27 Dub
2020
27 Dub
'20
17:45
Hi,
We use a keep-alive connection. We are connect on start, and during the time we send only
requests keeping connection (we use check domain each 300s).
We are connected full time between CZ-NIC planned mantiences. It can be months, years ...
Expiration of certificate is not reasson for disconnect, because its checked only on login
time.
We use a this also for all other EPP-based registry software.
S pozdravem, Jan Horak
Gransy s.r.o., CEO
27. 4. 2020 v 17:24, Dr P Nyirenda
<paulos(a)sdnp.org.mw>mw>:
On 27 Apr 2020 at 17:48, Jon 'Boli' Copeland wrote:
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This email has been checked for viruses by AVG.
https://www.avg.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users
if you dont auth every request then it is
possible to connect 1 day
before a cert expires, and leave it connected for the next year
without having to renew, i think?
Interesting, I see this happening for some registrars already, they connect once and
just
issue XML connections all day may be for days. When the connection drops then they issue
a complaint.
So, my question is, from your experience what is the longest time that you have seen a
registrar hold such a connection?
Is there no XML EPP command that requires a new login ?
Regards,
Paulos
======================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.registrar.mw
Tel: +265-(0)-882 089 166
Cell: +265-(0)-888-824787
WhatsApp: +265-(0)-887386433
On 27 Apr 2020, at 17:45, Piotr Przybyl
<piotr(a)przybyl.org> wrote:
Hello
Please let me add my two cents... ;-)
1. EPP is not REST-ish.
2. For better performance it's worth to keep established connection & session, so
there's no need to
authenticate for every request.
If something custom is needed, then one should first establish TLS connection (not HTTPs,
as it's
using certificates on both ends), then it's "only" a matter of sending XML
requests and responses
back and forth.
Hope that helps
Piotr
On 27.04.2020 09:24, Jaromir Talir wrote:
Hi Lem,
unfortunatelly, it is not possible to use curl as EPP client. EPP over
TLS protocol (see RFC5734) is different from HTTPS. You need to use
some EPP client, the best is FRED's internal fred-client.
Regards,
Jaromir
On Sun, 2020-04-26 at 16:02 +0600, Lem wrote:
> Hi,
>
> My name is Lem.
>
> I tried to use curl to check EPP and got in log:
>
> [26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
> 61959] Client connected
> [26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
> 61959] Corba call (epp-cmd hello)
> [26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
> 61959] Corba call ok
> [26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
> 61959] Invalid epp frame length (1347375952 bytes)
> [26/Apr/2020:15:25:36 +0600] 192.168.0.1 (process:16846) [sessionID
> 61959] Session ended
>
>
>
> Please help me. What do I wrong?
>
> Output for curl:
>
> root# curl -k --cert /usr/share/fred-client/ssl/test-cert.pem --
> cacert /usr/share/fred-client/ssl/test-cert.pem --key
> /usr/share/fred-client/ssl/test-key.pem -vvvv -d '<?xml
version="1.0"
> encoding="utf-8" standalone="no"?><epp
> xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-
> 1.0.xsd"><command><login><clID>REG-
>
CZ</clID><pw>qazQAZ123</pw><options><version>1.0</version><lang>en</l
> ang></options><svcs><objURI>
>
http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>http://ww…
> https://192.168.0.7:700
>
> * Rebuilt URL to: https://192.168.0.7:700/
> * Trying 192.168.0.7...
> * Connected to 192.168.0.7 (192.168.0.7) port 700 (#0)
> * found 1 certificates in /usr/share/fred-client/ssl/test-cert.pem
> * found 594 certificates in /etc/ssl/certs
> * ALPN, offering http/1.1
> * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
> * server certificate verification SKIPPED
> * server certificate status verification SKIPPED
> * common name: 192.168.0.7 (matched)
> * server certificate expiration date OK
> * server certificate activation date OK
> * certificate public key: RSA
> * certificate version: #1
> * subject: C...CN=192.168.0.7
> * start date: Fri, 24 Apr 2020 07:19:19 GMT
> * expire date: Mon, 22 Apr 2030 07:19:19 GMT
> * issuer: C...CN=192.168.0.7
> * compression: NULL
> * ALPN, server accepted to use http/1.1
>> POST / HTTP/1.1
>> Host: 192.168.0.7:700
>> User-Agent: curl/7.47.0
>> Accept: */*
>> Content-Length: 700
>> Content-Type: application/x-www-form-urlencoded
>>
> * upload completely sent off: 700 out of 700 bytes
> t<?xml version="1.0" encoding="UTF-8"?>
> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-
> 1.0.xsd"><greeting><svID>EPP server
(DSDng)</svID><svDate>2020-04-
>
26T15:31:16+06:00</svDate><svcMenu><version>1.0</version><lang>en</la
> ng><lang>cs</lang><objURI>
>
http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>http://ww…
>>
> * Connection #0 to host 192.168.0.7 left intact
>
>
> Sincerely, Lem.
>
> _______________________________________________
> fred-users mailing list
> fred-users(a)lists.nic.cz
> https://lists.nic.cz/mailman/listinfo/fred-users
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users