From e86b06ba2cbf8779fa92b9b76c4229e15d173185 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Fri, 6 Jan 2017 19:47:36 +0100
Subject: added an --insecure switch for SSL connections with self-signed
 certificates

---
 src/check_curl.c   |  6 ++++++
 src/check_curl.ggo |  5 ++++-
 src/cmdline.c      | 38 +++++++++++++++++++++++++++++---------
 src/cmdline.h      |  4 +++-
 4 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/src/check_curl.c b/src/check_curl.c
index c014359..bbb8d12 100644
--- a/src/check_curl.c
+++ b/src/check_curl.c
@@ -202,6 +202,12 @@ int main( int argc, char *argv[] ) {
 		curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 0 );
 	}
 	
+	/* --insecure: allow SSL connections totally insecurely (for self-signed certificates) */
+	if( args_info.insecure_given ) {
+		curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 );
+		curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 0 );
+	}
+	
 	/* --cert: client certificate to present to server (SSL) */
 	if( args_info.cert_given ) {
 		curl_easy_setopt( curl, CURLOPT_SSLCERT, args_info.cert_arg );
diff --git a/src/check_curl.ggo b/src/check_curl.ggo
index 532a5ff..6e27c84 100644
--- a/src/check_curl.ggo
+++ b/src/check_curl.ggo
@@ -94,7 +94,10 @@ option "useragent"	A	"String to be sent in http header as \"User Agent\""
 	typestr="STRING"
 	optional
 
-option	"no-verify-peer"	-	"Allow connections to SSL sites without certs (SSL)"
+option	"insecure"		-	"Allow insecure SSL connections"
+	optional
+	
+option	"no-verify-peer"	-	"Allow connections to SSL sites without verifying certificates (SSL)"
 	optional
 
 option	"no-verify-host"	-	"Don't verify that the host and the certificate host match (SSL)"
diff --git a/src/cmdline.c b/src/cmdline.c
index e401729..9e3e9ed 100644
--- a/src/cmdline.c
+++ b/src/cmdline.c
@@ -49,7 +49,8 @@ const char *gengetopt_args_info_help[] = {
   "  -s, --string=STRING           String to expect in the content",
   "  -S, --ssl                     Connect via SSL. Port defaults to 443",
   "  -A, --useragent=STRING        String to be sent in http header as \"User\n                                  Agent\"",
-  "      --no-verify-peer          Allow connections to SSL sites without certs\n                                  (SSL)",
+  "      --insecure                Allow insecure SSL connections",
+  "      --no-verify-peer          Allow connections to SSL sites without\n                                  verifying certificates (SSL)",
   "      --no-verify-host          Don't verify that the host and the certificate\n                                  host match (SSL)",
   "      --cacert=file             CA certificate to verify peer against (SSL)",
   "  -E, --cert=file               Client certificate file and password (SSL)",
@@ -126,6 +127,7 @@ void clear_given (struct gengetopt_args_info *args_info)
   args_info->string_given = 0 ;
   args_info->ssl_given = 0 ;
   args_info->useragent_given = 0 ;
+  args_info->insecure_given = 0 ;
   args_info->no_verify_peer_given = 0 ;
   args_info->no_verify_host_given = 0 ;
   args_info->cacert_given = 0 ;
@@ -193,13 +195,14 @@ void init_args_info(struct gengetopt_args_info *args_info)
   args_info->string_help = gengetopt_args_info_help[13] ;
   args_info->ssl_help = gengetopt_args_info_help[14] ;
   args_info->useragent_help = gengetopt_args_info_help[15] ;
-  args_info->no_verify_peer_help = gengetopt_args_info_help[16] ;
-  args_info->no_verify_host_help = gengetopt_args_info_help[17] ;
-  args_info->cacert_help = gengetopt_args_info_help[18] ;
-  args_info->cert_help = gengetopt_args_info_help[19] ;
-  args_info->key_help = gengetopt_args_info_help[20] ;
-  args_info->digest_help = gengetopt_args_info_help[21] ;
-  args_info->protocol_help = gengetopt_args_info_help[22] ;
+  args_info->insecure_help = gengetopt_args_info_help[16] ;
+  args_info->no_verify_peer_help = gengetopt_args_info_help[17] ;
+  args_info->no_verify_host_help = gengetopt_args_info_help[18] ;
+  args_info->cacert_help = gengetopt_args_info_help[19] ;
+  args_info->cert_help = gengetopt_args_info_help[20] ;
+  args_info->key_help = gengetopt_args_info_help[21] ;
+  args_info->digest_help = gengetopt_args_info_help[22] ;
+  args_info->protocol_help = gengetopt_args_info_help[23] ;
   
 }
 
@@ -429,6 +432,8 @@ cmdline_parser_dump(FILE *outfile, struct gengetopt_args_info *args_info)
     write_into_file(outfile, "ssl", 0, 0 );
   if (args_info->useragent_given)
     write_into_file(outfile, "useragent", args_info->useragent_orig, 0);
+  if (args_info->insecure_given)
+    write_into_file(outfile, "insecure", 0, 0 );
   if (args_info->no_verify_peer_given)
     write_into_file(outfile, "no-verify-peer", 0, 0 );
   if (args_info->no_verify_host_given)
@@ -1407,6 +1412,7 @@ cmdline_parser_internal (
         { "string",	1, NULL, 's' },
         { "ssl",	0, NULL, 'S' },
         { "useragent",	1, NULL, 'A' },
+        { "insecure",	0, NULL, 0 },
         { "no-verify-peer",	0, NULL, 0 },
         { "no-verify-host",	0, NULL, 0 },
         { "cacert",	1, NULL, 0 },
@@ -1632,7 +1638,21 @@ cmdline_parser_internal (
               goto failure;
           
           }
-          /* Allow connections to SSL sites without certs (SSL).  */
+          /* Allow insecure SSL connections.  */
+          else if (strcmp (long_options[option_index].name, "insecure") == 0)
+          {
+          
+          
+            if (update_arg( 0 , 
+                 0 , &(args_info->insecure_given),
+                &(local_args_info.insecure_given), optarg, 0, 0, ARG_NO,
+                check_ambiguity, override, 0, 0,
+                "insecure", '-',
+                additional_error))
+              goto failure;
+          
+          }
+          /* Allow connections to SSL sites without verifying certificates (SSL).  */
           else if (strcmp (long_options[option_index].name, "no-verify-peer") == 0)
           {
           
diff --git a/src/cmdline.h b/src/cmdline.h
index 09b27b3..13b1d8f 100644
--- a/src/cmdline.h
+++ b/src/cmdline.h
@@ -79,7 +79,8 @@ struct gengetopt_args_info
   char * useragent_arg;	/**< @brief String to be sent in http header as \"User Agent\".  */
   char * useragent_orig;	/**< @brief String to be sent in http header as \"User Agent\" original value given at command line.  */
   const char *useragent_help; /**< @brief String to be sent in http header as \"User Agent\" help description.  */
-  const char *no_verify_peer_help; /**< @brief Allow connections to SSL sites without certs (SSL) help description.  */
+  const char *insecure_help; /**< @brief Allow insecure SSL connections help description.  */
+  const char *no_verify_peer_help; /**< @brief Allow connections to SSL sites without verifying certificates (SSL) help description.  */
   const char *no_verify_host_help; /**< @brief Don't verify that the host and the certificate host match (SSL) help description.  */
   char * cacert_arg;	/**< @brief CA certificate to verify peer against (SSL).  */
   char * cacert_orig;	/**< @brief CA certificate to verify peer against (SSL) original value given at command line.  */
@@ -111,6 +112,7 @@ struct gengetopt_args_info
   unsigned int string_given ;	/**< @brief Whether string was given.  */
   unsigned int ssl_given ;	/**< @brief Whether ssl was given.  */
   unsigned int useragent_given ;	/**< @brief Whether useragent was given.  */
+  unsigned int insecure_given ;	/**< @brief Whether insecure was given.  */
   unsigned int no_verify_peer_given ;	/**< @brief Whether no-verify-peer was given.  */
   unsigned int no_verify_host_given ;	/**< @brief Whether no-verify-host was given.  */
   unsigned int cacert_given ;	/**< @brief Whether cacert was given.  */
-- 
cgit v1.2.3-54-g00ecf