Fractional days in peformance data

[Jon1760]

I greatly appreciate being able to now use fractional days in --critical and --warning. I was wondering, however, if it might not make sense, particularly if a fractional value was used for one or both, to report the current lifespan of the certificate in the performance data as a fractional value. For example, running against an internal CA (internal--so name obscured a bit) which believes in having 1-day certificates for its own HTTPS interface, I get the odd effect of:

OMD[corp1760]:~/local/lib/nagios/plugins$ ./check_ssl_cert --host ca.example.com --port 443 --ignore-sct --critical 0.1 --warning 0.2 --require-no-ssl2 --require-no-ssl3 --require-no-tls1 --rootcert /etc/ssl/certs/ca-certificates.crt
SSL_CERT OK - x509 certificate 'Step Online CA' (ca.example.com) from 'Example step-ca Intermediate g1' valid until Jan 12 08:11:12 2022 GMT (expires today)|days_chain_elem1=0;0.2;0.1;; days_chain_elem2=3530;0.2;0.1;;

Given that there is >0.2 days left before expiration, the status is properly given as OK, but in the performance data the remaining lifespan is rounded down to 0, leading to my graphs, in Check_MK, being somewhat useless, not to mention the rather confusing matter of things being OK despite the reported value being below the alarm levels.

Thanks for considering this!

[matteocorti]

Makes sense. I created an issue (#348) and I will take a look

[matteocorti]

Is there a certificate that I could use for testing? I would like to see how OpenSSL reacts ...

[matteocorti]

I just released version 2.18.0 which would solve your issue.

If the specified critical or warning limits are integers nothing changes, if fractional numbers are specified the output will also be fractional.

The behaviour can be forced with the new command line option --precision which specifies the precision to be used by bc

[Jon1760]

Thank you; I've been running it for a while and it works very nicely with really short lived certs.

[matteocorti]

Happy to hear that is working!