summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Baumann <mail@andreasbaumann.cc>2017-03-19 13:30:12 +0100
committerAndreas Baumann <mail@andreasbaumann.cc>2017-03-19 13:30:12 +0100
commit501eedf8f114998e690e87bd45c886dba75276da (patch)
tree107b92e4f88d6e364aade548cd3bec3d0a94d54c
parent1bc188595efe9d03ff158aa38ec9baf8ad363c86 (diff)
downloadmonitoring-plugins-501eedf.tar.gz
fixed handling of SSL/TLS protocol versions
-rw-r--r--plugins/check_curl.c82
1 files changed, 70 insertions, 12 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 1841de5f..f6eaba61 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -47,6 +47,8 @@ const char *email = "devel@monitoring-plugins.org";
47#include "curl/curl.h" 47#include "curl/curl.h"
48#include "curl/easy.h" 48#include "curl/easy.h"
49 49
50#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch))
51
50#define DEFAULT_BUFFER_SIZE 2048 52#define DEFAULT_BUFFER_SIZE 2048
51#define DEFAULT_SERVER_URL "/" 53#define DEFAULT_SERVER_URL "/"
52#define HTTP_EXPECT "HTTP/1." 54#define HTTP_EXPECT "HTTP/1."
@@ -769,25 +771,81 @@ process_arguments (int argc, char **argv)
769#ifdef LIBCURL_FEATURE_SSL 771#ifdef LIBCURL_FEATURE_SSL
770 enable_ssl: 772 enable_ssl:
771 use_ssl = TRUE; 773 use_ssl = TRUE;
772 /* ssl_version initialized to CURL_SSLVERSION_TLSv1_0 as a default. Only set if it's non-zero. This helps when we include multiple 774 /* ssl_version initialized to CURL_SSLVERSION_TLSv1_0 as a default.
773 parameters, like -S and -C combinations */ 775 * Only set if it's non-zero. This helps when we include multiple
776 * parameters, like -S and -C combinations */
774 ssl_version = CURL_SSLVERSION_TLSv1_0; 777 ssl_version = CURL_SSLVERSION_TLSv1_0;
775 if (c=='S' && optarg != NULL) { 778 if (c=='S' && optarg != NULL) {
776 int got_plus = strchr(optarg, '+') != NULL; 779 int got_plus = 0;
777 780 char *plus_ptr = strchr(optarg, '+');
778 if (!strncmp (optarg, "1.2", 3)) 781 if (plus_ptr) {
779 ssl_version = CURL_SSLVERSION_TLSv1_2; 782 got_plus = 1;
780 else if (!strncmp (optarg, "1.1", 3)) 783 *plus_ptr = '\0';
781 ssl_version = CURL_SSLVERSION_TLSv1_1; 784 }
782 else if (optarg[0] == '1') 785
783 ssl_version = CURL_SSLVERSION_TLSv1_0; 786 if (optarg[0] == '2')
787 ssl_version = CURL_SSLVERSION_SSLv2;
784 else if (optarg[0] == '3') 788 else if (optarg[0] == '3')
785 ssl_version = CURL_SSLVERSION_SSLv3; 789 ssl_version = CURL_SSLVERSION_SSLv3;
786 else if (optarg[0] == '2') 790 else if (!strcmp (optarg, "1") || !strcmp (optarg, "1.0"))
787 ssl_version = CURL_SSLVERSION_SSLv2; 791#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
792 ssl_version = CURL_SSLVERSION_TLSv1_0;
793#else
794 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3"));
795#endif
796 else if (!strcmp (optarg, "1.1"))
797#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
798 ssl_version = CURL_SSLVERSION_TLSv1_1;
799#else
800 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3"));
801#endif
802 else if (!strcmp (optarg, "1.2"))
803#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
804 ssl_version = CURL_SSLVERSION_TLSv1_2;
805#else
806 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3"));
807#endif
808 else if (!strcmp (optarg, "1.3"))
809#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
810 ssl_version = CURL_SSLVERSION_TLSv1_3;
811#else
812 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2"));
813#endif
814
788 else 815 else
789 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); 816 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
790 } 817 }
818#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
819 if (got_plus) {
820 switch (ssl_version) {
821 case CURL_SSLVERSION_TLSv1_3:
822 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
823 break;
824 case CURL_SSLVERSION_TLSv1_2:
825 case CURL_SSLVERSION_TLSv1_1:
826 case CURL_SSLVERSION_TLSv1_0:
827 ssl_version |= CURL_SSLVERSION_MAX_DEFAULT;
828 break;
829 }
830 } else {
831 switch (ssl_version) {
832 case CURL_SSLVERSION_TLSv1_3:
833 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
834 break;
835 case CURL_SSLVERSION_TLSv1_2:
836 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2;
837 break;
838 case CURL_SSLVERSION_TLSv1_1:
839 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1;
840 break;
841 case CURL_SSLVERSION_TLSv1_0:
842 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0;
843 break;
844 }
845 }
846#endif
847 if (verbose >= 2)
848 printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
791 if (server_port == HTTP_PORT) 849 if (server_port == HTTP_PORT)
792 server_port = HTTPS_PORT; 850 server_port = HTTPS_PORT;
793#else 851#else