Has anyone actually used the TLS connection type for any openvas scripts just yet? I’ve always used the socket type, but now that I’m separating my docker container, I’m having to connect to it separately where the socket isn’t available anymore.
However, I’m struggling with finding documentation on properly connecting via TLS. I do see a very basic example of a <get_version/> so I’m trying to build off of this, but I’m having issues with this.
My GSAD service is listening on HTTPS and I’ve also got certificates generated and everything, so I can connect to it just fine via the web interface. From the CLI though, I’m getting some very unhelpful error messages:
root@3ba0d87b6d89:/home/gvm# runuser -u gvm -- gvm-cli --log DEBUG --gmp-username admin --gmp-password $(cat /root/creds.txt) tls --port 9392 --xml "<get_version/>"
The read operation timed out
I took a look at the debug file, and all it says is this (not concerned about the pw showing):
root@3ba0d87b6d89:/home/gvm# cat gvm-cli.log
DEBUG:gvmtools.parser:Ignoring non existing config file ~/.config/gvm-tools.conf
DEBUG:root:Parsed arguments Namespace(config='~/.config/gvm-tools.conf', loglevel='DEBUG', timeout=60, gmp_username='admin', gmp_password='4b27dd66-1f4e-44b3-92f1-e0349a1c7ed9', connection_type='tls', protocol='GMP', hostname='127.0.0.1', port=9392, certfile=None, keyfile=None, cafile=None, no_credentials=False, xml='<get_version/>', raw=False, pretty=False, duration=False, infile=None)
DEBUG:gvmtools.parser:Ignoring non existing config file ~/.config/gvm-tools.conf
DEBUG:root:Parsed arguments Namespace(config='~/.config/gvm-tools.conf', loglevel='DEBUG', timeout=60, gmp_username='admin', gmp_password='4b27dd66-1f4e-44b3-92f1-e0349a1c7ed9', connection_type='tls', protocol='GMP', hostname='127.0.0.1', port=9392, certfile=None, keyfile=None, cafile=None, no_credentials=False, xml='<get_version/>', raw=False, pretty=False, duration=False, infile=None)
However, I can curl port 9392 just fine. For the sake of testing, I’m doing this from within the openvas container itself and only curl works:
root@3ba0d87b6d89:/home/gvm# curl https://localhost:9392 -k; echo
<!doctype html><html><head><link rel="icon" href="/img/favicon.png" type="image/png"/><title>Greenbone Security Assistant</title><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><script type="text/javascript" src="/config.js"></script><script defer="defer" src="/static/js/main.88feaf64.js"></script><link href="/static/css/main.8aca95b1.css" rel="stylesheet"></head><body><div id="app"></div><div id="portals"></div></body></html>
root@3ba0d87b6d89:/home/gvm#
So if curl works, why can’t gvm-cli? I feel like I’m missing something here but can’t find anything else in the documentation or error logs to help.