summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Guyot-Sionnest <dermoth@aei.ca>2010-04-06 01:06:22 (GMT)
committerThomas Guyot-Sionnest <dermoth@aei.ca>2010-04-06 01:06:22 (GMT)
commitfe1c6106d9fb45e62b93443145f902a3449641aa (patch)
tree774a954575275e355254bc8c7c05ced673557aaa
parente5690e3ddaebdd98bfd96c2303453e4e0d7ed318 (diff)
downloadmonitoring-plugins-fe1c6106d9fb45e62b93443145f902a3449641aa.tar.gz
Fix regression in check_http ssl checks on some servers
The fix is making SNI an option.
Diffstat
-rw-r--r--NEWS1
-rw-r--r--plugins/check_http.c15
2 files changed, 13 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index e261abf..5305d44 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ This file documents the major additions and syntax changes between releases.
12 Fix memory leak in check_http for large pages (Jimmy Bergman - #2957455) 12 Fix memory leak in check_http for large pages (Jimmy Bergman - #2957455)
13 Fix compilation with GCC 2.96 (Konstantin Khomoutov - #2977105) 13 Fix compilation with GCC 2.96 (Konstantin Khomoutov - #2977105)
14 Fix regression introduced in #1867716 where partially valid performance strings would not be printed anymore 14 Fix regression introduced in #1867716 where partially valid performance strings would not be printed anymore
15 Fix regression in check_http ssl checks on some servers - make SNI an option
15 WARNINGS 16 WARNINGS
16 Updated developer documentation to say that performance labels should not have an equals sign or 17 Updated developer documentation to say that performance labels should not have an equals sign or
17 single quote in the label 18 single quote in the label
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5cdf144..536b400 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -112,6 +112,7 @@ int http_opt_headers_count = 0;
112int onredirect = STATE_OK; 112int onredirect = STATE_OK;
113int followsticky = STICKY_NONE; 113int followsticky = STICKY_NONE;
114int use_ssl = FALSE; 114int use_ssl = FALSE;
115int use_sni = FALSE;
115int verbose = FALSE; 116int verbose = FALSE;
116int sd; 117int sd;
117int min_page_len = 0; 118int min_page_len = 0;
@@ -178,7 +179,8 @@ process_arguments (int argc, char **argv)
178 char *p; 179 char *p;
179 180
180 enum { 181 enum {
181 INVERT_REGEX = CHAR_MAX + 1 182 INVERT_REGEX = CHAR_MAX + 1,
183 SNI_OPTION
182 }; 184 };
183 185
184 int option = 0; 186 int option = 0;
@@ -187,6 +189,7 @@ process_arguments (int argc, char **argv)
187 {"link", no_argument, 0, 'L'}, 189 {"link", no_argument, 0, 'L'},
188 {"nohtml", no_argument, 0, 'n'}, 190 {"nohtml", no_argument, 0, 'n'},
189 {"ssl", no_argument, 0, 'S'}, 191 {"ssl", no_argument, 0, 'S'},
192 {"sni", no_argument, 0, SNI_OPTION},
190 {"post", required_argument, 0, 'P'}, 193 {"post", required_argument, 0, 'P'},
191 {"method", required_argument, 0, 'j'}, 194 {"method", required_argument, 0, 'j'},
192 {"IP-address", required_argument, 0, 'I'}, 195 {"IP-address", required_argument, 0, 'I'},
@@ -304,6 +307,9 @@ process_arguments (int argc, char **argv)
304 if (specify_port == FALSE) 307 if (specify_port == FALSE)
305 server_port = HTTPS_PORT; 308 server_port = HTTPS_PORT;
306 break; 309 break;
310 case SNI_OPTION:
311 use_sni = TRUE;
312 break;
307 case 'f': /* onredirect */ 313 case 'f': /* onredirect */
308 if (!strcmp (optarg, "stickyport")) 314 if (!strcmp (optarg, "stickyport"))
309 onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; 315 onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
@@ -797,7 +803,7 @@ check_http (void)
797 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); 803 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
798#ifdef HAVE_SSL 804#ifdef HAVE_SSL
799 if (use_ssl == TRUE) { 805 if (use_ssl == TRUE) {
800 np_net_ssl_init_with_hostname(sd, host_name); 806 np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
801 if (check_cert == TRUE) { 807 if (check_cert == TRUE) {
802 result = np_net_ssl_check_cert(days_till_exp); 808 result = np_net_ssl_check_cert(days_till_exp);
803 np_net_ssl_cleanup(); 809 np_net_ssl_cleanup();
@@ -1323,6 +1329,8 @@ print_help (void)
1323#ifdef HAVE_SSL 1329#ifdef HAVE_SSL
1324 printf (" %s\n", "-S, --ssl"); 1330 printf (" %s\n", "-S, --ssl");
1325 printf (" %s\n", _("Connect via SSL. Port defaults to 443")); 1331 printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
1332 printf (" %s\n", "--sni");
1333 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1326 printf (" %s\n", "-C, --certificate=INTEGER"); 1334 printf (" %s\n", "-C, --certificate=INTEGER");
1327 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); 1335 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
1328 printf (" %s\n", _("(when this option is used the URL is not checked.)\n")); 1336 printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
@@ -1427,5 +1435,6 @@ print_usage (void)
1427 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); 1435 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
1428 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); 1436 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
1429 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); 1437 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
1430 printf (" [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n"); 1438 printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
1439 printf (" [-j method]\n");
1431} 1440}