[Xymon] Upgrade to 4.3.21, https tests seem to no longer work.
cleaver at terabithia.org
Tue Aug 25 21:13:14 CEST 2015
On Tue, August 25, 2015 10:53 am, Shawn Heisey wrote:
> I upgraded to 4.3.21 today, from 4.3.14. It was built using this command:
> build/makerpm.sh 4.3.21
> After working my way through recovering my configs that were pushed out
> of the way as .rpmsave files, I started it. Immediately I got http
> alarms failing.
> The most interesting one was this. I have xymon monitoring its own URL,
> which is secured with SSL:
> red Tue Aug 25 11:38:40 2015: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
> &red https://xymon.REDACTED.com/xymon/ - <!DOCTYPE HTML PUBLIC
> "-//IETF//DTD HTML 2.0//EN">
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <title>400 Bad Request</title>
> <h1>Bad Request</h1>
> <p>Your browser sent a request that this server could not understand.<br
> Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
> Instead use the HTTPS scheme to access this URL, please.<br />
> <blockquote>Hint: <a
> <address>Apache/2.2.15 (CentOS) Server at xymon.REDACTED.com Port
> It looks like what's happening is that xymon's http test has forgotten
> how to speak HTTPS. It actually looks like it has forgotten how to
> speal SSL entirely -- imaps and pop3s are showing yellow status with
> "Unexpected service response" messages.
> I am now also seeing purple alarms from sslcert, because none of the SSL
> stuff is working right.
> How can I fix this?
Hmm. Most likely, xymon wasn't built with OpenSSL included. The quickest
way to tell is to look at your "xymonnet" test (a snapshot from when
4.3.21 was running). If the OpenSSL version isn't indicated in the first
few lines, that's definitely the problem.
Do you have build logs from when this was originally run? And can you
indicate your distro and openssl-devel version?
More information about the Xymon