Hi,
all indications are that this is an OpenSSL library problem (present in OpenSSL 1.x, but not in the older 0.9.x versions).
Debian has this bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702635
SuSE has this: http://lists.opensuse.org/opensuse-bugs/2013-05/msg01048.html
It appears that the problem only shows up when testing sites with specific SSL implementations; e.g. I've seen it when connecting to some IIS versions.
Apparently, a work-around is to force the use of SSLv3 instead of TLSv1; you can do that by changing the URL in hosts.cfg so it has "https3" instead of just "https".
Regards, Henrik
Den 25.07.2013 07:54, Andrey Chervonets skrev:
Good day!
I still not received any reply for my previous messages about https tests problems in 4.3.11 or due openssl-1.0.nnnn. Does 4.3.12 have fixes for that?
Or what should be the steps to find root cause and fix? Just tell me in which direction should I go, I am not going to tale much of Your time.
P.S. Really, I am surprised nobody else reported similar problems. I fill I have done something wrong. :(
Best regards,
Andrey Chervonets
SIA CoMinder http://www.cominder.eu/
From: Andrey Chervonets/Cominder/LV To: henrik at hswn.dk, Date: 19.06.2013 09:41 Subject: Re: Fw: [Xymon] HTTPS problems in 4.3.11
Good day, Henrik!
Do You have any idea why we have such problems and how it can be fixed? I can send "make" and "make install" logs if this can help.
Best regards,
Andrey Chervonets
SIA CoMinder http://www.cominder.eu/ mobile: +371 26517848
From: Andrey Chervonets/Cominder/LV To: henrik at hswn.dk, Date: 13.06.2013 09:04 Subject: Fw: [Xymon] HTTPS problems in 4.3.11
just for information:
XyMon 4.3.4 where everything is OK: -bash-3.2$ ./xymonnet --version xymonnet version 4.3.4 SSL library : OpenSSL 0.9.8e-rhel5 01 Jul 2008 LDAP library: OpenLDAP 20343
-bash-3.2$ rpm -q openssl openssl-devel openssl-0.9.8e-12.el5_5.7 openssl-0.9.8e-12.el5_5.7 openssl-devel-0.9.8e-12.el5_5.7 openssl-devel-0.9.8e-12.el5_5.7 -bash-3.2$ cat /etc/issue CentOS release 5.6 (Final)
Hosts where NOK:
XyMon 4.3.11 on SuSE:
rpm -q openssl libopenssl-devel
openssl-1.0.1e-1.1.1.i586 libopenssl-devel-1.0.1e-1.1.1.i586
cat /etc/issue
Welcome to openSUSE 12.3 "Dartmouth"
XyMonx 4.3.11 on CentOS: $ rpm -q openssl openssl-devel openssl-1.0.0-27.el6_4.2.x86_64 openssl-devel-1.0.0-27.el6_4.2.x86_64
$ cat /etc/issue CentOS release 6.4 (Final)
----- Forwarded by Andrey Chervonets/Cominder/LV on 13.06.2013 09:01
From: Andrey Chervonets/Cominder/LV To: xymon at xymon.com, Date: 13.06.2013 08:45 Subject: Re: [Xymon] HTTPS problems in 4.3.11
Message: 13 Date: Wed, 12 Jun 2013 08:00:28 +0200 From: Henrik St?rner <henrik at hswn.dk> To: xymon at xymon.com Subject: Re: [Xymon] HTTPS problems in 4.3.11 Message-ID: <51B80E7C.7030106 at hswn.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Den 12-06-2013 07:19, Andrey Chervonets skrev:
I had found 2 problems that are reproducable only on 4.3.11 XyMon server (CentOS release 6.4 (Final)), on 4.3.4 (CentOS release 5.6 (Final)) works fine.
Problem 1) Some https resources reported with red (http) and white (content), while really it can be accessed
Going from CentOS 5->6 also means upgrading the OpenSSL libraries to version 1.0 (from 0.9.8e). I assume you compiled 4.3.11 on the new server ?
Check that SSL support is enabled in xymon: Run "xymonnet --version" and check that there is a line with "SSL library: OpenSSL...." xymonnet --version just returns xymonnet version 4.3.11
RPMs are OK $ rpm -q openssl openssl-devel openssl-1.0.0-27.el6_4.2.x86_64 openssl-devel-1.0.0-27.el6_4.2.x86_64
But I am was sure I had replied Y for SSL tests during installation. To be double sure - I had renamed Makefile and run ./configure again today it was like: .. Checking for OpenSSL ... Compiling with SSL library works OK Linking with SSL library works OK Checking if your SSL library has SSLv2 enabled Will support SSLv2 when testing SSL-enabled network services
Xymon can use the OpenSSL library to test SSL-enabled services like https-encrypted websites, POP3S, IMAPS, NNTPS and TELNETS. If you have the OpenSSL library installed, I recommend that you enable this.
Do you want to be able to test SSL-enabled services (y) ? Y ...
And resulting Makefile is the same as old. diff Makefile Makefile.old returns nothing. part of Makefile for SSL:
OpenSSL settings
OpenLDAP settings
LDAPFLAGS =
But... 4.3.4 has the same on machine where SSL is working and ./xymonnet --version returns: xymonnet version 4.3.4 SSL library : OpenSSL 0.9.8e-rhel5 01 Jul 2008 LDAP library: OpenLDAP 20343
I had checked on another one machine I had installed XyMon 4.3.11 recently - OpenSUSE 12.3 xymonnet --version returns the same output: xymonnet version 4.3.11 and nothing more.
Any ideas where could be the problem?
Best regards,
Andrey Chervonets
SIA CoMinder http://www.cominder.eu/