Geoff,
Take my advice with a grain of salt, but my next steps would be:
1. Attempt using other SSL protocols (you can specify in bb-hosts). Your
Webshield appliance may be expecting something other than the default method
that Hobbit uses. Here is a snippet from the bb-hosts man page:
Some SSL sites will only allow you to connect, if you use specific
"dialects" of HTTP or SSL. Normally this is auto-negotiated, but experience
shows that this fails on some systems.
bbtest-net can be told to use specific dialects, by adding one or more
"dialect names" to the URL scheme, i.e. the "http" or "https" in the URL:
* "2", e.g. https2://www.sample.com/ : use only SSLv2
* "3", e.g. https3://www.sample.com/ : use only SSLv3
* "m", e.g. httpsm://www.sample.com/ : use only 128-bit ciphers
* "h", e.g. httpsh://www.sample.com/ : use only >128-bit ciphers
* "10", e.g. http10://www.sample.com/ : use HTTP 1.0
* "11", e.g. http11://www.sample.com/ : use HTTP 1.1
These can be combined where it makes sense, e.g to force SSLv2 and HTTP
1.0 you would use "https210".
I suspect that one of the options above will fix your problem. My only
other advice if none of that works would be to check the hobbit logs,
especially bb-network.log. I would also consider editing the [bbnet]
section of hobbitlaunch.cfg, adding the --debug flag to the CMD options,
and then restarting hobbit and then watch stdout and/or the bb-network.logto see if it indicates what the problem is.
-Charles
Geoff Hallford wrote:
Hi Charles,
I just used wget w/ SSL to download the file fine but it did complain
about the certificate name. Would an invalid certificate affect Hobbit use
of HTTPS?:
bigbrother:/hobbit/server/www # wget
https://142.224.108.83/apps/SCMClientWin32.exe --no-check-certificate
--15:27:35-- https://142.224.108.83/apps/SCMClientWin32.exe
=> `SCMClientWin32.exe'
Connecting to 142.224.108.83:443... connected.
WARNING: Certificate verification error for 142.224.108.83: self signed
certificate
WARNING: certificate common name `Webshield.uhn.ca' doesn't match
requested host name `142.224.108.83'.
HTTP request sent, awaiting response... 200 OK
Length: 12,905,984 (12M) [application/octet-stream]
100%[===========================================================================================================>]
12,905,984 3.51M/s ETA 00:00
15:27:41 (3.48 MB/s) - `SCMClientWin32.exe' saved [12905984/12905984]
On 12/18/06, Charles Jones < jonescr (at) cisco.com> wrote:
>
> Geoff,
>
> I guess the next thing to try would be another tool using HTTPs from the
> hobbit server itself. Either elinks-ssl, curl, or wget w/ SSL support. The
> goal being to narrow it down to definitely a problem with Hobbit.
>
> P.S. I noticed in the Apache banner it says it is on port 1443 instead
> of the usual 443, so there may be some proxy server or vhost that Hobbit has
> to go through, which could potentially be part of the problem.
>
> Good luck and let us know if you find the answer.
>
> -Charles
>
> Geoff Hallford wrote:
>
> Hi Charles,
>
> This is a McAfee Webshield appliance, so I can't go in and check the
> Apache log. I know the URL is good though because I can access it via any
> browser from my PC. It's only Hobbit that has an issue with it.
>
> Any other thoughts?
>
> Thanks.
>
> On 12/18/06, Charles Jones <jonescr (at) cisco.com > wrote:
> >
> > HTTPS is definitely working, or else you would not get the Apache
> > banner at the end. It looks like you are simply checking an invalid URL.
> > Check your apache error log and see if it indicates that
> > SCMClientWin32.exe is being requested from an incorrect path or
> > something.
> >
> > -Charles
> >
> > Geoff Hallford wrote:
> >
> > Hi Everyone,
> >
> > I still have problems getting Hobbit to check URL's that are HTTP*S*.
> > I have compiled with SSL support and the testing does work on items such as
> > LDAPS and SSH but it will not work for HTTPS. Does anyone have any thoughts?
> > I get the following message:
> >
> > ---
> >
> > Mon Dec 18 14:01:59 2006:
> >
> > https://142.224.108.83/apps/SCMClientWin32.exe -
> >
> > Not Found
> >
> > The requested URL /error/HTTP_BAD_REQUEST.html.var was not found on this server.
> >
> >
> >
> >
> > Additionally, a 404 Not Found
> >
> > error was encountered while trying to use an ErrorDocument to handle the request.
> >
> > ------------------------------
> > Apache/2.0.55 (Unix) Server at localhost Port 1443
> > Seconds: 0.00
> >
> >
> >
>
>
> --
> 'If my answers frighten you then you should cease asking scary
> questions.' --Sam Jackson from Pulp Fiction
>
>
>
--
'If my answers frighten you then you should cease asking scary questions.'
--Sam Jackson from Pulp Fiction