[Pkg-nagios-devel] Bug#545484: Bug#545484: nagios-plugins-basic: enable SSL certificate validity check by default
Thijs Kinkhorst
thijs at uvt.nl
Wed Nov 18 17:16:21 UTC 2009
Hi Jan,
> On Monday, 7. September 2009, Thijs Kinkhorst wrote:
> > A number of Nagios plugins include useful functionality when connecting
> > over SSL: they check if the certificate is still valid and report a
> > warning or error when it (soon) expires.
> > Attached is a patch that in the shipped configuration enables this useful
> > extra check.
>
> as I can understand, that this would be a usefull addition, I think we have
> a couple of disadvantages.
>
> * users which uses a certificate and don't care if its valid/expired (just
> want to encrypt the payload) maybe get nerved
In both situations, current and proposed, a group of people will want to opt
to change it. My proposal is to change the default, not to force the checks
upon them. In my view default on is better than default off in this case,
because I presume that people using SSL in general *are* interested in having
valid certificates (why are they using SSL then), and people explicitly
wanting to turn it off are a relatively small group.
> * what ever we choose as days until the cert expires ... users may edit
> this anyways, as they want to set different values
That's true, but I think that people would prefer to be warned at a moment
they'd rather finetune to a somewhat different moment, over not being warned
at all.
Enabling it by default generates less work for most administrators, and
proactively prevents service outage for those administrators that did not
know about that check previously or forgot to set it.
> Adding more check seems also not an option, as we have so huge checks for
> stuff, but we can't provide command definitions for everything.
I agree with you on this one.
cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20091118/f9e693aa/attachment.pgp>
More information about the Pkg-nagios-devel
mailing list