[Xymon] XyMon 4.3.12 - what about HTTPS problems repoirted for 4.3.11 ?

henrik at hswn.dk henrik at hswn.dk
Thu Jul 25 12:07:34 CEST 2013 

Hi,

all indications are that this is an OpenSSL library problem (present in 
OpenSSL 1.x, but not in the older 0.9.x versions).

Debian has this bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702635

SuSE has this:
http://lists.opensuse.org/opensuse-bugs/2013-05/msg01048.html

It appears that the problem only shows up when testing sites with 
specific SSL implementations; e.g. I've seen it when connecting to some 
IIS versions.

Apparently, a work-around is to force the use of SSLv3 instead of 
TLSv1; you can do that by changing the URL in hosts.cfg so it has 
"https3" instead of just "https".

Regards,
Henrik


Den 25.07.2013 07:54, Andrey Chervonets skrev:
> Good day!
>
> I still not received any reply for my previous messages about https
> tests problems in 4.3.11 or due openssl-1.0.nnnn.
> Does 4.3.12 have fixes for that?
>
> Or what should be the steps to find root cause and fix?
> Just tell me in which direction should I go, I am not going to tale
> much of Your time.
>
> P.S. Really, I am surprised nobody else reported similar problems. I
> fill I have done something wrong. :(
>
> Best regards,
>
> Andrey Chervonets
>  ----------------------
>  SIA CoMinder
>  http://www.cominder.eu/
>
> From: Andrey Chervonets/Cominder/LV
> To: henrik at hswn.dk,
> Date: 19.06.2013 09:41
> Subject: Re: Fw: [Xymon] HTTPS problems in 4.3.11
>
> -------------------------
>
> Good day, Henrik!
>
> Do You have any idea why we have such problems and how it can be
> fixed?
> I can send "make" and "make install" logs if this can help.
>
>  Best regards,
>
> Andrey Chervonets
>  ----------------------
>  SIA CoMinder
>  http://www.cominder.eu/
>  mobile: +371 26517848
>
> From: Andrey Chervonets/Cominder/LV
> To: henrik at hswn.dk,
> Date: 13.06.2013 09:04
> Subject: Fw: [Xymon] HTTPS problems in 4.3.11
>
> -------------------------
>
> just for information:
>
> XyMon 4.3.4 where everything is OK:
> -bash-3.2$ ./xymonnet --version
> xymonnet version 4.3.4
> SSL library : OpenSSL 0.9.8e-rhel5 01 Jul 2008
> LDAP library: OpenLDAP 20343
>
> -bash-3.2$ rpm -q openssl openssl-devel
> openssl-0.9.8e-12.el5_5.7
> openssl-0.9.8e-12.el5_5.7
> openssl-devel-0.9.8e-12.el5_5.7
> openssl-devel-0.9.8e-12.el5_5.7
> -bash-3.2$ cat /etc/issue
> CentOS release 5.6 (Final)
> -------------
>
> Hosts where NOK:
>
> XyMon 4.3.11 on SuSE:
> # rpm -q openssl libopenssl-devel
> openssl-1.0.1e-1.1.1.i586
> libopenssl-devel-1.0.1e-1.1.1.i586
>
> # cat /etc/issue
> Welcome to openSUSE 12.3 "Dartmouth"
>
> ----------
> XyMonx 4.3.11 on CentOS:
> $ rpm -q openssl openssl-devel
> openssl-1.0.0-27.el6_4.2.x86_64
> openssl-devel-1.0.0-27.el6_4.2.x86_64
>
> $ cat /etc/issue
> CentOS release 6.4 (Final)
>
> ----- Forwarded by Andrey Chervonets/Cominder/LV on 13.06.2013 09:01
> -----
>
> From: Andrey Chervonets/Cominder/LV
> To: xymon at xymon.com,
> Date: 13.06.2013 08:45
> Subject: Re: [Xymon] HTTPS problems in 4.3.11
>
> -------------------------
>
>> ------------------------------
>  >
>  > Message: 13
>  > Date: Wed, 12 Jun 2013 08:00:28 +0200
>  > From: Henrik St?rner <henrik at hswn.dk>
>  > To: xymon at xymon.com
>  > Subject: Re: [Xymon] HTTPS problems in 4.3.11
>  > Message-ID: <51B80E7C.7030106 at hswn.dk>
>  > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>  >
>  > Den 12-06-2013 07:19, Andrey Chervonets skrev:
>  > > I had found 2 problems that are reproducable only on 4.3.11 
> XyMon
>  > > server (CentOS release 6.4 (Final)),
>  > > on 4.3.4 (CentOS release 5.6 (Final)) works fine.
>  > >
>  > > Problem 1) Some https resources reported with red (http) and
> white
>  > > (content), while really it can be accessed
>  >
>  > Going from CentOS 5->6 also means upgrading the OpenSSL libraries
> to
>  > version 1.0 (from 0.9.8e). I assume you compiled 4.3.11 on the new
> server ?
>  >
>  > Check that SSL support is enabled in xymon: Run "xymonnet
> --version" and
>  > check that there is a line with "SSL library: OpenSSL...."
>  xymonnet --version just returns
> xymonnet version 4.3.11
>
> RPMs are OK
> $ rpm -q openssl openssl-devel
> openssl-1.0.0-27.el6_4.2.x86_64
> openssl-devel-1.0.0-27.el6_4.2.x86_64
>
> But I am was sure I had replied Y for SSL tests during installation.
> To be double sure - I had renamed Makefile and run ./configure again
> today
> it was like:
> ..
> Checking for OpenSSL ...
> Compiling with SSL library works OK
> Linking with SSL library works OK
> Checking if your SSL library has SSLv2 enabled
> Will support SSLv2 when testing SSL-enabled network services
>
> Xymon can use the OpenSSL library to test SSL-enabled services
> like https-encrypted websites, POP3S, IMAPS, NNTPS and TELNETS.
> If you have the OpenSSL library installed, I recommend that you 
> enable
> this.
>
> Do you want to be able to test SSL-enabled services (y) ?
> Y
> ...
>
> And resulting Makefile is the same as old. diff Makefile Makefile.old
> returns nothing.
> part of Makefile for SSL:
> #
> # OpenSSL settings
> #
> # OpenLDAP settings
> LDAPFLAGS =
> #
> But... 4.3.4 has the same on machine where SSL is working
> and ./xymonnet --version returns:
> xymonnet version 4.3.4
> SSL library : OpenSSL 0.9.8e-rhel5 01 Jul 2008
> LDAP library: OpenLDAP 20343
>
> I had checked on another one machine I had installed XyMon 4.3.11
> recently - OpenSUSE 12.3
> xymonnet --version returns the same output: xymonnet version 4.3.11
> and nothing more.
>
> Any ideas where could be the problem?
>
> Best regards,
>
> Andrey Chervonets
>  ----------------------
>  SIA CoMinder
>  http://www.cominder.eu/

More information about the Xymon mailing list