search for: capath

This change adds cainfo and capath options to the curl plugin. They refer directly to CURLOPT_CAINFO and CURLOPT_CAPATH, as documented in libcurl. Signed-off-by: Wiktor Gołgowski <wiktor.golgowski@linux.intel.com> --- plugins/curl/curl.c | 16 ++++++++++++++++ plugins/curl/nbdkit-curl-plugin.pod | 9 ++++++++...

...g CRAN incoming feasibility ...* Trying 172.23.0.30... * TCP_NODELAY set * Connected to (nil) (172.23.0.30) port 8080 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@ STRENGTH * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Curl_http_done: called premature == 0 * Closing connection 0 * Trying 172.23.0.30... * TCP_NODELAY set * Connected to (nil) (172.23.0.30) port 8080 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPOR...

...ved invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com > doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) : > (...) > Verify return code: 21 (unable to verify the first certificate) Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA). While testing regular IMAP...

...015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I checked certs by openssl s_client: #openssl s_client -connect localhost:24 -showcerts -starttls smtp -CApath /etc/ssl/certs/ And I gets didn't found starttls in server response, try anyway... depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl verify error:num=20:unable to get local issuer certificate verify retu...

...use autogenerated self-signed certificate, i write in smb this: tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem without cafile when i try to verify with: openssl verify /usr/local/samba/private/tls/myCert.pem it said me unable to verify the first certificate and if add -CApath works! and finally when i try from another dc with openssl s_client -showcerts -connect dc1.samdom.example.com:636 it said me unable to verify the fisrt certificate. i need add cafile in smb? what is worng?

...stats:~$ curl -vI https://graph.facebook.com > * About to connect() to graph.facebook.com port 443 (#0) > * Trying 69.63.181.58... connected > * Connected to graph.facebook.com (69.63.181.58) port 443 (#0) > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1): Hangs for 2 minutes... > * Unknown SSL protocol error in connection to graph.facebook.com:443 > * Closing connection #0 > curl: (35) Unknown SSL protocol error in connection to graph.facebook.com:443 But the same request wo...

...33+02:00 k30 postfix/lmtp[4572]: Untrusted TLS > connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with > cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > I checked certs by openssl s_client: > #openssl s_client -connect localhost:24 -showcerts -starttls smtp -CApath > /etc/ssl/certs/ > > And I gets > > didn't found starttls in server response, try anyway... > depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU = > Domain Control Validated - RapidSSL(R), CN = mail.active24.pl > verify error:num=20:unable to g...

Hi all, I'm a newbie to R and I can't figure out how to fix this error I keep getting in R-studio: > "error setting certificate verify locations:\n CAfile: \n CApath: none\n" Error in twInterfaceObj$doAPICall(cmd,params,"GET",...) : Error: error setting certificate verify locations: CAfile: CApath: none I'm trying to use the twitteR package to gather tweets from the below function. It was working fine before, but I can't find a way to...

...L certificate: unable to get local issuer certificate: /CN=my.domain.com >> doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com > > Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) : >> (...) >> Verify return code: 21 (unable to verify the first certificate) > Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA). > > Whi...

Hi all, Does anyone know if it exists a patch for OpenSSH for Windows to allow authentication through certificates? Is it possible to make one if it doesn't exists? Using OpenSSH for Windows 3.8p1-1 20040709 Build. I know there is Roumen Petrov patch, but is for unix machines if i'm not mistaken. I need a similar one for Windows that work with the Roumen Petrov patch so i can have

...: length: 1 * - Conn 0 (0x6bea60) send_pipe: 1, recv_pipe: 0 * About to connect() to www.kraxel.org port 443 (#0) * Trying 217.197.83.6... * Connected to www.kraxel.org (217.197.83.6) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP) * Cannot communicate securely with peer: no common encryption algorithm(s). * Error in TLS handshake, trying SSLv3... > GET /repos/jenkins/repodata/repomd.xml HTTP/1.1 > User-Agent: curl/7.32.0 > Host: www.kraxel.org > Accept: */* &...

...nt then Curl is very old. > @@ -61,24 +63,29 @@ > #endif > #endif > > -static const char *url = NULL; /* required */ > +/* Plugin configuration. */ > +const char *url = NULL; /* required */ > > -static const char *cainfo = NULL; > -static const char *capath = NULL; > -static char *cookie = NULL; > -static struct curl_slist *headers = NULL; > -static char *password = NULL; > -static long protocols = CURLPROTO_ALL; > -static const char *proxy = NULL; > -static char *proxy_password = NULL; > -static const char *proxy_user = NULL; &gt...

...)] ldap_uri=(null) [../pam_yubico.c:parse_cfg(775)] ldapdn=(null) [../pam_yubico.c:parse_cfg(776)] user_attr=(null) [../pam_yubico.c:parse_cfg(777)] yubi_attr=(null) [../pam_yubico.c:parse_cfg(778)] yubi_attr_prefix=(null) [../pam_yubico.c:parse_cfg(779)] url=(null) [../pam_yubico.c:parse_cfg(780)] capath=(null) [../pam_yubico.c:parse_cfg(781)] token_id_length=12 [../pam_yubico.c:parse_cfg(782)] mode=client [../pam_yubico.c:parse_cfg(783)] chalresp_path=(null) [../pam_yubico.c:pam_sm_authenticate(823)] get user returned: jack [../pam_yubico.c:pam_sm_authenticate(929)] conv returned 44 bytes [../pam_...

...between the tls implementation on the MS server and the unix machine. The other possibility is that samba is somehow still not finding the CA cert for the server. I'm not sure what else to try on that front. Some output from s_client that might be of interest: A failure: openssl s_client -CApath /usr/local/openssl/certs/ -connect engr-dc2.ad.engr.wisc.edu:389 CONNECTED(00000003) write:errno=54 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 321 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT suppo...

...cute commands again and again with a sleep between. --ssl Enable SSL for connection (automatically enabled with other flags). Disable with --skip-ssl. --ssl-ca=name CA file in PEM format (check OpenSSL docs, implies --ssl). --ssl-capath=name CA directory (check OpenSSL docs, implies --ssl). --ssl-cert=name X509 cert in PEM format (implies --ssl). --ssl-cipher=name SSL cipher to use (implies --ssl). --ssl-key=name X509 key in PEM format (implies --ssl). --ssl-verify-server-cert Verify serv...

...om/src/contrib/Meta/archive.rds")))' * Trying 13.33.54.118:443... * TCP_NODELAY set * Connected to cran.rstudio.com (13.33.54.118) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=cran.rstudio.com * start date: Jul 24 00:00:00 2019 GMT * expire date: Aug 24 12:00:00 2020 GMT * subjectAltName: host "cran.rstudio.com" matched ce...

I am trying to backup a gmail account (not the one I am writing from) to dovecot, using doveadm-backup and imapc, but am having ssl connection problems. ted at expectation:~# doveadm backup -D -R -u ted imapc: dsync(ted): Info: imapc(imap.gmail.com:993): Connected to 74.125.71.108:993 (local 10.7.1.179:53852) dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected unexpectedly:

Evolution of this patch series: https://www.redhat.com/archives/libguestfs/2020-July/thread.html#00073 Instead of auth-script, this implements header-script and cookie-script. It can be used for similar purposes but the implementation is somewhat saner. Rich.

I have 20+ freebsd 10 samba 4 servers joined to our local microsoft active directory. At the moment things work well enough. However the windows administrator wants to tighten his AD security by requiring tls encrypted ldap. When I add: ldap ssl = start_tls ldap ssl ads = yes cldap port = 389 the net ads commands fail: net ads testjoin Failed to issue the StartTLS instruction: Connect error

...03:... ... ...:8d -----BEGIN X509 CRL----- MIIB... ... ...v40= -----END X509 CRL----- I also tried all sorts of verify combos, but all fail: $ openssl verify -verbose -config openssl.conf -purpose crlsign -crl_check cassl/crl.pem usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ... $ openssl verify -verbose -CApath cassl/ -purpose crlsign -crl_check cassl/crl.pem unable to load certificate 9605:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICA...