diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2022-04-10 16:31:47 +0200 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2022-04-10 16:31:47 +0200 |
commit | 455fdc1072b85e7d05783546d9e99ed2e61716de (patch) | |
tree | 3c25998485c7cf4fd05f03589a7024e51082427a | |
parent | 066b6e68242b5e7a6f1eb665df9b227d896aec66 (diff) | |
download | monitoring-plugins-455fdc1072b85e7d05783546d9e99ed2e61716de.tar.gz |
check_http: added option --continue-after-certificate (#1761)
-rw-r--r-- | plugins/check_http.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index df2a79c2..f8ec853b 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -58,6 +58,7 @@ enum { | |||
58 | 58 | ||
59 | #ifdef HAVE_SSL | 59 | #ifdef HAVE_SSL |
60 | int check_cert = FALSE; | 60 | int check_cert = FALSE; |
61 | int continue_after_check_cert = FALSE; | ||
61 | int ssl_version = 0; | 62 | int ssl_version = 0; |
62 | int days_till_exp_warn, days_till_exp_crit; | 63 | int days_till_exp_warn, days_till_exp_crit; |
63 | char *randbuff; | 64 | char *randbuff; |
@@ -205,7 +206,8 @@ process_arguments (int argc, char **argv) | |||
205 | enum { | 206 | enum { |
206 | INVERT_REGEX = CHAR_MAX + 1, | 207 | INVERT_REGEX = CHAR_MAX + 1, |
207 | SNI_OPTION, | 208 | SNI_OPTION, |
208 | MAX_REDIRS_OPTION | 209 | MAX_REDIRS_OPTION, |
210 | CONTINUE_AFTER_CHECK_CERT | ||
209 | }; | 211 | }; |
210 | 212 | ||
211 | int option = 0; | 213 | int option = 0; |
@@ -233,6 +235,7 @@ process_arguments (int argc, char **argv) | |||
233 | {"certificate", required_argument, 0, 'C'}, | 235 | {"certificate", required_argument, 0, 'C'}, |
234 | {"client-cert", required_argument, 0, 'J'}, | 236 | {"client-cert", required_argument, 0, 'J'}, |
235 | {"private-key", required_argument, 0, 'K'}, | 237 | {"private-key", required_argument, 0, 'K'}, |
238 | {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, | ||
236 | {"useragent", required_argument, 0, 'A'}, | 239 | {"useragent", required_argument, 0, 'A'}, |
237 | {"header", required_argument, 0, 'k'}, | 240 | {"header", required_argument, 0, 'k'}, |
238 | {"no-body", no_argument, 0, 'N'}, | 241 | {"no-body", no_argument, 0, 'N'}, |
@@ -332,6 +335,11 @@ process_arguments (int argc, char **argv) | |||
332 | check_cert = TRUE; | 335 | check_cert = TRUE; |
333 | goto enable_ssl; | 336 | goto enable_ssl; |
334 | #endif | 337 | #endif |
338 | case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ | ||
339 | #ifdef HAVE_SSL | ||
340 | continue_after_check_cert = TRUE; | ||
341 | break; | ||
342 | #endif | ||
335 | case 'J': /* use client certificate */ | 343 | case 'J': /* use client certificate */ |
336 | #ifdef HAVE_SSL | 344 | #ifdef HAVE_SSL |
337 | test_file(optarg); | 345 | test_file(optarg); |
@@ -981,9 +989,11 @@ check_http (void) | |||
981 | elapsed_time_ssl = (double)microsec_ssl / 1.0e6; | 989 | elapsed_time_ssl = (double)microsec_ssl / 1.0e6; |
982 | if (check_cert == TRUE) { | 990 | if (check_cert == TRUE) { |
983 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | 991 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
984 | if (sd) close(sd); | 992 | if (continue_after_check_cert == FALSE) { |
985 | np_net_ssl_cleanup(); | 993 | if (sd) close(sd); |
986 | return result; | 994 | np_net_ssl_cleanup(); |
995 | return result; | ||
996 | } | ||
987 | } | 997 | } |
988 | } | 998 | } |
989 | #endif /* HAVE_SSL */ | 999 | #endif /* HAVE_SSL */ |
@@ -1608,7 +1618,11 @@ print_help (void) | |||
1608 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | 1618 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); |
1609 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); | 1619 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); |
1610 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); | 1620 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); |
1611 | printf (" %s\n", _("(when this option is used the URL is not checked.)")); | 1621 | printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); |
1622 | printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); | ||
1623 | printf (" %s\n", "--continue-after-certificate"); | ||
1624 | printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); | ||
1625 | printf (" %s\n", _("Does nothing unless -C is used.")); | ||
1612 | printf (" %s\n", "-J, --client-cert=FILE"); | 1626 | printf (" %s\n", "-J, --client-cert=FILE"); |
1613 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); | 1627 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); |
1614 | printf (" %s\n", _("to be used in establishing the SSL session")); | 1628 | printf (" %s\n", _("to be used in establishing the SSL session")); |