[Pkg-nagios-devel] Bug#1098492: icinga2-common: Please support check_http's --continue-after-certificate

Uwe Kleine-König ukleinek at debian.org
Fri Feb 21 11:03:31 GMT 2025 

Package: icinga2-common
Version: 2.13.6-2+deb12u2
Severity: normal
Tags: patch
X-Debbugs-Cc: ukleinek at debian.org

Hello,

if the check_http plugin uses -C (aka $http_certificate$) it ignores the
URL to check (-u aka $http_uri$). However if you pass
--continue-after-certificate it does both checks.

Please consider the following patch:

diff --git a/itl/command-plugins.conf b/itl/command-plugins.conf
index 4d9ae066d424..28bd3fb438f3 100644
--- a/itl/command-plugins.conf
+++ b/itl/command-plugins.conf
@@ -544,6 +544,10 @@ object CheckCommand "http" {
 			set_if = "$http_verify_host$"
 			description = "Verify SSL certificate is for the -H hostname (with --sni and -S)"
 		}
+		"--continue-after-certificate" = {
+			set_if = "$http_certificate_continue$"
+			description = "Allows the HTTP check to continue after performing the certificate check. (Only effective with http_certificate.)"
+		}
 	}
 
 	vars.http_address = "$check_address$"

I tested that on stable, but the patch is against the git packaging
repo. Maybe something more sophisticated would also work, something
like: pass --continue-after-certificate if http_certificate and
at least one of { http_uri, http_string, http_method, http_post,
http_expect_body_regex, ...} are set. But my icinga foo isn't good
enough for that.

Thanks
Uwe

-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (700, 'stable-security'), (700, 'stable-debug'), (700, 'stable'), (650, 'testing-debug'), (650, 'testing'), (600, 'unstable'), (500, 'unstable-debug'), (1, 'experimental')
Architecture: arm64 (aarch64)

Kernel: Linux 6.12.9-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages icinga2-common depends on:
ii  adduser         3.134
ii  lsb-release     12.0-1
ii  sysvinit-utils  3.06-4

Versions of packages icinga2-common recommends:
ii  logrotate  3.21.0-1

icinga2-common suggests no packages.

-- no debconf information

More information about the Pkg-nagios-devel mailing list