diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2017-03-19 13:30:12 +0100 |
---|---|---|
committer | Sven Nierlein <sven@nierlein.de> | 2018-10-22 16:30:31 +0200 |
commit | 3299fbe3c10c4925ca546af86907689619ee4c8a (patch) | |
tree | 8b2a37f637ba980c410f46f4b910950f24dc8164 | |
parent | 65753408889c30cfe198fdd7d374d962d6a95f08 (diff) | |
download | monitoring-plugins-3299fbe3c10c4925ca546af86907689619ee4c8a.tar.gz |
fixed handling of SSL/TLS protocol versions
-rw-r--r-- | plugins/check_curl.c | 82 |
1 files changed, 70 insertions, 12 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 1841de5f..f6eaba61 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
@@ -47,6 +47,8 @@ const char *email = "devel@monitoring-plugins.org"; | |||
47 | #include "curl/curl.h" | 47 | #include "curl/curl.h" |
48 | #include "curl/easy.h" | 48 | #include "curl/easy.h" |
49 | 49 | ||
50 | #define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch)) | ||
51 | |||
50 | #define DEFAULT_BUFFER_SIZE 2048 | 52 | #define DEFAULT_BUFFER_SIZE 2048 |
51 | #define DEFAULT_SERVER_URL "/" | 53 | #define DEFAULT_SERVER_URL "/" |
52 | #define HTTP_EXPECT "HTTP/1." | 54 | #define HTTP_EXPECT "HTTP/1." |
@@ -769,25 +771,81 @@ process_arguments (int argc, char **argv) | |||
769 | #ifdef LIBCURL_FEATURE_SSL | 771 | #ifdef LIBCURL_FEATURE_SSL |
770 | enable_ssl: | 772 | enable_ssl: |
771 | use_ssl = TRUE; | 773 | use_ssl = TRUE; |
772 | /* ssl_version initialized to CURL_SSLVERSION_TLSv1_0 as a default. Only set if it's non-zero. This helps when we include multiple | 774 | /* ssl_version initialized to CURL_SSLVERSION_TLSv1_0 as a default. |
773 | parameters, like -S and -C combinations */ | 775 | * Only set if it's non-zero. This helps when we include multiple |
776 | * parameters, like -S and -C combinations */ | ||
774 | ssl_version = CURL_SSLVERSION_TLSv1_0; | 777 | ssl_version = CURL_SSLVERSION_TLSv1_0; |
775 | if (c=='S' && optarg != NULL) { | 778 | if (c=='S' && optarg != NULL) { |
776 | int got_plus = strchr(optarg, '+') != NULL; | 779 | int got_plus = 0; |
777 | 780 | char *plus_ptr = strchr(optarg, '+'); | |
778 | if (!strncmp (optarg, "1.2", 3)) | 781 | if (plus_ptr) { |
779 | ssl_version = CURL_SSLVERSION_TLSv1_2; | 782 | got_plus = 1; |
780 | else if (!strncmp (optarg, "1.1", 3)) | 783 | *plus_ptr = '\0'; |
781 | ssl_version = CURL_SSLVERSION_TLSv1_1; | 784 | } |
782 | else if (optarg[0] == '1') | 785 | |
783 | ssl_version = CURL_SSLVERSION_TLSv1_0; | 786 | if (optarg[0] == '2') |
787 | ssl_version = CURL_SSLVERSION_SSLv2; | ||
784 | else if (optarg[0] == '3') | 788 | else if (optarg[0] == '3') |
785 | ssl_version = CURL_SSLVERSION_SSLv3; | 789 | ssl_version = CURL_SSLVERSION_SSLv3; |
786 | else if (optarg[0] == '2') | 790 | else if (!strcmp (optarg, "1") || !strcmp (optarg, "1.0")) |
787 | ssl_version = CURL_SSLVERSION_SSLv2; | 791 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) |
792 | ssl_version = CURL_SSLVERSION_TLSv1_0; | ||
793 | #else | ||
794 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3")); | ||
795 | #endif | ||
796 | else if (!strcmp (optarg, "1.1")) | ||
797 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) | ||
798 | ssl_version = CURL_SSLVERSION_TLSv1_1; | ||
799 | #else | ||
800 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3")); | ||
801 | #endif | ||
802 | else if (!strcmp (optarg, "1.2")) | ||
803 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) | ||
804 | ssl_version = CURL_SSLVERSION_TLSv1_2; | ||
805 | #else | ||
806 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3")); | ||
807 | #endif | ||
808 | else if (!strcmp (optarg, "1.3")) | ||
809 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) | ||
810 | ssl_version = CURL_SSLVERSION_TLSv1_3; | ||
811 | #else | ||
812 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2")); | ||
813 | #endif | ||
814 | |||
788 | else | 815 | else |
789 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); | 816 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); |
790 | } | 817 | } |
818 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) | ||
819 | if (got_plus) { | ||
820 | switch (ssl_version) { | ||
821 | case CURL_SSLVERSION_TLSv1_3: | ||
822 | ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3; | ||
823 | break; | ||
824 | case CURL_SSLVERSION_TLSv1_2: | ||
825 | case CURL_SSLVERSION_TLSv1_1: | ||
826 | case CURL_SSLVERSION_TLSv1_0: | ||
827 | ssl_version |= CURL_SSLVERSION_MAX_DEFAULT; | ||
828 | break; | ||
829 | } | ||
830 | } else { | ||
831 | switch (ssl_version) { | ||
832 | case CURL_SSLVERSION_TLSv1_3: | ||
833 | ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3; | ||
834 | break; | ||
835 | case CURL_SSLVERSION_TLSv1_2: | ||
836 | ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2; | ||
837 | break; | ||
838 | case CURL_SSLVERSION_TLSv1_1: | ||
839 | ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1; | ||
840 | break; | ||
841 | case CURL_SSLVERSION_TLSv1_0: | ||
842 | ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0; | ||
843 | break; | ||
844 | } | ||
845 | } | ||
846 | #endif | ||
847 | if (verbose >= 2) | ||
848 | printf(_("* Set SSL/TLS version to %d\n"), ssl_version); | ||
791 | if (server_port == HTTP_PORT) | 849 | if (server_port == HTTP_PORT) |
792 | server_port = HTTPS_PORT; | 850 | server_port = HTTPS_PORT; |
793 | #else | 851 | #else |