From a.chervonets@cominder.eu Wed Jun 24 08:22:32 2026 From: "A.Chervonets@cominder.eu" To: xymon@xymon.com Subject: [Xymon] XyMon 4.3.12 - what about HTTPS problems reported for 4.3.11 ? Date: Wed, 23 Oct 2013 13:16:07 +0300 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3775393649471935843==" --===============3775393649471935843== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Problem is for some sites with valid certificates too. I had checked to access page with wget or lynx - and it is working. So I do not see reason why Xymon should get "Server Timeout" for the same=20 target. Here is the debug of wget. Please, advice how to diagnose/debug Xymon to=20 find the solution. I am a bit confused why nobody reporting the same problem: * nobody using new openssl libraries? * nobody do https tests for some, may a bot non-standard SSL certificates=20 or web-sites? Anyway, my opinion - if this is working for all other tools like lynx,=20 wget, browsers, this could also work in Xymon. Test case: both URL get Server Timeout in Xymon, but working with wget: URL1: https://epak.pmlp.gov.lv/ (here is redirect - I had found Xymon=20 may have trouble with redirects over https) URL2: https://epak.pmlp.gov.lv/NYX.Nyx002.WebSite/Default.aspx (no=20 redirects here, certificate valid, but XyMon can not access it) =3D=3D=3D=3D=3D=3D=3D=3D=3D URL1: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [xymon at myhost~]$ wget --debug https://epak.pmlp.gov.lv/ DEBUG output created by Wget 1.12 on linux-gnu. --2013-10-23 13:02:52-- https://epak.pmlp.gov.lv/ Resolving epak.pmlp.gov.lv... 195.234.144.230 Caching epak.pmlp.gov.lv =3D> 195.234.144.230 Connecting to epak.pmlp.gov.lv|195.234.144.230|:443... connected. Created socket 3. Releasing 0x0000000001606440 (new refcount 1). Initiating SSL handshake. Handshake successful; connected socket 3 to SSL handle 0x0000000001607570 certificate: subject: /C=3DLV/ST=3DRiga/L=3DRiga/O=3DOffice of Citizenship and Migration= =20 Affairs/OU=3DDepartment of Population Register/CN=3D*.pmlp.gov.lv issuer: /C=3DUS/O=3DThawte, Inc./CN=3DThawte SSL CA X509 certificate successfully verified and matches host epak.pmlp.gov.lv ---request begin--- GET / HTTP/1.0 User-Agent: Wget/1.12 (linux-gnu) Accept: */* Host: epak.pmlp.gov.lv Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 301 Moved Permanently Content-Length: 179 Content-Type: text/html Location: https://epak.pmlp.gov.lv/NYX.Nyx001.WebSite/Default.aspx Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Wed, 23 Oct 2013 10:02:45 GMT Connection: keep-alive ---response end--- 301 Moved Permanently Registered socket 3 for persistent reuse. Location: https://epak.pmlp.gov.lv/NYX.Nyx001.WebSite/Default.aspx=20 [following] Skipping 179 bytes of body: [Document Moved

Object Moved

This document may be found here]=20 done. --2013-10-23 13:02:52-- =20 https://epak.pmlp.gov.lv/NYX.Nyx001.WebSite/Default.aspx Reusing existing connection to epak.pmlp.gov.lv:443. Reusing fd 3. ---request begin--- GET /NYX.Nyx001.WebSite/Default.aspx HTTP/1.0 User-Agent: Wget/1.12 (linux-gnu) Accept: */* Host: epak.pmlp.gov.lv Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 200 OK Connection: keep-alive Date: Wed, 23 Oct 2013 10:02:45 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=3Dxpwkktquphtyv02va2ms1ejv; path=3D/; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=3Dutf-8 Content-Length: 7365 ---response end--- 200 OK Stored cookie epak.pmlp.gov.lv -1 (ANY) / [expiry=20 none] ASP.NET_SessionId xpwkktquphtyv02va2ms1ejv Length: 7365 (7.2K) [text/html] Saving to: `Default.aspx.2' 100%[=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D>]=20 7,365 --.-K/s in 0s 2013-10-23 13:02:52 (832 MB/s) - `Default.aspx.2' saved [7365/7365] =3D=3D=3D=3D=3D=3D=3D=3D=3D URL2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [xymon at myhost~]$ wget --debug=20 https://epak.pmlp.gov.lv/NYX.Nyx002.WebSite/Default.aspx DEBUG output created by Wget 1.12 on linux-gnu. --2013-10-23 13:03:58-- =20 https://epak.pmlp.gov.lv/NYX.Nyx002.WebSite/Default.aspx Resolving epak.pmlp.gov.lv... 195.234.144.230 Caching epak.pmlp.gov.lv =3D> 195.234.144.230 Connecting to epak.pmlp.gov.lv|195.234.144.230|:443... connected. Created socket 3. Releasing 0x00000000013ae4d0 (new refcount 1). Initiating SSL handshake. Handshake successful; connected socket 3 to SSL handle 0x00000000013af620 certificate: subject: /C=3DLV/ST=3DRiga/L=3DRiga/O=3DOffice of Citizenship and Migration= =20 Affairs/OU=3DDepartment of Population Register/CN=3D*.pmlp.gov.lv issuer: /C=3DUS/O=3DThawte, Inc./CN=3DThawte SSL CA X509 certificate successfully verified and matches host epak.pmlp.gov.lv ---request begin--- GET /NYX.Nyx002.WebSite/Default.aspx HTTP/1.0 User-Agent: Wget/1.12 (linux-gnu) Accept: */* Host: epak.pmlp.gov.lv Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 200 OK Connection: keep-alive Date: Wed, 23 Oct 2013 10:03:51 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=3Dpecngh45oqe2sk45vhthua55; path=3D/; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=3Dutf-8 Content-Length: 8619 ---response end--- 200 OK Stored cookie epak.pmlp.gov.lv -1 (ANY) / [expiry=20 none] ASP.NET_SessionId pecngh45oqe2sk45vhthua55 Registered socket 3 for persistent reuse. Length: 8619 (8.4K) [text/html] Saving to: `Default.aspx.3' 100%[=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D>]=20 8,619 --.-K/s in 0s 2013-10-23 13:03:58 (1007 MB/s) - `Default.aspx.3' saved [8619/8619] ------------------- this is output from: User-Agent: Wget/1.12 (linux-gnu) output from host with older ssl and wget is the same (except User-Agent:=20 Wget/1.11.4 Red Hat modified) From: Andrey Chervonets/Cominder/LV To: henrik at hswn.dk,=20 Cc: xymon at xymon.com Date: 31.07.2013 18:15 Subject: Re: XyMon 4.3.12 - what about HTTPS problems repoirted for=20 4.3.11 ? Yes, there may be some specific or expired certificate,=20 but workaround not working anyway, Tested, using http3 does not help for CentOS and OpenSUSE 12.3 tested with URL: https://epak.pmlp.gov.lv/NYX.Nyx002.WebSite/Default.aspx and some others. Best regards, Andrey Chervonets ---------------------- SIA CoMinder http://www.cominder.eu/ From: henrik at hswn.dk To: Andrey Chervonets ,=20 Cc: Date: 25.07.2013 13:07 Subject: Re: XyMon 4.3.12 - what about HTTPS problems repoirted for=20 4.3.11 ? Hi, all indications are that this is an OpenSSL library problem (present in=20 OpenSSL 1.x, but not in the older 0.9.x versions). Debian has this bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D702635 SuSE has this: http://lists.opensuse.org/opensuse-bugs/2013-05/msg01048.html It appears that the problem only shows up when testing sites with=20 specific SSL implementations; e.g. I've seen it when connecting to some=20 IIS versions. Apparently, a work-around is to force the use of SSLv3 instead of=20 TLSv1; you can do that by changing the URL in hosts.cfg so it has=20 "https3" instead of just "https". Regards, Henrik Den 25.07.2013 07:54, Andrey Chervonets skrev: > Good day! > > I still not received any reply for my previous messages about https > tests problems in 4.3.11 or due openssl-1.0.nnnn. > Does 4.3.12 have fixes for that? > > Or what should be the steps to find root cause and fix? > Just tell me in which direction should I go, I am not going to tale > much of Your time. > > P.S. Really, I am surprised nobody else reported similar problems. I > fill I have done something wrong. :( > --===============3775393649471935843==-- From jlaidman@rebel-it.com.au Wed Jun 24 08:22:32 2026 From: jlaidman@rebel-it.com.au To: xymon@xymon.com Subject: [Xymon] XyMon 4.3.12 - what about HTTPS problems reported for 4.3.11 ? Date: Fri, 25 Oct 2013 10:45:20 +1100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9186405348585682977==" --===============9186405348585682977== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On 23 October 2013 21:16, Andrey Chervonets wrot= e: > Problem is for some sites with valid certificates too. > I had checked to access page with wget or lynx - and it is working. > So I do not see reason why Xymon should get "Server Timeout" for the same > target. > > Here is the debug of wget. Please, advice how to diagnose/debug Xymon to > find the solution. > I am a bit confused why nobody reporting the same problem: > * nobody using new openssl libraries? > * nobody do https tests for some, may a bot non-standard SSL certificates > or web-sites? > You might just be unlucky. If half of all websites have implementations that trigger the problem, and if half of all Xymon installations have the buggy openssl library, then only 25% of people will get the problem. Given that not all Xymon users test https websites, and of those, not all of them are subscribed to The List, the odds drop off very quickly. Oh, and my first guesses of half websites and half of openssl installs used for Xymon is almost certainly very high. The proportions might be closer to 10%. So the odds are against you finding someone else on The List with the same symptoms. Try the following: ldd `which wget` | egrep "ssl|crypto" ldd ~xymon/server/bin/xymonnet | egrep "ssl|crypto" ldd `which openssl` | egrep "ssl|crypto" If the libraries used by the two tools are different, then you should not be surprised to get different behaviour. Try configuring a known good website on the Internet in your https monitoring. I'm guessing that https://www.xymon.org/ would be OK. Try to connect to the websites using openssl: openssl s_client -connect epak.pmlp.gov.lv:443 If that times out, it might show a message to indicate why. J --===============9186405348585682977==-- From a.chervonets@cominder.eu Wed Jun 24 08:22:32 2026 From: "A.Chervonets@cominder.eu" To: xymon@xymon.com Subject: [Xymon] XyMon 4.3.12 - what about HTTPS problems reported for 4.3.11 ? Date: Fri, 25 Oct 2013 11:52:42 +0300 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1802256739579249521==" --===============1802256739579249521== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit It looks like xymonnet does not use ssl ldd `which wget` | egrep "ssl|crypto" ; echo $? libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f5a5b183000) libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f5a5ade9000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f5a59ad7000) 0 ldd product/xymon/server/bin/xymonnet | egrep "ssl|crypto" ; echo $? 1 ldd product/xymon/server/bin/xymonnet linux-vdso.so.1 => (0x00007fff67ffe000) librt.so.1 => /lib64/librt.so.1 (0x00007f7a15b07000) libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f7a158db000) libc.so.6 => /lib64/libc.so.6 (0x00007f7a15547000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7a1532a000) /lib64/ld-linux-x86-64.so.2 (0x00007f7a15d18000) ldd `which openssl` | egrep "ssl|crypto" libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f8fa7ce4000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f8fa7389000) libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f8fa6fee000) As I had wrote some time ago - I am sure I had repied Yes to use SSL during xymon installation. And I had reinstalled again on other machine to double check, but with the same result. So, it looks like problem is with installation process. Here is "ssl" grepped from make log. May be this will help: [xymon at miminob xymon-4.3.11]$ grep -i ssl xymon_make.log CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" OSDEF="-DLINUX" RPATHOPT="-Wl,--rpath," PCREINCDIR="" ZLIBINCDIR="" SSLFLAGS="" SSLINCDIR="" SSLLIBS="" NETLIBS="" LIBRTDEF="-lrt" XYMONTOPDIR="/u01/app/xymon/product/xymon4.3.11" XYMONLOGDIR="/u01/app/xymon/logs/xymon4.3.11" XYMONHOSTNAME="miminob.cominder.eu" XYMONHOSTIP="==XYMON_HOST_IP_REPLACED==" XYMONHOSTOS="linux" make -C lib all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," SSLFLAGS="" SSLINCDIR="" SSLLIBS="" NETLIBS="" ZLIBLIBS="" LIBRTDEF="-lrt" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" make -C common all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," SSLFLAGS="" SSLINCDIR="" SSLLIBS="" NETLIBS="" LIBRTDEF="-lrt" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" XYMONVAR="/u01/app/xymon/product/xymon4.3.11/data" HISTGRAPHDEF="" RUNTIMEDEFS="" PCREINCDIR="" PCRELIBS="-lpcre" ZLIBINCDIR="" ZLIBLIBS="" make -C xymongen all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," SSLFLAGS="" SSLINCDIR="" SSLLIBS="" DOLDAP="" LDAPFLAGS="" LDAPINCDIR="" LDAPLIBS="" DOSNMP="no" NETLIBS="" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" ARESVER="1.7.3" FPINGVER="3.0" RUNTIMEDEFS="" PCREINCDIR="" PCRELIBS="-lpcre" SQLITELIBS="" ZLIBINCDIR="" ZLIBLIBS="" LIBRTDEF="-lrt" make -C xymonnet all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," SSLLIBS="" NETLIBS="" LIBRTDEF="-lrt" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" make -C xymonproxy all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," SSLLIBS="" NETLIBS="" LIBRTDEF="-lrt" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" make -C build all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," DORRD="yes" RRDDEF="-DRRDTOOL12" RRDINCDIR="" PCREINCDIR="" SSLFLAGS="" SSLLIBS="" NETLIBS="" RRDLIBS="-lrrd " PCRELIBS="-lpcre" SQLITELIBS="" ZLIBINCDIR="" ZLIBLIBS="" LIBRTDEF="-lrt" XYMONTOPDIR="/u01/app/xymon/product/xymon4.3.11" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" XYMONVAR="/u01/app/xymon/product/xymon4.3.11/data" XYMONLOGDIR="/u01/app/xymon/logs/xymon4.3.11" XYMONHOSTNAME="miminob.cominder.eu" XYMONHOSTIP="==XYMON_HOST_IP_REPLACED==" XYMONHOSTOS="linux" XYMONUSER="xymon" CGIDIR="/u01/app/xymon/product/xymon4.3.11/cgi-bin" SECURECGIDIR="/u01/app/xymon/product/xymon4.3.11/cgi-secure" XYMONHOSTURL="/xymon" XYMONCGIURL="/xymon-cgi" SECUREXYMONCGIURL="/xymon-seccgi" MAILPROGRAM=""mail"" RUNTIMEDEFS="" INSTALLWWWDIR="/u01/app/xymon/product/xymon4.3.11/server/www" INSTALLETCDIR="/u01/app/xymon/product/xymon4.3.11/server/etc" FPING="xymonping" make -C xymond all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," DORRD="yes" RRDDEF="-DRRDTOOL12" RRDINCDIR="" PCREINCDIR="" ZLIBINCDIR="" ZLIBLIBS="" SSLLIBS="" NETLIBS="" RRDLIBS="-lrrd " PCRELIBS="-lpcre" LIBRTDEF="-lrt" XYMONTOPDIR="/u01/app/xymon/product/xymon4.3.11" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" XYMONVAR="/u01/app/xymon/product/xymon4.3.11/data" XYMONLOGDIR="/u01/app/xymon/logs/xymon4.3.11" XYMONHOSTNAME="miminob.cominder.eu" XYMONHOSTIP="==XYMON_HOST_IP_REPLACED==" XYMONHOSTOS="linux" XYMONUSER="xymon" CGIDIR="/u01/app/xymon/product/xymon4.3.11/cgi-bin" SECURECGIDIR="/u01/app/xymon/product/xymon4.3.11/cgi-secure" XYMONHOSTURL="/xymon" XYMONCGIURL="/xymon-cgi" SECUREXYMONCGIURL="/xymon-seccgi" MAILPROGRAM=""mail"" RUNTIMEDEFS="" INSTALLWWWDIR="/u01/app/xymon/product/xymon4.3.11/server/www" INSTALLETCDIR="/u01/app/xymon/product/xymon4.3.11/server/etc" make -C web all CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" OSDEF="-DLINUX" RPATHOPT="-Wl,--rpath," PCREINCDIR="" ZLIBINCDIR="" SSLFLAGS="" SSLINCDIR="" SSLLIBS="" NETLIBS="" LIBRTDEF="-lrt" XYMONTOPDIR="/u01/app/xymon/product/xymon4.3.11" XYMONLOGDIR="/u01/app/xymon/logs/xymon4.3.11" XYMONHOSTNAME="miminob.cominder.eu" XYMONHOSTIP="==XYMON_HOST_IP_REPLACED==" XYMONHOSTOS="linux" LOCALCLIENT="" make -C lib client CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " LDFLAGS="" RPATHOPT="-Wl,--rpath," SSLFLAGS="" SSLINCDIR="" SSLLIBS="" NETLIBS="" ZLIBLIBS="" LIBRTDEF="-lrt" XYMONHOME="/u01/app/xymon/product/xymon4.3.11/server" make -C common client CC="gcc" CFLAGS="-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLINUX -I`pwd`/include " XYMONHOME="/u01/app/xymon/product/xymon4.3.11/client" XYMONHOSTIP="==XYMON_HOST_IP_REPLACED==" LOCALCLIENT="" SSLLIBS="" NETLIBS="" LIBRTDEF="-lrt" make -C client all Note: I had replaced in e-mail real server IP with ==XYMON_HOST_IP_REPLACED==. Best regards, Andrey Chervonets ---------------------- SIA CoMinder http://www.cominder.eu/ mobile: +371 26517848 From: Jeremy Laidman To: Andrey Chervonets , Cc: Henrik Størner , "xymon at xymon.com" Date: 25.10.2013 02:45 Subject: Re: [Xymon] XyMon 4.3.12 - what about HTTPS problems reported for 4.3.11 ? On 23 October 2013 21:16, Andrey Chervonets wrote: Problem is for some sites with valid certificates too. I had checked to access page with wget or lynx - and it is working. So I do not see reason why Xymon should get "Server Timeout" for the same target. Here is the debug of wget. Please, advice how to diagnose/debug Xymon to find the solution. I am a bit confused why nobody reporting the same problem: * nobody using new openssl libraries? * nobody do https tests for some, may a bot non-standard SSL certificates or web-sites? You might just be unlucky. If half of all websites have implementations that trigger the problem, and if half of all Xymon installations have the buggy openssl library, then only 25% of people will get the problem. Given that not all Xymon users test https websites, and of those, not all of them are subscribed to The List, the odds drop off very quickly. Oh, and my first guesses of half websites and half of openssl installs used for Xymon is almost certainly very high. The proportions might be closer to 10%. So the odds are against you finding someone else on The List with the same symptoms. Try the following: ldd `which wget` | egrep "ssl|crypto" ldd ~xymon/server/bin/xymonnet | egrep "ssl|crypto" ldd `which openssl` | egrep "ssl|crypto" If the libraries used by the two tools are different, then you should not be surprised to get different behaviour. Try configuring a known good website on the Internet in your https monitoring. I'm guessing that https://www.xymon.org/ would be OK. Try to connect to the websites using openssl: openssl s_client -connect epak.pmlp.gov.lv:443 If that times out, it might show a message to indicate why. J --===============1802256739579249521==-- From novosirj@ca.rutgers.edu Wed Jun 24 08:22:32 2026 From: novosirj@ca.rutgers.edu To: xymon@xymon.com Subject: [Xymon] XyMon 4.3.12 - what about HTTPS problems reported for 4.3.11 ? Date: Fri, 25 Oct 2013 05:01:52 -0400 Message-ID: <6A34302C7B62B54EB77F697809EFC81E45752EDDC6@umdexmbx02> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7451508852121048364==" --===============7451508852121048364== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable You should see info about SSL by running xymonnet --version (for example): [server/opt/xymon-4.3.12/server/bin] ./xymonnet --version xymonnet version 4.3.12 SSL library : OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969= CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-20= 06-7250 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590= CVE-2009-2409 CVE-2009-3555 CVE-2010-4180 CVE-2011-4576 CVE-2011-4619 CVE-20= 12-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2013-0166= CVE-2013-0169) LDAP library: OpenLDAP 20428 -- ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer || \\ and Health | novosirj at rutgers.edu - 973/972.0922 (2x0922) || \\ Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark `' ________________________________________ From: Xymon [xymon-bounces at xymon.com] On Behalf Of Andrey Chervonets [A.Ch= ervonets at cominder.eu] Sent: Friday, October 25, 2013 4:52 AM To: Jeremy Laidman Cc: xymon at xymon.com Subject: Re: [Xymon] XyMon 4.3.12 - what about HTTPS problems reported for = 4.3.11 ? It looks like xymonnet does not use ssl ldd `which wget` | egrep "ssl|crypto" ; echo $? libssl.so.10 =3D> /usr/lib64/libssl.so.10 (0x00007f5a5b183000) libcrypto.so.10 =3D> /usr/lib64/libcrypto.so.10 (0x00007f5a5ade9000) libk5crypto.so.3 =3D> /lib64/libk5crypto.so.3 (0x00007f5a59ad7000) 0 ldd product/xymon/server/bin/xymonnet | egrep "ssl|crypto" ; echo $? 1 ldd product/xymon/server/bin/xymonnet linux-vdso.so.1 =3D> (0x00007fff67ffe000) librt.so.1 =3D> /lib64/librt.so.1 (0x00007f7a15b07000) libpcre.so.0 =3D> /lib64/libpcre.so.0 (0x00007f7a158db000) libc.so.6 =3D> /lib64/libc.so.6 (0x00007f7a15547000) libpthread.so.0 =3D> /lib64/libpthread.so.0 (0x00007f7a1532a000) /lib64/ld-linux-x86-64.so.2 (0x00007f7a15d18000) ldd `which openssl` | egrep "ssl|crypto" libssl.so.10 =3D> /usr/lib64/libssl.so.10 (0x00007f8fa7ce4000) libk5crypto.so.3 =3D> /lib64/libk5crypto.so.3 (0x00007f8fa7389000) libcrypto.so.10 =3D> /usr/lib64/libcrypto.so.10 (0x00007f8fa6fee000) As I had wrote some time ago - I am sure I had repied Yes to use SSL during x= ymon installation. And I had reinstalled again on other machine to double check, but with the sa= me result. So, it looks like problem is with installation process. Here is "ssl" grepped from make log. May be this will help: [xymon at miminob xymon-4.3.11]$ grep -i ssl xymon_make.log CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" OSDEF=3D"-DLINUX" RPATHOPT=3D"-Wl,--rpath," PCREINCDIR=3D"" ZLIBINCDIR= =3D"" SSLFLAGS=3D"" SSLINCDIR=3D"" SSLLIBS=3D"" NETLIBS=3D"" LIBRTDEF=3D"-lrt= " XYMONTOPDIR=3D"/u01/app/xymon/product/xymon4.3.11" XYMONLOGDIR=3D"/u01/app/= xymon/logs/xymon4.3.11" XYMONHOSTNAME=3D"miminob.cominder.eu" XYMONHOSTIP=3D"= =3D=3DXYMON_HOST_IP_REPLACED=3D=3D" XYMONHOSTOS=3D"linux" make -C lib all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," SSLFLAGS=3D"" SSLINCDIR=3D"" SSLLIBS=3D"" NE= TLIBS=3D"" ZLIBLIBS=3D"" LIBRTDEF=3D"-lrt" XYMONHOME=3D"/u01/app/xymon/produ= ct/xymon4.3.11/server" make -C common all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," SSLFLAGS=3D"" SSLINCDIR=3D"" SSLLIBS=3D"" NE= TLIBS=3D"" LIBRTDEF=3D"-lrt" XYMONHOME=3D"/u01/app/xymon/product/xymon4.3.11/= server" XYMONVAR=3D"/u01/app/xymon/product/xymon4.3.11/data" HISTGRAPHDEF=3D"= " RUNTIMEDEFS=3D"" PCREINCDIR=3D"" PCRELIBS=3D"-lpcre" ZLIBINCDIR=3D"" ZLIBLI= BS=3D"" make -C xymongen all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," SSLFLAGS=3D"" SSLINCDIR=3D"" SSLLIBS=3D"" DO= LDAP=3D"" LDAPFLAGS=3D"" LDAPINCDIR=3D"" LDAPLIBS=3D"" DOSNMP=3D"no" NETLIBS= =3D"" XYMONHOME=3D"/u01/app/xymon/product/xymon4.3.11/server" ARESVER=3D"1.7.= 3" FPINGVER=3D"3.0" RUNTIMEDEFS=3D"" PCREINCDIR=3D"" PCRELIBS=3D"-lpcre" SQLI= TELIBS=3D"" ZLIBINCDIR=3D"" ZLIBLIBS=3D"" LIBRTDEF=3D"-lrt" make -C xymonnet = all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," SSLLIBS=3D"" NETLIBS=3D"" LIBRTDEF=3D"-lrt" = XYMONHOME=3D"/u01/app/xymon/product/xymon4.3.11/server" make -C xymonproxy all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," SSLLIBS=3D"" NETLIBS=3D"" LIBRTDEF=3D"-lrt" = XYMONHOME=3D"/u01/app/xymon/product/xymon4.3.11/server" make -C build all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," DORRD=3D"yes" RRDDEF=3D"-DRRDTOOL12" RRDINCD= IR=3D"" PCREINCDIR=3D"" SSLFLAGS=3D"" SSLLIBS=3D"" NETLIBS=3D"" RRDLIBS=3D"-l= rrd " PCRELIBS=3D"-lpcre" SQLITELIBS=3D"" ZLIBINCDIR=3D"" ZLIBLIBS=3D"" LIBRT= DEF=3D"-lrt" XYMONTOPDIR=3D"/u01/app/xymon/product/xymon4.3.11" XYMONHOME=3D"= /u01/app/xymon/product/xymon4.3.11/server" XYMONVAR=3D"/u01/app/xymon/product= /xymon4.3.11/data" XYMONLOGDIR=3D"/u01/app/xymon/logs/xymon4.3.11" XYMONHOSTN= AME=3D"miminob.cominder.eu" XYMONHOSTIP=3D"=3D=3DXYMON_HOST_IP_REPLACED=3D=3D= " XYMONHOSTOS=3D"linux" XYMONUSER=3D"xymon" CGIDIR=3D"/u01/app/xymon/product/= xymon4.3.11/cgi-bin" SECURECGIDIR=3D"/u01/app/xymon/product/xymon4.3.11/cgi-s= ecure" XYMONHOSTURL=3D"/xymon" XYMONCGIURL=3D"/xymon-cgi" SECUREXYMONCGIURL= =3D"/xymon-seccgi" MAILPROGRAM=3D""mail"" RUNTIMEDEFS=3D"" INSTALLWWWDIR=3D"/= u01/app/xymon/product/xymon4.3.11/server/www" INSTALLETCDIR=3D"/u01/app/xymon= /product/xymon4.3.11/server/etc" FPING=3D"xymonping" make -C xymond all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," DORRD=3D"yes" RRDDEF=3D"-DRRDTOOL12" RRDINCD= IR=3D"" PCREINCDIR=3D"" ZLIBINCDIR=3D"" ZLIBLIBS=3D"" SSLLIBS=3D"" NETLIBS=3D= "" RRDLIBS=3D"-lrrd " PCRELIBS=3D"-lpcre" LIBRTDEF=3D"-lrt" XYMONTOPDIR=3D"/u= 01/app/xymon/product/xymon4.3.11" XYMONHOME=3D"/u01/app/xymon/product/xymon4.= 3.11/server" XYMONVAR=3D"/u01/app/xymon/product/xymon4.3.11/data" XYMONLOGDIR= =3D"/u01/app/xymon/logs/xymon4.3.11" XYMONHOSTNAME=3D"miminob.cominder.eu" XY= MONHOSTIP=3D"=3D=3DXYMON_HOST_IP_REPLACED=3D=3D" XYMONHOSTOS=3D"linux" XYMONU= SER=3D"xymon" CGIDIR=3D"/u01/app/xymon/product/xymon4.3.11/cgi-bin" SECURECGI= DIR=3D"/u01/app/xymon/product/xymon4.3.11/cgi-secure" XYMONHOSTURL=3D"/xymon"= XYMONCGIURL=3D"/xymon-cgi" SECUREXYMONCGIURL=3D"/xymon-seccgi" MAILPROGRAM= =3D""mail"" RUNTIMEDEFS=3D"" INSTALLWWWDIR=3D"/u01/app/xymon/product/xymon4.3= .11/server/www" INSTALLETCDIR=3D"/u01/app/xymon/product/xymon4.3.11/server/et= c" make -C web all CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" OSDEF=3D"-DLINUX" RPATHOPT=3D"-Wl,--rpath," PCREINCDIR=3D"" ZLIBINCDIR= =3D"" SSLFLAGS=3D"" SSLINCDIR=3D"" SSLLIBS=3D"" NETLIBS=3D"" LIBRTDEF=3D"-lrt= " XYMONTOPDIR=3D"/u01/app/xymon/product/xymon4.3.11" XYMONLOGDIR=3D"/u01/app/= xymon/logs/xymon4.3.11" XYMONHOSTNAME=3D"miminob.cominder.eu" XYMONHOSTIP=3D"= =3D=3DXYMON_HOST_IP_REPLACED=3D=3D" XYMONHOSTOS=3D"linux" LOCALCLIENT=3D"" ma= ke -C lib client CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " LDFLAG= S=3D"" RPATHOPT=3D"-Wl,--rpath," SSLFLAGS=3D"" SSLINCDIR=3D"" SSLLIBS=3D"" NE= TLIBS=3D"" ZLIBLIBS=3D"" LIBRTDEF=3D"-lrt" XYMONHOME=3D"/u01/app/xymon/produ= ct/xymon4.3.11/server" make -C common client CC=3D"gcc" CFLAGS=3D"-g -O2 -Wall -Wno-unused -Wno-pointer-sign -D_REENTRANT = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=3D64 -DLINUX -I`pwd`/include " XYMONH= OME=3D"/u01/app/xymon/product/xymon4.3.11/client" XYMONHOSTIP=3D"=3D=3DXYMON_= HOST_IP_REPLACED=3D=3D" LOCALCLIENT=3D"" SSLLIBS=3D"" NETLIBS=3D"" LIBRTDEF= =3D"-lrt" make -C client all Note: I had replaced in e-mail real server IP with =3D=3DXYMON_HOST_IP_REPLAC= ED=3D=3D. Best regards, Andrey Chervonets ---------------------- SIA CoMinder http://www.cominder.eu/ mobile: +371 26517848 From: Jeremy Laidman To: Andrey Chervonets , Cc: Henrik St=C3=B8rner , "xymon at xymon.com" Date: 25.10.2013 02:45 Subject: Re: [Xymon] XyMon 4.3.12 - what about HTTPS problems reported= for 4.3.11 ? ________________________________ On 23 October 2013 21:16, Andrey Chervonets > wrote: Problem is for some sites with valid certificates too. I had checked to access page with wget or lynx - and it is working. So I do not see reason why Xymon should get "Server Timeout" for the same ta= rget. Here is the debug of wget. Please, advice how to diagnose/debug Xymon to find= the solution. I am a bit confused why nobody reporting the same problem: * nobody using new openssl libraries? * nobody do https tests for some, may a bot non-standard SSL certificates or = web-sites? You might just be unlucky. If half of all websites have implementations that= trigger the problem, and if half of all Xymon installations have the buggy o= penssl library, then only 25% of people will get the problem. Given that not= all Xymon users test https websites, and of those, not all of them are subsc= ribed to The List, the odds drop off very quickly. Oh, and my first guesses = of half websites and half of openssl installs used for Xymon is almost certai= nly very high. The proportions might be closer to 10%. So the odds are again= st you finding someone else on The List with the same symptoms. Try the following: ldd `which wget` | egrep "ssl|crypto" ldd ~xymon/server/bin/xymonnet | egrep "ssl|crypto" ldd `which openssl` | egrep "ssl|crypto" If the libraries used by the two tools are different, then you should not be = surprised to get different behaviour. Try configuring a known good website on the Internet in your https monitoring= . I'm guessing that https://www.xymon.org/ would be OK. Try to connect to the websites using openssl: openssl s_client -connect epak.pmlp.gov.lv:443 If that times out, it might show a message to indicate why. J --===============7451508852121048364==--