Hi,

this hasn't been reported to me before.

The error message does not make much sense to me. It says that a
certificate issued by Thawte was also self-signed. This may just have
been a misconfiguration on their web server.

If that occurs to you again, feel free to open a bug report on our
Bugzilla.

-Michael

On Sat, 2014-10-25 at 22:21 -0500, R. W. Rodolico wrote:
> Occurs in at least Core Update 84 and 85. When setting up Snort, and
> choosing 'Sourcefire VRT rules for registered users', the following
> error comes up. This is with a valid oinkcode which I've replaced below
> with xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.:
> ======================================================================
> --2014-10-25 21:50:26--
> http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Resolving www.snort.org (www.snort.org)... 50.19.124.119,
> 54.225.152.149, 54.243.242.66
> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80... connected.
> HTTP request sent, awaiting response... 301 Moved Permanently
> Location:
> https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> [following]
> --2014-10-25 21:50:26--
> https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443... connected.
> WARNING: cannot verify www.snort.org's certificate, issued by
> '/C=US/O=Thawte, Inc./CN=Thawte SSL CA':
>   Self-signed certificate encountered.
> HTTP request sent, awaiting response... 422 Unprocessable Entity
> 2014-10-25 21:50:26 ERROR 422: Unprocessable Entity.
> ======================================================================
> 
> Visiting the URL's individually (with the oinkcode) results in the error
> message:
> ["File not found by name 'snortrules-snapshot-2960.tar.gz'"]
> These entries appear to be hard coded on line 265 of ids.cgi
> (/srv/web/ipfire/cgi-bin/ids.cgi)
> 
> Updating with "Snort/VRT GPLv2 Community Rules" and "Emergingtrheats.net
> Community Rules" appear to work (I was not able to test the
> "Subscription" set since I do not have a subscription.
> 
> Rod