NRPE daemon problem with SSL

[Jason Kau]

I'm running NRPE daemon on Solaris 7 and Solaris 8 boxes with ANDIrand and/or Solaris's /dev/urandom.  I built NRPE 2.3/2.4 on Solaris 7 (egcs-2.91.66) and Solaris 8 (gcc 3.3.2) with OpenSSL 0.9.8a using:

./configure --enable-ssl --with-nrpe-group=nobody --prefix=/usr/local

My nagios host is a RHEL4 AS U3 x86 box.

It appears that when SSL is enabled in NRPE 2.4 daemon, it immediately closes the connection, not even waiting for an SSL handshake:

[root at chiseler]# check_nrpe -H <solaris-8-host> -c check_disksuite
CHECK_NRPE: Error - Could not complete SSL handshake.
[root at chiseler]#telnet <solaris-8-box> 5666
Trying X.X.X.X...
Connected to X.X.X.X (X.X.X.X).
Escape character is '^]'.
Connection closed by foreign host.

If I disable SSL via -n, it works:

[root at chiseler]# check_nrpe -n -H <solaris-8-host> -c check_disksuite
OK: All metadevices are Okay

[root at chiseler]#telnet <solaris-8-box> 5666
Trying X.X.X.X...
Connected to X.X.X.X (X.X.X.X).
Escape character is '^]'.
hello there nrpe daemon i am typing at you [RETURN]
Connection closed by foreign host.

The NRP 2.3 daemon with SSL enabled allows data to be sent on the connection and doesn't close the connection until I send an invalid SSL handshake:

[root at chiseler]# check_nrpe -H <solaris-8-host> -c check_disksuite
OK: All metadevices are Okay

[root at chiseler]#telnet <solaris-8-box> 5666
Trying X.X.X.X...
Connected to X.X.X.X (X.X.X.X).
Escape character is '^]'.
hello there nrpe daemon i am typing at you [RETURN]
Connection closed by foreign host.

You migh think this is a TCP wrappers problem.  Except I don't have TCP wrappers installed on the Solaris boxes (./configure confirms this, failing to find tcpd.h and libwrap) and that wouldn't explain why it works with 2.3.

Any ideas? Thanks.




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null