check_ldap: add certificate support by waja · Pull Request #1195 · monitoring-plugins/monitoring-plugins · GitHub
Skip to content

check_ldap: add certificate support#1195

Open
waja wants to merge 1 commit into
monitoring-plugins:masterfrom
waja:github1067
Open

check_ldap: add certificate support#1195
waja wants to merge 1 commit into
monitoring-plugins:masterfrom
waja:github1067

Conversation

@waja

@waja waja commented Oct 1, 2013

Copy link
Copy Markdown
Member

Here's a patch adding the certificate expiration check feature to the ldap
plugin, based on the http plugin. For some unknown reason, probably due to
the way secure connection is established, it doesn't work with the --ssl
options, only for the --starttls one.

Just turning attached patch of github issue #1067 into a push request.
(Closes #1067)

Here's a patch adding the certificate expiration check feature to the ldap
plugin, based on the http plugin. For some unknown reason, probably due to
the way secure connection is established, it doesn't work with the --ssl
options, only for the --starttls one.
--
Just turning attached patch of github issue monitoring-plugins#1067 into a push request.
(Closes monitoring-plugins#1067)
waja added a commit to waja/monitoring-plugins that referenced this pull request Jan 24, 2014
by Geoff Oakham <goakham at oanda.com>

Patch of check_ping that allows it to gracefully handle when ping outputs
to stderr "Warning: time of day goes back (-XXXXus), taking countermeasures."

Closes: monitoring-plugins#809 and monitoring-plugins#1195
@dermoth

dermoth commented Jan 29, 2014

Copy link
Copy Markdown
Member

@monitoring-user

Copy link
Copy Markdown

On 29.01.2014 04:58, Thomas Guyot-Sionnest wrote:

one weird thing I noticed is that for straight up SSL services,
check_http certificate check works!

That's because - as far as I can tell without examining the code -
having check_http do a cert check terminates/ignores/whatever all
communication following the server cert presentation, and thus the HTTP
part of HTTPS. In other words, it does behave like a check_tcp plus
cert check; if I remember correctly, it will even happily ignore all
additional limits etc. specified for time, size, string match, etc. from
the command line. Note that that might very well not be what we want
check__http_ to do in the long run.

Then once we get there, what prevent us form adding just the required
logic in check_tcp to implement the STARTTLS certificate checks for
every other STARTTLS-cabaple protocol?

The fact that STARTTLS, more precisely the proper point at which to
issue that command, is embedded into said STARTTLS-enabled protocol.
Hence OpenSSL's requirement of specifying said protocol (out of two
currently supported) when you do an "openssl s_client -connect
foo.bar.org:baz -starttls $HERES_DA_MAGIC_KEYWORD".

Kind regards,

J. Bern

NEU - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel

@waja waja modified the milestones: 2.2, 2.1 Oct 6, 2014
@waja waja force-pushed the master branch 2 times, most recently from 441913d to 40c870e Compare October 19, 2014 21:31
@waja

waja commented Nov 29, 2014

Copy link
Copy Markdown
Member Author

@waja waja added the squash label Nov 29, 2014
@waja waja modified the milestones: 2.3, 2.2 Apr 13, 2015
@waja waja modified the milestones: 2.3, 2.4 Dec 15, 2020
@waja waja modified the milestones: 2.4, 2.5 Jul 23, 2024
@RincewindsHat RincewindsHat modified the milestones: 2.5, 3.1.0 Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

add check certificate support for LDAP plugin [sf#2430999]

5 participants