From 0b6423f9c99d9edf8c96fefd0f6c453859395aa1 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Mon, 30 Sep 2013 00:03:24 +0200
Subject: Import Nagios Plugins site

Import the Nagios Plugins web site, Cronjobs, infrastructure scripts,
and configuration files.
---
 web/attachments/118230-check_http.c.diff | 133 +++++++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)
 create mode 100644 web/attachments/118230-check_http.c.diff

(limited to 'web/attachments/118230-check_http.c.diff')

diff --git a/web/attachments/118230-check_http.c.diff b/web/attachments/118230-check_http.c.diff
new file mode 100644
index 0000000..336ea2e
--- /dev/null
+++ b/web/attachments/118230-check_http.c.diff
@@ -0,0 +1,133 @@
+*** nagios-plugins-1.4-beta1/plugins/check_http.c	2004-12-24 03:54:24.000000000 +0900
+--- check_http.c	2005-01-26 15:31:53.374334612 +0900
+***************
+*** 66,71 ****
+--- 66,73 ----
+  X509 *server_cert;
+  int connect_SSL (void);
+  int check_certificate (X509 **);
++ # define VERIFY_CERTIFICATE 	10
++ # define CAFILE 		11
+  #endif
+  int no_body = FALSE;
+  int maximum_age = -1;
+***************
+*** 111,116 ****
+--- 113,123 ----
+  char *http_opt_headers;
+  int onredirect = STATE_OK;
+  int use_ssl = FALSE;
++ int verify_certificate = FALSE;
++ int use_cafile = FALSE;
++ int CAfile = FALSE;
++ int cert_verify_result;
++ char *trusted_ca_file=NULL;
+  int verbose = FALSE;
+  int sd;
+  int min_page_len = 0;
+***************
+*** 206,211 ****
+--- 213,220 ----
+  		{"link", no_argument, 0, 'L'},
+  		{"nohtml", no_argument, 0, 'n'},
+  		{"ssl", no_argument, 0, 'S'},
++ 		{"certverify", no_argument, 0, VERIFY_CERTIFICATE},
++ 		{"CAfile", required_argument, 0, CAFILE},
+  		{"verbose", no_argument, 0, 'v'},
+  		{"post", required_argument, 0, 'P'},
+  		{"IP-address", required_argument, 0, 'I'},
+***************
+*** 315,320 ****
+--- 324,351 ----
+  			usage4 (_("Invalid option - SSL is not available"));
+  #endif
+  			break;
++ #ifdef HAVE_SSL
++ 		case VERIFY_CERTIFICATE : 
++ 			use_ssl = TRUE;
++ 			verify_certificate = TRUE;
++                         if (specify_port == FALSE)
++ 				server_port = HTTPS_PORT;
++ #else
++                         usage4 (_("Invalid option - SSL is not available"));
++ #endif
++                         break;
++ 
++ #ifdef HAVE_SSL
++                 case CAFILE :
++                         if (!verify_certificate) usage2(_("Verify Certificate option not enabled"),optarg);
++ 			use_cafile = TRUE;
++ 			trusted_ca_file = strdup (optarg);
++ #else
++                         usage4 (_("Invalid option - SSL is not available"));
++ #endif
++                         break;
++ 
++ 	
+  		case 'f': /* onredirect */
+  			if (!strcmp (optarg, "follow"))
+  				onredirect = STATE_DEPENDENT;
+***************
+*** 732,738 ****
+--- 763,771 ----
+  			die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
+  		}
+  
++ 		SSL_get_peer_cert_chain(ssl); /* We don't really mind if there is no cert chain as only the peer cert is needed */
+  		if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
++ 			cert_verify_result = SSL_get_verify_result( ssl );
+  			X509_free (server_cert);
+  		}
+  		else {
+***************
+*** 740,745 ****
+--- 773,785 ----
+  			return STATE_CRITICAL;
+  		}
+  
++ 		if (verify_certificate) {
++ 			if (cert_verify_result != X509_V_OK) {
++ 				printf ("CRITICAL - Certificate error : %s\n", X509_verify_cert_error_string(cert_verify_result) );
++ 				return STATE_CRITICAL;
++ 			}
++ 		}
++ 
+  	}
+  	else {
+  #endif
+***************
+*** 1191,1196 ****
+--- 1231,1246 ----
+  		return STATE_CRITICAL;
+  	}
+  
++         if (use_cafile) {
++         	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(trusted_ca_file));
++ 	        if (!SSL_CTX_load_verify_locations(ctx, trusted_ca_file, NULL)) {
++  		       printf (_("CRITICAL - Cannot load CAfile.\n"));
++ 	        }else {
++ 	               SSL_CTX_set_default_verify_paths(ctx);
++         	}
++         }
++ 
++ 
+  	/* Initialize alarm signal handling */
+  	signal (SIGALRM, socket_timeout_alarm_handler);
+  
+***************
+*** 1477,1482 ****
+--- 1527,1540 ----
+  STATE_OK is returned. When the certificate is still valid, but for less than\n\
+  14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when\n\
+  the certificate is expired.\n"));
++ 
++ 	printf (_("\n\
++ CHECK CERTIFICATE VALIDITY: check_http www.myhost.com --certverify \n\n\
++ Checks to see the validity of a certificate, will return a critical on any \n\
++ certificate error including self signed, untrusted issuer, decryption errors\n\
++ or certificate revocation.\n\
++ Full list : http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS\n\n"));
++ 
+  #endif
+  
+  	printf (_(UT_SUPPORT));
-- 
cgit v1.2.3-74-g34f1