New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New feature request : nrdp client do not support SSL/TLS #286

Closed
guillaumechardin opened this Issue Apr 13, 2016 · 9 comments

Comments

Projects
None yet
3 participants
@guillaumechardin

guillaumechardin commented Apr 13, 2016

Hello,
nsclient v0.4.4.23 do not support SSL, so monitoring info ca be sent in clear text.

I look briefly in /include/http/client.hpp and it seems that the execute method do not handle certificate.

Can it be added on next releases ?

thanks

@mickem

This comment has been minimized.

Show comment
Hide comment
@mickem

mickem Apr 13, 2016

Owner

For sure... Am working on it at the moment so hopefully in a week or so...

Owner

mickem commented Apr 13, 2016

For sure... Am working on it at the moment so hopefully in a week or so...

@guillaumechardin

This comment has been minimized.

Show comment
Hide comment
@guillaumechardin

guillaumechardin May 13, 2016

Hello,

Is there any update regarding this feature ?

guillaumechardin commented May 13, 2016

Hello,

Is there any update regarding this feature ?

@mickem

This comment has been minimized.

Show comment
Hide comment
@mickem

mickem May 30, 2016

Owner

Sorry for the very very long delay...

ssl support is implemented in check_nscp now so I will setup an NRDP server and validate it in the next few days...

Owner

mickem commented May 30, 2016

Sorry for the very very long delay...

ssl support is implemented in check_nscp now so I will setup an NRDP server and validate it in the next few days...

@guillaumechardin

This comment has been minimized.

Show comment
Hide comment
@guillaumechardin

guillaumechardin Jul 5, 2016

Did you achieve to test nrdp ?
If you want I can test it on my infrastructure for you and give you feedback/debug logs.
Just give me the right compiled client or version number to you.

Bye

guillaumechardin commented Jul 5, 2016

Did you achieve to test nrdp ?
If you want I can test it on my infrastructure for you and give you feedback/debug logs.
Just give me the right compiled client or version number to you.

Bye

@guillaumechardin

This comment has been minimized.

Show comment
Hide comment
@guillaumechardin

guillaumechardin Jul 11, 2016

Seems that nrdp is not working see doc attach (cannot upload it on pdf sorry)
Some settings are not used/understand by nrdp (see red boxes on docx). Those are native nrdp parameters like host, port, etc.
Note that i run a packet capture on the test computer and nothing get out the box so, parameters are really not read on nsclient side.
Note that i try it on the last release : NSClient++ 0.5.0.46 2016-05-30 x64

Doc1.docx

guillaumechardin commented Jul 11, 2016

Seems that nrdp is not working see doc attach (cannot upload it on pdf sorry)
Some settings are not used/understand by nrdp (see red boxes on docx). Those are native nrdp parameters like host, port, etc.
Note that i run a packet capture on the test computer and nothing get out the box so, parameters are really not read on nsclient side.
Note that i try it on the last release : NSClient++ 0.5.0.46 2016-05-30 x64

Doc1.docx

@mickem

This comment has been minimized.

Show comment
Hide comment
@mickem

mickem Aug 22, 2016

Owner

Latest build supports https and regular NRDP was fixed as well a few builds ago...
So try the latest build and le me know any issues...

Owner

mickem commented Aug 22, 2016

Latest build supports https and regular NRDP was fixed as well a few builds ago...
So try the latest build and le me know any issues...

@JGGINC

This comment has been minimized.

Show comment
Hide comment
@JGGINC

JGGINC Aug 25, 2016

Good day Michael,

Trying to get submit_nrdp working on latest build (0.5.0.59) w/out success. With HTTPS was always receiving "cli UNKNOWN: Error: Failed to fetch config: 400:". Dumbed down to HTTP and receive "cli UNKNOWN: Error: Failed to fetch config: 404:"

nscp test mode renders successful run of the check used for same, but cannot submit. NRDP server is working well via HTTPS for distributed Nagios; it is only NSClient++.

Could you kindly provide some additional info, examples, etc?

Obviously, we prefer to use 443.

Any further guidance is much appreciated...and happy to test nightly builds, etc.

Mny Thx

JGGINC commented Aug 25, 2016

Good day Michael,

Trying to get submit_nrdp working on latest build (0.5.0.59) w/out success. With HTTPS was always receiving "cli UNKNOWN: Error: Failed to fetch config: 400:". Dumbed down to HTTP and receive "cli UNKNOWN: Error: Failed to fetch config: 404:"

nscp test mode renders successful run of the check used for same, but cannot submit. NRDP server is working well via HTTPS for distributed Nagios; it is only NSClient++.

Could you kindly provide some additional info, examples, etc?

Obviously, we prefer to use 443.

Any further guidance is much appreciated...and happy to test nightly builds, etc.

Mny Thx

@JGGINC

This comment has been minimized.

Show comment
Hide comment
@JGGINC

JGGINC Aug 26, 2016

ssl_access_log shows "[26/Aug/2016:18:25:59 +0000] "GET / HTTP/1.0" 400 362" when using submit_nrdp build (0.5.0.59) vs. POST?

JGGINC commented Aug 26, 2016

ssl_access_log shows "[26/Aug/2016:18:25:59 +0000] "GET / HTTP/1.0" 400 362" when using submit_nrdp build (0.5.0.59) vs. POST?

@mickem

This comment has been minimized.

Show comment
Hide comment
@mickem

mickem Sep 14, 2016

Owner

So sorry for this, there were a bunch of issues...
I have fixed it in the next build:

nscp test --log trace
...
exec NRDPClient submit_nrdp --address https://nrdp.server.com/nrdp/server --key secret --command foo --result ok --message bar

D       core Executing command is target for: NRDPClient
T       core Trying : CheckEventLog
T       core Trying : NRDPClient
D       core Executing command in: NRDPClient
T       nrdp Target configuration: address: https://nrdp.server.com/, timeout: 30, retry: 2, data: { retries: 3, token: secret, }
T       nrdp Connecting tuo: protocol: https, host: nrdp.server.com:443, port: 443, path: /nrdp/server, timeout: 30, token: secret, sender:
T       nrdp Sending: <?xml version="1.0" encoding="UTF-8"?>
<checkresults>
    <checkresult type="service">
        <hostname>mime-g501jw</hostname>
        <servicename>foo</servicename>
        <state>0</state>
        <output>bar</output>
    </checkresult>
</checkresults>

T       nrdp Happily ignoring: <?xml version="1.0" encoding="utf-8"?>
<result>
  <status>0</status>
  <message>OK</message>
    <meta>
       <output>1 checks processed.</output>
    </meta>
</result>

D       core Module handled execution request: NRDPClient
T       core Trying : CommandClient
L        cli Data presumably sent successfully

// Michael Medin

Owner

mickem commented Sep 14, 2016

So sorry for this, there were a bunch of issues...
I have fixed it in the next build:

nscp test --log trace
...
exec NRDPClient submit_nrdp --address https://nrdp.server.com/nrdp/server --key secret --command foo --result ok --message bar

D       core Executing command is target for: NRDPClient
T       core Trying : CheckEventLog
T       core Trying : NRDPClient
D       core Executing command in: NRDPClient
T       nrdp Target configuration: address: https://nrdp.server.com/, timeout: 30, retry: 2, data: { retries: 3, token: secret, }
T       nrdp Connecting tuo: protocol: https, host: nrdp.server.com:443, port: 443, path: /nrdp/server, timeout: 30, token: secret, sender:
T       nrdp Sending: <?xml version="1.0" encoding="UTF-8"?>
<checkresults>
    <checkresult type="service">
        <hostname>mime-g501jw</hostname>
        <servicename>foo</servicename>
        <state>0</state>
        <output>bar</output>
    </checkresult>
</checkresults>

T       nrdp Happily ignoring: <?xml version="1.0" encoding="utf-8"?>
<result>
  <status>0</status>
  <message>OK</message>
    <meta>
       <output>1 checks processed.</output>
    </meta>
</result>

D       core Module handled execution request: NRDPClient
T       core Trying : CommandClient
L        cli Data presumably sent successfully

// Michael Medin

@mickem mickem closed this in bd6e478 Sep 14, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment