I asked on irc, and received a sad 'not unless the version in synaptics is with ssl'. Is it not possible to change this ? - or is the only way out to compile/build it yourself?
View 1 RepliesI want to recompile Apache in order to be SNI supportive because I need to use ssl named based virtual host:
I referred to the following links:
[URL]
I installed the latest version of openssl which is now openssl-1.0.0 I ran the following commands:
./config enable-tlsext --prefix=/usr/local2 --openssldir=/usr/local2/openssl
make
make test
make install
then to recompile apache with new SNI support I ran the following:
./configure --enable-so --enable-ssl --enable-rewrite --enable-unique-id --with-ssl=/usr/local2/openssl
make
make install
After that when I start Apache: /usr/local/apache2/bin/apachectl -k start I get the following error:
SSLStrictSNIVHostCheck failed; OpenSSL is not built with support for TLS extensions and SNI indication. Refer to the documentation, and build a compatible version of OpenSSL.
Can anyone run me through the process to install lftp correctly with all the correct support for SSL and SSH connections?
I am using the newest version of Ubuntu.
I saw, there is a new OpenSSL v 1.0.0 and I wanna ask how to install it. I have this server now Apache/2.2.14 (Ubuntu) PHP/5.2.10-2ubuntu6.4 with Suhosin-Patch mod_ssl/2.2.14 OpenSSL/0.9.8k
And I try to install by reading the Install file in the package but I still have 0.9.8k.
$ ./config
$ make
$ make test
$ make install
I'd like to upgrade libssl to 0.9.8l version on my Lucid-based server, because of CVE-2009-3555 - they say that 0.9.8l disables SSL renegotiation, fixing the security issue. But there is no 0.9.8l in Ubuntu repositories - only 0.9.8k-7 is available. how can I upgrade this library? BTW. it is really strange why such significant security fix is not available in Ubuntu repositories. why it is not available?
View 9 Replies View RelatedI need to run a proprietary VPN client (Aventail) that can't use the openssl libraries that are packaged with 64bit F10:The Fedora openssl package does something differently from the original openssl.org package that makes it incompatible with Aventail (see bugzilla ticket 477073) I also believe the Aventail client software requires 32-bit libraries. So, I've determined I need to install 32bit openssl directly from openssl.org, then link my Aventail client to that. Note that I don't want to replace the 64bit openssl libraries currently on my system.
Based on the Bugzilla ticket, I believe I know how to hook up Aventail before I install it simply by supplying a few specific soft links if I can make/compile/whatever the 32bit openssl.org libraries and keep them in their own isolated directory. how to get the 32bit openssl libraries installed in a little corner by themselves on my 64bit system. give a step-by-step on on the commands necessary to place a 32bit version of openssl all by itself in a directory of my choosing?
My host has enabled FTPES [URL]. I would like to use lftp to securely upload my files to the host. However, lfpt hangs at "`ls' at 0 [Connecting...]" when trying to connect. See report here: [URL]
I've already search this forum and the web for days, but there does not seem to be any explicit tutorial for lftp + FTPES.
I've tested filezilla and I can connect without any problems via FTPES. I'd rather use a command line tool like lftp, however.
From what I've gathered, the problem may be with the passive mode, and the fact that the response from the server does not reach my machine.
My machine is running Kubuntu and is behind a d-link router. I don't seem to be running any firewall (is that a problem for a personal computer?). I checked: the router's built-in firewall is disabled. I am not sure about the port forwarding issues, though.
I'd like to use your replies to write a small tutorial: I have found many posts by people experiencing similar problems, but none with an actual answer.
Another question: how can I make sure that any successful connection is indeed made via a secure channel. I can use lftp without problems when I don't use SSH/secure channels. Obviously, I don't want that. What tell-tale signs can I look to to ascertain that I am really securely connected?
Really new to linux but I'm learning quite a bit and fairly fast. This is my first question on these forums and I hope I can get pointed in the right direction.Currently I run ubuntu 10 and currently I connect to my box via putty, and manually get files from 1 central ftp and then I take the files there and manually connect to 5 different ftps and send them out. I'm looking to figure out a solution where I can just dump the files into a particular directory on my box like a rtorrent watchdir and a script will pickup the new file and ftp it to all the places I need it to go.
I want the script to run in the background and just know a new file hit the directory and take care of it. To save time currently I'm using lftp and i have bookmarks saved with pw for all the ftps.
was trying to figure out how to use
Code:
lftp mirror -v ----remove-source-files sftp://user@ftp.site.com
I keep getting "unknown option --remove-source-files. Could anyone help?
I have the following option set in my ~/.lftp/rc
Code:
set mirror:order "*.rpm */"
Here, *.rpm files are given preference. The rest of the files are being downloaded by lftp in alphabetical order, not the custom order sent by my ftp server. Is there a way to make it download it in the order sent by my ftp server.I'm using proftpd and the files are sorted by size.
I was wondering if someone can help me... I have a file that I am trying to LFTP from my Linux server to my Mainframe and the file is uploading but the data looks slightly corrupted..First off let me tell you the following text is French and it contains accent characters.Below is how the data looks when you view the data through vi or on the Mainframe:
factureNum
Note how the accent e is turned into a uppercase accent A and a copyright symbol.When I view the PC file in hex through Notepad ++ the turns into and the result is one character turning into two characters is a hex C3 and is a hex A9.
When I LFTP the file to the mainframe the characters are transferred and I end up with a hex 66 and a hex E4.The end result I am after is that I want to transfer my linux file, who's data looks like this on the linux server: factureNumro and like this when viewed on a PC: factureNumro to my mainframe and I want it to look the same as when I transfer it to the PC. Like this: factureNum.
I'm using ProFTPd as my FTP server on a CentOS 5 box. Since updating to version 1.3.3c, I seem to have very specific problems. Connections work quite fine with about any FTP client out there, including the basic ftp command from the Linux prompt. However, when trying to connect to that server with LFTP, things go wrong. When connecting, all I get is [Connecting] then [Logging in...] and then nothing. I have to add that SSL is forced off in lftp.conf (I read it could be the problem). I sometimes get a counter for reconnection, but it never works.
The command I use in lftp is : open -u <user>,<pass> <server_ip>, the ls for lftp to establish the connection. I don't see anything at all in the server's log. I just see "FTP session opened" and "FTP session closed" in /var/log/messages" and nothing in /var/log/secure. I can give you a strace if needed. Please keep in mind that the server WORKS with anything but LFTP and NCFTP (which I also tried).
I am installing Ubuntu Server 10.10 on and old Dell Laptop. The network connection is an Xircom PCMCIA card.During install, the computer sees and interacts via the network just fine. For example, I can ping the gateway. Also, the command "lspcmcia" works and show the Xircom card.When I reboot, however, there is no network access, and the "lspcmcia" command is not there. When I try "lspcmcia" the OS helpfully tells me that I can "apt-get" pcmciautils, but, without network access, that fails.I tried adding the install cdrom to apt using "apt-cdrom" and then tried to "apt-get" pcmciautils and it got further, installing some dependencies, but acted like it still was unable to locate the pcmciautils package.
View 1 Replies View Relatedin order to share profiles between a Mahara and a Moodle installation I need to get OpenSSL working.
I've got OpenSSL installed on the server and followed this tutorial. However, I still get an error message saying that either OpenSSL or PHPs support for OpenSSL are missing: Could not generate a new SSL key. Are you sure that both openssl and the PHP module for openssl are installed on this machine?
What would be the next steps to actually set up the Apache server and PHP so they can use OpenSSL? (I've already specified the path to my caconfig.cnf file in Maharas config.php)
I was thinking of trying out the UEFI support that HP has in my laptop BIOS in the next few days. My reasons is that I get a custom boot logo... and (hopefully) a better boot-speed. What is the current state of affairs with the openSuSE UEFI/EFI install support on a empty hdd for x86_64 does anyone know? (badly worded I apologize) This may seem naive but I have struggled to answer this with most posts being about Mac's for obvious reasons.
Specifically, Do I have to have any custom knowledge on formatting the HDD with a GPT partitions or does the installer do this for you? Secondly, How well does the UEFI bootloader tie in with the config tools in YaST2? (I would like to have UEFI but if it turns into some headache in setting up the boot area by hand each time the kernel updates I will forget it.) I can safely say this will be a machine with only openSuSE installed as an OS, no need for any others or any dual-boot problems. This isn't overly urgent and I will dedicate (at least) a whole weekend to tweaking once I buy a new disk and install openSuSE on it. If nobody knows then I will dive in head first and report how I find it and any problems (and severity).
i have a encrypted file using .aes256. I'm trying to decrypt but it fails. This is the command i used
Quote: openssl enc -d -aes256 -in insurance.aes256 > /media/DATA/out.dec And here's the error:Quote: enter aes-256-cbc decryption password: bad decrypt13930:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:
I'm unable to compile ruby 1.9.X and I found out it was related to openssl, although it seems there's a patch available for ruby I don't know how to apply it so I was thinking on downgrading to openssl 0.9.8n
I'm using F13 btw, I'm still posting it here as openssl 1.0.0 was first introduced on F12, the other major distros are still using openssl 0.9.8k so there's no much information on the problem
I have a weird problem in which I try to use cryptodev in Openssl version 0.9.8g, but then if an error occurs or the system logs out, the version for Openssl rolls back to 0.9.8b.I have also tried reinstalling, but no dice. The version stays 0.9.8b. I am using Intel Tolapai with RedHat 5
View 1 Replies View RelatedI was upgrading openssl 0.7 to 0.9.81 in my redhat 9 server. I've followed the guideline from here: [url]
Now everything is messed up There's no libcrypto.so in /usr/local/ssl/lib directory. Only libcrypto.a. Neither in /usr/lib or /lib directory. I can't even run scp or wget to download rpm of openssl. Getting libcrypto.so error. I've use locate command to find libcrypto.so. There's none. I've run ./config, make, make test and make install command again in the openssl 0.9.81 source directory. But no luck. No libcrypto.so. This is a production server and the httpd went down.
i need to know more about openssl.In particular i'm having problems with some basic coammand-line stuff to do with signing and base64 encoding.You'll have to excuse me but i'm a security n00b. What is the command for signing some text file with a given private key and then after that base64 encoding the same file.Can this be done with a single command? what's wrong with:
Code:
openssl rsautl -sign -in textfile -inkey privatekey.pem enc -base64 -in textfile
or should that be:
Code:
openssl rsautl -sign -in textfile -inkey privatekey.pem | openssl enc -base64 -
I tried to compile C program that uses Openssl libraries on shell but got this error. I guess libraries are not linked properly.
undefined reference to SSL_library_init()
I am trying to get openssl to verify a certificate. I will walk you through what I have done so far.
1. openssl genrsa -des3 -out connect.mydomain.com.key 2048
2. openssl req -new -key connect.mydomain.com.key -out connect.mydomain.com.csr
3. Bought an SSL from GoDaddy.
4. Submitted my CSR
5. Downloaded sf_bundle.crt (CA File I presume)
6. Downloaded connect.mydomain.com.crt
Now I can do the following: [root@server tls]# openssl verify -CAfile sf_bundle.crt connect.mydomain.com.crt
connect.mydomain.com.crt: OK This is specifying the CAfile.
[Code]...
I am a new administrator and am running SLES 11 on a VM. I have openssl installed, but when I attempt to compile an add-on module to Nginx I get the following list of errors:
[Code]...
I've been googling around and have had a bit of a hard time trying to find help with this little issue. Managed to install CouchDB on the server at work after doing some fiddling due to not having spidermonkey availableAnyways, rt of this involved updating openssl.fter doing this however all hell broke loose.It seems a lot of programs needed the old version- I keep getting: error while loading shared libraries: libssl.so.0.9.8: cannot open shared object file: No such file or directory
I did a search:
>locate libssl.so.0.9.8
And it returned:
[code]...
I got an task assigned to me, i have to create new ssl key, csr & crt files using openssl. But the file name must be of this kind (*.aaa.xx.aa). When I tried the file name starting with * its not accepting the file name. But when I tried with the file name starting with . its getting generated.
View 1 Replies View RelatedI inherited a project that someone built in lampp, and I need create new SSL certs.
So I go to do so and it says that OpenSSL is not installed and to apt-get and install it.(Ubuntu by the way)
So before I did so, I wondered if it would cause any problems...since it was supposed to be part of the lampp stack.
I have problem in installing openvpn I get this error:
[Code]....
I want to use FIPS mode under linux. With openssl-0.9.8o, I typed "./config fipscanisterbuild" and then typed "make". The compile successful. Then I did a test about fips, below is my test code (main.cpp):
#include <iostream>
#include <openssl/ssl.h>
#include <openssl/fips.h>
int main(int argc, char *argv[])
{
[Code]....
I have a HP laptop which can support 1600x900. But after I install ubuntu 9.10 on it, it can only support up to 1280x700. My laptop has a Nvidia graphics card. And i am using GNOME as my desktop environment.
View 1 Replies View RelatedI just installed it by following steps in [URL]
but when I run "msfconsole", I got the following error messages telling me that ruby-openssl is not installed. I installed it "apt-get install libopenssl-ruby" but same message still comes again. I'm running Ubuntu 9.10.
root@qa-ud910-32-1:/opt/metasploit3/msf3/external/ruby-lorcon2# msfconsole
*** The ruby-openssl library is not installed, many features will be disabled!
*** Examples: Meterpreter, SSL Sockets, SMB/NTLM Authentication, and more
[-] ***
[Code]....