diff options
author | Sven Nierlein <sven@nierlein.org> | 2015-10-02 14:00:09 (GMT) |
---|---|---|
committer | Sven Nierlein <sven@nierlein.org> | 2015-10-02 14:00:09 (GMT) |
commit | 7811f31018a9bb81bfb8e8995de366829b50e7b4 (patch) | |
tree | a62f113bce908d935b7db42baa612d0477639717 /plugins | |
parent | ccae9fea1d90b11e1a7b5c7f8bfde1bd8d2f79c6 (diff) | |
parent | 342dd1b97fd3423cb6368fedbb6c729f3c3b6243 (diff) | |
download | monitoring-plugins-7811f31018a9bb81bfb8e8995de366829b50e7b4.tar.gz |
Merge pull request #1349 from waja/check_http_ssl_via_proxy
check_http: Adding support for checking SSL-Websites through Proxies
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_http.c | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 5167997..2437406 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -875,11 +875,35 @@ check_http (void) | |||
875 | if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK) | 875 | if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK) |
876 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | 876 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); |
877 | microsec_connect = deltime (tv_temp); | 877 | microsec_connect = deltime (tv_temp); |
878 | |||
879 | /* if we are called with the -I option, the -j method is CONNECT and */ | ||
880 | /* we received -S for SSL, then we tunnel the request through a proxy*/ | ||
881 | /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */ | ||
882 | |||
883 | if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 | ||
884 | && host_name != NULL && use_ssl == TRUE) { | ||
885 | |||
886 | if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); | ||
887 | asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); | ||
888 | asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); | ||
889 | asprintf (&buf, "%sHost: %s\r\n", buf, host_name); | ||
890 | /* we finished our request, send empty line with CRLF */ | ||
891 | asprintf (&buf, "%s%s", buf, CRLF); | ||
892 | if (verbose) printf ("%s\n", buf); | ||
893 | send(sd, buf, strlen (buf), 0); | ||
894 | buf[0]='\0'; | ||
895 | |||
896 | if (verbose) printf ("Receive response from proxy\n"); | ||
897 | read (sd, buffer, MAX_INPUT_BUFFER-1); | ||
898 | if (verbose) printf ("%s", buffer); | ||
899 | /* Here we should check if we got HTTP/1.1 200 Connection established */ | ||
900 | } | ||
878 | #ifdef HAVE_SSL | 901 | #ifdef HAVE_SSL |
879 | elapsed_time_connect = (double)microsec_connect / 1.0e6; | 902 | elapsed_time_connect = (double)microsec_connect / 1.0e6; |
880 | if (use_ssl == TRUE) { | 903 | if (use_ssl == TRUE) { |
881 | gettimeofday (&tv_temp, NULL); | 904 | gettimeofday (&tv_temp, NULL); |
882 | result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); | 905 | result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); |
906 | if (verbose) printf ("SSL initialized\n"); | ||
883 | if (result != STATE_OK) | 907 | if (result != STATE_OK) |
884 | die (STATE_CRITICAL, NULL); | 908 | die (STATE_CRITICAL, NULL); |
885 | microsec_ssl = deltime (tv_temp); | 909 | microsec_ssl = deltime (tv_temp); |
@@ -893,7 +917,11 @@ check_http (void) | |||
893 | } | 917 | } |
894 | #endif /* HAVE_SSL */ | 918 | #endif /* HAVE_SSL */ |
895 | 919 | ||
896 | xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); | 920 | if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 |
921 | && host_name != NULL && use_ssl == TRUE) | ||
922 | asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); | ||
923 | else | ||
924 | asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); | ||
897 | 925 | ||
898 | /* tell HTTP/1.1 servers not to keep the connection alive */ | 926 | /* tell HTTP/1.1 servers not to keep the connection alive */ |
899 | xasprintf (&buf, "%sConnection: close\r\n", buf); | 927 | xasprintf (&buf, "%sConnection: close\r\n", buf); |
@@ -906,7 +934,9 @@ check_http (void) | |||
906 | * (default) port is explicitly specified in the "Host:" header line. | 934 | * (default) port is explicitly specified in the "Host:" header line. |
907 | */ | 935 | */ |
908 | if ((use_ssl == FALSE && server_port == HTTP_PORT) || | 936 | if ((use_ssl == FALSE && server_port == HTTP_PORT) || |
909 | (use_ssl == TRUE && server_port == HTTPS_PORT)) | 937 | (use_ssl == TRUE && server_port == HTTPS_PORT) || |
938 | ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 | ||
939 | && host_name != NULL && use_ssl == TRUE)) | ||
910 | xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); | 940 | xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); |
911 | else | 941 | else |
912 | xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); | 942 | xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); |
@@ -1496,7 +1526,7 @@ print_help (void) | |||
1496 | printf (" %s\n", _("URL to GET or POST (default: /)")); | 1526 | printf (" %s\n", _("URL to GET or POST (default: /)")); |
1497 | printf (" %s\n", "-P, --post=STRING"); | 1527 | printf (" %s\n", "-P, --post=STRING"); |
1498 | printf (" %s\n", _("URL encoded http POST data")); | 1528 | printf (" %s\n", _("URL encoded http POST data")); |
1499 | printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)"); | 1529 | printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); |
1500 | printf (" %s\n", _("Set HTTP method.")); | 1530 | printf (" %s\n", _("Set HTTP method.")); |
1501 | printf (" %s\n", "-N, --no-body"); | 1531 | printf (" %s\n", "-N, --no-body"); |
1502 | printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); | 1532 | printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); |
@@ -1570,7 +1600,7 @@ print_help (void) | |||
1570 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); | 1600 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); |
1571 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | 1601 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); |
1572 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); | 1602 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); |
1573 | printf (" %s\n", _("the certificate is expired.")); | 1603 | printf (" %s\n\n", _("the certificate is expired.")); |
1574 | printf ("\n"); | 1604 | printf ("\n"); |
1575 | printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); | 1605 | printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); |
1576 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); | 1606 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); |
@@ -1578,6 +1608,13 @@ print_help (void) | |||
1578 | printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); | 1608 | printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); |
1579 | printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); | 1609 | printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); |
1580 | 1610 | ||
1611 | printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); | ||
1612 | printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); | ||
1613 | printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); | ||
1614 | printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); | ||
1615 | printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); | ||
1616 | printf (" %s\n", _("a STATE_CRITICAL will be returned.")); | ||
1617 | |||
1581 | #endif | 1618 | #endif |
1582 | 1619 | ||
1583 | printf (UT_SUPPORT); | 1620 | printf (UT_SUPPORT); |