HTTPS problems in 4.3.11
list Andrey Chervonets
I had found 2 problems that are reproducable only on 4.3.11 XyMon server (CentOS release 6.4 (Final)), on 4.3.4 (CentOS release 5.6 (Final)) works fine. Problem 1) Some https resources reported with red (http) and white (content), while really it can be accessed # hosts.cfg record 0.0.0.0 epak.pmlp.gov.lv # noconn https://epak.pmlp.gov.lv/ cont; https://epak.pmlp.gov.lv/NYX.Nyx002.WebSite/Default.aspx;"E-pakalpojums"; http test output: # XyMon output: https://epak.pmlp.gov.lv/NYX.Nyx002.WebSite/Default.aspx - Server timeout Seconds: 11.72 https://epak.pmlp.gov.lv/ - Server timeout Seconds: 11.72 # content column output: An error occurred while testing URL https://epak.pmlp.gov.lv/NYX.Nyx002.WebSite/Default.aspx No output received from server But is accessible for example with lynx (or wget) on the same server. And are green (both http and content) on other (4.3.4) XyMon server Both monitoring servers running on CentOS Problem 2) # hosts.cfg record (here in e-mail IP-last digits replaced with NN): 83.99.NN.NN p3-312.abcr-test # noconn https://83.99.NN.NN:443/ On XyMon 4.3.4 on resource have expired SSL certificate: and reported red for sslcert and green for http SSL certificate for https://83.99.NN.NN:443/ expired 175 days ago https://83.99.221.NN.NN:443/ - OK On XyMon 4.3.11 the same resource reported as red for http, nothing for sslcert https://83.99.NN.NN:443/ - Connected, but got empty response (code:0) Any ideas what can be wrong or how to diagnose? Best regards, Andrey Chervonets SIA CoMinder http://www.cominder.eu/
list Henrik Størner
▸
Den 12-06-2013 07:19, Andrey Chervonets skrev:
I had found 2 problems that are reproducable only on 4.3.11 XyMon server (CentOS release 6.4 (Final)), on 4.3.4 (CentOS release 5.6 (Final)) works fine. Problem 1) Some https resources reported with red (http) and white (content), while really it can be accessed
Going from CentOS 5->6 also means upgrading the OpenSSL libraries to version 1.0 (from 0.9.8e). I assume you compiled 4.3.11 on the new server ? Check that SSL support is enabled in xymon: Run "xymonnet --version" and check that there is a line with "SSL library: OpenSSL...." Could you try building the old Xymon version on the new server and see if that has the same problem ? I don't think you can simply copy over the binary from your old server, since it is built with the old OpenSSL library version.
▸
On XyMon 4.3.4 on resource have expired SSL certificate: and reported red for sslcert and green for http SSL certificate for https://83.99.NN.NN:443/
<https://83.99.nn.nn:443/>expired 175 days ago https://83.99.221.NN.NN:443/ <https://83.99.221.nn.nn:443/>- OK
▸
On XyMon 4.3.11 the same resource reported as red for http, nothing for sslcert https://83.99.NN.NN:443/ <https://83.99.nn.nn:443/>- Connected, but got empty response (code:0)
If an https check fails, then the certificate check will not be updated since there is no certificate to monitor. So this problem really is a consequence of your https-checks not working. Regards, Henrik
list Andrey Chervonets
Message: 13 Date: Wed, 12 Jun 2013 08:00:28 +0200 From: Henrik St?rner <user-ce4a2c883f75@xymon.invalid> To: xymon at xymon.com Subject: Re: [Xymon] HTTPS problems in 4.3.11 Message-ID: <user-baad6e11a05a@xymon.invalid> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
▸
Den 12-06-2013 07:19, Andrey Chervonets skrev:I had found 2 problems that are reproducable only on 4.3.11 XyMon server (CentOS release 6.4 (Final)), on 4.3.4 (CentOS release 5.6 (Final)) works fine. Problem 1) Some https resources reported with red (http) and white (content), while really it can be accessedGoing from CentOS 5->6 also means upgrading the OpenSSL libraries to version 1.0 (from 0.9.8e). I assume you compiled 4.3.11 on the new server ? Check that SSL support is enabled in xymon: Run "xymonnet --version" and
check that there is a line with "SSL library: OpenSSL...."
xymonnet --version just returns xymonnet version 4.3.11RPMs are OK $ rpm -q openssl openssl-devel openssl-1.0.0-27.el6_4.2.x86_64 openssl-devel-1.0.0-27.el6_4.2.x86_64 But I am was sure I had replied Y for SSL tests during installation. To be double sure - I had renamed Makefile and run ./configure again today it was like: .. Checking for OpenSSL ... Compiling with SSL library works OK Linking with SSL library works OK Checking if your SSL library has SSLv2 enabled Will support SSLv2 when testing SSL-enabled network services Xymon can use the OpenSSL library to test SSL-enabled services like https-encrypted websites, POP3S, IMAPS, NNTPS and TELNETS. If you have the OpenSSL library installed, I recommend that you enable this. Do you want to be able to test SSL-enabled services (y) ? Y ... And resulting Makefile is the same as old. diff Makefile Makefile.old returns nothing. part of Makefile for SSL: # # OpenSSL settings # # OpenLDAP settings LDAPFLAGS = # But... 4.3.4 has the same on machine where SSL is working and ./xymonnet --version returns: xymonnet version 4.3.4 SSL library : OpenSSL 0.9.8e-rhel5 01 Jul 2008 LDAP library: OpenLDAP 20343 I had checked on another one machine I had installed XyMon 4.3.11 recently - OpenSUSE 12.3 xymonnet --version returns the same output: xymonnet version 4.3.11 and nothing more. Any ideas where could be the problem? Best regards, Andrey Chervonets SIA CoMinder http://www.cominder.eu/
list Mark Felder
On Thu, 13 Jun 2013 00:45:44 -0500, Andrey Chervonets <user-e7fb5c02322c@xymon.invalid> wrote:
Any ideas where could be the problem?
Compile Xymon yourself. Does the problem persist? If no, it's still a packaging problem.