SNORT:Rules download error: SSL certificate problem: self signed certificate in

Nachtfalke

Hi,

I am running squid in transparent mode on my pfsense. Further I added pfsense itself to configure with this squid proxy on the LAN interface. In general this is working. Unfortunately when trying to download snort updates I am getting a certificate warning in syslog:

Rules download error: SSL certificate problem: self signed certificate in certificate chain

So I modified the following file to make sure that curl "trusts" the CA and can download the updates:

/usr/local/pkg/snort/snort_check_for_rule_updates.php

Original:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

Modified:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

Now the update is working.

Question:
Is there a way or are there plans to make snort aware of a specific CA like we do when we add a CA to a webbrowser when intercepting SSL?

Kind regards!

bmeeks

At the moment nothing like that is in the code, but I guess it could be added.  Perhaps as an option that is configurable on the GLOBAL SETTINGS tab.  The line of code you altered to trust self-signed CAs was added to the Snort GUI code base a while back in an attempt to improve security, but it has the unintended side effect of interfering with some edge-case setups.

Bill