Bug#1098492: icinga2-common: Please support check_http's --continue-after-certificate

Fri, 21 Feb 2025 03:06:18 -0800 

Package: icinga2-common
Version: 2.13.6-2+deb12u2
Severity: normal
Tags: patch
X-Debbugs-Cc: [email protected]

Hello,

if the check_http plugin uses -C (aka $http_certificate$) it ignores the
URL to check (-u aka $http_uri$). However if you pass
--continue-after-certificate it does both checks.

Please consider the following patch:

diff --git a/itl/command-plugins.conf b/itl/command-plugins.conf
index 4d9ae066d424..28bd3fb438f3 100644
--- a/itl/command-plugins.conf
+++ b/itl/command-plugins.conf
@@ -544,6 +544,10 @@ object CheckCommand "http" {
                        set_if = "$http_verify_host$"
                        description = "Verify SSL certificate is for the -H 
hostname (with --sni and -S)"
                }
+               "--continue-after-certificate" = {
+                       set_if = "$http_certificate_continue$"
+                       description = "Allows the HTTP check to continue after 
performing the certificate check. (Only effective with http_certificate.)"
+               }
        }
 
        vars.http_address = "$check_address$"

I tested that on stable, but the patch is against the git packaging
repo. Maybe something more sophisticated would also work, something
like: pass --continue-after-certificate if http_certificate and
at least one of { http_uri, http_string, http_method, http_post,
http_expect_body_regex, ...} are set. But my icinga foo isn't good
enough for that.

Thanks
Uwe

-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (700, 'stable-security'), (700, 'stable-debug'), (700, 'stable'), 
(650, 'testing-debug'), (650, 'testing'), (600, 'unstable'), (500, 
'unstable-debug'), (1, 'experimental')
Architecture: arm64 (aarch64)

Kernel: Linux 6.12.9-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages icinga2-common depends on:
ii  adduser         3.134
ii  lsb-release     12.0-1
ii  sysvinit-utils  3.06-4

Versions of packages icinga2-common recommends:
ii  logrotate  3.21.0-1

icinga2-common suggests no packages.

-- no debconf information

Reply via email to