[monitoring-plugins] added -ca-file option

[Sven Nierlein]

    Module: monitoring-plugins
    Branch: feature_check_curl
    Commit: a7d30792e3d4d815eb54187e6bc25db95dc62413
    Author: Andreas Baumann <mail at andreasbaumann.cc>
 Committer: Sven Nierlein <sven at nierlein.de>
      Date: Sat Jan 21 13:16:13 2017 +0100
       URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=a7d3079

added -ca-file option

---

 plugins/check_curl.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 30c947f..3b4f2ed 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -105,6 +105,7 @@ int check_cert = FALSE;
 int ssl_version = CURL_SSLVERSION_DEFAULT;
 char *client_cert = NULL;
 char *client_privkey = NULL;
+char *ca_cert = NULL;
 
 int process_arguments (int, char**);
 void print_help (void);
@@ -192,6 +193,8 @@ main (int argc, char **argv)
     curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert);
   if (client_privkey)
     curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey);
+  if (ca_cert)
+    curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert);
 
   /* per default if we have a CA verify both the peer and the
    * hostname in the certificate, can be switched off later */
@@ -372,7 +375,8 @@ process_arguments (int argc, char **argv)
   int c;
 
   enum {
-    SNI_OPTION
+    SNI_OPTION = CHAR_MAX + 1,
+    CA_CERT_OPTION
   };
 
   int option=0;
@@ -387,6 +391,7 @@ process_arguments (int argc, char **argv)
     {"onredirect", required_argument, 0, 'f'},
     {"client-cert", required_argument, 0, 'J'},
     {"private-key", required_argument, 0, 'K'},
+    {"ca-cert", required_argument, 0, CA_CERT_OPTION},
     {"useragent", required_argument, 0, 'A'},
     {"certificate", required_argument, 0, 'C'},
     {0, 0, 0, 0}
@@ -469,6 +474,12 @@ process_arguments (int argc, char **argv)
       client_privkey = optarg;
       goto enable_ssl;
 #endif
+#ifdef LIBCURL_FEATURE_SSL
+    case CA_CERT_OPTION: /* use CA chain file */
+      test_file(optarg);
+      ca_cert = optarg;
+      goto enable_ssl;
+#endif
     case 'S': /* use SSL */
 #ifdef LIBCURL_FEATURE_SSL
     enable_ssl:
@@ -621,6 +632,8 @@ print_help (void)
   printf (" %s\n", "-K, --private-key=FILE");
   printf ("   %s\n", _("Name of file containing the private key (PEM format)"));
   printf ("   %s\n", _("matching the client certificate"));
+  printf (" %s\n", "--ca-cert=FILE");
+  printf ("   %s\n", _("CA certificate file to verify peer against"));
 #endif
 
   printf (" %s\n", "-s, --string=STRING");
@@ -649,7 +662,7 @@ print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
   printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
-  printf ("       [-J <client certificate file>] [-K <private key>]\n");
+  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>]\n");
   printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-a auth]\n");
   printf ("       [-f <ok|warning|critcal|follow>]\n");
   printf ("       [-A string] [-S <version>] [-C]\n");