I’ve been banging my head against this for the past week. I’m trying to build nrpe with SSL support on a Solaris 10 x86 box. I followed all the guides and patches (remove invalid ciphers and log facilities, confirm everything is permissioned correctly, etc. I’m able to build it with no errors, but when I run the check from my main Nagios host (running RHEL 5.3), I get no SSL:
[root@[HOST] service]# /usr/lib/nagios/plugins/check_nrpe -H [IP] -c check_swap
CHECK_NRPE: Error - Could not complete SSL handshake.
So I try running it locally:
-bash-3.00# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_swap
SWAP OK - 97% free (136015 MB out of 139673 MB)
(If you’re wondering how I got check_swap running on Solaris 10 x86, I hacked together a simple perl script to do it)
So, I know that it is linking against an SSL library. The problem is which one it’s linking against:
-bash-3.00# ldd /usr/local/nagios/libexec/check_nrpe
libssl.so.0.9.7 => /usr/sfw/lib/libssl.so.0.9.7
libcrypto.so.0.9.7 => /usr/sfw/lib/libcrypto.so.0.9.7
libnsl.so.1 => /lib/libnsl.so.1
libsocket.so.1 => /lib/libsocket.so.1
libc.so.1 => /lib/libc.so.1
libmp.so.2 => /lib/libmp.so.2
libmd5.so.1 => /lib/libmd5.so.1
libscf.so.1 => /lib/libscf.so.1
libdoor.so.1 => /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libgen.so.1 => /lib/libgen.so.1
libm.so.2 => /lib/libm.so.2
Wait… /usr/sfw/lib? That’s not what I compiled against:
./configure --with-ssl-inc=/opt/openssl/include --with-ssl-lib=/opt/openssl/lib --without-mysql --with-ssl=/opt/openssl
Okay, let’s check the linker itself:
-bash-3.00# crle
Configuration file [version 4]: /var/ld/ld.config
Default Library Path (ELF): /lib:/usr/lib:/opt/openssl/lib:/usr/sfw/lib:/usr/local/lib
Trusted Directories (ELF): /lib/secure:/usr/lib/secure (system default)
Command line:
crle -c /var/ld/ld.config -l /lib:/usr/lib:/opt/openssl/lib:/usr/sfw/lib:/usr/local/lib
My src/Makefile includes specific instructions for where it should look for the SSL libs:
-bash-3.00# cat src/Makefile
###############################
Makefile for NRPE
Last Modified: 08-13-2007
###############################
Source code directories
SRC_INCLUDE=…/include
CC=gcc
CFLAGS=-g -O2 -I/opt/openssl/include -I/opt/openssl/include/openssl -DHAVE_CONFIG_H
LDFLAGS= -L/opt/openssl/lib -lssl -lcrypto
LD_OPTIONS= -R/opt/openssl -L/opt/openssl/lib
How do I get it to link against the SSL version I specifically compiled for it?