[Nagiosplug-devel] [ nagiosplug-Patches-1110374 ] Patch to check_http.c to enable SSL certificate verification

[SourceForge.net]

Patches item #1110374, was opened at 2005-01-27 01:48
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1110374&group_id=29880

Category: Enhancement
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Mark Rogers (bang)
Assigned to: Nobody/Anonymous (nobody)
Summary: Patch to check_http.c to enable SSL certificate verification

Initial Comment:
Here is my patch to check_http which will add two
options and allow
full SSL certificate verification checks with an option
lookup of a
local CA certificate or chain of certificates. While I
don't claim the
code is excellent or even pretty it's passed my tests.

And now for some examples of it in action :

$ ./check_http -S www.verisign.com --certverify
CRITICAL - Certificate error : self signed certificate
in certificate
chain

$ ./check_http -S localhost --certverify --CAfile
verisign_ca
CRITICAL - Certificate error : self signed certificate

$ ./check_http -S www.verisign.com --certverify
--CAfile verisign_ca
HTTP OK HTTP/1.1 200 OK - 34856 bytes in 1.474 seconds |
time=1.474487s;;;0.000000 size=34856B;;;0

$ ./check_http -S www.microsoft.com
HTTP OK HTTP/1.1 200 OK - 16239 bytes in 0.622 seconds |
time=0.621732s;;;0.000000 size=16239B;;;0

$ ./check_http -S www.thawte.com --certverify --CAfile
verisign_ca
HTTP OK HTTP/1.1 200 OK - 38069 bytes in 2.472 seconds |
time=2.472273s;;;0.000000 size=38069B;;;0

Note, openssl (/usr/share/ssl/cert.pem) doesn't contain
the updated
versign CA which is why my examples are using the
"--CAfile" option.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1110374&group_id=29880