From d796c16327e6e315dd528f17e8bd597c5f506730 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Fri, 24 Feb 2012 13:24:56 +0100 Subject: Clarify that check_http won't verify certificates Add a note to the --help output which clarifies that check_http doesn't perform certificate verification (beyond what the "-C" option does). (Suggested by Michael Renner in Debian bug report #644627, forwarded by Jan Wagner.) --- plugins/check_http.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins') diff --git a/plugins/check_http.c b/plugins/check_http.c index 433c28e3..3175f6cb 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -1400,6 +1400,10 @@ print_help (void) printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 ")); printf (" %s\n", _("certificate is still valid for the specified number of days.")); printf ("\n"); + printf (" %s\n", _("Please note that this plugin does not check if the presented server")); + printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate")); + printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs.")); + printf ("\n"); printf ("%s\n", _("Examples:")); printf (" %s\n\n", "CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com"); printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,")); -- cgit v1.2.3