Re: [hobbit] Problems with HTTPS Continue

[Charles Jones <jonescr (at) cisco.com>]

Geoff,

Take my advice with a grain of salt, but my next steps would be:

1. Attempt using other SSL protocols (you can specify in bb-hosts). Your 
Webshield appliance may be expecting something other than the default 
method that Hobbit uses.  Here is a snippet from the bb-hosts man page:

Some SSL sites will only allow you to connect, if you use specific 
"dialects" of HTTP or SSL. Normally this is auto-negotiated, but 
experience shows that this fails on some systems.

bbtest-net can be told to use specific dialects, by adding one or more 
"dialect names" to the URL scheme, i.e. the "http" or "https" in the URL:

* "2", e.g. https2://www.sample.com <http://www.sample.com>/ : use only 
SSLv2
* "3", e.g. https3://www.sample.com <http://www.sample.com>/ : use only 
SSLv3
* "m", e.g. httpsm://www.sample.com/ : use only 128-bit ciphers
* "h", e.g. httpsh://www.sample.com/ : use only >128-bit ciphers
* "10", e.g. http10://www.sample.com <http://www.sample.com>/ : use HTTP 
1.0
* "11", e.g. http11://www.sample.com <http://www.sample.com>/ : use HTTP 
1.1

These can be combined where it makes sense, e.g to force SSLv2 and HTTP 
1.0 you would use "https210".

I suspect that one of the options above will fix your problem. My only 
other advice if none of that works would be to check the hobbit logs, 
especially bb-network.log. I would also consider editing the [bbnet] 
section of hobbitlaunch.cfg, adding the --debug flag to the CMD options, 
and then restarting hobbit and then watch stdout and/or the 
bb-network.log to see if it indicates what the problem is.

-Charles

Geoff Hallford wrote:
> Hi Charles,
>
> I just used wget w/ SSL to download the file fine but it did complain 
> about the certificate name. Would an invalid certificate affect Hobbit 
> use of HTTPS?:
>
> bigbrother:/hobbit/server/www # wget 
> https://142.224.108.83/apps/SCMClientWin32.exe --no-check-certificate
> --15:27:35--  https://142.224.108.83/apps/SCMClientWin32.exe
>            => `SCMClientWin32.exe'
> Connecting to 142.224.108.83:443 <http://142.224.108.83:443>... connected.
> WARNING: Certificate verification error for 142.224.108.83 
> <http://142.224.108.83>: self signed certificate
> WARNING: certificate common name `Webshield.uhn.ca' doesn't match 
> requested host name `142.224.108.83'.
> HTTP request sent, awaiting response... 200 OK
> Length: 12,905,984 (12M) [application/octet-stream]
>
> 100%[===========================================================================================================>] 
> 12,905,984     3.51M/s    ETA 00:00
>
> 15:27:41 (3.48 MB/s) - `SCMClientWin32.exe' saved [12905984/12905984]
>
>
> On 12/18/06, *Charles Jones* < jonescr (at) cisco.com 
> <mailto:jonescr (at) cisco.com>> wrote:
>
>     Geoff,
>
>     I guess the next thing to try would be another tool using HTTPs
>     from the hobbit server itself. Either elinks-ssl, curl, or wget w/
>     SSL support.  The goal being to narrow it down to definitely a
>     problem with Hobbit. 
>
>     P.S. I noticed in the Apache banner it says it is on port 1443
>     instead of the usual 443, so there may be some proxy server or
>     vhost that Hobbit has to go through, which could potentially be
>     part of the problem.
>
>     Good luck and let us know if you find the answer.
>
>     -Charles
>
>     Geoff Hallford wrote:
> >     Hi Charles,
> >
> >     This is a McAfee Webshield appliance, so I can't go in and check
> >     the Apache log. I know the URL is good though because I can
> >     access it via any browser from my PC. It's only Hobbit that has
> >     an issue with it.
> >
> >     Any other thoughts?
> >
> >     Thanks.
> >
> >     On 12/18/06, *Charles Jones* <jonescr (at) cisco.com
> >     <mailto:jonescr (at) cisco.com> > wrote:
> >
> >         HTTPS is definitely working, or else you would not get the
> >         Apache banner at the end. It looks like you are simply
> >         checking an invalid URL. Check your apache error log and see
> >         if it indicates that SCMClientWin32.exe is being requested
> >         from an incorrect path or something.
> >
> >         -Charles
> >
> >
> >         Geoff Hallford wrote:
> > >         Hi Everyone,
> > >
> > >         I still have problems getting Hobbit to check URL's that are
> > >         HTTP*S*. I have compiled with SSL support and the testing
> > >         does work on items such as LDAPS and SSH but it will not
> > >         work for HTTPS. Does anyone have any thoughts? I get the
> > >         following message:
> > >
> > >         ---
> > >
> > >         Mon Dec 18 14:01:59 2006:
> > >         https://142.224.108.83/apps/SCMClientWin32.exe - 
> > >
> > >         Not Found
> > >
> > >         The requested URL /error/HTTP_BAD_REQUEST.html.var was not found on this server.
> > >
> > >
> > >
> > >
> > >         Additionally, a 404 Not Found
> > >
> > >         error was encountered while trying to use an ErrorDocument
> > >         to handle the request.
> > >
> > >         ------------------------------------------------------------------------
> > >         Apache/2.0.55 (Unix) Server at localhost Port 1443
> > >
> > >
> > >         Seconds:     
> > >         0.00
> > >
> > >           
> >
> >
> >
> >
> >     -- 
> >     'If my answers frighten you then you should cease asking scary
> >     questions.' --Sam Jackson from Pulp Fiction 
>
>
>
>
> --
> 'If my answers frighten you then you should cease asking scary 
> questions.' --Sam Jackson from Pulp Fiction