ID: 8649
Title: cmk-update-agent: Prevent using proxy for HTTP calls
Component: agents
Level: 1
Class: Bug fix
Version: 1.4.0b1
On systems where <tt>curl</tt> is installed, the agent updater
is using this command to communicate with it's update server.
By default curl is using proxies configured via environment
variables http_proxy, https_proxy, etc.. Since the update server
is usually an internal host which is directly reachable and not
via proxy, we suppress the use of a proxy with the curl
--noproxy option.
ID: 8653
Title: Fix output of log verbosity in mknotifyd.log
Component: Notifications
Level: 1
Class: Bug fix
Version: 1.4.0i3
The logfile always told <tt>Log verbosity 0</tt>, regardless of the
actual setting. This was because the message was output before the
actual log file has been read. This is fixed now.
ID: 8646
Title: cmk-update-agent: Added -V / --version to output the version of the plugin
Component: agents
Level: 1
Class: New feature
Version: 1.4.0i3
ID: 8647
Title: cmk-update-agent: Fixed certificate verification issues in case openssl tools are not available
Component: agents
Level: 1
Class: Bug fix
Version: 1.4.0i3
When communicating via HTTPS with the update server, the cmk-update-agent script needs to verify
the certificates of the server. The allowed certificates are stored at <tt>/var/lib/check_mk_agent/cas</tt>.
In this directory there need to be the certificates (.pem files) and symlinks named with the "subject hashes"
of the certificates. In previous versions these symlinks were created by the <tt>c_rehash</tt> command
which is not available on all plaftforms.
We have changed that now to use the python OpenSSL bindings (if available) and fallback to the c_rehash
command only in case they are not available.