From 5c52e3e428bfe736efe9a0fccc2e162cf5315f93 Mon Sep 17 00:00:00 2001 From: Brian De Wolf Date: Mon, 16 Nov 2015 11:34:18 -0800 Subject: [PATCH] ITL: add check_http args for SSL version forcing The -S argument of check_http can take a number, which forces the connection to use a specific SSL version. This is implemented as multiple options because check_http does not accept the number following -S if they are separated. fixes #10358 Signed-off-by: Michael Friedrich --- doc/7-icinga-template-library.md | 3 +++ itl/command-plugins.conf | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/doc/7-icinga-template-library.md b/doc/7-icinga-template-library.md index 0f7083b5e..fad70a5ac 100644 --- a/doc/7-icinga-template-library.md +++ b/doc/7-icinga-template-library.md @@ -436,6 +436,9 @@ http_vhost | **Optional.** The virtual host that should be sent in http_uri | **Optional.** The request URI. http_port | **Optional.** The TCP port. Defaults to 80 when not using SSL, 443 otherwise. http_ssl | **Optional.** Whether to use SSL. Defaults to false. +http_ssl_force_tlsv1 | **Optional.** Whether to force TLSv1. +http_ssl_force_sslv2 | **Optional.** Whether to force SSLv2. +http_ssl_force_sslv3 | **Optional.** Whether to force SSLv3. http_sni | **Optional.** Whether to use SNI. Defaults to false. http_auth_pair | **Optional.** Add 'username:password' authorization pair. http_proxy_auth_pair | **Optional.** Add 'username:password' authorization pair for proxy. diff --git a/itl/command-plugins.conf b/itl/command-plugins.conf index a6257f9e4..e017952db 100644 --- a/itl/command-plugins.conf +++ b/itl/command-plugins.conf @@ -331,6 +331,15 @@ object CheckCommand "http" { "-S" = { set_if = "$http_ssl$" } + "-S1" = { + set_if = "$http_ssl_force_tlsv1$" + } + "-S2" = { + set_if = "$http_ssl_force_sslv2$" + } + "-S3" = { + set_if = "$http_ssl_force_sslv3$" + } "--sni" = { set_if = "$http_sni$" } -- 2.40.0