[Pkg-nagios-devel] Bug#644627: Bug#644627: nagios-plugins-basic: check_http --ssl doesn't verify the validity of a certificate

[Jan Wagner]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tags 644627 +upstream
severity 644627 wishlist
thanks

Hi Michael,

Am 07.10.2011 16:44, schrieb Michael Renner:
> Nagios' check_http plugin does no verification whatsoever on the
> SSL certificate presented by the server next to checking the expiry
> time.
> 
> This is highly counter-intuitive and makes the plugin pretty much
> unusable for serious environments where HTTPS is used.

looking into "/usr/lib/nagios/plugins/check_http --help" will give you
informations about the purpose of the plugin:

"Notes:
 This plugin will attempt to open an HTTP connection with the host.
[...]
 This plugin can also check whether an SSL enabled web server is able to
 serve content (optionally within a specified time) or whether the X509
 certificate is still valid for the specified number of days."

This indicates, that you are trying to use this plugin for something
that is not intended to be used for.
Anyways, this would be indeed an usefull extension.

I actually see two ways to proceed with your request. One would be you
provide us a patch for the requested feature. The more usefull way is
to open[1] a feature request upstream and provide a patch there or
hope anybody else is taking care of it.

Thanks and with kind regards, Jan.
[1] http://sourceforge.net/tracker/?func=add&group_id=29880&atid=397600
- -- 
Never write mail to <waja at spamfalle.info>, you have been warned!
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V-
PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFPQNez9u6Dud+QFyQRAt9cAKDBG1JCHIf8SNaIfs2Pl3RBKZ5UugCgkuGF
o7I8JpiqTUG2nv5fTmb9l/w=
=UBMz
-----END PGP SIGNATURE-----