<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style>
<!--
@font-face
{font-family:Calibri}
@font-face
{font-family:"Segoe UI"}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EstiloCorreo17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:70.85pt 3.0cm 70.85pt 3.0cm}
div.WordSection1
{}
-->
</style>
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I have realized that in check_http, when –C option is used (“Minimum number of days a certificate has to be valid”), other checks doesn’t take effect. This is not documented, nor checked as an options error, so it seem a strange behaviour
to me. An example:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">check_http -I 172.22.192.20 -H server1 -p 443 -S -e "HTTP/1.1 201 "</p>
<p class="MsoNormal">HTTP CRITICAL - Invalid HTTP response received from host on port 443: HTTP/1.1 200 OK</p>
<p class="MsoNormal">check_http -I 172.22.192.20 -H server1 -p 443 -S -e "HTTP/1.1 201 " -C 100</p>
<p class="MsoNormal">OK - Certificate will expire on 05/09/2016 12:00.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Tracking it to the code (check_http):</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">/* try to connect to the host at the given port number */</p>
<p class="MsoNormal">if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)</p>
<p class="MsoNormal" style="text-indent:36.0pt">die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));</p>
<p class="MsoNormal">#ifdef HAVE_SSL</p>
<p class="MsoNormal">if (use_ssl == TRUE) {</p>
<p class="MsoNormal" style="text-indent:36.0pt">np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));</p>
<p class="MsoNormal" style="text-indent:36.0pt"><b>if (check_cert == TRUE) {</b></p>
<p class="MsoNormal" style="margin-left:36.0pt; text-indent:36.0pt">result = np_net_ssl_check_cert(days_till_exp);</p>
<p class="MsoNormal" style="margin-left:36.0pt; text-indent:36.0pt">np_net_ssl_cleanup();</p>
<p class="MsoNormal" style="margin-left:36.0pt; text-indent:36.0pt">if (sd) close(sd);</p>
<p class="MsoNormal" style="margin-left:36.0pt; text-indent:36.0pt"><b>return result;</b></p>
<p class="MsoNormal" style="text-indent:36.0pt">}</p>
<p class="MsoNormal"> }</p>
<p class="MsoNormal">#endif /* HAVE_SSL */</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Is this the expected behaviour?</span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Saludos,</span><span style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">J.</span><span style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><span style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Julio Pedreira Paz</span><span style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Enterprise Architect - IT Architecture & Design</span><span style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="ES" style="color:#1F497D">Equifax Ibérica</span><span lang="ES" style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="ES" style="color:#1F497D">Fijo/Land: +34 91 768 773 (7732)</span><span lang="ES" style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="ES" style="color:#1F497D">Móvil/Cell: +34 626 721 620 (8732)</span><span lang="ES" style="font-size:13.5pt; font-family:"Segoe UI","sans-serif"; color:black"></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><a href="mailto:julio.pedreira@equifax.es"><span lang="ES" style="color:blue">julio.pedreira@equifax.es</span></a></span><span lang="ES" style="color:#1F497D"></span></p>
<p class="MsoNormal"><span lang="ES" style="color:#1F497D"><a href="http://www.equifax.es/"><span style="color:blue">www.equifax.es</span></a></span></p>
<p class="MsoNormal"><span lang="ES"> </span></p>
</div>
Este mensaje se dirige exclusivamente a su destinatario y puede contener información privilegiada o confidencial. Si no es vd. el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud
de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. Esta mensagem destina-se exclusivamente ao destinatário e pode conter informação privilegiada e/ou
confidencial. Se não é o destinatário da mensagem, fique ciente que a utilização, divulgação e/ou cópia sem autorização, está proibida pela lei actualmente em vigor. Se recebeu esta mensagem por engano, pedimos-lhe que no-lo comunique imediatamente por esta
mesma via, e proceda à destruição da mesma
</body>
</html>