Geoff,
Take my advice with a grain of salt, but my next steps would be:
- Attempt using other SSL protocols (you can specify in bb-hosts). Your Webshield appliance may be expecting something other than the default method that Hobbit uses. Here is a snippet from the bb-hosts man page:
Some SSL sites will only allow you to connect, if you use specific "dialects" of HTTP or SSL. Normally this is auto-negotiated, but experience shows that this fails on some systems.
bbtest-net can be told to use specific dialects, by adding one or more "dialect names" to the URL scheme, i.e. the "http" or "https" in the URL:
- "2", e.g. https2://www.sample.com <http://www.sample.com>/ : use only SSLv2
- "3", e.g. https3://www.sample.com <http://www.sample.com>/ : use only SSLv3
- "m", e.g. httpsm://www.sample.com/ : use only 128-bit ciphers
- "h", e.g. httpsh://www.sample.com/ : use only >128-bit ciphers
- "10", e.g. http10://www.sample.com <http://www.sample.com>/ : use HTTP 1.0
- "11", e.g. http11://www.sample.com <http://www.sample.com>/ : use HTTP 1.1
These can be combined where it makes sense, e.g to force SSLv2 and HTTP 1.0 you would use "https210".
I suspect that one of the options above will fix your problem. My only other advice if none of that works would be to check the hobbit logs, especially bb-network.log. I would also consider editing the [bbnet] section of hobbitlaunch.cfg, adding the --debug flag to the CMD options, and then restarting hobbit and then watch stdout and/or the bb-network.log to see if it indicates what the problem is.
-Charles
Geoff Hallford wrote:
Hi Charles,
I just used wget w/ SSL to download the file fine but it did complain about the certificate name. Would an invalid certificate affect Hobbit use of HTTPS?:
bigbrother:/hobbit/server/www # wget https://142.224.108.83/apps/SCMClientWin32.exe --no-check-certificate --15:27:35-- https://142.224.108.83/apps/SCMClientWin32.exe =>
SCMClientWin32.exe' Connecting to 142.224.108.83:443 <http://142.224.108.83:443>... connected. WARNING: Certificate verification error for 142.224.108.83 <http://142.224.108.83>: self signed certificate WARNING: certificate common nameWebshield.uhn.ca' doesn't match requested host name `142.224.108.83'. HTTP request sent, awaiting response... 200 OK Length: 12,905,984 (12M) [application/octet-stream]100%[===========================================================================================================>] 12,905,984 3.51M/s ETA 00:00
15:27:41 (3.48 MB/s) - `SCMClientWin32.exe' saved [12905984/12905984]
On 12/18/06, *Charles Jones* < jonescr at cisco.com <mailto:jonescr at cisco.com>> wrote:
Geoff, I guess the next thing to try would be another tool using HTTPs from the hobbit server itself. Either elinks-ssl, curl, or wget w/ SSL support. The goal being to narrow it down to definitely a problem with Hobbit. P.S. I noticed in the Apache banner it says it is on port 1443 instead of the usual 443, so there may be some proxy server or vhost that Hobbit has to go through, which could potentially be part of the problem. Good luck and let us know if you find the answer. -Charles Geoff Hallford wrote:Hi Charles, This is a McAfee Webshield appliance, so I can't go in and check the Apache log. I know the URL is good though because I can access it via any browser from my PC. It's only Hobbit that has an issue with it. Any other thoughts? Thanks. On 12/18/06, *Charles Jones* <jonescr at cisco.com <mailto:jonescr at cisco.com> > wrote: HTTPS is definitely working, or else you would not get the Apache banner at the end. It looks like you are simply checking an invalid URL. Check your apache error log and see if it indicates that SCMClientWin32.exe is being requested from an incorrect path or something. -Charles Geoff Hallford wrote:Hi Everyone, I still have problems getting Hobbit to check URL's that are HTTP*S*. I have compiled with SSL support and the testing does work on items such as LDAPS and SSH but it will not work for HTTPS. Does anyone have any thoughts? I get the following message: --- Mon Dec 18 14:01:59 2006: https://142.224.108.83/apps/SCMClientWin32.exe - Not Found The requested URL /error/HTTP_BAD_REQUEST.html.var was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. ------------------------------------------------------------------------ Apache/2.0.55 (Unix) Server at localhost Port 1443 Seconds: 0.00-- 'If my answers frighten you then you should cease asking scary questions.' --Sam Jackson from Pulp Fiction-- 'If my answers frighten you then you should cease asking scary questions.' --Sam Jackson from Pulp Fiction