diff options
| -rw-r--r-- | plugins/check_curl.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 30c947fb..3b4f2ed5 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
| @@ -105,6 +105,7 @@ int check_cert = FALSE; | |||
| 105 | int ssl_version = CURL_SSLVERSION_DEFAULT; | 105 | int ssl_version = CURL_SSLVERSION_DEFAULT; |
| 106 | char *client_cert = NULL; | 106 | char *client_cert = NULL; |
| 107 | char *client_privkey = NULL; | 107 | char *client_privkey = NULL; |
| 108 | char *ca_cert = NULL; | ||
| 108 | 109 | ||
| 109 | int process_arguments (int, char**); | 110 | int process_arguments (int, char**); |
| 110 | void print_help (void); | 111 | void print_help (void); |
| @@ -192,6 +193,8 @@ main (int argc, char **argv) | |||
| 192 | curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert); | 193 | curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert); |
| 193 | if (client_privkey) | 194 | if (client_privkey) |
| 194 | curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey); | 195 | curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey); |
| 196 | if (ca_cert) | ||
| 197 | curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert); | ||
| 195 | 198 | ||
| 196 | /* per default if we have a CA verify both the peer and the | 199 | /* per default if we have a CA verify both the peer and the |
| 197 | * hostname in the certificate, can be switched off later */ | 200 | * hostname in the certificate, can be switched off later */ |
| @@ -372,7 +375,8 @@ process_arguments (int argc, char **argv) | |||
| 372 | int c; | 375 | int c; |
| 373 | 376 | ||
| 374 | enum { | 377 | enum { |
| 375 | SNI_OPTION | 378 | SNI_OPTION = CHAR_MAX + 1, |
| 379 | CA_CERT_OPTION | ||
| 376 | }; | 380 | }; |
| 377 | 381 | ||
| 378 | int option=0; | 382 | int option=0; |
| @@ -387,6 +391,7 @@ process_arguments (int argc, char **argv) | |||
| 387 | {"onredirect", required_argument, 0, 'f'}, | 391 | {"onredirect", required_argument, 0, 'f'}, |
| 388 | {"client-cert", required_argument, 0, 'J'}, | 392 | {"client-cert", required_argument, 0, 'J'}, |
| 389 | {"private-key", required_argument, 0, 'K'}, | 393 | {"private-key", required_argument, 0, 'K'}, |
| 394 | {"ca-cert", required_argument, 0, CA_CERT_OPTION}, | ||
| 390 | {"useragent", required_argument, 0, 'A'}, | 395 | {"useragent", required_argument, 0, 'A'}, |
| 391 | {"certificate", required_argument, 0, 'C'}, | 396 | {"certificate", required_argument, 0, 'C'}, |
| 392 | {0, 0, 0, 0} | 397 | {0, 0, 0, 0} |
| @@ -469,6 +474,12 @@ process_arguments (int argc, char **argv) | |||
| 469 | client_privkey = optarg; | 474 | client_privkey = optarg; |
| 470 | goto enable_ssl; | 475 | goto enable_ssl; |
| 471 | #endif | 476 | #endif |
| 477 | #ifdef LIBCURL_FEATURE_SSL | ||
| 478 | case CA_CERT_OPTION: /* use CA chain file */ | ||
| 479 | test_file(optarg); | ||
| 480 | ca_cert = optarg; | ||
| 481 | goto enable_ssl; | ||
| 482 | #endif | ||
| 472 | case 'S': /* use SSL */ | 483 | case 'S': /* use SSL */ |
| 473 | #ifdef LIBCURL_FEATURE_SSL | 484 | #ifdef LIBCURL_FEATURE_SSL |
| 474 | enable_ssl: | 485 | enable_ssl: |
| @@ -621,6 +632,8 @@ print_help (void) | |||
| 621 | printf (" %s\n", "-K, --private-key=FILE"); | 632 | printf (" %s\n", "-K, --private-key=FILE"); |
| 622 | printf (" %s\n", _("Name of file containing the private key (PEM format)")); | 633 | printf (" %s\n", _("Name of file containing the private key (PEM format)")); |
| 623 | printf (" %s\n", _("matching the client certificate")); | 634 | printf (" %s\n", _("matching the client certificate")); |
| 635 | printf (" %s\n", "--ca-cert=FILE"); | ||
| 636 | printf (" %s\n", _("CA certificate file to verify peer against")); | ||
| 624 | #endif | 637 | #endif |
| 625 | 638 | ||
| 626 | printf (" %s\n", "-s, --string=STRING"); | 639 | printf (" %s\n", "-s, --string=STRING"); |
| @@ -649,7 +662,7 @@ print_usage (void) | |||
| 649 | { | 662 | { |
| 650 | printf ("%s\n", _("Usage:")); | 663 | printf ("%s\n", _("Usage:")); |
| 651 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); | 664 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); |
| 652 | printf (" [-J <client certificate file>] [-K <private key>]\n"); | 665 | printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>]\n"); |
| 653 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-a auth]\n"); | 666 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-a auth]\n"); |
| 654 | printf (" [-f <ok|warning|critcal|follow>]\n"); | 667 | printf (" [-f <ok|warning|critcal|follow>]\n"); |
| 655 | printf (" [-A string] [-S <version>] [-C]\n"); | 668 | printf (" [-A string] [-S <version>] [-C]\n"); |