From 864f2f68ef8e2214e6caeadd7207a7e6ede25cc3 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Mon, 28 Sep 2009 15:01:44 +0000 Subject: added all SSL options we currently need, --insecure worksm already --- GNUmakefile | 2 +- src/check_curl.c | 14 ++++++++++---- src/check_curl.ggo | 23 +++++++++++++++++++++++ tests/GNUmakefile | 16 ++++++++-------- tests/clientcertcheck | 4 ++-- tests/insecure | 9 +++++++++ tests/virtualhost | 8 ++++++++ 7 files changed, 61 insertions(+), 15 deletions(-) create mode 100644 tests/insecure create mode 100644 tests/virtualhost diff --git a/GNUmakefile b/GNUmakefile index 34a6065..5b82796 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -3,6 +3,6 @@ TOPDIR = . SUBDIRS = src PACKAGE_NAME=nagios-plugin-curl -PACKAGE_VERSION=0.0.2 +PACKAGE_VERSION=0.0.3 -include $(TOPDIR)/makefiles/top.mk diff --git a/src/check_curl.c b/src/check_curl.c index b8adbc6..ccd22fb 100644 --- a/src/check_curl.c +++ b/src/check_curl.c @@ -38,6 +38,7 @@ int main( int argc, char *argv[] ) { curlhelp_curlbuf header_buf; CURL *curl; char b[2048]; + char b2[2048]; CURLcode res; char errbuf[CURL_ERROR_SIZE+1]; struct curl_slist *header_list = NULL; @@ -63,7 +64,7 @@ int main( int argc, char *argv[] ) { if( args_info.config_file_given ) { /* read command line options from file, allow override of configuration * options from the command line and check for required options - */ + */ if( cmdline_parser_configfile( args_info.config_file_arg, &args_info, 1, 0, 1 ) != 0 ) { printf( "HTTP CRITICAL - unable to read '%s'\n", args_info.config_file_arg ); fprintf( stderr, "\n%s\n", gengetopt_args_info_usage ); @@ -137,13 +138,11 @@ int main( int argc, char *argv[] ) { curl_easy_setopt( curl, CURLOPT_PORT, args_info.port_arg ); /* compose HTTP headers */ -#if 0 /* FIXME: doesn't work with curl 7.15.2 (Centos 5.2)!! Check out why */ if( args_info.host_given ) { - snprintf( b, (size_t), "Host: %s", args_info.host_arg ); + snprintf( b2, (size_t)2048, "Host: %s", args_info.host_arg ); header_list = curl_slist_append( header_list, b ); } curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list ); -#endif /* set the error buffer */ curl_easy_setopt( curl, CURLOPT_ERRORBUFFER, errbuf ); @@ -160,6 +159,13 @@ int main( int argc, char *argv[] ) { curl_easy_setopt( curl, CURLOPT_CONNECTTIMEOUT, timeout ); curl_easy_setopt( curl, CURLOPT_TIMEOUT, timeout ); } + + /* --insecure: choose level of CA chain validation (SSL) */ + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); + if( args_info.insecure_given ) { + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 ); + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 ); + } /* do the request */ res = curl_easy_perform( curl ); diff --git a/src/check_curl.ggo b/src/check_curl.ggo index 2654c54..a34d70f 100644 --- a/src/check_curl.ggo +++ b/src/check_curl.ggo @@ -93,3 +93,26 @@ option "useragent" A "String to be sent in http header as \"User Agent\"" string typestr="STRING" optional + +option "insecure" - "Allow connections to SSL sites without certs (SSL)" + optional + +option "cacert" - "CA certificate to verify peer against (SSL)" + string + typestr="file" + optional + +option "cert" E "Client certificate file and password (SSL)" + string + typestr="file" + optional + +option "key" - "Private key file name (SSL)" + string + typestr="key" + optional + +option "pass" - "Pass phrase for the private key (SSL)" + string + typestr="pass" + optional diff --git a/tests/GNUmakefile b/tests/GNUmakefile index c9b4ae9..ca22877 100644 --- a/tests/GNUmakefile +++ b/tests/GNUmakefile @@ -21,11 +21,11 @@ local_clean: local_distclean: local_test: - $(TOPDIR)/src/check_curl --config-file clientcertcheck - $(TOPDIR)/src/check_curl --config-file connect_failure - $(TOPDIR)/src/check_curl --config-file DNS_failure - $(TOPDIR)/src/check_curl --config-file iis - $(TOPDIR)/src/check_curl --config-file not_found - $(TOPDIR)/src/check_curl --config-file openssl.org - $(TOPDIR)/src/check_curl --config-file PortalZH - $(TOPDIR)/src/check_curl --config-file useragent + -$(TOPDIR)/src/check_curl --config-file clientcertcheck + -$(TOPDIR)/src/check_curl --config-file connect_failure + -$(TOPDIR)/src/check_curl --config-file DNS_failure + -$(TOPDIR)/src/check_curl --config-file iis + -$(TOPDIR)/src/check_curl --config-file not_found + -$(TOPDIR)/src/check_curl --config-file openssl.org + -$(TOPDIR)/src/check_curl --config-file PortalZH + -$(TOPDIR)/src/check_curl --config-file useragent diff --git a/tests/clientcertcheck b/tests/clientcertcheck index 12276fd..072ec7d 100644 --- a/tests/clientcertcheck +++ b/tests/clientcertcheck @@ -3,6 +3,6 @@ w 5 c 10 t 5 S -I intranet.eurospider.com -H intranet.eurospider.com +I charon.eurospider.ch +H charon.eurospider.ch u "/" diff --git a/tests/insecure b/tests/insecure new file mode 100644 index 0000000..80a6bb9 --- /dev/null +++ b/tests/insecure @@ -0,0 +1,9 @@ +f follow +w 5 +c 10 +t 5 +S +insecure +I fozzie.eurospider.ch +H intranet.eurospider.com +u "/" diff --git a/tests/virtualhost b/tests/virtualhost new file mode 100644 index 0000000..d935109 --- /dev/null +++ b/tests/virtualhost @@ -0,0 +1,8 @@ +f follow +w 5 +c 10 +t 5 +S +I fozzie.eurospider.ch +H intranet.eurospider.com +u "/" -- cgit v1.2.3-54-g00ecf