[Emerging-Sigs] Anyone else having pulledpork update issues?

JJC cummingsj at gmail.com
Wed Oct 26 10:34:21 EDT 2011


you can try changing the url to what Victor said and / or.. though I'm more
inclined to go with what Victor said.. well atleast look at the cert and see
;-)

:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

from the PP faq:

*When I run PP, I get a 500 error and something about Certificate Authority
or verification about SSL Peers*

   - install or update Mozilla::CA IO::Socket::SSL
      - Will fix it most times. The Mozilla::CA installs/updates the perl
      root certificates and IO::Socket::SSL enables ssl verification
by hostname
      in Crypt::SSLeay.
   - Update your trusted root certificates on your OS, consult the
   documentation for your OS to do this.
   - Alternately you can change the url to http from https for your
   snortrules tarball.

On Wed, Oct 26, 2011 at 8:27 AM, Kevin Ross <kevross33 at googlemail.com>wrote:

> Hmmm actually it is now working on VRT but not ET:
>
> Checking latest MD5 for emerging.rules.tar.gz....
>         Fetching md5sum for: emerging.rules.tar.gz.md5
> ** GET
> https://rules.emergingthreats.net/open-nogpl/snort-2.9.0/emerging.rules.tar.gz.md5==> 500 Can't connect to
> rules.emergingthreats.net:443 (SSL connect attempt failed with unknown
> errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed)
>         Error 500 when fetching
> https://rules.emergingthreats.net/open-nogpl/snort-2.9.0/emerging.rules.tar.gz.md5at /etc/snort/pulledpork/
> pulledpork.pl line 453
>         main::md5file('open-nogpl', 'emerging.rules.tar.gz', '/tmp/', '
> https://rules.emergingthreats.net/open-nogpl/snort-2.9.0/') called at
> /etc/snort/pulledpork/pulledpork.pl line 1758
>
>
>
>
>
> On 26 October 2011 15:23, JJC <cummingsj at gmail.com> wrote:
>
>> Sweet, thanks for letting us know!
>>
>>
>> On Wed, Oct 26, 2011 at 8:17 AM, Kevin Ross <kevross33 at googlemail.com>wrote:
>>
>>> Got it, it wanted IO::Socket:SSL though never warned until I used verbose
>>> mode. Strange thing is one of the sensors this started happening on was
>>> updating happily last week and wasn't changed (though the others were and
>>> stopped working so I thought I was being stupid and missed something out
>>> then other one stopped).
>>>
>>> Oh well it is working now. Thanks :D
>>>
>>>
>>> On 26 October 2011 15:09, JJC <cummingsj at gmail.com> wrote:
>>>
>>>> Generally this is attributable to a certificate issue.  I would run in
>>>> extra verbose mode (-vv) and there should be some more specific errors about
>>>> the connection issue.
>>>>
>>>> JJC
>>>>
>>>>
>>>> On Wed, Oct 26, 2011 at 2:58 AM, Kevin Ross <kevross33 at googlemail.com>wrote:
>>>>
>>>>> Anyone else having similar issues? Strange thing is this was working
>>>>> only the other week. Same thing happens if ET only, if using HTTP etc and it
>>>>> was updating successfully before.
>>>>>
>>>>>     http://code.google.com/p/pulledpork/
>>>>>       _____ ____
>>>>>      `----,\    )
>>>>>       `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
>>>>>        `--==\\/
>>>>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
>>>>>   @_/        /  66\_  cummingsj at gmail.com
>>>>>     |    \   \   _(")
>>>>>      \   /-| ||'--'  Rules give me wings!
>>>>>       \_\  \_\\
>>>>>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>
>>>>> Checking latest MD5 for snortrules-snapshot-2910.tar.gz....
>>>>>     Error 500 when fetching
>>>>> https://www.snort.org/reg-rules/snortrules-snapshot-2910.tar.gz.md5 at
>>>>> /etc/snort/pulledpork/pulledpork.pl line 453
>>>>>     main::md5file('d9ac73ada9e6a80d442704b17b127d1c38f41200',
>>>>> 'snortrules-snapshot-2910.tar.gz', '/tmp/', '
>>>>> https://www.snort.org/reg-rules/') called at /etc/snort/pulledpork/
>>>>> pulledpork.pl line 1758
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20111026/e2e41d9c/attachment-0001.html


More information about the Emerging-sigs mailing list