similar to: Reading pem file in ruby on rails

Dear all, I see this error message in my *masterhttp.log* repeatedly: ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 > read client certificate A: tlsv1 alert unknown ca > I saw a similar mail in the list but there was no definitive answer to that post. Does anyone know what am I missing here? I do understand what *unknown ca* means but I can''t think

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

I have tried all the suggestions up till now but the error message is still there. I have tried this configuaration for roundcube: $config['imap_conn_options'] = array( 'ssl' => array( 'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>', 'verify_peer' => true, 'verify_depth' => 3, // 'cafile' =>

We have often the Problem that some files need to be checked for updates faster than the cycle of the puppet agent. I try to solve this with a script which tries to download the files directly from the fileserver of the puppetmaster. So far i couldn''t get it to work. I don''t know if i got the URL right, i did not find any examples on the REST API documentation for the

I think that you are right when you say that the problem may be the certificate recognition. As for Roundcube, I've inserted the uncommented php code that you provided in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for /config/defaults.inc.php. Unfortunately Roundcube doesn't login and replies with the message "connection to storage server failed". And

I have an application i''m installing on my application server. I''ve been using WEBrick and for now i''d like to just keep using it working in prototype development mode. This works fine on my development machine using both http and https, where the host is ''localhost'' (ports 3000,3001). It also works fine on the application server http port 3000. The

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

> On 11 April 2019 00:49 David Salisbury via dovecot <dovecot at dovecot.org> wrote: > > > >>> > >> Yes. I gave it a try here, and it seems to work. Does it give any extra > >> information if you include -i flag? > >> > >> Aki > >> > > > > Yes, I had tried that, and it doesn't give much extra information, at

CentOS 7 Dovecot 2.2.36 Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<> Was working fine for over a year, until the cert expired and I replaced it. I've tried the good cert I have for

Hi all, I have some problems with a few temporary objects, this is the relation between them: A -(1,n)-> B -(1,1)-> C B -(1,n)-> D C -(1,n)-> D I have a "wizard" to create "A" objects, I''m storing everything in the session, something like this: a = A.new session[:a_object] = a ... b = B.new b.c = some_c_instace a.bs << b ... d = D.new b.ds

> On 11 April 2019 17:44 David Salisbury via dovecot <dovecot at dovecot.org> wrote: > > > On 4/11/2019 1:50 AM, Aki Tuomi wrote: > > > >> ... > >> So, not being an expert at encryption, what are the ramifications of > >> those digests being read as different values in the two different > >> places???? I do notice that the

Using Ruby 1.8.7, Rails 2.3.8. I don''t want it to verify the cert... This is my backtrace: OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed): httpclient (2.1.5.2) lib/httpclient/session.rb:247:in `connect'' httpclient (2.1.5.2) lib/httpclient/session.rb:247:in `ssl_connect'' httpclient

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

Hi, I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi running Raspbian Jassie OS. Now I would like to add an on-line e-mail client like Squirrelmail or Roundcube. I was able to start up these two clients but when I try to login I get this error message in the dovecot log: tlsv1 alert unknown ca: SSL alert number 48 But I have inserted the self-signed certificate and

I am working on building a facter tag based node classifier similar to https://github.com/jordansissel/puppet-examples/tree/master/nodeless-puppet/. However, I have run into an issue where I cannot use puppet''s require file ability to push the yaml file containing the facts file to the client because it would require two runs of puppet to pickup changes. Consequently, I have written into

Hello, I have a problem with the srptools to connect my Dom0 to the scst over IB ressources. *When i''m on the Debian kernel (without Dom0) * root@blade1:/# ibsrpdm -c id_ext=003048ffff9dd3b4,ioc_guid=003048ffff9dd3b4,dgid=fe80000000000000003048ffff9dd3b5,pkey=ffff,service_id=003048ffff9dd3b4

I don't know AGIspeedy, but I have some PHP scripts where I set a connect timeout using streams. Example using https, but should be easily adaptable to non-s http.: $pbxsh_bin = @file_get_contents("https://blah.blah.blah", FALSE, @stream_context_create(array('https' => array('timeout' => 5, "verify_peer"=>false,

Hi, folks, Our system gets/creates /var/lib/ssh-x509-auth/<username>,pem, then deletes it when the log out. selinux (in permissive mode) complains. First, I changed the context to cert_t, and *now* it complains that ksh93 wants write, etc access on the directory. grep ssh-x509-auth /var/log/audit/audit.log | audit2allow offers me this: #============= sshd_t ============== allow sshd_t

I''m trying to hack ActiveResource to use a self-signed certificate when connecting to my RESTful rails app (seems like a pretty glaring hole that it doesn''t offer this out of the box... though I guess it is alpha software). I started out going through the ActiveResource code looking for somewhere I could set the cert and key. Didn''t find it, so I took the approach

Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong