Freebsd port may interest Henrik
list Jungle Boogie
Hello All, Interesting problem here with xymon-server and sslv2 and sslv3 on freeBSD that I'm told Henrik may like looking into... Failure log: http://package18.nyi.freebsd.org/data/101amd64-default-PR195796/2014-12-12_06h28m13s/logs/errors/xymon-server-4.3.17_4.log Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195796 Do you know how this could be corrected in the freebsd ports? The maintainer of the freeBSD port updated it just yesterday (19 December) bumping it to 4.3.18: https://www.freshports.org/net-mgmt/xymon-server -- inum: 883510009027723 sip: user-d833be146b1b@xymon.invalid xmpp: user-cda201b57d7f@xymon.invalid
list Mark Felder
▸
On Sat, Dec 20, 2014, at 07:34, Jungle Boogie wrote:
Hello All, Interesting problem here with xymon-server and sslv2 and sslv3 on freeBSD that I'm told Henrik may like looking into... Failure log: http://package18.nyi.freebsd.org/data/101amd64-default-PR195796/2014-12-12_06h28m13s/logs/errors/xymon-server-4.3.17_4.log Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195796 Do you know how this could be corrected in the freebsd ports? The maintainer of the freeBSD port updated it just yesterday (19 December) bumping it to 4.3.18: https://www.freshports.org/net-mgmt/xymon-server
To clarify: it's not possible to build xymon against an OpenSSL *without* SSLv2 cipher support. I assume xymon will break if you remove any cipher instead of detecting what is available and reducing feature set.
list Jungle Boogie
Hello All, http://lists.xymon.com/pipermail/xymon/2014-December/040849.html On Monday 22 December Mark Felder composed:
▸
To clarify: it's not possible to build xymon against an OpenSSL *without* SSLv2 cipher support. I assume xymon will break if you remove any cipher instead of detecting what is available and reducing feature set.
Yes, this is true and sorry for not being more clear. + I see the freeBSD ports was updated Xymon updated to 4.3.18 but I don't suppose this provides the options to build without sslv2, correct? -- inum: 883510009027723 sip: user-d833be146b1b@xymon.invalid xmpp: user-cda201b57d7f@xymon.invalid
list Mark Felder
▸
On Tue, Dec 30, 2014, at 16:10, Jungle Boogie wrote:
Hello All, http://lists.xymon.com/pipermail/xymon/2014-December/040849.html On Monday 22 December Mark Felder composed:To clarify: it's not possible to build xymon against an OpenSSL *without* SSLv2 cipher support. I assume xymon will break if you remove any cipher instead of detecting what is available and reducing feature set.Yes, this is true and sorry for not being more clear. + I see the freeBSD ports was updated Xymon updated to 4.3.18 but I don't suppose this provides the options to build without sslv2, correct?
Correct. I did not provide any changes nor test for this capability. I don't believe the situation has improved in 4.3.18.
list Nikolai Lifanov
▸
On 12/30/14 17:10, Jungle Boogie wrote:
Hello All, http://lists.xymon.com/pipermail/xymon/2014-December/040849.html On Monday 22 December Mark Felder composed:To clarify: it's not possible to build xymon against an OpenSSL *without* SSLv2 cipher support. I assume xymon will break if you remove any cipher instead of detecting what is available and reducing feature set.Yes, this is true and sorry for not being more clear. + I see the freeBSD ports was updated Xymon updated to 4.3.18 but I don't suppose this provides the options to build without sslv2, correct?
That's not really a Xymon problem. The Xymon "configure" system is clever enough to figure out that SSLV2 support is missing. The FreeBSD port explicitly sets HAVE_SSLV2_SUPPORT: https://svnweb.freebsd.org/ports/head/net-mgmt/xymon-server/files/Makefile?view=markup#l61 The line should be replaced with "SSLFLAGS = -DHAVE_OPENSSL", and the port should be revbumped to fix this. - Nikolai Lifanov
list Mark Felder
▸
On Wed, Dec 31, 2014, at 13:47, Nikolai Lifanov wrote:
On 12/30/14 17:10, Jungle Boogie wrote:Hello All,http://lists.xymon.com/pipermail/xymon/2014-December/040849.html On Monday 22 December Mark Felder composed: To clarify: it's not possible to build xymon against an OpenSSL *without* SSLv2 cipher support. I assume xymon will break if you remove any cipher instead of detecting what is available and reducing feature set. Yes, this is true and sorry for not being more clear. + I see the freeBSD ports was updated Xymon updated to 4.3.18 but I don't suppose this provides the options to build without sslv2, correct?That's not really a Xymon problem. The Xymon "configure" system is clever enough to figure out that SSLV2 support is missing. The FreeBSD port explicitly sets HAVE_SSLV2_SUPPORT: https://svnweb.freebsd.org/ports/head/net-mgmt/xymon-server/files/Makefile?view=markup#l61 The line should be replaced with "SSLFLAGS = -DHAVE_OPENSSL", and the port should be revbumped to fix this.
Huh, I forgot the port was providing a pregenerated Makefile... (because Xymon's ./configure is interactive). I'll test that out and give it a whirl.
list Mark Felder
▸
On Wed, Dec 31, 2014, at 13:54, Mark Felder wrote:
Huh, I forgot the port was providing a pregenerated Makefile... (because Xymon's ./configure is interactive). I'll test that out and give it a whirl.
It works, so I've updated the port accordingly. Thanks! Annoyed that I didn't notice that flag was in the pregenerated Makefile... I blame whoever I inherited this port from :-)