[Pkg-nagios-changes] [pkg-nrpe] 01/02: Re-enable SSL support by default. Compatibility with older versions has been fixed.
Bas Couwenberg
sebastic at debian.org
Fri Jul 7 13:05:05 UTC 2017
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch stretch
in repository pkg-nrpe.
commit 5a13300801c2880fe9c1add81751b71aecb20e4b
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Fri Jul 7 14:08:12 2017 +0200
Re-enable SSL support by default. Compatibility with older versions has been fixed.
---
debian/NEWS | 25 +++++++++++++++++++++++++
debian/changelog | 2 ++
debian/check_nrpe.cfg | 10 +++++-----
debian/nagios-nrpe-server.default | 4 +---
4 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/debian/NEWS b/debian/NEWS
index 48c57ed..2d0d584 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,28 @@
+nagios-nrpe (3.0.1-3+deb9u1) stretch; urgency=medium
+
+ The bug that caused the SSL support between NRPE 2.x and 3.x not
+ to work has been fixed.
+
+ Because the default SSL support without certificates configured
+ in nrpe.cfg uses pre-generated key data, configuring SSL
+ certificates is strongly advised when STunnel is not used.
+
+ The ssl-cert package can be used to generate a self-signed
+ certificate, but CA certificates like those from Let's Encrypt
+ are a better choice.
+
+ SSL support has been re-enabled by default, to be better compatible
+ with previous NRPE versions where SSL support was enabled by default
+ too.
+
+ The check_nrpe command definition has been updated to enable SSL
+ support (by removing the -n option) and the check_nrpe_ssl command
+ definition has been removed. The previous check_nrpe command
+ definition which disables SSL support is available with the new
+ check_nrpe_nossl command definition.
+
+ -- Bas Couwenberg <sebastic at debian.org> Fri, 07 Jul 2017 13:48:38 +0200
+
nagios-nrpe (3.0.1-1) unstable; urgency=medium
The check_nrpe command definition has been updated to remove the
diff --git a/debian/changelog b/debian/changelog
index 941f831..3432169 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ nagios-nrpe (3.0.1-3+deb9u1) UNRELEASED; urgency=medium
* Update branch in gbp.conf & Vcs-Git URL.
* Fix 11_reproducible_dh.h.patch to not leave USE_SSL_DH undefined.
Thanks to Johan Carlquist for pointing out this issue.
+ * Re-enable SSL support by default.
+ Compatibility with older versions has been fixed.
-- Bas Couwenberg <sebastic at debian.org> Thu, 06 Jul 2017 15:19:51 +0200
diff --git a/debian/check_nrpe.cfg b/debian/check_nrpe.cfg
index 3ae0622..2b71c31 100644
--- a/debian/check_nrpe.cfg
+++ b/debian/check_nrpe.cfg
@@ -1,11 +1,11 @@
-# this command runs a program $ARG1$ with no arguments and disables SSL support
+# this command runs a program $ARG1$ with no arguments and enables SSL support
define command {
command_name check_nrpe
- command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
+ command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
-# this command runs a program $ARG1$ with no arguments and enables SSL support
+# this command runs a program $ARG1$ with no arguments and disables SSL support
define command {
- command_name check_nrpe_ssl
- command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
+ command_name check_nrpe_nossl
+ command_line /usr/lib/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -n
}
diff --git a/debian/nagios-nrpe-server.default b/debian/nagios-nrpe-server.default
index 4a263d2..828ef02 100644
--- a/debian/nagios-nrpe-server.default
+++ b/debian/nagios-nrpe-server.default
@@ -5,9 +5,7 @@
# nrpe daemon.
#
# The -n option disables SSL support.
-# Don't remove this option before configuring SSL in /etc/nagios/nrpe.cfg!
-# See /usr/share/doc/nagios-nrpe-server/README.SSL.md.gz for instructions.
-NRPE_OPTS="-n"
+#NRPE_OPTS="-n"
# NICENESS is if you want to run the server at a different nice() priority.
# (only used by the init script)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nrpe.git
More information about the Pkg-nagios-changes
mailing list