From 864f2f68ef8e2214e6caeadd7207a7e6ede25cc3 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Mon, 28 Sep 2009 15:01:44 +0000 Subject: added all SSL options we currently need, --insecure worksm already --- src/check_curl.c | 14 ++++++++++---- src/check_curl.ggo | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/check_curl.c b/src/check_curl.c index b8adbc6..ccd22fb 100644 --- a/src/check_curl.c +++ b/src/check_curl.c @@ -38,6 +38,7 @@ int main( int argc, char *argv[] ) { curlhelp_curlbuf header_buf; CURL *curl; char b[2048]; + char b2[2048]; CURLcode res; char errbuf[CURL_ERROR_SIZE+1]; struct curl_slist *header_list = NULL; @@ -63,7 +64,7 @@ int main( int argc, char *argv[] ) { if( args_info.config_file_given ) { /* read command line options from file, allow override of configuration * options from the command line and check for required options - */ + */ if( cmdline_parser_configfile( args_info.config_file_arg, &args_info, 1, 0, 1 ) != 0 ) { printf( "HTTP CRITICAL - unable to read '%s'\n", args_info.config_file_arg ); fprintf( stderr, "\n%s\n", gengetopt_args_info_usage ); @@ -137,13 +138,11 @@ int main( int argc, char *argv[] ) { curl_easy_setopt( curl, CURLOPT_PORT, args_info.port_arg ); /* compose HTTP headers */ -#if 0 /* FIXME: doesn't work with curl 7.15.2 (Centos 5.2)!! Check out why */ if( args_info.host_given ) { - snprintf( b, (size_t), "Host: %s", args_info.host_arg ); + snprintf( b2, (size_t)2048, "Host: %s", args_info.host_arg ); header_list = curl_slist_append( header_list, b ); } curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list ); -#endif /* set the error buffer */ curl_easy_setopt( curl, CURLOPT_ERRORBUFFER, errbuf ); @@ -160,6 +159,13 @@ int main( int argc, char *argv[] ) { curl_easy_setopt( curl, CURLOPT_CONNECTTIMEOUT, timeout ); curl_easy_setopt( curl, CURLOPT_TIMEOUT, timeout ); } + + /* --insecure: choose level of CA chain validation (SSL) */ + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2 ); + if( args_info.insecure_given ) { + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 1 ); + curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 0 ); + } /* do the request */ res = curl_easy_perform( curl ); diff --git a/src/check_curl.ggo b/src/check_curl.ggo index 2654c54..a34d70f 100644 --- a/src/check_curl.ggo +++ b/src/check_curl.ggo @@ -93,3 +93,26 @@ option "useragent" A "String to be sent in http header as \"User Agent\"" string typestr="STRING" optional + +option "insecure" - "Allow connections to SSL sites without certs (SSL)" + optional + +option "cacert" - "CA certificate to verify peer against (SSL)" + string + typestr="file" + optional + +option "cert" E "Client certificate file and password (SSL)" + string + typestr="file" + optional + +option "key" - "Private key file name (SSL)" + string + typestr="key" + optional + +option "pass" - "Pass phrase for the private key (SSL)" + string + typestr="pass" + optional -- cgit v1.2.3-54-g00ecf