check_http - Options -J and -K improvement suggestion

Stefan Roissard s.roissard at
Tue May 3 17:23:58 CEST 2016


I am using check_http 2.1.2 with Nagios to check a remote URL, that
requires a client certificate.

I have been trying to use options -J and -K with no luck, because the
remote server seems to refuse my certificate, with error :
 CRITICAL - Cannot make SSL connection.
 error:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1259:SSL alert number 48.

>From what I understand, This error happens because I don't have a way to
provide the certificate chain also.

So, I have searched a while, and found out that if I call
SSL_CTX_use_certificate_chain_file() instead of
SSL_CTX_use_certificate_file() in plugins/sslutils.c (line 92), my problem
is solved, since I am now able to provide a full chain with option -J (PEM
file with client certificate followed by the certificate chain).

Is this the good way to solve my issue ? If yes, could you take this change
into account in future releases ?

Best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Devel mailing list