diff options
| author | Andreas Baumann <202930+andreasbaumann@users.noreply.github.com> | 2022-04-10 16:03:53 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-10 16:03:53 (GMT) |
| commit | 2430d54084583ec8459b6701dcf01397c2711d90 (patch) | |
| tree | 8cae1e242ef1d413edbfa2cacd1ad8f9be6a34f0 | |
| parent | 066b6e68242b5e7a6f1eb665df9b227d896aec66 (diff) | |
| parent | a96bdd7349926f2f18aba07db02c5ed472f4caf6 (diff) | |
| download | monitoring-plugins-2430d54.tar.gz | |
Merge pull request #1762 from monitoring-plugins/continue_after_certificate
check_http/checkcurl: added --continue-after-certificate (backport from nagios-plugins)
| -rw-r--r-- | plugins/check_curl.c | 26 | ||||
| -rw-r--r-- | plugins/check_http.c | 24 |
2 files changed, 41 insertions, 9 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 7da84de..a69854a 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
| @@ -193,6 +193,7 @@ int followsticky = STICKY_NONE; | |||
| 193 | int use_ssl = FALSE; | 193 | int use_ssl = FALSE; |
| 194 | int use_sni = TRUE; | 194 | int use_sni = TRUE; |
| 195 | int check_cert = FALSE; | 195 | int check_cert = FALSE; |
| 196 | int continue_after_check_cert = FALSE; | ||
| 196 | typedef union { | 197 | typedef union { |
| 197 | struct curl_slist* to_info; | 198 | struct curl_slist* to_info; |
| 198 | struct curl_certinfo* to_certinfo; | 199 | struct curl_certinfo* to_certinfo; |
| @@ -754,7 +755,9 @@ check_http (void) | |||
| 754 | * and we actually have OpenSSL in the monitoring tools | 755 | * and we actually have OpenSSL in the monitoring tools |
| 755 | */ | 756 | */ |
| 756 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | 757 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); |
| 757 | return result; | 758 | if (continue_after_check_cert == FALSE) { |
| 759 | return result; | ||
| 760 | } | ||
| 758 | #else /* USE_OPENSSL */ | 761 | #else /* USE_OPENSSL */ |
| 759 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); | 762 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); |
| 760 | #endif /* USE_OPENSSL */ | 763 | #endif /* USE_OPENSSL */ |
| @@ -794,13 +797,17 @@ GOT_FIRST_CERT: | |||
| 794 | } | 797 | } |
| 795 | BIO_free (cert_BIO); | 798 | BIO_free (cert_BIO); |
| 796 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | 799 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); |
| 797 | return result; | 800 | if (continue_after_check_cert == FALSE) { |
| 801 | return result; | ||
| 802 | } | ||
| 798 | #else /* USE_OPENSSL */ | 803 | #else /* USE_OPENSSL */ |
| 799 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, | 804 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, |
| 800 | * so we use the libcurl CURLINFO data | 805 | * so we use the libcurl CURLINFO data |
| 801 | */ | 806 | */ |
| 802 | result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); | 807 | result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); |
| 803 | return result; | 808 | if (continue_after_check_cert == FALSE) { |
| 809 | return result; | ||
| 810 | } | ||
| 804 | #endif /* USE_OPENSSL */ | 811 | #endif /* USE_OPENSSL */ |
| 805 | } else { | 812 | } else { |
| 806 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), | 813 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), |
| @@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv) | |||
| 1211 | INVERT_REGEX = CHAR_MAX + 1, | 1218 | INVERT_REGEX = CHAR_MAX + 1, |
| 1212 | SNI_OPTION, | 1219 | SNI_OPTION, |
| 1213 | MAX_REDIRS_OPTION, | 1220 | MAX_REDIRS_OPTION, |
| 1221 | CONTINUE_AFTER_CHECK_CERT, | ||
| 1214 | CA_CERT_OPTION, | 1222 | CA_CERT_OPTION, |
| 1215 | HTTP_VERSION_OPTION, | 1223 | HTTP_VERSION_OPTION, |
| 1216 | AUTOMATIC_DECOMPRESSION | 1224 | AUTOMATIC_DECOMPRESSION |
| @@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv) | |||
| 1244 | {"private-key", required_argument, 0, 'K'}, | 1252 | {"private-key", required_argument, 0, 'K'}, |
| 1245 | {"ca-cert", required_argument, 0, CA_CERT_OPTION}, | 1253 | {"ca-cert", required_argument, 0, CA_CERT_OPTION}, |
| 1246 | {"verify-cert", no_argument, 0, 'D'}, | 1254 | {"verify-cert", no_argument, 0, 'D'}, |
| 1255 | {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, | ||
| 1247 | {"useragent", required_argument, 0, 'A'}, | 1256 | {"useragent", required_argument, 0, 'A'}, |
| 1248 | {"header", required_argument, 0, 'k'}, | 1257 | {"header", required_argument, 0, 'k'}, |
| 1249 | {"no-body", no_argument, 0, 'N'}, | 1258 | {"no-body", no_argument, 0, 'N'}, |
| @@ -1403,6 +1412,11 @@ process_arguments (int argc, char **argv) | |||
| 1403 | check_cert = TRUE; | 1412 | check_cert = TRUE; |
| 1404 | goto enable_ssl; | 1413 | goto enable_ssl; |
| 1405 | #endif | 1414 | #endif |
| 1415 | case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ | ||
| 1416 | #ifdef HAVE_SSL | ||
| 1417 | continue_after_check_cert = TRUE; | ||
| 1418 | break; | ||
| 1419 | #endif | ||
| 1406 | case 'J': /* use client certificate */ | 1420 | case 'J': /* use client certificate */ |
| 1407 | #ifdef LIBCURL_FEATURE_SSL | 1421 | #ifdef LIBCURL_FEATURE_SSL |
| 1408 | test_file(optarg); | 1422 | test_file(optarg); |
| @@ -1800,7 +1814,11 @@ print_help (void) | |||
| 1800 | #endif | 1814 | #endif |
| 1801 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); | 1815 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); |
| 1802 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); | 1816 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); |
| 1803 | printf (" %s\n", _("(when this option is used the URL is not checked.)")); | 1817 | printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); |
| 1818 | printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); | ||
| 1819 | printf (" %s\n", "--continue-after-certificate"); | ||
| 1820 | printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); | ||
| 1821 | printf (" %s\n", _("Does nothing unless -C is used.")); | ||
| 1804 | printf (" %s\n", "-J, --client-cert=FILE"); | 1822 | printf (" %s\n", "-J, --client-cert=FILE"); |
| 1805 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); | 1823 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); |
| 1806 | printf (" %s\n", _("to be used in establishing the SSL session")); | 1824 | printf (" %s\n", _("to be used in establishing the SSL session")); |
diff --git a/plugins/check_http.c b/plugins/check_http.c index df2a79c..f8ec853 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
| @@ -58,6 +58,7 @@ enum { | |||
| 58 | 58 | ||
| 59 | #ifdef HAVE_SSL | 59 | #ifdef HAVE_SSL |
| 60 | int check_cert = FALSE; | 60 | int check_cert = FALSE; |
| 61 | int continue_after_check_cert = FALSE; | ||
| 61 | int ssl_version = 0; | 62 | int ssl_version = 0; |
| 62 | int days_till_exp_warn, days_till_exp_crit; | 63 | int days_till_exp_warn, days_till_exp_crit; |
| 63 | char *randbuff; | 64 | char *randbuff; |
| @@ -205,7 +206,8 @@ process_arguments (int argc, char **argv) | |||
| 205 | enum { | 206 | enum { |
| 206 | INVERT_REGEX = CHAR_MAX + 1, | 207 | INVERT_REGEX = CHAR_MAX + 1, |
| 207 | SNI_OPTION, | 208 | SNI_OPTION, |
| 208 | MAX_REDIRS_OPTION | 209 | MAX_REDIRS_OPTION, |
| 210 | CONTINUE_AFTER_CHECK_CERT | ||
| 209 | }; | 211 | }; |
| 210 | 212 | ||
| 211 | int option = 0; | 213 | int option = 0; |
| @@ -233,6 +235,7 @@ process_arguments (int argc, char **argv) | |||
| 233 | {"certificate", required_argument, 0, 'C'}, | 235 | {"certificate", required_argument, 0, 'C'}, |
| 234 | {"client-cert", required_argument, 0, 'J'}, | 236 | {"client-cert", required_argument, 0, 'J'}, |
| 235 | {"private-key", required_argument, 0, 'K'}, | 237 | {"private-key", required_argument, 0, 'K'}, |
| 238 | {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, | ||
| 236 | {"useragent", required_argument, 0, 'A'}, | 239 | {"useragent", required_argument, 0, 'A'}, |
| 237 | {"header", required_argument, 0, 'k'}, | 240 | {"header", required_argument, 0, 'k'}, |
| 238 | {"no-body", no_argument, 0, 'N'}, | 241 | {"no-body", no_argument, 0, 'N'}, |
| @@ -332,6 +335,11 @@ process_arguments (int argc, char **argv) | |||
| 332 | check_cert = TRUE; | 335 | check_cert = TRUE; |
| 333 | goto enable_ssl; | 336 | goto enable_ssl; |
| 334 | #endif | 337 | #endif |
| 338 | case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ | ||
| 339 | #ifdef HAVE_SSL | ||
| 340 | continue_after_check_cert = TRUE; | ||
| 341 | break; | ||
| 342 | #endif | ||
| 335 | case 'J': /* use client certificate */ | 343 | case 'J': /* use client certificate */ |
| 336 | #ifdef HAVE_SSL | 344 | #ifdef HAVE_SSL |
| 337 | test_file(optarg); | 345 | test_file(optarg); |
| @@ -981,9 +989,11 @@ check_http (void) | |||
| 981 | elapsed_time_ssl = (double)microsec_ssl / 1.0e6; | 989 | elapsed_time_ssl = (double)microsec_ssl / 1.0e6; |
| 982 | if (check_cert == TRUE) { | 990 | if (check_cert == TRUE) { |
| 983 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | 991 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
| 984 | if (sd) close(sd); | 992 | if (continue_after_check_cert == FALSE) { |
| 985 | np_net_ssl_cleanup(); | 993 | if (sd) close(sd); |
| 986 | return result; | 994 | np_net_ssl_cleanup(); |
| 995 | return result; | ||
| 996 | } | ||
| 987 | } | 997 | } |
| 988 | } | 998 | } |
| 989 | #endif /* HAVE_SSL */ | 999 | #endif /* HAVE_SSL */ |
| @@ -1608,7 +1618,11 @@ print_help (void) | |||
| 1608 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | 1618 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); |
| 1609 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); | 1619 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); |
| 1610 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); | 1620 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); |
| 1611 | printf (" %s\n", _("(when this option is used the URL is not checked.)")); | 1621 | printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); |
| 1622 | printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); | ||
| 1623 | printf (" %s\n", "--continue-after-certificate"); | ||
| 1624 | printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); | ||
| 1625 | printf (" %s\n", _("Does nothing unless -C is used.")); | ||
| 1612 | printf (" %s\n", "-J, --client-cert=FILE"); | 1626 | printf (" %s\n", "-J, --client-cert=FILE"); |
| 1613 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); | 1627 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); |
| 1614 | printf (" %s\n", _("to be used in establishing the SSL session")); | 1628 | printf (" %s\n", _("to be used in establishing the SSL session")); |