]> git.michaelhowe.org Git - packages/n/nagios-plugins-local.git/commitdiff
projects / packages / n / nagios-plugins-local.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4c09f7b)
Add support for defining the TLS version for check_mqtt
authorMichael Howe <michael@michaelhowe.org>
Sat, 28 Dec 2019 10:19:41 +0000 (10:19 +0000)
committerMichael Howe <michael@michaelhowe.org>
Sat, 28 Dec 2019 10:19:41 +0000 (10:19 +0000)
Needed because buster doesn't support anything below TLS1.2, while
stretch defaults to something lower.

debian/changelog patch | blob | history
plugins/check_mqtt patch | blob | history

diff --git a/debian/changelog b/debian/changelog
index a86c3d3cb4ad0b70680f00f3d0deaef3ab942c37..f3753f9b9b80cbd84fbd413059a2df6d192c8cd2 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+nagios-plugins-local (0.21) unstable; urgency=medium
+
+  * Allow definition of TLS version for check_owntracks 
+    Needed because buster defaults to TLS1.2 only, while stretch tries weaker
+    versions and fails.
+
+ -- Michael Howe <michael@michaelhowe.org>  Sat, 28 Dec 2019 10:16:37 +0000
+
 nagios-plugins-local (0.20) unstable; urgency=medium
 
   * Add check_running_kernel (and overrides) until debbug#884328 is fixed 
diff --git a/plugins/check_mqtt b/plugins/check_mqtt
index 8063318c861048fd0ed2ff67455e6162845b5944..2141c6a0dc1954d9887fc1edded2585ae17b07a6 100755 (executable)
--- a/plugins/check_mqtt
+++ b/plugins/check_mqtt
@@ -98,6 +98,7 @@ parser.add_argument('-p', '--password', metavar="<password>", help="password", d
 parser.add_argument('-t', '--topic', metavar="<topic>", help="topic to use for the check (defaults to nagios/test)", dest='check_topic', default='nagios/test')
 parser.add_argument('-m', '--max-wait', metavar="<seconds>", help="maximum time to wait for the check (defaults to 4 seconds)", dest='max_wait', default=4, type=int)
 parser.add_argument('-C', '--ca-certificate', metavar="<ca_certificate>", help="path to CA certificate", dest='ca_path', default=None)
+parser.add_argument('-T', '--tls-version', metavar="<tls_version>", help="TLS version to use (integer, version of TLS 1)", dest='tls_version', default=None, type=int)
 args = parser.parse_args()
 
 userdata = {
@@ -112,7 +113,11 @@ mqttc.on_publish = on_publish
 mqttc.on_subscribe = on_subscribe
 
 if args.ca_path is not None:
-    mqttc.tls_set( args.ca_path )
+    if args.tls_version:
+        # this is an integer - eg 2 -> TLS1.2
+        mqttc.tls_set( args.ca_path, tls_version=args.tls_version )
+    else:
+        mqttc.tls_set( args.ca_path )
 
 #mqttc.tls_set('root.ca',
 #    cert_reqs=ssl.CERT_REQUIRED,