Support Migration Notice: To update migrated JIRA cases click here to open a new case use www.vmware.com/go/sr | vFabric Hyperic 5.7.0 is Now Available

Hyperic HQ

NetServicesCollector insists on using SSL for all sockets

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 4.6, 4.6.0.1
  • Fix Version/s: 4.6.0.2, 4.6.5
  • Component/s: Plugins
  • Case Links:
    none
  • Regression:
    No
  • Tags:

Description

Services in the netservices plugin which use NetServicesCollector.getSocketWrapper() are forced into ssl. This includes SMTP, POP3, IMAP services.

The cause is this modification from 583cc0bffdc773d27fa9521273c27f22b24e7ad6

-    public SocketWrapper getSocketWrapper()
-        throws IOException {
-
-        return new SocketWrapper(getSocket());
+    public SocketWrapper getSocketWrapper(boolean acceptUnverifiedCertificatesOverride) throws IOException {
+       // Somtimes we may want to override what's set in the keystore config...mostly for init purposes...
+       boolean accept = acceptUnverifiedCertificatesOverride ? true : keystoreConfig.isAcceptUnverifiedCert();
+       SSLProvider sslProvider = new DefaultSSLProviderImpl(keystoreConfig, accept);
+        SSLSocketFactory factory = sslProvider.getSSLSocketFactory();
+        Socket socket = factory.createSocket();
+
+        socket.connect(getSocketAddress(), getTimeoutMillis());
+        socket.setSoTimeout(getTimeoutMillis());
+        ((SSLSocket) socket).startHandshake();       
+
+        return new SocketWrapper(socket);

This results in failure to collect metrics and the message "Unrecognized SSL message, plaintext connection?" with lines similar to the following in agent.log

2011-11-10 07:10:42,115 DEBUG [pool-1-thread-7] [Collector] name=SMTP, thread=pool-1-thread-7, result=Thu Nov 10 07:10:42 CST 2011 (localhost:25) Unrecognized SSL message, plaintext connection? values={StateCLOSE_WAIT=0.0, InboundConnections=0.0, OutboundConnections=0.0, StateLISTEN=0.0, StateCLOSE=0.0, StateIDLE=0.0, StateSYN_SENT=0.0, StateBOUND=0.0, AllInboundConnections=0.0, StateLAST_ACK=0.0, Availability=0.0, StateFIN_WAIT2=0.0, StateTIME_WAIT=0.0, StateUNKNOWN=0.0, StateESTABLISHED=0.0, StateFIN_WAIT1=0.0, StateCLOSING=0.0, AllOutboundConnections=0.0, StateSYN_RECV=0.0}

Activity

Hide
Wes Schlichter added a comment -

Replaced some code removed and re-added non-ssl connection support for non-ssl sockets.

Show
Wes Schlichter added a comment - Replaced some code removed and re-added non-ssl connection support for non-ssl sockets.
Hide
Jason Konicki added a comment -

Adding to 4.6.0.2

Show
Jason Konicki added a comment - Adding to 4.6.0.2
Hide
Wes Schlichter added a comment -

cherry picked fix from 4.6.x into 4.6.0.x

Show
Wes Schlichter added a comment - cherry picked fix from 4.6.x into 4.6.0.x
Hide
Zvika Messing added a comment -

verified in hyperic 4.6.5 RC2 that smtp service collects metrics connecting without SSL

Show
Zvika Messing added a comment - verified in hyperic 4.6.5 RC2 that smtp service collects metrics connecting without SSL

People

Vote (0)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved:
    Last comment:
    2 years, 8 weeks, 6 days ago