Certificate error when pulling docker images - ssl

When trying to pull a image from the docker hub, I am receiving some weird errors. The specific error that the docker daemon returns is:
Error getting v2 registry: Get https://registry-1.docker.io/v2/1:
x509: certificate signed by unknown authority
The weird thing is that running "docker search x" runs fine and returns what was expected. Also curling the page(curl -vL registry-1.docker.io) and running the openssl s_client(openssl s_client -connect registry-1.docker.io:443) doesn't return any certificate errors.
I am not behind a corporate proxy or anything like that. I've tried a lot of solutions like adding certs to the /etc/docker/certs.d directory, reinstalling the ca-certificates package, rebooting my machine, and almost everything that google searches suggested.
I am running CentOS version 6.8.
My docker version:
Client:
Version: 1.12.2
API version: 1.24
Go version: go1.6.3
Git commit: bb80604
Built: Tue Oct 11 17:00:50 2016
OS/Arch: linux/amd64
Server:
Version: 1.12.2
API version: 1.24
Go version: go1.6.3
Git commit: bb80604
Built: Tue Oct 11 17:00:50 2016
OS/Arch: linux/amd64
Thanks!

Related

Parsec app - problem with MTY_TLSHandshake: 'SSL_do_handhsake'

I am using a PARSEC app to connect another machine, after upgrade ubuntu I have problem with login to app.
"Faild request /v2/auth/ Please check internet connection"
In log I have:
[D 2022-10-31 13:37:28] MTY_TLSHandshake: 'SSL_do_handhsake' failed with error -1:1
My openssl version /lib/x86_64-linux-gnu$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Apache upgrade in CentOS 7

This is my current version of Apache:
httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built: Apr 24 2019 13:45:48
Server's Module Magic Number: 20120211:24
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
I am using CentOS 7; when I try to update Apache, it says there are no upgrades. I know the latest version is 2.4.39: mine is 2.4.6.
I would recommend looking at RHEL's security backports page. It explains the process RH uses to update version numbers. Basically, even though your httpd -V says 2.4.6, RH may have updated the features and fixed issues from the CVE without updating the version number. Run rpm -q --changelog httpd | grep CVE-yyyy-nnnn, filling in yyyy-nnnn with a recent timestamp from the CVE list, and see if your version has received those updates.
Alternatively, you may not have the latest CentOS version, which may not have the updated list of software. Run yum update to be sure you have the latest version.

Apache MINA - stuck on SSL connection

I am having troubles with Apache MINA core library.
When I deploy my application to a remote server some of the requests are not processed (around 2%). It looks like there might be a problem with SSL.
Log tail: http://pastebin.com/48bwWsjs
When request is not being processed, it is always stuck on the:
org.apache.mina.filter.ssl.SslFilter - Session Server[40](ssl...): Processing the SSL Data
Did something similar happened to any of you?
I tried Apache-mina 2.0.7 and 2.0.16
Env:
bash-4.2$ java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)
bash-4.2$ uname -a
Linux 8d9ad913fa03 4.4.39-34.54.amzn1.x86_64 #1 SMP Fri Dec 30 19:11:28 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Thanks any help!

httpd failed due to SSLProtocol: Illegal protocol 'TLSv1.1' on centos

I am trying to update TLS1 to TLS1.1 or higher but after doing below changes, Getting error "SSLProtocol: Illegal protocol 'TLSv1.1'"
My Apache and openssl version are :-
httpd -v
Server version: Apache/2.4.2 (Unix)
Server built: Jul 16 2012 21:11:37
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Sep 27 12:27:19 UTC 2016
Centos-version (6.7)
rpm --query centos-release
centos-release-6-7.el6.centos.12.3.x86_64
Did changes for ssl :-
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLProtocol -all +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder on
I am not sure what is missing here, can anybody help me here?
Apache has to be compiled with OpenSSL when its installed.
Your Apache was apparently compiled back in 16th Jul 2012 when Apache 1.0.1 wasn't even released yet. So guessing it was compiled with the previous version (0.9.8) which doesn't support TLSv1.1.
At some point in the future someone has upgraded OpenSSL to a later version but not recompiled Apache.
As Apache 2.4 wasn't available as a packaged version way back in 2012 someone must have installed it manually and it's stayed on that old version ever since. I suggest you look in yum for a supported 2.4 version which may be available now or install it from source.

APR based Apache Tomcat Native library was not found on the java.library.path?

When trying to run my app with eclipse/linux on tomcat
I got the following info message:
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/amd64/server:/usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/amd64:/usr/lib/jvm/java-6-sun-1.6.0.20/jre/../lib/amd64:/usr/lib64/xulrunner-addons:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
How do I resolve this issue?
My case:
Seeing the same INFO message.
Centos 6.2 x86_64
Tomcat 6.0.24
This fixed the problem for me:
yum install tomcat-native
boom!
For Ubntu Users
1. Install compilers
#sudo apt-get install make
#sudo apt-get install gcc
2. Install openssl and development libraries
#sudo apt-get install openssl
#sudo apt-get install libssl-dev
3. Install the APR package (Downloaded from http://apr.apache.org/)
#tar -xzf apr-1.4.6.tar.gz
#cd apr-1.4.6/
#sudo ./configure
#sudo make
#sudo make install
You should see the compiled file as
/usr/local/apr/lib/libapr-1.a
4. Download, compile and install Tomcat Native sourse package
tomcat-native-1.1.27-src.tar.gz
Extract the archive into some folder
#tar -xzf tomcat-native-1.1.27-src.tar.gz
#cd tomcat-native-1.1.27-src/jni/native
#JAVA_HOME=/usr/lib/jvm/jdk1.7.0_21/
#sudo ./configure --with-apr=/usr/local/apr --with-java-home=$JAVA_HOME
#sudo make
#sudo make install
Now I have compiled Tomcat Native library in /usr/local/apr/libtcnative-1.so.0.1.27 and symbolic link file /usr/local/apr/#libtcnative-1.so pointed to the library
5. Create or edit the $CATALINA_HOME/bin/setenv.sh file with following lines :
export LD_LIBRARY_PATH='$LD_LIBRARY_PATH:/usr/local/apr/lib'
6. Restart tomcat and see the desired result:
Download the appropriate APR based tomcat native library for your operating system so that Apache tomcat server can take some advantage of the feature of your OS which is not included by default in tomcat. For windows it will be a .dll file.
I too got the warning while starting the server and you don't have to worry about this if you are testing or developing. This is meant to be on production purposes.
After putting the tcnative-1.dll file inside the bin folder of Apache Tomcat 7 following are the output in the stderr file,
Apr 07, 2015 1:14:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.33 using APR version 1.5.1.
Apr 07, 2015 1:14:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Apr 07, 2015 1:14:14 PM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1m 19 Mar 2015)
Apr 07, 2015 1:14:14 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-127.0.0.1"]
I resolve this (On Eclipse IDE) by delete my old server and create the same again. This error is because you don't proper terminate Tomcat server and close Eclipse.