[Xymon] Missing support for HTTP/2 ?

Jeremy Laidman jeremy at laidman.org
Wed Nov 8 23:26:20 CET 2023 

On Wed, 8 Nov 2023 at 23:14, Ingeborg Hellemo via Xymon <xymon at xymon.com>
wrote:

>
> ~/server/bin/xymonnet --debug --no-update <servername>
>
> 35422 2023-11-08 13:06:06.168385 1 status messages merged into 1
> transmissions
> Address=[IP]:443, open=1, res=0, err=5, connecttime=0.000303,
> totaltime=0.002631,
> httpstatus = -5, open=1, errcode=5, parsestatus=0
> Response:
> (no headers)
> URL                      : https://<servername>/
> HTTP status              : -5
>

I'm surprised there isn't some kind of error message being displayed. err=5
is "CONTEST_ESSL" meaning something went wrong in the SSL comms, or setup.
In most cases where the error code is set to CONTEST_ESSL, there's an
"errprintf()" that describes the error. I'd have thought "--debug" would
show these on STDERR.

The missing error message is likely going to help narrow down the problem.
These are all of the error messages in contest.c where err is set to
CONTEST_ESSL:

errprintf("SSL test, but xymonnet was built without SSL support\n");
errprintf("Failed to find enough entropy on your system");
errprintf("Cannot create SSL context - IP %s, service %s: %s\n",
                                  inet_ntoa(item->addr.sin_addr),
item->svcinfo->svcname, sslerrmsg);
errprintf("Cannot load SSL client certificate/key %s: %s\n",
                                  item->ssloptions->clientcert, sslerrmsg);
errprintf("SSL_new failed - IP %s, service %s: %s\n",
                                  inet_ntoa(item->addr.sin_addr),
item->svcinfo->svcname, sslerrmsg);
errprintf("Private/public key mismatch for certificate %s\n",
item->ssloptions->clientcert);
errprintf("Could not initiate SSL on connection - IP %s, service %s: %s\n",
                                  inet_ntoa(item->addr.sin_addr),
item->svcinfo->svcname, sslerrmsg);
errprintf("IO error in SSL_connect to %s on host %s: %s\n",
                                  portinfo, inet_ntoa(item->addr.sin_addr),
sslerrmsg);
errprintf("Unspecified SSL error in SSL_connect to %s on host %s: %s\n",
                                  portinfo, inet_ntoa(item->addr.sin_addr),
sslerrmsg);
errprintf("Unknown error %d in SSL_connect to %s on host %s: %s\n",
                                  err, portinfo,
inet_ntoa(item->addr.sin_addr), sslerrmsg);
errprintf("Cannot get peer certificate for %s on host %s\n",
                          portinfo, inet_ntoa(item->addr.sin_addr));

Perhaps these can give you some clues about what might be going wrong.

I also suggest taking a look at the webserver logs for any errors, warnings
or notice messages associated with the xymonnet connection.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20231109/635ee95b/attachment.htm>

More information about the Xymon mailing list