From f6ea58d5f570580382b006fef155a07d42f2ef04 Mon Sep 17 00:00:00 2001
From: Thomas Heidrich <thomas.heidrich@gnuheidix.de>
Date: Wed, 28 Oct 2020 19:46:59 +0100
Subject: [PATCH] avoid blocking in ssl_

Just in case there is a firewall dropping packages, this plugin
would block until the plugin timeout is reached. This change introduces
the possibility to configure a much lower individual timeout.
---
 plugins/ssl/ssl_ | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 plugins/ssl/ssl_

diff --git a/plugins/ssl/ssl_ b/plugins/ssl/ssl_
old mode 100755
new mode 100644
index 5c1c4fcc..dca8bcb6
--- a/plugins/ssl/ssl_
+++ b/plugins/ssl/ssl_
@@ -15,6 +15,7 @@ To set warning and critical levels do like this:
 
   [ssl_*]
       env.warning 30:
+      env.max_time 5
 
 =head1 AUTHOR
 
@@ -79,7 +80,7 @@ case $1 in
         ;;
 esac
 
-cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:${PORT}" 2>/dev/null);
+cert=$(timeout "${max_time:-5}" openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:${PORT}" 2>/dev/null < /dev/null);
 
 days_left=$(echo "$cert" | parse_valid_days_from_certificate)
 [ -n "$days_left" ] || days_left="U"