test@example.com","subject":"luasec Test","message":"Testing"}'
# Result: {"success":true,"message":"Mail sent","request_id":"1750658185-9835"} 
# E-Mail erfolgreich empfangen mit DKIM auth=pass

Production Readiness

• ✅ Service-User-Compatible - Läuft unter _furt user
• ✅ Config-Detection - /usr/local/etc/furt/environment funktional
• ✅ SMTP SSL Port 465 - Funktioniert auf beiden Systemen
• ✅ Multi-Distribution - Arch Linux + OpenBSD Support

Tech-Sovereignty Compliance

• ✅ No OpenSSL Command Dependencies - Pure Lua-SSL-Implementation
• ✅ University-backed Libraries - luasec (academic), luaossl (community)
• ✅ Package-Manager-Integration - Native OS-Packages, keine custom builds

walter ist production-ready für OpenBSD-Server deployment! 🚀

## ✅ RESOLVED: walter SSL Support erfolgreich implementiert ### **Solution Summary** **walter SSL-Problem komplett gelöst** durch universelle smtp.lua mit Auto-Detection für luaossl (Arch) und luasec (OpenBSD). ### **Implementation Details** - ✅ **Universal SSL Compatibility Layer** - Automatische Erkennung verfügbarer SSL-Libraries - ✅ **walter: luasec Integration** - Native OpenBSD Package (luasec-1.2.0) - ✅ **karl: luaossl Backward-Compatibility** - Bestehende Funktionalität erhalten - ✅ **API-Abstraction** - Transparente Behandlung unterschiedlicher SSL-APIs ### **Test Results** **karl (Arch Linux):** ```bash curl -X POST http://localhost:8080/v1/mail/send -H "Content-Type: application/json" -d '{"name":"Karl Test","email":"test@example.com","subject":"luaossl Test","message":"Testing"}' # Result: {"success":true,"message":"Mail sent","request_id":"1750657091-8561"} # E-Mail erfolgreich empfangen mit DKIM auth=pass ``` **walter (OpenBSD):** ```bash doas -u _furt sh -c "cd /usr/local/furt/furt-lua && ./scripts/start.sh" curl -X POST http://127.0.0.1:8080/v1/mail/send -H "Content-Type: application/json" -d '{"name":"Walter Test","email":"test@example.com","subject":"luasec Test","message":"Testing"}' # Result: {"success":true,"message":"Mail sent","request_id":"1750658185-9835"} # E-Mail erfolgreich empfangen mit DKIM auth=pass ``` ### **Production Readiness** - ✅ **Service-User-Compatible** - Läuft unter _furt user - ✅ **Config-Detection** - /usr/local/etc/furt/environment funktional - ✅ **SMTP SSL Port 465** - Funktioniert auf beiden Systemen - ✅ **Multi-Distribution** - Arch Linux + OpenBSD Support ### **Tech-Sovereignty Compliance** - ✅ **No OpenSSL Command Dependencies** - Pure Lua-SSL-Implementation - ✅ **University-backed Libraries** - luasec (academic), luaossl (community) - ✅ **Package-Manager-Integration** - Native OS-Packages, keine custom builds **walter ist production-ready für OpenBSD-Server deployment!** 🚀

michael added this to the v0.1.2 - Gateway Basics milestone 2025-08-14 05:21:02 +02:00

michael added

status

done

and removed

status

to-go

labels 2025-08-14 07:23:17 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feature/structured-logging-health-monitoring

v0.1.4

v0.1.3

v0.1.2

generation-1-archive

debug-monster-anti-pattern

Labels

Clear labels   

apache

Auto-generated label

  

api

Auto-generated label

  

api-contract

Furt: api_design

  

api-gateway

Auto-generated label

  

authentication

Auto-generated label

  

automation

Auto-generated label

  

breaking-change

Breaking Change - Version Bump nötig

  

comments

Auto-generated label

  

component/deployment

Auto-generated label

  

component/documentation

Auto-generated label

  

component/service-management

Auto-generated label

  

configuration

Konfiguration und Setup

  

contact-form

Auto-generated label

  

coordination/cross-repo

Betrifft mehrere Repositories

  

coordination/needed

Benötigt Abstimmung zwischen Teams/Projekten

  

core

Auto-generated label

  

deployment

Build Deploy und DevOps

  

development

Auto-generated label

  

development-ready

Auto-generated label

  

digital-sovereignty

Fördert digitale Souveränität

  

distribution

Auto-generated label

  

effort

large

Großer Aufwand - mehr als 3 Sessions

  

effort

medium

Mittlerer Aufwand - 1-3 Sessions

  

effort

small

Kleiner Aufwand - weniger als 1 Session

  

enhancement

Verbesserung oder neue Funktion

  

frontend

Auto-generated label

  

furt-service

Auto-generated label

  

furt/gateway

Auto-generated label

  

furt/installation

Auto-generated label

  

gateway

API-Gateway Kern-Funktionalität

  

gateway-integration

Auto-generated label

  

generator

Auto-generated label

  

gitea-testing

Auto-generated label

  

health-check

Auto-generated label

  

help-wanted

Community-Input erwünscht

  

hugo

Auto-generated label

  

hugo-integration

Furt: frontend

  

infrastructure

Infrastructure-related

  

installation

Auto-generated label

  

logging

Auto-generated label

  

low-tech

Im Einklang mit Low-Tech-Prinzipien

  

mail

Auto-generated label

  

meta

Auto-generated label

  

meta/duplicate

Duplikat eines anderen Issues

  

meta/planning

Projekt-Management, Planung, Organisation

  

meta/wontfix

Wird bewusst nicht umgesetzt

  

monitoring

Auto-generated label

  

observability

Auto-generated label

  

openapi

Auto-generated label

  

organization

Auto-generated label

  

packaging

Auto-generated label

  

performance

Performance und Optimierung

  

planning

Auto-generated label

  

platform/linux

Auto-generated label

  

priority

high

Hohe Priorität - sofort bearbeiten

  

priority

low

Niedrige Priorität - wenn Zeit vorhanden

  

priority

medium

Mittlere Priorität - normale Bearbeitung

  

production

Auto-generated label

  

question

Frage oder Hilfe benötigt

  

sagjan

Auto-generated label

  

security

Sicherheit und Authentifizierung

  

service

Auto-generated label

  

service-analytics

Furt: service_integration

  

service-development

Service-specific label

  

service-formular2mail

Formular-zu-E-Mail Service

  

service-newsletter

Furt: newsletter

  

service-request

Anfrage für neuen Service

  

service-sagjan

Sagjan Kommentarsystem Integration

  

session

blocker

Blockiert aktuelle Session - muss zuerst gelöst werden

  

session

handover

Session-Übergabe - Dokumentation für nächste Session

  

session

next

Für nächste Session geplant

  

shortcode

Auto-generated label

  

specs

Auto-generated label

  

ssl

Auto-generated label

  

status

blocked

Blockiert durch andere Issues/Dependencies

  

status

done

Abgeschlossen und getestet

  

status

in-progress

Aktuell in Bearbeitung

  

status

review

Fertig - wartet auf Review/Testing

  

status

to-go

Bereit zum Start - keine Blocker

  

systemd

Auto-generated label

  

testing

Tests und Qualitätssicherung

  

tooling

Auto-generated label

  

type

admin

Administrative Aufgaben, Verwaltung

  

type

bug

Fehler beheben

  

type

config

Konfiguration ändern/anpassen

  

type

deployment

Code/Services auf Server deployen

  

type

docs

Dokumentation erstellen/aktualisieren

  

type

enhancement

Bestehende Funktionalität verbessern

  

type

feature

Neue Funktionalität entwickeln

  

type

handover

Session-Übergabe-Dokumentation

  

type

infrastructure

Server, Domains, Infrastruktur-Management

  

type

installation

Software installieren und einrichten

  

type

maintenance

Wartung, Cleanup, Refactoring

  

type

migration

Daten/Services migrieren

  

type/refactor

Auto-generated label

  

type

research

Recherche, Exploration, Konzept-Evaluation

  

type

security

Sicherheitsbezogene Aufgaben

  

type/testing

Auto-generated label

  

v0.1.0

Auto-generated label

No labels

apache

api

api-contract

api-gateway

authentication

automation

breaking-change

comments

component/deployment

component/documentation

component/service-management

configuration

contact-form

coordination/cross-repo

coordination/needed

core

deployment

development

development-ready

digital-sovereignty

distribution

effort

large

effort

medium

effort

small

enhancement

frontend

furt-service

furt/gateway

furt/installation

gateway

gateway-integration

generator

gitea-testing

health-check

help-wanted

hugo

hugo-integration

infrastructure

installation

logging

low-tech

mail

meta

meta/duplicate

meta/planning

meta/wontfix

monitoring

observability

openapi

organization

packaging

performance

planning

platform/linux

priority

high

priority

low

priority

medium

production

question

sagjan

security

service

service-analytics

service-development

service-formular2mail

service-newsletter

service-request

service-sagjan

session

blocker

session

handover

session

next

shortcode

specs

ssl

status

blocked

status

done

status

in-progress

status

review

status

to-go

systemd

testing

tooling

type

admin

type

bug

type

config

type

deployment

type

docs

type

enhancement

type

feature

type

handover

type

infrastructure

type

installation

type

maintenance

type

migration

type/refactor

type

research

type

security

type/testing

v0.1.0

Milestone

Clear milestone

No items

No milestone

v0.1.2 - Gateway Basics

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: DAW/furt#74

No description provided.