Search Results

Search found 29495 results on 1180 pages for 'cross site scripting'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 831/1180 | < Previous Page | 827 828 829 830 831 832 833 834 835 836 837 838  | Next Page >

  • Windows Embedded Compact 7

    - by Valter Minute
    This will be the official name of the new release of Windows CE. Windows Embedded Compact 7 is available as a public CTP and it already supports a wide range of CPUs and both the device emulator and VirtualPC emulated environments. So I’ll have to learn a new (and longer) name for my favorite OS… but I (and all my two readers!) will be able to test it as soon as the download from connect web site completes (I'm sorry for my readers, but you'll have to download it by yourselves). Here’s a link for the download (it's free but you’ll have to register on connect with a valid LiveId): https://connect.microsoft.com/windowsembeddedce Remember that this is still a beta (or “Community Technology Preview” if you speak marketing language) and so it’s better to not install it on your main development PC (or, at least, backup everything before installation) and that the features and performances you’ll get from this beta may not be the same ones of the final release of the OS. You can discover the new features of Windows Embedded Compact on the new “official” webpage on microsoft website: http://www.microsoft.com/windowsembedded/en-us/products/windowsce/compact7.mspx or on Olivier’s blog: http://blogs.msdn.com/b/obloch/archive/2010/06/01/windows-embedded-compact-7-announced-and-public-ctp-available.aspx I hope to be able to post some interesting content about Windows Embedded Compact 7 soon (and maybe be able to shorten it’s name in CE7 in my blog posts, when I'll ensure that both my readers are not worketing for Microsoft's marketing department …). Technorati Tags: "Windows Embedded Compact 7"

    Read the article

  • IE8 HTTPs Download Issue

    - by Jon Egerton
    I have a problem with a system I develop related to IE8 downloading over SSL (ie on sites using https://...) and is described on this MS kb article: http://support.microsoft.com/kb/323308 We use the HTTPCacheability.NoCache option as the data being downloaded is sensitive, and is downloaded from a secured site. I don't want that data to be cached on any of the proxies etc that the response passes through back to the client. The article describing the issue details a fix to the client side registry changing a BypassSSLNoCacheCheck setting. I don't want to loosen the system security just for IE8, as the system works fine on anything more upto date. Getting all the clients to apply the hotfix is difficult at best, and impossible at worst. We need to support IE8 in the system, at least for now. So: 1: Does the detailed hotfix have any implications for the security at the browser end in IE8 - does it mean the file will be cached? (in a place other than where the user saves the file). 2: Is there some way I can get these files downloadable with a change at the server end that doesn't break the security side of things?

    Read the article

  • How do I connect my Samsung 6 Series TV to network through a proxy?

    - by JGC
    I have a Samsung 6 series LCD TV which can connect to internet by LAN. When I connect my TV to my Windows 7 laptop which get its internet from AS share it, it can connect to the Internet. My TV can connect to YouTube, but in my country this site is filtered. I want to use an antifilter(proxy) program to bypass the filtering. The problem is the TV does not recognize the proxy port or program. How can I configure the TV or the network to use the proxy?

    Read the article

  • Citrix and WPF, blue window

    - by Ian
    We are building WPF applications which will be deployed on Citrix. Currently you simply see a blue window under Citrix, although the app runs fine on the server itself. There do seem to be some issues detailed on the net. Citrix forum discussion Microsoft hot fix We've applied the hot fix but this does not appear to fix the problem for us at least. Also, found this identical question on this site, but it had been removed by the author, so no answers. I'm running citrix 4.5 on a Windows 2003 server. I am trying to publish a WPF app (any WPF app has this problem) and all I get is a blue rectangle where the app is supposed to be. The rectangle is the exact size and shape of the window I expect, but it is just blue (looks like the color of the citrix desktop background). Any ideas?

    Read the article

  • Clean URLS with mod rewrite and URL Encoded characters causes 404?

    - by Richard JP Le Guen
    I have a web site using mod_rewrite to get some clean urls and custom 404 pages. My .htaccess file looks like this: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?clean_url=$1 [QSA,L] </IfModule> What puzzles me is that if the URL contains a %2F (url-encoded /) the server seems to force a 404. As an example, http://example.com/category/article would be a normal article, but then http://example.com/category%2farticle gives a server-generated 404 page. (not the custom 404 page) I wouldn't have expected this... why this is happening? Is there a way around it?

    Read the article

  • Changing Launchpad username, and How to know what sites will be affected?

    - by Daniel Clem
    I am setting up my developer profile on Launchpad, and would like to change my username so it would be same as other sites I use, as well as better reflect me as a person. (that's a much more important thing than it sounds) I want to do this now while I can, because as I understand it, once I set up a PPA it will be impossible to change it due to the username being locked into the PPA URL's to prevent breakages and other problems. But when trying to change my username, it warned me with this message. "Changing your name will change your public OpenID identifier. This means that you might be locked out of certain sites where you used it, or that somebody could create a new profile with the same name and log in as you on these third-party sites." How can I find out which sites will be locked out, and how to still change the username while preventing problems with other sites? Sorry if this is actually a question for Launchpad itself. But I don't know where to post questions like this on the Launchpad site. Edit I understand that it is an issue with OpenID. But how am I to know what sites will be affected? And how do i fix the problems this will cause? Can't I just reset the password (and as a side affect, re-establish the connection with the new username) using my email address?

    Read the article

  • Capgemini Global Business Process Management Report

    - by JuergenKress
    Welcome to the Capgemini Global Business Process Management (BPM) Report. This report is an exploration of key trends in BPM as seen by CXOs across a broad selection of sectors and geographies. BPM is perhaps at a tipping point - it’s certainly at an exciting stage in its evolution. As both an engineer and an Operational Research practitioner in my early career, and subsequently as a consultant, I have seen BPM through its development over the last 26 years. BPM has its roots in management practices such as Total Quality Management, Business Process Reengineering & Model Based Development; but the advent of the new generation of sophisticated modelling and process execution technologies has greatly enhanced BPM’s power to truly transform businesses. This has created one of the most rapidly growing and attractive market sectors for both services and technology. We see BPM as a critical management discipline that when executed against clear, cross organizational business objectives, can deliver exceptional value to that organization. However, we also see that the potential for BPM is not well understood. Our decision to conduct this global survey stemmed from discussions with our clients. We sought to gain a better impression of their understanding of BPM, how they measure its value, and how far it is prioritized within their Business and Technology Transformation efforts. This research confirms our belief that BPM needs to be a jointly owned Business and IT discipline. It also demonstrates that it is starting to gain significant traction in the market and investments are starting to pay dividends to the early adopters. At Capgemini we are being asked by our clients to help them simplify and improve their business models and the technology that supports them and we are already seeing BPM become an integral and key part of this proposition. Business Process Management is becoming ever more relevant to both large and small organizations in the current economic climate. At a time when many different market sectors are facing slow revenue growth, customer churn and increased pressures on costs, BPM becomes a critical weapon in the battle for efficiency and effectiveness in processes. Furthermore, in a challenging and changing business environment that is characterized by uncertainty, it allows organizations to adapt, be more agile and fleet of foot. Capgemini is seeing strong demand for BPM services in markets such as the USA, the UK, the Netherlands and France; and there are clear signs of increased interest in other geographies such as, Germany, Sweden, Spain, Italy and Australia. In sector terms, the financial services industry has led the way in BPM adoption over the recent past, driven by increased focus on customer- centricity and regulatory compliance. Other sectors, public sector, utilities, telco, retail and manufacturing are now not only catching up, but are starting o use BPM in new ways to create new business models to serve customers and outsmart the competition. The research findings also show however that this is a complex landscape, and we are not seeing adoption of BPM in a clear and consistent way. This report also looks at some of the barriers to adoption, with organizational silos being a major obstacle. Waters are further muddied by fragmented budgets, lack of clear governance and ownership and internal politics. The objective of our investment in this research project was to shed some light on these elements with a view to assisting organizations to create strategies that avoid or at least mitigate some of these barriers to success. Management of change in such endea vours is a key part in enabling the appropriate alignment of business and technology to support their transformation efforts. I hope that you find this report of benefit in the further adoption of Business Process Management. Get the full report here. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Technorati Tags: Capgemini,bpm report,bpm market,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

    Read the article

  • Firefox 3.6 performance increase tricks.......

    - by metal gear solid
    I use many Add-ons which helps me in Web development so i can't uninstall those addons. and usually I keep open lots of tabs in Firefox. And almost always keep Firefox on on my system. I use default profile only I always keep every addons and firefox itself updated. I found some addons to reduce memory use on Firefox addons site , but user reviews were not good for them still Is there any tested tricks to increase performance and reduce memory use of Firefox 3.6, which really works?

    Read the article

  • How can I force my browser to search Google in English?

    - by Tom Wijsman
    I'm too bored of seeing sites like Google and such show up in my native language, I would rather like them to be in English. Yet, I have to explicitly change the URL to .com and en and that kind of parameters in order for them to show up in English. Can I somehow force this? So, how is Google configured? However, it is set to English on the site itself so it has to be my browser: Then, how does my browser land up on non-english pages, like Google? It usually shows up in non-English when I'm performing a search, which uses: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q=%s When performing a search, it fills these variables in with non-english values. How can I tell my browser to fill these in with the English values? My Google Chrome options give preference to English:

    Read the article

  • nginx rewrite rule for using domain host to redirect to specific internal directory

    - by user85836
    I'm new to Nginx rewrites and looking for help in getting a working and minimal rewrite code. We would like to use urls like 'somecity.domain.com' on campaign materials and have the result go to city-specific content within the 'www' site. So, here are use cases, if the customer enters: www.domain.com (stays) www.domain.com domain.com (goes to) www.domain.com www.domain.com/someuri (stays the same) somecity.domain.com (no uri, goes to) www.domain.com/somecity/prelaunch somecity.domain.com/landing (goes to) www.domain.com/somecity/prelaunch somecity.domain.com/anyotheruri (goes to) www.domain.com/anyotheruri Here's what I've come up with so far, and it partially works. What I can't understand is how to check if there is no path/uri after the host, and I'm guessing there is probably a way better way to do this. if ($host ~* ^(.*?)\.domain\.com) { set $city $1;} if ($city ~* www) { break; } if ($city !~* www) { rewrite ^/landing http://www.domain.com/$city/prelaunch/$args permanent; rewrite (.*) http://www.domain.com$uri$args permanent; }

    Read the article

  • Minimum team development sizes

    - by MarkPearl
    Disclaimer - these are observations that I have had, I am not sure if this follows the philosophy of scrum, agile or whatever, but most of these insights were gained while implementing a scrum scenario. Two is a partnership, three starts a team For a while I thought that a team was anything more than one and that scrum could be effective methodology with even two people. I have recently adjusted my thinking to a scrum team being a minimum of three, so what happened to two and what do you call it? For me I consider a group of two people working together a partnership - there is value in having a partnership, but some of the dynamics and value that you get from having a team is lost with a partnership. Avoidance of a one on one confrontation The first dynamic I see missing in a partnership is the team motivation to do better and how this is delivered to individuals that are not performing. Take two highly motivated individuals and put them together and you will typically see them continue to perform. Now take a situation where you have two individuals, one performing and one not and the behaviour is totally different compared to a team of three or more individuals. With two people, if one feels the other is not performing it becomes a one on one confrontation. Most people avoid confrontations and so nothing changes. Compare this to a situation where you have three people in a team, 2 performing and 1 not the dynamic is totally different, it is no longer a personal one on one confrontation but a team concern and people seem more willing to encourage the individual not performing and express their dissatisfaction as a team if they do not improve. Avoiding the effects of Tuckman’s Group Development Theory If you are not familiar with Tuckman’s group development theory give it a read (http://en.wikipedia.org/wiki/Tuckman's_stages_of_group_development) In a nutshell with Tuckman’s theory teams go through these stages of Forming, Storming, Norming & Performing. You want your team to reach and remain in the Performing stage for as long as possible - this is where you get the most value. When you have a partnership of two and you change the individuals in the partnership you basically do a hard reset on the partnership and go back to the beginning of Tuckman’s model each time. This has a major effect on the performance of a team and what they can deliver. What I have seen is that you reduce the effects of Tuckman's theory the more individuals you have in the team (until you hit the maximum team size in which other problems kick in). While you will still experience Tuckman's theory with a team of three, the impact will be greatly reduced compared to two where it is guaranteed every time a change occurs. It's not just in the numbers, it's in the people One final comment - while the actual numbers of a team do play a role, the individuals in the team are even more important - ideally you want to keep individuals working together for an extended period. That doesn't mean that you never change the individuals in a team, or that once someone joins a team they are stuck there - there is value in an individual moving from team to team and getting cross pollination, but the period of time that an individual moves should be in month's or years, not days or weeks. Why? So why is it important to know this? Why is it important to know how a team works and what motivates them? I have been asking myself this question for a while and where I am at right now is this… the aim is to achieve the stage where the sum of the total (team) is greater than the sum of the parts (team members). This is why we form teams and why understanding how they work is a challenge and also extremely stimulating.

    Read the article

  • Adsense: You have rejected ad requests, which will result in lost revenue

    - by Chankey Pathak
    Got an alert on my adsense account which says You have rejected ad requests, which will result in lost revenue. The following ad units have made ad requests with incorrect site information. This occurs when the URL of the server from which the ad unit has been served differs from the URL of the actual page where the ad will be displayed. Learn how to fix these errors. So the solution is that I'll have to use "google_page_url = "http://myurl.com/fullpath";" I'm using wordpress, what should be the URL for google_page_url? For example my website is www.technostall.com. Should I put www.technostall.com there or should I give the path of each post? That is not good because I'm using a sidebar widget for sidebar ad unit. I can't change google_page_url for each page. What should I do? This error is appearing only on my sidebar/navigation ad units. Is using google_page_url = document.location; fine?

    Read the article

  • Easter eggs as IP protection in software

    - by Simon
    I work in embedded software, and for some reason, management wants to hide an Easter egg as means of IP protection. They call it a watermark, and since our software interact with the video preview feed (the image displayed on a screen before you take a photo), they want me to implement a trigger which will react to some unusual video input (a video konami code like dark - bright - dark - bright - whatever). When this trigger fires, something strange happens (which is outside of the normal behavior of the software). The goal is to check whether our software is included in a device. Does it sound like a good idea? I have many argument against this move: What if the konami code is too sensitive and user triggers it? Does this kind of watermark have any legal value? What if this "feature" is discovered by the client? The performance penalty should be very small, since the soft run on small devices. I am the one developping this trigger. If things go wrong, what is my responsibility? What is your opinion about this method? I can't find a link, but I remember seeing an answer on this site suggesting that putting Easter eggs for protection purpose was a good idea. Has anyone tried it with good results?

    Read the article

  • Microsoft releases Visual Studio 2010 SP1

    - by brian_ritchie
    Microsoft has been beta testing SP1 since December of last year.  Today, it was released to MSDN subscribers and will be available for public download on March 10, 2011.The service pack includes a slew of fixes, and a number of new features: Silverlight 4 supportBasic Unit Testing support for the .NET Framework 3.5Performance Wizard for SilverlightIntelliTrace for 64-bit and SharePointIIS Express supportSQL CE 4 supportRazor supportHTML5 and CSS3 support (IntelliSense and validation)WCF RIA Services V1 SP1 includedVisual Basic Runtime embeddingALM Improvements Of all the improvements, IIS Express probably has the largest impact on web developer productivity.  According to Scott Gu, it provides the following:It’s lightweight and easy to install (less than 10Mb download and a super quick install)It does not require an administrator account to run/debug applications from Visual Studio It enables a full web-server feature set – including SSL, URL Rewrite, Media Support, and all other IIS 7.x modules It supports and enables the same extensibility model and web.config file settings that IIS 7.x support It can be installed side-by-side with the full IIS web server as well as the ASP.NET Development Server (they do not conflict at all) It works on Windows XP and higher operating systems – giving you a full IIS 7.x developer feature-set on all OS platforms IIS Express (like the ASP.NET Development Server) can be quickly launched to run a site from a directory on disk.  It does not require any registration/configuration steps. This makes it really easy to launch and run for development scenarios.Good stuff indeed.  This will make our lives much easier.  Thanks Microsoft...we're feeling the love!  

    Read the article

  • what Windowx XP LAN driver for Asus F5Z

    - by Radek
    a friend of mine asked me to re-install his Asus F5Z notebook with Windows XP. I installed succcessfully all drivers from assus driver download site. Everything is working fine but ethernet driver. The installation of Lan Driver for WIN XP finishes with strange message "Please shutdown & plug Realtech PCI-e card to complete the installation. Not sure if it matters but OnChip SATA is in 'Native IDE' mode . The original one with Vista was 'IDE - AHCI mode'. Any idea how I can make the LAN adapter to work under Windows XP?

    Read the article

  • SQL Server 2008 Log-shipping: Without a UNC drive: how?

    - by samsmith
    My real question here is... is there a tool I can use? (E.g. I have a lot to do, and would prefer not to script it all up myself!) Anyone using the redgate (hmmm, they had a tool for this, but I do not see it on their web site now...) I have a primary web app at rackspace. Am setting up a backup copy of the app in another data center. I want to use SQL log replication to sync the db. Using SQL Server Web Edition. TIA for suggestions and insight!

    Read the article

  • Equivalent of LogRotate for Windows?

    - by mfinni
    We have a huge logfile being written by a vendor's application. Let's assume the vendor won't do anything that we ask. Is there any way of rotating that logfile somehow? We're looking at about 300 MB an hour being written - I'd much rather chunk that into 10 MB pieces, and let anything older than a day or over 1000 files fall off a cliff. (I know I know, possible duplicate of How do you rotate apache logs on windows without interrupting service? ) Aha - the Chomp log was dead, but searching for "chomp logrotate brought me to it's new site. I'll give it a try tomorrow and reply if I like it. I'd still like to hear about software anyone else is using that works for this.

    Read the article

  • XP Install Driver Notification for AirCard

    - by Brian
    Hello, A co-worker of mine is using an air-card; it prompted him to install software in the notification tray; he clicked on the wrong thing and the icon went away without him installing that software. How can I get that icon back? He can't install the software then... I know that you can download the software from the site, but we did that and were having issues from that too, was hoping to be able to install the sofware on the air card... Restarting and trying again doesn't pop up the notification too. Thanks.

    Read the article

  • PASS: Budget Status

    - by Bill Graziano
    Our budget situation is a little different this year than in years past.  We were late getting an initial budget approved.  There are a number of different reasons this occurred.  We had different competing priorities and the budget got pushed down the list.  And that’s completely my fault for not making the budget a higher priority and getting it completed on time. That left us with initial budget approval in early August rather than prior to June 30th.  Even after that there were a number of small adjustments that needed to be made.  And one large glaring mistake that needed to be fixed.  We had a typo in the budget that made it through twelve versions of review.  In my defense I can only say that the cell was red so of course it had to be negative!  And that’s one more mistake I can add to my long and growing list of Mistakes I’ll Never Make Again. Last week we passed a revised budget (version 17) with this corrected.  This is the version we’re cleaning up and posting to the web site this week or next.

    Read the article

  • Likeliness of obtaining same IP address after restarting a router

    - by ?affael
    My actual objective is to simulate logged IPs of web-site users who are all assumed to use dynamically assigned IPs. There will be two kinds of users: good users who only change IP when the ISP assignes a new one bad users who will restart their router to obtain a new IP So what I would like to understand is what assignment mechanics are usually at work here deciding from what pool of IPs one is chosen and whether the probability is uniformly distributed. I know there is no definite and global answer as this process can be adjusted be the ISP but maybe there is something like a technological frame and common process that allows some plausible assumptions. UPDATE: A bad user will restart the router as often as possible if necessary. So here the central question is how many IP changes on average are necessary to end up with a previously used IP.

    Read the article

  • Access 2 sites on same machine behind a router

    - by Luc
    Hello, I have several machines on my lan. On of them is running 2 web sites, first_web_site and second_web_site (each one in a dedicated NameVirtualHost). Another machine is running another site third_web_site. I would like to be able to access each one, within internet, with the url: first_web_site.domain.tld second_web_site.domain.tld third_web_site.domain.tld knowing that 2 sites are on the same machine. Can Apache help me to do this ? I have a machine that will have a apache server to be used for proxy purposes. I was talk to set up virtualhost on this one and use proxy server but I do not know how to do this. Could you please give me hints ? Thanks a lot, Luc

    Read the article

  • Experienced programmer, beginner at web design, tools for effective maintainable web design? [closed]

    - by Clinton
    I do quite a bit of programming in my work, which I'm comfortable with, but recently I've being trying to do some web-design for non-work related reasons. I've got a Drupal site up and running, and added some content. But they all look fairly basic. Header with some content. It doesn't look particularly polished. Anyway, as an example, what I wanted to do was make some "bubbles", each with some text in them. From a programmers point of view, say: bubble(question_text, answer_text) might expand to a box with some border, with "Question: " + question_text then "Answer: " + answer_text. Of course I'd have lots of these bubbles, but I'd like to change their look and feel in one place, so simple HTML would be a maintainable nightmare. I also want to lay them out on the screen in some fashion. I was thinking a mixture of javascript and CSS, or possibly use PHP which Drupal uses. On the other hand, I fear I might be taking a 1990s approach to this, and that there's actually tools available now that make this process a lot easier. I'm just wondering what the best approach to this sort of task is? Should I be using offline web design software and copying the code to Drupal, and if so, any recommendations? I'm sorry if my question is a bit vague, because I'm not really sure what question I should be asking. I'd appreciate if you answer and comment, and I'll try my best to be more specific as I understand more.

    Read the article

  • Are webhosts that require NS instead of a CNAME common?

    - by billpg
    I've just signed up with a webhost (which I prefer not to name) and I'm reasonably happy with it. The only nit was when I was ready to put a site online and I asked the support line to what name I should point my 'www' CNAME to. They responded that they don't do that and I need to set my domain's NS records for the hosting to work. "Why would you ever want to do it that way? Our service to you includes DNS and our servers are probably much better than the one your registrar provides." This was a bit of surprise as all of the other webhosts I've worked with happily support this. I've set up (eg) gallery.myfriend.example for friends by having them configure their DNS to CNAME 'gallery' to the name of a shared server at a webhost and the webhost does name-based hosting for 'gallery.myfriend.example'. (Of course, if the webhost ever tells me I'm being moved from A.webhost.example to B.webhost.example, it would be my responsibility to change where the CNAME points. Really good webhosts would instead create myname.webhost.example for the IP of whichever server my stuff happens to be on, so I'd never have to worry about keeping my CNAME up to date.) Is my impression correct, that most webhosts will happily support a service that begins with a CNAME hosted elsewhere, or is it really more common that webhosts will only provide a service if they control the DNS service too?

    Read the article

  • Windows 2008, 2 NICS, routing problem

    - by Srodriguez
    Dear all, I've some questions regarding basic routing, can't seem to relate to other questions posted in this site. My architecture: Windows 2008 server with 2 nics in the server. NIC1: IP 10.198.6.xxx, submask 255.255.252.0, gateway 10.198.4.xxx NIC2: IP 192.168.168.xxx, submask 255.255.255, no gateway defined both NICS are just connected to two separate switches, with other computers. I want to be able that all the requests that have a destination of 192.168.168.xxx are redirected to the NIC2, all the other to the NIC1. I know it's possible to do it with the route command, but normally we have to specify a gateway? (route ADD 192.168.168.0 MASK 255.255.255.0 ???) How can this be archived? Thanks a lot for your help!

    Read the article

  • curl can't verify cert using capath, but can with cacert option

    - by phylae
    I am trying to use curl to connect to a site using HTTPS. But curl is failing to verify the SSL cert. $ curl --verbose --capath ./certs/ --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: ./certs/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. I know about the -k option. But I do actually want to verify the cert. The certs directory has been properly hashed with c_rehash . and it contains: A Verisign intermediate cert Two self-signed certs The above site should be verified with the Verisign intermediate cert. When I use the --cacert option instead (and point directly to the Verisign cert) curl is able to verify the SSL cert. $ curl --verbose --cacert ./certs/verisign-intermediate-ca.crt --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: ./certs/verisign-intermediate-ca.crt CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=State; L=City; O=Company; OU=ou1; CN=example.com * start date: 2011-04-17 00:00:00 GMT * expire date: 2012-04-15 23:59:59 GMT * common name: example.com (matched) * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3 * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=ISO-8859-1 Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1267 Content-Length: 1267 < Server: Jetty(7.2.2.v20101205) Server: Jetty(7.2.2.v20101205) < * Connection #0 to host example.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): In addition, if I try hitting one of the sites using a self signed cert and the --capath option, it also works. (Let me know if I should post an example of that.) This implies that curl is finding the cert directory, and it is properly hash. Finally, I am able to verify the SSL cert with openssl, using its -CApath option. $ openssl s_client -CApath ./certs/ -connect example.com:443 CONNECTED(00000003) depth=3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 verify return:1 depth=0 /C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com verify return:1 --- Certificate chain 0 s:/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- Server certificate -----BEGIN CERTIFICATE----- <cert removed> -----END CERTIFICATE----- subject=/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- No client certificate CA names sent --- SSL handshake has read 1563 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: D65C4C6D52E183BF1E7543DA6D6A74EDD7D6E98EB7BD4D48450885188B127717 Session-ID-ctx: Master-Key: 253D4A3477FDED5FD1353D16C1F65CFCBFD78276B6DA1A078F19A51E9F79F7DAB4C7C98E5B8F308FC89C777519C887E2 Key-Arg : None Start Time: 1303258052 Timeout : 300 (sec) Verify return code: 0 (ok) --- QUIT DONE How can I get curl to verify this cert using the --capath option?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 827 828 829 830 831 832 833 834 835 836 837 838  | Next Page >