This repository has been archived by the owner on Apr 19, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathdane-command.conf
50 lines (48 loc) · 1.74 KB
/
dane-command.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
object CheckCommand "dane" {
import "plugin-check-command"
command = [ PluginDir + "/check_dane" ]
arguments = {
"--host" = {
value = "$dane_host$"
required = true
description = "Hostname to check"
}
"--port" = {
value = "$dane_port$"
required = true
description = "TCP port to check"
}
"--connect-host" = {
value = "$dane_connect_host$"
description = "Connect to this host instead of $dane_host$"
}
"--connect-port" = {
value = "$dane_connect_port$"
description = "Connect to this host instead of $dane_port$"
}
"--starttls" = {
value = "$dane_starttls$"
description = "Send the protocol-specific messages to enable TLS. Possible values: smtp, imap, xmpp, quassel"
}
"--check-pkix" = {
set_if = "$dane_check_pkix$"
description = "Additionally perform traditional checks on the certificate (ca trust path, hostname, expiry)."
}
"--nameserver" = {
value = "$dane_nameserver$"
description = "Use a custom nameserver."
}
"--min-days-valid" = {
value = "$dane_min_days_valid$"
description = "Minimum number of days a certificate has to be valid. Format: INTEGER[,INTEGER]. 1st is #days for warning, 2nd is critical."
}
"--timeout" = {
value = "$dane_timeout$"
description = "Network timeout in sec. Default: 10"
}
"--no-dnssec" = {
set_if = "$dane_no_dnssec$"
description = "Continue even when DNS replies aren't DNSSEC authenticated."
}
}
}