check_http -S command since upgrade 2012R2.8

[Fenech]

The system running the service we are checking is Solaris 10 (without OpenSSL). Our Nagios XI instance has the most up to date OpenSSL running CentOS 6.2.

These are the only ones we are having issues with. All other secure checks work but they are all standard 443 ports.

[abrist]

So, I should try to reproduce this with solaris. What ssl package/version are you running on the solaris box?

[Fenech]

The Solaris box we are checking is running OpenSSL 0.9.7d 17 Mar 2004 (+ security patches to 2006-09-29)

I guess it is running an OpenSSL. I'll work on getting that updated and post the results. Stand by

[abrist]

Ok.

[Fenech]

Upgrading OpenSSL on the Solaris box we are checking is not an option right now. Do you know if there is a way to downgrade the OpenSSL on the CentOS that nagios runs on? If not we will have to hold off on upgrading until the Solaris box can run a compatible OpenSSL (or work on a different type of check).

[abrist]

Downgrading openssl on the XI box will most likely lead to trouble as core/nrpe are built against the newer headers. I can see 2? suggested options:

1) create an nrpe proxy. It would be a server running the version of openssl and check http that work against the solaris box. Run your checks through nrpe on this box in order to workaround the openssl limitations of the solaris servers.

2) Statically build check_http with the older openssl libraries. This can be complex and troublesome though.

[Fenech]

Thank you again for all your help!

[abrist]

No problem. Let me know if you find a good workaround or if one of my suggestions worked well. It looks like the older openssl versions are getting left behind, I would like to be sure that this issue is specific to really old versions of ssl on the remote host.