summaryrefslogtreecommitdiffstats
path: root/plugins/check_http.c
diff options
context:
space:
mode:
authorHolger Weiss <holger@zedat.fu-berlin.de>2015-10-06 12:57:29 +0200
committerHolger Weiss <holger@zedat.fu-berlin.de>2015-10-06 12:57:29 +0200
commit5029714a9dcd308e5bc813a29bd1a38bfc7ecee7 (patch)
tree323e5572fd157d5f41fede5cc71f89005cbb9db2 /plugins/check_http.c
parentdbd38bf7ec95c886b252d5ee0a66735f2f4a47c5 (diff)
parentf43083c6a9d5d9e66d42e7cd0b698b7eb1ecf822 (diff)
downloadmonitoring-plugins-5029714a9dcd308e5bc813a29bd1a38bfc7ecee7.tar.gz
Merge branch 'pr/1373'
* pr/1373: check_http: Allow for requesting TLSv1.1/TLSv1.2
Diffstat (limited to 'plugins/check_http.c')
-rw-r--r--plugins/check_http.c22
1 files changed, 17 insertions, 5 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 68b470ce..2038f4a1 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -343,9 +343,20 @@ process_arguments (int argc, char **argv)
343 parameters, like -S and -C combinations */ 343 parameters, like -S and -C combinations */
344 use_ssl = TRUE; 344 use_ssl = TRUE;
345 if (c=='S' && optarg != NULL) { 345 if (c=='S' && optarg != NULL) {
346 ssl_version = atoi(optarg); 346 int got_plus = strchr(optarg, '+') != NULL;
347 if (ssl_version < 1 || ssl_version > 3) 347
348 usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); 348 if (!strncmp (optarg, "1.2", 3))
349 ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
350 else if (!strncmp (optarg, "1.1", 3))
351 ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
352 else if (optarg[0] == '1')
353 ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
354 else if (optarg[0] == '3')
355 ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
356 else if (optarg[0] == '2')
357 ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
358 else
359 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
349 } 360 }
350 if (specify_port == FALSE) 361 if (specify_port == FALSE)
351 server_port = HTTPS_PORT; 362 server_port = HTTPS_PORT;
@@ -1514,9 +1525,10 @@ print_help (void)
1514 printf (UT_IPv46); 1525 printf (UT_IPv46);
1515 1526
1516#ifdef HAVE_SSL 1527#ifdef HAVE_SSL
1517 printf (" %s\n", "-S, --ssl=VERSION"); 1528 printf (" %s\n", "-S, --ssl=VERSION[+]");
1518 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); 1529 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1519 printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); 1530 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
1531 printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
1520 printf (" %s\n", "--sni"); 1532 printf (" %s\n", "--sni");
1521 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1533 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1522 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 1534 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");