openssl and digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:536 error

January 8th, 2019

If You used an old openssl to encrypt a file, e.g. openssl 1.0.x with some command line such as:

$ openssl enc -in <plain input file> -out <crypted output file> -e -des-ede3-cbc

decrypting it using a newer openssl release You will find a similar error:

$ openssl enc -in <plain input file> -out <crypted output file> -d -des-ede3-cbc

bad decrypt
140109197936000:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:536:

despite this mismatch error, it’s possible to obtain the original plain file adding the -md md5  option in the decrypt command:

$ openssl enc -in <plain input file>  -md md5   -out <crypted output file> -d -des-ede3-cbc

running more than a single telegram desktop client

August 2nd, 2016

I installed the Telegram Desktop client, and next I created a new folder named “C:\Users\myname\AppData\Roaming\Telegram Desktop\tdata_another”.

Then I added  telegram.exe path in the PATH environment variable. This step is not mandatory but I’d rather to write “telegram” instead of “C:\Users\myname\AppData\Roaming\Telegram Desktop\telegram” in the next step.

Finally, to run two telegram instances, from the DOS prompt I wrote

C:\Users\myname>Telegram -many -workdir “C:\Users\myname\AppData\Roaming\Telegram Desktop\tdata”

followed by

C:\Users\myname>Telegram -many -workdir “C:\Users\myname\AppData\Roaming\Telegram Desktop\tdata_another”

a nagios check to remind me the SSL certificate expiration

March 3rd, 2014

I wrote a quite unuseful check for nagios to remind me to renew my SSL certificate. This is the definition in commands.cfg file

define command{
        command_name check_ssl_expiration
        command_line /usr/lib/nagios/plugins/ $ARG1$ $ARG2$ $ARG3$ $ARG4$

and this the script

# input parameters
# return values

# check data input
checkdata () {
        VAL=`echo $2 | wc | awk ‘{print $2}’`
        if [ $VAL -eq 0 ]; then
                echo $1 is not set
                exit $RET_UNKN

checkdata “HTTPS server name” $MYSRV
checkdata “HTTPS PORT” $MYPORT
checkdata “warning threshold” $DAYWARN
checkdata “critical error threshold” $DAYCRIT

echo | openssl s_client -connect $MYSRV:$MYPORT  2> /dev/null | sed -ne ‘/-BEGIN CERT/,/-END CERT/p’ > $TEMPFILE 2>/dev/null
EXPDATE=`openssl x509 -noout -in $TEMPFILE -dates|grep notAfter|sed -e “s/.*notAfter=//”`

EXPSEC=`date “+%s” –date=”$EXPDATE”`
NOWSEC=`date “+%s”`
DAYLEFT=`expr \( $EXPSEC – $NOWSEC \) / 86400`

# $DAYLEFT days left to SSL certificate expiration

if [ $DAYLEFT -le $DAYCRIT ]; then
        echo “ERROR – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_CRIT

if [ $DAYLEFT -le $DAYWARN ]; then
        echo “WARNING – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
        exit $RET_WARN

echo “$DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
exit $RET_OK

Off course I scheduled this check once a day.

How to remove the NameVirtualHost *:80 has no VirtualHosts warning

February 17th, 2014

I had a debian squeeze webserver showing me this strange warning at statrup

root@web:/etc/apache2# /etc/init.d/apache2 restart
Restarting web server: apache2[Mon Feb 17 10:27:43 2014] [warn] NameVirtualHost *:443 has no VirtualHosts
[Mon Feb 17 10:27:43 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
 … waiting [Mon Feb 17 10:27:44 2014] [warn] NameVirtualHost *:443 has no VirtualHosts
[Mon Feb 17 10:27:44 2014] [warn] NameVirtualHost *:80 has no VirtualHosts

This was due to a duplicated couple of lines in configuration.

NameVirtualHost *:80
NameVirtualHost *:443

in the /etc/apache2/port.conf and in /etc/apache2/conf.d/virtual.conf too. Commenting out the last file I removed the warning.

Don’t ask me, I don’t know why…

February 7th, 2014

I’m telling You about a Centos 5.10 server joined to an Active Directory environment.
Once I was able to open a ssh session on this server with my A.D. username/password, but some day ago I noticed it was possible only to log in this server using local root account.
I discovered that the wbinfo -i myusername  command retuned a WBC_ERR_WINBIND_NOT_AVAILABLE error.

To fix this problem I issued the following commands:

  # service winbind stop
  # service smb stop
  # net cache flush
  # rm -f /var/lib/samba/*tdb
  # service smb start
  # service winbind start

A nagios plugin to check Tomcat Apps

February 5th, 2014

I wrote a simple nagios plugin to check the status of tomcat webapps.
Instead of looking pages like this one…
click to enlarge
I’d better to use some script like this.
To put the plugin in the nagios environment, add these lines

define command{
command_name check_tomcat_app
command_line /bin/bash /usr/lib/nagios/plugins/check_tomcat_app $ARG1$ $ARG2$ $ARG3$

to the commands.cfg file definitions.Then add some line like theese

define service{
use generic-service
host_name myhostname
service_description Examples Web Service
is_volatile 0
check_period 24×7
max_check_attempts 3
normal_check_interval 15
retry_check_interval 1
contact_groups admins
notification_interval 240
notification_period 24×7
notification_options c,r
check_command check_tomcat_app!””!Examples!admin:passw

into the services.cfg file.
Off corse username and password has to be set up in tomcat-users.xml file

$ cat /usr/local/apache-tomcat/conf/tomcat-users.xml
<?xml version=’1.0′ encoding=’utf-8′?>
<role rolename=”manager”/>
<role rolename=”admin-gui”/>
<role rolename=”manager-gui”/>
<role rolename=”manager-status”/>
<user username=”admin” password=”passw” roles=”manager,manager-gui,manager-status,admin-gui”/>

How to remove the read failed after 0 of 4096 I/O error

September 18th, 2013

Recently in a very old server I had to remove a disk. My server was composed by two physical volumes: a RAID5 volume, shown as /dev/sda  to the operating system  by the SCSI controller, and a single hard disk as /dev/sdb.

My /dev/sdb, since there is no way to have a new disk with the same geometry, I decided to remove it.
The bios utility of my SCSI controller is quite strange and I cannot remove my une-disk logical volume without remove all the configuration.

root@arch:~# pvdisplay
  /dev/sdb: read failed after 0 of 4096 at 0: input/output Error
  /dev/sdb: read failed after 0 of 4096 at 146695716864: input/output Error
  /dev/sdb: read failed after 0 of 4096 at 146695774208: input/output Error
  /dev/sdb: read failed after 0 of 4096 at 4096: input/output Error
  — Physical volume —
  PV Name               /dev/sda1
  VG Name               vg_system
  PV Size               838,12 GiB / not usable 2,00 MiB
  Allocatable           yes
  PE Size               4,00 MiB
  Total PE              214559
  Free PE               21184
  Allocated PE          193375
  PV UUID               ZQQwAs-yGgP-LZXk-3cTy-yaOb-gijr-bnUCz4

So I’d better to leave my controller untouched and tell my linux CentOS to forget the /dev/sdb disk.

root@arch:~# echo 1 > /sys/block/sdb/device/delete


May 3rd, 2013

Thanks to a Sebastian’s post here, I noticed the existence of  x2go. I’ve just tested it and I liked it a lot. X2go is a very nice way to access my linux desktop.

In order to install x2go server-side, on a Centos 6.4 I only needed theese commands:

yum update
wget -O /etc/yum.repos.d/x2go.repo
yum update
yum install x2goserver


vi /etc/group

to add the guys to be allowed to connect to their desktop. E.g.


The x2go windows client can be downloaded from