I have installed the latest release branch of gvmd (GIT revision 10c28a22-gvmd-9.0) over the latest stable branch and since then it is no longer able to communicate with ospd-openvas.
Before the upgrade gvmd could communicate without issues with my scanners, through gvmd --verify-scanner.
I read the changelog at https://github.com/greenbone/gvmd/blob/gvmd-9.0/CHANGELOG.md but couldn’t find any explaination which would explain why it stop working.
Any clue ?
I forgot to add the python traceback:
Traceback (most recent call last):
File “/usr/lib/python3.6/socketserver.py”, line 654, in process_request_thread
File “/usr/lib/python3.6/socketserver.py”, line 364, in finish_request
self.RequestHandlerClass(request, client_address, self)
File “/usr/lib/python3.6/socketserver.py”, line 724, in init
File “/opt/gvm/bin/ospd-scanner/lib/python3.6/site-packages/ospd/server.py”, line 127, in handle
File “/opt/gvm/bin/ospd-scanner/lib/python3.6/site-packages/ospd/server.py”, line 167, in handle_request
File “/opt/gvm/bin/ospd-scanner/lib/python3.6/site-packages/ospd/server.py”, line 295, in handle_request
req_socket = self.tls_context.wrap_socket(request, server_side=True)
File “/usr/lib/python3.6/ssl.py”, line 407, in wrap_socket
File “/usr/lib/python3.6/ssl.py”, line 817, in init
File “/usr/lib/python3.6/ssl.py”, line 1077, in do_handshake
File “/usr/lib/python3.6/ssl.py”, line 689, in do_handshake
OSError: [Errno 0] Error
I have no idea how to decrypt this. Perhaps someone can help ?
This seems to be a SSL/TLS issue. I don’t think we touched the code for SSL for a while.
I was able to reproduce the problem with a fresh new install. I’m not a python expert, so is there any way I could enforce logging to deepen what’s wrong ?
After investigating deeper, it also apply to GVM-11 stable version. The problem is not with python, I tried various flavor of pythons will always the same results, nor it is on the client side. The problem is on the manager side, which for some reason don’t speak SSL correctly with the clients.
The issue is 100% linked with the OS upgrade. So it seems the latest SSL librairies provided with Ubuntu are not compatible with GVM-11 manager.
I’m going to try a fresh install with Ubuntu LTS 18.04, see if that works.
Seems to be a bug; there is a discussion on github: https://github.com/greenbone/ospd-openvas/issues/175