From: Michael Howe Date: Sat, 28 Dec 2019 10:19:41 +0000 (+0000) Subject: Add support for defining the TLS version for check_mqtt X-Git-Tag: 0.23~6 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=7ffc5d921c901e8b94216e93a5b8a8110fcd54b8;p=packages%2Fn%2Fnagios-plugins-local.git Add support for defining the TLS version for check_mqtt Needed because buster doesn't support anything below TLS1.2, while stretch defaults to something lower. --- diff --git a/debian/changelog b/debian/changelog index a86c3d3..f3753f9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +nagios-plugins-local (0.21) unstable; urgency=medium + + * Allow definition of TLS version for check_owntracks + Needed because buster defaults to TLS1.2 only, while stretch tries weaker + versions and fails. + + -- Michael Howe Sat, 28 Dec 2019 10:16:37 +0000 + nagios-plugins-local (0.20) unstable; urgency=medium * Add check_running_kernel (and overrides) until debbug#884328 is fixed diff --git a/plugins/check_mqtt b/plugins/check_mqtt index 8063318..2141c6a 100755 --- a/plugins/check_mqtt +++ b/plugins/check_mqtt @@ -98,6 +98,7 @@ parser.add_argument('-p', '--password', metavar="", help="password", d parser.add_argument('-t', '--topic', metavar="", help="topic to use for the check (defaults to nagios/test)", dest='check_topic', default='nagios/test') parser.add_argument('-m', '--max-wait', metavar="", help="maximum time to wait for the check (defaults to 4 seconds)", dest='max_wait', default=4, type=int) parser.add_argument('-C', '--ca-certificate', metavar="", help="path to CA certificate", dest='ca_path', default=None) +parser.add_argument('-T', '--tls-version', metavar="", help="TLS version to use (integer, version of TLS 1)", dest='tls_version', default=None, type=int) args = parser.parse_args() userdata = { @@ -112,7 +113,11 @@ mqttc.on_publish = on_publish mqttc.on_subscribe = on_subscribe if args.ca_path is not None: - mqttc.tls_set( args.ca_path ) + if args.tls_version: + # this is an integer - eg 2 -> TLS1.2 + mqttc.tls_set( args.ca_path, tls_version=args.tls_version ) + else: + mqttc.tls_set( args.ca_path ) #mqttc.tls_set('root.ca', # cert_reqs=ssl.CERT_REQUIRED,