NRPE SSL broken in Solaris?


#1

The changes made to nrpe.c made in NRPE 2.4 appear to break SSL on Solaris, causing SSL handshake to fail:

nrpe[25972]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 2

I’m running NRPE daemon on Solaris 7 and Solaris 8 boxes with ANDIrand and/or Solaris’s /dev/urandom. I compiled NRPE 2.4 on Solaris 7 (egcs-2.91.66) and Solaris 8 (gcc 3.3.2) with OpenSSL 0.9.8a just like I did with NRPE 2.3 using:

./configure --enable-ssl --with-nrpe-group=nobody --prefix=/usr/local

My nagios host is a Linux RHEL4 AS U3 box.

===============================================

SSL worked fine with NRPE 2.3:

vulture:# uname -a
SunOS vulture 5.7 Generic_106541-17 sun4u sparc

darlene:# uname -a
SunOS darlene 5.8 Generic_108528-29 sun4u sparc SUNW,UltraAX-i2

[root@chiseler]# uname -a
Linux chiseler.swbs.gtri.gatech.edu 2.6.9-34.EL #1 Fri Feb 24 16:44:51 EST 2006 i686 i686 i386 GNU/Linux

[root@chiseler]# check_nrpe -H -c check_disksuite
OK: All metadevices are Okay

[root@chiseler ]# check_nrpe -H -c check_disksuite
OK: All metadevices are Okay

===============================================

SSL is broken with NRPE 2.4:

[root@chiseler]# check_nrpe -H -c check_disksuite
CHECK_NRPE: Error - Could not complete SSL handshake.

[root@chiseler]# check_nrpe -H -c check_disksuite
CHECK_NRPE: Error - Could not complete SSL handshake.

Yes, NRPE is starting up with TLS/SSL support:

vulture nrpe[17282]: INFO: SSL/TLS initialized. All network traffic will be encrypted.

but it gets this error:

vulture nrpe[17301]: Error: Could not complete SSL handshake. 2

Digging further, it appears that when SSL is enabled in NRPE 2.4 daemon, it immediately closes connection, not even waiting for an SSL handshake:

[root@chiseler]# check_nrpe -H -c check_disksuite
CHECK_NRPE: Error - Could not complete SSL handshake.
[root@chiseler]#telnet 5666
Trying X.X.X.X…
Connected to X.X.X.X (X.X.X.X).
Escape character is ‘^]’.
Connection closed by foreign host.

whereas NRP 2.3 daemon allows data to be sent on the connection and doesn’t close the connection until I send an invalid SSL handshake:

[root@chiseler]#telnet 5666
Trying X.X.X.X…
Connected to X.X.X.X (X.X.X.X).
Escape character is ‘^]’.
hello there nrpe daemon i am typing at you [RETURN]
Connection closed by foreign host.

You migh think this is a TCP wrappers problem. Except I don’t have TCP wrappers installed on the Solaris boxes (./configure confirms, failing to find tcpd.h and libwrap) and that wouldn’t explain why it works with 2.3.

Any ideas? Thanks.


#2

please tell me how you configure it in solaris after installation NRPE binaries mention step by step
i was facing this issues but i successfuly resolved .


#3

try using -n