Hi,
Den 18-12-2015 kl. 19:03 skrev Galen Johnson:
Actually, it may not be as bad as all that. openssl already supports this. Not 100% sure but I thought Xymon leveraged that for the ssl connections. I'm looking at https://www.madboa.com/geek/openssl/. The syntax is not exactly correct there but I'm currently trying to amend it. Looking at https://www.openssl.org/docs/manmaster/apps/s_client.html, the openssl s_client supports starttls for ftp (/Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", and "irc."/)
the various starttls methods in openssl are implemented in the s_client application, not as part of the openssl library. So it isn't something that can be pulled into Xymon easily.
The xymonnet program really does not allow for the multiple exchanges of commands/responses that are required for supporting starttls-mechanisms (in ftp, it is actually an "AUTH TLS" command that xymonnet must send after seeing the server banner). Xymonnet really only supports sending one command and the listening for a simple reponse.
You can do it with the new net-code which is in the Xymon source-tree right now. The protocols2.cfg stanza would look like this:
[ftps] port 21 expect:220 send:AUTH TLS\r\n expect:234 starttls send:PBSZ 0\r\n expect:200 send:PROT P\r\n expect:200 close
Regards, Henrik