NRPE SSL broken in Solaris?

The changes made to nrpe.c made in NRPE 2.4 appear to break SSL on Solaris, causing SSL handshake to fail:

nrpe[25972]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 2

I’m running NRPE daemon on Solaris 7 and Solaris 8 boxes with ANDIrand and/or Solaris’s /dev/urandom. I compiled NRPE 2.4 on Solaris 7 (egcs-2.91.66) and Solaris 8 (gcc 3.3.2) with OpenSSL 0.9.8a just like I did with NRPE 2.3 using:

./configure --enable-ssl --with-nrpe-group=nobody --prefix=/usr/local

My nagios host is a Linux RHEL4 AS U3 box.

===============================================

SSL worked fine with NRPE 2.3:

vulture:# uname -a
SunOS vulture 5.7 Generic_106541-17 sun4u sparc

darlene:# uname -a
SunOS darlene 5.8 Generic_108528-29 sun4u sparc SUNW,UltraAX-i2

[root@chiseler]# uname -a
Linux chiseler.swbs.gtri.gatech.edu 2.6.9-34.EL #1 Fri Feb 24 16:44:51 EST 2006 i686 i686 i386 GNU/Linux

[root@chiseler]# check_nrpe -H -c check_disksuite
OK: All metadevices are Okay

[root@chiseler ]# check_nrpe -H -c check_disksuite
OK: All metadevices are Okay

===============================================

SSL is broken with NRPE 2.4:

[root@chiseler]# check_nrpe -H -c check_disksuite
CHECK_NRPE: Error - Could not complete SSL handshake.

[root@chiseler]# check_nrpe -H -c check_disksuite
CHECK_NRPE: Error - Could not complete SSL handshake.

Yes, NRPE is starting up with TLS/SSL support:

vulture nrpe[17282]: INFO: SSL/TLS initialized. All network traffic will be encrypted.

but it gets this error:

vulture nrpe[17301]: Error: Could not complete SSL handshake. 2

Digging further, it appears that when SSL is enabled in NRPE 2.4 daemon, it immediately closes connection, not even waiting for an SSL handshake:

[root@chiseler]# check_nrpe -H -c check_disksuite
CHECK_NRPE: Error - Could not complete SSL handshake.
[root@chiseler]#telnet 5666
Trying X.X.X.X…
Connected to X.X.X.X (X.X.X.X).
Escape character is ‘^]’.
Connection closed by foreign host.

whereas NRP 2.3 daemon allows data to be sent on the connection and doesn’t close the connection until I send an invalid SSL handshake:

[root@chiseler]#telnet 5666
Trying X.X.X.X…
Connected to X.X.X.X (X.X.X.X).
Escape character is ‘^]’.
hello there nrpe daemon i am typing at you [RETURN]
Connection closed by foreign host.

You migh think this is a TCP wrappers problem. Except I don’t have TCP wrappers installed on the Solaris boxes (./configure confirms, failing to find tcpd.h and libwrap) and that wouldn’t explain why it works with 2.3.

Any ideas? Thanks.

please tell me how you configure it in solaris after installation NRPE binaries mention step by step
i was facing this issues but i successfuly resolved .

try using -n