Your message dated Fri, 02 Jan 2015 12:23:57 +0000 with message-id <[email protected]> and subject line Bug#774307: Removed package(s) from unstable has caused the Debian Bug report #599594, regarding openvas-client: No connection to the remote host using the specified protocol version to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 599594: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599594 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openvas-client Version: 2.0.5-1 Severity: important When trying to connect to the openvas-server from the openvas-client certificate authentication is problematic. Here's what I did after installing openvas-client and openvas-server: As root: 1. - verified that /var/lib/openvas/CA has the appropriate certificates: -rw-r--r-- 1 root root 1525 Oct 9 08:51 cacert.pem -rw-r--r-- 1 root root 4376 Oct 9 08:51 servercert.pem - used openvas-mkcert-client to create a client certificate - moved the contents of the generated /tmp/openvas-mkcert.<some nr> directory to ~/.openvas, changing the owner/group accordingly - copied /var/lib/openvas/CA/cacert.pem to the user's .openvas directory, changing owner/group accordingly 2. verified that the contents of (in my case) /var/lib/openvas/users/frank/auth/dname which is: /C=NL/L=Oostum/O=RUG/OU=CIT/ CN=frank/[email protected] matches the contents of the information in the certificate ~/.openvas/cert_frank.pem. E.g., the certificate shows: Validity Not Before: Oct 9 09:09:58 2010 GMT Not After : Oct 9 09:09:58 2011 GMT Subject: C=NL, L=Oostum, O=RUG, OU=CIT, CN=frank/[email protected] As user 'frank': 1. started openvas-client and clicked the 'connect' button 2. specified (as stored by openvas-client in ~/.openvasrc): trusted_ca = /home/frank/.openvas/cacert.pem cert_file = /home/frank/.openvas/cert_frank.pem key_file = /home/frank/.openvas/key_frank.pem use_client_cert = yes nessusd_port = 9390 paranoia_level = 3 3. Pressed OK in the 'Connect to OpenVAS Server' window, and got the error message Sat Oct 9 11:47:31 2010] Error: Unable to establish a connection to the remote host using the specified protocol version! 4. Opened the Preferences window, and saw as Protocol version 1.0, but this cannot be changed. I found no information about a protocol version in /etc/openvas/openvasd.conf, or in the openvas-client and openvasd man pages. The openvas-server is at version 2.0.3-3, so client and server versions seem to match. The openvas/openvasd.messages log file shows connections from the localhost. E.g., it contains: [Sat Oct 9 10:57:51 2010][28399] openvasd 2.0.3. started [Sat Oct 9 11:28:30 2010][28399] connection from 127.0.0.1 [Sat Oct 9 11:32:10 2010][28399] connection from 127.0.0.1 [Sat Oct 9 11:47:30 2010][28399] connection from 127.0.0.1 Changing the 'paranoia level' to 1 or 2 doesn't change things. Then I created a user using password authentication and this time connection to the server succeeded. Since using certificates, as generated by openvas itself appears not to work -I probably missed something trivial here, but found no clue as to what it might be- I filed this as an important bug. I'm still assuming I overlooked something small here, but if so it might be helpful to increase the visibility of that small item. However, I did find the reported error in the openvas FAQ, but there a mismatch between client and server versions is reported as the cause of the problem. E.g., ... Your client (or server) is too old. Make sure the major version numbers of the client and server match. For example, OpenVAS-Client and OpenVAS-server should both be version 2.x. This message may vary depending on the combination of the client and server that is running. Some OS distributions ship incompatible client and server combinations. But this doesn't seem to be true here as the major versions are identical: $ dpkg -s openvas-client Package: openvas-client Status: install ok installed Version: 2.0.5-1 $dpkg -s openvas-server Package: openvas-server Status: install ok installed Version: 2.0.3-3 I'm looking forward to receiving any advice you might provide Frank Brokken. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages openvas-client depends on: ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-1 FreeType 2 font engine, shared lib ii libgd2-xpm 2.0.36~rc1~dfsg-4 GD Graphics Library version 2 ii libgdchart-gd2-noxpm 0.11.5-7 Generate graphs using the GD libra ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-1+b1 The GTK+ graphical user interface ii libpango1.0-0 1.28.1-1 Layout and rendering of internatio ii libpng12-0 1.2.44-1 PNG library - runtime ii libssl0.9.8 0.9.8o-2 SSL shared libraries ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime openvas-client recommends no packages. openvas-client suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Version: 2.0.5-1.1+rm Dear submitter, as the package openvas-client has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/774307 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
