summaryrefslogtreecommitdiffstats
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 30c947fb..3b4f2ed5 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -105,6 +105,7 @@ int check_cert = FALSE;
105int ssl_version = CURL_SSLVERSION_DEFAULT; 105int ssl_version = CURL_SSLVERSION_DEFAULT;
106char *client_cert = NULL; 106char *client_cert = NULL;
107char *client_privkey = NULL; 107char *client_privkey = NULL;
108char *ca_cert = NULL;
108 109
109int process_arguments (int, char**); 110int process_arguments (int, char**);
110void print_help (void); 111void print_help (void);
@@ -192,6 +193,8 @@ main (int argc, char **argv)
192 curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert); 193 curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert);
193 if (client_privkey) 194 if (client_privkey)
194 curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey); 195 curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey);
196 if (ca_cert)
197 curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert);
195 198
196 /* per default if we have a CA verify both the peer and the 199 /* per default if we have a CA verify both the peer and the
197 * hostname in the certificate, can be switched off later */ 200 * hostname in the certificate, can be switched off later */
@@ -372,7 +375,8 @@ process_arguments (int argc, char **argv)
372 int c; 375 int c;
373 376
374 enum { 377 enum {
375 SNI_OPTION 378 SNI_OPTION = CHAR_MAX + 1,
379 CA_CERT_OPTION
376 }; 380 };
377 381
378 int option=0; 382 int option=0;
@@ -387,6 +391,7 @@ process_arguments (int argc, char **argv)
387 {"onredirect", required_argument, 0, 'f'}, 391 {"onredirect", required_argument, 0, 'f'},
388 {"client-cert", required_argument, 0, 'J'}, 392 {"client-cert", required_argument, 0, 'J'},
389 {"private-key", required_argument, 0, 'K'}, 393 {"private-key", required_argument, 0, 'K'},
394 {"ca-cert", required_argument, 0, CA_CERT_OPTION},
390 {"useragent", required_argument, 0, 'A'}, 395 {"useragent", required_argument, 0, 'A'},
391 {"certificate", required_argument, 0, 'C'}, 396 {"certificate", required_argument, 0, 'C'},
392 {0, 0, 0, 0} 397 {0, 0, 0, 0}
@@ -469,6 +474,12 @@ process_arguments (int argc, char **argv)
469 client_privkey = optarg; 474 client_privkey = optarg;
470 goto enable_ssl; 475 goto enable_ssl;
471#endif 476#endif
477#ifdef LIBCURL_FEATURE_SSL
478 case CA_CERT_OPTION: /* use CA chain file */
479 test_file(optarg);
480 ca_cert = optarg;
481 goto enable_ssl;
482#endif
472 case 'S': /* use SSL */ 483 case 'S': /* use SSL */
473#ifdef LIBCURL_FEATURE_SSL 484#ifdef LIBCURL_FEATURE_SSL
474 enable_ssl: 485 enable_ssl:
@@ -621,6 +632,8 @@ print_help (void)
621 printf (" %s\n", "-K, --private-key=FILE"); 632 printf (" %s\n", "-K, --private-key=FILE");
622 printf (" %s\n", _("Name of file containing the private key (PEM format)")); 633 printf (" %s\n", _("Name of file containing the private key (PEM format)"));
623 printf (" %s\n", _("matching the client certificate")); 634 printf (" %s\n", _("matching the client certificate"));
635 printf (" %s\n", "--ca-cert=FILE");
636 printf (" %s\n", _("CA certificate file to verify peer against"));
624#endif 637#endif
625 638
626 printf (" %s\n", "-s, --string=STRING"); 639 printf (" %s\n", "-s, --string=STRING");
@@ -649,7 +662,7 @@ print_usage (void)
649{ 662{
650 printf ("%s\n", _("Usage:")); 663 printf ("%s\n", _("Usage:"));
651 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); 664 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
652 printf (" [-J <client certificate file>] [-K <private key>]\n"); 665 printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>]\n");
653 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-a auth]\n"); 666 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-a auth]\n");
654 printf (" [-f <ok|warning|critcal|follow>]\n"); 667 printf (" [-f <ok|warning|critcal|follow>]\n");
655 printf (" [-A string] [-S <version>] [-C]\n"); 668 printf (" [-A string] [-S <version>] [-C]\n");