Displaying 20 results from an estimated 551 matches for "cafil".
Did you mean:
cafile
2018 Sep 19
1
Re: [PATCH 2/3] v2v: -o rhv-upload: Only set SSL context for https connections.
On Wed, Sep 19, 2018 at 7:24 PM Richard W.M. Jones <rjones@redhat.com>
wrote:
> For real imageio servers the destination will always be https. This
> change has no effect there.
>
> However when testing we want to use an http server for simplicity. As
> there is no cafile in this case the call to
> ssl.create_default_context().load_verify_locations(cafile=...) will fail.
> ---
> v2v/rhv-upload-plugin.py | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py
> index 5c...
2016 Jun 17
3
tlsv1 alert unknown ca: SSL alert number 48
...there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array(
'ssl' => array(
'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
'verify_peer' => true,
'verify_depth' => 3,
// 'cafile' => '/dont/need/to/set/this/option',
),
);
and this one:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
and this one too:
$config['imap_conn_op...
2020 Aug 06
4
Problem with intermediate certificate (tls cafile)
If I were guessing, based on some experience with certificate usage in
other apps, concatenate your certificate and intermediate certificates
into a single file which is then your "tls certfile" then point "tls
cafile" to your issuers proper CA or just to your distro's CA bundle,
e.g /etc/pki/tls/certs/ca-bundle.crt.
Nick
On 06/08/2020 16:36, MAS Jean-Louis via samba wrote:
> Nobody has any clues about the tls cafile ?
>
> Regards
>
> Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a...
2018 Dec 07
2
[PATCH] v2v: -o rhv-upload: Fix upload when using https
Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o
rhv-upload: Only set SSL context for https connections).
---
.gnulib | 2 +-
v2v/rhv-upload-plugin.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gnulib b/.gnulib
index 6ccfbb4ce..646a44e1b 160000
-...
2019 Sep 27
1
[PATCH] v2v: -o rhv-upload: make -oo rhv-cafile optional
It makes little sense to require the oVirt certificate, especially when
the verification of the connection (-oo rhv-verifypeer) is disabled by
default. The only work done with the certificate in that case is
checking that it is a valid certificate file.
Hence, make -oo rhv-cafile optional, requiring it only when
-oo rhv-verifypeer is enabled.
---
v2v/output_rhv_upload.ml | 16 +++++++++-------
v2v/virt-v2v-output-rhv.pod | 2 ++
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/v2v/output_rhv_upload.ml b/v2v/output_rhv_upload.ml
index 24a289169..d0850282...
2020 Jan 16
0
Re: [PATCH v2v] v2v: -o rhv-upload: Make -oo rhv-cafile optional in all cases (RHBZ#1791240).
On Wed, Jan 15, 2020 at 3:01 PM Richard W.M. Jones <rjones@redhat.com>
wrote:
> This is actually not required, because ovirtsdk4 will use the system's
> global trust store if necessary. Therefore we can make it optional in
> all cases.
>
The only way to avoid the cafile is to set insecure=True both when creating
sdk connection
and when connecting to imageio.
Otherwise the system trust store must include the CA used when creating
engine and
vdsm certificates. In development setup this is never true, in production
It may work
if you are lucky.
Nir
---
> docs...
2020 Aug 07
0
Problem with intermediate certificate (tls cafile)
On Thu, August 6, 2020 11:36, MAS Jean-Louis wrote:
> Nobody has any clues about the tls cafile ?
>
> Regards
>
> Le 04/08/2020 ?? 15:18, MAS Jean-Louis via samba a ??crit??:
>> I have several samba servers on Debian 10 all using :
>>
>> samba 2:4.9.5+dfsg-5+deb10u1 amd64
>>
>> I use tls cafile, tls certfile and tls keyfile with certificates...
2020 Aug 10
0
[Solved] Problem with intermediate certificate (tls cafile)
...06/08/2020 ? 17:43, Nick Howitt via samba a ?crit?:
> If I were guessing, based on some experience with certificate usage in
> other apps, concatenate your certificate and intermediate certificates
> into a single file which is then your "tls certfile" then point "tls
> cafile" to your issuers proper CA or just to your distro's CA bundle,
> e.g /etc/pki/tls/certs/ca-bundle.crt.
You're right, on Samba, it works that way
# smb.conf extract
tls cafile = /etc/ssl/certs/Comodo_AAA_Services_root.pem
tls certfile = /etc/ssl/certs/ad-rep2.example.com-certonly+...
2014 May 09
0
Is "tls cafile" ignored when ldap.conf is present?
...r, OpenLDAP and AD started to use different certificate chains, so I
need to tell Samba to use different root CA cert when talking to AD DC.
In ldap.conf I have
tls_reqcert demand
tls_cacert /usr/share/ca-certificates/ca-openldap.crt
In smb.conf I'm trying to add this line to [global]:
tls cafile = /etc/samba/tls/ca-ad.pem
testparm shows that Samba sees this line:
Server role: ROLE_DOMAIN_MEMBER
ldap ssl = start tls
ldap ssl ads = Yes
tls cafile = /etc/samba/tls/ca-ad.pem
However, it doesn't seem to have any effect. Samba still tries to
communicate with AD using ca-openldap.crt
Wh...
2017 Feb 06
0
Fwd: issue
...0.3.0?
* checking CRAN incoming feasibility ...* Trying 172.23.0.30...
* TCP_NODELAY set
* Connected to (nil) (172.23.0.30) port 8080 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@
STRENGTH
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Curl_http_done: called premature == 0
* Closing connection 0
* Trying 172.23.0.30...
* TCP_NODELAY set
* Connected to (nil) (172.23.0.30) port 8080 (#0)
* ALPN, offering http/1.1
* Cipher sele...
2020 Jan 15
3
[PATCH v2v] v2v: -o rhv-upload: Make -oo rhv-cafile optional in all cases (RHBZ#1791240).
...100644
--- a/v2v/output_rhv_upload.ml
+++ b/v2v/output_rhv_upload.ml
@@ -81,8 +81,6 @@ let parse_output_options options =
let rhv_direct = !rhv_direct in
let rhv_verifypeer = !rhv_verifypeer in
let rhv_disk_uuids = Option.map List.rev !rhv_disk_uuids in
- if rhv_verifypeer && rhv_cafile = None then
- error (f_"-o rhv-upload: must use ‘-oo rhv-cafile’ to supply the path to the oVirt or RHV user’s ‘ca.pem’ file");
{ rhv_cafile; rhv_cluster; rhv_direct; rhv_verifypeer; rhv_disk_uuids }
--
2.24.1
2018 Jul 20
4
autogenerated self-signed certificate problem
Hi people,
i have a problem with trying ldaps
i use autogenerated self-signed certificate, i write in smb this:
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
without cafile
when i try to verify with:
openssl verify /usr/local/samba/private/tls/myCert.pem
it said me unable to verify the first certificate
and if add -CApath works!
and finally when i try from another dc with
openssl s_client -showcerts -connect dc1.samdom.example.com:636
it said me unable to verify t...
2020 Aug 06
0
Problem with intermediate certificate (tls cafile)
Nobody has any clues about the tls cafile ?
Regards
Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?:
> I have several samba servers on Debian 10 all using :
>
> samba 2:4.9.5+dfsg-5+deb10u1 amd64
>
> I use tls cafile, tls certfile and tls keyfile with certificates from
> Sectigo (https://cert-manage...
2018 Sep 19
4
[PATCH 0/3] v2v: -o rhv-upload: Add a test.
This adds a test of -o rhv-upload.
Obviously for an upstream test we cannot require a working oVirt
server. This test works by faking the ovirtsdk4 Python module,
setting PYTHONPATH so that the fake module is picked up instead of the
real module (if installed).
However it's more complex than that because the nbdkit plugin also
expects to talk to a working imageio HTTPS server. Therefore
2020 Aug 04
2
Problem with intermediate certificate (tls cafile)
I have several samba servers on Debian 10 all using :
samba 2:4.9.5+dfsg-5+deb10u1 amd64
I use tls cafile, tls certfile and tls keyfile with certificates from
Sectigo (https://cert-manager.com)
And when checking my connexion from the samba server, or from outside,
I've got "unable to verify the first certificate" even if tls_cafile is
provided in smb.conf.
What is wrong ?
# checking m...
2016 Jun 16
4
tlsv1 alert unknown ca: SSL alert number 48
...certificate.
>
> With regards to Roundcube, see this in config/defaults.inc.php:
>
> //$config['imap_conn_options'] = array(
> // 'ssl' => array(
> // 'verify_peer' => true,
> // 'verify_depth' => 3,
> // 'cafile' => '/etc/openssl/certs/ca.crt',
> // ),
> // );
>
>
2018 Dec 07
1
Re: [PATCH] v2v: -o rhv-upload: Fix upload when using https
On Fri, Dec 7, 2018, 10:34 Richard W.M. Jones <rjones@redhat.com wrote:
> On Fri, Dec 07, 2018 at 02:44:21AM +0200, Nir Soffer wrote:
> > Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o
> > rhv-upload: Only set SSL context for https connections).
>
> Ugh yes indeed. Strong typing FTW _again_
"pylint -E" may detect such issues.
...
>
> Will apply shortly, thanks.
>
> Rich.
>
> > ....
2018 Sep 19
0
[PATCH 2/3] v2v: -o rhv-upload: Only set SSL context for https connections.
For real imageio servers the destination will always be https. This
change has no effect there.
However when testing we want to use an http server for simplicity. As
there is no cafile in this case the call to
ssl.create_default_context().load_verify_locations(cafile=...) will fail.
---
v2v/rhv-upload-plugin.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py
index 5cd6d5cab..6e35b5057 100644
--- a/v2...
2018 Sep 20
0
[PATCH v2 2/3] v2v: -o rhv-upload: Only set SSL context for https connections.
For real imageio servers the destination will always be https. This
change has no effect there.
However when testing we want to use an http server for simplicity. As
there is no certificate or cafile in this case the call to create the
context will fail.
This also simplifies creation of the context object and recognizes the
"insecure" flag for connecting to imageio.
Thanks: Nir Soffer.
---
v2v/rhv-upload-plugin.py | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+),...
2018 Dec 07
0
Re: [PATCH] v2v: -o rhv-upload: Fix upload when using https
On Fri, Dec 07, 2018 at 02:44:21AM +0200, Nir Soffer wrote:
> Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o
> rhv-upload: Only set SSL context for https connections).
Ugh yes indeed. Strong typing FTW _again_ ...
Will apply shortly, thanks.
Rich.
> .gnulib | 2 +-
> v2v/rhv-upload-plugin.py | 2 +-
> 2 files changed...