From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Dec 5 17:20:03 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F9C216A41A for ; Wed, 5 Dec 2007 17:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 916ED13C461 for ; Wed, 5 Dec 2007 17:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lB5HK3vZ047364 for ; Wed, 5 Dec 2007 17:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lB5HK3iG047363; Wed, 5 Dec 2007 17:20:03 GMT (envelope-from gnats) Date: Wed, 5 Dec 2007 17:20:03 GMT Message-Id: <200712051720.lB5HK3iG047363@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: "Andrew Daugherity" Cc: Subject: Re: ports/118434: [patch] net-mgmt/nrpe2 should enable SSL by default X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Andrew Daugherity List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Dec 2007 17:20:03 -0000 The following reply was made to PR ports/118434; it has been noted by GNATS. From: "Andrew Daugherity" To: "Jarrod Sayers" Cc: Subject: Re: ports/118434: [patch] net-mgmt/nrpe2 should enable SSL by default Date: Wed, 05 Dec 2007 10:55:26 -0600 >>> On 12/5/2007 at 5:24 AM, in message , Jarrod Sayers wrote: > Andrew, >=20 > The default for net-mgmt/nrpe2 is to be compiled without SSL support. = =20 > This results in both nrpe2 and check_nrpe2 being unable to support SSL = =20 > connections or services, and thus non-SSL becomes the default =20 > connection method. If the port is built with SSL support, nrpe2 =20 > supports only SSL connections but check_nrpe2 supports both with the =20 > default being SSL. You may then use the -n flag from the command line = =20 > to connect to hosts without the SSL binary. My mistake, I thought /usr/local/libexec/nagios/check_nrpe2 was install by = the nagios-plugins port (which nrpe2 depends on, and installs everything = else in /usr/local/libexec/nagios), but I see now it is part of nrpe2. No SSL settings in make.conf, the only thing in there is the two lines = added by use.perl. In our case, check_nrpe2 will be run on our Nagios server (a Linux box), = not this machine, and I installed nrpe2 with 'portinstall -P nrpe2' (using = the campus mirror of packages-6-stable) to monitor things such as load = average, ipmitool sensor output, etc. On the other Linux machines I = installed nrpe (via YaST, apt-get, etc.) and it just worked, but in this = case I had to rebuild the port and tick the SSL option (or else add -n to = the nagios script). It's not a huge problem, but IMO it violates the principle of least = surprise. Is there any reason not to make SSL the default for this port? = Would splitting into nrpe2{,-nossl} (or nrpe2{,-ssl}) ports (or at least = pkg builds) be a better solution? On both 5.5 and 6.2, nrpe2 links = against the system libssl so there aren't any additional ports dependencies= . Thanks, Andrew Daugherity