On Fri, December 11, 2015 3:05 am, Henrik Størner wrote:
Hi,
I ran into a weird issue this morning.
When testing an SSL-enabled service (amqps), the status showed up as
green even though there was no service listening on the port.
It may be related to the fairly old OpenSSL version installed (0.9.8j +
SUSE patches), because I have never seen it before - and it sounds like
the kind of bug that ought to pop up fairly quickly.
Debug shows:
38969 2015-12-11 12:02:01.466947 TCP tests completed normally
Address=10.0.0.1:5671, open=1, res=0, err=5, connecttime=0.001542,
totaltime=0.001542,
38969 2015-12-11 12:02:01.467163 Sending results for service amqps
38969 2015-12-11 12:02:01.467205 Adding to combo msg: status+30
foo,example,com.amqps green <!-- [flags:OrdastLe] --> Fri Dec 11
12:02:01 2015 amqps ok
The "open=1" is what triggers the green status, but it doesn't match
the "err=5" which means the openssl-functions returned an error.
This patch should fix it - against 4.3.24.
This is an odd one. It really does seem like this should have been run
into somehow before...
How would you feel about expanding the parsing in
xymonnet.c:decide_color() to catch for errors even on an open port?
Something like the attached (untested)...
-jc