diff options
| author | Thomas Guyot-Sionnest <dermoth@aei.ca> | 2010-04-06 01:06:22 (GMT) |
|---|---|---|
| committer | Thomas Guyot-Sionnest <dermoth@aei.ca> | 2010-04-06 01:06:22 (GMT) |
| commit | fe1c6106d9fb45e62b93443145f902a3449641aa (patch) | |
| tree | 774a954575275e355254bc8c7c05ced673557aaa /plugins/check_http.c | |
| parent | e5690e3ddaebdd98bfd96c2303453e4e0d7ed318 (diff) | |
| download | monitoring-plugins-fe1c6106d9fb45e62b93443145f902a3449641aa.tar.gz | |
Fix regression in check_http ssl checks on some servers
The fix is making SNI an option.
Diffstat (limited to 'plugins/check_http.c')
| -rw-r--r-- | plugins/check_http.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 5cdf144..536b400 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
| @@ -112,6 +112,7 @@ int http_opt_headers_count = 0; | |||
| 112 | int onredirect = STATE_OK; | 112 | int onredirect = STATE_OK; |
| 113 | int followsticky = STICKY_NONE; | 113 | int followsticky = STICKY_NONE; |
| 114 | int use_ssl = FALSE; | 114 | int use_ssl = FALSE; |
| 115 | int use_sni = FALSE; | ||
| 115 | int verbose = FALSE; | 116 | int verbose = FALSE; |
| 116 | int sd; | 117 | int sd; |
| 117 | int min_page_len = 0; | 118 | int min_page_len = 0; |
| @@ -178,7 +179,8 @@ process_arguments (int argc, char **argv) | |||
| 178 | char *p; | 179 | char *p; |
| 179 | 180 | ||
| 180 | enum { | 181 | enum { |
| 181 | INVERT_REGEX = CHAR_MAX + 1 | 182 | INVERT_REGEX = CHAR_MAX + 1, |
| 183 | SNI_OPTION | ||
| 182 | }; | 184 | }; |
| 183 | 185 | ||
| 184 | int option = 0; | 186 | int option = 0; |
| @@ -187,6 +189,7 @@ process_arguments (int argc, char **argv) | |||
| 187 | {"link", no_argument, 0, 'L'}, | 189 | {"link", no_argument, 0, 'L'}, |
| 188 | {"nohtml", no_argument, 0, 'n'}, | 190 | {"nohtml", no_argument, 0, 'n'}, |
| 189 | {"ssl", no_argument, 0, 'S'}, | 191 | {"ssl", no_argument, 0, 'S'}, |
| 192 | {"sni", no_argument, 0, SNI_OPTION}, | ||
| 190 | {"post", required_argument, 0, 'P'}, | 193 | {"post", required_argument, 0, 'P'}, |
| 191 | {"method", required_argument, 0, 'j'}, | 194 | {"method", required_argument, 0, 'j'}, |
| 192 | {"IP-address", required_argument, 0, 'I'}, | 195 | {"IP-address", required_argument, 0, 'I'}, |
| @@ -304,6 +307,9 @@ process_arguments (int argc, char **argv) | |||
| 304 | if (specify_port == FALSE) | 307 | if (specify_port == FALSE) |
| 305 | server_port = HTTPS_PORT; | 308 | server_port = HTTPS_PORT; |
| 306 | break; | 309 | break; |
| 310 | case SNI_OPTION: | ||
| 311 | use_sni = TRUE; | ||
| 312 | break; | ||
| 307 | case 'f': /* onredirect */ | 313 | case 'f': /* onredirect */ |
| 308 | if (!strcmp (optarg, "stickyport")) | 314 | if (!strcmp (optarg, "stickyport")) |
| 309 | onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; | 315 | onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; |
| @@ -797,7 +803,7 @@ check_http (void) | |||
| 797 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | 803 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); |
| 798 | #ifdef HAVE_SSL | 804 | #ifdef HAVE_SSL |
| 799 | if (use_ssl == TRUE) { | 805 | if (use_ssl == TRUE) { |
| 800 | np_net_ssl_init_with_hostname(sd, host_name); | 806 | np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); |
| 801 | if (check_cert == TRUE) { | 807 | if (check_cert == TRUE) { |
| 802 | result = np_net_ssl_check_cert(days_till_exp); | 808 | result = np_net_ssl_check_cert(days_till_exp); |
| 803 | np_net_ssl_cleanup(); | 809 | np_net_ssl_cleanup(); |
| @@ -1323,6 +1329,8 @@ print_help (void) | |||
| 1323 | #ifdef HAVE_SSL | 1329 | #ifdef HAVE_SSL |
| 1324 | printf (" %s\n", "-S, --ssl"); | 1330 | printf (" %s\n", "-S, --ssl"); |
| 1325 | printf (" %s\n", _("Connect via SSL. Port defaults to 443")); | 1331 | printf (" %s\n", _("Connect via SSL. Port defaults to 443")); |
| 1332 | printf (" %s\n", "--sni"); | ||
| 1333 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | ||
| 1326 | printf (" %s\n", "-C, --certificate=INTEGER"); | 1334 | printf (" %s\n", "-C, --certificate=INTEGER"); |
| 1327 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); | 1335 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); |
| 1328 | printf (" %s\n", _("(when this option is used the URL is not checked.)\n")); | 1336 | printf (" %s\n", _("(when this option is used the URL is not checked.)\n")); |
| @@ -1427,5 +1435,6 @@ print_usage (void) | |||
| 1427 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | 1435 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); |
| 1428 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 1436 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |
| 1429 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | 1437 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); |
| 1430 | printf (" [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n"); | 1438 | printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n"); |
| 1439 | printf (" [-j method]\n"); | ||
| 1431 | } | 1440 | } |