[Nagiosplug-devel] Patch to check_http.c to enable SSL certificate verification.

[Naoki]

Hi all,

	Here is my patch to check_http which will add two options and allow
full SSL certificate verification checks with an option lookup of a
local CA certificate or chain of certificates. While I don't claim the
code is excellent or even pretty it's passed my tests.

And now for some examples of it in action :

$ ./check_http -S www.verisign.com --certverify
CRITICAL - Certificate error : self signed certificate in certificate
chain

$ ./check_http -S localhost --certverify --CAfile verisign_ca
CRITICAL - Certificate error : self signed certificate

$ ./check_http -S www.verisign.com --certverify --CAfile verisign_ca
HTTP OK HTTP/1.1 200 OK - 34856 bytes in 1.474 seconds |
time=1.474487s;;;0.000000 size=34856B;;;0

$ ./check_http -S www.microsoft.com
HTTP OK HTTP/1.1 200 OK - 16239 bytes in 0.622 seconds |
time=0.621732s;;;0.000000 size=16239B;;;0

$ ./check_http -S www.thawte.com --certverify --CAfile verisign_ca
HTTP OK HTTP/1.1 200 OK - 38069 bytes in 2.472 seconds |
time=2.472273s;;;0.000000 size=38069B;;;0

Note, openssl (/usr/share/ssl/cert.pem) doesn't contain the updated
versign CA which is why my examples are using the "--CAfile" option.

Diff is attached. If there is any cleanup work required to have it
merged or if I need to submit in a different manner please let me know.

Cheers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check_http.c.diff
Type: text/x-patch
Size: 3951 bytes
Desc: not available
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20050125/1666ddd5/attachment.bin>