Displaying 20 results from an estimated 6000 matches similar to: "2007-006 Ruby SSL Update on Debian"
2007 Nov 28
6
SSL certificate state of the union
Hello there,
Since the update with ruby all my puppet function is dead (well known
issue with the cert) . There has been some discutions on the dev list on
how to patch this for future versions. I have read the list and wondered
how we can solve the issue while waiting for the .24. I am in beta test
of the .23.x version but on my production system i wanted to find a way
to solve this now
2007 Dec 11
4
EL5.1 client problems
Hi all,
I attempted to add an EL5.1 client to our puppet server (EL5), and after
signing the client cert, got the error "Certificates were not trusted:
hostname not match with the server certificate"
I found the mailing list discussion and the relevant page:
http://www.reductivelabs.com/trac/puppet/wiki/RubySSL-2007-006
As far as I can tell, my puppermaster''s cert CN matches
2007 Dec 25
2
error on restarting
Hello folks,
I have been receiving this error on my new servers when I try to restart
the puppet.
/etc/init.d/puppet restart
Stopping puppet: [FAILED]
Starting puppet: /usr/lib/ruby/1.8/openssl/ssl.rb:74:in
`post_connection_check'': hostname was not match (OpenSSL::SSL::SSLError)
from /usr/lib/ruby/1.8/net/https.rb:183:in
2017 Oct 12
2
SSL overview...
Can someone help me understand the overall picture of SSL certificates in this scenario?
I have a working dovecot/postfix/mysql server. It has a certificate.
I now want to create a second, essentially duplicate configured server for use with replication.
What is the relationship between the certificate and the hostname, or the DNS entry since the certs are created using the server?s domain
2007 Dec 10
3
Is the SSL issue solvable for (the apt-get) Puppet version 0.20.1 ??
Hi All,
I''ve been trying to resolve the SSL issue as described on the link at the
bottom. I understand the issue and I''ve tried to implement all the different
patches (one at a time .. :-). However for most of them there are either
files missing or code not found in the files. It seems this is due to a
version difference in Puppet. The docs and patches seem to be for the
2017 Oct 12
1
SSL overview...
I thought I read somewhere that the hostnames on replicated dovecot servers had to be different. Is this simply the hostname you specify in the config for dovecot and can this be different than the actual unix hostname?
Ethon B.
> On Oct 11, 2017, at 11:04 PM, Anvar Kuchkartaev <anvar at anvartay.com> wrote:
>
> If you are using different hostname for each server then you need
2007 Oct 10
17
Warning for Fedora Core users
Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7,
is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation,
and there was a similar report from someone else.
Communications between the puppetmasterd and the puppetd running on
the same host broke down with the message:
Could not retrieve configuration: Certificates were not trusted: hostname
not match with
2011 Oct 24
3
Important Security Announcement: AltNames Vulnerability [new version of puppet]
We have discovered a security vulnerability (“AltNames Vulnerability”)
whereby a malicious attacker can impersonate the Puppet master using
credentials from a Puppet agent node. This vulnerability cannot cross
Puppet deployments, but it can allow an attacker with elevated
privileges on one Puppet-managed node to gain control of any other
Puppet-managed node within the same infrastructure.
All
2012 Apr 09
1
Username from rfc822Name subject alternative name
Hello,
I'm looking into adding support for extracting the username from client
certificate's rfc822Name (from the subjectAltName extension).
The question I have is what would be the best approach to do this?
Current implementation has a kind of clean code since it just goes
through the subject name, extracting the values with
X509_NAME_get_text_by_NID (while NID is obtained with
2006 Mar 19
5
multiple signed ssl certificatess on single IP address
Good afternoon everyone,
This is my first post here. I was wondering if someone could clear my
mind about this.
I have a dedicated server with a single ip address assigned to it. I
want to host couple of site which are hosted somewhere else and they
have signed certificates. Now I want to host them all on this single
server.
Is it possible to bound more than one cert to a single IP based
2002 Jan 31
7
x509 for hostkeys.
This (very quick) patch allows you to connect with the commercial
ssh.com windows client and use x509 certs for hostkeys. You have
to import your CA cert (ca.crt) in the windows client and certify
your hostkey:
$ cat << 'EOF' > x509v3.cnf
CERTPATHLEN = 1
CERTUSAGE = digitalSignature,keyCertSign
CERTIP = 0.0.0.0
[x509v3_CA]
2006 May 15
2
Slightly OT: SSL certs - best practice?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
This question may be slightly OT for this list, but it does concern
securing services on my FreeBSD servers :-)
At the moment I have some existing (self-signed) SSL certs for Dovecot,
Exim and Apache. It's mostly only me that uses them for now, but I'm
planning on expanding that, so want to try and do things "right".
My
2014 Feb 28
1
Set a domain name instead of an ip address into tls certificate
I tried to set cn=myMachine instead of cn=192.168.1.x
and...everything frezees!
virsh -c qemu://.../system
tries to connect forever.
You really need static ip addresses in the cn field??
I think this is an HUGE bug: you are saying to me that each time I change
network or ip (because, dear sirs, dhcp exists) I have to generate a whole
new couple of certificates??
I hope it is not the case....
2009 Jun 03
1
insert and count missing data
Hi R-users,
I have missing data for the month. My question is how do I insert the missing month and fill up the cell with 'na' for the rain amount? Then I would like to count the percentage of missing data.
No Year month rain
1398 1985 10 104.2
1399 1985 11 138.0
1400 1985 12 120.4
1401 1986 1 12.6
1402 1986 2 19.4
1403 1986 3 1.0
1404 1986 4 58.8
2012 Oct 05
5
IPv6 & SSL
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have a dual stack server with Dovecot 2.1.10 listening on v4 and v6
Dovecot has a Comodo SSL certificate issued via NameCheap that works as
expected with IPv4
in 10-ssl.conf I have enabled these configuraction directives:
ssl = yes
ssl_cert = < /path/to/file.crt
ssl_key = < /path/to/file.key
ssl_parameters_regenerate = 202 hours
If I
2023 Mar 05
1
icecast https stream and Sonos
My icecast https stream (https://vertenradio.com:8443/stream) does not work on a Sonos ONE player.
It might have something to do with the ssl handshake.
>From the developer page from sonos i found this:
Some common reasons for SSL handshake failures include:
? Expired certificate: Every certificate has a validity window before it expires. You need to present Sonos with unexpired
2008 Apr 24
4
If/else issues.
Can some one point out to me what I am missing? I suspect I have
messed up the if/else some how. I am getting a ''
Syntax error at ''{''; expected ''}'' at
/srv/puppet/production/manifests/modules/apache/init.pp: 19''.
According to the Language tutorial this should be correct. I am
testing for an existence of a variable. If it exists chagne the
2011 Dec 01
3
Announce: Puppet 2.7.8rc1 available
Puppet 2.7.8rc1 is available. 2.7.8rc1 contains everything that was
being previewed in the 2.7.7rc series as well as some new content.
Key highlight in this release (beyond items from 2.7.7rc series) are:
* Allow providers to be selected in the run they become suitable
* Showdiff is now not auto-enabled when running in noop mode
* Provide default subjectAltNames while bootstrapping
2011 Oct 24
0
Announce: Puppet 2.6.12 Available [security update]
Puppet 2.6.12 is a security update release in the 2.6.x branch.
The only changes since 2.6.11 are security fixes for the following
vulnerability:
* CVE-2011-3872, Altnames Vulnerability
For more details on this vulnerability, follow the link on our
blog post: http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerability/
Other information available at:
2020 Jan 22
1
Memory error in the libcurl connection code
Hi All,
I think there is a memory error in the libcurl connection code that
typically happens when libcurl reads big chunks of data. This
potentially affects all code that use url() with the libcurl download
method, which is the default in most builds. In practice it tends to
happen more with HTTP/2 and if the connection is wrapped into a
gzcon(). macOS Catalina has a libcurl build with HTTP/2