summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>2025-09-10 12:06:48 +0200
committerLorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>2025-09-10 12:06:48 +0200
commit2c81d1257bd2cccb57c2e9f02fbfc42c70323217 (patch)
tree5fd8172c7200c69605e284e8dcdadacd431af80c
parent669441d16c454974622d5d4d1e3aefac5428a26a (diff)
downloadmonitoring-plugins-2c81d1257bd2cccb57c2e9f02fbfc42c70323217.tar.gz
check_curl: remove goto logic
Diffstat
-rw-r--r--plugins/check_curl.c260
1 files changed, 138 insertions, 122 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index ba38854a..897ca9e1 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -1628,6 +1628,8 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1628 char *critical_thresholds = NULL; 1628 char *critical_thresholds = NULL;
1629 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE; 1629 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
1630 bool specify_port = false; 1630 bool specify_port = false;
1631 bool enable_tls = false;
1632 char *tls_option_optarg = NULL;
1631 1633
1632 while (true) { 1634 while (true) {
1633 int option_index = getopt_long( 1635 int option_index = getopt_long(
@@ -1748,152 +1750,82 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1748 result.config.display_html = false; 1750 result.config.display_html = false;
1749 break; 1751 break;
1750 case 'C': /* Check SSL cert validity */ 1752 case 'C': /* Check SSL cert validity */
1751#ifdef LIBCURL_FEATURE_SSL 1753#ifndef LIBCURL_FEATURE_SSL
1752 char *temp; 1754 usage4(_("Invalid option - SSL is not available"));
1753 if ((temp = strchr(optarg, ',')) != NULL) { 1755#endif
1754 *temp = '\0'; 1756 {
1755 if (!is_intnonneg(optarg)) { 1757 char *temp;
1756 usage2(_("Invalid certificate expiration period"), optarg); 1758 if ((temp = strchr(optarg, ',')) != NULL) {
1757 } 1759 *temp = '\0';
1758 result.config.days_till_exp_warn = atoi(optarg); 1760 if (!is_intnonneg(optarg)) {
1759 *temp = ','; 1761 usage2(_("Invalid certificate expiration period"), optarg);
1760 temp++; 1762 }
1761 if (!is_intnonneg(temp)) { 1763 result.config.days_till_exp_warn = atoi(optarg);
1762 usage2(_("Invalid certificate expiration period"), temp); 1764 *temp = ',';
1763 } 1765 temp++;
1764 result.config.days_till_exp_crit = atoi(temp); 1766 if (!is_intnonneg(temp)) {
1765 } else { 1767 usage2(_("Invalid certificate expiration period"), temp);
1766 result.config.days_till_exp_crit = 0; 1768 }
1767 if (!is_intnonneg(optarg)) { 1769 result.config.days_till_exp_crit = atoi(temp);
1768 usage2(_("Invalid certificate expiration period"), optarg); 1770 } else {
1771 result.config.days_till_exp_crit = 0;
1772 if (!is_intnonneg(optarg)) {
1773 usage2(_("Invalid certificate expiration period"), optarg);
1774 }
1775 result.config.days_till_exp_warn = atoi(optarg);
1769 } 1776 }
1770 result.config.days_till_exp_warn = atoi(optarg); 1777 result.config.check_cert = true;
1778 enable_tls = true;
1771 } 1779 }
1772 result.config.check_cert = true; 1780 break;
1773 goto enable_ssl;
1774#endif
1775 case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ 1781 case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
1776#ifdef HAVE_SSL 1782#ifdef HAVE_SSL
1777 result.config.continue_after_check_cert = true; 1783 result.config.continue_after_check_cert = true;
1778 break; 1784 break;
1779#endif 1785#endif
1780 case 'J': /* use client certificate */ 1786 case 'J': /* use client certificate */
1781#ifdef LIBCURL_FEATURE_SSL 1787#ifndef LIBCURL_FEATURE_SSL
1788 usage4(_("Invalid option - SSL is not available"));
1789#endif
1782 test_file(optarg); 1790 test_file(optarg);
1783 result.config.client_cert = optarg; 1791 result.config.client_cert = optarg;
1784 goto enable_ssl; 1792 enable_tls = true;
1785#endif 1793 break;
1786 case 'K': /* use client private key */ 1794 case 'K': /* use client private key */
1787#ifdef LIBCURL_FEATURE_SSL 1795#ifndef LIBCURL_FEATURE_SSL
1796 usage4(_("Invalid option - SSL is not available"));
1797#endif
1788 test_file(optarg); 1798 test_file(optarg);
1789 result.config.client_privkey = optarg; 1799 result.config.client_privkey = optarg;
1790 goto enable_ssl; 1800 enable_tls = true;
1791#endif 1801 break;
1792#ifdef LIBCURL_FEATURE_SSL
1793 case CA_CERT_OPTION: /* use CA chain file */ 1802 case CA_CERT_OPTION: /* use CA chain file */
1803#ifndef LIBCURL_FEATURE_SSL
1804 usage4(_("Invalid option - SSL is not available"));
1805#endif
1794 test_file(optarg); 1806 test_file(optarg);
1795 result.config.ca_cert = optarg; 1807 result.config.ca_cert = optarg;
1796 goto enable_ssl; 1808 enable_tls = true;
1797#endif 1809 break;
1798#ifdef LIBCURL_FEATURE_SSL
1799 case 'D': /* verify peer certificate & host */ 1810 case 'D': /* verify peer certificate & host */
1811#ifndef LIBCURL_FEATURE_SSL
1812 usage4(_("Invalid option - SSL is not available"));
1813#endif
1800 result.config.verify_peer_and_host = true; 1814 result.config.verify_peer_and_host = true;
1815 enable_tls = true;
1801 break; 1816 break;
1802#endif
1803 case 'S': /* use SSL */ 1817 case 'S': /* use SSL */
1804#ifdef LIBCURL_FEATURE_SSL 1818 tls_option_optarg = optarg;
1805 { 1819 enable_tls = true;
1806 enable_ssl: 1820#ifndef LIBCURL_FEATURE_SSL
1807 bool got_plus = false;
1808 result.config.initial_config.use_ssl = true;
1809 /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
1810 * Only set if it's non-zero. This helps when we include multiple
1811 * parameters, like -S and -C combinations */
1812 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1813 if (option_index == 'S' && optarg != NULL) {
1814 char *plus_ptr = strchr(optarg, '+');
1815 if (plus_ptr) {
1816 got_plus = true;
1817 *plus_ptr = '\0';
1818 }
1819
1820 if (optarg[0] == '2') {
1821 result.config.ssl_version = CURL_SSLVERSION_SSLv2;
1822 } else if (optarg[0] == '3') {
1823 result.config.ssl_version = CURL_SSLVERSION_SSLv3;
1824 } else if (!strcmp(optarg, "1") || !strcmp(optarg, "1.0")) {
1825# if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1826 result.config.ssl_version = CURL_SSLVERSION_TLSv1_0;
1827# else
1828 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1829# endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1830 } else if (!strcmp(optarg, "1.1")) {
1831# if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1832 result.config.ssl_version = CURL_SSLVERSION_TLSv1_1;
1833# else
1834 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1835# endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1836 } else if (!strcmp(optarg, "1.2")) {
1837# if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1838 result.config.ssl_version = CURL_SSLVERSION_TLSv1_2;
1839# else
1840 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1841# endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1842 } else if (!strcmp(optarg, "1.3")) {
1843# if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
1844 result.config.ssl_version = CURL_SSLVERSION_TLSv1_3;
1845# else
1846 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1847# endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
1848 } else {
1849 usage4(_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 "
1850 "(with optional '+' suffix)"));
1851 }
1852 }
1853# if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
1854 if (got_plus) {
1855 switch (result.config.ssl_version) {
1856 case CURL_SSLVERSION_TLSv1_3:
1857 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
1858 break;
1859 case CURL_SSLVERSION_TLSv1_2:
1860 case CURL_SSLVERSION_TLSv1_1:
1861 case CURL_SSLVERSION_TLSv1_0:
1862 result.config.ssl_version |= CURL_SSLVERSION_MAX_DEFAULT;
1863 break;
1864 }
1865 } else {
1866 switch (result.config.ssl_version) {
1867 case CURL_SSLVERSION_TLSv1_3:
1868 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
1869 break;
1870 case CURL_SSLVERSION_TLSv1_2:
1871 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2;
1872 break;
1873 case CURL_SSLVERSION_TLSv1_1:
1874 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1;
1875 break;
1876 case CURL_SSLVERSION_TLSv1_0:
1877 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0;
1878 break;
1879 }
1880 }
1881# endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
1882 if (verbose >= 2) {
1883 printf(_("* Set SSL/TLS version to %d\n"), result.config.ssl_version);
1884 }
1885 if (!specify_port) {
1886 result.config.initial_config.serverPort = HTTPS_PORT;
1887 }
1888 } break;
1889#else /* LIBCURL_FEATURE_SSL */
1890 /* -C -J and -K fall through to here without SSL */
1891 usage4(_("Invalid option - SSL is not available")); 1821 usage4(_("Invalid option - SSL is not available"));
1822#endif
1892 break; 1823 break;
1893 case SNI_OPTION: /* --sni is parsed, but ignored, the default is true with libcurl */ 1824 case SNI_OPTION: /* --sni is parsed, but ignored, the default is true with libcurl */
1894 use_sni = true; 1825#ifndef LIBCURL_FEATURE_SSL
1895 break; 1826 usage4(_("Invalid option - SSL is not available"));
1896#endif /* LIBCURL_FEATURE_SSL */ 1827#endif /* LIBCURL_FEATURE_SSL */
1828 break;
1897 case MAX_REDIRS_OPTION: 1829 case MAX_REDIRS_OPTION:
1898 if (!is_intnonneg(optarg)) { 1830 if (!is_intnonneg(optarg)) {
1899 usage2(_("Invalid max_redirs count"), optarg); 1831 usage2(_("Invalid max_redirs count"), optarg);
@@ -2080,6 +2012,90 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
2080 } 2012 }
2081 } 2013 }
2082 2014
2015 if (enable_tls) {
2016 bool got_plus = false;
2017 result.config.initial_config.use_ssl = true;
2018 /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
2019 * Only set if it's non-zero. This helps when we include multiple
2020 * parameters, like -S and -C combinations */
2021 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
2022 if (tls_option_optarg != NULL) {
2023 char *plus_ptr = strchr(optarg, '+');
2024 if (plus_ptr) {
2025 got_plus = true;
2026 *plus_ptr = '\0';
2027 }
2028
2029 if (optarg[0] == '2') {
2030 result.config.ssl_version = CURL_SSLVERSION_SSLv2;
2031 } else if (optarg[0] == '3') {
2032 result.config.ssl_version = CURL_SSLVERSION_SSLv3;
2033 } else if (!strcmp(optarg, "1") || !strcmp(optarg, "1.0")) {
2034#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
2035 result.config.ssl_version = CURL_SSLVERSION_TLSv1_0;
2036#else
2037 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
2038#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
2039 } else if (!strcmp(optarg, "1.1")) {
2040#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
2041 result.config.ssl_version = CURL_SSLVERSION_TLSv1_1;
2042#else
2043 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
2044#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
2045 } else if (!strcmp(optarg, "1.2")) {
2046#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
2047 result.config.ssl_version = CURL_SSLVERSION_TLSv1_2;
2048#else
2049 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
2050#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
2051 } else if (!strcmp(optarg, "1.3")) {
2052#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
2053 result.config.ssl_version = CURL_SSLVERSION_TLSv1_3;
2054#else
2055 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
2056#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
2057 } else {
2058 usage4(_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 "
2059 "(with optional '+' suffix)"));
2060 }
2061 }
2062#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
2063 if (got_plus) {
2064 switch (result.config.ssl_version) {
2065 case CURL_SSLVERSION_TLSv1_3:
2066 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
2067 break;
2068 case CURL_SSLVERSION_TLSv1_2:
2069 case CURL_SSLVERSION_TLSv1_1:
2070 case CURL_SSLVERSION_TLSv1_0:
2071 result.config.ssl_version |= CURL_SSLVERSION_MAX_DEFAULT;
2072 break;
2073 }
2074 } else {
2075 switch (result.config.ssl_version) {
2076 case CURL_SSLVERSION_TLSv1_3:
2077 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
2078 break;
2079 case CURL_SSLVERSION_TLSv1_2:
2080 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2;
2081 break;
2082 case CURL_SSLVERSION_TLSv1_1:
2083 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1;
2084 break;
2085 case CURL_SSLVERSION_TLSv1_0:
2086 result.config.ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0;
2087 break;
2088 }
2089 }
2090#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
2091 if (verbose >= 2) {
2092 printf(_("* Set SSL/TLS version to %d\n"), result.config.ssl_version);
2093 }
2094 if (!specify_port) {
2095 result.config.initial_config.serverPort = HTTPS_PORT;
2096 }
2097 }
2098
2083 int option_counter = optind; 2099 int option_counter = optind;
2084 2100
2085 if (result.config.initial_config.server_address == NULL && option_counter < argc) { 2101 if (result.config.initial_config.server_address == NULL && option_counter < argc) {