Hi Jan, > On Monday, 7. September 2009, Thijs Kinkhorst wrote: > > A number of Nagios plugins include useful functionality when connecting > > over SSL: they check if the certificate is still valid and report a > > warning or error when it (soon) expires.
> > Attached is a patch that in the shipped configuration enables this useful > > extra check. > > as I can understand, that this would be a usefull addition, I think we have > a couple of disadvantages. > > * users which uses a certificate and don't care if its valid/expired (just > want to encrypt the payload) maybe get nerved In both situations, current and proposed, a group of people will want to opt to change it. My proposal is to change the default, not to force the checks upon them. In my view default on is better than default off in this case, because I presume that people using SSL in general *are* interested in having valid certificates (why are they using SSL then), and people explicitly wanting to turn it off are a relatively small group. > * what ever we choose as days until the cert expires ... users may edit > this anyways, as they want to set different values That's true, but I think that people would prefer to be warned at a moment they'd rather finetune to a somewhat different moment, over not being warned at all. Enabling it by default generates less work for most administrators, and proactively prevents service outage for those administrators that did not know about that check previously or forgot to set it. > Adding more check seems also not an option, as we have so huge checks for > stuff, but we can't provide command definitions for everything. I agree with you on this one. cheers, Thijs
signature.asc
Description: This is a digitally signed message part.
