On 23 October 2013 21:16, Andrey Chervonets <A.Chervonets at cominder.eu>wrote:
Problem is for some sites with valid certificates too. I had checked to access page with wget or lynx - and it is working. So I do not see reason why Xymon should get "Server Timeout" for the same target.
Here is the debug of wget. Please, advice how to diagnose/debug Xymon to find the solution. I am a bit confused why nobody reporting the same problem:
- nobody using new openssl libraries?
- nobody do https tests for some, may a bot non-standard SSL certificates or web-sites?
You might just be unlucky. If half of all websites have implementations that trigger the problem, and if half of all Xymon installations have the buggy openssl library, then only 25% of people will get the problem. Given that not all Xymon users test https websites, and of those, not all of them are subscribed to The List, the odds drop off very quickly. Oh, and my first guesses of half websites and half of openssl installs used for Xymon is almost certainly very high. The proportions might be closer to 10%. So the odds are against you finding someone else on The List with the same symptoms.
Try the following:
ldd which wget | egrep "ssl|crypto"
ldd ~xymon/server/bin/xymonnet | egrep "ssl|crypto"
ldd which openssl | egrep "ssl|crypto"
If the libraries used by the two tools are different, then you should not be surprised to get different behaviour.
Try configuring a known good website on the Internet in your https monitoring. I'm guessing that https://www.xymon.org/ would be OK.
Try to connect to the websites using openssl:
openssl s_client -connect epak.pmlp.gov.lv:443
If that times out, it might show a message to indicate why.
J