From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Bug report - Snort Date: Tue, 28 Oct 2014 01:45:35 +0100 Message-ID: <1414457135.15920.282.camel@rice-oxley.tremer.info> In-Reply-To: <544C68CD.70505@dailydata.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1195865419971795974==" List-Id: --===============1195865419971795974== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, this hasn't been reported to me before. The error message does not make much sense to me. It says that a certificate issued by Thawte was also self-signed. This may just have been a misconfiguration on their web server. If that occurs to you again, feel free to open a bug report on our Bugzilla. -Michael On Sat, 2014-10-25 at 22:21 -0500, R. W. Rodolico wrote: > Occurs in at least Core Update 84 and 85. When setting up Snort, and > choosing 'Sourcefire VRT rules for registered users', the following > error comes up. This is with a valid oinkcode which I've replaced below > with xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.: > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --2014-10-25 21:50:26-- > http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxxx= xxxxxxxxxxxxxxxxxxxxxxxxxxxxx > Resolving www.snort.org (www.snort.org)... 50.19.124.119, > 54.225.152.149, 54.243.242.66 > Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80... connected. > HTTP request sent, awaiting response... 301 Moved Permanently > Location: > https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxx= xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > [following] > --2014-10-25 21:50:26-- > https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/xxxxxxxxxxx= xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443... connected. > WARNING: cannot verify www.snort.org's certificate, issued by > '/C=3DUS/O=3DThawte, Inc./CN=3DThawte SSL CA': > Self-signed certificate encountered. > HTTP request sent, awaiting response... 422 Unprocessable Entity > 2014-10-25 21:50:26 ERROR 422: Unprocessable Entity. > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >=20 > Visiting the URL's individually (with the oinkcode) results in the error > message: > ["File not found by name 'snortrules-snapshot-2960.tar.gz'"] > These entries appear to be hard coded on line 265 of ids.cgi > (/srv/web/ipfire/cgi-bin/ids.cgi) >=20 > Updating with "Snort/VRT GPLv2 Community Rules" and "Emergingtrheats.net > Community Rules" appear to work (I was not able to test the > "Subscription" set since I do not have a subscription. >=20 > Rod --===============1195865419971795974== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlVUdWN2QUFvSkVJQjU4UDl2a0FrSEw2NFAvQTMzQk0zZkd0ZkhHQm1VM2lpbDlwK0cK UTNTeXJOV1NoOFJJRGcyMXF4K2JIVTBwdVJWYjQ1KzNUZVFxZmVXMml6ZkJXN05xU0hLblhRbm90 elcvdHV4OQpUbXovYmFOSmNWM2pTUk11OE5URys5MXc0dnpKM3NEZnUxMitEY1c1aXkrbE5SUzhz b1N1UDUxS3dnM3VTaUZ6Cmt0N1g2YmcybVd3bXF3V1hLNzdKU2tYNjdlQUdESVJUeWRrOTB5SGd6 SmJjU0phVmV2YlFIOHRYUU1TcmppT2YKNVFZZWI2L2xwbWlwTnhEeklLWTQwMVdBMCswNWE3QVRB WFkxN3VyZXJacCtIRjQwd2sydzRMeVJ6Z2NyV3dTYgo3c0c0Mis5NzRhMXZqcGpxTDI3bTBkQllM bGdHSHE5L05qcFpWSGNZb1JGejlOTDhsbnA5RmgzYkxmOGQ1NlJsCnkrVU1tY1lvOXMvdXltd3Vm RHYxS285Z24rMzBQMzNnWjBLVFhQbUxiTktRVWFXMkpKN2xVR1RFd1FkSGh0TlYKMGhjL2dCK1Rn bjNMY1A5RUhyNEpmNUpSQnFwTnBIZW5kckk1Y3NuUjNleThvV3l6UlY0czdCVUFDVDJxMkprZApK ejlrVmpXNWl6VzdiY2x3aE5GNkV1cUR2ejRnUVExUXNWZHpMRDEvOFk0Rkw2TW13M3pmWjFuUmMv blRCZS9MCmN4Yi9FcnFuajBpOHdHc0htNE5LS1NGSU1ubVNvK21tbGYzVFRWOTEzdjUyRnZUVG9u SXFQc3dYUjFSRmtUSFkKUnFldVYrdkNjc0lHVzBjOFNoR20ycXFwT1NTRzQ2V05DWmNIdUFENmVV dXozSDN2d2crUkZCYTF3aTdySnVTKwpZSlZYMTFrQVJxUnBkM3RacFdCdgo9N3BKbQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============1195865419971795974==--