Hi,
during installation and configuration of OpenVAS client and server
from SVN HEAD I stomped over an error message I could not parse.
Scenario:
- trust level 2 || 3
- trusted_ca unchanged (i.e. "cacert.pem")
- file does not exist
This results in
| [24767] SSL_CTX_load_verify_locations: error:02001002:system library:fopen:No
such file or directory
sent to stderr and an info box saying:
| Error while setting the trusted CA: cacert.pem\nSSL connections are likely to
fail.
Using strace I found out what the problem was.
In order to help other people be able to parse the error message
properly I propose the patch below which emits a proper message
and also alters the paranoia level so that OpenSSL will not emit
errors on stderr.
Please let me know what you think.
Regards,
Joey
--
It's practically impossible to look at a penguin and feel angry.
Please always Cc to me when replying to me on the lists.
Index: nessus/nessus.c
===================================================================
--- nessus/nessus.c (revision 1790)
+++ nessus/nessus.c (working copy)
@@ -495,6 +495,13 @@
paranoia_level);
paranoia_level = 1;
}
+ else if (!check_exists(trusted_ca))
+ {
+ show_warning(
+ _("paranoia_level=%d but \"trusted_ca\" file not found:\n%s"),
+ paranoia_level, trusted_ca);
+ paranoia_level = 1;
+ }
else
{
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, verify_callback);
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
