tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added the `--dane` option to the command definition ssl_cert (#10196)

This commit is contained in:
Peter Eckel 2025-01-08 11:47:37 +01:00 committed by GitHub
parent c5963712fa
commit 920ba0b2db
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/10-icinga-template-library.md
View File

@ -5944,6 +5944,7 @@ ssl_cert_ignore_ocsp_errors | **Optional.** Continue if the OCSP status cannot
ssl_cert_ignore_ocsp_timeout | **Optional.** Ignore OCSP result when timeout occurs while checking.
ssl_cert_ignore_sct | **Optional.** Do not check for signed certificate timestamps.
ssl_cert_ignore_tls_renegotiation | **Optional.** Do not check for renegotiation.
ssl_cert_dane | **Optional.** Verify that valid DANE records exist ({211,301,302,311,312} or empty string).
#### jmx4perl <a id="plugin-contrib-command-jmx4perl"></a>

5
itl/plugins-contrib.d/web.conf
View File

@ -582,6 +582,11 @@ object CheckCommand "ssl_cert" {
value = "$ssl_cert_maximum_validity$"
description = "The maximum validity of the certificate in days (default: 397)"
}
"--dane" = {
value = "$ssl_cert_dane$"
description = "verify that valid DANE records exist (since OpenSSL 1.1.0)"
repeat_key = false
}
}