NCPA3: UnboundLocalError 'ssl_context' when using listener.ssl_ciphers option

[Ivan-Roger]

ncpa agent crashes at startup when using the ssl_ciphers option (in the listener section).

The following error is raised in the logs: UnboundLocalError: cannot access local variable 'ssl_context' where it is not associated with a value (file ncpa.py, line 237, in run)

Looking at the source code we can see that indeed the ssl_context variable is accessed (line 237) before creation (line 262).

The fix would be easy, we would just need to initialize the ssl_context dict before line 237 and alter line 262 to update the existing dict.

I'll try to drop in a PR for this

[Petaris]

We have run into this as well. Hopefully the fix can be tested and released quickly.

[jstormshak]

We recently patched close to 300 systems which we carry the Nagios repos and it updated to 3.0.1 and we use the SSL ciphers and we had to downgrade the agent across all those systems. It was a lot of work backing out due to this bug. Does anyone know if there's a timeline to when there will be an updated fixed agent for NCPA? Is there a way to get automatic updates on this by chance?

[ne-bbahn]

We recently patched close to 300 systems which we carry the Nagios repos and it updated to 3.0.1 and we use the SSL ciphers and we had to downgrade the agent across all those systems. It was a lot of work backing out due to this bug. Does anyone know if there's a timeline to when there will be an updated fixed agent for NCPA? Is there a way to get automatic updates on this by chance?

The fix has been merged into the NCPA 3.0.2 branch and will be released in the coming weeks. You can build NCPA yourself from the branch dev-v3.0.2 to have early access to this fix.