From bc2720abddf8e379c4e1f23ed25f7702ef29ad08 Mon Sep 17 00:00:00 2001
From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>
Date: Sun, 9 Nov 2025 11:46:36 +0100
Subject: check_smtp: certificate check is no longer opt-in

This is a breaking change.
Testing whether a TLS certificate is still valid (expiration wise)
is now the default in check_smtp.
The reasoning is, that in most scenarios an expired certificate
will effectively mean that the service is not working anymore due to
the refusal of other software to talk to it.

There is a new cli parameter though to explicitly ignore that.
---
 plugins/check_smtp.d/config.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'plugins/check_smtp.d/config.h')

diff --git a/plugins/check_smtp.d/config.h b/plugins/check_smtp.d/config.h
index 11d7fe56..b0d42ed1 100644
--- a/plugins/check_smtp.d/config.h
+++ b/plugins/check_smtp.d/config.h
@@ -40,12 +40,13 @@ typedef struct {
 
 	bool use_proxy_prefix;
 #ifdef HAVE_SSL
-	bool check_cert;
 	int days_till_exp_warn;
 	int days_till_exp_crit;
 	bool use_ssl;
 	bool use_starttls;
 	bool use_sni;
+
+	bool ignore_certificate_expiration;
 #endif
 
 	bool output_format_is_set;
@@ -80,12 +81,13 @@ check_smtp_config check_smtp_config_init() {
 
 		.use_proxy_prefix = false,
 #ifdef HAVE_SSL
-		.check_cert = false,
 		.days_till_exp_warn = 0,
 		.days_till_exp_crit = 0,
 		.use_ssl = false,
 		.use_starttls = false,
 		.use_sni = false,
+
+		.ignore_certificate_expiration = false,
 #endif
 
 		.output_format_is_set = false,
-- 
cgit v1.2.3-74-g34f1