Patch for xymonnet: Fails to detect closed ports on SSL-enabled services

list Henrik Størner
Fri, 11 Dec 2015 12:05:59 +0100
Message-Id: <user-d96722f9af56@xymon.invalid>

Hi,

I ran into a weird issue this morning.

When testing an SSL-enabled service (amqps), the status showed up as green even though there was no service listening on the port.

It may be related to the fairly old OpenSSL version installed (0.9.8j + SUSE patches), because I have never seen it before - and it sounds like the kind of bug that ought to pop up fairly quickly.

Debug shows:
38969 2015-12-11 12:02:01.466947 TCP tests completed normally
Address=10.0.0.1:5671, open=1, res=0, err=5, connecttime=0.001542, totaltime=0.001542,
38969 2015-12-11 12:02:01.467163 Sending results for service amqps
38969 2015-12-11 12:02:01.467205 Adding to combo msg: status+30 foo,example,com.amqps green <!-- [flags:OrdastLe] --> Fri Dec 11 12:02:01 2015 amqps ok

The "open=1" is what triggers the green status, but it doesn't match the "err=5" which means the openssl-functions returned an error.

This patch should fix it - against 4.3.24.


Regards,
Henrik

Attachments (1)

attachment.ksh application/octet-stream · 1.1 KB