[Xymon] SSL Certs on servers with multiple virtualhosts
Henrik Størner
henrik at hswn.dk
Wed Aug 7 23:23:15 CEST 2013
On 07-08-2013 19:56, John D. Alexander wrote:
> The website is private. I've already rolled back the code but I can
> reapply the patch and take screen shots if need be.
>
> Judging from the fact that Xymon was saying that the certificates
> expired about 42 years ago, a couple of the programmers here indicate
> that it's not picking up data from the certificate properly and
> interpreting that as the epoch and counting forward from there for
> expiration date.
Xymon uses the OpenSSL library routines to handle the SSL details, so I
would be rather surprised if some kind of bogus certificate data got
through all the way to the Xymon code - the openssl library is supposed
to discard such invalid data and report an error.
More likely it is some kind of integer overflow. 15500 days before now
is suspiciously close to Jan 1st 1970 (start of Unix epoch).
But it surprises me a bit, since I setup a test site here with two
vhosts and different certificates, and the new code worked fine here -
got the right certificate for each of the two hosts.
What version of OpenSSL are you running on the server where Xymon is
compiled ? You can check by running "xymonnet --version".
I'll probably send you (directly, not via the list) a test-version of
Xymon that logs some more debugging data for this - sometime later this
week.
Regards,
Henrik
More information about the Xymon
mailing list