Bug#699803: Acknowledgement (munin: TLS not working with Munin master v2.0.x)
tag + upstream fixed-upstream done It is fixed upstream in 71d0a86 [1]. Thanks guys ! [1] http://munin-monitoring.org/changeset/71d0a86c2b6f549e265be1718db8b20c227c9235 Steve Le 21 mars 2013 20:35, "Steve Schnepp" a écrit : > Oh... That was it. > > Big thanks on the debug ! > Proper fix is on its way, and .12 will follow soonish. > > -- > Steve Schnepp > http://blog.pwkf.org/tag/munin > On Mon, Mar 18, 2013 at 10:28 AM, Eero Häkkinen wrote: > >> Steve Schnepp wrote on 2013-02-28 14:54:54 +0100: >> > I'm looking further on what changed between 1.4 & 2.0. >> >> The fetch_service_config method in the file >> /usr/share/perl5/Munin/Master/Node.pm is changed to use the new >> _node_read_fast method which uses sysread for reading from a socket and >> bypasses the TLS layer completely. >> >> A simple work-a-round to revert the fetch_service_config method to use >> the _node_read method instead of the _node_read_fast method for reading, >> like in the attached patch. >> >> A proper fix whould probably be to make the _node_read_fast to work with >> TLS connections, too. >> > >
Bug#699803: Acknowledgement (munin: TLS not working with Munin master v2.0.x)
Oh... That was it. Big thanks on the debug ! Proper fix is on its way, and .12 will follow soonish. -- Steve Schnepp http://blog.pwkf.org/tag/munin On Mon, Mar 18, 2013 at 10:28 AM, Eero Häkkinen wrote: > Steve Schnepp wrote on 2013-02-28 14:54:54 +0100: > > I'm looking further on what changed between 1.4 & 2.0. > > The fetch_service_config method in the file > /usr/share/perl5/Munin/Master/Node.pm is changed to use the new > _node_read_fast method which uses sysread for reading from a socket and > bypasses the TLS layer completely. > > A simple work-a-round to revert the fetch_service_config method to use > the _node_read method instead of the _node_read_fast method for reading, > like in the attached patch. > > A proper fix whould probably be to make the _node_read_fast to work with > TLS connections, too. >
Bug#699803: Acknowledgement (munin: TLS not working with Munin master v2.0.x)
Steve Schnepp wrote on 2013-02-28 14:54:54 +0100:
> I'm looking further on what changed between 1.4 & 2.0.
The fetch_service_config method in the file
/usr/share/perl5/Munin/Master/Node.pm is changed to use the new
_node_read_fast method which uses sysread for reading from a socket and
bypasses the TLS layer completely.
A simple work-a-round to revert the fetch_service_config method to use
the _node_read method instead of the _node_read_fast method for reading,
like in the attached patch.
A proper fix whould probably be to make the _node_read_fast to work with
TLS connections, too.
--- /usr/share/perl5/Munin/Master/Node.pm 2013-01-20 13:18:35.0 +0200
+++ /usr/share/perl5/Munin/Master/Node.pm 2013-03-18 11:14:16.765775420 +0200
@@ -528,7 +528,7 @@
$self->_node_write_single("fetch $plugin\n");
-my $lines = $self->_node_read_fast();
+my $lines = $self->_node_read();
my $elapsed = tv_interval($t0);
my $nodedesignation = $self->{host}."/".$self->{address}."/".$self->{port};
Bug#699803: Acknowledgement (munin: TLS not working with Munin master v2.0.x)
Did you also upgrade any SSL lib ? No, pure vanilla Debian installation without other upgrades. I'm looking further on what changed between 1.4 & 2.0. Thanks. Regards, Christian Am 28.02.2013 14:54, schrieb Steve Schnepp: Le 6 févr. 2013 11:21, "Christian Schroetter" a écrit : Just to confirm this bug on new systems ;-) I did managed to reproduce the issue. It seems that it's the SSL handshake (master -> node) that is causing the issue... I'm looking further on what changed between 1.4 & 2.0. Did you also upgrade any SSL lib ? Steve -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699803: Acknowledgement (munin: TLS not working with Munin master v2.0.x)
Le 6 févr. 2013 11:21, "Christian Schroetter" a écrit : > Just to confirm this bug on new systems ;-) I did managed to reproduce the issue. It seems that it's the SSL handshake (master -> node) that is causing the issue... I'm looking further on what changed between 1.4 & 2.0. Did you also upgrade any SSL lib ? Steve -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#699803: Acknowledgement (munin: TLS not working with Munin master v2.0.x)
Just to confirm this bug on new systems ;-) Steps to reproduce on a fresh Debian installation (x86): * Install from wheezy or experimental: munin munin-common munin-node munin-plugins-core linet-ssleay * If not already done, create a snakeoil SSL cert/key or install apache2 with SSL support. * Add TLS lines to munin.conf and munin-node.conf: tls enabled tls_verify_certificate no tls_private_key /etc/ssl/private/ssl-cert-snakeoil.key tls_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem * Restart munin-node and run "munin-cron --debug" as user munin. * The error (timeout) should be visible now. Tested on a fresh Debian Wheezy installation in VirtualBox. One time with experimental packages. Also tested with a fresh Debian Squeeze installation, works OOTB with Munin v1.4.x. Regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
