From 423bb964723fce340f77b0346bce6839bbdef2c4 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Mon, 28 Sep 2009 15:40:47 +0000 Subject: finish for release 0.0.3, added CA and client certificate handling --- src/check_curl.c | 27 ++++++++++++++++++++++++--- src/check_curl.ggo | 10 ++++------ 2 files changed, 28 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/check_curl.c b/src/check_curl.c index ccd22fb..cfef2cf 100644 --- a/src/check_curl.c +++ b/src/check_curl.c @@ -160,13 +160,34 @@ int main( int argc, char *argv[] ) { curl_easy_setopt( curl, CURLOPT_TIMEOUT, timeout ); } - /* --insecure: choose level of CA chain validation (SSL) */ + /* --cacert: CA certificate file to verify SSL connection against (SSL) */ curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); + if( args_info.cacert_given ) { + curl_easy_setopt( curl, CURLOPT_CAINFO, args_info.cacert_arg ); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1 ); + } + + /* --insecure: choose level of CA chain validation (SSL) */ if( args_info.insecure_given ) { - curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 ); curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 ); - } + /* --verify-host: make it an additional option, not as in curl! (SSL) */ + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 ); + if( args_info.verify_host_given ) { + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); + } + } + + /* --cert: client certificate to present to server (SSL) */ + if( args_info.cert_given ) { + curl_easy_setopt( curl, CURLOPT_SSLCERT, args_info.cert_arg ); + } + + /* --key: key of the client certificate (SSL) */ + if( args_info.key_given ) { + curl_easy_setopt( curl, CURLOPT_SSLKEY, args_info.key_arg ); + } + /* do the request */ res = curl_easy_perform( curl ); diff --git a/src/check_curl.ggo b/src/check_curl.ggo index a34d70f..da5d116 100644 --- a/src/check_curl.ggo +++ b/src/check_curl.ggo @@ -15,7 +15,7 @@ # along with this program. If not, see . package "check_url" -version "0.0.1" +version "0.0.3" purpose "Nagios plugin using libcurl and libpcre for http checks Copyright (c)2008 Andreas Baumann " @@ -97,6 +97,9 @@ option "useragent" A "String to be sent in http header as \"User Agent\"" option "insecure" - "Allow connections to SSL sites without certs (SSL)" optional +option "verify-host" - "Verify that the host and the certificate host match (SSL)" + optional + option "cacert" - "CA certificate to verify peer against (SSL)" string typestr="file" @@ -111,8 +114,3 @@ option "key" - "Private key file name (SSL)" string typestr="key" optional - -option "pass" - "Pass phrase for the private key (SSL)" - string - typestr="pass" - optional -- cgit v1.2.3-54-g00ecf