nrpe-2.2 + ssl on machines without /dev/random

Gerhard Lausser Gerhard.Lausser at consol.de
Mon Jan 23 20:16:23 CET 2006


Hi all,

i made a new patch for NRPE 2.2, which enables it to use SSL on operating
systems which have no /dev/[u]random by default or which have not been
patched accordingly. Normally a ssl-enabled nrpe will not be able to
initialize correctly on these machines and refuses handshakes with
check_nrpe clients.
This patch is for people, who are forced by company policy to use SSL, or
who do not want to use both ssl-enabled and plaintext check_nrpe binaries
depending on the monitored server's capabilities.
What i added is a fallback to an alternative way of seeding the random
number generator. You enable it by setting "allow_weak_random_seed=1" in the
nrpe.cfg file. 
If there was no randomness device available for seeding, then this directive
allows
- the seeding from a file (using RAND_file_name() and RAND_load_file()) and
if this was still not enough
- the seeding from the PRNG (using RAND_seed()) We had to apply this patch
on aix5.1 and even some hp-ux 11.11 servers.
If this looks useful for you, please download it from
http://people.consol.de/~lausser/nagios/nrpe-2.2-allow_weak_random_seed.patc
h 
or save the attachement and apply it with:
cd nrpe-2.2
patch -p1 < nrpe-2.2-allow_weak_random_seed.patch

Greetings from munich,
Gerhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nrpe-2.2-allow_weak_random_seed.patch
Type: application/octet-stream
Size: 2511 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20060123/6f6d167e/attachment.obj>


More information about the Developers mailing list