Patch for xymonnet: Fails to detect closed ports on SSL-enabled services
Hi,
I ran into a weird issue this morning.
When testing an SSL-enabled service (amqps), the status showed up as green even though there was no service listening on the port.
It may be related to the fairly old OpenSSL version installed (0.9.8j + SUSE patches), because I have never seen it before - and it sounds like the kind of bug that ought to pop up fairly quickly.
Debug shows: 38969 2015-12-11 12:02:01.466947 TCP tests completed normally Address=10.0.0.1:5671, open=1, res=0, err=5, connecttime=0.001542, totaltime=0.001542, 38969 2015-12-11 12:02:01.467163 Sending results for service amqps 38969 2015-12-11 12:02:01.467205 Adding to combo msg: status+30 foo,example,com.amqps green <!-- [flags:OrdastLe] --> Fri Dec 11 12:02:01 2015 amqps ok
The "open=1" is what triggers the green status, but it doesn't match the "err=5" which means the openssl-functions returned an error.
This patch should fix it - against 4.3.24.
Regards, Henrik
On Fri, December 11, 2015 3:05 am, Henrik Størner wrote:
Hi,
I ran into a weird issue this morning.
When testing an SSL-enabled service (amqps), the status showed up as green even though there was no service listening on the port.
It may be related to the fairly old OpenSSL version installed (0.9.8j + SUSE patches), because I have never seen it before - and it sounds like the kind of bug that ought to pop up fairly quickly.
Debug shows: 38969 2015-12-11 12:02:01.466947 TCP tests completed normally Address=10.0.0.1:5671, open=1, res=0, err=5, connecttime=0.001542, totaltime=0.001542, 38969 2015-12-11 12:02:01.467163 Sending results for service amqps 38969 2015-12-11 12:02:01.467205 Adding to combo msg: status+30 foo,example,com.amqps green <!-- [flags:OrdastLe] --> Fri Dec 11 12:02:01 2015 amqps ok
The "open=1" is what triggers the green status, but it doesn't match the "err=5" which means the openssl-functions returned an error.
This patch should fix it - against 4.3.24.
This is an odd one. It really does seem like this should have been run into somehow before...
How would you feel about expanding the parsing in xymonnet.c:decide_color() to catch for errors even on an open port? Something like the attached (untested)...
-jc
participants (2)
-
cleaver@terabithia.org
-
henrik@hswn.dk