check_nrpe fails, SSL handshake error

[Steve Feehan]

On Mon, Dec 22, 2003 at 02:33:11PM -0600, Michael Tucker wrote:
> More info on this:
> 
> I recompiled nrpe with --disable-ssl (on both the monitoring server and 
> the host to monitor), and it works fine now. So, it's clearly a problem 
> with enabling SSL and nrpe.
> 
> The error message I was seeing ("CHECK_NRPE: Error - Could not compelte 
> SSL Handshake.") is being generated by check_nrpe. It's in the file 
> check_nrpe.c, where it attempts to "do SSL handshake" and fails.
> 
> I am baffled as to why this is failing, or what I need to do to make it 
> work. Supposedly, nrpe is using the "anonymous DH" (ADH) protocol, 
> which operates sans certificates; so I would *think* that I don't need 
> to do anything with openssl (e.g. create a CA, or server or client 
> certificates, or anything like that). So, I'm pretty sure it's a 
> problem with how nrpe is implementing SSL, rather than a problem with 
> OpenSSL. But, at this point I'm stumped.
> 
> Any help with this would be greatly appreciated.
> 
> Yours,
> Michael

Could you remind me what OS you're working with? If you
haven't, I would strongly urge you to check that the PRNG 
is being seeded. This was a problem for me on IRIX 6.5.19 
and Tru64 5.1a. The solution with IRIX was to either upgrade 
to 6.5.22 or make a small hack to openssl.  The solution for 
Tru64 was to install and tell openssl to use an external 
prng source (such as egads or prngd).
                                                                                
Steve

> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when 
> reporting any issue. ::: Messages without supporting info will risk being 
> sent to /dev/null

-- 
Steve Feehan


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null