diff options
author | William Leibzon <william@leibzon.org> | 2012-05-21 18:46:45 -0700 |
---|---|---|
committer | Sven Nierlein <sven@nierlein.de> | 2012-06-25 12:05:16 +0200 |
commit | fa3d2a4074e1bd8526e37ba5e1a214ae4a1774cf (patch) | |
tree | 1d0c780a61db8e719502aed2a7bd9311afd23ac4 /plugins/check_http.c | |
parent | 88fdf3a8a8e17f9212e10befe1f24ff3fa1aa8e6 (diff) | |
download | monitoring-plugins-fa3d2a4074e1bd8526e37ba5e1a214ae4a1774cf.tar.gz |
applied patch that adds both critical and warning thresholds to certificate expiration checks of check_tcp, check_http, check_smtp
Diffstat (limited to 'plugins/check_http.c')
-rw-r--r-- | plugins/check_http.c | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 315848fc..703e3174 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -58,8 +58,8 @@ enum { | |||
58 | 58 | ||
59 | #ifdef HAVE_SSL | 59 | #ifdef HAVE_SSL |
60 | int check_cert = FALSE; | 60 | int check_cert = FALSE; |
61 | int days_till_exp; | ||
62 | int ssl_version; | 61 | int ssl_version; |
62 | int days_till_exp_warn, days_till_exp_crit; | ||
63 | char *randbuff; | 63 | char *randbuff; |
64 | X509 *server_cert; | 64 | X509 *server_cert; |
65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
@@ -178,6 +178,7 @@ process_arguments (int argc, char **argv) | |||
178 | { | 178 | { |
179 | int c = 1; | 179 | int c = 1; |
180 | char *p; | 180 | char *p; |
181 | char *temp; | ||
181 | 182 | ||
182 | enum { | 183 | enum { |
183 | INVERT_REGEX = CHAR_MAX + 1, | 184 | INVERT_REGEX = CHAR_MAX + 1, |
@@ -282,13 +283,25 @@ process_arguments (int argc, char **argv) | |||
282 | break; | 283 | break; |
283 | case 'C': /* Check SSL cert validity */ | 284 | case 'C': /* Check SSL cert validity */ |
284 | #ifdef HAVE_SSL | 285 | #ifdef HAVE_SSL |
285 | if (!is_intnonneg (optarg)) | 286 | if ((temp=strchr(optarg,','))!=NULL) { |
286 | usage2 (_("Invalid certificate expiration period"), optarg); | 287 | *temp='\0'; |
288 | if (!is_intnonneg (temp)) | ||
289 | usage2 (_("Invalid certificate expiration period"), optarg); | ||
290 | days_till_exp_warn = atoi(optarg); | ||
291 | *temp=','; | ||
292 | temp++; | ||
293 | if (!is_intnonneg (temp)) | ||
294 | usage2 (_("Invalid certificate expiration period"), temp); | ||
295 | days_till_exp_crit = atoi (temp); | ||
296 | } | ||
287 | else { | 297 | else { |
288 | days_till_exp = atoi (optarg); | 298 | days_till_exp_crit=0; |
289 | check_cert = TRUE; | 299 | if (!is_intnonneg (optarg)) |
300 | usage2 (_("Invalid certificate expiration period"), optarg); | ||
301 | days_till_exp_warn = atoi (optarg); | ||
290 | } | 302 | } |
291 | /* Fall through to -S option */ | 303 | check_cert = TRUE; |
304 | /* Fall through to -S option */ | ||
292 | #endif | 305 | #endif |
293 | case 'S': /* use SSL */ | 306 | case 'S': /* use SSL */ |
294 | #ifndef HAVE_SSL | 307 | #ifndef HAVE_SSL |
@@ -810,7 +823,7 @@ check_http (void) | |||
810 | if (result != STATE_OK) | 823 | if (result != STATE_OK) |
811 | return result; | 824 | return result; |
812 | if (check_cert == TRUE) { | 825 | if (check_cert == TRUE) { |
813 | result = np_net_ssl_check_cert(days_till_exp); | 826 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
814 | np_net_ssl_cleanup(); | 827 | np_net_ssl_cleanup(); |
815 | if (sd) close(sd); | 828 | if (sd) close(sd); |
816 | return result; | 829 | return result; |
@@ -1427,6 +1440,13 @@ print_help (void) | |||
1427 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | 1440 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); |
1428 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); | 1441 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); |
1429 | printf (" %s\n", _("the certificate is expired.")); | 1442 | printf (" %s\n", _("the certificate is expired.")); |
1443 | |||
1444 | printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); | ||
1445 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); | ||
1446 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | ||
1447 | printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); | ||
1448 | printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); | ||
1449 | |||
1430 | #endif | 1450 | #endif |
1431 | 1451 | ||
1432 | printf (UT_SUPPORT); | 1452 | printf (UT_SUPPORT); |
@@ -1444,6 +1464,6 @@ print_usage (void) | |||
1444 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | 1464 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); |
1445 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 1465 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |
1446 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | 1466 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); |
1447 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n"); | 1467 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n"); |
1448 | printf (" [-j method]\n"); | 1468 | printf (" [-T <content-type>] [-j method]\n"); |
1449 | } | 1469 | } |