diff options
| author | William Leibzon <william@leibzon.org> | 2012-05-22 01:46:45 (GMT) |
|---|---|---|
| committer | Sven Nierlein <sven@nierlein.de> | 2012-06-25 10:05:16 (GMT) |
| commit | fa3d2a4074e1bd8526e37ba5e1a214ae4a1774cf (patch) | |
| tree | 1d0c780a61db8e719502aed2a7bd9311afd23ac4 /plugins/check_http.c | |
| parent | 88fdf3a8a8e17f9212e10befe1f24ff3fa1aa8e6 (diff) | |
| download | monitoring-plugins-fa3d2a4074e1bd8526e37ba5e1a214ae4a1774cf.tar.gz | |
applied patch that adds both critical and warning thresholds to certificate expiration checks of check_tcp, check_http, check_smtp
Diffstat (limited to 'plugins/check_http.c')
| -rw-r--r-- | plugins/check_http.c | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 315848f..703e317 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
| @@ -58,8 +58,8 @@ enum { | |||
| 58 | 58 | ||
| 59 | #ifdef HAVE_SSL | 59 | #ifdef HAVE_SSL |
| 60 | int check_cert = FALSE; | 60 | int check_cert = FALSE; |
| 61 | int days_till_exp; | ||
| 62 | int ssl_version; | 61 | int ssl_version; |
| 62 | int days_till_exp_warn, days_till_exp_crit; | ||
| 63 | char *randbuff; | 63 | char *randbuff; |
| 64 | X509 *server_cert; | 64 | X509 *server_cert; |
| 65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
| @@ -178,6 +178,7 @@ process_arguments (int argc, char **argv) | |||
| 178 | { | 178 | { |
| 179 | int c = 1; | 179 | int c = 1; |
| 180 | char *p; | 180 | char *p; |
| 181 | char *temp; | ||
| 181 | 182 | ||
| 182 | enum { | 183 | enum { |
| 183 | INVERT_REGEX = CHAR_MAX + 1, | 184 | INVERT_REGEX = CHAR_MAX + 1, |
| @@ -282,13 +283,25 @@ process_arguments (int argc, char **argv) | |||
| 282 | break; | 283 | break; |
| 283 | case 'C': /* Check SSL cert validity */ | 284 | case 'C': /* Check SSL cert validity */ |
| 284 | #ifdef HAVE_SSL | 285 | #ifdef HAVE_SSL |
| 285 | if (!is_intnonneg (optarg)) | 286 | if ((temp=strchr(optarg,','))!=NULL) { |
| 286 | usage2 (_("Invalid certificate expiration period"), optarg); | 287 | *temp='\0'; |
| 288 | if (!is_intnonneg (temp)) | ||
| 289 | usage2 (_("Invalid certificate expiration period"), optarg); | ||
| 290 | days_till_exp_warn = atoi(optarg); | ||
| 291 | *temp=','; | ||
| 292 | temp++; | ||
| 293 | if (!is_intnonneg (temp)) | ||
| 294 | usage2 (_("Invalid certificate expiration period"), temp); | ||
| 295 | days_till_exp_crit = atoi (temp); | ||
| 296 | } | ||
| 287 | else { | 297 | else { |
| 288 | days_till_exp = atoi (optarg); | 298 | days_till_exp_crit=0; |
| 289 | check_cert = TRUE; | 299 | if (!is_intnonneg (optarg)) |
| 300 | usage2 (_("Invalid certificate expiration period"), optarg); | ||
| 301 | days_till_exp_warn = atoi (optarg); | ||
| 290 | } | 302 | } |
| 291 | /* Fall through to -S option */ | 303 | check_cert = TRUE; |
| 304 | /* Fall through to -S option */ | ||
| 292 | #endif | 305 | #endif |
| 293 | case 'S': /* use SSL */ | 306 | case 'S': /* use SSL */ |
| 294 | #ifndef HAVE_SSL | 307 | #ifndef HAVE_SSL |
| @@ -810,7 +823,7 @@ check_http (void) | |||
| 810 | if (result != STATE_OK) | 823 | if (result != STATE_OK) |
| 811 | return result; | 824 | return result; |
| 812 | if (check_cert == TRUE) { | 825 | if (check_cert == TRUE) { |
| 813 | result = np_net_ssl_check_cert(days_till_exp); | 826 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
| 814 | np_net_ssl_cleanup(); | 827 | np_net_ssl_cleanup(); |
| 815 | if (sd) close(sd); | 828 | if (sd) close(sd); |
| 816 | return result; | 829 | return result; |
| @@ -1427,6 +1440,13 @@ print_help (void) | |||
| 1427 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | 1440 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); |
| 1428 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); | 1441 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); |
| 1429 | printf (" %s\n", _("the certificate is expired.")); | 1442 | printf (" %s\n", _("the certificate is expired.")); |
| 1443 | |||
| 1444 | printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); | ||
| 1445 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); | ||
| 1446 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | ||
| 1447 | printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); | ||
| 1448 | printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); | ||
| 1449 | |||
| 1430 | #endif | 1450 | #endif |
| 1431 | 1451 | ||
| 1432 | printf (UT_SUPPORT); | 1452 | printf (UT_SUPPORT); |
| @@ -1444,6 +1464,6 @@ print_usage (void) | |||
| 1444 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | 1464 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); |
| 1445 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 1465 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |
| 1446 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | 1466 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); |
| 1447 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n"); | 1467 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n"); |
| 1448 | printf (" [-j method]\n"); | 1468 | printf (" [-T <content-type>] [-j method]\n"); |
| 1449 | } | 1469 | } |