Custom Query (196 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (127 - 129 of 196)

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
Ticket Owner Reporter Resolution Summary
#343 cereslee adehnert duplicate Autoinstalled apps should read the sql password out of my.cnf
Description

In order to ease password changes (see also #227), follow DRY, etc., autoinstalled apps should read the sql password out of ~/.sql/my.cnf rather than copying it into the app config.

For Django, https://docs.djangoproject.com/en/dev/ref/databases/#connecting-to-the-database may be helpful.

#346 adehnert fixed Graph sql connection count with munin
Description

#328 added nagios monitoring of used connections. In tuning those thresholds (and for fun), it would be nice if munin graphed the number of (total and max per-user) connections to sql as well.

#349 presbrey invalid TLS SNI alerts on LDAP vhosts
Description

void is a scripts-vhost: 

presbrey@dr-wily:~$ host void.mit.edu
void.mit.edu is an alias for SCRIPTS-VHOSTS.mit.edu.
SCRIPTS-VHOSTS.mit.edu has address 18.181.0.46

that fails to handshake: 

presbrey@dr-wily:~$ curl -k https://void.mit.edu/
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

even though scripts-vhosts itself works: 

presbrey@dr-wily:~$ curl -kv https://scripts-vhosts.mit.edu/
* About to connect() to scripts-vhosts.mit.edu port 443 (#0)
*   Trying 18.181.0.46... connected
* Connected to scripts-vhosts.mit.edu (18.181.0.46) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*        subject: serialNumber=sKLt5io360jM-oAd2EGLNK0EraXwXE46; C=US; ST=Massachusetts; L=Cambridge; O=Massachusetts Institute of Technology; OU=scripts.mit.edu web hosting service; CN=scripts.mit.edu
*        start date: 2011-05-24 11:40:52 GMT
*        expire date: 2016-06-24 16:28:06 GMT
*        subjectAltName does not match scripts-vhosts.mit.edu
> GET / HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
> Host: scripts-vhosts.mit.edu
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 28 Feb 2013 02:21:46 GMT

The problem has to do with TLS SNI extensions. TLS Alert 1112 is Level 1 (Warning) and Code 112 (Unrecognized name). This error is intended to notify the client that the server may not do what the client is expecting when the server does not recognize the SNI hostname passed by the client.

The server-side TLS SNI that validates "recognized" hostnames apparently only checks against hardcoded ServerName?(s) and ServerAlias?(s), and fails to locate LDAP vhosts as valid SNI targets.

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
Note: See TracQuery for help on using queries.