search for: tls

.../docs/nbdkit.pod.in index 42e6e6b..80d1ecd 100644 --- a/docs/nbdkit.pod.in +++ b/docs/nbdkit.pod.in @@ -11,7 +11,7 @@ nbdkit - A toolkit for creating NBD servers [--newstyle] [--oldstyle] [-P PIDFILE] [-p PORT] [-r] [--run CMD] [-s] [--selinux-label LABEL] [-t THREADS] [--tls=off|on|require] [--tls-certificates /path/to/certificates] - [--tls-verify-peer] + [--tls-psk /path/to/pskfile] [--tls-verify-peer] [-U SOCKET] [-u USER] [-v] [-V] PLUGIN [key=value [key=value [...]]] @@ -288,6 +288,12 @@ support). See L</TLS> below. Set th...

...n number without worrying about what comes after the number. Signed-off-by: Eric Blake <eblake@redhat.com> --- We could still use jq if desired, but it was easy enough to let these tests pass instead of skip when jq is not present. tests/test-ip.sh | 10 ++++++---- tests/test-nbd-tls-psk.sh | 6 +++--- tests/test-nbd-tls.sh | 6 +++--- tests/test-tls-psk.sh | 7 +++---- tests/test-tls.sh | 7 +++---- tests/test-truncate3.sh | 4 ++-- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/test-ip.sh b/tests/test-ip.sh index 636d3d3f..5a00a2...

v2: * Improved documentation. * Added a test (interop with qemu client).

This is ready for review but needs a bit more real-world testing before I'd be happy about it going upstream. It also needs tests. It does interoperate with qemu, at least in my limited tests. Rich.

...and we already depend on jq elsewhere in the testsuite. But since I'd already got this written up, I'm at least posting it (if nothing else, to have a list archive to point to when someone else complains about qemu-img changing output). tests/test-ip.sh | 4 ++-- tests/test-nbd-tls-psk.sh | 2 +- tests/test-nbd-tls.sh | 2 +- tests/test-tls-psk.sh | 2 +- tests/test-tls.sh | 2 +- tests/test-truncate3.sh | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/test-ip.sh b/tests/test-ip.sh index 636d3d3f..60f2e066 100755 --- a/tests/test-...

When we moved to an enum instead of raw int for nbd_set_tls(), we should have also updated our code to prefer the enum values. While at it, improve the grammar of error messages (confusing since 632196ec, and copy-and-pasted into more locations since then). Fixes: 4488cf2a Thanks: Rich Jones --- Rich noticed this while reviewing the patch for today's...

Hi, I using openldap 2.0.23 and samba 2.2.4 on a Redhat 7.2 Linux distrib. I've compiled with ldap support dans It works fine in clear mode. I've configured unix auth. in order to use ldap on TLS mode, and it works also. When I try to use TLS more (or SSL on 636), it doesn't work. LDAP doesn't seem to have an error (see logs below), but samba tells "Failed to issue the StartTLS instruction: Connect error". Any idea??? Have I to use the "--with-ssl" option? It...

Hi Samba 4 git from 1 hour ago. openSUSE 12.1 make fails: [ 976/3909] Compiling source4/lib/tls/tls.c ../source4/lib/tls/tls.c: In function ?tls_init_server?: ../source4/lib/tls/tls.c:508:2: error: implicit declaration of function ?gnutls_transport_set_lowat? [-Werror=implicit-function-declaration] ../source4/lib/tls/tls.c: In function ?tls_init_client?: ../source4/lib/tls/tls.c:569:2: warni...

I was a little surprised to find that LIBNBD_TLS_ALLOW worked out of the box, so I had to examine the logs whereupon I saw the magic message ... libnbd: debug: nbd1: nbd_connect_command: server refused TLS (policy), continuing with unencrypted connection I don't believe this path has ever been tested before. It's possible the tests c...

We're still seeing sporadic failures of 'nbdkit nbd tls=', and I'm still trying to come up with a root cause fix (it may involve smarter use of gnutls_bye() in libnbd). In the meantime, here's what we know: when the hang/failure happens, the 'nbdkit nbd tls=' client process is stuck in a poll() waiting to see EOF from the server, wh...

Hey folks, I've been experimenting with native NBD live migration w/ TLS and have a couple of questions. 1) It appears that in some cases modified default_tls_x509_cert_dir from qemu.conf is not respected, seems like virsh always expects a default location and does not check default_tls_x509_cert_dir: virsh # migrate vm1 qemu+tls://ratchet.lan/system --live --persiste...

...h -x -D "cn=user,ou=users,dc=dc,dc=local" -p 636 -h PDC -b "DC=dc,DC=local" -w pass output: ldap_result: Can't contact LDAP server (-1) ldapsearch -x -D "cn=user,ou=users,dc=dc,dc=local" -p 636 -h PDC -b "DC=dc,DC=local" -w pass -Z output: ldap_start_tls: Can't contact LDAP server (-1) ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ldapsearch -x -D "cn=user,ou=users,dc=dc,dc=local" -p 636 -h PDC -b "DC=dc,DC=local" -w pass -ZZ output: ldap_start_tls: Can't contact LDAP server (-1) openssl s_client -conn...

-------- Original-Nachricht -------- Betreff: STARTTLS bug - background story Datum: Mon, 7 Mar 2011 15:08:09 -0500 (EST) Von: Wietse Venema <wietse at porcupine.org> An: Postfix users <postfix-users at postfix.org> CERT/CC announces a flaw today in multiple STARTTLS implementations. This problem was silently fixed in Postfix 2.8 and 2.9....

Test both the TLS enabled and fallback paths. nbd-server doesn't appear to support TLS at all, and qemu-nbd is known not to allow fallback to unencrypted, and therefore it only makes sense to test nbdkit at the moment. --- .gitignore | 4 ++++ TODO | 3 --- interop/Makefile.am | 54 ++...

Hi, until now I have run Xen with /lib/tls out of the way for both dom0 and domU''s, but now I''m trying to install OpenLDAP in a domU, which requires TLS as default. So now I have at least three options ahead of me: 1. mv /lib/tls.disabled back to /lib/tls and accept the performance penalty (is there any documentation o...

Hi, Recently we have added 4.10.7 as additional dc, to our existing 4.4.5 samba AD DC, comparing output testparm I have detected that 4.4.5 has map readonly = no store dos attributes = Yes but 4.10.7 doesn't have Also compared smb.conf and both has the same configuration. Is this correct? Are required this configurations on 4.10.7? In a few day I want to upgrade this 4.4.5

...<samba at lists.samba.org> wrote: >> I'm working to put up a production FeeeNAS box tied to Samba/AD for >> authentication for users connecting to the FreeNAS share(s). In >> joining FreeNAS to the AD domain, one immediately runs into >> "problems" with TLS/encryption. RPvs> I do not know why, by default you will be using NTLM for authentication. The user and group queries, as best I can tell, from the FreeNAS box are occurring via LDAP. And the samba default, at least with the package provided with Ubunti 18.04 requires TLS for LDAP. I haven...

...ed. I'm wondering if there are any performance issues with having a single process handle so many connections. It seems fine (system load is actually lower than with service_count = 1), but I thought I'd ask. /usr/sbin/dovecot \_ dovecot/imap-login \_ dovecot/imap-login [1 connections (1 TLS)] \_ dovecot/imap-login \_ dovecot/imap-login [5 connections (5 TLS)] \_ dovecot/imap-login [1 connections (1 TLS)] \_ dovecot/imap-login [4 connections (4 TLS)] \_ dovecot/imap-login [1 connections (1 TLS)] \_ dovecot/imap-login [1 connections (1 TLS)] \_ dovecot/imap-login [315 connections...

Hello! Taking advantage of the email, I tried to make an ldap query with tls and I had an error .. Version Samba 4.4.4 samba-tool testparm -v --suppress-prompt|grep tls ldap ssl = start tls tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile = tls dh params file = tls enabled = Yes tls keyfile = t...

Hi list , I'm doing some tests with asterisk 13.4 and tls, and failed to make it work, all my terminals spa Cisco 5XX look my cli [Jul 8 11:09:16] ERROR[14733]: pjsip:0 <?>: tlsc0x7f539801 TLS connect() error: Connection refused [code=120111] [Jul 8 11:09:16] WARNING[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed to send Request msg OPTION...