[monit-dev] [PATCH] V2 bugfix when having clientpemfile with httpd and monit status not working

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[monit-dev] [PATCH] V2 bugfix when having clientpemfile with httpd and monit status not working

Markus Linnala-3
With this config:

set httpd port 2812
      allow localhost
      SSL ENABLE
      PEMFILE /etc/certs/monit.pem
      CLIENTPEMFILE /etc/certs/monit-client.pem

I got:

# monit status
monit: cannot read status from the monit daemon

And at monit.log:

[EET Dec 28 15:01:56] error    : monit: The client did not supply a
required client certificate!
[EET Dec 28 15:01:56] error    : monit: cannot read status from the
monit daemon

I expect to get working status.

I have attached patch to fix this situation. Use clientpemfile for
status connection too it is set.

Patch adds clientpemfile to Ssl_T and then fill it when initializing
status socket. Same idea as at sendmail open_server. And then it
tries to free memory whenever we free certmd5.

Patch is lightly tested.

V1 -> V2
- handle monitor command too

--
Markus Linnala, Chief Systems Architect
Cybercom Finland
Pakkahuoneenaukio 2 A; 33100 Tampere
Mobile +358 40 5919 735
[hidden email]

www.cybercom.fi | www.cybercom.com


_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev

monit-5.3.2-maage-clientcertssl-V2.patch (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] [PATCH] V2 bugfix when having clientpemfile with httpd and monit status not working

Jan-Henrik Haukeland
Hi Markus

Thank you very much. These functions definitely needs to be patched so they will work as expected. Some refactoring must have removed this as I'm pretty sure this was supported before. Thanks again!

Best regards



On Jan 2, 2012, at 9:48 AM, Markus Linnala wrote:

> With this config:
>
> set httpd port 2812
>     allow localhost
>     SSL ENABLE
>     PEMFILE /etc/certs/monit.pem
>     CLIENTPEMFILE /etc/certs/monit-client.pem
>
> I got:
>
> # monit status
> monit: cannot read status from the monit daemon
>
> And at monit.log:
>
> [EET Dec 28 15:01:56] error    : monit: The client did not supply a required client certificate!
> [EET Dec 28 15:01:56] error    : monit: cannot read status from the monit daemon
>
> I expect to get working status.
>
> I have attached patch to fix this situation. Use clientpemfile for status connection too it is set.
>
> Patch adds clientpemfile to Ssl_T and then fill it when initializing status socket. Same idea as at sendmail open_server. And then it tries to free memory whenever we free certmd5.
>
> Patch is lightly tested.
>
> V1 -> V2
> - handle monitor command too
>
> --
> Markus Linnala, Chief Systems Architect
> Cybercom Finland
> Pakkahuoneenaukio 2 A; 33100 Tampere
> Mobile +358 40 5919 735
> [hidden email]
>
> www.cybercom.fi | www.cybercom.com
>
> <monit-5.3.2-maage-clientcertssl-V2.patch>_______________________________________________
> monit-dev mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/monit-dev


_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev