check_http with -C option appears to check URL (2.2.1)

This forum is intended for the discussion of Nagios plugin development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagiosplug-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

check_http with -C option appears to check URL (2.2.1)

Postby millisa » Tue Jul 18, 2017 2:11 am

With check_http in 2.2.1, compiled from source, when specifying the '-C ##' option to check a certificate expiration, it now appears to do an http request for content.

Relevant excerpt from the check_http man page:
Code: Select all
-C, --certificate=INTEGER[,INTEGER]
        Minimum number of days a certificate has to be valid. Port defaults to 443
        (when this option is used the URL is not checked.)


With 2.1.4:
Code: Select all
check_http --ssl -C 21 -H google.com

Gives:
Code: Select all
OK - Certificate '*.google.com' will expire on 2017-09-27 03:09 -0500/CDT.


On the same system, using the 2.2.1 of the plugin to run the same command:
Code: Select all
check_http --ssl -C 21 -H google.com

Gives:
Code: Select all
SSL OK - Certificate '*.google.com' will expire on 2017-09-27 03:09 -0500/CDT. HTTP OK: HTTP/1.1 301 Moved Permanently - 615 bytes in 1.297 second response time |time=1.297264s;;;0.000000 size=615B;;;0

That HTTP OK portion shouldn't be there with the -C option specified (unless this has been changed and I missed it in the changelog? The closest I saw was the bit about not prematurely reporting success on the TLS cert validation)

Version info (source downloaded 2017-07-18):
Code: Select all
./check_http --version
check_http v2.2.1 (nagios-plugins 2.2.1)



In my specific case, access to the http content is restricted, so even though I just want to do a certificate expiration check, I'm getting a warning in nagios with the new version because of a 401 response.

IP/hostname/port redacted version of the two versions of the command I'm actually using:
Code: Select all
./check_http --ssl -C 21 -I IPREDACTED -p PORTREDACTED
SSL OK - Certificate 'hostnameredacted.com' will expire on 2018-04-04 18:59 -0500/CDT. HTTP WARNING: HTTP/1.0 401 Access Denied - 40256 bytes in 0.280 second response time |time=0.279541s;;;0.000000 size=40256B;;;0

(this exits with a 'warning' state, when up until 2.2.1, this would have exited with an 'OK' state which is what I expect).

And the same check (with hostname/port redacted) using the 2.1.4 version of check_http:
Code: Select all
./check_http --ssl -C 21 -I IPREDACTED -p PORTREDACTED
OK - Certificate 'hostnameredacted.com' will expire on 2018-04-04 18:59 -0500/CDT.

(exits with an 'ok' state)

Quick edit for system info: Systems tested with were running centos 6.9 x86_64 and centos 7.3.1611.
User avatar
millisa
 
Posts: 69
Joined: Thu Jan 16, 2014 11:13 pm
Location: Austin, TX

Re: check_http with -C option appears to check URL (2.2.1)

Postby millisa » Tue Jul 18, 2017 2:29 am

And I just missed it when looking for another report on this. It looks like this is already reported in github at check_http: -C broken after update to 2.2.1 and check_http: Breaking change to -C: Certificate check should not check URL
User avatar
millisa
 
Posts: 69
Joined: Thu Jan 16, 2014 11:13 pm
Location: Austin, TX

Re: check_http with -C option appears to check URL (2.2.1)

Postby tmcdonald » Tue Jul 18, 2017 11:51 am

Thanks for the details! Mind if we close this since there is a report open?
Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tmcdonald
Support Lead / Operations Engineer
 
Posts: 8699
Joined: Mon Sep 23, 2013 8:40 am

Re: check_http with -C option appears to check URL (2.2.1)

Postby millisa » Tue Jul 18, 2017 12:01 pm

Go for it, one of the github reports already says it's got a fix in 2.2.2, so I'll wait for it to drop.
User avatar
millisa
 
Posts: 69
Joined: Thu Jan 16, 2014 11:13 pm
Location: Austin, TX


Return to Nagios Plugin Development

Who is online

Users browsing this forum: No registered users and 2 guests