Not logged in. · Lost password · Register
Page:  1  2  next 

All posts by Exzellius (26)

topic: Apache + Kerberos + SSO  in the forum: General Help and Support Server Setup
Avatar
Exzellius #1
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
Subject: same problem, no smartcard
Hey there,

I wanted to activate SSO for my wiki and ran into the same issue that anqk described (except the smartcard):
authentication via kerberos is working, SSO is not :(

I am running the current stable release Greebo
I am running authchained as I need authad & authplain to work unisono, authad is preferred
browser-config seems to be ok

Config-Files:
/etc/krb5.conf
[libdefaults]
    # "dns_canonicalize_hostname" and "rdns" are better set to false for improved security.
    # If set to true, the canonicalization mechanism performed by Kerberos client may
    # allow service impersonification, the consequence is similar to conducting TLS certificate
    # verification without checking host name.
    # If left unspecified, the two parameters will have default value true, which is less secure.
#    dns_canonicalize_hostname = false
#    rdns = false
    default_realm = AA.BB.CC
    dns_lookup_kdc = true
    forwardable = true

[realms]

[domain_realm]
.aa.bb.cc = AA.BB.CC
aa.bb.cc = AA.BB.CC

[logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmind.log
    default = SYSLOG:NOTICE:DAEMON

/srv/www/htdocs/dokuwiki/conf/local.protected.php
<?php
/**
 * Protected settings
 * Do override DokuWiki default settings and local settings from Config Manager
 */

$conf['useacl']         = 1;
$conf['authtype']       = 'authchained';

$conf['plugin']['authad']['account_suffix']     = '@aa.bb.cc';
$conf['plugin']['authad']['base_dn']            = 'DC=aa,DC=bb,DC=cc';
$conf['plugin']['authad']['domain_controllers'] = 'DC1.aa.bb.cc, DC2.aa.bb.cc';

#$conf['plugin']['authad']['ad_username']        = 'USER';
#$conf['plugin']['authad']['ad_password']        = 'PASSWORD';
$conf['plugin']['authad']['sso']                = 1;
$conf['plugin']['authad']['admin_username']                = 'USER';
$conf['plugin']['authad']['admin_password']                = 'PASSWORD';
$conf['plugin']['authad']['use_ssl']            = 1;
$conf['plugin']['authad']['debug']              = 1;
$conf['plugin']['authad']['recursive_groups']   = 1;
date_default_timezone_set("Europe/Berlin");

/etc/apache2/vhosts.d/hostname.conf
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.2/mod/mod_ssl.html>

<IfDefine SSL>
        <IfDefine !NOSSL>
                <VirtualHost hostname.aa.bb.cc:443>
                        DocumentRoot "/srv/www/htdocs/"
                        ErrorLog /var/log/apache2/error_log
                        TransferLog /var/log/apache2/access_log
                        SSLEngine on
                        SSLProtocol all -SSLv2 -SSLv3
                        SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
                        SSLCertificateFile /etc/apache2/Zertifikate/hostname.crt
                        SSLCertificateKeyFile /etc/apache2/Zertifikate/hostname.key
                        SSLCertificateChainFile /etc/apache2/Zertifikate/hostname_chain.crt
                        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                                SSLOptions +StdEnvVars
                        </Files>
                        <Directory "/srv/www/cgi-bin">
                                SSLOptions +StdEnvVars
                        </Directory>
                        CustomLog /var/log/apache2/ssl_request_log   ssl_combined


                        <Location /srv/www/htdocs>
                                AuthType Kerberos
                                AuthName "Kerberos"
                                KrbAuthRealms AA.BB.CC
                                KrbServiceName HTTPS/HOSTNAME@AA.BB.CC
                                Krb5Keytab /srv/www/htdocs/dokuwiki/krb5.keytab
                                KrbMethodNegotiate On
                                KrbMethodK5Passwd On
                                KrbSaveCredentials On
                                require valid-user
                        </Location>


                </VirtualHost>
        </IfDefine>
</IfDefine>

any ideas why SSO might not be working?

Thanks in advance
Dominik
topic: Active Directory Authentication Failed  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #2
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 65614
Hi,

maybe you need to install a additional Php-Plugin for communication with AD?
I am running dokuwiki on linux and needed to install php7-ldap to get ad-authentication working.

Greetings Dominik
topic: Apache + Kerberos + SSO  in the forum: General Help and Support Server Setup
Avatar
Exzellius #3
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 65629
Hi,

if you want to use 2 auth plugins at once, I can recommend the plugin authchained
Link: https://www.dokuwiki.org/plugin:authchained

here you can configure multiple auth sources that need to be available

don't know if this helps

Greetings
Dominik
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #4
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 65592
Well ... shame on me
Upgrading to the latest version of Dokuwiki (Greebo) fixed the issue for installing/upgrading plugins.
Thanks everyone for the help, I guess I made this more complicated that I needed to, sorry for that :/

Greetings
Dominik
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #5
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 65590
Might be the case,
I'll try updating the broken one to a newer release and check if the problem stays.
This post was edited on 2019-04-09, 15:34 by Exzellius.
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #6
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64837
Hey there

it's been a while since my last update on this topic.
I exerimented with a lot of stuff, uncluding other distros, other versions of dokuwiki, fresh installs, migrations etc.etc.

the big picture right now looks like the following:
OS: SLES12 SP4
Hostname: viswiki01
Apache Version: 2.4.23-29.27.2
PHP Version: 7.0.7-50.56.2
PHP Plugins Installed: php7-ctype, php7-dom, php7-iconv, php7-json, php7-ldap, php7-mcrypt, php7-openssl, php7-pdo, php7-sqlite, php7-tokenizer, php7-xmlreader, php7-xmlwriter, php7-zlib
OpenSSL Version: 1.0.2p-3.3.1

there are 2 Dokuwiki-Releases under /srv/www/htdocs/
one is dokuwiki_functioning
Dokwuki-Release: 2018-04-22b "Greebo"
one is dokuwiki_broken
Dokuwiki-Release: 2017-02-19b "Frusterick Manners"

as the names let you think, one of them is working fine, one of them is not working.

quick recap: the issue is upon clicking the Update/Install Button for any Plugin, the error
"Download der Datei: https://github.com/rztuc/dokuwiki-plugin-authchained/archi… nicht möglich."
gets displayed, this happens with the broken one, not with the functioning one

so there needs to be a difference in how these two folders/Releases behave when interacting with github I guess ...
I can zip the folders and upload them if anyone is interested in the issue

I have looked in both folders and can't find any difference between broken and functioning which would cause this, but I am no php-developer :/

I would simply use the functioning one but this is a fresh install of dokuwiki, so none of my pages, media, revisions etc are in there.

does anyone have any idea on how to solve this?

Every help is appreciated.
Greetings
Dominik
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #7
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64832
Hi,

that gives me
Zlib gzopen exists : no :-(
so I guess I need to install the gzip plugin for php or something?
gzip is installed on the system, same for the php7-zip plugin
viswiki01:~/dokuwiki # zypper se zip
Reading installed packages...

S  | Name             | Summary                                                     | Type
---+------------------+-------------------------------------------------------------+--------
i  | bzip2            | A Program for Compressing Files                             | package
   | bzip2-doc        | The bzip2 program and Library Documentation                 | package
i  | gzip             | GNU Zip Compression Utilities                               | package
   | libzip-devel     | C library for reading, creating, and modifying zip archives | package
   | libzip2          | C library for reading, creating, and modifying zip archives | package
   | libzzip-0-13     | Free zip compression library with easy to use API           | package
   | p7zip            | 7-zip file compression program                              | package
   | perl-Archive-Zip | Provide an interface to ZIP archive files.                  | package
   | php5-zip         | PHP5 Extension Module                                       | package
i+ | php7-zip         | PHP7 Extension Module                                       | package
i  | unzip            | A program to unpack compressed files                        | package
i  | zip              | File compression program                                    | package
   | zziplib-devel    | Free zip compression library with easy to use API           | package
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #8
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64828
Hi,

ok this helped a lot, now I got a file that is causing the 500-return
I followed the guide here: https://stackoverflow.com/questions/845021/how-to-get-usef…
to set php7 to verbose
following error was posted instead of the 500 return:
Fatal error: Uncaught Error: Call to undefined function splitbrain\PHPArchive\gzopen() in /srv/www/htdocs/dokuwiki/vendor/splitbrain/php-archive/src/Zip.php:206 Stack trace: #0 /srv/www/htdocs/dokuwiki/lib/plugins/extension/helper/extension.php(1058): splitbrain\PHPArchive\Zip->extract('/srv/www/htdocs...') #1 /srv/www/htdocs/dokuwiki/lib/plugins/extension/helper/extension.php(870): helper_plugin_extension_extension->decompress('/srv/www/htdocs...', '/srv/www/htdocs...') #2 /srv/www/htdocs/dokuwiki/lib/plugins/extension/helper/extension.php(579): helper_plugin_extension_extension->installArchive('/srv/www/htdocs...', true, 'splitbraindokuw...') #3 /srv/www/htdocs/dokuwiki/lib/plugins/extension/admin.php(117): helper_plugin_extension_extension->installFromUpload('installfile') #4 /srv/www/htdocs/dokuwiki/inc/actions.php(171): admin_plugin_extension->handle() #5 /srv/www/htdocs/dokuwiki/doku.php(123): act_dispatch() #6 {main} thrown in /srv/www/htdocs/dokuwiki/vendor/splitbrain/php-archive/src/Zip.php on line 206

Greetings
Dominik
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #9
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64825
Hi,

I checked for zip in phpinfo, found the following:
Apache Environment
=============
HTTP_ACCEPT_ENCODING    gzip, deflate, br

HTTP Headers Information
================
Accept-Encoding    gzip, deflate, br

PHP Variables
========
$_SERVER['HTTP_ACCEPT_ENCODING']    gzip, deflate, br

Module Authors
==========
Bzip2    Sterling Hughes
Zip    Pierre-Alain Joye, Remi Collet
is that fine?

also here are the permissions on lib/tpl and lib/plugins and a ps -ef | grep -e apache -e http -e php
viswiki01:~/dokuwiki # ls -ltra
total 100
-rwxr-xr-x  1 wwwrun www  18092 Aug 23  2015 COPYING
drwxr-xr-x  8 wwwrun www    104 Nov 27  2015 lib
-rwxr-xr-x  1 wwwrun www  19374 Jul 14  2016 feed.php
-rwxr-xr-x  1 wwwrun www    306 Jul 14  2016 README
-rwxr-xr-x  1 wwwrun www  20700 May 26  2017 install.php
-rwxr-xr-x  1 wwwrun www     33 May 26  2017 VERSION
drwxr-xr-x  8 wwwrun www    141 Sep 19  2017 vendor
drwxr-xr-x 12 wwwrun www    236 Mar 28  2018 data
-rwxr-xr-x  1 wwwrun www   3673 Jan 18 09:22 doku.php
drwxr-xr-x  2 wwwrun www    142 Jan 18 09:25 bin
-rwxr-xr-x  1 root   root   381 Feb  4 08:59 test.php
-rwxr-xr-x  1 wwwrun www   2097 Feb  4 09:06 index.php
drwxr-xr-x  7 wwwrun www   4096 Feb  4 09:10 inc
-rwxr-xr-x  1 wwwrun www   1868 Feb  4 09:49 .htaccess
-rwxr-xr-x  1 root   root    32 Feb 11 07:02 phpinfo.php
drwxr-xr-x  8 wwwrun www    241 Feb 11 07:36 .
drwxr-xr-x  7 root   root   131 Feb 12 13:40 ..
drwxr-xr-x  5 wwwrun www   4096 Feb 12 13:49 conf
viswiki01:~/dokuwiki # cd lib/
viswiki01:~/dokuwiki/lib # ls -ltra
total 16
-rwxr-xr-x  1 wwwrun www  241 Aug 23  2015 index.html
drwxr-xr-x  3 wwwrun www 4096 Nov 27  2015 scripts
drwxr-xr-x  8 wwwrun www 4096 Nov 27  2015 images
drwxr-xr-x  8 wwwrun www  104 Nov 27  2015 .
drwxr-xr-x  2 wwwrun www  205 May 26  2017 exe
drwxr-xr-x  2 wwwrun www  108 Aug 30  2017 styles
drwxr-xr-x  3 wwwrun www   39 Aug 30  2017 tpl
drwxr-xr-x  8 wwwrun www  241 Feb 11 07:36 ..
drwxr-xr-x 35 wwwrun www 4096 Feb 12 13:50 plugins
viswiki01:~/dokuwiki/lib # ls -ltra plugins/
total 44
-rwxr-xr-x  1 wwwrun www   4438 Aug 23  2015 syntax.php
-rwxr-xr-x  1 wwwrun www    244 Aug 23  2015 index.html
-rwxr-xr-x  1 wwwrun www    665 Aug 23  2015 action.php
drwxr-xr-x  6 wwwrun www    233 Nov 27  2015 wrap
drwxr-xr-x  2 wwwrun www     47 Nov 27  2015 safefnrecode
drwxr-xr-x  2 wwwrun www     47 Nov 27  2015 info
drwxr-xr-x  8 wwwrun www    104 Nov 27  2015 ..
drwxr-xr-x  6 wwwrun www    207 Jan 26  2016 gallery
drwxr-xr-x  3 wwwrun www    225 Jan 26  2016 vshare
drwxr-xr-x  7 wwwrun www    212 Jan 26  2016 tag
drwxr-xr-x  7 wwwrun www    255 Apr 21  2016 include
drwxr-xr-x  5 wwwrun www    221 Apr 26  2016 blog
-rwxr-xr-x  1 wwwrun www   3124 Jul 14  2016 remote.php
-rwxr-xr-x  1 wwwrun www  15450 Jul 14  2016 auth.php
drwxr-xr-x 10 wwwrun www    224 Jan  3  2017 move
drwxr-xr-x  3 wwwrun www     97 Feb 15  2017 color
drwxr-xr-x  4 wwwrun www    154 Mar 13  2017 loglog
drwxr-xr-x  4 wwwrun www    147 Apr 13  2017 csv
drwxr-xr-x  4 wwwrun www    104 Apr 13  2017 newpagetemplate
drwxr-xr-x  4 wwwrun www    123 May 26  2017 usermanager
drwxr-xr-x  3 wwwrun www    174 May 26  2017 styling
drwxr-xr-x  3 wwwrun www     75 May 26  2017 revert
drwxr-xr-x  3 wwwrun www    111 May 26  2017 popularity
drwxr-xr-x  5 wwwrun www    172 May 26  2017 extension
-rwxr-xr-x  1 wwwrun www   2571 May 26  2017 admin.php
drwxr-xr-x  5 wwwrun www    101 Aug 17  2017 forcessllogin
drwxr-xr-x  8 wwwrun www    272 Sep  7  2017 dw2pdf
drwxr-xr-x  5 wwwrun www    212 Oct  9  2017 hidden
drwxr-xr-x  7 wwwrun www    216 Oct 19  2017 bureaucracy
drwxr-xr-x  4 wwwrun www    179 Dec 22  2017 cloud
drwxr-xr-x  3 wwwrun www    135 Jan 16  2018 rdplink
drwxr-xr-x  5 wwwrun www    101 Jan 31  2018 authad
drwxr-xr-x  3 wwwrun www     57 Jan 31  2018 authplain
drwxr-xr-x  5 wwwrun www    122 Jan 31  2018 config
drwxr-xr-x  4 wwwrun www    106 Jan 31  2018 authchained
drwxr-xr-x  4 wwwrun www    127 Feb  8  2018 addnewpage
drwxr-xr-x  4 wwwrun www    135 Feb  8  2018 pagelist
drwxr-xr-x  4 wwwrun www    156 Mar  5  2018 acl
drwxr-xr-x  3 wwwrun www    159 Jan 24 23:43 upgrade
drwxr-xr-x  4 root   root   140 Feb 12 13:50 temp
drwxr-xr-x 35 wwwrun www   4096 Feb 12 13:50 .
viswiki01:~/dokuwiki/lib # ls -ltra tpl/
total 4
-rwxr-xr-x 1 wwwrun www 2084 Aug 23  2015 index.php
drwxr-xr-x 8 wwwrun www  104 Nov 27  2015 ..
drwxr-xr-x 3 wwwrun www   39 Aug 30  2017 .
drwxr-xr-x 5 wwwrun www  204 Aug 30  2017 dokuwiki
viswiki01:~/dokuwiki/lib # ps -ef | grep -e apache -e http -e php
root      1678     1  0 Feb12 ?        00:00:02 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    1815  1678  0 Feb12 ?        00:00:01 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    1816  1678  0 Feb12 ?        00:00:01 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    1817  1678  0 Feb12 ?        00:00:00 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    1818  1678  0 Feb12 ?        00:00:01 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    1819  1678  0 Feb12 ?        00:00:02 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    2562  1678  0 Feb12 ?        00:00:01 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    2563  1678  0 Feb12 ?        00:00:00 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
wwwrun    2564  1678  0 Feb12 ?        00:00:00 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf -DSYSTEMD -DFOREGROUND -k start
root     20515 19380  0 07:40 pts/0    00:00:00 grep --color=auto -e apache -e http -e php
getenforce doesn't exist on the system, so I guess no selinux?

###EDIT
oh right the logfiles
I checked those too, /var/log/apache2/error_log /var/log/apache2/ssl_request_log /var/log/apache2/access_log
no activity to see in these files when I get the http 500 error except the posting of the 500-page
###EDIT END

I'll try next to upgrade manually by copying the files to the server and upgrade dokuwiki this way to see if that resolves the issue.
I will however take a backup of the current dokuwiki-folder to recreate the issue if needed.

Thanks
Dominik
This post was edited on 2019-02-13, 07:33 by Exzellius.
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #10
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64820
So I tried upgrading the plugins "manually" by downloading the zip-Files and giving it to the "manual install" option as suggested by you Michaelsy
the problem with that is, that I get an error that seems odd, like the apache is blocking something or crashing :/ error-screenshot attached to this post
I will try now to complete manual install the plugin
any idea why apache seems to have a problem with the .zip-File?
The author has attached one file to this post:
Dokuwiki-patch-error.png 23.6 kBytes
You have no permission to open this file.
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #11
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64817
Hi,

I downloaded you package and unzipped it in /srv/www/htdocs (not a good location but it doesn't matter for this test)
I gave it 777 permissions to be sure it is readable etc...
then I changed capath in my /etc/php7/apache2/php.ini to look like this
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=/etc/ssl/ca-bundle.pem

; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=/etc/ssl/certs
openssl.capath=/srv/www/htdocs/hashed
after that I restarted the apache2 and it changed nothing
to be sure I restarted the whole server and also no result

so I guess the certs are not the main issue here?

Greetings
Dominik
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #12
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64809
Hi,

I can see the following in /etc/php7/apache2/php.ini:
;curl.cainfo =
;openssl.capath=

my question would be: what do I need to fill these with?
do I need to fill these with the CA-certs of my company or do I need to fill these with another CA-cert?

I am not the expierenced person with Certificates, sorry :/

###EDIT
I changed the parameter in /etc/php7/apache2/php.ini to the path where the certs get stored in my OS (SLES12 SP4)
now phpinfo shows the following:
Directive    Local Value    Master Value
openssl.capath    /usr/share/pki/trust/    /usr/share/pki/trust/
but unfortunately still not able to download from github :/
###EDIT END

###EDIT2
I noticed that this might not be the correct directory as this parameter needs the hashed certs, so I changed it again but still not able to download
now phpinfo shows the following:
Directive    Local Value    Master Value
openssl.cafile    /etc/ssl/ca-bundle.pem    /etc/ssl/ca-bundle.pem
openssl.capath    /etc/ssl/certs    /etc/ssl/certs
###EDIT2 END

Greetings
Dominik
This post was edited 3 times, last on 2019-02-11, 10:02 by Exzellius.
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #13
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64807
Thanks.
From your file:

openssl.cafile => no value => no value
openssl.capath => no value => no value

I've seen that too,
how can I get this changed tho?
I have seen your link above "http://php.net/manual/en/openssl.configuration.php",
but I am a little clueless on what to do with the information given on that page.

I guess my question formed clearer would be: what is my cafile and capath? theoretically php should use the default ca's for my os right?
This post was edited on 2019-02-11, 09:33 by Exzellius.
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #14
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64805
Hi,

I'll attach my complete phpinfo :)
hope that helps

Greetings
Dominik
The author has attached one file to this post:
phpinfop.txt 25.3 kBytes
You have no permission to open this file.
topic: can't update plugins (solved) (download of plugin packages failes)  in the forum: General Help and Support Installation and Configuration
Avatar
Exzellius #15
Member since Jan 2019 · 26 posts · Location: Bamberg
Group memberships: Members
Show profile · Link to this post
In reply to post ID 64782
Hi,

Quote by turnermm on 2019-02-08, 15:48:
Create an index.php file with the following:

<?php
phpinfo();

See if it has current openssl support.  It's possible it wasn't updated when you updated your php.

did that, where can I see if it has openssl support?
I see the following lines that could indicate that:
PHP Version 7.0.7
===========
Registered Stream Socket Transports    tcp, udp, unix, udg, ssl, sslv3, sslv2, tls, tlsv1.0, tlsv1.1, tlsv1.2

mysqlnd
=====
core SSL    supported
extended SSL    not supported

openssl
=====
OpenSSL support    enabled
OpenSSL Library Version    OpenSSL 1.0.2p-fips 14 Aug 2018
OpenSSL Header Version    OpenSSL 1.0.1i-fips 6 Aug 2014
Openssl default config    /etc/ssl/openssl.cnf

PHP Variables
========
$_SERVER['SSL_VERSION_INTERFACE']    mod_ssl/2.4.23
$_SERVER['SSL_VERSION_LIBRARY']    OpenSSL/1.0.2p-fips

Thanks again
Dominik
Close Smaller – Larger + Reply to this post:
Special characters:
Page:  1  2  next 
Special queries
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-09-16, 22:43:29 (UTC +02:00)