Set up Crypto Ancienne as a TLS proxy on Linux



Welcome, Guest \| Home \| Search \| Login \| Register


Author	Set up Crypto Ancienne as a TLS proxy on Linux (Read 112461 times)
Knezzen Administrator 512 MB Posts: 608 Village idiot	on: August 26, 2023, 11:04 Crypto Ancienne is Cameron Kaiser's great TLS library for the Internet Of Old Things. Crypto Ancienne can be run in proxy mode, which is a great way to offload SSL/TLS encryption from your old machine and be able to browse the modern web again using Classilla or MacLynx. Let's set it up on a Linux machine running a Debian Linux derivative (like Ubuntu, Raspbian, Rasberry Pi OS etc). First, let's install the tools you'll need if you don't already have them on your machine. Run the following command with root privelidges to install some software prerequisites: apt-get update && apt-get install gcc xinetd git Next, let's get the current Crypto Ancienne source code: git clone https://github.com/classilla/cryanc Now you'll have a folder called cryanc as a sub directory from where you ran the command. Move into cryanc using the command cd cryanc. Let's compile carl, the included proxy application using Crypto Ancienne as it's TLS library. Run the following command within the cryanc folder to compile carl: gcc -O3 -o carl carl.c You should now have a binary in the cryanc folder named carl. Let's make it executable using the following command: chmod +x carl Let's move carl to somewhere better, like /usr/local/bin where we intend to run it from: mv carl /usr/local/bin/ Now, let's configure and enable xinetd, the deamon that will run carl as a service on our machine. Let's go into the xinetd configuration directory: cd /etc/xinetd.d Create a new configuration file using our favorite editor. I'll use GNU Nano for this guide: nano carl Let's configure carl like this: service carl { disable = no socket_type = stream protocol = tcp port = 8765 wait = no user = root server = /usr/local/bin/carl server_args = -p -t } The server argument -p is to tell carl to run in proxy mode and -t is to turn off the timer (to let our old systems respond when they can without timing out). Save and quit your editor. Let's enable and start xinetd using the following command: systemctl enable xinetd && systemctl start xinetd Everything should now be up and running and you should be able to reach carl (and Crypto Ancienne) on port 8765. Happy surfing!
Last Edit: August 26, 2023, 14:28 by Knezzen
68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #1 on: August 26, 2023, 12:15 Thx a lot. Was looking for something like this!

wove 1024 MB Posts: 1363	Reply #2 on: August 26, 2023, 12:45 Thanks Knezzen for the great step by step directions. It is indeed just what I needed.

Knezzen Administrator 512 MB Posts: 608 Village idiot	Reply #3 on: August 26, 2023, 14:08 Thanks for the kind words, guys! Just trying my best to contribute

Knezzen Administrator 512 MB Posts: 608 Village idiot	Reply #4 on: August 26, 2023, 14:26 Bolkonskij added the tutorial to our help center: http://system7today.com/setup-crypto-ancienne I will add it to our Gopher hole as well

68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #5 on: August 26, 2023, 15:47 Would help enormously when doing book research that I don't have to leave B-II. So I hope I'll get it to work. Thx again.

Bolkonskij Administrator 1024 MB Posts: 2023	Reply #6 on: August 26, 2023, 17:46 I've been on it for some time and all I'm going to say is that it rocks. If used together with MacLynx, you get a capable text-based browser for information and file retrival - but all on our beloved System 7!

wove 1024 MB Posts: 1363	Reply #7 on: August 26, 2023, 18:19 I have not tried this on Linux yet. On OS X, I have Homebrew installed, which also installs all the Xcode command line tools. I tried running the commands in the OS X terminal with this setup. The git clone works. It fails with several warnings at the gcc line. I ran this first on OS X Montery and thinking perhaps that might be too new lacking the older gcc, I tried it under Catalina, which produced the same errors. Any hints about installing this on OS X would be appreciated. I found nice pre configured OS 9 setups for both SheepShaver and emu for OS X and have been using them on OS X, so having this proxy running on OS X would be very nice indeed. This is not a huge priority. Since I work mainly in emulation, it is not difficult to retreat back to the host for urls needing SSL/TSL And both configuration I have provide shared folders making information transfer fairly easy.

Knezzen Administrator 512 MB Posts: 608 Village idiot	Reply #8 on: August 26, 2023, 21:48 wove: If you give me a screenshot of the errors I can try to help you the best I can. I have gotten it to compile on Tiger, so it should compile on most platforms. If you don't want to use git I can package the current source code and make it avaliable on Gopher or such. Then you'll only need the source code. Not sure how to configure inetd on OSX though, but I'm sure there's a guide somewhere. Does Homebrew have xinetd in it's repository?

cballero 1024 MB Posts: 1176 System 7, today and forever	Reply #9 on: August 26, 2023, 23:01 This is exactly what I meant, great work on this Knez!!

wove 1024 MB Posts: 1363	Reply #10 on: August 27, 2023, 03:00 @Knezzen do you have the binaries you compiled on Tiger? Are they universal or PPC or Intel? Those would be quite useful. Tiger has the classic environment, and emulation via SheepShaver, not to mention an updated SSl/TSL would be very useful on OSX applications of that vintage. I was under the impression that xinetd was installed as part of the BSD subsystem. I thought inetd was deprecated on BSD sometime back. OS X has done a great job of turning the BSD file structure into a train wreck, and personally I never find anything I am looking for. I have no clue where where OS X hide either inetd.conf or xinetd.conf. (How did you create a config for Tiger?) I have lots of study to do before I can even ask an intelligent question. I have compiled a fair amount of things, but by that I mean I follow to directions to run the compiler on a directory that has all the needed items and a working proper make file. It is like saying I am a good driver, which depends on me having a good working car, and a well defined place to go.

Knezzen Administrator 512 MB Posts: 608 Village idiot	Reply #11 on: August 27, 2023, 08:30 wove: I just compiled the latest sources on my TiBook running Tiger. It compiles cleanly with gcc 4.0.1 (included in the latest Xcode for Tiger). Had to install git using homebrew (well, Tigerbrew) before I could get the sources of course. I'll update the guide to include Tiger. Would people be interested in a pre-compiled binary as well?

wove 1024 MB Posts: 1363	Reply #12 on: August 27, 2023, 22:53 Thanks for bringing this to the front. It is a fun trip down the rabbit hole. Today I dug out an old Gigabit Ethernet PowerMac g4. I think the machine is about the same vintage as the Ti Book. It originally came with 9.0.4 and runs up to Tiger. Over the years it has had a lot of stuff stuck in it. It has a SCSI card, a USB-2.0/Firewire-400 card, an ATI video capture card and a Zip drive. At its core are dual 550Ghz G4 processors. It has an Airport card, but it is too old to connect to my network. I got it all cleaned up, dug out my old ice cube tray keyboard and the "Mighty Mouse". Tiger and 9.2.2 were installed. It can boot into either Tiger or 9.2.2 and classic applications can be ran within Tiger. I installed the Xcode tools along with Tigerbrew. Then I decided I had enough for one day. I will see what I can do about compiling and installing the Crypto Ancienne TLS proxy tomorrow.

Knezzen Administrator 512 MB Posts: 608 Village idiot	Reply #13 on: August 28, 2023, 09:34 Sounds good!

wove 1024 MB Posts: 1363	Reply #14 on: August 28, 2023, 21:49 I installed Tigerbrew this morning following the directions on GitHub. The text file that you put into the terminal has two https urls, which cause the installation to fail. Changing https to plain http allows for TigerBrew to install with no more errors. After the install you are notified of some problems and prompted to run “brew doctor” in the terminal. This will fix the problems and update git and the ssl certificates. The updated git is not available as a binary and it is compiled, which on my machine took about a half hour. After that things are good to go. I followed the Debian Linux tutorial instructions on System 7 Today and Crypto Ancienne TLS proxy installed quickly with no fuss, no error. I created the “carl” text file with nano in /etc/xinetd.d even though I was not sure it was valid for OS X. In OX I created an https proxy with url:/ust/local/bin/carl on port 8765. To my surprise though the service appears to start on boot and do something. Then the trouble sets in.. This created a disaster. When using any browser in the Classic environment it caused the entire Classic environment to hang and the only recovery was to do a force quit. Making things even worse these changes appear to prevent any OS. X application from accessing any site. I have removed the proxy for https in the network configuration, as well as removing the “carl” file from /etc/xinetd.d. These actions have not caused the system to go back to normal behavior. Any attempt in network access in the Classic Environment causes the environment to freeze, and in OS X Safari crashes when trying to access https urls. I am not sure if these problems stem from difference between Linux and OSX(BSD), some mess up on my part, or perhaps the moon is in the wrong phase or I did not first sacrifice a chicken.

	Pages: [1] 2 3 4

© 2021 System7Today.com.
The Apple Logo, Macintosh™, Mac OS™, and others property of Apple Computer, Inc.
This site is in no way affiliated with Apple Computer, Inc.