tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add "-N" parameter for the "ssl" check command 

Without this, we check the wrong cert when SNI is used:

./check_tcp -H git.netsandbox.de -p 443 -D 30,10
OK - Certificate 'netsandbox.de' will expire on 2017-04-19 12:01
+0200/CEST.

./check_tcp -H git.netsandbox.de -p 443 -D 30,10 -N git.netsandbox.de
OK - Certificate 'git.netsandbox.de' will expire on 2017-04-15 14:06
+0200/CEST.

fixes #4936

Signed-off-by: Gunnar Beutner <gunnar.beutner@icinga.com>
This commit is contained in:
Christian Loos 2017-01-20 09:14:03 +01:00 committed by Gunnar Beutner
parent aacc535acf
commit 584be4fe52
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/10-icinga-template-library.md
View File

@ -1275,6 +1275,7 @@ ssl_port | **Required.** The port that should be checked.
ssl_timeout | **Optional.** Timeout in seconds for the connect and handshake. The plugin default is 10 seconds. ssl_timeout | **Optional.** Timeout in seconds for the connect and handshake. The plugin default is 10 seconds.
ssl_cert_valid_days_warn | **Optional.** Warning threshold for days before the certificate will expire. When used, ssl_cert_valid_days_critical must also be set. ssl_cert_valid_days_warn | **Optional.** Warning threshold for days before the certificate will expire. When used, ssl_cert_valid_days_critical must also be set.
ssl_cert_valid_days_critical | **Optional.** Critical threshold for days before the certificate will expire. When used, ssl_cert_valid_days_warn must also be set. ssl_cert_valid_days_critical | **Optional.** Critical threshold for days before the certificate will expire. When used, ssl_cert_valid_days_warn must also be set.
ssl_sni | **Optional.** The `server_name` that is send to select the SSL certificate to check. Important if SNI is used. Defaults to "$ssl_address$".
### <a id="plugin-check-command-ssmtp"></a> ssmtp ### <a id="plugin-check-command-ssmtp"></a> ssmtp

2
itl/command-plugins.conf
View File

@ -269,9 +269,11 @@ object CheckCommand "ssl" {
"--ssl" = { } "--ssl" = { }
"--timeout" = "$ssl_timeout$" "--timeout" = "$ssl_timeout$"
"-D" = "$ssl_cert_valid_days_warn$,$ssl_cert_valid_days_critical$" "-D" = "$ssl_cert_valid_days_warn$,$ssl_cert_valid_days_critical$"
"-N" = "$ssl_sni$"
} }
vars.ssl_address = "$check_address$" vars.ssl_address = "$check_address$"
vars.ssl_sni = "$ssl_address$"
} }
object CheckCommand "udp" { object CheckCommand "udp" {