On Tue, August 25, 2015 10:53 am, Shawn Heisey wrote:
I upgraded to 4.3.21 today, from 4.3.14. It was built using this command:
build/makerpm.sh 4.3.21
After working my way through recovering my configs that were pushed out
of the way as .rpmsave files, I started it. Immediately I got http
alarms failing.
The most interesting one was this. I have xymon monitoring its own URL,
which is secured with SSL:
red Tue Aug 25 11:38:40 2015: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">
&red https://xymon.REDACTED.com/xymon/ - <!DOCTYPE HTML PUBLIC
"-//IETF//DTD HTML 2.0//EN">
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br
/>
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a
href="https://xymon.REDACTED.com/"><b>https://xymon.REDACTED.com/</b></a></blockquote></p>;
<hr>
<address>Apache/2.2.15 (CentOS) user-929a91a0affc@xymon.invalid Port
443</address>
</body></html>
It looks like what's happening is that xymon's http test has forgotten
how to speak HTTPS. It actually looks like it has forgotten how to
speal SSL entirely -- imaps and pop3s are showing yellow status with
"Unexpected service response" messages.
I am now also seeing purple alarms from sslcert, because none of the SSL
stuff is working right.
How can I fix this?
Shawn,
Hmm. Most likely, xymon wasn't built with OpenSSL included. The quickest
way to tell is to look at your "xymonnet" test (a snapshot from when
4.3.21 was running). If the OpenSSL version isn't indicated in the first
few lines, that's definitely the problem.
Do you have build logs from when this was originally run? And can you
indicate your distro and openssl-devel version?
Regards,
-jc