Just for the list archive, and for your peace of mind, Daniel, here's a brief
summary of the discussion Jill and I have had off-list:

It appears that Snort uses curl to gather data from its sensors. Snort
generates its own certificate so that it can securely talk to itself, and that
was just fine, right up until that little bug was discovered in the
certificate authentication process. Remember that? That's when curl, by
default, started to bitch about certificates that it couldn't verify against
its own ca-bundle.crt.

The current beta-test version of Snort checks the curl version and uses the -k
option if its greater than 7.9. The older version, however, doesn't, and so
gets toasted.

Ralph

Jill Tovey wrote:

> Hi everyone
>
> Some of you may remember,
>
> I am at the sensor console for snort
>
> (https://localhost/snortcenter/sensor.php)
>
> and I get the certificate error
>
> (curl: (35) SSL: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed)
>
> Now,
>
> I want to just get rid of this need for a certificate because creating
> them myself and adding them to httpd.conf etc just does not seem to be
> working.
>
> so if i type
>
> curl -k https://localhost/snortcenter/sensor.php
>
> it returns Loading Page...<p><font size="1">Or click <a
> href="login.php">here</a> if page does not change.</font>[root_at_xx bin]#
>
> so that seems to have gone well right?
>
> So why is it, when I return to the sensor.php page, it still shows this
> certificate error??

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
Received on 2003-04-10