summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/check_curl.c26
-rw-r--r--plugins/check_http.c24
2 files changed, 41 insertions, 9 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 7da84de4..a69854a8 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -193,6 +193,7 @@ int followsticky = STICKY_NONE;
193int use_ssl = FALSE; 193int use_ssl = FALSE;
194int use_sni = TRUE; 194int use_sni = TRUE;
195int check_cert = FALSE; 195int check_cert = FALSE;
196int continue_after_check_cert = FALSE;
196typedef union { 197typedef union {
197 struct curl_slist* to_info; 198 struct curl_slist* to_info;
198 struct curl_certinfo* to_certinfo; 199 struct curl_certinfo* to_certinfo;
@@ -754,7 +755,9 @@ check_http (void)
754 * and we actually have OpenSSL in the monitoring tools 755 * and we actually have OpenSSL in the monitoring tools
755 */ 756 */
756 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 757 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
757 return result; 758 if (continue_after_check_cert == FALSE) {
759 return result;
760 }
758#else /* USE_OPENSSL */ 761#else /* USE_OPENSSL */
759 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); 762 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
760#endif /* USE_OPENSSL */ 763#endif /* USE_OPENSSL */
@@ -794,13 +797,17 @@ GOT_FIRST_CERT:
794 } 797 }
795 BIO_free (cert_BIO); 798 BIO_free (cert_BIO);
796 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 799 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
797 return result; 800 if (continue_after_check_cert == FALSE) {
801 return result;
802 }
798#else /* USE_OPENSSL */ 803#else /* USE_OPENSSL */
799 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, 804 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
800 * so we use the libcurl CURLINFO data 805 * so we use the libcurl CURLINFO data
801 */ 806 */
802 result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); 807 result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
803 return result; 808 if (continue_after_check_cert == FALSE) {
809 return result;
810 }
804#endif /* USE_OPENSSL */ 811#endif /* USE_OPENSSL */
805 } else { 812 } else {
806 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), 813 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
@@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv)
1211 INVERT_REGEX = CHAR_MAX + 1, 1218 INVERT_REGEX = CHAR_MAX + 1,
1212 SNI_OPTION, 1219 SNI_OPTION,
1213 MAX_REDIRS_OPTION, 1220 MAX_REDIRS_OPTION,
1221 CONTINUE_AFTER_CHECK_CERT,
1214 CA_CERT_OPTION, 1222 CA_CERT_OPTION,
1215 HTTP_VERSION_OPTION, 1223 HTTP_VERSION_OPTION,
1216 AUTOMATIC_DECOMPRESSION 1224 AUTOMATIC_DECOMPRESSION
@@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv)
1244 {"private-key", required_argument, 0, 'K'}, 1252 {"private-key", required_argument, 0, 'K'},
1245 {"ca-cert", required_argument, 0, CA_CERT_OPTION}, 1253 {"ca-cert", required_argument, 0, CA_CERT_OPTION},
1246 {"verify-cert", no_argument, 0, 'D'}, 1254 {"verify-cert", no_argument, 0, 'D'},
1255 {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
1247 {"useragent", required_argument, 0, 'A'}, 1256 {"useragent", required_argument, 0, 'A'},
1248 {"header", required_argument, 0, 'k'}, 1257 {"header", required_argument, 0, 'k'},
1249 {"no-body", no_argument, 0, 'N'}, 1258 {"no-body", no_argument, 0, 'N'},
@@ -1403,6 +1412,11 @@ process_arguments (int argc, char **argv)
1403 check_cert = TRUE; 1412 check_cert = TRUE;
1404 goto enable_ssl; 1413 goto enable_ssl;
1405#endif 1414#endif
1415 case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
1416#ifdef HAVE_SSL
1417 continue_after_check_cert = TRUE;
1418 break;
1419#endif
1406 case 'J': /* use client certificate */ 1420 case 'J': /* use client certificate */
1407#ifdef LIBCURL_FEATURE_SSL 1421#ifdef LIBCURL_FEATURE_SSL
1408 test_file(optarg); 1422 test_file(optarg);
@@ -1800,7 +1814,11 @@ print_help (void)
1800#endif 1814#endif
1801 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 1815 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
1802 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); 1816 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
1803 printf (" %s\n", _("(when this option is used the URL is not checked.)")); 1817 printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use"));
1818 printf (" %s\n", _(" --continue-after-certificate to override this behavior)"));
1819 printf (" %s\n", "--continue-after-certificate");
1820 printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
1821 printf (" %s\n", _("Does nothing unless -C is used."));
1804 printf (" %s\n", "-J, --client-cert=FILE"); 1822 printf (" %s\n", "-J, --client-cert=FILE");
1805 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); 1823 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
1806 printf (" %s\n", _("to be used in establishing the SSL session")); 1824 printf (" %s\n", _("to be used in establishing the SSL session"));
diff --git a/plugins/check_http.c b/plugins/check_http.c
index df2a79c2..f8ec853b 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -58,6 +58,7 @@ enum {
58 58
59#ifdef HAVE_SSL 59#ifdef HAVE_SSL
60int check_cert = FALSE; 60int check_cert = FALSE;
61int continue_after_check_cert = FALSE;
61int ssl_version = 0; 62int ssl_version = 0;
62int days_till_exp_warn, days_till_exp_crit; 63int days_till_exp_warn, days_till_exp_crit;
63char *randbuff; 64char *randbuff;
@@ -205,7 +206,8 @@ process_arguments (int argc, char **argv)
205 enum { 206 enum {
206 INVERT_REGEX = CHAR_MAX + 1, 207 INVERT_REGEX = CHAR_MAX + 1,
207 SNI_OPTION, 208 SNI_OPTION,
208 MAX_REDIRS_OPTION 209 MAX_REDIRS_OPTION,
210 CONTINUE_AFTER_CHECK_CERT
209 }; 211 };
210 212
211 int option = 0; 213 int option = 0;
@@ -233,6 +235,7 @@ process_arguments (int argc, char **argv)
233 {"certificate", required_argument, 0, 'C'}, 235 {"certificate", required_argument, 0, 'C'},
234 {"client-cert", required_argument, 0, 'J'}, 236 {"client-cert", required_argument, 0, 'J'},
235 {"private-key", required_argument, 0, 'K'}, 237 {"private-key", required_argument, 0, 'K'},
238 {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
236 {"useragent", required_argument, 0, 'A'}, 239 {"useragent", required_argument, 0, 'A'},
237 {"header", required_argument, 0, 'k'}, 240 {"header", required_argument, 0, 'k'},
238 {"no-body", no_argument, 0, 'N'}, 241 {"no-body", no_argument, 0, 'N'},
@@ -332,6 +335,11 @@ process_arguments (int argc, char **argv)
332 check_cert = TRUE; 335 check_cert = TRUE;
333 goto enable_ssl; 336 goto enable_ssl;
334#endif 337#endif
338 case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
339#ifdef HAVE_SSL
340 continue_after_check_cert = TRUE;
341 break;
342#endif
335 case 'J': /* use client certificate */ 343 case 'J': /* use client certificate */
336#ifdef HAVE_SSL 344#ifdef HAVE_SSL
337 test_file(optarg); 345 test_file(optarg);
@@ -981,9 +989,11 @@ check_http (void)
981 elapsed_time_ssl = (double)microsec_ssl / 1.0e6; 989 elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
982 if (check_cert == TRUE) { 990 if (check_cert == TRUE) {
983 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); 991 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
984 if (sd) close(sd); 992 if (continue_after_check_cert == FALSE) {
985 np_net_ssl_cleanup(); 993 if (sd) close(sd);
986 return result; 994 np_net_ssl_cleanup();
995 return result;
996 }
987 } 997 }
988 } 998 }
989#endif /* HAVE_SSL */ 999#endif /* HAVE_SSL */
@@ -1608,7 +1618,11 @@ print_help (void)
1608 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1618 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1609 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 1619 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
1610 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); 1620 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
1611 printf (" %s\n", _("(when this option is used the URL is not checked.)")); 1621 printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use"));
1622 printf (" %s\n", _(" --continue-after-certificate to override this behavior)"));
1623 printf (" %s\n", "--continue-after-certificate");
1624 printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
1625 printf (" %s\n", _("Does nothing unless -C is used."));
1612 printf (" %s\n", "-J, --client-cert=FILE"); 1626 printf (" %s\n", "-J, --client-cert=FILE");
1613 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); 1627 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
1614 printf (" %s\n", _("to be used in establishing the SSL session")); 1628 printf (" %s\n", _("to be used in establishing the SSL session"));