Xymon Mailing List Archive search

Missing support for HTTP/2 ?

list Jeremy Laidman
Thu, 9 Nov 2023 09:26:20 +1100
Message-Id: <CACO=user-6b884d0451d6@xymon.invalid>

On Wed, 8 Nov 2023 at 23:14, Ingeborg Hellemo via Xymon <xymon at xymon.com>
wrote:

~/server/bin/xymonnet --debug --no-update <servername>

35422 2023-11-08 13:06:06.168385 1 status messages merged into 1
transmissions
Address=[IP]:443, open=1, res=0, err=5, connecttime=0.000303,
totaltime=0.002631,
httpstatus = -5, open=1, errcode=5, parsestatus=0
Response:
(no headers)
URL                      : https://<servername>/
HTTP status              : -5

I'm surprised there isn't some kind of error message being displayed. err=5
is "CONTEST_ESSL" meaning something went wrong in the SSL comms, or setup.
In most cases where the error code is set to CONTEST_ESSL, there's an
"errprintf()" that describes the error. I'd have thought "--debug" would
show these on STDERR.

The missing error message is likely going to help narrow down the problem.
These are all of the error messages in contest.c where err is set to
CONTEST_ESSL:

errprintf("SSL test, but xymonnet was built without SSL support\n");
errprintf("Failed to find enough entropy on your system");
errprintf("Cannot create SSL context - IP %s, service %s: %s\n",
                                  inet_ntoa(item->addr.sin_addr),
item->svcinfo->svcname, sslerrmsg);
errprintf("Cannot load SSL client certificate/key %s: %s\n",
                                  item->ssloptions->clientcert, sslerrmsg);
errprintf("SSL_new failed - IP %s, service %s: %s\n",
                                  inet_ntoa(item->addr.sin_addr),
item->svcinfo->svcname, sslerrmsg);
errprintf("Private/public key mismatch for certificate %s\n",
item->ssloptions->clientcert);
errprintf("Could not initiate SSL on connection - IP %s, service %s: %s\n",
                                  inet_ntoa(item->addr.sin_addr),
item->svcinfo->svcname, sslerrmsg);
errprintf("IO error in SSL_connect to %s on host %s: %s\n",
                                  portinfo, inet_ntoa(item->addr.sin_addr),
sslerrmsg);
errprintf("Unspecified SSL error in SSL_connect to %s on host %s: %s\n",
                                  portinfo, inet_ntoa(item->addr.sin_addr),
sslerrmsg);
errprintf("Unknown error %d in SSL_connect to %s on host %s: %s\n",
                                  err, portinfo,
inet_ntoa(item->addr.sin_addr), sslerrmsg);
errprintf("Cannot get peer certificate for %s on host %s\n",
                          portinfo, inet_ntoa(item->addr.sin_addr));

Perhaps these can give you some clues about what might be going wrong.

I also suggest taking a look at the webserver logs for any errors, warnings
or notice messages associated with the xymonnet connection.

J