Debian 10. I try to connect to a remote server with certificate. However connection fails with 500 error. DEBUG: .../IO/Socket/SSL.pm:2593: global error: Failed to load certificate from file (no PEM, DER or PKCS12) error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag.
Same code with same certificate works fine with several Debian 9. I have tried different versions with Debian 10 - of IO-Socket_SSL (ex. 2.044 - 2.060), LWP-Protocol-https (ex. 6.05 - 6.07) with no luck.
For clear experiment I took fresh from provider debian images with 9 & 10. It works with basic perl modules with ver 9 and fails with ver 10.
I need a piece of help & advise , cause I'm loosing hope :(
use LWP;
use LWP::UserAgent;
use LWP::Protocol::https;
use LWP::Debug qw(+);
use Net::SSL;
use IO::Socket::SSL qw(debug4);
$ENV{HTTPS_CERT_FILE} = "cert.crt";
$ENV{HTTPS_KEY_FILE} = "private.key";
$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;
$ENV{HTTPS_DEBUG} = 1;
my $ua = LWP::UserAgent->new;
$ua->ssl_opts(
SSL_verify_mode => 0,
verify_hostname => 0,
SSL_cert_file => "cert.crt",
SSL_key_file => "private.key"
);
my $req = HTTP::Request->new(POST => "https://server:775/api");
$req->header('content-type' => 'application/soap+xml; charset=utf-8; action="http://tempuri.org/ICodeRequestOnline/GetProtocolVersion"');
my $txt= qq{<?xml version="1.0" encoding="UTF-8"?><soap:Envelope>...</soap:Envelope>};
$req->content($txt);
my $resp = $ua->request($req);
print $resp->as_string;
Related
These are my settings:
sendmail.ini
smtp_server = 10.1.xxx.xxx
smtp_port=25
smtp_ssl=none
php.ini
[mail function]
SMTP = 10.1.xxx.xxx
smtp_port = 25
sendmail_path = "C:\Webserver\sendmail\sendmail.exe -t"
Typo3
'MAIL' => [
'defaultMailFromAddress' => 'noreply#domain.org',
'defaultMailFromName' => 'Domain',
'transport' => 'smtp',
'transport_sendmail_command' => '',
'transport_smtp_encrypt' => false,
'transport_smtp_password' => '',
'transport_smtp_server' => '10.1.xxx.xxx:25',
'transport_smtp_username' => '',
],
SSL certificate is provided by a netscaler configuration
Typo3 Test Mail Setup
Could not deliver mail
Please verify $GLOBALS['TYPO3_CONF_VARS']['MAIL'][*] settings are valid.
Error message: Unable to connect with STARTTLS: stream_socket_enable_crypto():
Peer certificate CN=*.domain.de' did not match expected CN=10.1.xxx.xxx'
Ehm, with transport_smtp_encrypt=false the connection will be tried via STARTTLS. For using an SSL-Connection, transport_smtp_encrypt has to be true.
Important: #91070 - SMTP transport option ‘transport_smtp_encrypt’ changed to boolean
so there is no chance to deactivate encryption as false uses Starttls and true ssl - thanks for the information
#alexinge I think STARTTLS is only used if the server that you try to connect to is able to handle it. As the changelog of version 4.4 of symfony/mailer says (highlight by me):
STARTTLS cannot be enabled anymore (it is used automatically if TLS is disabled and the server supports STARTTLS)
So you might try to change the configuration of the mail server (if you have access to that) or maybe use another port (587 with 'transport_smtp_encrypt' => false or 465 with 'transport_smtp_encrypt' => true).
I am trying to use the #peculiar/x509 library to decode a CSR to use some of the information in my tests. The tests are using Cypress.
Here is an extract of my code:
import * as x509 from '#peculiar/x509';
const request = {
certificateSigningRequest: `-----BEGIN CERTIFICATE REQUEST-----
...
-----END CERTIFICATE REQUEST-----`,
};
describe('PKI', () => {
it('works', () => {
console.log(x509);
const stringPEM = request.certificateSigningRequest
.replace(/(-----(BEGIN|END) CERTIFICATE REQUEST-----|\n)/g, "");
const cert = new x509.X509Certificate(stringPEM);
console.log(cert.subject);
return;
// Stuff I want to test
});
});
When I try to log the x509 variable it returns an empty object.
And on the const cert = new x509.X509Certificate(stringPEM); line, I get an error:
x509.X509Certificate is not a constructor.
If I try to set up a simple project with a Typescript file to import the library and just log the x509 variable, it displays all the exports correctly.
I can't figure why it behaves like that with Cypress, so any help is appreciated.
EDIT: Diving a bit more into how Cypress works, I now understand that my assumption about the spec files running/controlled in a Node process was wrong. Spec files are running in the browser. So I would need to inject the browser version of the library in the spec file.
This can be done via the plugin API of Cypress, because it runs in the Cypress node process.
You can import a specific build, either x509.es.js or x509.cjs.js and your code works. The base #peculiar/x509 is for <script> inclusion.
One thing, the BEGIN and END tokens need to remain in the request for it to be recognized.
import * as x509 from '#peculiar/x509/build/x509.es.js'
// const x509 = require('#peculiar/x509/build/x509.cjs.js') // alternative
// hard left for multiline strings, otherwise request is not correctly formatted
const request = {
certificateSigningRequest: `-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----`,
};
// copied from #peculiar/x509 to verify format - not necessary for test
const isPem = (data) => {
return typeof data === "string"
&& /-{5}BEGIN [A-Z0-9 ]+-{5}([a-zA-Z0-9=+/\n\r]+)-{5}END [A-Z0-9 ]+-{5}/g.test(data);
}
console.log(isPem(request.certificateSigningRequest))
describe('PKI', () => {
it('works', () => {
console.log(x509);
const stringPEM = request.certificateSigningRequest // leave in BEGIN and END
const cert = new x509.X509Certificate(stringPEM);
console.log(cert.subject); // prints e.g. "CN=Test certificate, E=some#email.net"
return;
// Stuff I want to test
});
});
Possibly due to NodeJS version issue.
The X509Certificate was added recently in NodeJS version 15.6.0. Changelog here. So it requires that version. It might have worked on your simple project because of a newer NodeJS version.
And by default, Cypress is using its bundled NodeJS version, which since Cypress version 7.0.0 to 8.2.0, it's using bundled NodeJS version 14.16.0, as per the changelog here:
The bundled Node.js version was upgraded from 12.18.3 to 14.16.0.
So you can try changing/overriding the bundled NodeJS version in Cypress configuration to version 15.6.0, as per this configuration:
nodeVersion
In PHP7, when I hash a string like this:
$hash = hash("sha256", "password");
I have this warning:
Unknown hashing algorithm: sha256
In PHP 5.2.9, it was working. Is the sha256 deprecated in php7? Other idea?
Notes
the extension "php_openssl.dll" is enabled.
hash("sha512", "password"); // WORKS !
print_r( hash_algos() );
[0] => md2 [1] => md4 [2] => md5 [3] => sha1 [4] => sha224 [5] => sha256
[6] => sha384 [7] => sha512 ...
I know that you got it to work, but I wanted to add that I've looked through the PHP7 source code and there's simply no reason why it shouldn't work every time.
In ./ext/hash/hash.c, we define our table of available hashes:
PHP_MINIT_FUNCTION(hash)
{
// ...
zend_hash_init(&php_hash_hashtable, 35, NULL, NULL, 1);
// ...
php_hash_register_algo("sha224", &php_hash_sha224_ops);
php_hash_register_algo("sha256", &php_hash_sha256_ops);
php_hash_register_algo("sha384", &php_hash_sha384_ops);
php_hash_register_algo("sha512", &php_hash_sha512_ops);
// ...
}
php_hash_register_algo() is also very simple:
PHP_HASH_API void php_hash_register_algo(const char *algo, const php_hash_ops *ops) /* {{{ */
{
size_t algo_len = strlen(algo);
char *lower = zend_str_tolower_dup(algo, algo_len);
zend_hash_str_add_ptr(&php_hash_hashtable, lower, algo_len, (void *) ops);
efree(lower);
}
So what of php_hash_sha256_ops? That's defined in ./ext/hash/hash_sha.c:
const php_hash_ops php_hash_sha256_ops = {
(php_hash_init_func_t) PHP_SHA256Init,
(php_hash_update_func_t) PHP_SHA256Update,
(php_hash_final_func_t) PHP_SHA256Final,
(php_hash_copy_func_t) php_hash_copy,
32,
64,
sizeof(PHP_SHA256_CTX)
};
By looking at the code in this file, you can also see that there are no preventative conditions in PHP_SHA256Init(), PHP_SHA256Update(), or PHP_SHA256Final(). I can't find a single possible way that sha256 could be disabled.
What it boiled down to for me was that due to a forgotten comment in configs I was using mod_php with mpm_event apache. So non-thread-safe php7 in a threaded environment, hence shared memory corruption and a number of problems, one of them being sha1 was unavailable after some random uptime.
1)Open localhost/phpmyadmin or 127.0.0.1/phpmyadmin which certainly gives you an error.
2).To fix this, restart the server to start the service of PHPMYADMIN.
3).if you are on local server, open your xampp or wampp, stop all services then start it.
4).This will fix your all issues for sure
I had the same issue today. It resolved itself after a reboot
just needed to Restart xampp or MAMP to fix the issue.
I'm trying to make spiderable works on my meteor app hosted on modulus with SSL.
I have Meteor 1.0, iron:router 1.0, spiderable and node package of phantomjs
All is working on localhost. But once I deploy on Modulus, first I had the error
spiderable: phantomjs failed: null
Then, I added the following environment variable in the modulus panel:
METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS = --ssl-protocol=tlsv1 --ignore-ssl-errors=yes --debug=true
This is still not working and the debug is outputting multiple times (like it's looping over an error) the following message in the modulus console:
2014-12-03T17:01:00 [DEBUG] WebPage - evaluateJavaScript "(function() { return (function () {
if (typeof Meteor === 'undefined'
|| Meteor.status === undefined
|| !Meteor.status().connected) {
return false;
}
if (typeof Package === 'undefined'
|| Package.spiderable === undefined
|| Package.spiderable.Spiderable === undefined
|| !Package.spiderable.Spiderable._initialSubscriptionsStarted) {
return false;
}
Tracker.flush();
return DDP._allSubscriptionsReady();
})(); })()"
2014-12-03T17:01:00 [DEBUG] WebPage - evaluateJavaScript result QVariant(bool, false)
If anyone knows how to solve this or succeeded to deploy a meteor project on modulus.io with SSL and spiderable. Let's me know the good way to do it :)
Thank a lot !
I solved my problem as follows:
I installed phantomjs locally and run the test script available at http://www.meteorpedia.com/read/spiderable/
phantomjs phantomtest.js
This gave me more details about the error: Parse Error.
Then, it was a javascript file that once compiled/minified, rendered an error caused by select2. The js library that was using it was flat-ui.js (http://designmodo.github.io/Flat-UI/).
I discover this by testing many deploys on *.meteor.com and by adding/removing .js file.
I edit the flat-ui.js library to avoid Parsing Error.
I redeployed on both modulus.io and *.meteor.com. All was working fine on *.meteor.com but still didn't work on modulus.io. That let me thinking about an SSL error but I only saw "spiderable: phantomjs failed: null" in the modulus.io logs.
I add the following environment variable in the modulus panel:
METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS = --debug=true
and it appears that it was a "SSL Handshake error":
[DEBUG] Network - Resource request error: 6 ( "SSL handshake failed" )
I add another option to the METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS environment variable:
METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS = --ignore-ssl-errors=yes --debug=true
Now everything is working fine on modulus.io.
To sumup:
solve javascript errors
add METEOR_PKG_SPIDERABLE_PHANTOMJS_ARGS = --ignore-ssl-errors=yes
I hope this will help some dudes,
im encrypting data on a ruby app and decrypting on a node server, but im getting some errors, I replicate the ruby code on my node server and notice that this 2 lib are working different
# Node crypto
var cipher = crypto.createCipher("aes256", key);
var key = crypto.createHash("sha512").update("foo", "utf8").digest("hex");
var crypt = cipher.update("bar", "utf8", "base64");
crypt += cipher.final("base64");
return crypt;
Result: BTK+S8ogCW7cK7NlA5RUJw==
# Ruby OpenSSL
cipher = OpenSSL::Cipher::Cipher.new('aes256').encrypt
cipher.key = Digest::SHA512.hexdigest("foo")
encrypted = cipher.update("bar".to_s)
encrypted += cipher.final
return Base64.encode64(encrypted)
Result: fnRH+EczVbJWwrPSITkhuw==
how can i fix this