check_http - support TLS v1.2 (#1338)

seccentral notifications at
Tue Sep 15 17:53:20 CEST 2015

Big update on this and solution *nohack* 
So how do you check a host with SNI ? like this :
openssl s_client -connect -servername 
works perfectly. And this made me think.

now back to the icinga1/2/nagios/etc check_http execution.
this is the correct way to use the command to check a webhost with sni 
check_http -H -S --sni 
HTTP OK: HTTP/1.1 200 OK - 13667 bytes in 1.031 second response time
|time=1.031097s;;;0.000000 size=13667B;;;0
Now, -H stands for vhost but i guess in the context of sni it's somewhat the
same thing tho the documentation should be updated.

Here is a host object definition for such a check 
sequence from hosts.conf 
object Host { 
 vars.http_vhost = ""
 vars.http_sni = "true"
 vars.server_type = "Web Servers" 
 vars[...] # any other required on-setup vars 

and the check is simple . 
sequence from a customservicechecks.conf *justanexamplename*
apply Service "https" {
        import "generic-service"
        check_command = "http"
        vars.http_ssl = "true"
       assign where host.vars.server_type == "Web Servers" 

Now i don't know about nagios 1/2/3/4, this is icinga2 syntax but this
should be adaptable to nagios configs. 

Yay and big thanks to Mr. Rob Stradling at openssl who (although unrelated
to nagios/icinga) gave me a very important hint. 
Rock on \m/

Reply to this email on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Devel mailing list