Comments on: Building NRPE on Solaris 10 with SSL Support http://lonesysadmin.net/2008/06/11/building-nrpe-on-solaris-10-with-ssl-support/ im in ur data centrz patchin ur serverz Thu, 20 Nov 2008 09:14:53 +0000 http://wordpress.org/?v=2.6.3 By: gordon http://lonesysadmin.net/2008/06/11/building-nrpe-on-solaris-10-with-ssl-support/#comment-75062 gordon Mon, 15 Sep 2008 10:46:29 +0000 http://lonesysadmin.net/?p=1299#comment-75062 Thanks Bob, your solution help me get following command executed correctly [root@solaris10 ~]# /usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.12 But, when I run check_nrpe from nagios server (RHEL5) to this remote solaris 10 server, it still failed. [root@rhel5 ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.78.104 CHECK_NRPE: Error - Could not complete SSL handshake. Thanks a lot for your solution, would you please have me have a look into this error! To Ton, I didn't understand what you stated, would you please give more detail or description, sorry! Thanks Bob, your solution help me get following command executed correctly

[root@solaris10 ~]# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12

But, when I run check_nrpe from nagios server (RHEL5) to this remote solaris 10 server, it still failed.

[root@rhel5 ~]# /usr/local/nagios/libexec/check_nrpe -H 192.168.78.104
CHECK_NRPE: Error - Could not complete SSL handshake.

Thanks a lot for your solution, would you please have me have a look into this error!

To Ton, I didn’t understand what you stated, would you please give more detail or description, sorry!

]]> By: Ton Voon http://lonesysadmin.net/2008/06/11/building-nrpe-on-solaris-10-with-ssl-support/#comment-74849 Ton Voon Wed, 06 Aug 2008 09:43:58 +0000 http://lonesysadmin.net/?p=1299#comment-74849 Thanks for the advice! We found we also needed to apply this patch: --- nrpe-2.12.original//src/check_nrpe.c Wed Aug 6 11:16:13 2008 +++ nrpe-2.12/src/check_nrpe.c Wed Aug 6 11:20:15 2008 @@ -149,7 +149,8 @@ /* do SSL handshake */ if(result==STATE_OK && use_ssl==TRUE){ if((ssl=SSL_new(ctx))!=NULL){ - SSL_CTX_set_cipher_list(ctx,"ADH"); + /* Altinity patch: Remove AES256 to remove dependency on SUNWcry(r) packages */ + SSL_CTX_set_cipher_list(ctx,"ADH:-ADH-AES256-SHA"); SSL_set_fd(ssl,sd); if((rc=SSL_connect(ssl))!=1){ printf("CHECK_NRPE: Error - Could not complete SSL handshake.\n"); ... to NRPE daemon so that other Nagios servers which support AES256 could still communicate over SSL to NRPE on a Solaris host. Thanks for the advice!

We found we also needed to apply this patch:

— nrpe-2.12.original//src/check_nrpe.c Wed Aug 6 11:16:13 2008
+++ nrpe-2.12/src/check_nrpe.c Wed Aug 6 11:20:15 2008
@@ -149,7 +149,8 @@
/* do SSL handshake */
if(result==STATE_OK && use_ssl==TRUE){
if((ssl=SSL_new(ctx))!=NULL){
- SSL_CTX_set_cipher_list(ctx,”ADH”);
+ /* Altinity patch: Remove AES256 to remove dependency on SUNWcry(r) packages */
+ SSL_CTX_set_cipher_list(ctx,”ADH:-ADH-AES256-SHA”);
SSL_set_fd(ssl,sd);
if((rc=SSL_connect(ssl))!=1){
printf(”CHECK_NRPE: Error - Could not complete SSL handshake.\n”);

… to NRPE daemon so that other Nagios servers which support AES256 could still communicate over SSL to NRPE on a Solaris host.

]]>