diff options
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r-- | plugins/check_curl.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 30c947fb..3b4f2ed5 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
@@ -105,6 +105,7 @@ int check_cert = FALSE; | |||
105 | int ssl_version = CURL_SSLVERSION_DEFAULT; | 105 | int ssl_version = CURL_SSLVERSION_DEFAULT; |
106 | char *client_cert = NULL; | 106 | char *client_cert = NULL; |
107 | char *client_privkey = NULL; | 107 | char *client_privkey = NULL; |
108 | char *ca_cert = NULL; | ||
108 | 109 | ||
109 | int process_arguments (int, char**); | 110 | int process_arguments (int, char**); |
110 | void print_help (void); | 111 | void print_help (void); |
@@ -192,6 +193,8 @@ main (int argc, char **argv) | |||
192 | curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert); | 193 | curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert); |
193 | if (client_privkey) | 194 | if (client_privkey) |
194 | curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey); | 195 | curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey); |
196 | if (ca_cert) | ||
197 | curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert); | ||
195 | 198 | ||
196 | /* per default if we have a CA verify both the peer and the | 199 | /* per default if we have a CA verify both the peer and the |
197 | * hostname in the certificate, can be switched off later */ | 200 | * hostname in the certificate, can be switched off later */ |
@@ -372,7 +375,8 @@ process_arguments (int argc, char **argv) | |||
372 | int c; | 375 | int c; |
373 | 376 | ||
374 | enum { | 377 | enum { |
375 | SNI_OPTION | 378 | SNI_OPTION = CHAR_MAX + 1, |
379 | CA_CERT_OPTION | ||
376 | }; | 380 | }; |
377 | 381 | ||
378 | int option=0; | 382 | int option=0; |
@@ -387,6 +391,7 @@ process_arguments (int argc, char **argv) | |||
387 | {"onredirect", required_argument, 0, 'f'}, | 391 | {"onredirect", required_argument, 0, 'f'}, |
388 | {"client-cert", required_argument, 0, 'J'}, | 392 | {"client-cert", required_argument, 0, 'J'}, |
389 | {"private-key", required_argument, 0, 'K'}, | 393 | {"private-key", required_argument, 0, 'K'}, |
394 | {"ca-cert", required_argument, 0, CA_CERT_OPTION}, | ||
390 | {"useragent", required_argument, 0, 'A'}, | 395 | {"useragent", required_argument, 0, 'A'}, |
391 | {"certificate", required_argument, 0, 'C'}, | 396 | {"certificate", required_argument, 0, 'C'}, |
392 | {0, 0, 0, 0} | 397 | {0, 0, 0, 0} |
@@ -469,6 +474,12 @@ process_arguments (int argc, char **argv) | |||
469 | client_privkey = optarg; | 474 | client_privkey = optarg; |
470 | goto enable_ssl; | 475 | goto enable_ssl; |
471 | #endif | 476 | #endif |
477 | #ifdef LIBCURL_FEATURE_SSL | ||
478 | case CA_CERT_OPTION: /* use CA chain file */ | ||
479 | test_file(optarg); | ||
480 | ca_cert = optarg; | ||
481 | goto enable_ssl; | ||
482 | #endif | ||
472 | case 'S': /* use SSL */ | 483 | case 'S': /* use SSL */ |
473 | #ifdef LIBCURL_FEATURE_SSL | 484 | #ifdef LIBCURL_FEATURE_SSL |
474 | enable_ssl: | 485 | enable_ssl: |
@@ -621,6 +632,8 @@ print_help (void) | |||
621 | printf (" %s\n", "-K, --private-key=FILE"); | 632 | printf (" %s\n", "-K, --private-key=FILE"); |
622 | printf (" %s\n", _("Name of file containing the private key (PEM format)")); | 633 | printf (" %s\n", _("Name of file containing the private key (PEM format)")); |
623 | printf (" %s\n", _("matching the client certificate")); | 634 | printf (" %s\n", _("matching the client certificate")); |
635 | printf (" %s\n", "--ca-cert=FILE"); | ||
636 | printf (" %s\n", _("CA certificate file to verify peer against")); | ||
624 | #endif | 637 | #endif |
625 | 638 | ||
626 | printf (" %s\n", "-s, --string=STRING"); | 639 | printf (" %s\n", "-s, --string=STRING"); |
@@ -649,7 +662,7 @@ print_usage (void) | |||
649 | { | 662 | { |
650 | printf ("%s\n", _("Usage:")); | 663 | printf ("%s\n", _("Usage:")); |
651 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); | 664 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); |
652 | printf (" [-J <client certificate file>] [-K <private key>]\n"); | 665 | printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>]\n"); |
653 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-a auth]\n"); | 666 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-a auth]\n"); |
654 | printf (" [-f <ok|warning|critcal|follow>]\n"); | 667 | printf (" [-f <ok|warning|critcal|follow>]\n"); |
655 | printf (" [-A string] [-S <version>] [-C]\n"); | 668 | printf (" [-A string] [-S <version>] [-C]\n"); |