[Openvas-devel] openvas-server 2.0.3 doesn't ever try to authenticate user with peer certificate?

Roman Imankulov roman at netangels.ru
Tue Sep 15 04:55:15 CEST 2009


Michael Wiegand <michael.wiegand at intevation.de> wrote:

> Thank you very very much! I have tested you patch and it indeed
> re-enables certificate-based authentication. We will do further tests
> and add error handling and will likely commit your patch to the SVN
> trunk in the next few days.

Glad to be a helpful.

> Out of curiosity, what did you use to create the auth/dname files in
> the user directories of openvas-server? The old scripts from
> Nessus/OpenSSL times seem to write the dname in a different format
> than what is returned by GnuTLS.

It's true, the format was wrong, so I filled up this file manually. But
it's pretty easy to obtain the value in scripts when "gnutls-bin"
package is installed. I find out that actions as below can be

certtool --certificate-info <  path/to/cert.pem

or, directly in script something like this:

certtool --certificate-info <  path/to/cert.pem | sed -n
'/^\tSubject:/s/.*: *\(.*\)/\1/p'

Roman Imankulov
roman at netangels.ru

More information about the Openvas-devel mailing list