-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/01/16 09:03 AM, Gereon Kremer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > Hello, > > I'm using > nagios for website monitoring and recently one of the sites > was migrated to https. > I'll abstract from the nagios config now and directly show the problem > on the plugin. > > I now want to migrate the following command to https: > check_http -H <url> > > What works: > wget https://<url> > > What does not work (with result): > check_http -S -H <url> (timeout) > check_http --ssl -H <url> (timeout) > check_http --ssl=1 -H <url> (timeout) > check_http --ssl=2 -H <url> (SSL protocol version 2 is not supported > by your SSL library.) > check_http --ssl=3 -H <url> (sslv3 alert handshake > failure:s3_pkt.c:1294:SSL alert number 40) > check_http -p 443 -H <url> (timeout) > > I also tried to enable sni or additionally provide the IP via -I, but > this did not change anything. > I discovered the third-party check_https plugin which actually wraps > wget. However, I'd like to use the -s option from check_http which is > not provided by check_https. Hi Gereon, Have you tried: check_https -H <url> check_http -S -p 443 -H <url> If I'm not mistaken, calling check_http as check_https does two things: 1. enable ssl (-S/--ssl), and 2. change the default port to 443 (check_https should be a symlink to check_http). When you set the port to 443, it's like doing "http://host:443/"; : that will use normal http on an ssl connection which won't work. Similarly, I don't think check_http is smart enough to decide when it should change the default port to 443 unless when called as "check_https", so when you use -S/--ssl without explicitly setting port 443, it's like doing "https://host:80/"; - going ssl on a non-ssl connection won't work neither. Regards, P.s.: Sorry for repost, so long I haven't posted in here my gpg rules had to be updated - also corrected some typos. - -- Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlaKv1wACgkQ6dZ+Kt5BchY6dwCguRTU5FDHriMhMTBeYhxDQpmA l9QAoIkQqSWwdXd2Yzc2kKJ0WVVX69Dd =f3mX -----END PGP SIGNATURE-----
