[Openvas-devel] openvas-server 2.0.3 doesn't ever try to authenticate user with peer certificate?
Roman Imankulov
roman at netangels.ru
Tue Sep 15 04:55:15 CEST 2009
Hi,
Michael Wiegand <michael.wiegand at intevation.de> wrote:
> Thank you very very much! I have tested you patch and it indeed
> re-enables certificate-based authentication. We will do further tests
> and add error handling and will likely commit your patch to the SVN
> trunk in the next few days.
Glad to be a helpful.
> Out of curiosity, what did you use to create the auth/dname files in
> the user directories of openvas-server? The old scripts from
> Nessus/OpenSSL times seem to write the dname in a different format
> than what is returned by GnuTLS.
It's true, the format was wrong, so I filled up this file manually. But
it's pretty easy to obtain the value in scripts when "gnutls-bin"
package is installed. I find out that actions as below can be
useful:
certtool --certificate-info < path/to/cert.pem
or, directly in script something like this:
certtool --certificate-info < path/to/cert.pem | sed -n
'/^\tSubject:/s/.*: *\(.*\)/\1/p'
--
Roman Imankulov
roman at netangels.ru
More information about the Openvas-devel
mailing list