Change solution to display GMT time in the local display format with
the offset number of hours from GMT to be clear about what timezone
this is if the local display format does not include offset.
SSL certs are required to use times in GMT per
https://www.ietf.org/rfc/rfc5280.txt but the mktime() here assumes the
current timezone.
Fix the time_t conversion to be done assuming GMT with timegm() and
only do it once rather than twice.
Display the expiry date and time with ISO format years and give an
offset from GMT and a timezone to be very clear about exactly what time
is being displayed. Time given is correct and now in the machine’s
timezone.
check_http's -S/--ssl option now allows for requesting the TLSv1.1 and
TLSv1.2 protocols. Apart from that, a '+' suffix can be appended in
oder to also accept newer protocols than the specified version.
Closes#1338, and closes#1354, and closes#1359.
sshutils prints the expiry time of certificates in US format
this patch uses the strftime %c, I don't know how portable that is
Thanks to Neil Prockter.
Closes#1188Closes#1161Closes#977Closes#976Closes#975Closes#840Closes#382
This is an initial take at renaming the project to Monitoring Plugins.
It's not expected to be fully complete, and it is expected to break
things (The perl module for instance). More testing will be required
before this goes mainline.
We use OpenSSL (or GnuTLS) with blocking semantics, and we don't want
SSL_read(3) or SSL_write(3) calls to return SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE (see #3614716).
Some versions of OpenSSL fail to negotiate the SSL connection with at
least some versions of Tomcat if stateless SSL session resumption
support (see RFC4507) is enabled:
| CRITICAL - Cannot make SSL connection
| 140099330348712:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1195:SSL alert number 10
The problem is reproducible with OpenSSL 1.0.0h, but not with OpenSSL
0.9.8o-4squeeze12 (as shipped with Debian 6.0.4). We work around it by
disabling the RFC4507 functionality when using OpenSSL versions which
support it.
Thanks to Dag Bakke for reporting the issue and for giving me access to
a server I could use to reproduce the problem.
This patch adds a check for the certificate cn (hostname) to normal
certificate checks. It returns CRITICAL if th cn is missing, otherwise it
prints it in the normal output.
Patch by Stéphane Urbanovski
