diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2017-04-21 13:07:51 (GMT) |
---|---|---|
committer | Sven Nierlein <sven@nierlein.de> | 2018-10-22 14:30:31 (GMT) |
commit | 229b9e53e17809003346df31e4c8899248f83e6f (patch) | |
tree | e4a5e4e909fff5a1bf58b27984ea7b21181ae31b /plugins | |
parent | 2da757519649f8806be1741ce7232724e5a03f24 (diff) | |
download | monitoring-plugins-229b9e53e17809003346df31e4c8899248f83e6f.tar.gz |
handling the -C check now when compiled with OpenSSL but libcurl is not compiled with OpenSSL
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_curl.c | 47 |
1 files changed, 41 insertions, 6 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 6575af7..878276e 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
@@ -531,24 +531,59 @@ check_http (void) | |||
531 | if (use_ssl == TRUE) { | 531 | if (use_ssl == TRUE) { |
532 | if (check_cert == TRUE) { | 532 | if (check_cert == TRUE) { |
533 | if (is_openssl_callback) { | 533 | if (is_openssl_callback) { |
534 | #ifdef HAVE_SSL | 534 | #ifdef USE_OPENSSL |
535 | /* check certificate with OpenSSL functions, curl has been built against OpenSSL | 535 | /* check certificate with OpenSSL functions, curl has been built against OpenSSL |
536 | * and we actually have OpenSSL in the monitoring tools | 536 | * and we actually have OpenSSL in the monitoring tools |
537 | */ | 537 | */ |
538 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | 538 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); |
539 | return result; | 539 | return result; |
540 | #else /* HAVE_SSL */ | 540 | #else /* USE_OPENSSL */ |
541 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); | 541 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); |
542 | #endif /* HAVE_SSL */ | 542 | #endif /* USE_OPENSSL */ |
543 | } else { | 543 | } else { |
544 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, | 544 | int i; |
545 | * so we use the libcurl CURLINFO data | 545 | struct curl_slist *slist; |
546 | */ | 546 | |
547 | cert_ptr.to_info = NULL; | 547 | cert_ptr.to_info = NULL; |
548 | res = curl_easy_getinfo (curl, CURLINFO_CERTINFO, &cert_ptr.to_info); | 548 | res = curl_easy_getinfo (curl, CURLINFO_CERTINFO, &cert_ptr.to_info); |
549 | if (!res && cert_ptr.to_info) { | 549 | if (!res && cert_ptr.to_info) { |
550 | #ifdef USE_OPENSSL | ||
551 | /* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert parsing | ||
552 | * We only check the first certificate and assume it's the one of the server | ||
553 | */ | ||
554 | const char* raw_cert = NULL; | ||
555 | for (i = 0; i < cert_ptr.to_certinfo->num_of_certs; i++) { | ||
556 | for (slist = cert_ptr.to_certinfo->certinfo[i]; slist; slist = slist->next) { | ||
557 | if (verbose >= 2) | ||
558 | printf ("%d ** %s\n", i, slist->data); | ||
559 | if (strncmp (slist->data, "Cert:", 5) == 0) { | ||
560 | raw_cert = &slist->data[5]; | ||
561 | goto GOT_FIRST_CERT; | ||
562 | } | ||
563 | } | ||
564 | } | ||
565 | GOT_FIRST_CERT: | ||
566 | if (!raw_cert) { | ||
567 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty")); | ||
568 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); | ||
569 | } | ||
570 | BIO* cert_BIO = BIO_new (BIO_s_mem()); | ||
571 | BIO_write (cert_BIO, raw_cert, strlen(raw_cert)); | ||
572 | cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL); | ||
573 | if (!cert) { | ||
574 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error")); | ||
575 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); | ||
576 | } | ||
577 | BIO_free (cert_BIO); | ||
578 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | ||
579 | return result; | ||
580 | #else /* USE_OPENSSL */ | ||
581 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, | ||
582 | * so we use the libcurl CURLINFO data | ||
583 | */ | ||
550 | result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); | 584 | result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); |
551 | return result; | 585 | return result; |
586 | #endif /* USE_OPENSSL */ | ||
552 | } else { | 587 | } else { |
553 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), | 588 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), |
554 | res, curl_easy_strerror(res)); | 589 | res, curl_easy_strerror(res)); |