<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 23 October 2013 21:16, Andrey Chervonets <span dir="ltr"><<a href="mailto:A.Chervonets@cominder.eu" target="_blank">A.Chervonets@cominder.eu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="sans-serif">Problem is for some sites with valid certificates
too.</font>
<br><font face="sans-serif">I had checked to access page with wget
or lynx - and it is working.</font>
<br><font face="sans-serif">So I do not see reason why Xymon should
get "Server Timeout" for the same target.</font>
<br>
<br><font face="sans-serif">Here is the debug of wget. Please, advice
how to diagnose/debug Xymon to find the solution.</font>
<br><font face="sans-serif">I am a bit confused why nobody reporting
the same problem:</font>
<br><font face="sans-serif">* nobody using new openssl libraries?</font>
<br><font face="sans-serif">* nobody do https tests for some, may
a bot non-standard SSL certificates or web-sites?</font>
<br></blockquote><div><br></div><div>You might just be unlucky. If half of all websites have implementations that trigger the problem, and if half of all Xymon installations have the buggy openssl library, then only 25% of people will get the problem. Given that not all Xymon users test https websites, and of those, not all of them are subscribed to The List, the odds drop off very quickly. Oh, and my first guesses of half websites and half of openssl installs used for Xymon is almost certainly very high. The proportions might be closer to 10%. So the odds are against you finding someone else on The List with the same symptoms.</div>
<div><br></div><div>Try the following:</div><div><br></div><div><font face="courier new, monospace">ldd `which wget` | egrep "ssl|crypto"</font></div><div><font face="courier new, monospace">ldd ~xymon/server/bin/xymonnet | egrep "ssl|crypto"</font></div>
<div><div><font face="courier new, monospace">ldd `which openssl` | egrep "ssl|crypto"</font></div></div><div><br></div><div>If the libraries used by the two tools are different, then you should not be surprised to get different behaviour.</div>
<div><br></div><div>Try configuring a known good website on the Internet in your https monitoring. I'm guessing that <a href="https://www.xymon.org/">https://www.xymon.org/</a> would be OK.</div><div><br></div><div>
Try to connect to the websites using openssl:</div>
<div><br></div><div><font face="courier new, monospace">openssl s_client -connect <a href="http://epak.pmlp.gov.lv:443">epak.pmlp.gov.lv:443</a></font></div><div><br></div><div>If that times out, it might show a message to indicate why.</div>
<div><br></div><div>J</div><div><br></div></div></div></div>