[Nagiosplug-devel] [ nagiosplug-Bugs-3066166 ] check_http fails to connect to some SSL servers/devices
SourceForge.net
noreply at sourceforge.net
Mon May 28 17:22:22 CEST 2012
Bugs item #3066166, was opened at 2010-09-14 12:27
Message generated for change (Settings changed) made by hweiss
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=3066166&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: rabinnh (rabinnh)
>Assigned to: Holger Weiss (hweiss)
Summary: check_http fails to connect to some SSL servers/devices
Initial Comment:
Error is "CRITICAL - Cannot make SSL connection"
This has repeatedly been reported an closed for different servers; i.e. Tomcat, Oracle AppServer, etc. I can still see the issue on some access points that I have.
I debugged through the code and the problem and solution are simple;in "ssltuils.c" in the function "int np_net_ssl_init_with_hostname", is the following line of code:
if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) {
If this call fails, the error is returned. However, on systems that fail, falling back to TLS works fine, for example:
if ((c = SSL_CTX_new (TLSv1_client_method ())) == NULL) {
sslutil.c should attempt both methods
----------------------------------------------------------------------
Comment By: Jason A. Lunn (omnipotus)
Date: 2011-04-12 09:00
Message:
Today I submitted a patch (3285367) that implements a more general solution
to this problem, by allowing check_http to take a value for the -S/--ssl
argument that allows you to specify the protocol version. Supports TLSv1,
SSLv2 and SSLv3.
----------------------------------------------------------------------
Comment By: https://www.google.com/accounts ()
Date: 2010-09-28 02:23
Message:
no, it's not fixed:
# /usr/lib/nagios/plugins/check_http -I x.x.x.x --ssl -v
CRITICAL - Cannot make SSL connection
3078097176:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
unexpected message:s23_clnt.c:674:
GET / HTTP/1.0
User-Agent: check_http/v1.4.15 (nagios-plugins 1.4.15)
Connection: close
HTTP CRITICAL - Error on receive
----------------------------------------------------------------------
Comment By: rabinnh (rabinnh)
Date: 2010-09-27 07:37
Message:
Version 1.4.15. Previous causes may have been fixed, but not the one that
I identified. I have attached the patch to sslutils.c to fallback to TLS
if SSL doesn't work.
FWIW, in other cases, I changed the command configuration to use just the
IP address instead of host headers.
-I
instead of
-H
----------------------------------------------------------------------
Comment By: Thomas Guyot-Sionnest (dermoth)
Date: 2010-09-27 05:27
Message:
Thanks for your bug report. Which version of the nagios-plugins are you
using? I believe this has been fixed in 1.4.15.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=3066166&group_id=29880
More information about the Devel
mailing list