On 23 October 2013 21:16, Andrey Chervonets <user-e7fb5c02322c@xymon.invalid>wrote:
Problem is for some sites with valid certificates too.
I had checked to access page with wget or lynx - and it is working.
So I do not see reason why Xymon should get "Server Timeout" for the same
target.
Here is the debug of wget. Please, advice how to diagnose/debug Xymon to
find the solution.
I am a bit confused why nobody reporting the same problem:
* nobody using new openssl libraries?
* nobody do https tests for some, may a bot non-standard SSL certificates
or web-sites?
You might just be unlucky. If half of all websites have implementations
that trigger the problem, and if half of all Xymon installations have the
buggy openssl library, then only 25% of people will get the problem. Given
that not all Xymon users test https websites, and of those, not all of them
are subscribed to The List, the odds drop off very quickly. Oh, and my
first guesses of half websites and half of openssl installs used for Xymon
is almost certainly very high. The proportions might be closer to 10%. So
the odds are against you finding someone else on The List with the same
symptoms.
Try the following:
ldd `which wget` | egrep "ssl|crypto"
ldd ~xymon/server/bin/xymonnet | egrep "ssl|crypto"
ldd `which openssl` | egrep "ssl|crypto"
If the libraries used by the two tools are different, then you should not
be surprised to get different behaviour.
Try configuring a known good website on the Internet in your https
monitoring. I'm guessing that https://www.xymon.org/ would be OK.
Try to connect to the websites using openssl:
openssl s_client -connect epak.pmlp.gov.lv:443
If that times out, it might show a message to indicate why.
J