We use RabbitMQ in our product that leverages Erlang. We deploy via debian images which have custom built SSL libraries (not openssl) which have had RC4 support commented out. Due to this lack of RC4 whenever RabbitMQ/Erlang attempts to start-up we see the following error and the start-up fails.
2021-01-12 15:32:00.007 [error] <0.427.0> Unable to load crypto library. Failed with error:
"load_failed, Failed to load NIF library: '/usr/lib/erlang/lib/crypto-4.4/priv/lib/crypto.so: symbol RC4 version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference'"
OpenSSL might not be installed on this system.```
You might need to recompile Erlang against your SSL library. As of release 19.2, the crypto application checks whether OPENSSL_NO_RC4 is defined, and if so doesn't attempt to use RC4 (see this pull request). Thus if you use an Erlang package built against a different library, it might expect the feature to be present at runtime.
Related
We are in the process of installing a 4.x version of Neo4j community on an offline server.
We followed https://neo4j.com/docs/operations-manual/current/installation/linux/rpm/#linux-rpm-install-offline-install-download
The packages served by https://dist.neo4j.org/rpm/ doesn't seem to be signed.
Is that normal?? This seems dangerous for a product like this (I tested several versions, including lastest enterprise)
rpm -qip neo4j-enterprise-5.3.0-1.noarch.rpm
Name : neo4j-enterprise
Version : 5.3.0
Release : 1
Architecture: noarch
Install Date: (not installed)
Group : Unspecified
Size : 226422290
License : Proprietary
Signature : (none)
Source RPM : neo4j-enterprise-5.3.0-1.src.rpm
Build Date : Thu Dec 15 14:35:50 2022
Build Host : 385d2a9db634
Relocations : (not relocatable)
URL : http://neo4j.com/
Summary : Neo4j server is a database that stores data as graphs rather than tables.
Description :
Neo4j is a highly scalable, native graph database purpose-built to
leverage not only data but also its relationships.
downloaded via curl -O https://dist.neo4j.org/rpm/neo4j-enterprise-5.3.0-1.noarch.rpm then checked the package with curl -O https://dist.neo4j.org/rpm/neo4j-enterprise-5.3.0-1.noarch.rpm
expected a signed package
got an unsigned package
It depends on the provider and you if you think it is dangerous. The package does not need to be signed when you build or install it. It actually requires additional effort to sign it.
When the package is not signed, then you can be attacked using a man-in-the-middle attack.
It is the same as when you browse the web using HTTP vs. HTTPS.
I would be ok install not signed package to the developer ephemeral VM. I require signed packages for production machines.
You should ask Neo4j to sign the packages.
I've been writing an EventHubs message processor that just connects to EventHubs and processes messages on the EventHub. I've been developing in Visual Studio on Windows using .NET 6. Things work as expected on Windows; I can:
Connect to EventHubs
Receive messages
Do the message processing I want
Great. I then wanted to scale my message processor horizontally and decided that I would Dockerize it, and since .NET 6 runs on Linux, I would cross-compile it for Linux and eventually deploy multiple instances of my message processor on Docker Desktop as a next step. I eventually want to stick it on Kubernetes to scale up by an order of magnitude or two.
It was easy to Dockerize my Project in Visual Studio. I simply right-clicked the Project and selected Add -> Docker Support. Visual Studio detected I had Docker Desktop installed and generated all the config files I needed, and added an appropriate build configuration so that I could compile a binary, build a Docker image with it, and automatically deploy it to my local Docker Desktop instance.
.NET 6 also compiled without errors, which was great. However, when my container spins up, I get hit with the following runtime error:
System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: PartialChain
and there is a stack trace (omitted here for brevity) stemming from something in the EventHubs processor library:
<...many layers...> at Azure.Messaging.EventHubs.Primitives.EventProcessor-1.RunProcessingAsync(CancellationToken cancellationToken)
I am correctly passing my EventHubs connection string to my container, but what I surmise is that my container is missing an SSL certificate or has a misconfigured SSL certificate. I suppose Visual Studio has helpfully silently gone ahead and installed a development certificate when I developed my message processor on Windows so that EventHubs connections "just work" in my development environment, but that SSL certificate is not available to my container, since it isn't part of the build output.
I know I probably should be using Azure key vault or whatever secret management service they provide, but how else can I resolve this SSL certificate issue as quickly or painlessly as possible? It would be nice if I can just keep my connection string in my appsettings.json (It's fine. Toy project, only using Azure free credits anyway.)
The easiest way forward would be to register a handler that participates in certificate validation and can, if desired, override normal handling and force acceptance. This, of course, comes with the warning that you're bypassing standard security checks and may be putting your network and host in danger.
You don't mention which client you're using, but each takes a set of options in their constructor. The options for each type have a member named ConnectionOptions which returns an EventHubsConnectionOptions instance that allows you to register a CertificateValidationCallback.
The Event Hubs Influencing SSL certificate validation sample demonstrates how to use it. More information is also available in the .NET documentation for RemoteCertificateValidationCallback.
When trying to run ready-api-soapui-testrunner via docker I get the above error, I am using a floating licence and can ping the server locally.
Below is the docker run command.
docker run --net=bridge --add-host=TESTDB:10.30.214.251 -v="$project_dir":/project -v="$project_dir":/reports -e LICENSE_SERVER="10.0.21.14:1099" -e COMMAND_LINE="-E TestEnv /readyapi-project" -it smartbear/ready-api-soapui-testrunner:latest
and also the output I am getting.
Please select the tool for which you want to get the floating license:
1. SoapUI Pro
2. LoadUI Pro
3. Secure (if you have an old license)
4. ServiceV Pro
5. VirtServer
6. ReadyAPI Bundle
7. TestEngine
8. swaggerhub
9. swaggerhub2
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$2 (file:/usr/local/SmartBear/ready-api-license-manager-1.3.2.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$2
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
ERROR: The license is invalid: Failed to get floating license. Reason: Failed to create HTTPS service for floating license server.
any help would be appreciated
So this issue turned out to be the container image not being compatible with my companies licencing server version. Specifing the smartbear/ready-api-soapui-testrunner:{version} fixed the issue.
We use a few P4Ant tasks to commit code to our perforce depots from within an Ant task. This has been working fine for months, however we recently changed our perforce server to only accept trusted/ssl connections.
As such, our new P4 port now looks like ssl:server_hostname:port and we’re getting an error when running our Ant task: non-numeric Perforce server port specifier: p4java://ssl:server_hostname:port .
From the P4Java api (which P4Ant uses under the hood), it seems that the connection should have looked like: p4javassl://server_hostname:port
Does the P4Ant library support SSL perforce ports? If so, how can I configure it to pass this port properly to p4java.
Regarding P4Ant and SSL, not as downloaded because it is bundled with a pre-2012.1 P4Java version. SSL support was added for P4Java versions 2012.1 and forward as noted in the release notes:
http://www.perforce.com/perforce/doc.current/user/p4javanotes.txt
It should work by using (replacing) the p4java.jar with the latest version.
See the following Knowledge Base article:
http://answers.perforce.com/articles/KB_Article/P4Ant--SSL-p4d
Also, you can check this article regarding your java installation in case you may also need the following:
http://answers.perforce.com/articles/KB_Article/Using-P4Java-and-P4Eclipse-with-SSL-enabled-Perforce-Servers
I am using eclipse juno 4.2.1 and IBM worklight 6.0 on my mac mini. since yesterday I am trying to build and deploy my application but its giving me "Worklight application builder" error.
here is the log:
An internal error occurred during: "Worklight application builder".
loader constraint violation: when resolving method "org.apache.commons.io.FileUtils.iterateFiles(Ljava/io/File;Lorg/apache/commons/io/filefilter/IOFileFilter;Lorg/apache/commons/io/filefilter/IOFileFilter;)Ljava/util/Iterator;" the class loader (instance of org/eclipse/osgi/internal/baseadaptor/DefaultClassLoader) of the current class, com/worklight/builder/skins/impl/SkinBuilderImpl, and the class loader (instance of org/eclipse/osgi/internal/baseadaptor/DefaultClassLoader) for resolved class, org/apache/commons/io/FileUtils, have different Class objects for the type o/filefilter/IOFileFilter;Lorg/apache/commons/io/filefilter/IOFileFilter;)Ljava/util/Iterator; used in the signature
and console shows this message :
[2013-09-25 15:18:46] Starting build process: application 'TestApp', all environments
[2013-09-25 15:18:46] com.worklight.shared.common.messages:tgn309.trigyn.com: tgn309.trigyn.com: nodename nor servname provided, or not known
java.net.InetAddress.getLocalHost(InetAddress.java:1466)
com.worklight.common.util.GeneralUtil.scanIPAddresses(GeneralUtil.java:581)
com.worklight.common.util.GeneralUtil.scanIPAddresses(GeneralUtil.java:549)
com.worklight.common.util.GeneralUtil.getIPscanResults(GeneralUtil.java:642)
com.worklight.studio.plugin.utils.WSTServers.getServerHost(WSTServers.java:174)
com.worklight.studio.plugin.utils.WSTServers.getServerURL(WSTServers.java:661)
com.worklight.studio.plugin.launch.build.apps.WorkspaceApplicationBuilder.buildApplication(WorkspaceApplicationBuilder.java:325)
com.worklight.studio.plugin.launch.build.apps.WorkspaceApplicationBuilder.runInWorkspace(WorkspaceApplicationBuilder.java:158)
org.eclipse.core.internal.resources.InternalWorkspaceJob.run(InternalWorkspaceJob.java:38)
org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
[2013-09-25 15:18:46] FWLPL0010W: "localhost" was detected from the target server configuration. Using the primary IP address of the host machine, 10.30.1.102, to build the Worklight application(s). Consider using a fully qualified hostname (avoid using "localhost") or a valid IP address instead. The value can be modified by opening the configuration editor of Worklight Development Server from the "Servers" view.
Any help would be appreciated.
Try the suggestion given in the following answer, as it seems somewhat related based on the error in your question: IBM Worklight 6.0 - Migration Issue after importing a project
Copy/paste:
Please try to find if you have apache commons IO installed in your
Eclipse plugin directory. That's the source of the conflict.
If you can, please try to:
stop the Eclipse
move the apache commons IO out of the plugin dir
start Eclipse, then close it
move the commons IO back into the plugin dir
Start Eclipse