Displaying 20 results from an estimated 72 matches for "capath".
2020 Jan 17
1
[PATCH nbdkit] Add cainfo and capath options to curl plugin
This change adds cainfo and capath options to the curl plugin.
They refer directly to CURLOPT_CAINFO and CURLOPT_CAPATH, as documented
in libcurl.
Signed-off-by: Wiktor GoĊgowski <wiktor.golgowski@linux.intel.com>
---
plugins/curl/curl.c | 16 ++++++++++++++++
plugins/curl/nbdkit-curl-plugin.pod | 9 ++++++++...
2017 Feb 06
0
Fwd: issue
...g CRAN incoming feasibility ...* Trying 172.23.0.30...
* TCP_NODELAY set
* Connected to (nil) (172.23.0.30) port 8080 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@
STRENGTH
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Curl_http_done: called premature == 0
* Closing connection 0
* Trying 172.23.0.30...
* TCP_NODELAY set
* Connected to (nil) (172.23.0.30) port 8080 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPOR...
2016 Nov 10
2
service doveadm : ssl problems
...ved invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com
> doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com
Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) :
> (...)
> Verify return code: 21 (unable to verify the first certificate)
Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA).
While testing regular IMAP...
2015 Jul 27
2
LMPT SSL
...015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS
connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
I checked certs by openssl s_client:
#openssl s_client -connect localhost:24 -showcerts -starttls smtp
-CApath /etc/ssl/certs/
And I gets
didn't found starttls in server response, try anyway...
depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15,
OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
verify error:num=20:unable to get local issuer certificate
verify retu...
2018 Jul 20
4
autogenerated self-signed certificate problem
...use autogenerated self-signed certificate, i write in smb this:
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
without cafile
when i try to verify with:
openssl verify /usr/local/samba/private/tls/myCert.pem
it said me unable to verify the first certificate
and if add -CApath works!
and finally when i try from another dc with
openssl s_client -showcerts -connect dc1.samdom.example.com:636
it said me unable to verify the fisrt certificate.
i need add cafile in smb?
what is worng?
2011 Feb 04
2
All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0
...stats:~$ curl -vI https://graph.facebook.com
> * About to connect() to graph.facebook.com port 443 (#0)
> * Trying 69.63.181.58... connected
> * Connected to graph.facebook.com (69.63.181.58) port 443 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
Hangs for 2 minutes...
> * Unknown SSL protocol error in connection to graph.facebook.com:443
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to graph.facebook.com:443
But the same request wo...
2015 Jul 27
0
LMPT SSL
...33+02:00 k30 postfix/lmtp[4572]: Untrusted TLS
> connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with
> cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
> I checked certs by openssl s_client:
> #openssl s_client -connect localhost:24 -showcerts -starttls smtp -CApath
> /etc/ssl/certs/
>
> And I gets
>
> didn't found starttls in server response, try anyway...
> depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU =
> Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
> verify error:num=20:unable to g...
2013 Jul 08
0
"error setting certificate" issue in R-studio
Hi all,
I'm a newbie to R and I can't figure out how to fix this error I keep getting in R-studio:
> "error setting certificate verify locations:\n CAfile: \n CApath: none\n"
Error in twInterfaceObj$doAPICall(cmd,params,"GET",...) :
Error: error setting certificate verify locations:
CAfile:
CApath: none
I'm trying to use the twitteR package to gather tweets from the below
function. It was working fine before, but I can't find a way to...
2016 Nov 10
0
service doveadm : ssl problems
...L certificate: unable to get local issuer certificate: /CN=my.domain.com
>> doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com
>
> Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) :
>> (...)
>> Verify return code: 21 (unable to verify the first certificate)
> Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA).
>
> Whi...
2008 Dec 16
3
Patch for OpenSSH for Windows to allow authentication through certificates
Hi all,
Does anyone know if it exists a patch for OpenSSH for Windows to allow
authentication through certificates?
Is it possible to make one if it doesn't exists?
Using OpenSSH for Windows 3.8p1-1 20040709 Build.
I know there is Roumen Petrov patch, but is for unix machines if i'm
not mistaken.
I need a similar one for Windows that work with the Roumen Petrov
patch so i can have
2014 Oct 18
0
curl: (35) Cannot communicate securely with peer:
...: length: 1
* - Conn 0 (0x6bea60) send_pipe: 1, recv_pipe: 0
* About to connect() to www.kraxel.org port 443 (#0)
* Trying 217.197.83.6...
* Connected to www.kraxel.org (217.197.83.6) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption
algorithm(s).
* Error in TLS handshake, trying SSLv3...
> GET /repos/jenkins/repodata/repomd.xml HTTP/1.1
> User-Agent: curl/7.32.0
> Host: www.kraxel.org
> Accept: */*
&...
2020 Jul 20
1
Re: [PATCH nbdkit v2] curl: Implement header and cookie scripts.
...nt then Curl is very old.
> @@ -61,24 +63,29 @@
> #endif
> #endif
>
> -static const char *url = NULL; /* required */
> +/* Plugin configuration. */
> +const char *url = NULL; /* required */
>
> -static const char *cainfo = NULL;
> -static const char *capath = NULL;
> -static char *cookie = NULL;
> -static struct curl_slist *headers = NULL;
> -static char *password = NULL;
> -static long protocols = CURLPROTO_ALL;
> -static const char *proxy = NULL;
> -static char *proxy_password = NULL;
> -static const char *proxy_user = NULL;
>...
2014 Jul 29
0
PAM and YubiKeys
...)] ldap_uri=(null)
[../pam_yubico.c:parse_cfg(775)] ldapdn=(null)
[../pam_yubico.c:parse_cfg(776)] user_attr=(null)
[../pam_yubico.c:parse_cfg(777)] yubi_attr=(null)
[../pam_yubico.c:parse_cfg(778)] yubi_attr_prefix=(null)
[../pam_yubico.c:parse_cfg(779)] url=(null)
[../pam_yubico.c:parse_cfg(780)] capath=(null)
[../pam_yubico.c:parse_cfg(781)] token_id_length=12
[../pam_yubico.c:parse_cfg(782)] mode=client
[../pam_yubico.c:parse_cfg(783)] chalresp_path=(null)
[../pam_yubico.c:pam_sm_authenticate(823)] get user returned: jack
[../pam_yubico.c:pam_sm_authenticate(929)] conv returned 44 bytes
[../pam_...
2015 Feb 10
0
ldap start_tls to microsoft active directory
...between the tls implementation on the MS server and
the unix machine.
The other possibility is that samba is somehow still not finding the CA
cert for the server. I'm not sure what else to try on that front.
Some output from s_client that might be of interest:
A failure:
openssl s_client -CApath /usr/local/openssl/certs/ -connect
engr-dc2.ad.engr.wisc.edu:389
CONNECTED(00000003)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 321 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT suppo...
2009 Aug 31
1
mysql error
...cute commands again and again with a sleep between.
--ssl Enable SSL for connection (automatically enabled with
other flags). Disable with --skip-ssl.
--ssl-ca=name CA file in PEM format (check OpenSSL docs, implies
--ssl).
--ssl-capath=name CA directory (check OpenSSL docs, implies --ssl).
--ssl-cert=name X509 cert in PEM format (implies --ssl).
--ssl-cipher=name SSL cipher to use (implies --ssl).
--ssl-key=name X509 key in PEM format (implies --ssl).
--ssl-verify-server-cert
Verify serv...
2020 Jan 22
1
Memory error in the libcurl connection code
...om/src/contrib/Meta/archive.rds")))'
* Trying 13.33.54.118:443...
* TCP_NODELAY set
* Connected to cran.rstudio.com (13.33.54.118) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=cran.rstudio.com
* start date: Jul 24 00:00:00 2019 GMT
* expire date: Aug 24 12:00:00 2020 GMT
* subjectAltName: host "cran.rstudio.com" matched ce...
2020 Mar 30
2
doveadm backup from gmail with imapc
I am trying to backup a gmail account (not the one I am writing from)
to dovecot, using doveadm-backup and imapc, but am having ssl
connection problems.
ted at expectation:~# doveadm backup -D -R -u ted imapc:
dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
74.125.71.108:993 (local 10.7.1.179:53852)
dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected
unexpectedly:
2020 Jul 15
2
[PATCH nbdkit v2] curl: Implement header and cookie scripts.
Evolution of this patch series:
https://www.redhat.com/archives/libguestfs/2020-July/thread.html#00073
Instead of auth-script, this implements header-script and
cookie-script. It can be used for similar purposes but the
implementation is somewhat saner.
Rich.
2015 Jan 28
2
ldap start_tls to microsoft active directory
I have 20+ freebsd 10 samba 4 servers joined to our local microsoft
active directory. At the moment things work well enough. However the
windows administrator wants to tighten his AD security by requiring tls
encrypted ldap.
When I add:
ldap ssl = start_tls
ldap ssl ads = yes
cldap port = 389
the net ads commands fail:
net ads testjoin
Failed to issue the StartTLS instruction: Connect error
2009 Nov 04
2
Certificates Revocation Lists and Apache...
...03:...
...
...:8d
-----BEGIN X509 CRL-----
MIIB...
...
...v40=
-----END X509 CRL-----
I also tried all sorts of verify combos, but all fail:
$ openssl verify -verbose -config openssl.conf -purpose crlsign -crl_check cassl/crl.pem
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
$ openssl verify -verbose -CApath cassl/ -purpose crlsign -crl_check cassl/crl.pem
unable to load certificate
9605:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICA...