On 07-08-2013 19:56, John D. Alexander wrote:
The website is private. I've already rolled back the code but I can
reapply the patch and take screen shots if need be.
Judging from the fact that Xymon was saying that the certificates
expired about 42 years ago, a couple of the programmers here indicate
that it's not picking up data from the certificate properly and
interpreting that as the epoch and counting forward from there for
expiration date.
Xymon uses the OpenSSL library routines to handle the SSL details, so I would be rather surprised if some kind of bogus certificate data got through all the way to the Xymon code - the openssl library is supposed to discard such invalid data and report an error.
More likely it is some kind of integer overflow. 15500 days before now is suspiciously close to Jan 1st 1970 (start of Unix epoch).
But it surprises me a bit, since I setup a test site here with two vhosts and different certificates, and the new code worked fine here - got the right certificate for each of the two hosts.
What version of OpenSSL are you running on the server where Xymon is compiled ? You can check by running "xymonnet --version".
I'll probably send you (directly, not via the list) a test-version of Xymon that logs some more debugging data for this - sometime later this week.
Regards,
Henrik