summaryrefslogtreecommitdiffstats
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
authorAlvar <post@0x21.biz>2025-12-14 11:53:51 +0000
committerGitHub <noreply@github.com>2025-12-14 12:53:51 +0100
commiteed2dd00bb61db0f7654e394948a42b8bf0b14f3 (patch)
treec22f70a5b4791d45abc301414531802397ff40c9 /plugins/check_curl.c
parent7ab5b3ba34128949902cb966ab73d84f8fb4113f (diff)
downloadmonitoring-plugins-eed2dd00bb61db0f7654e394948a42b8bf0b14f3.tar.gz
check_curl: --verify-cert / -D in examples (#2204)
Include the -D flag for certificate verification in the "CHECK CERTIFICATE" examples. Otherwise, only the certificate dates are checked, but not if the certificate matches to the hostname or is signed by a trusted CA. Fixes #2146.
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index e3e514ff..0aff8b40 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -1648,6 +1648,8 @@ void print_help(void) {
1648 printf(" %s\n", _("certificate matches the hostname of the server, or if the certificate")); 1648 printf(" %s\n", _("certificate matches the hostname of the server, or if the certificate"));
1649 printf(" %s\n", _("has a valid chain of trust to one of the locally installed CAs.")); 1649 printf(" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
1650 printf("\n"); 1650 printf("\n");
1651 printf(" %s\n", _("To also verify certificates, please set --verify-cert."));
1652 printf("\n");
1651 printf("%s\n", _("Examples:")); 1653 printf("%s\n", _("Examples:"));
1652 printf(" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com"); 1654 printf(" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
1653 printf(" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,")); 1655 printf(" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
@@ -1657,16 +1659,18 @@ void print_help(void) {
1657 _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); 1659 _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
1658 printf(" %s\n", _("a STATE_CRITICAL will be returned.")); 1660 printf(" %s\n", _("a STATE_CRITICAL will be returned."));
1659 printf("\n"); 1661 printf("\n");
1660 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14"); 1662 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14 -D");
1661 printf(" %s\n", 1663 printf(" %s\n",
1662 _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); 1664 _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
1663 printf(" %s\n", 1665 printf(" %s\n",
1664 _("a STATE_OK is returned. When the certificate is still valid, but for less than")); 1666 _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1665 printf(" %s\n", 1667 printf(" %s\n",
1666 _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); 1668 _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
1667 printf(" %s\n\n", _("the certificate is expired.")); 1669 printf(" %s\n", _("the certificate is expired."));
1670 printf("\n");
1671 printf(" %s\n", _("The -D flag enforces a certificate validation beyond expiration time."));
1668 printf("\n"); 1672 printf("\n");
1669 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14"); 1673 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14 -D");
1670 printf(" %s\n", 1674 printf(" %s\n",
1671 _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); 1675 _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
1672 printf(" %s\n", 1676 printf(" %s\n",