Comments (6)
I can confirm #99 resolves this issue. I tested on a fresh SLES 15 Server install (which is indeed much like RHEL I described in my last message a few days ago - it does not have ca-certificates.crt
rather it has ca-bundle.crt
which is the same thing essentially just different filename. Both my RHEL 9.2 and SLES 15 environments work now with the binary built earlier from Pull 99.
Once this issue has a qa-ready dev-complete
label later (PR merged, etc) I will do a quick check again and can then mark this case as qa-passed
if the re-test goes well.
from wordfence-cli.
Thanks for reporting this. It looks like we will just need to document that running on SUSE requires installation of an additional package to provide the required CA certificate bundle. We'll get this added to the documentation.
from wordfence-cli.
@akenion awesome. I was trying to get round to a PR for the docs - but haven't got round to it.
from wordfence-cli.
FYI similar situation with RHEL. (9.2 in my case)
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/ssl/certs/ca-certificates.crt
At least with RHEL it looks like it's just a different naming convention. Rather than the CA cert bundle being at /etc/ssl/certs/ca-certficiates.crt
it's at /etc/ssl/certs/ca-bundle.crt
the content looks exactly the same the only difference being RHEL seems to label which certs belong to which company(ies). As far as I can tell, wordfence
should just be looking for either ca-certificates.crt or ca-bundle.crt in the same path. Likely a library or something is to blame. Ideally either ca-bundle.crt or ca-certificates.crt should be acceptable with no intervention from the user / extra setup/install steps on most OOTB (out of the box) installs -- assuming they have ca-certificates package anyway which usually is the case.
Note that on my personal SUSE Tumbleweed daily driver (rolling release of openSUSE), it has /etc/ssl/certs/ca-certificates.crt perhaps the same is not true on regular cadence releases like SLES 15 (have not tested yet). Either that or my daily driver just already has ca-certificates installed since I have been using it for quite some time and also have steam on it so it has steamtricks and thus could just have the package just because of that.
Because this issue affects RHEL (and possibly other fedora OS'es) and possibly affects SLES as well, we may want to see if we can resolve this sooner rather than later if at all possible.
Alternatively, bit of a hacky solution and not sure if would have unintended consequences (probably not but can't be sure), if I just create a soft link ca-certificates.crt -> ca-bundle.crt
then I can use wordfence
on my RHEL setup.
(to do this you would execute the following as sudo / root: ln -s /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt
)
from wordfence-cli.
@barmat @akenion @briandefiant (mentioned you all since you are assigned or created the PR) I'm going to mark this as dev-complete
and validate and then mark as qa-passed
. Any objections let me know and I can reopen the issue. This is on the basis that Brian's PR indeed does resolve this issue based on testing. Both SLES 15 and RHEL 9.2 are now working as expected out of the box :)
from wordfence-cli.
v2.0.1-rc6 10/31/2023
SUMMARY:
QA validation PASSED.
I re-tested with v2.0.1.-rc6 (and rc5 prior) and observe no issues. The new build changes result in BOTH SLES15 and RHEL 9.2 working for me out of the box (uses ca-bundle.crt
without issues).
VALIDATION STEPS
- Smoke test SLES 15
- Smoke test RHEL 9.2
(Note plenty of prior testing against both, smoke test was to ensure latest rc is good to go and we are ready for release!)
NOTES:
None.
from wordfence-cli.
Related Issues (20)
- Input from stdin isn't processed until an entire chunk is available HOT 1
- New Wordfence CLI install produces "Latin-1" UnicodeEncodeError HOT 11
- CLI misses malware reported by plugin HOT 2
- Implement vectorscan support to improve malware scan performance HOT 9
- On MacOS, when you remediate one or more files and enable debug logging, FileType.<TYPE> is output HOT 1
- Feature Request: Add argument to skip api.github.com version check HOT 2
- Inconsistent exit code with remediate depending on if install via pip or binary HOT 2
- Missing RPM from the crb repo HOT 2
- Add public contribution and security guidelines
- Add option to limit CPU usage for malware scans
- Non-ASCII characters in filenames can result in encoding errors HOT 9
- Error: 'bytes' object has no attribute 'encode' HOT 7
- Error: 'utf-8' codec can't decode byte 0xfc in position 62: invalid start byte HOT 7
- File name filtering error HOT 1
- Document `--email` file attachment capability HOT 3
- Remove version number from tracked file
- Use a specific/identifiable user agent when making requests to Wordfence APIs
- Gracefully handle rate-limited responses from the Wordfence APIs
- Change to how CLI Premium license expirations are handled in Wordfence CLI
- Error: Can't mix bytes and non-bytes in path components.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordfence-cli.