diff options
| author | Andreas Baumann <abaumann@yahoo.com> | 2009-09-29 06:46:24 +0000 |
|---|---|---|
| committer | Andreas Baumann <abaumann@yahoo.com> | 2009-09-29 06:46:24 +0000 |
| commit | 60074b37a2623b187c6a3e7903443df00d633e33 (patch) | |
| tree | cc71eb9aea734448275fbd6453f89ad98876c33d | |
| parent | 423bb964723fce340f77b0346bce6839bbdef2c4 (diff) | |
| download | nagios-plugin-curl-60074b37a2623b187c6a3e7903443df00d633e33.tar.gz nagios-plugin-curl-60074b37a2623b187c6a3e7903443df00d633e33.tar.bz2 | |
changed insecure and verify-host options to negative, default is DO verification
| -rw-r--r-- | src/check_curl.c | 19 | ||||
| -rw-r--r-- | src/check_curl.ggo | 4 |
2 files changed, 12 insertions, 11 deletions
diff --git a/src/check_curl.c b/src/check_curl.c index cfef2cf..774e9ec 100644 --- a/src/check_curl.c +++ b/src/check_curl.c @@ -161,21 +161,22 @@ int main( int argc, char *argv[] ) { } /* --cacert: CA certificate file to verify SSL connection against (SSL) */ - curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); if( args_info.cacert_given ) { curl_easy_setopt( curl, CURLOPT_CAINFO, args_info.cacert_arg ); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1 ); + /* per default if we have a CA verify both the peer and the + * hostname in the certificate, can be switched off later */ + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 2 ); + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); } - /* --insecure: choose level of CA chain validation (SSL) */ - if( args_info.insecure_given ) { - curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 ); + /* --no-verify-peer: choose level of CA chain validation (SSL) */ + if( args_info.no_verify_peer_given ) { + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1 ); + } - /* --verify-host: make it an additional option, not as in curl! (SSL) */ + /* --no-verify-host: make it an additional option, not as in curl! (SSL) */ + if( args_info.no_verify_host_given ) { curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 ); - if( args_info.verify_host_given ) { - curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); - } } /* --cert: client certificate to present to server (SSL) */ diff --git a/src/check_curl.ggo b/src/check_curl.ggo index da5d116..4207e85 100644 --- a/src/check_curl.ggo +++ b/src/check_curl.ggo @@ -94,10 +94,10 @@ option "useragent" A "String to be sent in http header as \"User Agent\"" typestr="STRING" optional -option "insecure" - "Allow connections to SSL sites without certs (SSL)" +option "no-verify-peer" - "Allow connections to SSL sites without certs (SSL)" optional -option "verify-host" - "Verify that the host and the certificate host match (SSL)" +option "no-verify-host" - "Don't verify that the host and the certificate host match (SSL)" optional option "cacert" - "CA certificate to verify peer against (SSL)" |