[Pkg-nagios-devel] Bug#880743: Bug#880743: nagios-plugins-contrib: check_ssl_cert can't use -servername option of openssl s_client

Jan Wagner waja at cyconet.org
Wed Dec 13 20:30:43 UTC 2017 

tags 880743 + pending
thanks

Hi Johan,

thanks for bringing this to our attention.

Am 04.11.17 um 18:43 schrieb Johan Fleury:
> The check_ssl_cert plugin of nagios-plugins-contrib can't use TLS SNI
> due to a bug in the way it detects available options of `openssl
> s_client`.
> 
[...]

> Here is the output of check_ssl_cert on one of my domain that requires
> SNI:
> 
>   # /usr/lib/nagios/plugins/check_ssl_cert -v -H arcaik.net
>   expect not available
>   timeout available (/usr/bin/timeout)
>   found GNU date with timestamp support: enabling date computations
>   '/usr/bin/openssl s_client' does not support '-servername': disabling
>   virtual server support
>   downloading certificate to /tmp
>   parsing the certificate file
>   cannot find the CA Issuers in the certificate: disabling OCSP checks
>   The certificate will expire in 3649 day(s)
>   SSL_CERT CRITICAL subject=CN = vps01.br0.fr: Cannot verify
>   certificate, self signed certificate|days=3649;;;;
> 
> I can't use this version of check_ssl_cert to monitor my certs anymore.
> Is it possible to fix the script for the stable distribution? I already
> have a work around but I would rather use the Debian shipped plugins.
This is fixed with the imported version 1.57.0 of the plugin into our
VCS. It should be available with the next upload to unstable.

Cheers, Jan.
-- 
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS
PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20171213/b50dbfd9/attachment.sig>

More information about the Pkg-nagios-devel mailing list