finish for release 0.0.3, added CA and client certificate handling

4 files changed, 36 insertions, 11 deletions

diff --git a/packaging/nagios-plugin-curl.spec b/packaging/nagios-plugin-curl.spec
index 2a0d2a9..3eefed0 100644
--- a/packaging/nagios-plugin-curl.spec
+++ b/packaging/nagios-plugin-curl.spec
@@ -1,6 +1,6 @@
 Summary: curl-based web monitoring plugin for Nagios
 Name: nagios-plugin-curl
-Version: 0.0.1
+Version: 0.0.3
 Release: 0.1
 License: GPL
 Group: Applications/System
@@ -45,5 +45,11 @@ rm -rf $RPM_BUILD_ROOT
 /%{_libdir}/nagios/plugins/check_curl
 
 %changelog
+* Mon Sep 28 2009 Andreas Baumann <abaumann@yahoo.com> 0.0.3-0.1
+- added client certificate and self-signed SSL chain handling
+
+* Wed Dec 17 2008 Andreas Baumann <abaumann@yahoo.com> 0.0.2-0.1
+- fixes for 64-bit, upgrade to 0.0.2
+
 * Thu Sep 25 2008 Andreas Baumann <abaumann@yahoo.com> 0.0.1-0.1
 - first preliminary packaged release
diff --git a/src/check_curl.c b/src/check_curl.c
index ccd22fb..cfef2cf 100644
--- a/src/check_curl.c
+++ b/src/check_curl.c
@@ -160,13 +160,34 @@ int main( int argc, char *argv[] ) {
 		curl_easy_setopt( curl, CURLOPT_TIMEOUT, timeout );
 	}
 	
-	/* --insecure: choose level of CA chain validation (SSL) */
+	/* --cacert: CA certificate file to verify SSL connection against (SSL) */
 	curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 );
+	if( args_info.cacert_given ) {
+		curl_easy_setopt( curl, CURLOPT_CAINFO, args_info.cacert_arg );
+		curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1 );
+	}
+
+	/* --insecure: choose level of CA chain validation (SSL) */
 	if( args_info.insecure_given ) {
-		curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 );
 		curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 );
-	}
 
+		/* --verify-host: make it an additional option, not as in curl! (SSL) */
+		curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 );
+		if( args_info.verify_host_given ) {
+			curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 );
+		}
+	}
+	
+	/* --cert: client certificate to present to server (SSL) */
+	if( args_info.cert_given ) {
+		curl_easy_setopt( curl, CURLOPT_SSLCERT, args_info.cert_arg );
+	}
+	
+	/* --key: key of the client certificate (SSL) */
+	if( args_info.key_given ) {
+		curl_easy_setopt( curl, CURLOPT_SSLKEY, args_info.key_arg );
+	}
+		
 	/* do the request */
 	res = curl_easy_perform( curl );	
 
diff --git a/src/check_curl.ggo b/src/check_curl.ggo
index a34d70f..da5d116 100644
--- a/src/check_curl.ggo
+++ b/src/check_curl.ggo
@@ -15,7 +15,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package	"check_url"
-version	"0.0.1"
+version	"0.0.3"
 purpose
 "Nagios plugin using libcurl and libpcre for http checks
 Copyright (c)2008 Andreas Baumann <abaumann at yahoo to com>"
@@ -97,6 +97,9 @@ option "useragent"	A	"String to be sent in http header as \"User Agent\""
 option	"insecure"	-	"Allow connections to SSL sites without certs (SSL)"
 	optional
 
+option	"verify-host"	-	"Verify that the host and the certificate host match (SSL)"
+	optional
+
 option	"cacert"	-	"CA certificate to verify peer against (SSL)"
 	string
 	typestr="file"
@@ -111,8 +114,3 @@ option	"key"		-	"Private key file name (SSL)"
 	string
 	typestr="key"
 	optional
-
-option	"pass"		-	"Pass phrase for the private key (SSL)"
-	string
-	typestr="pass"
-	optional
diff --git a/tests/virtualhost b/tests/virtualhost
index d935109..ff04c52 100644
--- a/tests/virtualhost
+++ b/tests/virtualhost
@@ -3,6 +3,6 @@ w 5
 c 10
 t 5
 S
-I fozzie.eurospider.ch
+I charon.eurospider.ch
 H intranet.eurospider.com
 u "/"