[Openvas-devel] openvas-server 2.0.3 doesn't ever try to authenticate user with peer certificate?

Michael Wiegand michael.wiegand at intevation.de
Mon Sep 14 09:23:20 CEST 2009


* Roman Imankulov [12. Sep 2009]:
> Hi,
> 
> As I can suppose, current openvas-server implementaion has broken
> certificate-based authentication (I've tried with version 2.0.3 it
> seems that svn trunk has the same behaviour).

This is indeed true. I just noticed this the other day while trying out
the certificate-based authentication. Apparently, this feature was
unintentionally broken during the switch from OpenSSL to GnuTLS in
openvas-server.

> I've made a quick and dirty patch which fix this behaviour (in
> attachment) and it seems that this one works as expected for me. I want
> to note however that this patch provides no error handling and I'm not
> sure that this code works as expected in all cases.

Thank you very very much! I have tested you patch and it indeed
re-enables certificate-based authentication. We will do further tests and
add error handling and will likely commit your patch to the SVN trunk in
the next few days.

Out of curiosity, what did you use to create the auth/dname files in
the user directories of openvas-server? The old scripts from
Nessus/OpenSSL times seem to write the dname in a different format than
what is returned by GnuTLS.

Regards,

Michael


-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabrück, Germany   |    AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090914/8066b67a/attachment.pgp


More information about the Openvas-devel mailing list