[Xymon] SSL Certs on servers with multiple virtualhosts
John D. Alexander
JAlexander at feeneywireless.com
Thu Aug 8 00:08:26 CEST 2013
We checked on the expiration dates that the patched Xymon was reporting and they were January 1, 1970 plus the number of days from present to the expiration date of the certificate.
Output from xymonnet is:
xymonnet version 4.3.12
SSL library : OpenSSL 1.0.0 29 Mar 2010
LDAP library: OpenLDAP 20423
John Alexander
----------------
Xymon uses the OpenSSL library routines to handle the SSL details, so I would be rather surprised if some kind of bogus certificate data got through all the way to the Xymon code - the openssl library is supposed to discard such invalid data and report an error.
More likely it is some kind of integer overflow. 15500 days before now is suspiciously close to Jan 1st 1970 (start of Unix epoch).
But it surprises me a bit, since I setup a test site here with two vhosts and different certificates, and the new code worked fine here - got the right certificate for each of the two hosts.
What version of OpenSSL are you running on the server where Xymon is compiled ? You can check by running "xymonnet --version".
I'll probably send you (directly, not via the list) a test-version of Xymon that logs some more debugging data for this - sometime later this week.
Regards,
Henrik
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list