Self-signed cert


A self-signed certificate that works with older version Chrome may not work with newer versions.
Here are the steps to create such a certificate and test it, done in Cmd console.
Create a signing request:
openssl.exe req -config riowingNetSelfSign.cnf -new -key smtpRioWing.key -out riowingNetSelfSign.csr
View request:
openssl.exe req -text -noout -in riowingNetSelfSign.csr > riowingNetSelfSignCsr.txt
Make the certificate:
openssl.exe x509 -req -days 7023 -extfile riowingNetSelfSign.cnf -extensions SAN -in riowingNetSelfSign.csr -signkey smtpRioWing.key -out riowingNetSelfSign.crt
View certificate:
openssl.exe x509 -in riowingNetSelfSign.crt -text -noout >riowingNetSelfSignCrt.txt
Import the certificate:
certmgr.msc import it to Trusted Root Certification Authorities, it shows up as riowing.netCN
Run a server to test the cert with https (
it can also be tested with nginx, by adding smtpRioWing.key and riowingNetSelfSign.crt to nginx.conf)
openssl.exe s_server -no_dhe -accept 8282 -www -key smtpRioWing.key -cert riowingNetSelfSign.crt
Test the cert with openssl:
echo -n | openssl.exe s_client -servername riowing.net -connect localhost:8282 -CAfile smtpRioWing.crt
Test the cert with Chrome. e.g. version 84 in my case: (can point to localhost or to real remote host)
https://RioWing.net/hls/a.html
File download (not including private key): http://riowing.net/p/wp/SelfSign.zip

ssh-rsa being deprecated


Announced 2020-05-27 on http://www.openssh.com/releasenotes.html
This is about ssh client authenticates server, not the other way.
This is not about the server’s public key itself, but the hash of it, which only matters when being added to known_hosts.

Here I talk about two ways of ssh in: the default way, and the deprecated way.
Here are the public keys on my server:
rio@u:/etc/ssh$ ls *.pub
ssh_host_dsa_key.pub ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
rio@u:/etc/ssh$ lsb_release -d
Description: Ubuntu 14.04.5 LTS

The default way:
$ ssh -V output: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
$ ssh -vvv -F config u
output: ECDSA key fingerprint is 70:97…
by $ ssh-keygen -l -f ssh_host_ecdsa_key.pub, we see this finger print is 256 MD5:70:97…
Therefore the default login is: ECDSA + md5


The deprecated way:
$ ssh -vvv -o HostKeyAlgorithms=ssh-rsa -o FingerprintHash=sha1 -F config u
output: RSA key fingerprint is SHA1:lWDfeoWl4nGcMNCAL81PA6YT4jc.
by $ ssh-keygen -l -E sha1 -f ssh_host_rsa_key.pub, we see this finger print is2048 SHA1:lWDf…
Therefore the login is: RSA + SHA1

I inspected all my severs, including Ubuntu 14 and Cent 7, and they all support ECDSA.
Therefore, not affected by this release note.

Range Based For


Range Based For is new in c++11

void RangeBasedFor()
{
	nullptr_t pN = nullptr;
	void *pV = reinterpret_cast(1);
	int *pI = reinterpret_cast(2);
	void *arr[] = { pV, pN, pI };
	std::cout << "enumerating void *arr[] with Range Based For syntax" << std::endl;
	//other options: auto i, auto&& i
	for (const auto &i : arr) //auto or int, arr can be replaced directly by {2, 3}
		std::cout << i << std::endl;

	std::vector arr2 = { 3, 4 };
	std::cout << "enumerating vector with Range Based For syntax" << std::endl;
	for (const auto &i : arr2) //works for both int[] and vector
		std::cout << i << std::endl;
	std::cout << "enumerating vector with regular for loop" << std::endl;
	for(std::vector::iterator i = arr2.begin(); i != arr2.end(); ++i) //only for vector
		std::cout << *i << std::endl;
}

 

Output:
enumerating void *arr[] with Range Based For syntax
0000000000000001
0000000000000000
0000000000000002
enumerating vector with Range Based For syntax
3
4
enumerating vector with regular for loop
3
4

 

Function Hiding


If there is a functions in base class and one in subclass that has the same name,
the one in subclass always hides the one in base class, regardless of the parameter list and virtual function or not.
Access base class function through sub class object with a different parameter is a compiling error.
Consider this code snippet:

struct CBase
{
	void funcNonVirtual(int i)
	{
		printf("CBase::funcNonVirtual\n");
	}
};
struct CSub: CBase
{
	void funcNonVirtual(char * string)
	{
		printf("CSub::funcNonVirtual\n");
	}
};
void TestHide()
{
	CSub Sub;
	Sub.funcNonVirtual(2); //comiling error
}