1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
*** plugins/check_http.c.orig 2010-03-18 15:05:53.000000000 -0400
--- plugins/check_http.c 2010-03-23 14:26:48.000000000 -0400
***************
*** 121,126 ****
--- 121,127 ----
char *http_post_data;
char *http_content_type;
char buffer[MAX_INPUT_BUFFER];
+ int http_connect = FALSE;
int process_arguments (int, char **);
int check_http (void);
***************
*** 186,191 ****
--- 187,193 ----
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
+ {"http-connect", no_argument, 0, 'K'},
{"post", required_argument, 0, 'P'},
{"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
***************
*** 229,235 ****
}
while (1) {
! c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
if (c == -1 || c == EOF)
break;
--- 231,237 ----
}
while (1) {
! c = getopt_long (argc, argv, "Vvh46Kt:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
if (c == -1 || c == EOF)
break;
***************
*** 401,406 ****
--- 403,411 ----
usage4 (_("IPv6 support not available"));
#endif
break;
+ case 'K': /* use http-connect */
+ http_connect = TRUE;
+ break;
case 'v': /* verbose */
verbose = TRUE;
break;
***************
*** 790,795 ****
--- 795,807 ----
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
+
+ if (http_connect == TRUE) {
+ /* only using port 443 */
+ if (http_connect_through_proxy(host_name, 443, user_agent, sd) != STATE_OK)
+ die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open proxy tunnel TCP socket\n"));
+ }
+
np_net_ssl_init_with_hostname(sd, host_name);
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
***************
*** 1234,1239 ****
--- 1246,1290 ----
}
+
+ /* start the HTTP CONNECT method exchange with a proxy host */
+ int
+ http_connect_through_proxy (char *host_name, int port, char *user_agent, int sd)
+ {
+ int result;
+ char *send_buffer=NULL;
+ char recv_buffer[MAX_INPUT_BUFFER];
+ char *status_line;
+ char *status_code;
+ int http_status;
+
+ asprintf( &send_buffer, "CONNECT %s:%d HTTP/1.0\r\nUser-agent: %s\r\n\r\n", host_name, port, user_agent);
+
+ result = STATE_OK;
+ result = send_tcp_request (sd, send_buffer, recv_buffer, sizeof(recv_buffer));
+ if (result != STATE_OK)
+ return result;
+
+ status_line = recv_buffer;
+ status_line[strcspn(status_line, "\r\n")] = 0;
+ strip (status_line);
+ if (verbose)
+ printf ("HTTP_CONNECT STATUS: %s\n", status_line);
+
+ status_code = strchr (status_line, ' ') + sizeof (char);
+ if (strspn (status_code, "1234567890") != 3)
+ die (STATE_CRITICAL, _("HTTP CRITICAL: HTTP_CONNECT Returns Invalid Status Line (%s)\n"), status_line);
+
+ http_status = atoi (status_code);
+
+ if (http_status != 200) {
+ die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid HTTP Connect Proxy Status (%s)\n"), status_line);
+ }
+
+ return STATE_OK;
+ }
+
+
int
server_type_check (const char *type)
{
***************
*** 1308,1313 ****
--- 1359,1368 ----
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", "-K, --http-connect");
+ printf (" %s\n", _("Connect to a proxy using the HTTP CONNECT protocol (SSL tunnel)."));
+ printf (" %s\n", _("Requires -S option. Will only connect to host through tunnel"));
+ printf (" %s\n", _("on port 443."));
printf (" %s\n", "-C, --certificate=INTEGER");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
***************
*** 1406,1412 ****
{
printf (_("Usage:"));
printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
! printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
printf (" [-a auth] [-f <ok | warn | critcal | follow | sticky | stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
--- 1461,1467 ----
{
printf (_("Usage:"));
printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
! printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-K]\n");
printf (" [-a auth] [-f <ok | warn | critcal | follow | sticky | stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
|
