Page 2 of 3
Re: check_http -S command since upgrade 2012R2.8
Posted: Thu Feb 20, 2014 12:54 pm
by Fenech
Here is the verbose entry as well as another SSL check. We are working to see if it will function if we change the port on the non working command is running on from 9602 to 443. I'll let you know how it goes.
HTTP OK: HTTP/1.1 200 OK - 3843 bytes in 0.009 second response time |time=0.009187s;5.000000;10.000000;0.000000 size=3843B;;;0
[root@nagios nagios-plugins-master]# ./plugins/check_http -I 10.0.0.1 -H url.com -w 5 -c 10 -S -p 9602 -vvv
CRITICAL - Cannot make SSL connection.
[root@nagios nagios-plugins-master]# ./plugins/check_http -I 155.97.137.62 -H
http://www.kronos.utah.edu -w 5 -c 10 -S
HTTP OK: HTTP/1.1 200 OK - 3844 bytes in 0.009 second response time |time=0.009174s;5.000000;10.000000;0.000000 size=3844B;;;0
[root@nagios nagios-plugins-master]#
Re: check_http -S command since upgrade 2012R2.8
Posted: Thu Feb 20, 2014 1:21 pm
by Fenech
I updated the working environment's openSSL to match the 2012R2.9 enviroment's openSSL. That caused our checks to break. 2012R2.7 running openssl.x86_64 0:1.0.1e-16.el6_5.4 causes the check to fail. They work with openssl.x86_64 1.0.0-27.el6_4.2
Re: check_http -S command since upgrade 2012R2.8
Posted: Thu Feb 20, 2014 1:50 pm
by abrist
Is it only failing with non-standard ports, or are some 443 checks failing as well?
Re: check_http -S command since upgrade 2012R2.8
Posted: Thu Feb 20, 2014 2:07 pm
by Fenech
Non standard only. The 443 ports are continuing to function correctly.
Re: check_http -S command since upgrade 2012R2.8
Posted: Thu Feb 20, 2014 3:43 pm
by abrist
Great. Thanks for the report. I am on it.
Re: check_http -S command since upgrade 2012R2.8
Posted: Mon Feb 24, 2014 1:52 pm
by abrist
Well, now I am confused. I configured a box running https on 11443 with the exact version of openssl you are running:
Code: Select all
$ yum list installed | grep openssl
openssl.x86_64 1.0.1e-16.el6_5.4 @updates
openssl-devel.x86_64 1.0.1e-16.el6_5.4 @updates
$ nmap localhost -p 443,11443
PORT STATE SERVICE
443/tcp closed https
11443/tcp open unknown
$ ./plugins/check_http -H localhost -I 192.168.4.21 -S -p 11443 -w 50 -c 100
HTTP OK: HTTP/1.1 200 OK - 695 bytes in 0.019 second response time |time=0.019278s;50.000000;100.000000;0.000000 size=695B;;;0
$ ./plugins/check_http -H localhost -I 192.168.4.21 -S -p 443 -w 50 -c 100
Connection refused
HTTP CRITICAL - Unable to open TCP socket
So, am I missing something here? How should I go about reproducing this?
Re: check_http -S command since upgrade 2012R2.8
Posted: Mon Feb 24, 2014 5:47 pm
by abrist
What openssl version is the remote box running?
Re: check_http -S command since upgrade 2012R2.8
Posted: Tue Feb 25, 2014 12:16 pm
by Fenech
It is a Solaris 10 box. It is not running OpenSSL.
Re: check_http -S command since upgrade 2012R2.8
Posted: Tue Feb 25, 2014 3:20 pm
by sreinhardt
The system running the web server is solaris, or the server running the plugin is?
Re: check_http -S command since upgrade 2012R2.8
Posted: Tue Feb 25, 2014 3:54 pm
by abrist
Is it only solaris https checks that you are having issues with? I tested against centos yesterday, and freebsd, gentoo, and debian today. All work fine checking against the ssl port of 11443.