1 files changed, 133 insertions, 0 deletions
diff --git a/web/attachments/118230-check_http.c.diff b/web/attachments/118230-check_http.c.diff
new file mode 100644
index 0000000..336ea2e
--- /dev/null
+++ b/web/attachments/118230-check_http.c.diff
@@ -0,0 +1,133 @@
+*** nagios-plugins-1.4-beta1/plugins/check_http.c       2004-12-24 03:54:24.000000000 +0900
+--- check_http.c        2005-01-26 15:31:53.374334612 +0900
+***************
+*** 66,71 ****
+--- 66,73 ----
+  X509 *server_cert;
+  int connect_SSL (void);
+  int check_certificate (X509 **);
+ # define VERIFY_CERTIFICATE   10
+ # define CAFILE               11
+  #endif
+  int no_body = FALSE;
+  int maximum_age = -1;
+***************
+*** 111,116 ****
+--- 113,123 ----
+  char *http_opt_headers;
+  int onredirect = STATE_OK;
+  int use_ssl = FALSE;
+ int verify_certificate = FALSE;
+ int use_cafile = FALSE;
+ int CAfile = FALSE;
+ int cert_verify_result;
+ char *trusted_ca_file=NULL;
+  int verbose = FALSE;
+  int sd;
+  int min_page_len = 0;
+***************
+*** 206,211 ****
+--- 213,220 ----
+                {"link", no_argument, 0, 'L'},
+                {"nohtml", no_argument, 0, 'n'},
+                {"ssl", no_argument, 0, 'S'},
+               {"certverify", no_argument, 0, VERIFY_CERTIFICATE},
+               {"CAfile", required_argument, 0, CAFILE},
+                {"verbose", no_argument, 0, 'v'},
+                {"post", required_argument, 0, 'P'},
+                {"IP-address", required_argument, 0, 'I'},
+***************
+*** 315,320 ****
+--- 324,351 ----
+                        usage4 (_("Invalid option - SSL is not available"));
+  #endif
+                        break;
+ #ifdef HAVE_SSL
+               case VERIFY_CERTIFICATE : 
+                       use_ssl = TRUE;
+                       verify_certificate = TRUE;
+                         if (specify_port == FALSE)
+                               server_port = HTTPS_PORT;
+ #else
+                         usage4 (_("Invalid option - SSL is not available"));
+ #endif
+                         break;
+ 
+ #ifdef HAVE_SSL
+                 case CAFILE :
+                         if (!verify_certificate) usage2(_("Verify Certificate option not enabled"),optarg);
+                       use_cafile = TRUE;
+                       trusted_ca_file = strdup (optarg);
+ #else
+                         usage4 (_("Invalid option - SSL is not available"));
+ #endif
+                         break;
+ 
+       
+                case 'f': /* onredirect */
+                        if (!strcmp (optarg, "follow"))
+                                onredirect = STATE_DEPENDENT;
+***************
+*** 732,738 ****
+--- 763,771 ----
+                        die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
+                }
+  
+               SSL_get_peer_cert_chain(ssl); /* We don't really mind if there is no cert chain as only the peer cert is needed */
+                if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
+                       cert_verify_result = SSL_get_verify_result( ssl );
+                        X509_free (server_cert);
+                }
+                else {
+***************
+*** 740,745 ****
+--- 773,785 ----
+                        return STATE_CRITICAL;
+                }
+  
+               if (verify_certificate) {
+                       if (cert_verify_result != X509_V_OK) {
+                               printf ("CRITICAL - Certificate error : %s\n", X509_verify_cert_error_string(cert_verify_result) );
+                               return STATE_CRITICAL;
+                       }
+               }
+ 
+        }
+        else {
+  #endif
+***************
+*** 1191,1196 ****
+--- 1231,1246 ----
+                return STATE_CRITICAL;
+        }
+  
+         if (use_cafile) {
+               SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(trusted_ca_file));
+               if (!SSL_CTX_load_verify_locations(ctx, trusted_ca_file, NULL)) {
+                      printf (_("CRITICAL - Cannot load CAfile.\n"));
+               }else {
+                      SSL_CTX_set_default_verify_paths(ctx);
+               }
+         }
+ 
+ 
+        /* Initialize alarm signal handling */
+        signal (SIGALRM, socket_timeout_alarm_handler);
+  
+***************
+*** 1477,1482 ****
+--- 1527,1540 ----
+  STATE_OK is returned. When the certificate is still valid, but for less than\n\
+  14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when\n\
+  the certificate is expired.\n"));
+ 
+       printf (_("\n\
+ CHECK CERTIFICATE VALIDITY: check_http www.myhost.com --certverify \n\n\
+ Checks to see the validity of a certificate, will return a critical on any \n\
+ certificate error including self signed, untrusted issuer, decryption errors\n\
+ or certificate revocation.\n\
+ Full list : http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS\n\n"));
+ 
+  #endif
+  
+        printf (_(UT_SUPPORT));

diff --git a/web/attachments/118230-check_http.c.diff b/web/attachments/118230-check_http.c.diff new file mode 100644 index 0000000..336ea2e --- /dev/null +++ b/web/attachments/118230-check_http.c.diff
@@ -0,0 +1,133 @@
	1	*** nagios-plugins-1.4-beta1/plugins/check_http.c 2004-12-24 03:54:24.000000000 +0900
	2	--- check_http.c 2005-01-26 15:31:53.374334612 +0900
	3	***************
	4	* 66,71 **
	5	--- 66,73 ----
	6	X509 *server_cert;
	7	int connect_SSL (void);
	8	int check_certificate (X509 **);
	9	+ # define VERIFY_CERTIFICATE 10
	10	+ # define CAFILE 11
	11	#endif
	12	int no_body = FALSE;
	13	int maximum_age = -1;
	14	***************
	15	* 111,116 **
	16	--- 113,123 ----
	17	char *http_opt_headers;
	18	int onredirect = STATE_OK;
	19	int use_ssl = FALSE;
	20	+ int verify_certificate = FALSE;
	21	+ int use_cafile = FALSE;
	22	+ int CAfile = FALSE;
	23	+ int cert_verify_result;
	24	+ char *trusted_ca_file=NULL;
	25	int verbose = FALSE;
	26	int sd;
	27	int min_page_len = 0;
	28	***************
	29	* 206,211 **
	30	--- 213,220 ----
	31	{"link", no_argument, 0, 'L'},
	32	{"nohtml", no_argument, 0, 'n'},
	33	{"ssl", no_argument, 0, 'S'},
	34	+ {"certverify", no_argument, 0, VERIFY_CERTIFICATE},
	35	+ {"CAfile", required_argument, 0, CAFILE},
	36	{"verbose", no_argument, 0, 'v'},
	37	{"post", required_argument, 0, 'P'},
	38	{"IP-address", required_argument, 0, 'I'},
	39	***************
	40	* 315,320 **
	41	--- 324,351 ----
	42	usage4 (_("Invalid option - SSL is not available"));
	43	#endif
	44	break;
	45	+ #ifdef HAVE_SSL
	46	+ case VERIFY_CERTIFICATE :
	47	+ use_ssl = TRUE;
	48	+ verify_certificate = TRUE;
	49	+ if (specify_port == FALSE)
	50	+ server_port = HTTPS_PORT;
	51	+ #else
	52	+ usage4 (_("Invalid option - SSL is not available"));
	53	+ #endif
	54	+ break;
	55	+
	56	+ #ifdef HAVE_SSL
	57	+ case CAFILE :
	58	+ if (!verify_certificate) usage2(_("Verify Certificate option not enabled"),optarg);
	59	+ use_cafile = TRUE;
	60	+ trusted_ca_file = strdup (optarg);
	61	+ #else
	62	+ usage4 (_("Invalid option - SSL is not available"));
	63	+ #endif
	64	+ break;
	65	+
	66	+
	67	case 'f': /* onredirect */
	68	if (!strcmp (optarg, "follow"))
	69	onredirect = STATE_DEPENDENT;
	70	***************
	71	* 732,738 **
	72	--- 763,771 ----
	73	die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
	74	}
	75
	76	+ SSL_get_peer_cert_chain(ssl); /* We don't really mind if there is no cert chain as only the peer cert is needed */
	77	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
	78	+ cert_verify_result = SSL_get_verify_result( ssl );
	79	X509_free (server_cert);
	80	}
	81	else {
	82	***************
	83	* 740,745 **
	84	--- 773,785 ----
	85	return STATE_CRITICAL;
	86	}
	87
	88	+ if (verify_certificate) {
	89	+ if (cert_verify_result != X509_V_OK) {
	90	+ printf ("CRITICAL - Certificate error : %s\n", X509_verify_cert_error_string(cert_verify_result) );
	91	+ return STATE_CRITICAL;
	92	+ }
	93	+ }
	94	+
	95	}
	96	else {
	97	#endif
	98	***************
	99	* 1191,1196 **
	100	--- 1231,1246 ----
	101	return STATE_CRITICAL;
	102	}
	103
	104	+ if (use_cafile) {
	105	+ SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(trusted_ca_file));
	106	+ if (!SSL_CTX_load_verify_locations(ctx, trusted_ca_file, NULL)) {
	107	+ printf (_("CRITICAL - Cannot load CAfile.\n"));
	108	+ }else {
	109	+ SSL_CTX_set_default_verify_paths(ctx);
	110	+ }
	111	+ }
	112	+
	113	+
	114	/* Initialize alarm signal handling */
	115	signal (SIGALRM, socket_timeout_alarm_handler);
	116
	117	***************
	118	* 1477,1482 **
	119	--- 1527,1540 ----
	120	STATE_OK is returned. When the certificate is still valid, but for less than\n\
	121	14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when\n\
	122	the certificate is expired.\n"));
	123	+
	124	+ printf (_("\n\
	125	+ CHECK CERTIFICATE VALIDITY: check_http www.myhost.com --certverify \n\n\
	126	+ Checks to see the validity of a certificate, will return a critical on any \n\
	127	+ certificate error including self signed, untrusted issuer, decryption errors\n\
	128	+ or certificate revocation.\n\
	129	+ Full list : http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS\n\n"));
	130	+
	131	#endif
	132
	133	printf (_(UT_SUPPORT));