summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYannick Martin <yannick.martin@ovhcloud.com>2024-08-09 12:14:28 +0200
committerSven Nierlein <sven@nierlein.org>2024-08-11 22:18:28 +0200
commit78ce3144e38791a8ea2ee5832a91b24d743dccd3 (patch)
tree0479a51335dce4af2bbc013e9a767f3e437984e8
parentacbfbf3de614f03ea5f9d3942558f1661fc202a4 (diff)
downloadmonitoring-plugins-78ce314.tar.gz
check_curl: raise SSL issue when --continue-after-certificate is used
This change aims to raise the worst status between the SSL check and the HTTP check. before: check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22807 bytes in 0.076 second response time |time=0.075516s;;;0.000000;10.000000 size=22807B;;;0; 0 after: /usr/lib/nagios/ovh/check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22840 bytes in 0.090 second response time |time=0.090463s;;;0.000000;10.000000 size=22840B;;;0; 2
-rw-r--r--plugins/check_curl.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 01e2770e..4522e6c9 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -468,6 +468,7 @@ int
468check_http (void) 468check_http (void)
469{ 469{
470 int result = STATE_OK; 470 int result = STATE_OK;
471 int result_ssl = STATE_OK;
471 int page_len = 0; 472 int page_len = 0;
472 int i; 473 int i;
473 char *force_host_header = NULL; 474 char *force_host_header = NULL;
@@ -852,9 +853,9 @@ check_http (void)
852 /* check certificate with OpenSSL functions, curl has been built against OpenSSL 853 /* check certificate with OpenSSL functions, curl has been built against OpenSSL
853 * and we actually have OpenSSL in the monitoring tools 854 * and we actually have OpenSSL in the monitoring tools
854 */ 855 */
855 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 856 result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
856 if (!continue_after_check_cert) { 857 if (!continue_after_check_cert) {
857 return result; 858 return result_ssl;
858 } 859 }
859#else /* USE_OPENSSL */ 860#else /* USE_OPENSSL */
860 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); 861 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
@@ -898,17 +899,17 @@ GOT_FIRST_CERT:
898 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 899 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
899 } 900 }
900 BIO_free (cert_BIO); 901 BIO_free (cert_BIO);
901 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 902 result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
902 if (!continue_after_check_cert) { 903 if (!continue_after_check_cert) {
903 return result; 904 return result_ssl;
904 } 905 }
905#else /* USE_OPENSSL */ 906#else /* USE_OPENSSL */
906 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, 907 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
907 * so we use the libcurl CURLINFO data 908 * so we use the libcurl CURLINFO data
908 */ 909 */
909 result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); 910 result_ssl = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
910 if (!continue_after_check_cert) { 911 if (!continue_after_check_cert) {
911 return result; 912 return result_ssl;
912 } 913 }
913#endif /* USE_OPENSSL */ 914#endif /* USE_OPENSSL */
914 } else { 915 } else {
@@ -1176,7 +1177,7 @@ GOT_FIRST_CERT:
1176 } 1177 }
1177 1178
1178 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ 1179 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
1179 die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", 1180 die (max_state_alt(result, result_ssl), "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
1180 state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), 1181 state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
1181 status_line.http_code, status_line.msg, 1182 status_line.http_code, status_line.msg,
1182 strlen(msg) > 0 ? " - " : "", 1183 strlen(msg) > 0 ? " - " : "",
@@ -1186,7 +1187,7 @@ GOT_FIRST_CERT:
1186 (show_body ? body_buf.buf : ""), 1187 (show_body ? body_buf.buf : ""),
1187 (show_body ? "\n" : "") ); 1188 (show_body ? "\n" : "") );
1188 1189
1189 return result; 1190 return max_state_alt(result, result_ssl);
1190} 1191}
1191 1192
1192int 1193int