check_http ssl certificate

[Phil Costelloe]

Scott McCamish (Contractor) wrote:
> Hi Scott-
> 
> Lundgren, Scott wrote:
>> Do you know why the browser is prompting about the certificate when
>> you access the URL through your browser? Does the certificate match
>> or is it expired? 
>> 
> 
> It's prompting in firefox/IE because it's an unknown certificate
> authority. 
>> you may have to look through the source of the check_http plug-in and
>> to see how it handles SSL certificate negotiation. On one hand it
>> could blindly trust any certificate. On the other hand like a browser
>> the plugin could consult some file for manually accepted & stored
>> certificates or simply exit if the certificate doesn't is
>> expired/doesn't match. 
>> 
> 
> I did look through the source of check_http, and also
> check_http-with-client-certificate.c, however I'm not familiar enough
> with C to know how to get what I want out of it :)  
> 
> I'd be happy if I could get it to blindly accept the certificate.
> 
> Anybody have some quick thoughts as to where in the code I should
> look to make this kind of change? 

Won't the plugin be using OpenSSL to do the certificate handling and
hence won't the authority checking be handled at the library layer?

I've just done a quick test and can "check_http -S" a site with a
self-signed certificate so the behaviour you seem to be experiencing
(not enough context left in the mail) doesn't happen here (Plugins
v1.4.3).

Phil
 
--------------------------------------------------------

Phil Costelloe
Technical Consultant

   
philc at foundation-it.com
http://www.foundation-it.com
Foundation IT
Foundation Court
Old Street
Oare
Hermitage Berkshire RG18 9SE
Switch: +44 (0) 1635 203700
Helpdesk: +44 (0) 800 0121099
DDI: +44 (0) 1635 203719
Fax: +44 (0) 8700 543537
Mobile: +44 (0) 7884 236299

 

--------------------------------------------------------
This message contains confidential information and is intended only for nagios-users at lists.sourceforge.net. If you are not nagios-users at lists.sourceforge.net you should not disseminate, distribute or copy this e-mail. Please notify Foundation IT immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Foundation IT therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
--------------------------------------------------------


_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null