Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
[dev.icinga.com #10358] ITL: Allow to enforce specific SSL versions using the http check command #3484
This issue has been migrated from Redmine: https://dev.icinga.com/issues/10358
Created by bldewolf on 2015-10-14 07:08:19 +00:00
In itl/command-plugins.conf, the CheckCommand object for "http" assumes "-S" is only a flag and can't take arguments. It actually can take arguments, specifying the required version of SSL (instead of negotiating).
My fix for this was to make a derivative object (I was already making one for "https" anyway) that adds:
2016-02-24 22:38:22 +00:00 by (unknown) 2e1a214
2016-02-24 22:38:52 +00:00 by mfriedrich e0974d8
2016-03-11 14:49:53 +00:00 by (unknown) 5c52e3e
2016-03-11 14:50:02 +00:00 by mfriedrich 7f7f46b
2016-03-15 14:26:22 +00:00 by mfriedrich d8b70f8
2016-03-15 14:28:10 +00:00 by mfriedrich ba989f4
Updated by holzkeil on 2016-02-29 16:19:06 +00:00
I stumbled upon the same issue and I think the patch does not cover all cases. check_http is a bit more flexible and not only accepts 1,2 and 3 as arguments, but also 1.1, 1.2 and also every argument with a plus sign appended, e.g. 1.1+ which means that specific or any higher TLS/SSL version is accepted.
This means the patch should be extended:
#diff command-plugins.conf command-plugins.conf.bak
Updated by mfriedrich on 2016-03-15 14:29:09 +00:00
Converted the path into a clean one, and created documentation. Next time please provide a git patch including the doc update bits. Thanks.