From 3ef353761f784735a1e6aea28a0206679d6743c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= <bserie@evolix.fr>
Date: Mon, 22 Jan 2018 12:12:25 +0100
Subject: [PATCH] nagios-nrpe: Add --sni to check_https

Why? Because we want to use the right server name when checking.
And if you have a strict-sni enabled server you will have an error.
 CRITICAL - Cannot
make SSL connection.  139749570156288:error:14094458:SSL
routines:ssl3_read_bytes:tlsv1 unrecognized
name:../ssl/record/rec_layer_s3.c:1399:SSL alert number 112
---
 nagios-nrpe/templates/evolix.cfg.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2
index 468289b8..022d75f9 100644
--- a/nagios-nrpe/templates/evolix.cfg.j2
+++ b/nagios-nrpe/templates/evolix.cfg.j2
@@ -34,7 +34,7 @@ command[check_pop]=/usr/lib/nagios/plugins/check_pop -H localhost
 command[check_pops]=/usr/lib/nagios/plugins/check_pop -S -H localhost -p 995
 command[check_ftp]=/usr/lib/nagios/plugins/check_ftp -H localhost
 command[check_http]=/usr/lib/nagios/plugins/check_http -e 200 -I 127.0.0.1 -H localhost
-command[check_https]=/usr/lib/nagios/plugins/check_http -e 200 -I 127.0.0.1 -S -p 443 -H ssl.evolix.net
+command[check_https]=/usr/lib/nagios/plugins/check_http -e 200 -I 127.0.0.1 -S -p 443 --sni -H ssl.evolix.net
 command[check_bind]=/usr/lib/nagios/plugins/check_dig -l evolix.net -H localhost
 command[check_unbound]=/usr/lib/nagios/plugins/check_dig -l evolix.net -H localhost
 command[check_smb]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 445