From 5a222396c28b07c0e905cd09a505d1c083bda90f Mon Sep 17 00:00:00 2001 From: Christian Gut Date: Wed, 20 Oct 2021 12:31:03 +0200 Subject: [PATCH 1/2] check_tls_cert: support --ignore-tls-renegotiation Extend template, so we can support --ignore-tls-renegotiation --- itl/plugins-contrib.d/web.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/itl/plugins-contrib.d/web.conf b/itl/plugins-contrib.d/web.conf index 15d16e8e458..4a1e0fb3491 100644 --- a/itl/plugins-contrib.d/web.conf +++ b/itl/plugins-contrib.d/web.conf @@ -562,6 +562,10 @@ object CheckCommand "ssl_cert" { set_if = "$ssl_cert_ignore_sct$" description = "Do not check for signed certificate timestamps" } + "--ignore-tls-renegotiation" = { + set_if = "$ssl_cert_ignore_tls_renegotiation$" + description = "Do not check for renegotiation" + } } From a49285fa404a5b747d6ac40c8907538c7b835594 Mon Sep 17 00:00:00 2001 From: Christian Gut Date: Wed, 20 Oct 2021 12:33:50 +0200 Subject: [PATCH 2/2] Update docs --- doc/10-icinga-template-library.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md index 27c263f60da..8d5ddd2fac3 100644 --- a/doc/10-icinga-template-library.md +++ b/doc/10-icinga-template-library.md @@ -5758,6 +5758,7 @@ ssl_cert_cipher | **Optional.** Cipher selection: force {ecdsa,rsa ssl_cert_ignore_expiration | **Optional.** Ignore expiration date. ssl_cert_ignore_ocsp | **Optional.** Do not check revocation with OCSP. ssl_cert_ignore_sct | **Optional.** Do not check for signed certificate timestamps. +ssl_cert_ignore_tls_renegotiation | **Optional.** Do not check for renegotiation. #### jmx4perl