On 2014-06-20 10:32, Abelardo Ricart wrote:
I'm part of an effort to package OpenVAS for Arch Linux, but we can't
seem to get it working.
Which version ?
Here's the relevant output of openvas-check-setup:
ERROR: The number of NVTs in the OpenVAS Manager database is too
lowFIX:
Make sure OpenVAS Scanner is running with an up-to-date NVT
collection
and run 'openvasmd --rebuild'.
Attempting to run openvasmd --rebuild fails with:
Rebuilding NVT cache... failed.
And in openvasmd.log we have this:
Failed to shake hands with peer: The TLS connection was non-properly
terminated.
Probable guess: Certificates issue, maybe ?
update_or_rebuild_nvt_cache: failed to connect to scanner
Failed to gnutls_bye: GnuTLS internal error.
Attempting to connect to openvassd with gnutls-cli-debug gives us:
Resolving '127.0.0.1'...
Connecting to '127.0.0.1:9391'...
Checking for SSL 3.0 support... no
Checking whether %COMPAT is required... yes
Checking for TLS 1.0 support... no
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... no
Checking whether we need to disable TLS 1.2... yes
Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 and TLS
1.2
We are using GnuTLS 3.3.4
Any ideas?
gnutls-cli-debug is more confusing then anything else in this case as
it fails to connect because it doesn't provides any certificates (you
can verify the SSL handshake with Wireshark, for instance.)
What you need to test is something like this:
gnutls-cli --x509cafile /usr/var/lib/openvas/CA/cacert.pem
--x509certfile /usr/var/lib/openvas/CA/clientcert.pem --x509keyfile
/usr/var/lib/openvas/private/CA/clientkey.pem --insecure -p 9391
localhost
(You may send "< OTP/2.0 >\n" to be sure of correct data exchange.)
Adjust parameters for your certificates' paths, bind port etc,.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
