jrmwvu04
Very Senior Member
Si señor. Without cross compiling, there are no binaries. But hey, progress.
pixelserv pixelserv - A Better One-pixel Webserver for Adblock
- Thread starter kvic
- Start date
thelonelycoder
Part of the Furniture
Three dynamically linked binaries:
- armv7 (32-bit, RT-AC56U/68U/87U/etc and RT-AC86U/AX88U with 32-bit Entware)
- mipsel (32-bit, RT-N66U/AC66U/etc)
- armv8 (64-bit, RT-AC86U/AX88U with 64-bit Entware)
I know it's a lot to ask for but this is how kvic distributed his beta versions and it would work best for the time being.
There's hope that @kvic returns one day, distributing again his coding excellence through the Entware packaging system again. I don't want to close out that possibility.
jrmwvu04
Very Senior Member
Yeah, but I don't know how to build them. The information I've been able to find so far makes assumptions that you know how to get the build environment set up for all the various architectures you want to create - which I do not.
Amen to that, brother.
thelonelycoder
Part of the Furniture
The certificate I create during Diversion installation will need to be compatible too.
The command I use is
Would it suffice if I change the key length and expiry date, like so?
The command I use is
Code:
openssl genrsa -out ca.key 1024
openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"
Code:
openssl genrsa -out ca.key 2048
openssl req -key ca.key -new -x509 -days 825 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"
dave14305
Part of the Furniture
I’m no good with compiling, but there are some closed issues on kvic’s github that might have some hints, if no one has looked there yet.
https://github.com/kvic-z/pixelserv-tls/issues?q=is:issue+is:closed
https://github.com/kvic-z/pixelserv-tls/issues?q=is:issue+is:closed
Jack Yaz
Part of the Furniture
I may have found a hacky way of producing the binaries....testing in progress
Doesn't the current openssl dev/source need to be available somewhere on the the compile paths? If linux, you might have to pull that down as part of the developer toolkit / source or maybe github?
I recall seeing OpenSSL versions upgrades in his dev notes. That may be helpful.
https://stackoverflow.com/questions/11841919/cross-compile-openssh-for-arm
https://wiki.openssl.org/index.php/Compilation_and_Installation
https://assil.me/2017/09/30/cross-compile-openssl-arm-zynq.html
I recall seeing OpenSSL versions upgrades in his dev notes. That may be helpful.
https://stackoverflow.com/questions/11841919/cross-compile-openssh-for-arm
https://wiki.openssl.org/index.php/Compilation_and_Installation
https://assil.me/2017/09/30/cross-compile-openssl-arm-zynq.html
thelonelycoder
Part of the Furniture
Things start to look better on the pixelserv-tls "new certificate generation" front.
Time to settle down and wait for the updated files.
Time to settle down and wait for the updated files.
You also need to set the key usage to Web Server:
https://github.com/RMerl/asuswrt-merlin.ng/commit/e786dfa2a5faac92c77c499a9b7fb0923efce892
Adjust this in the openssl.cnf config file you are using.
Might also want to ensure that the clock is accurately set before generating the cert with a 2 years duration, otherwise your certificate may expire prematurely if someone is running an older firmware release.
https://github.com/RMerl/asuswrt-merlin.ng/commit/9e1566a472b3babcbe463e21e5b00a1b1efff30a
^^^^ Doesn't it need the libs for openssl compiled for ARM available, so you have to compile those too or make sure they are in the libpaths?
https://assil.me/2017/09/30/cross-compile-openssl-arm-zynq.html
https://assil.me/2017/09/30/cross-compile-openssl-arm-zynq.html
Jack Yaz
Part of the Furniture
I'll send you a link
jrmwvu04
Very Senior Member
jrmwvu04
Very Senior Member
Currently I'm working with macOS because it's just easier to sit behind one keyboard to do testing. iOS behaves similarly, but doesn't give the user as many specifics. All of this pertains to Safari, by the way. I am not sure how or if other browsers are affected yet.
It's worth noting, I think, that it's not the end of the world that the handshake fails. pixelserv and by extension Diversion will still be quite useful and functional even while a solution is being worked out.
Asad Ali
Very Senior Member
The binaries are already patched and compiled and currently under testing phase.
jrmwvu04
Very Senior Member
I’ve uploaded Jack’s binaries to my Dropbox if anyone wants to test.
https://dropbox.com/s/m1884645pvf5kxj/pixelserv-tls-2.3.tgz
These are the binaries only, for the various asuswrt platforms. You will need to know what to do with them and what changes to make, and testing is at your own risk - I offer neither support nor guarantees about usability.
https://dropbox.com/s/m1884645pvf5kxj/pixelserv-tls-2.3.tgz
These are the binaries only, for the various asuswrt platforms. You will need to know what to do with them and what changes to make, and testing is at your own risk - I offer neither support nor guarantees about usability.
XIII
Very Senior Member
If Apple releases iOS 13 GM later today, I plan to install that on all my iOS devices.
I wanted to check my current "tav" value before doing that, but I can't get any statistics:
What am I doing wrong?
(I checked with Diversion that pixelserv-tls is indeed running on 192.168.1.2)
I wanted to check my current "tav" value before doing that, but I can't get any statistics:
Code:
# curl http://192.168.1.2/servstats
curl: (7) Failed to connect to 192.168.1.2 port 80: No route to hostWhat am I doing wrong?
(I checked with Diversion that pixelserv-tls is indeed running on 192.168.1.2)
visortgw
Very Senior Member
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| C | Diversion Pixelserv replacement | Asuswrt-Merlin AddOns | 2 | |
| L | Is Diversion better than NextDNS, PiHole or AdGuard Home? | Asuswrt-Merlin AddOns | 10 |
Similar threads
-
-
Is Diversion better than NextDNS, PiHole or AdGuard Home?
- Started by Logi
- Replies: 10