[CentOS] c4.4: OpenSSL Behavior: handshakes/ nrpe, snmpd, et al.

Sat Sep 16 22:50:57 UTC 2006
karl at klxsystems.net <karl at klxsystems.net>

Hello list, johnny, karanbir, rodrigo, william, all,

Looks like some changes in 4.4 with openssl behavior I thought to ask
about now that things have quieted down slightly since release.

I use openssl with my nagios nrpe plugins, and now am getting a "could not
complete SSL handshake".  I will of course post to nagios list but first
want to find out from centos side some key info re: 4.4/openssl [-if any,
maybe no change at all?] since this all worked fine in 4.3, and it
probably won't be too hard to do so in 4.4.

: )

In doing an rpm -qa | grep openssl I am actually seeing two instances of
openssl installed (Is that even possible?), when on a 4.3 box the output
shows only one:

###  box that's not doing proper SSL handshake
openssl-0.9.7a-43.11
openssl-devel-0.9.7a-43.11
xmlsec1-openssl-1.2.6-3
openssl-0.9.7a-43.11

box that's working properly:
# rpm -qa | grep ssl
openssl-0.9.7a-43.8
xmlsec1-openssl-1.2.6-3
openssl-devel-0.9.7a-43.8

Background: 4.3 box with the issue was built with a custom RPM that we
made that compiles apache with SSL. (different from the working box which
is 4.3 and had a source compile and no ssl calls), Then I installed
net-snmp, net-snmp-utils, and net-snmp-devel, (where in 4.3 all I had to
do was edit /etc/snmp/snmpd.conf) which had a dependency for openssl,
which it satisfied via yum.

Perhaps the problem lies with the custom apache rpm?

Our yum repo uses DAG.  File perms are perfectly matched to working
machine, so we know it's not that.

-any ideas

p.s.  was snmp removed since 4.3?

p.p.s.  I never had to config tcpwrappers before in 4.3, should I do so
now in 4.4?

-karlski