diff options
| author | Yannick Martin <yannick.martin@ovhcloud.com> | 2024-08-09 12:14:28 +0200 |
|---|---|---|
| committer | Sven Nierlein <sven@nierlein.org> | 2024-08-11 22:18:28 +0200 |
| commit | 78ce3144e38791a8ea2ee5832a91b24d743dccd3 (patch) | |
| tree | 0479a51335dce4af2bbc013e9a767f3e437984e8 | |
| parent | acbfbf3de614f03ea5f9d3942558f1661fc202a4 (diff) | |
| download | monitoring-plugins-78ce314.tar.gz | |
check_curl: raise SSL issue when --continue-after-certificate is used
This change aims to raise the worst status between the SSL check and the HTTP check.
before:
check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $?
CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000).
HTTP OK: HTTP/2 200 - 22807 bytes in 0.076 second response time |time=0.075516s;;;0.000000;10.000000 size=22807B;;;0;
0
after:
/usr/lib/nagios/ovh/check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $?
CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000).
HTTP OK: HTTP/2 200 - 22840 bytes in 0.090 second response time |time=0.090463s;;;0.000000;10.000000 size=22840B;;;0;
2
| -rw-r--r-- | plugins/check_curl.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 01e2770e..4522e6c9 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
| @@ -468,6 +468,7 @@ int | |||
| 468 | check_http (void) | 468 | check_http (void) |
| 469 | { | 469 | { |
| 470 | int result = STATE_OK; | 470 | int result = STATE_OK; |
| 471 | int result_ssl = STATE_OK; | ||
| 471 | int page_len = 0; | 472 | int page_len = 0; |
| 472 | int i; | 473 | int i; |
| 473 | char *force_host_header = NULL; | 474 | char *force_host_header = NULL; |
| @@ -852,9 +853,9 @@ check_http (void) | |||
| 852 | /* check certificate with OpenSSL functions, curl has been built against OpenSSL | 853 | /* check certificate with OpenSSL functions, curl has been built against OpenSSL |
| 853 | * and we actually have OpenSSL in the monitoring tools | 854 | * and we actually have OpenSSL in the monitoring tools |
| 854 | */ | 855 | */ |
| 855 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | 856 | result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); |
| 856 | if (!continue_after_check_cert) { | 857 | if (!continue_after_check_cert) { |
| 857 | return result; | 858 | return result_ssl; |
| 858 | } | 859 | } |
| 859 | #else /* USE_OPENSSL */ | 860 | #else /* USE_OPENSSL */ |
| 860 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); | 861 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); |
| @@ -898,17 +899,17 @@ GOT_FIRST_CERT: | |||
| 898 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); | 899 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); |
| 899 | } | 900 | } |
| 900 | BIO_free (cert_BIO); | 901 | BIO_free (cert_BIO); |
| 901 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | 902 | result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); |
| 902 | if (!continue_after_check_cert) { | 903 | if (!continue_after_check_cert) { |
| 903 | return result; | 904 | return result_ssl; |
| 904 | } | 905 | } |
| 905 | #else /* USE_OPENSSL */ | 906 | #else /* USE_OPENSSL */ |
| 906 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, | 907 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, |
| 907 | * so we use the libcurl CURLINFO data | 908 | * so we use the libcurl CURLINFO data |
| 908 | */ | 909 | */ |
| 909 | result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); | 910 | result_ssl = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); |
| 910 | if (!continue_after_check_cert) { | 911 | if (!continue_after_check_cert) { |
| 911 | return result; | 912 | return result_ssl; |
| 912 | } | 913 | } |
| 913 | #endif /* USE_OPENSSL */ | 914 | #endif /* USE_OPENSSL */ |
| 914 | } else { | 915 | } else { |
| @@ -1176,7 +1177,7 @@ GOT_FIRST_CERT: | |||
| 1176 | } | 1177 | } |
| 1177 | 1178 | ||
| 1178 | /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ | 1179 | /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ |
| 1179 | die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", | 1180 | die (max_state_alt(result, result_ssl), "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", |
| 1180 | state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), | 1181 | state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), |
| 1181 | status_line.http_code, status_line.msg, | 1182 | status_line.http_code, status_line.msg, |
| 1182 | strlen(msg) > 0 ? " - " : "", | 1183 | strlen(msg) > 0 ? " - " : "", |
| @@ -1186,7 +1187,7 @@ GOT_FIRST_CERT: | |||
| 1186 | (show_body ? body_buf.buf : ""), | 1187 | (show_body ? body_buf.buf : ""), |
| 1187 | (show_body ? "\n" : "") ); | 1188 | (show_body ? "\n" : "") ); |
| 1188 | 1189 | ||
| 1189 | return result; | 1190 | return max_state_alt(result, result_ssl); |
| 1190 | } | 1191 | } |
| 1191 | 1192 | ||
| 1192 | int | 1193 | int |