[Nagiosplug-help] Disable RFC4507 support issues

Holger Weiß holger at CIS.FU-Berlin.DE
Sat Jul 7 12:31:54 CEST 2012

Previous message: [Nagiosplug-help] Disable RFC4507 support issues
Next message: [Nagiosplug-help] Disable RFC4507 support issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andrew Widdersheim <awiddersheim at hotmail.com> [2012-07-06 19:19]:
>  * Disable RFC4507 support, to work around SSL negotiation issues with
>    (at least) some Tomcat versions
> 
> Saw the above as a fix in the new release which is awesome because it
> is a major pain with some systems.
>
> The problem I'm seeing is the release notes make it sound as though
> this is done by default but from what I'm seeing the only way to turn
> that fix on is by defining SSL_OP_NO_TICKET using CFLAGS unless I am
> missing something.

This is the commit that introduced the change:

https://github.com/nagios-plugins/nagios-plugins/commit/5a5d3d7013dbc0

SSL_OP_NO_TICKET is defined by OpenSSL itself, but only by versions
which actually support RFC4507 (that is, versions >= 0.9.8f).  The
"#ifdef SSL_OP_NO_TICKET" you probably stumbled over makes sure that the
plugins can be built against older OpenSSL versions.

Are you still seeing SSL negotiation problems when using the new
release?

Holger

Previous message: [Nagiosplug-help] Disable RFC4507 support issues
Next message: [Nagiosplug-help] Disable RFC4507 support issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Help mailing list