Search Results

Search found 1414 results on 57 pages for 'signed'.

Page 15/57 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >

  • Windows Vista Wrong Certificate With SNI

    - by JamesArmes
    I'm setting up SNI on an apache server and I thought things were going well. I have two URLs from different domains that point at the same site. I have one virtual host setup for each with the appropriate certificate for each. One of the certificates is valid but the other is self-signed (waiting on GoDaddy for the real cert). If I test the different URLs in Firefox, Safari and Opera all works well. I get no errors for the URL with the valid certificate and I get a self-signed warning for the other. However, in Internet Explorer 8 and Google Chrome, both URLs return the valid certificate (even if its not valid for the specific site). So for the one site, I get a valid certificate. For the other, I get a warning about the cert being for a different site. I tried switching the order of the vhosts and it made no difference. I know that Chrome and IE both use Window's HTTP stack so I understand why the behavior is the same for the two. What I don't understand is why I'm seeing this behavior.

    Read the article

  • Certificates in SQL Server 2008

    - by Brandi
    I need to implement SSL for transmissions between my application and Sql Server 2008. I am using Windows 7, Sql Server 2008, Sql Server Management Studio, and my application is written in c#. I was trying to follow the MSDN page on creating certificates and this under 'Encrpyt for a specific client', but I got hopelessly confused. I need some baby steps to get further down the road to implementing encryption successfully. First, I don't understand MMC. I see a lot of certificates in there... are these certificates that I should be using for my own encryption or are these being used for things that already exist? Another thing, I assume all these certificates are files are located on my local computer, so why is there a folder called 'Personal'? Second, to avoid the above issue, I did a little experiment with a self-signed assembly. As shown in the MSDN link above, I used SQL executed in SSMS to create a self-signed certificate. Then I used the following connection string to connect: Data Source=myServer;Initial Catalog=myDatabase;User ID=myUser;Password=myPassword;Encrypt=True;TrustServerCertificate=True It connected, worked. Then I deleted the certificate I'd just created and it still worked. Obviously it was never doing anything, but why not? How would I tell if it's actually "working"? I think I may be missing an intermediate step of (somehow?) getting the file off of SSMS and onto the client? I don't know what I'm doing in the least bit, so any help, advice, comments, references you can give me are much appreciated. Thank you in advance. :)

    Read the article

  • How to Set Up an SMTP Submission Server on Linux

    - by Kevin Cox
    I was trying to set up a mail server with no luck. I want it to accept mail from authenticated users only and deliver them. I want the users to be able to connect over the internet. Ideally the mail server wouldn't accept any incoming mail. Essentially I want it to accept messages on a receiving port and transfer them to the intended recipient out port 25. If anyone has some good links and guides that would be awesome. I am quite familiar with linux but have never played around with MTA's and am currently running debian 6. More Specific Problem! Sorry, that was general and postfix is complex. I am having trouble enabling the submission port with encryption and authentication. What Works: Sending mail from the local machine. (sendmail [email protected]). Ports are open. (25 and 587) Connecting to 587 appears to work, I get a "need to starttls" warning and starttls appears to work. But when I try to connect with the next command I get the error below. # openssl s_client -connect localhost:587 -starttls smtp CONNECTED(00000003) depth=0 /CN=localhost.localdomain verify error:num=18:self signed certificate verify return:1 depth=0 /CN=localhost.localdomain verify return:1 --- Certificate chain 0 s:/CN=localhost.localdomain i:/CN=localhost.localdomain --- Server certificate -----BEGIN CERTIFICATE----- MIICvDCCAaQCCQCYHnCzLRUoMTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVs b2NhbGhvc3QubG9jYWxkb21haW4wHhcNMTIwMjE3MTMxOTA1WhcNMjIwMjE0MTMx OTA1WjAgMR4wHAYDVQQDExVsb2NhbGhvc3QubG9jYWxkb21haW4wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEFA/S6VhJihP6OGYrhEtL+SchWxPZGbgb VkgNJ6xK2dhR7hZXKcDtNddL3uf1YYWF76efS5oJPPjLb33NbHBb9imuD8PoynXN isz1oQEbzPE/07VC4srbsNIN92lldbRruDfjDrAbC/H+FBSUA2ImHvzc3xhIjdsb AbHasG1XBm8SkYULVedaD7I7YbnloCx0sTQgCM0Vjx29TXxPrpkcl6usjcQfZHqY ozg8X48Xm7F9CDip35Q+WwfZ6AcEkq9rJUOoZWrLWVcKusuYPCtUb6MdsZEH13IQ rA0+x8fUI3S0fW5xWWG0b4c5IxuM+eXz05DvB7mLyd+2+RwDAx2LAgMBAAEwDQYJ KoZIhvcNAQEFBQADggEBAAj1ib4lX28FhYdWv/RsHoGGFqf933SDipffBPM6Wlr0 jUn7wler7ilP65WVlTxDW+8PhdBmOrLUr0DO470AAS5uUOjdsPgGO+7VE/4/BN+/ naXVDzIcwyaiLbODIdG2s363V7gzibIuKUqOJ7oRLkwtxubt4D0CQN/7GNFY8cL2 in6FrYGDMNY+ve1tqPkukqQnes3DCeEo0+2KMGuwaJRQK3Es9WHotyrjrecPY170 dhDiLz4XaHU7xZwArAhMq/fay87liHvXR860tWq30oSb5DHQf4EloCQK4eJZQtFT B3xUDu7eFuCeXxjm4294YIPoWl5pbrP9vzLYAH+8ufE= -----END CERTIFICATE----- subject=/CN=localhost.localdomain issuer=/CN=localhost.localdomain --- No client certificate CA names sent --- SSL handshake has read 1605 bytes and written 354 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: E07926641A5EF22B15EB1D0E03FFF75588AB6464702CF4DC2166FFDAC1CA73E2 Session-ID-ctx: Master-Key: 454E8D5D40380DB3A73336775D6911B3DA289E4A1C9587DDC168EC09C2C3457CB30321E44CAD6AE65A66BAE9F33959A9 Key-Arg : None Start Time: 1349059796 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- 250 DSN read:errno=0 If I try to connect from evolution I get the following error: The reported error was "HELO command failed: TCP connection reset by peer".

    Read the article

  • What character can be safely used for naming files on unix/linux?

    - by Eric DANNIELOU
    Before yesterday, I used only lower case letters, numbers, dot (.) and underscore(_) for directories and file naming. Today I would like to start using more special characters. Which ones are safe (by safe I mean I will never have any problem)? ps : I can't believe this question hasn't been asked already on this site, but I've searched for the word "naming" and read canonical questions without success (mosts are about computer names). Edit #1 : (btw, I don't use upper case letters for file names. I don't remember why. But since a few month, I have production problems with upper case letters : Some OS do not support ascii!) Here's what happened yesterday at work : As usual, I had to create a self signed SSL certificate. As usual, I used the name of the website for the files : www2.example.com.key www2.example.com.crt www2.example.com.csr. Then comes the problem : Generate a wildcard self signed certificate. I did that and named the files example.com.key example.com.crt example.com.csr, which is misleading (it's a certificate for *.example.com). I came back home, started putting some stars in apache configuration files filenames and see if it works (on a useless home computer, not even stagging). Stars in file names really scares me : Some coworkers/vendors/... can do some script using rm find xarg that would lead to http://www.ucs.cam.ac.uk/support/unix-support/misc/horror, and already one answer talks about disaster. Edit #2 : Just figured that : does not need to be escaped. Anyone knows why it is not used in file names?

    Read the article

  • Clients not updating with approved updates from WSUS

    - by Ross
    Hi All, I've been a bit behind in my windows XP updates recently, and I have about 18 or so I need to roll out to all our users, according to WSUS. I'm trying it on a couple of test PCs, and so far i've had no luck. On each one, one update would install (and need a reboot), and nothing else since. When I run wuauclt.exe /detectnow, I get this in the windowsupdate.log: 2009-10-29 17:27:10:624 1128 93c AU Triggering AU detection through DetectNow API 2009-10-29 17:27:10:624 1128 93c AU Triggering Online detection (non-interactive) 2009-10-29 17:27:10:624 1128 504 AU ############# 2009-10-29 17:27:10:624 1128 504 AU ## START ## AU: Search for updates 2009-10-29 17:27:10:624 1128 504 AU ######### 2009-10-29 17:27:10:624 1128 504 AU <<## SUBMITTED ## AU: Search for updates [CallId = {59353978-CBA7-4B0B-AFD3-515577D3C16B}] 2009-10-29 17:27:10:624 1128 a14 Agent ************* 2009-10-29 17:27:10:624 1128 a14 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-10-29 17:27:10:624 1128 a14 Agent ********* 2009-10-29 17:27:10:624 1128 a14 Agent * Online = Yes; Ignore download priority = No 2009-10-29 17:27:10:624 1128 a14 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 2009-10-29 17:27:10:624 1128 a14 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 2009-10-29 17:27:10:624 1128 a14 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-10-29 17:27:10:655 1128 a14 Misc Microsoft signed: Yes 2009-10-29 17:27:10:702 1128 a14 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-10-29 17:27:10:702 1128 a14 Misc Microsoft signed: Yes 2009-10-29 17:27:10:780 1128 a14 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: 2009-10-29 17:27:10:780 1128 a14 Misc Microsoft signed: Yes 2009-10-29 17:27:10:796 1128 a14 Setup *********** Setup: Checking whether self-update is required *********** 2009-10-29 17:27:10:796 1128 a14 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup * IsUpdateRequired = No 2009-10-29 17:27:17:468 1128 a14 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2009-10-29 17:27:17:468 1128 a14 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = hxxp://dublindc2/ClientWebService/client.asmx 2009-10-29 17:27:55:157 1128 a14 Agent * Found 0 updates and 46 categories in search; evaluated appl. rules of 478 out of 678 deployed entities 2009-10-29 17:27:55:173 1128 a14 Agent ********* 2009-10-29 17:27:55:173 1128 a14 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-10-29 17:27:55:173 1128 a14 Agent ************* 2009-10-29 17:27:55:189 1128 f1c AU >>## RESUMED ## AU: Search for updates [CallId = {59353978-CBA7-4B0B-AFD3-515577D3C16B}] 2009-10-29 17:27:55:189 1128 f1c AU # 0 updates detected 2009-10-29 17:27:55:189 1128 f1c AU ######### 2009-10-29 17:27:55:189 1128 f1c AU ## END ## AU: Search for updates [CallId = {59353978-CBA7-4B0B-AFD3-515577D3C16B}] 2009-10-29 17:27:55:189 1128 f1c AU ############# 2009-10-29 17:27:55:189 1128 f1c AU AU setting next detection timeout to 2009-10-29 21:01:30 2009-10-29 17:27:55:189 1128 f1c AU Setting AU scheduled install time to 2009-10-30 13:00:00 2009-10-29 17:27:55:251 1128 a14 Report Uploading 2 events using cached cookie, reporting URL = hxxp://dublindc2/ReportingWebService/ReportingWebService.asmx 2009-10-29 17:27:55:267 1128 a14 Report Reporter successfully uploaded 2 events. 2009-10-29 17:28:00:173 1128 a14 Report REPORT EVENT: {BD891590-784B-4001-8116-D83962DAB749} 2009-10-29 17:27:55:173-0000 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates. 2009-10-29 17:28:00:173 1128 a14 Report REPORT EVENT: {E578C377-5E09-4F4C-AB28-FE5131E2D6A7} 2009-10-29 17:27:55:173-0000 1 I've tried deleting everything in the C:\Windows\SoftwareDistribution, stopping the services, rebooting etc. Can anyone decipher the log to see where it's going wrong? Many thanks!

    Read the article

  • DKIM, SPF, PTR records are not working properly with my domain

    - by shihon
    I configured my server and well authenticate email system with DKIM key, SPF record and PTR records, when i start to sent out mails from phplist interface to my users ~50000, my domain is spammed by google. In headers, signed by and mailed by tag shows by my domain : appmail.co, I also test my domain via check mail provide by port25, report is: This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at . Thank you for using the verifier, The Port25 Solutions, Inc. team ========================================================== Summary of Results SPF check: pass DomainKeys check: neutral DKIM check: pass Sender-ID check: pass SpamAssassin check: ham ========================================================== Details: HELO hostname: app.appmail.co Source IP: 108.179.192.148 mail-from: [email protected] SPF check details: Result: pass ID(s) verified: [email protected] DNS record(s): appmail.co. SPF (no records) appmail.co. 14400 IN TXT "v=spf1 +a +mx +ip4:108.179.192.148 ?all" appmail.co. 14400 IN A 108.179.192.148 DomainKeys check details: Result: neutral (message not signed) ID(s) verified: [email protected] DNS record(s): DKIM check details: Result: pass (matches From: [email protected]) ID(s) verified: header.d=appmail.co Canonicalized Headers: content-type:multipart/alternative;'20'boundary=047d7b2eda75d8544d04c17b6841'0D''0A' to:[email protected]'0D''0A' from:shashank'20'sharma'20'<[email protected]>'0D''0A' subject:Test'0D''0A' message-id:<CADnDhbH9aDBk3Ho2-CrG7gwOoD6RNX0sFq4bWL64+kmo=9HjWg@mail.gmail.com>'0D''0A' date:Sat,'20'2'20'Jun'20'2012'20'16:44:50'20'+0530'0D''0A' mime-version:1.0'0D''0A' dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=appmail.co;'20's=default;'20'h=Content-Type:To:From:Subject:Message-ID:Date:MIME-Version;'20'bh=GS6uwlT+weKcrrLJ2I+cjBtWPq9nvhwRlNAJebOiQOk=;'20'b=; Canonicalized Body: --047d7b2eda75d8544d04c17b6841'0D''0A' Content-Type:'20'text/plain;'20'charset=UTF-8'0D''0A' '0D''0A' Hello'20'Senders'0D''0A' '0D''0A' --047d7b2eda75d8544d04c17b6841'0D''0A' Content-Type:'20'text/html;'20'charset=UTF-8'0D''0A' '0D''0A' Hello'20'Senders'0D''0A' '0D''0A' --047d7b2eda75d8544d04c17b6841--'0D''0A' DNS record(s): default._domainkey.appmail.co. 14400 IN TXT "v=DKIM1; k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALGCOdMeZRxRHoatH7/KCvI1CKS0wOOsTAq0LLgPsOpMolifpVQDKOWT2zq/6LHVmDVjXLbnWO2d4ry/riy7ei66pLpnAV5ceIUSjBRusI8jcF9CZhPrh/OImsKVUb9ceQIDAQAB;" NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. Sender-ID check details: Result: pass ID(s) verified: [email protected] DNS record(s): appmail.co. SPF (no records) appmail.co. 14400 IN TXT "v=spf1 +a +mx +ip4:108.179.192.148 ?all" appmail.co. 14400 IN A 108.179.192.148 SpamAssassin check details: SpamAssassin v3.3.1 (2010-03-16) Result: ham (-0.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message -0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5% [score: 0.0288] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.5 SINGLE_HEADER_1K A single header contains 1K-2K characters ========================================================== Original Email Return-Path: <[email protected]> Received: from app.appmail.co (108.179.192.148) by verifier.port25.com id hp7qqo11u9cc for <[email protected]>; Sat, 2 Jun 2012 07:14:52 -0400 (envelope-from <[email protected]>) Authentication-Results: verifier.port25.com; spf=pass [email protected] Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) [email protected] Authentication-Results: verifier.port25.com; dkim=pass (matches From: [email protected]) header.d=appmail.co Authentication-Results: verifier.port25.com; sender-id=pass [email protected] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=appmail.co; s=default; h=Content-Type:To:From:Subject:Message-ID:Date:MIME-Version; bh=GS6uwlT+weKcrrLJ2I+cjBtWPq9nvhwRlNAJebOiQOk=;b=pNw3UQNMoNyZ2Ujv8omHGodKVu/55S8YdBEsA5TbRciga/H7f+5noiKvo60vU6oXYyzVKeozFHDoOEMV6m5UTgkdBefogl+9cUIbt5CSrTWA97D7tGS97JblTDXApbZH; Received: from mail-pb0-f46.google.com ([209.85.160.46]:57831) by app.appmail.co with esmtpa (Exim 4.77) (envelope-from <[email protected]>) id 1SamIF-00055f-Om for [email protected]; Sat, 02 Jun 2012 16:44:51 +0530 Received: by pbbrp8 with SMTP id rp8so4165728pbb.5 for <[email protected]>; Sat, 02 Jun 2012 04:14:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.68.216.33 with SMTP id on1mr19414885pbc.105.1338635690988; Sat, 02 Jun 2012 04:14:50 -0700 (PDT) Received: by 10.143.66.13 with HTTP; Sat, 2 Jun 2012 04:14:50 -0700 (PDT) Date: Sat, 2 Jun 2012 16:44:50 +0530 Message-ID: <CADnDhbH9aDBk3Ho2-CrG7gwOoD6RNX0sFq4bWL64+kmo=9HjWg@mail.gmail.com> Subject: Test From: shashank sharma <[email protected]> To: [email protected] Content-Type: multipart/alternative; boundary=047d7b2eda75d8544d04c17b6841 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - app.appmail.co X-AntiAbuse: Original Domain - verifier.port25.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - appmail.co --047d7b2eda75d8544d04c17b6841 Content-Type: text/plain; charset=UTF-8 Hello Senders --047d7b2eda75d8544d04c17b6841 Content-Type: text/html; charset=UTF-8 Hello Senders --047d7b2eda75d8544d04c17b6841-- I also tried to send mail on yahoo , rediff but i get mails in spam. Please help me to sort out this issue

    Read the article

  • curl can't verify cert using capath, but can with cacert option

    - by phylae
    I am trying to use curl to connect to a site using HTTPS. But curl is failing to verify the SSL cert. $ curl --verbose --capath ./certs/ --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: ./certs/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. I know about the -k option. But I do actually want to verify the cert. The certs directory has been properly hashed with c_rehash . and it contains: A Verisign intermediate cert Two self-signed certs The above site should be verified with the Verisign intermediate cert. When I use the --cacert option instead (and point directly to the Verisign cert) curl is able to verify the SSL cert. $ curl --verbose --cacert ./certs/verisign-intermediate-ca.crt --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: ./certs/verisign-intermediate-ca.crt CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=State; L=City; O=Company; OU=ou1; CN=example.com * start date: 2011-04-17 00:00:00 GMT * expire date: 2012-04-15 23:59:59 GMT * common name: example.com (matched) * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3 * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=ISO-8859-1 Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1267 Content-Length: 1267 < Server: Jetty(7.2.2.v20101205) Server: Jetty(7.2.2.v20101205) < * Connection #0 to host example.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): In addition, if I try hitting one of the sites using a self signed cert and the --capath option, it also works. (Let me know if I should post an example of that.) This implies that curl is finding the cert directory, and it is properly hash. Finally, I am able to verify the SSL cert with openssl, using its -CApath option. $ openssl s_client -CApath ./certs/ -connect example.com:443 CONNECTED(00000003) depth=3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 verify return:1 depth=0 /C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com verify return:1 --- Certificate chain 0 s:/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- Server certificate -----BEGIN CERTIFICATE----- <cert removed> -----END CERTIFICATE----- subject=/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- No client certificate CA names sent --- SSL handshake has read 1563 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: D65C4C6D52E183BF1E7543DA6D6A74EDD7D6E98EB7BD4D48450885188B127717 Session-ID-ctx: Master-Key: 253D4A3477FDED5FD1353D16C1F65CFCBFD78276B6DA1A078F19A51E9F79F7DAB4C7C98E5B8F308FC89C777519C887E2 Key-Arg : None Start Time: 1303258052 Timeout : 300 (sec) Verify return code: 0 (ok) --- QUIT DONE How can I get curl to verify this cert using the --capath option?

    Read the article

  • CodePlex Daily Summary for Thursday, August 23, 2012

    CodePlex Daily Summary for Thursday, August 23, 2012Popular ReleasesARSoft.Tools.Net - C#/.Net DNS client/server, SPF and SenderID Library: 1.7.0: New Features:Strong name for binary release LLMNR client One-shot Multicast DNS client Some new IPAddress extensions Response validation as described in draft-vixie-dnsext-dns0x20-00 Added support for Owner EDNS option (draft-cheshire-edns0-owner-option) Added support for LLQ EDNS option (draft-sekar-dns-llq) Added support for Update Lease EDNS option (draft-sekar-dns-ul) Changes:Updated to latest IANA parameters Adapted RFC6563 - Moving A6 to Historic Status Use IPv6 addre...7zbackup - PowerShell Script to Backup Files with 7zip: 7zBackup v. 1.8.1 Stable: Do you like this piece of software ? It took some time and effort to develop. Please consider a helping me with a donation Or please visit my blog Code : New work switch maxrecursionlevel to limit recursion depth while searching files to backup Code : rotate argument switch can now be set in selection file too Code : prefix argument switch can now be set in selection file too Code : prefix argument switch is checked against invalid file name chars Code : vars script file has now...Microsoft Ajax Minifier: Microsoft Ajax Minifier 4.62: Fix for issue #18525 - escaped characters double-escaped in identifiers if the character immediately after the backslash is not normally allowed in an identifier. fixed symbol problem with nuget package. 4.62 should have nuget symbols available again.Game of Life 3D: GameOfLife3D Version 0.5.2: Support Windows 8nopCommerce. Open source shopping cart (ASP.NET MVC): nopcommerce 2.65: As some of you may know we were planning to release version 2.70 much later (the end of September). But today we have to release this intermediate version (2.65). It fixes a critical issue caused by a third-party assembly when running nopCommerce on a server with .NET 4.5 installed. No major features have been introduced with this release as our development efforts were focused on further enhancements and fixing bugs. To see the full list of fixes and changes please visit the release notes p...MyRouter (Virtual WiFi Router): MyRouter 1.2.9: . Fix: Some missing changes for fixing the window subclassing crash. · Fix: fixed bug when Run MyRouter at the first Time. · Fix: Log File · Fix: improve performance speed application · fix: solve some Exception.Smart Thread Pool: SmartThreadPool 2.2.2: Release Changes Added set name to threads Fixed the WorkItemsQueue.Dequeue. Replaced while(!Monitor.TryEnter(this)); with lock(this) { ... } Fixed SmartThreadPool.Pipe Added IsBackground option to threads Added ApartmentState to threads Fixed thread creation when queuing many work items at the same time.ZXing.Net: ZXing.Net 0.8.0.0: sync with rev. 2393 of the java version improved API, direct support for multiple barcode decoding, wrapper for barcode generating many other improvements and fixes encoder and decoder command line clients demo client for emguCV dev documentation startedScintillaNET: ScintillaNET 2.5.1: This release has been built from the 2.5 branch. Issues closed: Issue # Title 32524 32524 32550 32550 32552 32552 25148 25148 32449 32449 32551 32551 32711 32711 MFCMAPI: August 2012 Release: Build: 15.0.0.1035 Full release notes at SGriffin's blog. If you just want to run the MFCMAPI or MrMAPI, get the executables. If you want to debug them, get the symbol files and the source. The 64 bit builds will only work on a machine with Outlook 2010 64 bit installed. All other machines should use the 32 bit builds, regardless of the operating system. Facebook BadgeDocument.Editor: 2013.2: Whats new for Document.Editor 2013.2: New save as Html document Improved Traslate support Minor Bug Fix's, improvements and speed upsPulse: Pulse Beta 5: Whats new in this release? Well to start with we now have Wallbase.cc Authentication! so you can access favorites or NSFW. This version requires .NET 4.0, you probably already have it, but if you don't it's a free and easy download from Microsoft. Pulse can bet set to start on Windows startup now too. The Wallpaper setter has settings now, so you can change the background color of the desktop and the Picture Position (Tile/Center/Fill/etc...) I've switched to Windows Forms instead of WPF...Metro Paint: Metro Paint: Download it now , don't forget to give feedback to me at maitreyavyas@live.com or at my facebook page fb.com/maitreyavyas , Hope you enjoy it.MiniTwitter: 1.80: MiniTwitter 1.80 ???? ?? .NET Framework 4.5 ?????? ?? .NET Framework 4.5 ????????????? "&" ??????????????????? ???????????????????????? 2 ??????????? ReTweet ?????????????????、In reply to ?????????????? URL ???????????? ??????????????????????????????Droid Explorer: Droid Explorer 0.8.8.6 Beta: Device images are now pulled from DroidExplorer Cloud Service refined some issues with the usage statistics Added a method to get the first available value from a list of property names DroidExplorer.Configuration no longer depends on DroidExplorer.Core.UI (it is actually the other way now) fix to the bootstraper to only try to delete the SDK if it is a "local" sdk, not an existing. no longer support the "local" sdk, you must now select an existing SDK checks for sdk if it was ins...Path Copy Copy: 11.0.1: Bugfix release that corrects the following issue: 11365 If you are using Path Copy Copy in a network environment and use the UNC path commands, it is recommended that you upgrade to this version.ExtAspNet: ExtAspNet v3.1.9.1: +2012-08-18 v3.1.9 -??other/addtab.aspx???JS???BoundField??Tooltip???(Dennis_Liu)。 +??Window?GetShowReference???????????????(︶????、????、???、??~)。 -?????JavaScript?????,??????HTML????????。 -??HtmlNodeBuilder????????????????JavaScript??。 -??????WindowField、LinkButton、HyperLink????????????????????????????。 -???????????grid/griddynamiccolumns2.aspx(?????)。 -?????Type??Reset?????,??????????????????(e??)。 -?????????????????????。 -?????????int,short,double??????????(???)。 +?Window????Ge...AcDown????? - AcDown Downloader Framework: AcDown????? v4.0.1: ?? ●AcDown??????????、??、??????。????,????,?????????????????????????。???????????Acfun、????(Bilibili)、??、??、YouTube、??、???、??????、SF????、????????????。 ●??????AcPlay?????,??????、????????????????。 ● AcDown??????????????????,????????????????????????????。 ● AcDown???????C#??,????.NET Framework 2.0??。?????"Acfun?????"。 ????32??64? Windows XP/Vista/7/8 ??:????????Windows XP???,?????????.NET Framework 2.0???(x86),?????"?????????"??? ??????????????,??????????: ??"AcDown?????"????????? ...Fluent Validation for .NET: 3.4: Changes since 3.3: Make ValidationResut.IsValid virtual Add private no-arg ctor to ValidationFailure to help with serialization Add Turkish error messages Work-around for reflection bug in .NET 4.5 that caused VerificationExceptions Assemblies are now unsigned to ease with versioning/upgrades (especially where other frameworks depend on FV) (Note if you need signed assemblies then you can use the following NuGet packages: FluentValidation-signed, FluentValidation.MVC3-signed, FluentV...DotNetNuke® Feedback: 06.02.01: Official Release - 17th August 2012 Please look at the Release Notes file included in the module packages or available on this page as a separate download for a listing of the bug fixes and enhancements found in this version. NOTE: Feedback v 06.02.00 REQUIRES a minimum DotNetNuke framework version of 06.02.00 as well as ASP.Net 3.5 SP1 and MS SQL Server 2005 or 2008 (Express or standard versions). This release brings some enhancements to the module as well as fixing all known bugs. Bug Fi...New ProjectsAD FS 2.0 RelayState Generator: HTML file for generating the RelayState URL string for use with Microsoft's AD FS 2.0 Rollup 2 and higherAtomic: A graphical, reactive, synchronous software development environment that dramatically reduces programming effort and improves team communication.Depixelizing Pixel Arts: This project is an attempt to implement the following Microsoft Research Paper in C#: http://research.microsoft.com/en-us/um/people/kopf/pixelart/Dynamics CRM 2011 Dummy Entity: Using a "Dummy" Entity, this Dynamics 2011 solution provides authenticated REST style calls from a Web Resource to a plug-in to reach back-end resources.ESPAM7mo: Solución q controla el ingreso y salida de bodega de los suministros, realizado por los alumnos del septimo semestre de la carrera de informatica de la ESPAMExisto: Existo is a project aimed at creating an enterprise business collaboration system.Fiddler2 OAuth: Allows for easy OAuth debugging with Fiddler2gView GIS OS Data - ArcMap Extension: Display and edit gView data sources in ArcMap. For example: edit PostGIS data in ArcMap...IronBoard: ReviewBoard Visual Studio extensionJulaDB: C# implementation of an in-memory database engine.JumpingBalls: a wp gameKimola Cloud Search API Client Library for .NET: A C# library that encapsulates all the internal work and let you work with concrete C# objects while developing your search enabled applications.message elgg: It is a plugin for elggTamarillo - OSGI like Service Platform for .NET: This project is based on the OSGI-Framework for Java TFS Project Test Migrator: The goal of this project is to offer a solution to migrate a test plan from a TFS project to another.TFSIntegrate with Outlook: Tool is used to integrate the outlook with TFS. It will attach the emails to the TFS.Time Controller App: ...touch_cloud_game: ?w??w???

    Read the article

  • CodePlex Daily Summary for Wednesday, August 22, 2012

    CodePlex Daily Summary for Wednesday, August 22, 2012Popular ReleasesLINQ to Twitter: LINQ to Twitter Beta v2.0.29: Supports .NET 3.5, .NET 4.0, Silverlight 4.0, Windows Phone 7.1, Client Profile, and Windows 8. 100% Twitter API coverage. LINQ to Twitter Samples contains example code for using LINQ to Twitter with various .NET technologies. Downloadable source code also has C# samples in the LinqToTwitterDemo project and VB samples in the LinqToTwitterDemoVB project.OutlookGoogleSync: OutlookGoogleSync v1.0.5: 1.5: - changed Outlook Primary Interop Assembly to V11 (Ofice 2003) to support older Office versions - more info about start/end/needed time - got rid of app.config - changed double click to single click on tray iconZXing.Net: ZXing.Net 0.8.0.0: sync with rev. 2393 of the java version improved API, direct support for multiple barcode decoding, wrapper for barcode generating many other improvements and fixes encoder and decoder command line clients demo client for emguCV dev documentation startedScintillaNET: ScintillaNET 2.5.1: This release has been built from the 2.5 branch. Issues closed: Issue # Title 32524 32524 32550 32550 32552 32552 25148 25148 32449 32449 32551 32551 32711 32711 MFCMAPI: August 2012 Release: Build: 15.0.0.1035 Full release notes at SGriffin's blog. If you just want to run the MFCMAPI or MrMAPI, get the executables. If you want to debug them, get the symbol files and the source. The 64 bit builds will only work on a machine with Outlook 2010 64 bit installed. All other machines should use the 32 bit builds, regardless of the operating system. Facebook BadgeDocument.Editor: 2013.2: Whats new for Document.Editor 2013.2: New save as Html document Improved Traslate support Minor Bug Fix's, improvements and speed upsPulse: Pulse Beta 5: Whats new in this release? Well to start with we now have Wallbase.cc Authentication! so you can access favorites or NSFW. This version requires .NET 4.0, you probably already have it, but if you don't it's a free and easy download from Microsoft. Pulse can bet set to start on Windows startup now too. The Wallpaper setter has settings now, so you can change the background color of the desktop and the Picture Position (Tile/Center/Fill/etc...) I've switched to Windows Forms instead of WPF...Metro Paint: Metro Paint: Download it now , don't forget to give feedback to me at maitreyavyas@live.com or at my facebook page fb.com/maitreyavyas , Hope you enjoy it.MiniTwitter: 1.80: MiniTwitter 1.80 ???? ?? .NET Framework 4.5 ?????? ?? .NET Framework 4.5 ????????????? "&" ??????????????????? ???????????????????????? 2 ??????????? ReTweet ?????????????????、In reply to ?????????????? URL ???????????? ??????????????????????????????Droid Explorer: Droid Explorer 0.8.8.6 Beta: Device images are now pulled from DroidExplorer Cloud Service refined some issues with the usage statistics Added a method to get the first available value from a list of property names DroidExplorer.Configuration no longer depends on DroidExplorer.Core.UI (it is actually the other way now) fix to the bootstraper to only try to delete the SDK if it is a "local" sdk, not an existing. no longer support the "local" sdk, you must now select an existing SDK checks for sdk if it was ins...Path Copy Copy: 11.0.1: Bugfix release that corrects the following issue: 11365 If you are using Path Copy Copy in a network environment and use the UNC path commands, it is recommended that you upgrade to this version.ExtAspNet: ExtAspNet v3.1.9.1: +2012-08-18 v3.1.9 -??other/addtab.aspx???JS???BoundField??Tooltip???(Dennis_Liu)。 +??Window?GetShowReference???????????????(︶????、????、???、??~)。 -?????JavaScript?????,??????HTML????????。 -??HtmlNodeBuilder????????????????JavaScript??。 -??????WindowField、LinkButton、HyperLink????????????????????????????。 -???????????grid/griddynamiccolumns2.aspx(?????)。 -?????Type??Reset?????,??????????????????(e??)。 -?????????????????????。 -?????????int,short,double??????????(???)。 +?Window????Ge...AcDown????? - AcDown Downloader Framework: AcDown????? v4.0.1: ?? ●AcDown??????????、??、??????。????,????,?????????????????????????。???????????Acfun、????(Bilibili)、??、??、YouTube、??、???、??????、SF????、????????????。 ●??????AcPlay?????,??????、????????????????。 ● AcDown??????????????????,????????????????????????????。 ● AcDown???????C#??,????.NET Framework 2.0??。?????"Acfun?????"。 ????32??64? Windows XP/Vista/7/8 ??:????????Windows XP???,?????????.NET Framework 2.0???(x86),?????"?????????"??? ??????????????,??????????: ??"AcDown?????"????????? ...Fluent Validation for .NET: 3.4: Changes since 3.3: Make ValidationResut.IsValid virtual Add private no-arg ctor to ValidationFailure to help with serialization Add Turkish error messages Work-around for reflection bug in .NET 4.5 that caused VerificationExceptions Assemblies are now unsigned to ease with versioning/upgrades (especially where other frameworks depend on FV) (Note if you need signed assemblies then you can use the following NuGet packages: FluentValidation-signed, FluentValidation.MVC3-signed, FluentV...DotNetNuke® Feedback: 06.02.01: Official Release - 17th August 2012 Please look at the Release Notes file included in the module packages or available on this page as a separate download for a listing of the bug fixes and enhancements found in this version. NOTE: Feedback v 06.02.00 REQUIRES a minimum DotNetNuke framework version of 06.02.00 as well as ASP.Net 3.5 SP1 and MS SQL Server 2005 or 2008 (Express or standard versions). This release brings some enhancements to the module as well as fixing all known bugs. Bug Fi...AssaultCube Reloaded: 2.5.3 Unnamed Fixed: If you are using deltas, download 2.5.2 first, then overwrite with the delta packages. Linux has Ubuntu 11.10 32-bit precompiled binaries and Ubuntu 10.10 64-bit precompiled binaries, but you can compile your own as it also contains the source. If you are using Mac or other operating systems, please wait while we try to package for those OSes. Try to compile it. If it fails, download a virtual machine. The server pack is ready for both Windows and Linux, but you might need to compile your ...Coding4Fun Tools: Coding4Fun.Phone.Toolkit v1.6.1: Bug Fix release Bug Fixes Better support for transparent images IsFrozen respected if not bound to corrected deadlock stateWPF Application Framework (WAF): WPF Application Framework (WAF) 2.5.0.7: Version: 2.5.0.7 (Milestone 7): This release contains the source code of the WPF Application Framework (WAF) and the sample applications. Requirements .NET Framework 4.0 (The package contains a solution file for Visual Studio 2010) The unit test projects require Visual Studio 2010 Professional Changelog Legend: [B] Breaking change; [O] Marked member as obsolete WAF: Add CollectionHelper.GetNextElementOrDefault method. InfoMan: Support creating a new email and saving it in the Send b...myCollections: Version 2.2.3.0: New in this version : Added setup package. Added Amazon Spain for Apps, Books, Games, Movie, Music, Nds and Tvshow. Added TVDB Spain for Tvshow. Added TMDB Spain for Movies. Added Auto rename files from title. Added more filters when adding files (vob,mpls,ifo...) Improve Books author and Music Artist Credits. Rewrite find duplicates for better performance. You can now add Custom link to items. You can now add type directly from the type list using right mouse button. Bug ...Player Framework by Microsoft: Player Framework for Windows 8 Preview 5 (Refresh): Support for Windows 8 and Visual Studio RTM Support for Smooth Streaming SDK beta 2 Support for live playback New bitrate meter and SD/HD indicators Auto smooth streaming track restriction for snapped mode to conserve bandwidth New "Go Live" button and SeekToLive API Support for offset start times Support for Live position unique from end time Support for multiple audio streams (smooth and progressive content) Improved intellisense in JS version NEW TO PREVIEW 5 REFRESH:Req...New Projects.NET Winforms Gantt Chart Control: Gantt Chart Control allows user to quickly create charts for prototyping or simple use cases in bigger projects.BrowseByURL: Tool that will select the right browser for displaying your URLSdummy2: This is a test projectFit Protocol Library: A library to parse and edit FIT files, used by fitness devices, such as the Garmin series of fitness GPS devices.Guild Wars 2 Build and Rotation Generator: The Guild Wars 2 Build and Rotation Generator is an audacious attempt to make an automatic character build generator in C# using the AForge genetic libraries,ISMOT - Kinect Gesture Library: A Cool Gesture LibraryKaqaz: Kaqaz is a simple weblog engine based on Xoqal framework. You can find Xoqal project link at the related projects.OAuth Lite: An easy to use library to simplify access to web resources which use OAuth 2.0 for authentication.OutlookGoogleSync: A small tool to keep the Google calendar in sync with the Outlook calendar (one way: Outlook -> Google). Doesn't need admin rights and works behind a proxy.pboa1: ????Publishing Point: Hello, my name is Leonidas Fengos and i am developer. This is a tool of publishing point about media player and media element. Please you could use and try it!!Rubik Database Tools: coming soon...Saturn Kinect: Saturn Kinect is a Kinect Interaction Library that contains classes for managing skeleton motions and using it for detecting motions,moving mouse cursor and etcShammateh: Shammateh is a simple time tracking which tends to be a personal time-sheet manager. It's based on Xoqal framework.SharePoint Webtools: SharePoint Webtools is a web application that makes administering a SharePoint Team Site more convenient. It is fully client side and requires no installation.TestOAuth: This is a test project.Type Implementer: A small .NET library (based on System.Reflection.Emit) whose purpose is to facilitate dynamic type generation at run-time.Visualizer3D: TBAWarmMeUp: WarmMeUp is the first SharePoint 2013 (compatible 2010) warm Up tool designed for large SharePoint farms (warming on every server of the farm)Xoqal: Xoqal is an application framework targeting .NET 4+ platform. It supports both of the Web and Win applications with the same infrastructure.ZipFileEx: ZipFileEx add feature that support async/await and IProgress<T> to ZipFile/ZipArchive Classes.

    Read the article

  • Google App Engine - Secure Cookies

    - by tponthieux
    I'd been searching for a way to do cookie based authentication/sessions in Google App Engine because I don't like the idea of memcache based sessions, and I also don't like the idea of forcing users to create google accounts just to use a website. I stumbled across someone's posting that mentioned some signed cookie functions from the Tornado framework and it looks like what I need. What I have in mind is storing a user's id in a tamper proof cookie, and maybe using a decorator for the request handlers to test the authentication status of the user, and as a side benefit the user id will be available to the request handler for datastore work and such. The concept would be similar to forms authentication in ASP.NET. This code comes from the web.py module of the Tornado framework. According to the docstrings, it "Signs and timestamps a cookie so it cannot be forged" and "Returns the given signed cookie if it validates, or None." I've tried to use it in an App Engine Project, but I don't understand the nuances of trying to get these methods to work in the context of the request handler. Can someone show me the right way to do this without losing the functionality that the FriendFeed developers put into it? The set_secure_cookie, and get_secure_cookie portions are the most important, but it would be nice to be able to use the other methods as well. #!/usr/bin/env python import Cookie import base64 import time import hashlib import hmac import datetime import re import calendar import email.utils import logging def _utf8(s): if isinstance(s, unicode): return s.encode("utf-8") assert isinstance(s, str) return s def _unicode(s): if isinstance(s, str): try: return s.decode("utf-8") except UnicodeDecodeError: raise HTTPError(400, "Non-utf8 argument") assert isinstance(s, unicode) return s def _time_independent_equals(a, b): if len(a) != len(b): return False result = 0 for x, y in zip(a, b): result |= ord(x) ^ ord(y) return result == 0 def cookies(self): """A dictionary of Cookie.Morsel objects.""" if not hasattr(self,"_cookies"): self._cookies = Cookie.BaseCookie() if "Cookie" in self.request.headers: try: self._cookies.load(self.request.headers["Cookie"]) except: self.clear_all_cookies() return self._cookies def _cookie_signature(self,*parts): self.require_setting("cookie_secret","secure cookies") hash = hmac.new(self.application.settings["cookie_secret"], digestmod=hashlib.sha1) for part in parts:hash.update(part) return hash.hexdigest() def get_cookie(self,name,default=None): """Gets the value of the cookie with the given name,else default.""" if name in self.cookies: return self.cookies[name].value return default def set_cookie(self,name,value,domain=None,expires=None,path="/", expires_days=None): """Sets the given cookie name/value with the given options.""" name = _utf8(name) value = _utf8(value) if re.search(r"[\x00-\x20]",name + value): # Don't let us accidentally inject bad stuff raise ValueError("Invalid cookie %r:%r" % (name,value)) if not hasattr(self,"_new_cookies"): self._new_cookies = [] new_cookie = Cookie.BaseCookie() self._new_cookies.append(new_cookie) new_cookie[name] = value if domain: new_cookie[name]["domain"] = domain if expires_days is not None and not expires: expires = datetime.datetime.utcnow() + datetime.timedelta( days=expires_days) if expires: timestamp = calendar.timegm(expires.utctimetuple()) new_cookie[name]["expires"] = email.utils.formatdate( timestamp,localtime=False,usegmt=True) if path: new_cookie[name]["path"] = path def clear_cookie(self,name,path="/",domain=None): """Deletes the cookie with the given name.""" expires = datetime.datetime.utcnow() - datetime.timedelta(days=365) self.set_cookie(name,value="",path=path,expires=expires, domain=domain) def clear_all_cookies(self): """Deletes all the cookies the user sent with this request.""" for name in self.cookies.iterkeys(): self.clear_cookie(name) def set_secure_cookie(self,name,value,expires_days=30,**kwargs): """Signs and timestamps a cookie so it cannot be forged""" timestamp = str(int(time.time())) value = base64.b64encode(value) signature = self._cookie_signature(name,value,timestamp) value = "|".join([value,timestamp,signature]) self.set_cookie(name,value,expires_days=expires_days,**kwargs) def get_secure_cookie(self,name,include_name=True,value=None): """Returns the given signed cookie if it validates,or None""" if value is None:value = self.get_cookie(name) if not value:return None parts = value.split("|") if len(parts) != 3:return None if include_name: signature = self._cookie_signature(name,parts[0],parts[1]) else: signature = self._cookie_signature(parts[0],parts[1]) if not _time_independent_equals(parts[2],signature): logging.warning("Invalid cookie signature %r",value) return None timestamp = int(parts[1]) if timestamp < time.time() - 31 * 86400: logging.warning("Expired cookie %r",value) return None try: return base64.b64decode(parts[0]) except: return None uid=1234|1234567890|d32b9e9c67274fa062e2599fd659cc14 Parts: 1. uid is the name of the key 2. 1234 is your value in clear 3. 1234567890 is the timestamp 4. d32b9e9c67274fa062e2599fd659cc14 is the signature made from the value and the timestamp

    Read the article

  • WinQual: Why would WER not accept code-signing certificates?

    - by Ian Boyd
    In 2005 i tried to establish a WinQual account with Microsoft, so i could pick up our (if any) crash dump files submitted automatically through Windows Error Reporting (WER). i was not allowed to have my crash dumps, because i don't have a Verisign certificate. Instead i have a cheaper one, generated by a Verisign subsidiary: Thawte. The method in which you join is: you digitally sign a sample exe they provide. This proves that you are the same signer that signed apps that they got crash dumps from in the wild. Cryptographically, the private key is needed to generate a digital signature on an executable. Only the holder of that private key can create a signature with for the matching public key. It doesn't matter who generated that private key. That includes certificates that are generated from: self-signing Wells Fargo DigiCert SecureTrust Trustware QuoVadis GoDaddy Entrust Cybertrust GeoTrust GlobalSign Comodo Thawte Verisign Yet Microsof's WinQual only accepts digital certificates generated by Verisign. Not even Verisign's subsidiaries are good enough (Thawte). Can anyone think of any technical, legal or ethical reason why Microsoft doesn't want to accept code-signing certificates? The WinQual site says: Why Is a Digital Certificate Required for Winqual Membership? A digital certificate helps protect your company from individuals who seek to impersonate members of your staff or who would otherwise commit acts of fraud against your company. Using a digital certificate enables proof of an identity for a user or an organization. Is somehow a Thawte digital certificate not secure? Two years later, i sent a reminder notice to WinQual that i've been waiting to be able to get at my crash dumps. The response from WinQual team was: Hello, Thanks for the reminder. We have notified the appropriate people that this is still a request. In 2008 i asked this question in a Microsoft support forum, and the response was: We are only setup to accept VeriSign Certificates at this point. We have not had an overwhelming demand to support other types of certificates. What can it possibly mean to not be "setup" to accept other kinds of certificates? If the thumbprint of the key that signed the WinQual.exe test app is the same as the thumbprint that signed the executable who's crash dump you got in the wild: it is proven - they are my crash dumps, give them to me. And it's not like there's a special API to check if a Verisign digital signature is valid, as opposed to all other digital signatures. A valid signature is valid no matter who generated the key. Microsoft is free to not trust the signer, but that's not the same as identity. So that is my question, can anyone think of any practical reason why WinQual isn't setup to support digital signatures? One person theorized that the answer is that they're just lazy: Not that I know but I would assume that the team running the winQual system is a live team and not a dev team - as in, personality and skillset geared towards maintenance of existing systems. I could be wrong though. They don't want to do work to change it. But can anyone think of anything that would need to be changed? It's the same logic no matter what generated the key: "does the thumbprint match". What am i missing?

    Read the article

  • List of Upcoming Appearances

    - by Chris Gardner
    Greetings. I know I have been in work sponsored hiding lately. We are working furiously on a beta project to secure a contract, and I can't really talk about it yet. Hopefully, the contracts will be soon signed. Not only will we then have money, but I can talk about all this really cool tech with which I have been playing. However, since the contract is not signed, I need to bring you people up to date with where I will be during the summer. Let's face it, you can't be a speaker / blogger without pandering to shameless self-promotion. First, I will, once again, be staffing the Hands-on-Labs at TechEd North America. Unfortunately, TechEd North America is already sold out for this year. However, if you're already going, drop by the labs and say Hi. Also, keep an eye on Twitter to track me throughout the event. Also, look for a post in a few hours with my specific picks for what content I'm looking forward to seeing this year. Immediately following TechEd North America, I will be flying into Knoxville to speak at CodeStock. I will be presenting my introduction and intermediate Xbox 360 development talks. There are a TON of great content at CodeStock this year, but there are only about 50 tickets left. After that whirlwind of work, things settle for awhile. That means I'm available to speak at your User Group, luncheon, bowling league, birthday party, anniversary, or bat mitzvah. Mid August brings us to That Conference. This one is going to be a blast. If you haven't heard of That Conference yet, you should really check it out. This will also be my introduction and intermediate Xbox 360 development talks. This is a new conference, and it looks like it will be a great one. Finally, we will turn our attention to DevLink. DevLink has the distinction of picking up my newest talk, Creating Stereoscopic 3D Graphics in XNA. On top of that, I'm giving an general Xbox 360 and Windows Phone 7 talk. DevLink has added an new "XNA and Kinect" track, so there will me a ton of great game content. That should bring us through the summer. As I solidify the Stereoscopic talk, look for some content on that to creep up on here. I will say it's the first topic I've played around with that is easier in 3D than 2D. Also, the organizers of Alabama Code Camp are still trying to reschedule the event. When that happens, I'll get that information out. Also, we are looking to expand our development team. If you are interested in working for / with me, keep an eye on the T & W Operations website. I know we're immediately looking for a junior level developer, but I think a few higher level position may come up soon. You MUST apply through the website, but drop me a personal line if you do apply. I'll keep an eye out for the application.

    Read the article

  • Stay on Schedule in Chrome with DayHiker

    - by Matthew Guay
    Do you keep your schedule and tasks in Google Calendar?  Here’s a handy extension for Google Chrome that can keep you on top of your appointments without having to open Google Calendar in another tab. Integrate Google Calendar with Chrome DayHiker is a handy extension for Google Chrome that can help you stay on schedule in your browser.  Desktop applications typically can keep you notified easier with popups or alerts, but webapps require you to visit them to view your information.  DayHiker takes the best of both, and can make your Google Calendar work more like a desktop application. To get started, open the DayHiker page from the Chrome Extensions Gallery (link below), and click Install.  Confirm you wish to install it at the prompt. Now you’ll have a new extension button in your Chrome toolbar.  Click the calendar icon to view your Google Calendar.  You’ll need to be signed into your Google account for your calendar to display; click the key icon to select your account if it doesn’t show your appointments automatically. If you’re signed into multiple Google accounts, such as your public Gmail and a Google Apps account, you can select the calendar you wish and click Continue. Now you can quickly see your upcoming appointments.  Simply hover over the icon to see your upcoming events.  Or, just glance at it to see if there are any appointments coming up, as the indicator icon will change colors to show how long you have until your next appointment. Click the icon to see more information about your appointments. Or, click the Add link to add a new appointment.  If you need to edit the appointment details, click Edit Details and the appointment will open in Google Calendar for you to edit. You can also view and manage your tasks in Google Calendar.  Click the checkmark icon, and then add or check-off tasks directly from the extension pane. You can also set an alarm clock in DayHiker.  Click the green circle icon, and then enter the time for the alarm to go off.  Strangely it will only chime if the extension pane is left open, so if you click anywhere else in the browser or even switch to another program it will not chime.   If you’d like to customize DayHiker’s settings, right-click on it and select Options, or select Options in the Chrome Extensions page.  Here you can customize your badges and the DayHiker icon, or enter a custom domain for your Google Apps Pro calendar.   Conclusion If you rely on Google Calendar to stay on top of your schedule, DayHiker can help you stay scheduled and know what’s coming up.  We wish DayHiker supported multiple calendars so we could combine our Google Apps calendars with our personal Google Calendar, but even still, it is a very useful tool.  Whether you’re a tightly scheduled person or just like to jot down to-dos and keep track of them, this extension will help you do this efficiently with familiar Google tools. Link Download DayHiker from the Chrome Extensions Gallery Similar Articles Productive Geek Tips Configure Disk Defragmenter Schedule in Windows 7 or VistaSchedule Updates for Windows Media CenterOpen Multiple Sites Without Reopening the Menus in FirefoxFind a Website’s Actual Location with Chrome FlagsSubscribe to RSS Feeds in Chrome with a Single Click TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips HippoRemote Pro 2.2 Xobni Plus for Outlook All My Movies 5.9 CloudBerry Online Backup 1.5 for Windows Home Server Dual Boot Ubuntu and Windows 7 What is HTML5? Default Programs Editor – One great tool for Setting Defaults Convert BMP, TIFF, PCX to Vector files with RasterVect Free Identify Fonts using WhatFontis.com Windows 7’s WordPad is Actually Good

    Read the article

  • Build 2012, the first post

    - by Dennis Vroegop
    Yes, I was one of the lucky few who made it to Build. Build, formerly known as the Professional Developers Conference (or PDC) is the place to be if you are a developer on the Microsoft platform. Since I take my job seriously I took out some time on my busy schedule, sighed at the thought of not seeing my family for another week and signed up for it. Now, before I talk about the amazing Surface devices (yes, this posting is written on one of them), the great Lumia 920 we all got, the long deserved love for touch, NUI and other things I have been talking about for years, I need to do some ranting. So if you are anxious to read about the technical goodies you’ll have to wait until the next post. Still here? Good. When I signed up for the Build conference during my holidays this summer it was pretty obvious that demand would be high. Therefor I made sure I was on time. But even though I registered only 7 minutes after the initial opening time the Early Bird discount for the first 500 attendees was already sold out. I later learned that registration actually started 5 minutes before the scheduled time but even though it is still impressive how fast things went. The whole event sold out in 57 minutes Or so they say… A lot of people got put on the waiting list. There was room for about 1500 attendees and I heard that at least 1000 people were on that waiting list, including a lot of people I know. Strangely, all of them got tickets assigned after 2 weeks. Here at the conference I heard from a guy from Nokia that they had shipped 2500 Lumia 920 phones. That number matches the rumors that the organization added 1000 extra tickets. This, of course is no problem. I am not an elitist and I think large crowds have a special atmosphere that I quite like. But…. The Microsoft Campus is not equipped for that sheer volume of visitors. That was painfully obvious during on-site registration where people had to stand in line for over 2 hours. The conference is spread out over 2 buildings, divided by a 15 minute busride (yes, the campus is that big). I have seen queues of over 200 people waiting for the bus and when that arrived it had a capacity of 16. I can assure you: that doesn’t fit. This of course means that travelling from one site to the other might take about 30 minutes. So you arrive at the session room just in time, only to find out it’s full. Since you can’ get into that session you try to find another one but now you’re even more late so you have no chance at all of entering. The doors are closed and you’re told: “Well, you can watch the live stream online”. Mmmm… So I spend thousands of dollars, a week away from home, family and work to be told I can also watch the sessions online? Are you fricking kidding me? I could go on but I won’t. You get the idea. It’s jus badly organized, something I am not really used to in my 20 years of experience at Microsoft events. Yes, I am disappointed. I hope a lot of people here in Redmond will also fill in the evals and that the organization next year will do a better job. Really, Build deserves better. </rantmode>

    Read the article

  • "SignTool error: Access is denied" in TFS 2010 build process

    - by user351352
    I'm getting "SignTool Error: Access is Denied" when I attempt to sign a file. When I use an administrator cmd, all works fine. However, this process is going to be used in a TFS 2010 build process and using the InvokeProcess task with signtool gives the same access denied message as a non-administrator command prompt. More info: On a Win2008 R2 enterprise machine. User is machine admin and on the domain. The TFS Build service is also set to run as this user. Using a self signed certificate created using these instructions: How do I create a self-signed certificate for code signing on Windows? After following these instructions I have the following files: MyCA.cer MyCA.pvk MySPC.cer MySPC.pvk MySPC.pfx MyCA is in my Trusted Root Certification Authorities I imported MySPC.pfx into personal certificates, following the advice here: SignTool error: Access is denied To do the signing I'm using the thumbprint of the MySPC.pfx that was imported into the Personal section so my signtool command looks like: sign /sha1 1e9d7b5ad98552d9c58944e3f3903e6b929f4819 /t http://timestamp.verisign.com/scripts/timestamp.dll "FileName" Once again this works in Admin mode. This also works when running cmd as administrator: sign /f "C:\Code Signing Non-Release\MySPC.pfx" /t http://timestamp.verisign.com/scripts/timestamp.dll "FileName" New to code signing in general, so any help is welcome.

    Read the article

  • Azure - Unable To Get SQL Azure Invitation Code!

    - by Goober
    Scenario I'm trying to convert my Silverlight Business Application over to the cloud with the help of Azure. I have been following this link from Brad Abrams blog. Both the links to Windows Azure and SQL Azure crash out in Google Chrome, they work in Internet Explorer, but it's literally one of the worst user experiences I've ever had. The Problem I'm asked to sign in to Microsoft connect with my Live ID. I do so, I'm then asked to register!? - I do so. I'm then sent a verification email which I verify. I'm then signed out!?!?! When I sign back in, it repeats the process.... ANY IDEAS!??! Edit/Update: Finally managed to get signed up/in to connect. From here I was able to get hold of an invitation code to Windows Azure. Now I need an invitation code for SQL Azure. I cannot see ANYWHERE that advertises a way of getting this SQL Azure code, the only thing that I have seen is some text saying that there "may be a delay" in receiving codes due to volume of interest, which quite frankly I find hard to believe......... It's so far been 3 days now.This officially Sucks! If I have any more news I'll post back here.

    Read the article

  • Using SSL and SslStream for peer to peer authentication?

    - by Scott Whitlock
    I need to provide secure communication between various processes that are using TCP/IP sockets for communication. I want both authentication and encryption. Rather than re-invent the wheel I would really like to use SSL and the SslStream class and self-signed certificates. What I want to do is validate the remote process's certificate against a known copy in my local application. (There doesn't need to be a certificate authority because I intend for the certificates to be copied around manually). To do this, I want the application to be able to automatically generate a new certifiate the first time it is run. In addition to makecert.exe, it looks like this link shows a way to automatically generate self-signed certificates, so that's a start. I've looked at the AuthenticateAsServer and AuthenticateAsClient methods of SslStream. You can provide call-backs for verification, so it looks like it's possible. But now that I'm into the details of it, I really don't think it's possible to do this. Am I going in the right direction? Is there a better alternative? Has anyone done anything like this before (basically peer-to-peer SSL rather than client-server)?

    Read the article

  • java converting int to short

    - by changed
    Hi I am calculating 16 bit checksum on my data which i need to send to server where it has to recalculate and match with the provided checksum. Checksum value that i am getting is in int but i have only 2 bytes for sending the value.So i am casting int to short while calling shortToBytes method. This works fine till checksum value is less than 32767 thereafter i am getting negative values. Thing is java does not have unsigned primitives, so i am not able to send values greater than max value of signed short allowed. How can i do this, converting int to short and send over the network without worrying about truncation and signed & unsigned int. Also on both the side i have java program running. private byte[] shortToBytes(short sh) { byte[] baValue = new byte[2]; ByteBuffer buf = ByteBuffer.wrap(baValue); return buf.putShort(sh).array(); } private short bytesToShort(byte[] buf, int offset) { byte[] baValue = new byte[2]; System.arraycopy(buf, offset, baValue, 0, 2); return ByteBuffer.wrap(baValue).getShort(); }

    Read the article

  • Storing a digital signature for bookings on a web based system

    - by Duncan
    I have a web based bookings system built for a UK higher education client to allow students to sign out equipment (laptops, camera's etc). It's been in use successfully for a couple of years, in the current workflow equipment is collected and the booking is printed, signed by the student and kept until the equipment is returned. They are emailed a pdf copy of the booking and reminders if equipment is outstanding. Students can login and prebook equipment using their university LDAP credentials, the booking is then authorised by staff for later collection, but can also walk in and have equipment booked out by staff. They would like to remove the signed paper part of the process and replace this with some sort of digital signature. The suggestion was a graphics tablet but with a web based system this would require a local software package and in my view be impractical. My thought is that students would enter their LDAP username and password upon collection of the equipment, verifying their identity and effectively digitally signing the booking. My question is what would be best to store as a signature or whether to simply authenticate the user and use a boolean flag to indicate that this has been done could be deemed sufficient?

    Read the article

  • Why is my code signing (MS authenticode) verification failing?

    - by Tim
    I posted this question and have a freshly minted code signing cert from Thawte. I followed the instructions (or so I thought) and the code signing claims to be done right, however when I try to verify the tool shows an error. I have no idea what it means and no idea how to fix this. Any comments would be appreciated. Command line to sign exe: signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe Results: The following certificate was selected: Issued to: [my company] Issued by: Thawte Code Signing CA Expires: 4/23/2011 7:59:59 PM SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601 Done Adding Additional Store Attempting to sign: test.exe Successfully signed and timestamped: test.exe Number of files successfully Signed: 1 Number of warnings: 0 Number of errors: 0 Note that there are no errors or warnings. Now, when I try to verify imagine my surprise: signtool verify /v test.exe results in: Verifying: test.exe SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22 Signing Certificate Chain: Issued to: Thawte Premium Server CA Issued by: Thawte Premium Server CA Expires: 12/31/2020 7:59:59 PM SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A Issued to: Thawte Code Signing CA Issued by: Thawte Premium Server CA Expires: 8/5/2013 7:59:59 PM SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F Issued to: [my company] Issued by: Thawte Code Signing CA Expires: 4/23/2011 7:59:59 PM SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601 The signature is timestamped: 4/27/2010 10:19:19 AM Timestamp Verified by: Issued to: Thawte Timestamping CA Issued by: Thawte Timestamping CA Expires: 12/31/2020 7:59:59 PM SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656 Issued to: VeriSign Time Stamping Services CA Issued by: Thawte Timestamping CA Expires: 12/3/2013 7:59:59 PM SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D Issued to: VeriSign Time Stamping Services Signer - G2 Issued by: VeriSign Time Stamping Services CA Expires: 6/14/2012 7:59:59 PM SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE Number of files successfully Verified: 0 Number of warnings: 0 Number of errors: 1

    Read the article

  • rails i18n - translating text with links inside.

    - by egarcia
    Hi there! I'd like to i18n a text that looks like this: Already signed up? Log in! Note that there is a link on the text. On this example it points to google - in reality it will point to my app's log_in_path. I've found two ways of doing this, but none of them looks "right". The first way I know involves having this my en.yml: log_in_message: "Already signed up? <a href='{{url}}'>Log in!</a>" And in my view: <p> <%= t('log_in_message', :url => login_path) %> </p> This works, but having the <a href=...</a> part on the en.yml doesn't look very clean to me. The other option I know is using localized views - login.en.html.erb, and login.es.html.erb. This also doesn't feel right since the only different line would be the aforementioned one; the rest of the view (~30 lines) would be repeated for all views. It would not be very DRY. I guess I could use "localized partials" but that seems too cumberstone; I think I prefer the first option to having so many tiny view files. So my question is: is there a "proper" way to implement this?

    Read the article

  • Codesign returns exit code of 11 for xcode iphone project -- can't find documentation on exit code 1

    - by Larry Freeman
    Hi Everyone, I'm new to iPhone development. I am trying to get Xcode to run an application on a phone. The app works fine in the simulator. Initially I hit the error: The executable was signed with invalid entitlements I followed the steps here: http://stackoverflow.com/questions/1074546/the-executable-was-signed-with-invalid-entitlements But now I am getting an exit code of 11. I checked the documentation on codesign but I can't find any mention of an exit code 11 (http://gemma.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man1/codesign.1.html) Below is the log I am getting. Any help is greatly appreciated. I am using iPhone OS 3.1.3. Build HubPages of project HubPages with configuration Debug CodeSign build/Debug-iphoneos/HubPages.app cd /Users/larryfreeman/src/hub/mobile/HubPages/build/iphone setenv IGNORE_CODESIGN_ALLOCATE_RADAR_7181968 /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin" /usr/bin/codesign -f -s "iPhone Developer: Larry Freeman (LT6G4W62Z2)" --resource-rules=/Users/larryfreeman/src/hub/mobile/HubPages/build/iphone/build/Debug-iphoneos/HubPages.app/Entitlements.plist --entitlements /Users/larryfreeman/src/hub/mobile/HubPages/build/iphone/build/HubPages.build/Debug-iphoneos/HubPages.build/HubPages.xcent /Users/larryfreeman/src/hub/mobile/HubPages/build/iphone/build/Debug-iphoneos/HubPages.app Command /usr/bin/codesign failed with exit code 11 Thanks! -Larry

    Read the article

  • C# PInvoke VerQueryValue returns back OutOfMemoryException?

    - by Bopha
    Hi, Below is the code sample which I got from online resource but it's suppose to work with fullframework, but when I try to build it using C# smart device, it throws exception saying it's out of memory. Does anybody know how can I fix it to use on compact? the out of memory exception when I make the second call to VerQueryValue which is the last one. thanks, [DllImport("coredll.dll")] public static extern bool VerQueryValue(byte[] buffer, string subblock, out IntPtr blockbuffer, out uint len); [DllImport("coredll.dll")] public static extern bool VerQueryValue(byte[] pBlock, string pSubBlock, out string pValue, out uint len); // private static void GetAssemblyVersion() { string filename = @"\Windows\MyLibrary.dll"; if (File.Exists(filename)) { try { int handle = 0; Int32 size = 0; size = GetFileVersionInfoSize(filename, out handle); if (size > 0) { bool retValue; byte[] buffer = new byte[size]; retValue = GetFileVersionInfo(filename, handle, size, buffer); if (retValue == true) { bool success = false; IntPtr blockbuffer = IntPtr.Zero; uint len = 0; //success = VerQueryValue(buffer, "\\", out blockbuffer, out len); success = VerQueryValue(buffer, @"\VarFileInfo\Translation", out blockbuffer, out len); if(success) { int p = (int)blockbuffer; //Reads a 16-bit signed integer from unmanaged memory int j = Marshal.ReadInt16((IntPtr)p); p += 2; //Reads a 16-bit signed integer from unmanaged memory int k = Marshal.ReadInt16((IntPtr)p); string sb = string.Format("{0:X4}{1:X4}", j, k); string spv = @"\StringFileInfo\" + sb + @"\ProductVersion"; string versionInfo; VerQueryValue(buffer, spv, out versionInfo, out len); } } } } catch (Exception err) { string error = err.Message; } } }

    Read the article

  • Isolated storage misunderstand

    - by Costa
    Hi this is a discussion between me and me to understand isolated storage issue. can you help me to convince me about isolated storage!! This is a code written in windows form app (reader) that read the isolated storage of another win form app (writer) which is signed. where is the security if the reader can read the writer's file, I thought only signed code can access the file! If all .Net applications born equal and have all permissions to access Isolated storage, where is the security then? If I can install and run Exe from isolated storage, why I don't install a virus and run it, I am trusted to access this area. but the virus or what ever will not be trusted to access the rest of file system, it only can access the memory, and this is dangerous enough. I cannot see any difference between using app data folder to save the state and using isolated storage except a long nasty path!! I want to try give low trust to Reader code and retest, but they said "Isolated storage is actually created for giving low trusted application the right to save its state". Reader code: private void button1_Click(object sender, EventArgs e) { String path = @"C:\Documents and Settings\All Users\Application Data\IsolatedStorage\efv5cmbz.ewt\2ehuny0c.qvv\StrongName.5v3airc2lkv0onfrhsm2h3uiio35oarw\AssemFiles\toto12\ABC.txt"; StreamReader reader = new StreamReader(path); var test = reader.ReadLine(); reader.Close(); } Writer: private void button1_Click(object sender, EventArgs e) { IsolatedStorageFile isolatedFile = IsolatedStorageFile.GetMachineStoreForAssembly(); isolatedFile.CreateDirectory("toto12"); IsolatedStorageFileStream isolatedStorage = new IsolatedStorageFileStream(@"toto12\ABC.txt", System.IO.FileMode.Create, isolatedFile); StreamWriter writer = new StreamWriter(isolatedStorage); writer.WriteLine("Ana 2akol we ashrab kai a3eesh wa akbora"); writer.Close(); writer.Dispose(); }

    Read the article

  • Invalid iPhone Application Binary

    - by Kristopher Johnson
    I'm trying to upload an application to the iPhone App Store, but I get this error message from iTunes Connect: The binary you uploaded was invalid. The signature was invalid, or it was not signed with an Apple submission certificate. My guess is that it is not properly signed. I have downloaded my App Store distribution certficate, but I can't figure out how to "sign" my application with it. The SDK's documentation about code signing is not very helpful. (FWIW, I can install the app on my iPhone just fine using the development provisioning profile.) However, it is possible that I screwed things up on a more basic level. Here's what I did to try to prepare it for upload: In Xcode, select the Device|Release target Select the target and click the Info button. Change "Code Signing Identity" to "iPhone Distribution", and change "Code Signing Provisioning Profile" to my App Store distribution profile. Build Go to the directory where the built MyApp.app bundle is, control-click and choose "Compress" to create MyApp.zip Upload MyApp.zip to the App Store via iTunes Connect (which resulted in the above error message). Can anybody give me any hints? Edit: Found someone with the same problem. Unfortunately, he won't tell us how he fixed it. http://www.rhonabwy.com/wp/2008/07/18/seattlebus-diary-ongoing-update-saga/#comments http://www.rhonabwy.com/wp/2008/07/22/seattlebus-diary-update-is-pending-review/ (Note: For general information on submitting iPhone applications to the App Store, see Steps to upload an iPhone application to the AppStore.)

    Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >