check_http with -C option appears to check URL (2.2.1)

This forum is intended for the discussion of Nagios plugin development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagiosplug-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

check_http with -C option appears to check URL (2.2.1)

Postby millisa » Tue Jul 18, 2017 2:11 am

With check_http in 2.2.1, compiled from source, when specifying the '-C ##' option to check a certificate expiration, it now appears to do an http request for content.

Relevant excerpt from the check_http man page:
Code: Select all
-C, --certificate=INTEGER[,INTEGER]
        Minimum number of days a certificate has to be valid. Port defaults to 443
        (when this option is used the URL is not checked.)


With 2.1.4:
Code: Select all
check_http --ssl -C 21 -H google.com

Gives:
Code: Select all
OK - Certificate '*.google.com' will expire on 2017-09-27 03:09 -0500/CDT.


On the same system, using the 2.2.1 of the plugin to run the same command:
Code: Select all
check_http --ssl -C 21 -H google.com

Gives:
Code: Select all
SSL OK - Certificate '*.google.com' will expire on 2017-09-27 03:09 -0500/CDT. HTTP OK: HTTP/1.1 301 Moved Permanently - 615 bytes in 1.297 second response time |time=1.297264s;;;0.000000 size=615B;;;0

That HTTP OK portion shouldn't be there with the -C option specified (unless this has been changed and I missed it in the changelog? The closest I saw was the bit about not prematurely reporting success on the TLS cert validation)

Version info (source downloaded 2017-07-18):
Code: Select all
./check_http --version
check_http v2.2.1 (nagios-plugins 2.2.1)



In my specific case, access to the http content is restricted, so even though I just want to do a certificate expiration check, I'm getting a warning in nagios with the new version because of a 401 response.

IP/hostname/port redacted version of the two versions of the command I'm actually using:
Code: Select all
./check_http --ssl -C 21 -I IPREDACTED -p PORTREDACTED
SSL OK - Certificate 'hostnameredacted.com' will expire on 2018-04-04 18:59 -0500/CDT. HTTP WARNING: HTTP/1.0 401 Access Denied - 40256 bytes in 0.280 second response time |time=0.279541s;;;0.000000 size=40256B;;;0

(this exits with a 'warning' state, when up until 2.2.1, this would have exited with an 'OK' state which is what I expect).

And the same check (with hostname/port redacted) using the 2.1.4 version of check_http:
Code: Select all
./check_http --ssl -C 21 -I IPREDACTED -p PORTREDACTED
OK - Certificate 'hostnameredacted.com' will expire on 2018-04-04 18:59 -0500/CDT.

(exits with an 'ok' state)

Quick edit for system info: Systems tested with were running centos 6.9 x86_64 and centos 7.3.1611.
User avatar
millisa
 
Posts: 69
Joined: Thu Jan 16, 2014 11:13 pm
Location: Austin, TX

Re: check_http with -C option appears to check URL (2.2.1)

Postby millisa » Tue Jul 18, 2017 2:29 am

And I just missed it when looking for another report on this. It looks like this is already reported in github at check_http: -C broken after update to 2.2.1 and check_http: Breaking change to -C: Certificate check should not check URL
User avatar
millisa
 
Posts: 69
Joined: Thu Jan 16, 2014 11:13 pm
Location: Austin, TX

Re: check_http with -C option appears to check URL (2.2.1)

Postby tmcdonald » Tue Jul 18, 2017 11:51 am

Thanks for the details! Mind if we close this since there is a report open?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
tmcdonald
Operations Engineer
 
Posts: 9010
Joined: Mon Sep 23, 2013 8:40 am

Re: check_http with -C option appears to check URL (2.2.1)

Postby millisa » Tue Jul 18, 2017 12:01 pm

Go for it, one of the github reports already says it's got a fix in 2.2.2, so I'll wait for it to drop.
User avatar
millisa
 
Posts: 69
Joined: Thu Jan 16, 2014 11:13 pm
Location: Austin, TX


Return to Nagios Plugin Development

Who is online

Users browsing this forum: No registered users and 4 guests