[Xymon] SSL Certs on servers with multiple virtualhosts

Henrik Størner henrik at hswn.dk
Wed Aug 7 23:23:15 CEST 2013


On 07-08-2013 19:56, John D. Alexander wrote:

> The website is private.  I've already rolled back the code but I can
> reapply the patch and take screen shots if need be.
>
> Judging from the fact that Xymon was saying that the certificates
> expired about 42 years ago, a couple of the programmers here indicate
> that it's not picking up data from the certificate properly and
> interpreting that as the epoch and counting forward from there for
> expiration date.

Xymon uses the OpenSSL library routines to handle the SSL details, so I 
would be rather surprised if some kind of bogus certificate data got 
through all the way to the Xymon code - the openssl library is supposed 
to discard such invalid data and report an error.

More likely it is some kind of integer overflow. 15500 days before now 
is suspiciously close to Jan 1st 1970 (start of Unix epoch).

But it surprises me a bit, since I setup a test site here with two 
vhosts and different certificates, and the new code worked fine here - 
got the right certificate for each of the two hosts.

What version of OpenSSL are you running on the server where Xymon is 
compiled ? You can check by running "xymonnet --version".

I'll probably send you (directly, not via the list) a test-version of 
Xymon that logs some more debugging data for this - sometime later this 
week.


Regards,
Henrik




More information about the Xymon mailing list