On 06-08-2013 22:26, John D. Alexander wrote:
Given that s_client is rudimentary and actually pretty old, it might be a thing to do the tests using curl instead of openssl. Curl reports the proper certificates.
Wonder how much work it would be to use curl instead of openssl. Does anyone know what drives the http tests? I'm not a programming guy, but know folks who are.
Xymon uses OpenSSL, but only the library - not the s_client tool (or any other external tool).
Supporting SNI in the Xymon tests should be a fairly simple change, though. The attached changed to Xymon 4.3.12 should do it - I would appreciate it if you could try it out, since I don't have the necessary test setup to really test it. Just save the attached file, then go to your xymon-4.3.12 directory and run cat /tmp/xymon-snisupport.patch | patch -p0 then run "make" and "make install" again.
BTW, s_client does support SNI - you just need to specify the name with the "-servername NAME" option.
Regards, Henrik