getting SSL_connect ... sslv3 alert handshake failure when using .p12 file ruby - ruby-on-rails

I'm trying to use a p12 file and password to open an https page using RestClient in ruby.
p12 = OpenSSL::PKCS12.new(File.read("#{RAILS_ROOT}/file.p12"), "pass")
resp = RestClient::Resource.new(url, :ssl_client_key => p12.key).get
than I get:
SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert handshake failure
(RestClient is not mandatory - anything else will do)
what am I missing?

You must install openssl package and reinstall ruby.
Not sure that important:
rmdir $rvm_path/usr/ssl/certs
ln -s /etc/ssl/certs $rvm_path/usr/ssl
Necesery:
rvm pkg install openssl
rvm <(if exist) re>install <RUBY_VERSION> --with-openssl-dir=$rvm_path/usr

You need to import your file.p12 file into your nssdb location.
mkdir /root/nssdb
pk12util -i /path-to/your/file.p12 -d /root/nssdb
certutil -L -d /root/nssdb/
export SSL_DIR = /root/nssdb
curl -X POST -H "Content-Type: text/xml" --data "#{xml}" --cert cert:password "https://yoururl.com" -v -k
chmod -R 777 /root/nssdb
chown -R user /root/nssdb
Embed this curl call in your ruby client. It will work.
Note: If you are using a different ssl version you need to add --tlsv1.0 to the curl command

Related

smartcard + configfile: how to avoid error "File name too long"?

I am trying to change my openconnect usage from command line to configfile.
I need to use a smartcard (StarSign CUT S, from Giesecke & Devrient GmbH) in order to access my VPN.
My current command line works fine and I can connect to the VPN:
$ openconnect \
--authgroup=<my_gateway> \
--protocol=gp \
--servercert <...> \
--disable-ipv6 \
--cafile <file.pem> \
<my_server_url> \
-c "pkcs11:model=XXXXXXXXXXXXXXXX;manufacturer=A.E.T.%20Europe%20B.V.;serial=XXXXXXXXXXXXXXXX;token=XXXXXXXXX;id=<...>;object=<...>;type=cert"
But when I try this configfile:
(All arguments are exactly the same!)
# vpn.config
authgroup = <my_gateway>
protocol = gp
servercert = <...>
disable-ipv6
cafile = <file.pem>
server = <my_server_url>
certificate = "pkcs11:model=XXXXXXXXXXXXXXXX;manufacturer=A.E.T.%20Europe%20B.V.;serial=XXXXXXXXXXXXXXXX;token=XXXXXXXXX;id=<...>;object=<...>;type=cert"
I get this error:
$ openconnect --config=vpn.config
Failed to open key/certificate file <...>: File name too long
Loading certificate failed. Aborting.
Failed to open HTTPS connection to <...>
Failed to complete authentication
Any idea on how to make it work? Or is it a bug in openconnect?
Thanks.
PS 1:
$ openconnect --version
OpenConnect version v9.01
Using GnuTLS 3.7.7. Features present: PKCS#11, HOTP software token, TOTP software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /etc/vpnc/vpnc-script
PS 2: All commands executed as root.
Remove the double quotes from the configuration file:
# vpn.config
...
certificate = pkcs11:model=XXXXXXXXXXXXXXXX;manufacturer=A.E.T.%20Europe%20B.V.;serial=XXXXXXXXXXXXXXXX;token=XXXXXXXXX;id=<...>;object=<...>;type=cert

electron-osx-sign is not working

I'm trying to sign my electron app using electron-osx-sign:
electron-packager . $APP --platform=darwin --arch=x64 \
--out dist \
--ignore=build \
--ignore=config/development.json \
--overwrite \
--prune \
--icon=appicon.icns \
--app-bundle-id="com.example.myapp" \
--build-version=$BUILD --app-version=$VERSION \
electron-osx-sign "dist/myapp/myapp.app" \
--identity="$DEVELOPER_KEY"
it keeps showing the following error:
Command failed: codesign --sign Developer ID Application: XXXXXXXXXX --force dist/myapp/myapp.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
where Developer ID Application: XXXXXXXXXX is a valid cert.
My electron-osx-sign version is 0.4.4 and electron-packager is 8.0.0
Anyone can help?
Thanks.
After some googling, it seems there are some problems using codesign on macOS 10.12,
Please refer to this post.
I've also post the solution in this link on the electron-osx-sign GitHub issue page.

HomeBrew link error

Hello i have a problem with HomeBrew . I issue a command :
Ahmet-MacBook:libmbdb ahmetmahmodo$ brew link openssl --force
Warning: Refusing to link: openssl
Linking keg-only openssl means you may end up linking against the insecure,
deprecated system OpenSSL while using the headers from Homebrew's openssl.
Instead, pass the full include/library paths to your compiler e.g.:
-I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib
Ahmet-MacBook:libmbdb ahmetmahmudo$
What should i do ?
I need this command . I reject compile with -I and -L command
Create a symlink :
ln -s /usr/local/Cellar/openssl/{version}/include/openssl /usr/local/include/openssl

Read all HTTP URLs from PCAp file

I try to get Read all HTTP URLs from PCAp file using this command line command:
tshark -R -e http.request.uri -r C:file.pcap
And got the message
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
What's wrong with my filter ?
Using the filter as single pass, like suggested, does it for me:
tshark -Y http.request.uri -r capturefile

Rails SSL certificate issue + mysterious "curl: Remote file name has no length!" from RVM

My rails app seems to be running up until it receives the OAuth callback from Soundcloud. At that very moment, I get:
Faraday::SSLError
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
So I tried to update the ssl certificates on my mac using rvm:
rvm osx-ssl-certs update all
But I get the following strange result:
rvm osx-ssl-certs update all
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
Updating certificates for /System/Library/OpenSSL/cert.pem: Already are up to date.
Updating certificates for /usr/local/etc/openssl/cert.pem: Already are up to date.
Updating certificates for /etc/openssl/cert.pem: Already are up to date.
I guess certs download fail because the error remains.
I may found the start of a solution in the section "curl failing, 'curl is' ?!" of RVM troobleshooting page, but I don't understand how to apply it.
Why does curl display this message? Do anyone know how to solve it?
Solve thanks to https://github.com/wayneeseguin/rvm/issues/2861
To solve it: rvm get head

Resources