Search Results

Search found 578 results on 24 pages for 'tls'.

Page 5/24 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Can Subject Alternative Name accommodate multiple virtual mail domains?

    - by Lawrence
    I am currently running a postfix server with self signed certificates serving one mail domain, mycompany.com, the mail server is mail.mycompany.com and so is the CN of the certificate. Now, I need to add a new domain to it. The new domain name is mycompany.net to the same server. Since the users already have the root of the old certificate, I'd like to reuse that. However, I'd like to issue a new certificate so users using the SMTP from Outlook/Thunderbird of mail.mycompany.net do not get warnings. If I understand correctly, if I issue a new certificate with CN=mail.mycompany.com and a subjectAltName=DNS:mail.mydomain.net and have postfix serve this, the client will not complain either way about the cn not matching the target host name. Am I correct in this assumption or am I misunderstanding the concept of Subject Alternative Name? Just to avoid conversation, I do not want to have users on mycompany.net addresses use the mycompany.com server because I might (not a technical issue) have to split up into two different locations, and I want to produce an easily migrateable setup.

    Read the article

  • Do any well-known CAs issue Elliptic Curve certificates?

    - by erickson
    Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from offering EC certificates? Does a widely-used browser fail to support ECC? Is ECC a bad fit for traditional PKI use like web server authentication? Or is there just no demand for it? I'm interested in switching to elliptic curve because of the NSA Suite B recommendation. But it doesn't seem practical for many applications. Bounty Criteria To claim the bounty, an answer must provide a link to a page or pages at a well-known CA's website that describes the ECC certificate options they offer, prices, and how to purchase one. In this context, "well-known" means that the proper root certificate must be included by default in Firefox 3.5 and IE 8. If multiple qualifying answers are provided (one can hope!), the one with the cheapest certificate from a ubiquitous CA will win the bounty. If that doesn't eliminate any ties (still hoping!), I'll have to choose an answer at my discretion. Remember, someone always claims at least half of the bounty, so please give it a shot even if you don't have all the answers.

    Read the article

  • OpenLDAP with StartTLS broken on Debian Lennny

    - by mr.zog
    I'm trying to get OpenLDAP on Lenny to work with StartTLS. I have a Fedora 13 machine which I'm using as a client for testing. So far the Fedora client is ignoring the 'host' directive in /etc/ldap.conf when I try to connect using ldapsearch. The client wants to connect to 127.0.0.1:389 even if I specify -H ldaps://server.name on when using ldapsearch. /etc/ldap.conf on the client machine is in mode 444. But even when I try connecting locally from an ssh session, I see errors like this: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Someone hit me with a cluebat, plz. Update: you must use ~/.ldaprc for settings such as 'host'.

    Read the article

  • IPTables Rule for Google Apps SMTP

    - by XpresServers
    I am trying to add iptables rule to allow traffic on ports 465 & 587 to google apps smtp servers. But I got not luck. My WHMCS installation works fine with google apps when I turn off iptables but iptables turn on itself again and email stop working. Please add rules to allow traffic from port 465 and 587. Following are my IPTables rules grabbed from /etc/sysconfig/iptables # Generated by iptables-save v1.3.5 on Fri Oct 5 01:33:52 2012 *filter :INPUT ACCEPT [2191:434537] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2390:987151] :acctboth - [0:0] -A INPUT -j acctboth -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j ACCEPT -A OUTPUT -d 127.0.0.1 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j ACCEPT -A OUTPUT -j acctboth -A OUTPUT -o eth0 -p tcp -m tcp --sport 587 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 465 -m state --state ESTABLISHED -j ACCEPT <<IN THIS SPACE RULES ARE RELATED TO SPECIFIC IPS ONLY>> -A acctboth -i ! lo COMMIT # Completed on Fri Oct 5 01:33:52 2012 # Generated by iptables-save v1.3.5 on Fri Oct 5 01:33:52 2012 *nat :PREROUTING ACCEPT [196:12398] :POSTROUTING ACCEPT [191:15070] :OUTPUT ACCEPT [190:15010] -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j RETURN -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j RETURN -A OUTPUT -d 127.0.0.1 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j RETURN -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j RETURN -A OUTPUT -p tcp -m multiport --dports 25,465,587 -j REDIRECT COMMIT # Completed on Fri Oct 5 01:33:52 2012 Thanks Hassan

    Read the article

  • Java fatal error, don't know what it means

    - by Thomas King
    It happens at the same place in my code (albeit not the first time the method is executed) but I can't make head or tail of what is wrong. (Doubly so as it's code for a robot). Be most appreciative if someone can give me an idea of what kind of problem it is. I assume it's to do with threading (multi-threaded app) but I don't really know what?!? Worried as deadline for uni project is looming!!! The message: # A fatal error has been detected by the Java Runtime Environment: # SIGSEGV (0xb) at pc=0xb70f0ca7, pid=5065, tid=2145643376 # JRE version: 6.0_15-b03 Java VM: Java HotSpot(TM) Server VM (14.1-b02 mixed mode linux-x86 ) Problematic frame: V [libjvm.so+0x4c9ca7] # An error report file with more information is saved as: /home/thomas/workspace/sir13/hs_err_pid5065.log # If you would like to submit a bug report, please visit: http://java.sun.com/webapps/bugreport/crash.jsp # The log: # A fatal error has been detected by the Java Runtime Environment: # SIGSEGV (0xb) at pc=0xb70f0ca7, pid=5065, tid=2145643376 # JRE version: 6.0_15-b03 Java VM: Java HotSpot(TM) Server VM (14.1-b02 mixed mode linux-x86 ) Problematic frame: V [libjvm.so+0x4c9ca7] # If you would like to submit a bug report, please visit: http://java.sun.com/webapps/bugreport/crash.jsp # --------------- T H R E A D --------------- Current thread (0x0904ec00): JavaThread "CompilerThread1" daemon [_thread_in_native, id=5078, stack(0x7fdbe000,0x7fe3f000)] siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x00000004 Registers: EAX=0x00000000, EBX=0xb733d720, ECX=0x000003b4, EDX=0x00000000 ESP=0x7fe3bf30, EBP=0x7fe3bf78, ESI=0x7fe3c250, EDI=0x7e9a7790 EIP=0xb70f0ca7, CR2=0x00000004, EFLAGS=0x00010283 Top of Stack: (sp=0x7fe3bf30) 0x7fe3bf30: 00020008 7ec8de5c 7fe3c250 00000000 0x7fe3bf40: 7f610451 00001803 7e9a7790 000003f5 0x7fe3bf50: 7e920030 7f239910 7f23b349 7f23b348 0x7fe3bf60: 7f550e35 7fe3c250 0000021b b733d720 0x7fe3bf70: 000003bc 7f23db10 7fe3bfc8 b70f0997 0x7fe3bf80: 7fe3c240 7f23db10 00000000 00000002 0x7fe3bf90: 00000000 7fe3c1b0 00000000 00000000 0x7fe3bfa0: 00004000 00000020 7ec88870 00000002 Instructions: (pc=0xb70f0ca7) 0xb70f0c97: 7d 08 8b 87 c8 02 00 00 89 c7 8b 45 c4 8b 14 87 0xb70f0ca7: 8b 42 04 8b 00 85 c0 75 22 8b 4e 04 8b 52 1c 39 Stack: [0x7fdbe000,0x7fe3f000], sp=0x7fe3bf30, free space=503k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x4c9ca7] V [libjvm.so+0x4c9997] V [libjvm.so+0x4c6e23] V [libjvm.so+0x25b75f] V [libjvm.so+0x2585df] V [libjvm.so+0x1f2c2f] V [libjvm.so+0x260ceb] V [libjvm.so+0x260609] V [libjvm.so+0x617286] V [libjvm.so+0x6108fe] V [libjvm.so+0x531c4e] C [libpthread.so.0+0x580e] Current CompileTask: C2:133 ! BehaviourLeftUnexplored.action()V (326 bytes) --------------- P R O C E S S --------------- Java Threads: ( = current thread ) 0x08fb5400 JavaThread "DestroyJavaVM" [_thread_blocked, id=5066, stack(0xb6bb0000,0xb6c01000)] 0x09213c00 JavaThread "Thread-4" [_thread_blocked, id=5085, stack(0x7eeaf000,0x7ef00000)] 0x09212c00 JavaThread "Thread-3" [_thread_in_Java, id=5084, stack(0x7f863000,0x7f8b4000)] 0x09206800 JavaThread "AWT-XAWT" daemon [_thread_in_native, id=5083, stack(0x7f8b4000,0x7f905000)] 0x091b7400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=5082, stack(0x7f93e000,0x7f98f000)] 0x09163c00 JavaThread "Thread-0" [_thread_in_native, id=5081, stack(0x7fc87000,0x7fcd8000)] 0x09050c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=5079, stack(0x7fd6d000,0x7fdbe000)] =0x0904ec00 JavaThread "CompilerThread1" daemon [_thread_in_native, id=5078, stack(0x7fdbe000,0x7fe3f000)] 0x0904c000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=5077, stack(0x7fe3f000,0x7fec0000)] 0x0904a800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5076, stack(0x7fec0000,0x7ff11000)] 0x09036c00 JavaThread "Finalizer" daemon [_thread_blocked, id=5075, stack(0x7ff57000,0x7ffa8000)] 0x09035400 JavaThread "Reference Handler" daemon [_thread_blocked, id=5074, stack(0x7ffa8000,0x7fff9000)] Other Threads: 0x09031400 VMThread [stack: 0x7fff9000,0x8007a000] [id=5073] 0x09052800 WatcherThread [stack: 0x7fcec000,0x7fd6d000] [id=5080] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap PSYoungGen total 46784K, used 32032K [0xae650000, 0xb3440000, 0xb3a50000) eden space 46720K, 68% used [0xae650000,0xb0588f48,0xb13f0000) from space 64K, 95% used [0xb3390000,0xb339f428,0xb33a0000) to space 384K, 0% used [0xb33e0000,0xb33e0000,0xb3440000) PSOldGen total 43008K, used 20872K [0x84650000, 0x87050000, 0xae650000) object space 43008K, 48% used [0x84650000,0x85ab2308,0x87050000) PSPermGen total 16384K, used 5115K [0x80650000, 0x81650000, 0x84650000) object space 16384K, 31% used [0x80650000,0x80b4ec30,0x81650000) Dynamic libraries: 08048000-08052000 r-xp 00000000 08:05 34708 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/bin/java 08052000-08053000 rwxp 00009000 08:05 34708 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/bin/java 08faf000-09220000 rwxp 00000000 00:00 0 [heap] 7e900000-7e9f9000 rwxp 00000000 00:00 0 7e9f9000-7ea00000 ---p 00000000 00:00 0 7ea00000-7ea41000 rwxp 00000000 00:00 0 7ea41000-7eb00000 ---p 00000000 00:00 0 7eb00000-7ebfc000 rwxp 00000000 00:00 0 7ebfc000-7ec00000 ---p 00000000 00:00 0 7ec00000-7ecf7000 rwxp 00000000 00:00 0 7ecf7000-7ed00000 ---p 00000000 00:00 0 7ed00000-7ede7000 rwxp 00000000 00:00 0 7ede7000-7ee00000 ---p 00000000 00:00 0 7eeaf000-7eeb2000 ---p 00000000 00:00 0 7eeb2000-7ef00000 rwxp 00000000 00:00 0 7ef00000-7eff9000 rwxp 00000000 00:00 0 7eff9000-7f000000 ---p 00000000 00:00 0 7f100000-7f1f6000 rwxp 00000000 00:00 0 7f1f6000-7f200000 ---p 00000000 00:00 0 7f200000-7f2fc000 rwxp 00000000 00:00 0 7f2fc000-7f300000 ---p 00000000 00:00 0 7f300000-7f4fe000 rwxp 00000000 00:00 0 7f4fe000-7f500000 ---p 00000000 00:00 0 7f500000-7f5fb000 rwxp 00000000 00:00 0 7f5fb000-7f600000 ---p 00000000 00:00 0 7f600000-7f6f9000 rwxp 00000000 00:00 0 7f6f9000-7f700000 ---p 00000000 00:00 0 7f700000-7f800000 rwxp 00000000 00:00 0 7f830000-7f836000 r-xs 00000000 08:05 241611 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-x86.cache-2 7f836000-7f838000 r-xs 00000000 08:05 241612 /var/cache/fontconfig/99e8ed0e538f840c565b6ed5dad60d56-x86.cache-2 7f838000-7f83b000 r-xs 00000000 08:05 241620 /var/cache/fontconfig/e383d7ea5fbe662a33d9b44caf393297-x86.cache-2 7f83b000-7f846000 r-xs 00000000 08:05 241600 /var/cache/fontconfig/0f34bcd4b6ee430af32735b75db7f02b-x86.cache-2 7f863000-7f866000 ---p 00000000 00:00 0 7f866000-7f8b4000 rwxp 00000000 00:00 0 7f8b4000-7f8b7000 ---p 00000000 00:00 0 7f8b7000-7f905000 rwxp 00000000 00:00 0 7f905000-7f909000 r-xp 00000000 08:05 5012 /usr/lib/libXfixes.so.3.1.0 7f909000-7f90a000 r-xp 00003000 08:05 5012 /usr/lib/libXfixes.so.3.1.0 7f90a000-7f90b000 rwxp 00004000 08:05 5012 /usr/lib/libXfixes.so.3.1.0 7f90b000-7f913000 r-xp 00000000 08:05 5032 /usr/lib/libXrender.so.1.3.0 7f913000-7f914000 r-xp 00007000 08:05 5032 /usr/lib/libXrender.so.1.3.0 7f914000-7f915000 rwxp 00008000 08:05 5032 /usr/lib/libXrender.so.1.3.0 7f915000-7f91e000 r-xp 00000000 08:05 5004 /usr/lib/libXcursor.so.1.0.2 7f91e000-7f91f000 r-xp 00008000 08:05 5004 /usr/lib/libXcursor.so.1.0.2 7f91f000-7f920000 rwxp 00009000 08:05 5004 /usr/lib/libXcursor.so.1.0.2 7f92f000-7f931000 r-xs 00000000 08:05 241622 /var/cache/fontconfig/f24b2111ab8703b4e963115a8cf14259-x86.cache-2 7f931000-7f932000 r-xs 00000000 08:05 241606 /var/cache/fontconfig/4c73fe0c47614734b17d736dbde7580a-x86.cache-2 7f932000-7f936000 r-xs 00000000 08:05 241599 /var/cache/fontconfig/062808c12e6e608270f93bb230aed730-x86.cache-2 7f936000-7f93e000 r-xs 00000000 08:05 241617 /var/cache/fontconfig/d52a8644073d54c13679302ca1180695-x86.cache-2 7f93e000-7f941000 ---p 00000000 00:00 0 7f941000-7f98f000 rwxp 00000000 00:00 0 7f98f000-7fa0e000 r-xp 00000000 08:05 34755 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libfontmanager.so 7fa0e000-7fa19000 rwxp 0007e000 08:05 34755 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libfontmanager.so 7fa19000-7fa1d000 rwxp 00000000 00:00 0 7fa1d000-7fa21000 r-xp 00000000 08:05 5008 /usr/lib/libXdmcp.so.6.0.0 7fa21000-7fa22000 rwxp 00003000 08:05 5008 /usr/lib/libXdmcp.so.6.0.0 7fa22000-7fa3e000 r-xp 00000000 08:05 6029 /usr/lib/libxcb.so.1.1.0 7fa3e000-7fa3f000 r-xp 0001c000 08:05 6029 /usr/lib/libxcb.so.1.1.0 7fa3f000-7fa40000 rwxp 0001d000 08:05 6029 /usr/lib/libxcb.so.1.1.0 7fa40000-7fa42000 r-xp 00000000 08:05 4997 /usr/lib/libXau.so.6.0.0 7fa42000-7fa43000 r-xp 00001000 08:05 4997 /usr/lib/libXau.so.6.0.0 7fa43000-7fa44000 rwxp 00002000 08:05 4997 /usr/lib/libXau.so.6.0.0 7fa44000-7fb6e000 r-xp 00000000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb6e000-7fb6f000 ---p 0012a000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb6f000-7fb70000 r-xp 0012a000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb70000-7fb72000 rwxp 0012b000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb72000-7fb73000 rwxp 00000000 00:00 0 7fb73000-7fb81000 r-xp 00000000 08:05 5010 /usr/lib/libXext.so.6.4.0 7fb81000-7fb82000 r-xp 0000d000 08:05 5010 /usr/lib/libXext.so.6.4.0 7fb82000-7fb83000 rwxp 0000e000 08:05 5010 /usr/lib/libXext.so.6.4.0 7fb83000-7fb84000 r-xs 00000000 08:05 241614 /var/cache/fontconfig/c05880de57d1f5e948fdfacc138775d9-x86.cache-2 7fb84000-7fb87000 r-xs 00000000 08:05 241613 /var/cache/fontconfig/a755afe4a08bf5b97852ceb7400b47bc-x86.cache-2 7fb87000-7fb8a000 r-xs 00000000 08:05 241608 /var/cache/fontconfig/6d41288fd70b0be22e8c3a91e032eec0-x86.cache-2 7fb8a000-7fb92000 r-xs 00000000 08:05 219560 /var/cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-x86.cache-2 7fb92000-7fbd5000 r-xp 00000000 08:05 34752 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/xawt/libmawt.so 7fbd5000-7fbd7000 rwxp 00043000 08:05 34752 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/xawt/libmawt.so 7fbd7000-7fbd8000 rwxp 00000000 00:00 0 7fbd8000-7fc5c000 r-xp 00000000 08:05 34750 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libawt.so 7fc5c000-7fc63000 rwxp 00084000 08:05 34750 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libawt.so 7fc63000-7fc87000 rwxp 00000000 00:00 0 7fc87000-7fc8a000 ---p 00000000 00:00 0 7fc8a000-7fcd8000 rwxp 00000000 00:00 0 7fcd8000-7fceb000 r-xp 00000000 08:05 34739 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libnet.so 7fceb000-7fcec000 rwxp 00013000 08:05 34739 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libnet.so 7fcec000-7fced000 ---p 00000000 00:00 0 7fced000-7fd6d000 rwxp 00000000 00:00 0 7fd6d000-7fd70000 ---p 00000000 00:00 0 7fd70000-7fdbe000 rwxp 00000000 00:00 0 7fdbe000-7fdc1000 ---p 00000000 00:00 0 7fdc1000-7fe3f000 rwxp 00000000 00:00 0 7fe3f000-7fe42000 ---p 00000000 00:00 0 7fe42000-7fec0000 rwxp 00000000 00:00 0 7fec0000-7fec3000 ---p 00000000 00:00 0 7fec3000-7ff11000 rwxp 00000000 00:00 0 7ff11000-7ff18000 r-xs 00000000 08:05 134616 /usr/lib/gconv/gconv-modules.cache 7ff18000-7ff57000 r-xp 00000000 08:05 136279 /usr/lib/locale/en_GB.utf8/LC_CTYPE 7ff57000-7ff5a000 ---p 00000000 00:00 0 7ff5a000-7ffa8000 rwxp 00000000 00:00 0 7ffa8000-7ffab000 ---p 00000000 00:00 0 7ffab000-7fff9000 rwxp 00000000 00:00 0 7fff9000-7fffa000 ---p 00000000 00:00 0 7fffa000-800ad000 rwxp 00000000 00:00 0 800ad000-80243000 r-xs 02fb3000 08:05 34883 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/rt.jar 80243000-80244000 ---p 00000000 00:00 0 80244000-802c4000 rwxp 00000000 00:00 0 802c4000-802c5000 ---p 00000000 00:00 0 802c5000-8034d000 rwxp 00000000 00:00 0 8034d000-80365000 rwxp 00000000 00:00 0 80365000-8037a000 rwxp 00000000 00:00 0 8037a000-804b5000 rwxp 00000000 00:00 0 804b5000-804bd000 rwxp 00000000 00:00 0 804bd000-804d5000 rwxp 00000000 00:00 0 804d5000-804ea000 rwxp 00000000 00:00 0 804ea000-80625000 rwxp 00000000 00:00 0 80625000-8064c000 rwxp 00000000 00:00 0 8064c000-8064f000 rwxp 00000000 00:00 0 8064f000-81650000 rwxp 00000000 00:00 0 81650000-84650000 rwxp 00000000 00:00 0 84650000-87050000 rwxp 00000000 00:00 0 87050000-ae650000 rwxp 00000000 00:00 0 ae650000-b3440000 rwxp 00000000 00:00 0 b3440000-b3a50000 rwxp 00000000 00:00 0 b3a50000-b3a52000 r-xs 00000000 08:05 241602 /var/cache/fontconfig/2c5ba8142dffc8bf0377700342b8ca1a-x86.cache-2 b3a52000-b3a5b000 r-xp 00000000 08:05 5018 /usr/lib/libXi.so.6.0.0 b3a5b000-b3a5c000 r-xp 00008000 08:05 5018 /usr/lib/libXi.so.6.0.0 b3a5c000-b3a5d000 rwxp 00009000 08:05 5018 /usr/lib/libXi.so.6.0.0 b3a5d000-b3a66000 rwxp 00000000 00:00 0 b3a66000-b3b1d000 rwxp 00000000 00:00 0 b3b1d000-b3d5d000 rwxp 00000000 00:00 0 b3d5d000-b6b1d000 rwxp 00000000 00:00 0 b6b1d000-b6b2c000 r-xp 00000000 08:05 34735 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libzip.so b6b2c000-b6b2e000 rwxp 0000e000 08:05 34735 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libzip.so b6b2e000-b6b38000 r-xp 00000000 08:05 1042 /lib/tls/i686/cmov/libnss_files-2.10.1.so b6b38000-b6b39000 r-xp 00009000 08:05 1042 /lib/tls/i686/cmov/libnss_files-2.10.1.so b6b39000-b6b3a000 rwxp 0000a000 08:05 1042 /lib/tls/i686/cmov/libnss_files-2.10.1.so b6b3a000-b6b43000 r-xp 00000000 08:05 1055 /lib/tls/i686/cmov/libnss_nis-2.10.1.so b6b43000-b6b44000 r-xp 00008000 08:05 1055 /lib/tls/i686/cmov/libnss_nis-2.10.1.so b6b44000-b6b45000 rwxp 00009000 08:05 1055 /lib/tls/i686/cmov/libnss_nis-2.10.1.so b6b45000-b6b4b000 r-xp 00000000 08:05 1028 /lib/tls/i686/cmov/libnss_compat-2.10.1.so b6b4b000-b6b4c000 r-xp 00005000 08:05 1028 /lib/tls/i686/cmov/libnss_compat-2.10.1.so b6b4c000-b6b4d000 rwxp 00006000 08:05 1028 /lib/tls/i686/cmov/libnss_compat-2.10.1.so b6b4d000-b6b54000 r-xs 00035000 08:05 304369 /home/thomas/workspace/sir13/javaclient/jars/javaclient.jar b6b54000-b6b5c000 rwxs 00000000 08:05 393570 /tmp/hsperfdata_thomas/5065 b6b5c000-b6b6f000 r-xp 00000000 08:05 1020 /lib/tls/i686/cmov/libnsl-2.10.1.so b6b6f000-b6b70000 r-xp 00012000 08:05 1020 /lib/tls/i686/cmov/libnsl-2.10.1.so b6b70000-b6b71000 rwxp 00013000 08:05 1020 /lib/tls/i686/cmov/libnsl-2.10.1.so b6b71000-b6b73000 rwxp 00000000 00:00 0 b6b73000-b6b77000 r-xp 00000000 08:05 5038 /usr/lib/libXtst.so.6.1.0 b6b77000-b6b78000 r-xp 00004000 08:05 5038 /usr/lib/libXtst.so.6.1.0 b6b78000-b6b79000 rwxp 00005000 08:05 5038 /usr/lib/libXtst.so.6.1.0 b6b79000-b6b7f000 r-xp 00000000 08:05 34723 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/native_threads/libhpi.so b6b7f000-b6b80000 rwxp 00006000 08:05 34723 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/native_threads/libhpi.so b6b80000-b6b81000 rwxp 00000000 00:00 0 b6b81000-b6b82000 r-xp 00000000 00:00 0 b6b82000-b6ba5000 r-xp 00000000 08:05 34733 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libjava.so b6ba5000-b6ba7000 rwxp 00023000 08:05 34733 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libjava.so b6ba7000-b6bae000 r-xp 00000000 08:05 1733 /lib/tls/i686/cmov/librt-2.10.1.so b6bae000-b6baf000 r-xp 00006000 08:05 1733 /lib/tls/i686/cmov/librt-2.10.1.so b6baf000-b6bb0000 rwxp 00007000 08:05 1733 /lib/tls/i686/cmov/librt-2.10.1.so b6bb0000-b6bb3000 ---p 00000000 00:00 0 b6bb3000-b6c01000 rwxp 00000000 00:00 0 b6c01000-b6c25000 r-xp 00000000 08:05 1016 /lib/tls/i686/cmov/libm-2.10.1.so b6c25000-b6c26000 r-xp 00023000 08:05 1016 /lib/tls/i686/cmov/libm-2.10.1.so b6c26000-b6c27000 rwxp 00024000 08:05 1016 /lib/tls/i686/cmov/libm-2.10.1.so b6c27000-b72f4000 r-xp 00000000 08:05 34724 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/server/libjvm.so b72f4000-b7341000 rwxp 006cc000 08:05 34724 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/server/libjvm.so b7341000-b7765000 rwxp 00000000 00:00 0 b7765000-b78a3000 r-xp 00000000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a3000-b78a4000 ---p 0013e000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a4000-b78a6000 r-xp 0013e000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a6000-b78a7000 rwxp 00140000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a7000-b78aa000 rwxp 00000000 00:00 0 b78aa000-b78ac000 r-xp 00000000 08:05 1014 /lib/tls/i686/cmov/libdl-2.10.1.so b78ac000-b78ad000 r-xp 00001000 08:05 1014 /lib/tls/i686/cmov/libdl-2.10.1.so b78ad000-b78ae000 rwxp 00002000 08:05 1014 /lib/tls/i686/cmov/libdl-2.10.1.so b78ae000-b78b5000 r-xp 00000000 08:05 34734 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/jli/libjli.so b78b5000-b78b7000 rwxp 00006000 08:05 34734 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/jli/libjli.so b78b7000-b78b8000 rwxp 00000000 00:00 0 b78b8000-b78cd000 r-xp 00000000 08:05 1081 /lib/tls/i686/cmov/libpthread-2.10.1.so b78cd000-b78ce000 r-xp 00014000 08:05 1081 /lib/tls/i686/cmov/libpthread-2.10.1.so b78ce000-b78cf000 rwxp 00015000 08:05 1081 /lib/tls/i686/cmov/libpthread-2.10.1.so b78cf000-b78d1000 rwxp 00000000 00:00 0 b78d1000-b78d2000 r-xs 00000000 08:05 161622 /var/cache/fontconfig/4794a0821666d79190d59a36cb4f44b5-x86.cache-2 b78d2000-b78d4000 r-xs 00000000 08:05 241610 /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2 b78d4000-b78df000 r-xp 00000000 08:05 34732 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libverify.so b78df000-b78e0000 rwxp 0000b000 08:05 34732 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libverify.so b78e0000-b78e2000 rwxp 00000000 00:00 0 b78e2000-b78e3000 r-xp 00000000 00:00 0 [vdso] b78e3000-b78fe000 r-xp 00000000 08:05 64 /lib/ld-2.10.1.so b78fe000-b78ff000 r-xp 0001a000 08:05 64 /lib/ld-2.10.1.so b78ff000-b7900000 rwxp 0001b000 08:05 64 /lib/ld-2.10.1.so bfc33000-bfc48000 rwxp 00000000 00:00 0 [stack] VM Arguments: jvm_args: -Dfile.encoding=UTF-8 java_command: Main Launcher Type: SUN_STANDARD Environment Variables: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games USERNAME=thomas LD_LIBRARY_PATH=/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/server:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/../lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/client:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386:/usr/lib/xulrunner-addons:/usr/lib/xulrunner-addons SHELL=/bin/bash DISPLAY=:0.0 Signal Handlers: SIGSEGV: [libjvm.so+0x650690], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGBUS: [libjvm.so+0x650690], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGFPE: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGPIPE: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGXFSZ: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGILL: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGUSR1: SIG_DFL, sa_mask[0]=0x00000000, sa_flags=0x00000000 SIGUSR2: [libjvm.so+0x532170], sa_mask[0]=0x00000004, sa_flags=0x10000004 SIGHUP: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGINT: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGTERM: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGQUIT: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 --------------- S Y S T E M --------------- OS:squeeze/sid uname:Linux 2.6.31-20-generic #57-Ubuntu SMP Mon Feb 8 09:05:19 UTC 2010 i686 libc:glibc 2.10.1 NPTL 2.10.1 rlimit: STACK 8192k, CORE 0k, NPROC infinity, NOFILE 1024, AS infinity load average:1.07 0.55 0.23 CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 13, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3 Memory: 4k page, physical 3095836k(1519972k free), swap 1261060k(1261060k free) vm_info: Java HotSpot(TM) Server VM (14.1-b02) for linux-x86 JRE (1.6.0_15-b03), built on Jul 2 2009 15:49:13 by "java_re" with gcc 3.2.1-7a (J2SE release) time: Mon Mar 22 12:08:40 2010 elapsed time: 21 seconds

    Read the article

  • Client authentication with RubyLDAP ldap

    - by Marcelo de Moraes Serpa
    Hello all, I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success). My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found anything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around. I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP): TLSVerifyClient never However, this is not an option here. Thanks, Marcelo.

    Read the article

  • Node.js and wss://

    - by CNelson
    I'm looking to start using javascript on the server, most likely with node.js, as well as use websockets to communicate with clients. However, there doesn't seem to be a lot of information about encrypted websocket communication using TLS and the wss:// handler. In fact the only server that I've seen explicitly support wss:// is Kaazing. This TODO is the only reference I've been able to find in the various node implementations. Am I missing something or are the websocket js servers not ready for encrypted communication yet? Another option could be using something like lighttpd or apache to proxy to a node listener, has anyone had success there?

    Read the article

  • SMTP on C: STARTTLS via OpenSSL

    - by Jackell
    Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting: SSL_METHOD* method = NULL; SSL_library_init(); SSL_load_error_strings(); method = SSLv23_client_method(); ctx = SSL_CTX_new(method); if (ctx == NULL) { ERR_print_errors_fp(stderr); } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ssl = SSL_new(ctx); if (!SSL_set_fd(ssl, socket)) { ERR_print_errors_fp(stderr); return; } if (ssl) { if (SSL_connect((SSL*)ssl) < 1) { ERR_print_errors_fp(stderr); } // then i think i need to send EHLO } But after calling SSL_connect I get an error: 24953:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: If I use SSLv3_client_method I get an error: 18143:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284. And If TLSv1_client_method: 21293:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: Why? What I do wrong?

    Read the article

  • Mutt not working due to "gnutls_handshake: A TLS packet with unexpected length was received." error

    - by Vinit Kumar
    I am expecting lots of problem trying to make mutt work in Ubuntu 12.04. Here is my .muttrc : http://paste.ubuntu.com/1273585/ Here is the bug I am getting when i tried to connect. gnutls_handshake: A TLS packet with unexpected length was received. Do anyone knows a workaround to fix this error.If so please suggest it asap. Many Thanks in Advance! For debug here is the output of my mutt -v: http://paste.ubuntu.com/1273590/

    Read the article

  • error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)

    - by ArunS
    Hello there, We have online shopping site. When I am going to checkout page i am getting a error like this "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)" From the apache error log i can see some attempts to connect to api.paypal.com. Here is the part of my apache error log About to connect() to api.paypal.com port 443 (#0) Trying 66.211.168.123... * connected Connected to api.paypal.com (66.211.168.123) port 443 (#0) successfully set certificate verify locations: CAfile: none CApath: /etc/ssl/certs error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Closing connection #0 When i tried to connect to api.paypal.com using curl i am getting a error like this curl -iv https://api.paypal.com/ * About to connect() to api.paypal.com port 443 (#0) * Trying 66.211.168.91... connected * Connected to api.paypal.com (66.211.168.91) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS alert, Server hello (2): * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection #0 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Can anyone help me to figure out this. Thanks in Advance. Arun S

    Read the article

  • Can't start httpd 2.4.9 with self-signed SSL certificate

    - by Smollet
    I cannot start the httpd 2.4.9 (tried 2.4.x too) on CentOS 6.5 with the simplest SSL config possible. The openssl version installed on the machine is OpenSSL 1.0.1e-fips 11 Feb 2013 (I've upgraded it using 'yum update' to the latest patched version as well) I have compiled and installed the httpd 2.4.9 using the following commands: ./configure --enable-ssl --with-ssl=/usr/local/ssl/ --enable-proxy=shared --enable-proxy_wstunnel=shared --with-apr=apr-1.5.1/ --with-apr-util=apr-util-1.5.3/ make make install Now I'm generating the default self-signed certificate as described in the CentOS HowTo: openssl genrsa -out ca.key 2048 openssl req -new -key ca.key -out ca.csr openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt cp ca.crt /etc/pki/tls/certs cp ca.key /etc/pki/tls/private/ca.key cp ca.csr /etc/pki/tls/private/ca.csr Here is my httpd-ssl.conf file: Listen 443 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/apache2/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/usr/local/apache2/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> when I start httpd using bin/apachectl -k start I get following errors in the error_log: Wed Jun 04 00:29:27.995654 2014] [ssl:info] [pid 24021:tid 139640404293376] AH01887: Init: Initializing (virtual) servers for SSL [Wed Jun 04 00:29:27.995726 2014] [ssl:info] [pid 24021:tid 139640404293376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:29:27.995863 2014] [ssl:debug] [pid 24021:tid 139640404293376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:29:27.996111 2014] [ssl:debug] [pid 24021:tid 139640404293376] ssl_util_ssl.c(343): AH02412: [192.168.9.128:443] Cert matches for name '192.168.9.128' [subject: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / issuer: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / serial: AF04AF31799B7695 / notbefore: Jun 3 22:26:45 2014 GMT / notafter: Jun 3 22:26:45 2015 GMT] [Wed Jun 04 00:29:27.996122 2014] [ssl:info] [pid 24021:tid 139640404293376] AH02568: Certificate and private key 192.168.9.128:443:0 configured from /etc/pki/tls/certs/ca.crt and /etc/pki/tls/private/ca.key [Wed Jun 04 00:29:27.996209 2014] [ssl:info] [pid 24021:tid 139640404293376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:29:27.996280 2014] [ssl:debug] [pid 24021:tid 139640404293376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:29:27.996295 2014] [ssl:emerg] [pid 24021:tid 139640404293376] AH02572: Failed to configure at least one certificate and key for 192.168.9.128:443 [Wed Jun 04 00:29:27.996303 2014] [ssl:emerg] [pid 24021:tid 139640404293376] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Wed Jun 04 00:29:27.996308 2014] [ssl:emerg] [pid 24021:tid 139640404293376] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Wed Jun 04 00:29:27.996318 2014] [ssl:emerg] [pid 24021:tid 139640404293376] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Wed Jun 04 00:29:27.996321 2014] [ssl:emerg] [pid 24021:tid 139640404293376] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed I then try to generate missing DH PARAMETERS and EC PARAMETERS: openssl dhparam -outform PEM -out dhparam.pem 2048 openssl ecparam -out ec_param.pem -name prime256v1 cat dhparam.pem ec_param.pem >> /etc/pki/tls/certs/ca.crt And it mitigates the error but the next comes out: [Wed Jun 04 00:34:05.021438 2014] [ssl:info] [pid 24089:tid 140719371077376] AH01887: Init: Initializing (virtual) servers for SSL [Wed Jun 04 00:34:05.021487 2014] [ssl:info] [pid 24089:tid 140719371077376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:34:05.021874 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:34:05.022050 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_util_ssl.c(343): AH02412: [192.168.9.128:443] Cert matches for name '192.168.9.128' [subject: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / issuer: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / serial: AF04AF31799B7695 / notbefore: Jun 3 22:26:45 2014 GMT / notafter: Jun 3 22:26:45 2015 GMT] [Wed Jun 04 00:34:05.022066 2014] [ssl:info] [pid 24089:tid 140719371077376] AH02568: Certificate and private key 192.168.9.128:443:0 configured from /etc/pki/tls/certs/ca.crt and /etc/pki/tls/private/ca.key [Wed Jun 04 00:34:05.022285 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(1016): AH02540: Custom DH parameters (2048 bits) for 192.168.9.128:443 loaded from /etc/pki/tls/certs/ca.crt [Wed Jun 04 00:34:05.022389 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(1030): AH02541: ECDH curve prime256v1 for 192.168.9.128:443 specified in /etc/pki/tls/certs/ca.crt [Wed Jun 04 00:34:05.022397 2014] [ssl:info] [pid 24089:tid 140719371077376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:34:05.022464 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:34:05.022478 2014] [ssl:emerg] [pid 24089:tid 140719371077376] AH02572: Failed to configure at least one certificate and key for 192.168.9.128:443 [Wed Jun 04 00:34:05.022488 2014] [ssl:emerg] [pid 24089:tid 140719371077376] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Wed Jun 04 00:34:05.022491 2014] [ssl:emerg] [pid 24089:tid 140719371077376] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed I have tried to generate the simple certificate/key pair exactly as described in the httpd docs Unfortunately, I still get exact same errors as above. I've seen a bug report with the similar issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=56410 But the openssl version I have is reported as working there. I've also tried to apply the patch from the report as well as build the latest 2.4.x branch with no success, I get the same errors as above. I have also tried to create a short chain of certificates and set the root CA certificate using SSLCertificateChainFile directive. That didn't help either, I get exact same errors as above. I'm not interested in setting up hardened security, etc. The only thing I need is to start httpd with the simplest SSL config possible to continue testing proxy config for the mod_proxy_wstunnel Had anybody encountered and solved this issue? Is my sequence for creating a self-signed certificate incorrect? I'd appreciate any help very much!

    Read the article

  • cURL hangs trying to upload file from stdin

    - by SidneySM
    I'm trying to PUT a file with cURL. This hangs: curl -vvv --digest -u user -T - https://example.com/file.txt < file This does not: curl -vvv --digest -u user -T file https://example.com/file.txt What's going on? * About to connect() to example.com port 443 (#0) * Trying 0.0.0.0... connected * Connected to example.com (0.0.0.0) port 443 (#0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: serialNumber=jJakwdOewDicmqzIorLkKSiwuqfnzxF/, C=US, O=*.example.com, OU=GT01234567, OU=See www.example.com/resources/cps (c)10, OU=Domain Control Validated - ExampleSSL(R), CN=*.example.com * start date: 2010-01-26 07:06:33 GMT * expire date: 2011-01-28 11:22:07 GMT * common name: *.example.com (matched) * issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority * SSL certificate verify ok. * Server auth using Digest with user 'user' > PUT /file.txt HTTP/1.1 > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 OpenSSL/0.9.8l zlib/1.2.3 > Host: example.com > Accept: */* > Transfer-Encoding: chunked > Expect: 100-continue > < HTTP/1.1 100 Continue

    Read the article

  • error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)

    - by ArunS
    We have online shopping site. When I am going to checkout page i am getting a error like this "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)" From the apache error log i can see some attempts to connect to api.paypal.com. Here is the part of my apache error log * About to connect() to api.paypal.com port 443 (#0) * Trying 66.211.168.123... * connected * Connected to api.paypal.com (66.211.168.123) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection #0 When i tried to connect to api.paypal.com using curl i am getting a error like this curl -iv https://api.paypal.com/ * About to connect() to api.paypal.com port 443 (#0) * Trying 66.211.168.91... connected * Connected to api.paypal.com (66.211.168.91) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS alert, Server hello (2): * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection #0 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Can anyone help me to figure out this. Thanks in Advance. Arun S

    Read the article

  • How to specify a cipher for an SSL connection in .NET?

    - by dr. evil
    How can I specify a cipher suite to use in an SSL Connections? I know that Mentalis Seclib got this feature however they don't maintain the project as they say .NET Framework 2.0 introduced those features. However I couldn't find a way to do this in .NET Framework 3.5. To be more specific I want to connect an HTTPS service by using NULL cipher, I would do the same thing with OpenSSL by using the following command: openssl s_client -connect www.example.com:443 -cipher NULL How can I do this in .NET?

    Read the article

  • SSL connection using Java standalone app

    - by Marquinio
    I have created a standalone executable JAR program that needs to send private information over a SSL connection. I was not able to establish the SSL connection using certificates. Was getting this: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path `building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target` So I found some code somewhere that creates a trust manager that does not validate certificate chains: // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } } }; That did the trick and I was able to establish SSL connection without any certificates. My concern is if the data will still be encrypted when exchanging private information. This is an execute JAR file that clients will be downloading to their computers. So is a certificate really necessary for this case? Thanks.

    Read the article

  • SSL_CTX_set_cert_verify_callback vs. SSL_CTX_set_verify

    - by BreakPoint
    Hello, Can anyone tell me what is the difference between SSL_CTX_set_cert_verify_callback and SSL_CTX_set_verify? From OpenSSL docs: SSL_CTX_set_cert_verify_callback() sets the verification callback function for ctx. SSL objects that are created from ctx inherit the setting valid at the time when SSL_new(3) is called. and: SSL_CTX_set_verify() sets the verification flags for ctx to be mode and specifies the verify_callback function to be used. If no callback function shall be specified, the NULL pointer can be used for verify_callback. So I'm trying to understand which callback to send for each one (from client side). Thanks experts.

    Read the article

  • OpenSSL in C++ email client - server closes connection with TLSv1 Alert message

    - by mice
    My app connects to a IMAP email server. One client configured his server to reject SSLv2 certificates, and now my app fails to connect to the server. All other email clients connect to this server successfully. My app uses openssl. I debugged by creating minimal openssl client and attempt to connect to the server. Below is the code with connects to the mail server (using Windows sockets, but same problem is with unix sockets). Server sends its initial IMAP greeting message, but after client sends 1st command, server closes connection. In Wireshark, I see that after sending command to server, it returns TLSv1 error message 21 (Encrypted Alert) and connection is gone. I'm looking for proper setup of OpenSSL for this connection to succeed. Thanks #include <stdio.h> #include <memory.h> #include <errno.h> #include <sys/types.h> #include <winsock2.h> #include <openssl/crypto.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/err.h> #define CHK_NULL(x) if((x)==NULL) exit(1) #define CHK_ERR(err,s) if((err)==-1) { perror(s); exit(1); } #define CHK_SSL(err) if((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } SSL *ssl; char buf[4096]; void write(const char *s){ int err = SSL_write(ssl, s, strlen(s)); printf("> %s\n", s); CHK_SSL(err); } void read(){ int n = SSL_read(ssl, buf, sizeof(buf) - 1); CHK_SSL(n); if(n==0){ printf("Finished\n"); exit(1); } buf[n] = 0; printf("%s\n", buf); } void main(){ int err=0; SSLeay_add_ssl_algorithms(); SSL_METHOD *meth = SSLv23_client_method(); SSL_load_error_strings(); SSL_CTX *ctx = SSL_CTX_new(meth); CHK_NULL(ctx); WSADATA data; WSAStartup(0x202, &data); int sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); CHK_ERR(sd, "socket"); struct sockaddr_in sa; memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr("195.137.27.14"); sa.sin_port = htons(993); err = connect(sd,(struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); /* ----------------------------------------------- */ /* Now we have TCP connection. Start SSL negotiation. */ ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd(ssl, sd); err = SSL_connect(ssl); CHK_SSL(err); // Following two steps are optional and not required for data exchange to be successful. /* printf("SSL connection using %s\n", SSL_get_cipher(ssl)); X509 *server_cert = SSL_get_peer_certificate(ssl); CHK_NULL(server_cert); printf("Server certificate:\n"); char *str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); CHK_NULL(str); printf(" subject: %s\n", str); OPENSSL_free(str); str = X509_NAME_oneline(X509_get_issuer_name (server_cert),0,0); CHK_NULL(str); printf(" issuer: %s\n", str); OPENSSL_free(str); // We could do all sorts of certificate verification stuff here before deallocating the certificate. X509_free(server_cert); */ printf("\n\n"); read(); // get initial IMAP greeting write("1 CAPABILITY\r\n"); // send 1st command read(); // get reply to cmd; server closes connection here write("2 LOGIN a b\r\n"); read(); SSL_shutdown(ssl); closesocket(sd); SSL_free(ssl); SSL_CTX_free(ctx); }

    Read the article

  • how to emulate thread local storage at user space in C++ ?

    - by vprajan
    I am working on a mobile platform over Nucleus RTOS. It uses Nucleus Threading system but it doesn't have support for explicit thread local storage i.e, TlsAlloc, TlsSetValue, TlsGetValue, TlsFree APIs. The platform doesn't have user space pthreads as well. I found that __thread storage modifier is present in most of the C++ compilers. But i don't know how to make it work for my kind of usage. How does __thread keyword can be mapped with explicit thread local storage? I read many articles but nothing is so clear for giving me the following basic information will __thread variable different for each thread ? How to write to that and read from it ? does each thread has exactly one copy of the variable ? following is the pthread based implementation: pthread_key_t m_key; struct Data : Noncopyable { Data(T* value, void* owner) : value(value), owner(owner) {} int* value; }; inline ThreadSpecific() { int error = pthread_key_create(&m_key, destroy); if (error) CRASH(); } inline ~ThreadSpecific() { pthread_key_delete(m_key); // Does not invoke destructor functions. } inline T* get() { Data* data = static_cast<Data*>(pthread_getspecific(m_key)); return data ? data->value : 0; } inline void set(T* ptr) { ASSERT(!get()); pthread_setspecific(m_key, new Data(ptr, this)); } How to make the above code use __thread way to set & get specific value ? where/when does the create & delete happen? If this is not possible, how to write custom pthread_setspecific, pthread_getspecific kind of APIs. I tried using a C++ global map and index it uniquely for each thread and retrieved data from it. But it didn't work well.

    Read the article

  • OpenSSL 1.0: Remove Elliptic Curves Extension

    - by rursw1
    Hi, Is there any way to remove the elliptic curves extension - elliptic_curves and ec_point_formats? (Via function like SSL_CTX_set_options with SSL_OP_NO_TICKET for the SessionTicket extension, or by conditional compilation, or something else that works...) Thank you in advance!

    Read the article

  • Can't connect to certain HTTPS sites

    - by mind.blank
    I've just moved to a new apartment and with internet connection via a router and I'm finding that I can't connect to quite a few sites that use SSL. For example trying to connect to PayPal: curl -v https://paypal.com * About to connect() to paypal.com port 443 (#0) * Trying 66.211.169.3... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to paypal.com:443 * Closing connection #0 curl: (35) Unknown SSL protocol error in connection to paypal.com:443 curl -v -ssl https://paypal.com gives the same output. For some sites it works: curl -v https://www.google.com * About to connect() to www.google.com port 443 (#0) * Trying 74.125.235.112... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-RC4-SHA * Server certificate: * subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com * start date: 2011-10-26 00:00:00 GMT * expire date: 2013-09-30 23:59:59 GMT * common name: www.google.com (matched) * issuer: C=ZA; O=Thawte Consulting (Pty) Ltd.; CN=Thawte SGC CA * SSL certificate verify ok. > GET / HTTP/1.1 > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 > Host: www.google.com > Accept: */* > < HTTP/1.1 302 Found < Location: https://www.google.co.jp/ . . . I'm using Ubuntu 12.04, with Windows 7 installed as well. These sites work on Windows :( Not sure if this information helps but I ran ifconfig and got the following: eth0 Link encap:Ethernet HWaddr 1c:c1:de:bc:e2:4f inet6 addr: 2408:c3:7fff:991:686b:8d18:81b3:8dd1/64 Scope:Global inet6 addr: 2408:c3:7fff:991:1ec1:deff:febc:e24f/64 Scope:Global inet6 addr: fe80::1ec1:deff:febc:e24f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:87075 errors:0 dropped:0 overruns:0 frame:0 TX packets:54522 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:78167937 (78.1 MB) TX bytes:10016891 (10.0 MB) Interrupt:46 Base address:0x4000 eth1 Link encap:Ethernet HWaddr ac:81:12:0d:93:80 inet6 addr: fe80::ae81:12ff:fe0d:9380/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:498 TX packets:0 errors:26 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:17 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:630 errors:0 dropped:0 overruns:0 frame:0 TX packets:630 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:39592 (39.5 KB) TX bytes:39592 (39.5 KB) ppp0 Link encap:Point-to-Point Protocol inet addr:180.57.228.200 P-t-P:118.23.8.175 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:39631 errors:0 dropped:0 overruns:0 frame:0 TX packets:22391 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:43462054 (43.4 MB) TX bytes:2834628 (2.8 MB)

    Read the article

  • Why isn't SSL/TLS built into modern Operating Systems?

    - by Channel72
    A lot of the basic network protocols that make up the infrastructure of the Internet are built in to most major Operating Systems. Things like TCP, UDP, and DNS are all built into Linux, UNIX and Windows, and are made available to the programmer through low-level system APIs. But when it comes to SSL or TLS, one has to turn to a third-party library such as OpenSSL or Mozilla NSS. SSL is a relatively old protocol, and it's basically an industry standard as ubiquitous as TCP/IP, so why isn't it built into most Operating Systems?

    Read the article

  • Openvpn plugin openvpn-auth-ldap does not bind to Active Directory

    - by Selivanov Pavel
    I'm trying to configure OpenVPN with openvpn-auth-ldap plugin to authorize users via Active Directory LDAP. When I use the same server config without plugin option, and add client config with generated client key and cert, connection is successful, so problem is in the plugin. server.conf: plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn-test/openvpn-auth-ldap.conf" port 1194 proto tcp dev tun keepalive 10 60 topology subnet server 10.0.2.0 255.255.255.0 tls-server ca ca.crt dh dh1024.pem cert server.crt key server.key #crl-verify crl.pem persist-key persist-tun user nobody group nogroup verb 3 mute 20 openvpn-auth-ldap.conf: <LDAP> URL ldap://dc1.domain:389 TLSEnable no BindDN cn=bot_auth,cn=Users,dc=domain Password bot_auth Timeout 15 FollowReferrals yes </LDAP> <Authorization> BaseDN "cn=Users,dc=domain" SearchFilter "(sAMAccountName=%u)" RequireGroup false # <Group> # BaseDN "ou=groups,dc=mycompany,dc=local" # SearchFilter "(|(cn=developers)(cn=artists))" # MemberAttribute uniqueMember # </Group> </Authorization> Top-level domain in AD is used by historical reasons. Analogue configuration is working for Apache 2.2 in mod-authzn-ldap. User and password are correct. client.conf: remote server_name port 1194 proto tcp client pull remote-cert-tls server dev tun resolv-retry infinite nobind ca ca.crt ; with keys - works fine #cert test.crt #key test.key ; without keys - by password auth-user-pass persist-tun verb 3 mute 20 In server log there is string PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-auth-ldap.so '[/usr/lib/openvpn/openvpn-auth-ldap.so] [/etc/openvpn-test/openvpn-auth-ldap.conf]' which indicates, that plugin failed. I can telnet to dc1.domain:389, so this is not network/firewall problem. Later server says TLS Error: TLS object -> incoming plaintext read error TLS handshake failed - without plugin it tryes to do usal key authentification. server log: Tue Nov 22 03:06:20 2011 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 21 2010 Tue Nov 22 03:06:20 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Nov 22 03:06:20 2011 PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-auth-ldap.so '[/usr/lib/openvpn/openvpn-auth-ldap.so] [/etc/openvpn-test/openvpn-auth-ldap.conf]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT Tue Nov 22 03:06:20 2011 Diffie-Hellman initialized with 1024 bit key Tue Nov 22 03:06:20 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted> Tue Nov 22 03:06:20 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Nov 22 03:06:20 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:20 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:20 2011 TLS-Auth MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Nov 22 03:06:20 2011 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue Nov 22 03:06:20 2011 TUN/TAP device tun1 opened Tue Nov 22 03:06:20 2011 TUN/TAP TX queue length set to 100 Tue Nov 22 03:06:20 2011 /sbin/ifconfig tun1 10.0.2.1 netmask 255.255.255.0 mtu 1500 broadcast 10.0.2.255 Tue Nov 22 03:06:20 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Nov 22 03:06:20 2011 GID set to nogroup Tue Nov 22 03:06:20 2011 UID set to nobody Tue Nov 22 03:06:20 2011 Listening for incoming TCP connection on [undef] Tue Nov 22 03:06:20 2011 TCPv4_SERVER link local (bound): [undef] Tue Nov 22 03:06:20 2011 TCPv4_SERVER link remote: [undef] Tue Nov 22 03:06:20 2011 MULTI: multi_init called, r=256 v=256 Tue Nov 22 03:06:20 2011 IFCONFIG POOL: base=10.0.2.2 size=252 Tue Nov 22 03:06:20 2011 MULTI: TCP INIT maxclients=1024 maxevents=1028 Tue Nov 22 03:06:20 2011 Initialization Sequence Completed Tue Nov 22 03:07:10 2011 MULTI: multi_create_instance called Tue Nov 22 03:07:10 2011 Re-using SSL/TLS context Tue Nov 22 03:07:10 2011 Control Channel MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Nov 22 03:07:10 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Nov 22 03:07:10 2011 Local Options hash (VER=V4): 'c413e92e' Tue Nov 22 03:07:10 2011 Expected Remote Options hash (VER=V4): 'd8421bb0' Tue Nov 22 03:07:10 2011 TCP connection established with [AF_INET]10.0.0.9:47808 Tue Nov 22 03:07:10 2011 TCPv4_SERVER link local: [undef] Tue Nov 22 03:07:10 2011 TCPv4_SERVER link remote: [AF_INET]10.0.0.9:47808 Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS: Initial packet from [AF_INET]10.0.0.9:47808, sid=a2cd4052 84b47108 Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS Error: TLS object -> incoming plaintext read error Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS Error: TLS handshake failed Tue Nov 22 03:07:11 2011 10.0.0.9:47808 Fatal TLS error (check_tls_errors_co), restarting Tue Nov 22 03:07:11 2011 10.0.0.9:47808 SIGUSR1[soft,tls-error] received, client-instance restarting Tue Nov 22 03:07:11 2011 TCP/UDP: Closing socket client log: Tue Nov 22 03:06:18 2011 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010 Enter Auth Username:user Enter Auth Password: Tue Nov 22 03:06:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Nov 22 03:06:25 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Nov 22 03:06:25 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:25 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:25 2011 Control Channel MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Nov 22 03:06:25 2011 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue Nov 22 03:06:25 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Nov 22 03:06:25 2011 Local Options hash (VER=V4): 'd8421bb0' Tue Nov 22 03:06:25 2011 Expected Remote Options hash (VER=V4): 'c413e92e' Tue Nov 22 03:06:25 2011 Attempting to establish TCP connection with [AF_INET]10.0.0.2:1194 [nonblock] Tue Nov 22 03:06:26 2011 TCP connection established with [AF_INET]10.0.0.2:1194 Tue Nov 22 03:06:26 2011 TCPv4_CLIENT link local: [undef] Tue Nov 22 03:06:26 2011 TCPv4_CLIENT link remote: [AF_INET]10.0.0.2:1194 Tue Nov 22 03:06:26 2011 TLS: Initial packet from [AF_INET]10.0.0.2:1194, sid=7a3c2a0f bd35bca7 Tue Nov 22 03:06:26 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Nov 22 03:06:26 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/[email protected] Tue Nov 22 03:06:26 2011 Validating certificate key usage Tue Nov 22 03:06:26 2011 ++ Certificate has key usage 00a0, expects 00a0 Tue Nov 22 03:06:26 2011 VERIFY KU OK Tue Nov 22 03:06:26 2011 Validating certificate extended key usage Tue Nov 22 03:06:26 2011 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Nov 22 03:06:26 2011 VERIFY EKU OK Tue Nov 22 03:06:26 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/[email protected] Tue Nov 22 03:06:26 2011 Connection reset, restarting [0] Tue Nov 22 03:06:26 2011 TCP/UDP: Closing socket Tue Nov 22 03:06:26 2011 SIGUSR1[soft,connection-reset] received, process restarting Tue Nov 22 03:06:26 2011 Restart pause, 5 second(s) ^CTue Nov 22 03:06:27 2011 SIGINT[hard,init_instance] received, process exiting Does anybody know how to get openvpn-auth-ldap wirking?

    Read the article

  • Using curl -s in *nix command line not working for some reason

    - by JM4
    I am trying to install composer (though to be honest I really have no idea how it fully works and documentation seems to be quite poor) on my MediaTemple DV machine. I am using their [instructions][1] Trying to install globally using: $ curl -s https://getcomposer.org/installer | php My command line (again using putty and logged into my server as root) thinks for a second, then sets up for next prompt. I run a simple ls -l to check for the file it should have downloaded with no luck. Any idea what could be causing the issue? I have tested and do in fact have curl installed. UPDATE 1 Based on the first answer, the verbose response is: > $ curl -vs https://getcomposer.org/installer | php > * About to connect() to getcomposer.org port 443 > * Trying 37.59.4.156... connected > * Connected to getcomposer.org (37.59.4.156) port 443 > * successfully set certificate verify locations: > * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none > * SSLv2, Client hello (1): SSLv3, TLS handshake, Server hello (2): SSLv3, TLS handshake, CERT (11): SSLv3, TLS handshake, Server key > exchange (12): SSLv3, TLS handshake, Server finished (14): SSLv3, TLS > handshake, Client key exchange (16): SSLv3, TLS change cipher, Client > hello (1): SSLv3, TLS handshake, Finished (20): SSLv3, TLS change > cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSL > connection using DHE-RSA-AES256-SHA > * Server certificate: > * subject: /C=CH/CN=dl.packagist.org/[email protected] > * start date: 2012-07-07 23:25:35 GMT > * expire date: 2013-07-10 02:55:12 GMT > * SSL: certificate subject name 'dl.packagist.org' does not match target host name 'getcomposer.org' > * Closing connection #0 > * SSLv3, TLS alert, Client hello (1): > > > [1]: http://getcomposer.org/doc/00-intro.md

    Read the article

  • SSL authentication error: RemoteCertificateChainErrors on ASP.NET on Ubuntu

    - by Frank Krueger
    I am trying to access Gmail's SMTP service from an ASP.NET MVC site running under Mono 2.4.2.3. But I keep getting this error: System.InvalidOperationException: SSL authentication error: RemoteCertificateChainErrors at System.Net.Mail.SmtpClient.m__3 (System.Object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, SslPolicyErrors sslPolicyErrors) [0x00000] at System.Net.Security.SslStream+c__AnonStorey9.m__9 (System.Security.Cryptography.X509Certificates.X509Certificate cert, System.Int32[] certErrors) [0x00000] at Mono.Security.Protocol.Tls.SslClientStream.OnRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] at Mono.Security.Protocol.Tls.SslStreamBase.RaiseRemoteCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] errors) [0x00000] at Mono.Security.Protocol.Tls.SslClientStream.RaiseServerCertificateValidation (System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Int32[] certificateErrors) [0x00000] at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000] at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00000] at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] at (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process () at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] I have installed certificates using: certmgr -ssl -m smtps://smtp.gmail.com:465 with this output: Mono Certificate Manager - version 2.4.2.3 Manage X.509 certificates and CRL from stores. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed. X.509 Certificate v3 Issued from: C=US, O=Equifax, OU=Equifax Secure Certificate Authority Issued to: C=US, O=Google Inc, CN=Google Internet Authority Valid from: 06/08/2009 20:43:27 Valid until: 06/07/2013 19:43:27 *** WARNING: Certificate signature is INVALID *** Import this certificate into the CA store ?yes X.509 Certificate v3 Issued from: C=US, O=Google Inc, CN=Google Internet Authority Issued to: C=US, S=California, L=Mountain View, O=Google Inc, CN=smtp.gmail.com Valid from: 04/22/2010 20:02:45 Valid until: 04/22/2011 20:12:45 Import this certificate into the AddressBook store ?yes 2 certificates added to the stores. In fact, this worked for a month but mysteriously stopped working on May 5. I installed these new certs today, but I am still getting these errors.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >