From 423bb964723fce340f77b0346bce6839bbdef2c4 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Mon, 28 Sep 2009 15:40:47 +0000 Subject: finish for release 0.0.3, added CA and client certificate handling --- packaging/nagios-plugin-curl.spec | 8 +++++++- src/check_curl.c | 27 ++++++++++++++++++++++++--- src/check_curl.ggo | 10 ++++------ tests/virtualhost | 2 +- 4 files changed, 36 insertions(+), 11 deletions(-) diff --git a/packaging/nagios-plugin-curl.spec b/packaging/nagios-plugin-curl.spec index 2a0d2a9..3eefed0 100644 --- a/packaging/nagios-plugin-curl.spec +++ b/packaging/nagios-plugin-curl.spec @@ -1,6 +1,6 @@ Summary: curl-based web monitoring plugin for Nagios Name: nagios-plugin-curl -Version: 0.0.1 +Version: 0.0.3 Release: 0.1 License: GPL Group: Applications/System @@ -45,5 +45,11 @@ rm -rf $RPM_BUILD_ROOT /%{_libdir}/nagios/plugins/check_curl %changelog +* Mon Sep 28 2009 Andreas Baumann 0.0.3-0.1 +- added client certificate and self-signed SSL chain handling + +* Wed Dec 17 2008 Andreas Baumann 0.0.2-0.1 +- fixes for 64-bit, upgrade to 0.0.2 + * Thu Sep 25 2008 Andreas Baumann 0.0.1-0.1 - first preliminary packaged release diff --git a/src/check_curl.c b/src/check_curl.c index ccd22fb..cfef2cf 100644 --- a/src/check_curl.c +++ b/src/check_curl.c @@ -160,13 +160,34 @@ int main( int argc, char *argv[] ) { curl_easy_setopt( curl, CURLOPT_TIMEOUT, timeout ); } - /* --insecure: choose level of CA chain validation (SSL) */ + /* --cacert: CA certificate file to verify SSL connection against (SSL) */ curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); + if( args_info.cacert_given ) { + curl_easy_setopt( curl, CURLOPT_CAINFO, args_info.cacert_arg ); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1 ); + } + + /* --insecure: choose level of CA chain validation (SSL) */ if( args_info.insecure_given ) { - curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 ); curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 ); - } + /* --verify-host: make it an additional option, not as in curl! (SSL) */ + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 ); + if( args_info.verify_host_given ) { + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); + } + } + + /* --cert: client certificate to present to server (SSL) */ + if( args_info.cert_given ) { + curl_easy_setopt( curl, CURLOPT_SSLCERT, args_info.cert_arg ); + } + + /* --key: key of the client certificate (SSL) */ + if( args_info.key_given ) { + curl_easy_setopt( curl, CURLOPT_SSLKEY, args_info.key_arg ); + } + /* do the request */ res = curl_easy_perform( curl ); diff --git a/src/check_curl.ggo b/src/check_curl.ggo index a34d70f..da5d116 100644 --- a/src/check_curl.ggo +++ b/src/check_curl.ggo @@ -15,7 +15,7 @@ # along with this program. If not, see . package "check_url" -version "0.0.1" +version "0.0.3" purpose "Nagios plugin using libcurl and libpcre for http checks Copyright (c)2008 Andreas Baumann " @@ -97,6 +97,9 @@ option "useragent" A "String to be sent in http header as \"User Agent\"" option "insecure" - "Allow connections to SSL sites without certs (SSL)" optional +option "verify-host" - "Verify that the host and the certificate host match (SSL)" + optional + option "cacert" - "CA certificate to verify peer against (SSL)" string typestr="file" @@ -111,8 +114,3 @@ option "key" - "Private key file name (SSL)" string typestr="key" optional - -option "pass" - "Pass phrase for the private key (SSL)" - string - typestr="pass" - optional diff --git a/tests/virtualhost b/tests/virtualhost index d935109..ff04c52 100644 --- a/tests/virtualhost +++ b/tests/virtualhost @@ -3,6 +3,6 @@ w 5 c 10 t 5 S -I fozzie.eurospider.ch +I charon.eurospider.ch H intranet.eurospider.com u "/" -- cgit v1.2.3-54-g00ecf