Friday, 2011-07-01

*** CowboyPride has quit (Remote host closed the connection)		11:52
*** CowboyPride (~BartSimps@cpe-075-183-170-059.sc.res.rr.com) has joined #wikid		11:55
*** nowen (~nowen@adsl-98-66-165-16.asm.bellsouth.net) has joined #wikid		12:58
nowen	morning #wikid	12:59
asofrank	morning Nick	13:00
asofrank	where is the CA file stored on the wikid server	13:01
nowen	/opt/WiKID/private	13:01
asofrank	is that the file I need to have on the client side of the API?	13:02
asofrank	WiKIDCA.cer	13:02
nowen	and the .p12 created by the network client	13:03
asofrank	yeah, its throwing errors	13:03
asofrank	CA Public key NOT OK! Public key NOT OK! Private key NOT OK! 1309525375: checkCredentials() called ...	13:03
nowen	is this php?	13:04
asofrank	yes	13:04
nowen	you might need to convert that file to a pem	13:04
asofrank	which one? The p12?	13:04
nowen	the WiKIDCA.cer	13:04
nowen	though doesn't the download come with a pem?	13:04
asofrank	it looks like its already a pem file	13:04
asofrank	the p12 file is not	13:05
nowen	can you run keytool on the p12 to make sure it is ok?	13:05
nowen	also, are the dates correct on both boxes?	13:06
asofrank	whats the correct syntax for keytool	13:07
nowen	keytool -list -v -keystore /opt/WiKID/private/intCAKeys.p12 -storetype pkcs12 -storepass yourpassphrase	13:07
asofrank	appears to be fine	13:09
asofrank	just synced the dates	13:09
nowen	does apache need a restart?	13:09
asofrank	they were slightly off	13:09
asofrank	i didnt restart wikid after adding a new network client	13:11
asofrank	that may do it	13:11
asofrank	nope. same errors. it doesnt like the certificate for some reasom	13:11
nowen	is there an error in the WiKIDAdmin logs?	13:12
asofrank	Couldn't validate the client certificate. Verify the validity and dates of the client cert.	13:12
nowen	is the ip address as expected?	13:12
asofrank	doesnt tell me where its coming from	13:13
nowen	you can set the wauth logger to debug too if that helps	13:13
asofrank	yeah, one sec	13:13
asofrank	still doesnt show the connecting clients IP	13:15
nowen	hmm, tcpdump?	13:17
asofrank	yeah, IP address is what I expect it	13:23
asofrank	and is set correctly in network clients	13:23
asofrank	let me try to simplify it a bit	13:24
asofrank	yeah, even the sample.php script fails	13:26
nowen	hmm	13:26
asofrank	slightly different output though	13:26
*** nowen has parted #wikid (None)		13:26
asofrank	1309526752: CA Public Key OK.	13:26
asofrank	Public key NOT OK! Private key NOT OK! 1309526752: checkCredentials() called ...	13:26
*** nowen (~nowen@adsl-98-66-165-16.asm.bellsouth.net) has joined #wikid		13:26
asofrank	1309526752: CA Public Key OK.	13:26
asofrank	Public key NOT OK! Private key NOT OK! 1309526752: checkCredentials() called ...	13:26
nowen	hmm	13:29
nowen	I feel like there is some php magic that needs to happen, restarting apache, restarting wikid, in some order. I can't really recall	13:30
asofrank	i converted the p12 to pem and now I get this	13:30
asofrank	1309527015: CA Public Key OK.	13:30
asofrank	1309527015: Public Key OK.	13:30
asofrank	Private key NOT OK! 1309527015: checkCredentials() called ...	13:30
asofrank	getting closer	13:30
asofrank	yeah, the pem I converted is just the certificate	13:33
asofrank	I exported a private key from the p12, but I dont know how to define it in the php class	13:33
nowen	I thought that php should be able to pull both from the p12	13:34
asofrank	yeah, but it doesnt appear to be working	13:34
nowen	no it doesn't ;)	13:34
asofrank	there we go	13:35
asofrank	i appended the private key to the end of the pem format cert	13:35
asofrank	that appears to have worked	13:35
nowen	how did you do that?	13:36
asofrank	i used openssl to extract the certificate and private key from the pem file	13:39
asofrank	then took the private key and added it to the bottom of the certificate pem	13:39
asofrank	openssl pkcs12 -in foo.p12 -clcerts -nokeys -out cert.pem	13:40
asofrank	openssl pkcs12 -in foo.p12 -nocerts -nodes -out key.pem	13:40
asofrank	cat key.pem >> cert.pem	13:40
asofrank	alright, now how do we turn off debugging output for the php class so it just spews out true/false response	13:41
nowen	added as a comment to http://www.wikidsystems.com/support/wikid-support-center/web-application-how-tos/how-to-add-wikid-two-factor-authentication-to-a-php-application	13:41
asofrank	cool	13:42
nowen	capture the knowledge! then share :)	13:42
asofrank	indeed.	13:43
asofrank	I take it most people are probably using this with the radius client	13:43
nowen	there are a good number that do development via wauth.	13:44
nowen	for new user enrollment, some for saml	13:44
asofrank	arg	13:45
asofrank	who wrote this php class	13:45
nowen	one of our devs, some time ago	13:45
asofrank	it echo's output when debugging is disabled	13:45
asofrank	if (!$ca) {	13:46
asofrank	echo "CA Public key NOT OK! " ;	13:46
asofrank	//$this->_dprint("CA Public key NOT OK!");	13:46
asofrank	} else {	13:46
asofrank	$this->_dprint("CA Public Key OK. ");	13:46
asofrank	}	13:46
asofrank	they commented out the _dprint (debug printing) and made it echo instead :/	13:46
*** micah (4a5590fd@gateway/web/freenode/ip.74.85.144.253) has joined #wikid		13:52
micah	hello	13:52
nowen	hi micah	13:53
micah	good morning!	13:53
nowen	I assume you are our latest home licensee?	13:53
micah	yes	13:53
micah	i am indeed	13:53
micah	stupid question here	13:53
nowen	thanks!	13:53
nowen	no such thing	13:54
micah	is the server going to download the 1 license or do I have to wait for email and isntall?	13:54
nowen	we actually track the purchases via the certs in what is now a fairly manual process	13:54
micah	ah	13:55
micah	okay	13:55
micah	so then i need to wait for an email with a signed cert?	13:55
nowen	no, your cert is good to go	13:57
micah	okay	13:58
micah	when i checked last night i didn't have a license	13:58
micah	and enrolling my iphone was a fail	13:58
nowen	have you created a certificate?	13:59
nowen	I see #16389 for you	14:00
nowen	what is the domain identifier for your domain?	14:00
micah	114457688154	14:01
micah	yeah, i do have the cert	14:01
micah	and i did it before i purchased it	14:01
micah	it = license	14:01
nowen	that doesn't look like a valid ip address	14:01
micah	oh wait	14:02
nowen	114.457.688.154	14:02
micah	it has to be a zero padded ip, correct?	14:02
micah	i have fail	14:02
nowen	hehe	14:02
micah	oh	14:03
micah	and i can't update the domain after hte fact can i?	14:03
micah	i just screwed this up	14:03
nowen	no, you have to create a new one	14:03
micah	okay, thanks	14:06
micah	i'll give it a shot	14:06
micah	new domain created!	14:06
micah	thanks for your help	14:07
nowen	np	14:07
nowen	sorry for the confusion	14:16
micah	ok now iphone enrollment fail	14:23
micah	do i need to open external ports for the wikid server?	14:23
asofrank	port 80 for the token client	14:24
asofrank	I think	14:24
micah	ah	14:27
micah	okay	14:27
micah	just for registration or for each access?	14:28
asofrank	for each access	14:28
asofrank	the token client makes a request to the wikid server for a key	14:28
asofrank	im pretty sure the registration uses the same system	14:29
asofrank	the only other ports are radius/wauth/ldap, which are going to be dependent on what device you're authing for	14:29
asofrank	if you're on linux for the server, iptables will automatically open those ports when you add a network client	14:30
asofrank	hey nick, whats the best/easiest way to register new clients from the API	14:30
asofrank	I'm trying to decide if I should pre-register, or just get the code from them and manually register it	14:31
asofrank	either way, we're going to need either the device ID, or the registration code	14:31
asofrank	and I have no idea how to get the former	14:31
nowen	asofrank: if you can authenticate them using some trusted existing creds, use the reg code. if you have a trusted way of delivering the pre-reg codes, then that might be better	14:36
asofrank	well, the users will be added initially by an admin	14:36
asofrank	so I think using the reg code would be best	14:36
asofrank	but I'm trying to figure out how we're going to handle multiple reg codes per user	14:36
asofrank	looking at the API, it looks like we need a known pass code in order to add additional devices	14:37
asofrank	an admin isnt going to have that information	14:37
asofrank	I could make it so only the end user can add additional devices I guess	14:37
nowen	there are two functions to add a 2nd token, one with an OTP and one without	14:37
asofrank	oh	14:37
asofrank	i dont see that in the class	14:37
asofrank	the class only shows registerUsername()	14:38
nowen	hmm. the php code might be a bit dated then	14:38
asofrank	whats the API function?	14:38
asofrank	I can hack it in there im sure	14:38
nowen	http://www.wikidsystems.com/support/wikid-support-center/manual/wikid-network-client-wclient-api-manual/referencemanual-all-pages	14:40
nowen	search for: Add device without passcode	14:40
asofrank	ii see it	14:40
nowen	there is actually some even newer stuff that I need to document. you can have the network client create a pre-reg code	14:41
asofrank	Is there any way to see if a device is linked to an account?	14:45
asofrank	I wonder if just passing the add-no-check api call with an existing token will just make it fail	14:45
micah	oh sorry	14:45
micah	got called away	14:46
micah	i'll take a look	14:46
asofrank	Nick: think you can give your developer to write a function for deleting users via the PHP class	15:39
asofrank	I'm not sure whats all required in the XML	15:39
asofrank	but I'm apparently not sending enough data	15:39
asofrank	1309534707: sending string '7 asofrank112072101050981 null' ...	15:40
asofrank	1309534707: checking response...	15:40
asofrank	1309534707: send.response is:	15:40
asofrank	1309534707:	15:40
asofrank	1309534707: No response received!	15:40
asofrank	<transaction> <type>7</type> <data> <user> <user-id>$username</user-id> <domaincode>$domaincode</domaincode> <status>1</status> </user> <result>null</result> </data>	15:43
asofrank	</transaction>	15:43
asofrank	thats the xml im sending. which is apparently not enough	15:43
nowen	hmm. do you need to find the user first and then delete by device id?	15:46
asofrank	maybe, but it seems like theres a lot of useless information that needs to be passed to delete the user	15:49
nowen	maybe we don't trust you :)	15:50
asofrank	bad-password-attempts offline-public-key, etc	15:50
asofrank	bad-pin-attempts	15:50
asofrank	mostly statistical information that shouldn't be required to simply delete a user	15:50
asofrank	either way, the PHP api is massively outdated	15:51
nowen	I hear you	15:51
nowen	yes	15:51
asofrank	all it has functions for is to add a user and check credentials	15:51
nowen	we recently made a lot of changes for another atlanta customer	15:51
asofrank	any chance I could get an updated PHP class for it?	15:52
asofrank	something that at least lets you add/delete/check credentials :)	15:52
nowen	maybe, we're pretty jammed right now. I can see	15:53
nowen	you can check creds though via the sample.php, right?	15:53
asofrank	yeah	15:53
asofrank	i just cant delete	15:53
asofrank	thats the main one I need	15:53
asofrank	preferably delete by username	15:53
asofrank	and not by every variable under the sun	15:53
asofrank	also. For licensing. is that per user, or per device?	15:54
nowen	it is per user in a domain. each user can have more than one token in a domain	15:54
asofrank	cool	15:54
asofrank	some of our staff may have multiple token clients so that was a concern	15:54
nowen	that's something we want to encourage - as we can do it ;)	15:55
asofrank	excellent	15:55
asofrank	I think we're going to start with 50 or 60, not sure yet. talking to the boss man right now about it	15:55
nowen	nice	15:56
asofrank	yeah, sounds like we're going to do 50	15:56
asofrank	whats the pricing on that	15:56
nowen	$24 per user per year	15:57
asofrank	ok. How should we go about ordering it? Just order 2 packs of 25?	15:58
nowen	yes, that works	15:58
asofrank	how does it work if we add additional licenses mid-term?	16:00
asofrank	do those licenses just expire at the different time, or are they prorated	16:00
nowen	I can also send an invoice if you want to pay by check	16:00
asofrank	we'll probably pay by amex if you guys take that	16:00
nowen	sure - google checkout :)	16:01
asofrank	Can you put me in contact with the developer who did the PHP api?	16:02
asofrank	what I'm asking would probably take a whole 10 minutes for him to complete.	16:02
nowen	I'll have to see if he's ok with that	16:02
asofrank	yeah, understood.	16:03
asofrank	if I have to come downtown and rattle his cage, I will. ;)	16:05
nowen	hehe	16:05
*** gregh__ (43d31102@gateway/web/freenode/ip.67.211.17.2) has joined #wikid		16:07
*** gregh__ has quit (Client Quit)		16:07
nowen	asofrank: take a look at how the delete works in the example.jsp. iirc, you search for the user and then delete it if it's found.	16:10
*** wikid (~Adium@67.211.17.2) has joined #wikid		16:10
asofrank	k	16:10
wikid	hey all	16:11
wikid	nick said someone has a php question?	16:11
nowen	asofrank: wikid is the php dev	16:11
asofrank	oh great.	16:12
wikid	actually, greg is the php dev, but i'll take it	16:12
asofrank	well, my main issue is the PHP class is horribly outdated	16:13
asofrank	it only contains functions for verifyCredentials and addUsername	16:13
asofrank	I'm looking at the jsp code right now for deleting users. but I think Nick answered my question	16:13
asofrank	I need to do a lookup of the user prior to actually sending the delete command via xml	16:13
asofrank	you cant just send the <user>foo</user> with the <type>7</type>	16:14
wikid	yeah, i built the PHP class a while ago to serve the known need, but didn't keep pace with the JSP changes	16:16
asofrank	think you could throw together the deleteUser function so I could add it in?	16:16
wikid	yeah, shouldn't be hard	16:16
wikid	how quick do u need?	16:16
asofrank	my java-foo is pretty lacking. haven't messed with it since high school	16:16
asofrank	i'm trying to get this implemented next week if possible	16:17
wikid	that's fine	16:17
wikid	i can try to knock it out this afternoon, otherwise over the weekend for sure	16:18
asofrank	great, that works for me	16:18
asofrank	Nick: we just put our order through	16:18
nowen	I got it	16:19
nowen	thank you very much	16:19
asofrank	is there anything you need from me?	16:19
wikid	are u using the standalone version or the PEAR package?	16:19
asofrank	standalone I suppose	16:20
asofrank	http://www.wikidsystems.com/downloads/network-clients	16:20
wikid	ok, got it	16:20
asofrank	the one that claims "This is the latest code"	16:20
asofrank	:P	16:20
wikid	latest can still be 2 years old :)	16:21
nowen	while you're at it, Greg there are other api updates too	16:21
wikid	i'll get your email from nick and shoot it over when it's ready	16:21
wikid	fire away	16:21
asofrank	sure	16:21
asofrank	oh, while you're playing with it, you should have a separate function to register additional devices to an existing user without using a passcode	16:23
asofrank	I was able to modify the existing class to work that way	16:24
nowen	wikid they should all be in the latest example.jsp. register with group add, Add a Pre-Registration Code, Add Multiple Pre-Registration Codes	16:24
wikid	yep - i'll just bring the php class up to parity with the jsp	16:24
wikid	which i would've done sooner if anyone had called me out on it ...	16:25
wikid	coders can lazy load, too	16:25
asofrank	tell me about it	16:25
asofrank	are you responsible for the android client as well?	16:26
nowen	aahahha	16:26
nowen	yes he is!	16:26
wikid	"responsible" - such a dirty word	16:26
asofrank	lol	16:26
asofrank	it could use a little polishing :)	16:26
wikid	it could use a lot of polishing - it was my first android app	16:26
nowen	careful asofrank he might not come back to #wikid	16:27
asofrank	a member of my staff said they were having it crash when trying to add a domain	16:27
asofrank	i wasnt able to reproduce it though	16:27
wikid	nick, is that the same one u mentioned yesterday?	16:27
asofrank	probably :)	16:27
wikid	haha	16:27
asofrank	I mentioned it yesterday or the day before	16:27
wikid	it's on an Incredible?	16:27
asofrank	no, an evo	16:27
wikid	ah	16:28
nowen	maybe sounds like it, though that was an issue with the domain not being saved	16:28
wikid	do u known which Android version?	16:28
nowen	different company	16:28
asofrank	2.3 I believe	16:28
asofrank	i have the same phone with the same android version	16:28
asofrank	I couldnt reproduce it	16:28
wikid	hmm, ok	16:28
asofrank	so, ignore for me I'd say :)	16:28
wikid	i'd only tested up thru 2.2	16:28
asofrank	yeah.	16:29
asofrank	mobile apps are a pain in the butt, if you ask me	16:29
wikid	esp with 20+ android + version + device combinations to deal with	16:29
asofrank	yeah.	16:29
asofrank	you should just convert it all over to HTML5	16:30
wikid	if there were any way to handle the encryption, i would	16:31
nowen	I'm going to push ntru to do a JavaScript lib if it is possible	16:31
*** alamarca (404c9302@gateway/web/freenode/ip.64.76.147.2) has joined #wikid		16:32
alamarca	hi all	16:32
alamarca	morning	16:32
asofrank	'hi	16:32
nowen	hi alamarca	16:32
wikid	it's probably technically possible, but would question the performance	16:32
alamarca	are you ok? nowen	16:32
nowen	wikid ntru is super fast!	16:33
nowen	alamarca: doing well, busy	16:33
alamarca	why ?	16:33
nowen	why am I busy? lots of pesky new customers ;)	16:33
wikid	in java & c, of course. in an interpreted language running in the browser? questionable	16:34
asofrank	i see how it is..	16:34
wikid	would be great to have, tho	16:34
asofrank	so the mac client	16:36
asofrank	i cant get passed the "Passphrase required"	16:37
nowen	do you have rights to the install directory?	16:37
*** alamarca is now known as alamarca-soporte		16:37
asofrank	probably not, it su'd me to root when I ran the installer	16:37
*** alamarca-soporte is now known as alamarca		16:37
asofrank	the uninstaller asks for privledge escalation	16:38
*** alamarca is now known as alamarcaEspanol		16:38
asofrank	yeah. that shouldnt happen	16:40
wikid	@asofrank the mac client su'd you? it shouldn't do that	16:40
asofrank	yeah	16:40
wikid	it's just a java app	16:40
asofrank	it popped up a little window asking for my password	16:40
asofrank	running MacOS 10.6.8	16:41
wikid	using the locked or unlocked token?	16:41
asofrank	locked	16:41
asofrank	wikidtoken-3.1.15-bundle-installer.jar - For Mac/Linux (28 meg)	16:42
asofrank	arent you glad you came to #wikid?	16:44
wikid	yeah, so much for a relaxing holiday weekend ...	16:44
wikid	:)	16:44
wikid	ok, it's doing the same for me	16:45
wikid	did u give ur su pass, or did u skip it?	16:46
wikid	i skipped, and can't get pass the initial dialog either	16:46
asofrank	i gave it up	16:46
asofrank	it installs into /Applications	16:46
asofrank	so that wouldnt be writable by a normal user	16:46
nowen	have you tried just using the jar?	16:46
asofrank	the unlocked jar?	16:46
wikid	i'm an admin on my mac, so i can still write to /Applications as non-root, since it's group-writable	16:47
nowen	any jar, you can drop into a folder you own and just run 'java -jar wikid...'	16:47
asofrank	well, im sure i could work around it	16:47
asofrank	but i cant say the same for some of our non-tech staff	16:48
nowen	understood	16:48
asofrank	im just clicking the installer, following the normal install procedure, and then running the wikidclient.jar	16:48
wikid	looks like something in the posted release is failing. i have an older client still installed and it can initialize a token fine	16:49
wikid	ok, any other issues to throw in the mix while i'm heads down? it's already a party!	16:50
asofrank	how doyou enable debug on the client	16:51
wikid	nick, do u remember offhand? i'd need to look it up	16:54
asofrank	tried running it with -Xdebug but it didnt take	16:54
nowen	http://www.wikidsystems.com/support/wikid-support-center/troubleshooting-faq/how-do-i-run-the-token-in-debug-mode/?searchterm=token%20debug	16:55
asofrank	man, you guys are good about documentation	16:55
asofrank	Using Token File: /Users/laszlof/.WiKID/lck-WiKIDToken.wkd	16:57
asofrank	java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.RangeCheck(ArrayList.java:547) at java.util.ArrayList.get(ArrayList.java:322) at com.wikidsystems.jw.JW.loadOrCreateToken(JW.java:229) at com.wikidsystems.jw.JW.main(JW.java:113)	16:57
asofrank	i hate debugging java	16:58
asofrank	i use to work for ISS, and our management platform was written in java	16:58
asofrank	debugging it was a pain in the butt	16:59
*** alamarcaEspanol is now known as alamarca		17:18
*** alamarca has quit (Ping timeout: 252 seconds)		17:58
nowen	micah: make any progress?	18:11
*** seamusc (d839cdfa@gateway/web/freenode/ip.216.57.205.250) has joined #wikid		18:31
seamusc	Hello	18:31
seamusc	I feel all alone in the world	18:33
*** wikid has quit (Ping timeout: 240 seconds)		18:35
nowen	sorry to hear that seamusc	18:35
seamusc	ah its you, do you remember me?	18:37
seamusc	I have a question maybe you can answer	18:37
nowen	shoot	18:37
seamusc	I am implementing wikid	18:37
nowen	excellent	18:38
seamusc	just tell me if this is wrong.	18:38
seamusc	im putting a wikid server on our web dmz and two radius/ldap servers in our production dmz	18:38
seamusc	im going to open ldap and radius ports on the ldap/raidus server to talk to wikid	18:38
nowen	ok	18:38
seamusc	between the two dmzs	18:38
seamusc	im wondering if all the radius clients need to have access to the wikid server I forgot	18:39
seamusc	I would like them only to have access to the raidus/ldap servers	18:39
nowen	so will the authentication go like: radius client >> radius server >> WiKID? if so, then the radius clients do not. the radius servers are network client to wikid	18:40
seamusc	ok great thats what I was thinking	18:40
seamusc	yeah radius client --> radius server --> wikid	18:41
seamusc	Thanks sir, have a great 4th of July	18:41
nowen	you too!	18:41
nowen	is this shamus?	18:41
seamusc	yup	18:41
seamusc	finally getting this done	18:41
nowen	I mean seamus	18:42
seamusc	sorry I never sent the documentation you asked for, so busy	18:42
nowen	bout time :)	18:42
seamusc	maybe sometime	18:42
* nowen crosses fingers		18:42
seamusc	yeah lol	18:42
seamusc	Maybe I can do something basic and elaborate later	18:43
nowen	start simple.	18:43
seamusc	ok talk to you later thanks for the help.	18:46
nowen	np	18:46
*** seamusc has quit (Quit: Page closed)		18:46
*** wikid (~Adium@adsl-065-013-008-201.sip.asm.bellsouth.net) has joined #wikid		19:12
*** wikid has parted #wikid (None)		19:13
*** wikid-greg (~Adium@adsl-065-013-008-201.sip.asm.bellsouth.net) has joined #wikid		19:13
asofrank	hey greg, hows that PHP class coming along	19:17
wikid-greg	hehe	19:18
asofrank	:)	19:19
wikid-greg	gonna start on it shortly	19:19
asofrank	no worries	19:19
asofrank	im off in 30 minutes for the weekend	19:19
asofrank	im converting our internal portal system over to wikid authentication from the existing radius authentation, while trying to keep the radius still working until I can push everyone over to wikid next week	19:19
nowen	can you not just keep using radius?	19:20
asofrank	i can, but its extremely custom/hacked together	19:20
asofrank	I'd rather use the wauth for it.	19:20
asofrank	i need to use wauth to add new users anyways	19:21
asofrank	and the authentication works fine	19:21
asofrank	the main issue is the system we use to add/delete modify users	19:21
asofrank	Nick: is there anything that we need to do to point our system to use the licenses we bought?	19:22
nowen	no, we just associate the cert with your paid account	19:22
asofrank	i assume the cert gets pushed up stream when we setup the system?	19:22
nowen	we'll be doing a real cert/license tracking system soon, but it is customers haven't really demanded it ;)	19:23
asofrank	yeah, i was curious how the licenses were being track	19:23
asofrank	tracked	19:23
asofrank	and what kept people from just installing and using the system without paying for it	19:23
nowen	not much.	19:24
asofrank	well, could just have the server "check-in" periodically and get updated license information from a central server. the license information would contain the number of clients, the server ip, etc.	19:25
asofrank	if you dont have a license just limit it to a few users or something for testing	19:25
*** gralfsen (c9eed9ee@gateway/web/freenode/ip.201.238.217.238) has joined #wikid		19:26
nowen	that's what we will be rolling out	19:26
asofrank	ah, nice	19:26
asofrank	Greg: oh, another thing I remembered.. The current PHP class doesn't support pkcs certificates for some reason	19:27
asofrank	I had to extra the pem certificate and key and use that	19:27
asofrank	extract*	19:27
*** gralfsen has parted #wikid (None)		19:27
asofrank	I'd imagine its something in there that is not handling it correctly.	19:28
asofrank	yea, openssl_pkey_get_public() expects a PEM file	19:29
asofrank	that would be why its not working	19:29
asofrank	You probably need to use openssl_pkcs12_read() instead;	19:30
wikid-greg	ok, thanks for the tip!	19:32
asofrank	yeah, that works in the test I did. it returns an array to the certificate and public key.	19:32
asofrank	$pkcs12 = file_get_contents("test.p12");	19:34
asofrank	openssl_pkcs12_read($pkcs12, $certs, "password");	19:34
asofrank	print_r($certs);	19:34
wikid-greg	cool	19:34
asofrank	then you can probably pass $certs['cert'] and $certs['pkey'] to openssl_pkey_get_private()/openssl_pkey_get_public() I'd imagine	19:35
asofrank	to convert them to objects	19:35
wikid-greg	yeah, probably	19:35
asofrank	ok. I'll let you have it it, time for me to enjoy my weekend. Have a good one :)	19:37
wikid-greg	haha. u 2!	19:37
nowen	later all. have a great weekend	21:31
*** nowen has quit (Quit: Leaving.)		21:31
*** wikid-greg has quit (Quit: Leaving.)		22:12
*** wikid-greg (~Adium@adsl-065-013-008-201.sip.asm.bellsouth.net) has joined #wikid		22:42
*** wikid-greg has parted #wikid (None)		22:42
*** micah__ (18179c21@gateway/web/freenode/ip.24.23.156.33) has joined #wikid		23:19
micah__	hello all	23:19
micah__	anyone have 2 seconds for a quick problem?	23:19
micah__	actually, i'll just shoot you guys an email instead...	23:20
*** micah__ has quit (Client Quit)		23:20

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!