upstream/monitoring-plugins
1
0
Fork 0
mirror of https://github.com/monitoring-plugins/monitoring-plugins.git synced 2026-04-29 01:59:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1762 from monitoring-plugins/continue_after_certificate

Browse source 
check_http/checkcurl: added --continue-after-certificate (backport from nagios-plugins)
This commit is contained in:
Andreas Baumann 2022-04-10 18:03:53 +02:00 committed by GitHub
commit 2430d54084
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
plugins/check_curl.c
View file

@ -193,6 +193,7 @@ int followsticky = STICKY_NONE;
int use_ssl = FALSE;
int use_sni = TRUE;
int check_cert = FALSE;
int continue_after_check_cert = FALSE;
typedef union {
struct curl_slist* to_info;
struct curl_certinfo* to_certinfo;
@ -754,7 +755,9 @@ check_http (void)
* and we actually have OpenSSL in the monitoring tools
*/
result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
return result;
if (continue_after_check_cert == FALSE) {
return result;
}
#else /* USE_OPENSSL */
die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
#endif /* USE_OPENSSL */
@ -794,13 +797,17 @@ GOT_FIRST_CERT:
}
BIO_free (cert_BIO);
result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
return result;
if (continue_after_check_cert == FALSE) {
return result;
}
#else /* USE_OPENSSL */
/* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
* so we use the libcurl CURLINFO data
*/
result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
return result;
if (continue_after_check_cert == FALSE) {
return result;
}
#endif /* USE_OPENSSL */
} else {
snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv)
INVERT_REGEX = CHAR_MAX + 1,
SNI_OPTION,
MAX_REDIRS_OPTION,
CONTINUE_AFTER_CHECK_CERT,
CA_CERT_OPTION,
HTTP_VERSION_OPTION,
AUTOMATIC_DECOMPRESSION
@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv)
{"private-key", required_argument, 0, 'K'},
{"ca-cert", required_argument, 0, CA_CERT_OPTION},
{"verify-cert", no_argument, 0, 'D'},
{"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
{"useragent", required_argument, 0, 'A'},
{"header", required_argument, 0, 'k'},
{"no-body", no_argument, 0, 'N'},
@ -1402,6 +1411,11 @@ process_arguments (int argc, char **argv)
}
check_cert = TRUE;
goto enable_ssl;
#endif
case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
#ifdef HAVE_SSL
continue_after_check_cert = TRUE;
break;
#endif
case 'J': /* use client certificate */
#ifdef LIBCURL_FEATURE_SSL
@ -1800,7 +1814,11 @@ print_help (void)
#endif
printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
printf (" %s\n", _("(when this option is used the URL is not checked.)"));
printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use"));
printf (" %s\n", _(" --continue-after-certificate to override this behavior)"));
printf (" %s\n", "--continue-after-certificate");
printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
printf (" %s\n", _("Does nothing unless -C is used."));
printf (" %s\n", "-J, --client-cert=FILE");
printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
printf (" %s\n", _("to be used in establishing the SSL session"));

24
plugins/check_http.c
View file

@ -58,6 +58,7 @@ enum {
#ifdef HAVE_SSL
int check_cert = FALSE;
int continue_after_check_cert = FALSE;
int ssl_version = 0;
int days_till_exp_warn, days_till_exp_crit;
char *randbuff;
@ -205,7 +206,8 @@ process_arguments (int argc, char **argv)
enum {
INVERT_REGEX = CHAR_MAX + 1,
SNI_OPTION,
MAX_REDIRS_OPTION
MAX_REDIRS_OPTION,
CONTINUE_AFTER_CHECK_CERT
};
int option = 0;
@ -233,6 +235,7 @@ process_arguments (int argc, char **argv)
{"certificate", required_argument, 0, 'C'},
{"client-cert", required_argument, 0, 'J'},
{"private-key", required_argument, 0, 'K'},
{"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
{"useragent", required_argument, 0, 'A'},
{"header", required_argument, 0, 'k'},
{"no-body", no_argument, 0, 'N'},
@ -331,6 +334,11 @@ process_arguments (int argc, char **argv)
}
check_cert = TRUE;
goto enable_ssl;
#endif
case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
#ifdef HAVE_SSL
continue_after_check_cert = TRUE;
break;
#endif
case 'J': /* use client certificate */
#ifdef HAVE_SSL
@ -981,9 +989,11 @@ check_http (void)
elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
if (sd) close(sd);
np_net_ssl_cleanup();
return result;
if (continue_after_check_cert == FALSE) {
if (sd) close(sd);
np_net_ssl_cleanup();
return result;
}
}
}
#endif /* HAVE_SSL */
@ -1608,7 +1618,11 @@ print_help (void)
printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
printf (" %s\n", _("(when this option is used the URL is not checked.)"));
printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use"));
printf (" %s\n", _(" --continue-after-certificate to override this behavior)"));
printf (" %s\n", "--continue-after-certificate");
printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
printf (" %s\n", _("Does nothing unless -C is used."));
printf (" %s\n", "-J, --client-cert=FILE");
printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
printf (" %s\n", _("to be used in establishing the SSL session"));