check-ssl-qualys.rb regularly times out

[majormoses]

As discovered and troubleshot in #34 the api takes a while to respond, we should wait for the ETA when possible rather than some arbitrary number. This will also indirectly help better handle rate limit issues although handling it properly (429) is out of scope here.

[jhoblitt]

The check of this host is flapping, passing about once every 4 days or so. The host is a little unusual in that it HTTP 301s to another domain. I would not expect that to have any effect on a TLS check but it is the only notable difference between this host and the others that I'm monitoring. I haven't tried to determine if this is due to check's behavior or something goofy going on with ssllabs.

[root@ip-172-31-47-104 status-configuration]# time /usr/bin/check-ssl-qualys.rb --api-url https://api.ssllabs.com/api/v3/ --number-checks 100 -d sw.lsstcorp.org
Check failed to run: Net::OpenTimeout, ["/opt/rh/rh-ruby24/root/usr/share/ruby/net/protocol.rb:41:in `ssl_socket_connect'", "/opt/rh/rh-ruby24/root/usr/share/ruby/net/http.rb:948:in `connect'", "/opt/rh/rh-ruby24/root/usr/share/ruby/net/http.rb:887:in `do_start'", "/opt/rh/rh-ruby24/root/usr/share/ruby/net/http.rb:876:in `start'", "/opt/rh/rh-ruby24/root/usr/share/ruby/net/http.rb:608:in `start'", "/opt/rh/rh-ruby24/root/usr/share/ruby/net/http.rb:485:in `get_response'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:95:in `ssl_api_request'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:103:in `ssl_check'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:110:in `block in ssl_recheck'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:109:in `upto'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:109:in `ssl_recheck'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:118:in `ssl_grades'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:124:in `lowest_grade'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugins-ssl-1.4.0/bin/check-ssl-qualys.rb:128:in `run'", "/opt/rh/rh-ruby24/root/usr/local/share/gems/gems/sensu-plugin-1.4.5/lib/sensu-plugin/cli.rb:58:in `block in <class:CLI>'"]

real	4m24.823s
user	0m0.208s
sys	0m0.036s

[majormoses]

It should be fine, I was testing with google.com last night:

$ curl -I https://google.com
HTTP/1.1 301 Moved Permanently
Location: https://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Mar 2018 03:10:23 GMT
Expires: Mon, 16 Apr 2018 03:10:23 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 220
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="41,39,35"

I am working on a fix for this.

[majormoses]

Btw after playing with it more I was able to replicate similar times when using the startNew header with curl.

Btw I also noticed this which confirms that we expect it to be slow: https://github.com/sensu-plugins/sensu-plugins-ssl/blob/1.5.0/bin/check-ssl-qualys.rb#L30-L33

I am working on revamping the code

[majormoses]

OK I have a working version, will create a PR shortly.