[Pkg-nagios-devel] Bug#689960: nagios-plugins-basic: Please add support for loading openssl configuration (for engines support, etc)

Max Kosmach max at tcen.ru
Tue Oct 9 10:11:38 UTC 2012 

Hi, Jan

I think that this patch is not enough.

If I try to apply only this patch to 1.4.16 - check_http doesn't load
oenssl.cnf -

With upstream patch b74543a applied to 1.4.16

strace -ff -eopen ./check_http  -H www.cryptopro.ru -P 4444 -C30,14
     open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/i386-linux-gnu/i686/cmov/libnsl.so.1", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libresolv.so.2", O_RDONLY) = 3
open("/usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0", O_RDONLY) = 3
open("/usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libpthread.so.0", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libdl.so.2", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY) = 3
open("/lib/i386-linux-gnu/libz.so.1", O_RDONLY) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
open("/etc/nsswitch.conf", O_RDONLY)    = 3
open("/etc/host.conf", O_RDONLY)        = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/i386-linux-gnu/i686/cmov/libnss_files.so.2", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/i386-linux-gnu/i686/cmov/libnss_dns.so.2", O_RDONLY) = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/ru_RU/LC_MESSAGES/libc.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/ru/LC_MESSAGES/libc.mo", O_RDONLY) = 4
open("/usr/lib/i386-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 4
open("/usr/lib/ssl/openssl.cnf", O_RDONLY|O_LARGEFILE) = 4
open("/usr/lib/i386-linux-gnu/openssl-1.0.0/engines/libgost.so",
O_RDONLY) = 4
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 4
open("/usr/share/locale/ru_RU/LC_MESSAGES/nagios-plugins.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
open("/usr/share/locale/ru/LC_MESSAGES/nagios-plugins.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/nagios-plugins.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/nagios-plugins.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
CRITICAL - Cannot make SSL connection.
3073676936:error:140820A5:SSL
routines:SSL3_CHECK_CERT_AND_ALGORITHM:missing dsa signing
cert:s3_clnt.c:3227:



But with my patch -

strace -ff -eopen /usr/local/bin/check_http  -H www.cryptopro.ru -P 4444
-C30,14
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/i386-linux-gnu/i686/cmov/libnsl.so.1", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libresolv.so.2", O_RDONLY) = 3
open("/usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0", O_RDONLY) = 3
open("/usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libpthread.so.0", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libdl.so.2", O_RDONLY) = 3
open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY) = 3
open("/lib/i386-linux-gnu/libz.so.1", O_RDONLY) = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
open("/etc/nsswitch.conf", O_RDONLY)    = 3
open("/etc/host.conf", O_RDONLY)        = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/i386-linux-gnu/i686/cmov/libnss_files.so.2", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/i386-linux-gnu/i686/cmov/libnss_dns.so.2", O_RDONLY) = 3
open("/etc/resolv.conf", O_RDONLY)      = 3

open("/usr/lib/ssl/openssl.cnf", O_RDONLY|O_LARGEFILE) = 4

open("/usr/lib/i386-linux-gnu/openssl-1.0.0/engines/libgost.so",
O_RDONLY) = 4
open("/usr/share/locale/locale.alias", O_RDONLY) = 4
open("/usr/share/locale/ru_RU/LC_MESSAGES/libc.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/ru/LC_MESSAGES/libc.mo", O_RDONLY) = 4
open("/usr/lib/i386-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 4
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 4
open("/etc/localtime", O_RDONLY)        = 4
open("/usr/share/locale/ru_RU/LC_MESSAGES/nagios-plugins.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
open("/usr/share/locale/ru/LC_MESSAGES/nagios-plugins.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/nagios-plugins.mo", O_RDONLY)
= -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/nagios-plugins.mo", O_RDONLY) =
-1 ENOENT (No such file or directory)
OK - Certificate 'Веб-сервер ООО "КРИПТО-ПРО"' will expire on 02/15/2013
15:43.





09.10.2012 12:42, Jan Wagner пишет:
> tags 689960 + fixed-upstream
> thanks
> 
> Hi Max,
> 
> thanks for your bugreport.
> 
> On 10/08/2012 02:15 PM, Max Kosmach wrote:
>> Current check_http and other ssl-enabled check doesn't support
>> loading of openssl configuration.
> 
>> Please add pacth below to enable loading default configuration. 
>> Patches based on CryptoCom patches of other ssl-enabled software
>> (http://cryptocom.ru/opensource/index.html)
> 
> this is fixed upstream with
> https://github.com/nagios-plugins/nagios-plugins/commit/b74543a and
> should be fixed at least with next upstream release. Unfortunately
> this will not get fixed within wheezy.
> 
> Cheers, Jan.
>

More information about the Pkg-nagios-devel mailing list