1 files changed, 59 insertions, 21 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 68b470c..e5ef7cc 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -91,10 +91,12 @@ struct timeval tv_temp;
 int specify_port = FALSE;
 int server_port = HTTP_PORT;
+int virtual_port = 0;
 char server_port_text[6] = "";
 char server_type[6] = "http";
 char *server_address;
 char *host_name;
+int host_name_length;
 char *server_url;
 char *user_agent;
 int server_url_length;
@@ -343,9 +345,20 @@ process_arguments (int argc, char **argv)
         parameters, like -S and -C combinations */
      use_ssl = TRUE;
      if (c=='S' && optarg != NULL) {
-        ssl_version = atoi(optarg);
+        int got_plus = strchr(optarg, '+') != NULL;
-        if (ssl_version < 1 || ssl_version > 3)
-            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
+        if (!strncmp (optarg, "1.2", 3))
+          ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
+        else if (!strncmp (optarg, "1.1", 3))
+          ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
+        else if (optarg[0] == '1')
+          ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
+        else if (optarg[0] == '3')
+          ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
+        else if (optarg[0] == '2')
+          ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
+        else
+          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
      }
      if (specify_port == FALSE)
        server_port = HTTPS_PORT;
@@ -380,11 +393,25 @@ process_arguments (int argc, char **argv)
    case 'H': /* Host Name (virtual host) */
      host_name = strdup (optarg);
      if (host_name[0] == '[') {
-        if ((p = strstr (host_name, "]:")) != NULL) /* [IPv6]:port */
+        if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */
-          server_port = atoi (p + 2);
+          virtual_port = atoi (p + 2);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+          if (specify_port == FALSE)
+            server_port = virtual_port;
+        }
      } else if ((p = strchr (host_name, ':')) != NULL
-                 && strchr (++p, ':') == NULL) /* IPv4:port or host:port */
+                 && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */
-          server_port = atoi (p);
+          virtual_port = atoi (p);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+          if (specify_port == FALSE)
+            server_port = virtual_port;
+        }
      break;
    case 'I': /* Server IP-address */
      server_address = strdup (optarg);
@@ -539,9 +566,12 @@ process_arguments (int argc, char **argv)
  if (http_method == NULL)
    http_method = strdup ("GET");
-  if (client_cert && !client_privkey) 
+  if (client_cert && !client_privkey)
    usage4 (_("If you use a client certificate you must also specify a private key file"));
+  if (virtual_port == 0)
+    virtual_port = server_port;
  return TRUE;
 }
@@ -911,8 +941,8 @@ check_http (void)
    elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
    if (check_cert == TRUE) {
      result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      np_net_ssl_cleanup();
      if (sd) close(sd);
+      np_net_ssl_cleanup();
      return result;
    }
  }
@@ -947,13 +977,13 @@ check_http (void)
       * 14.23).  Some server applications/configurations cause trouble if the
       * (default) port is explicitly specified in the "Host:" header line.
       */
-      if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
+      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
-          (use_ssl == TRUE && server_port == HTTPS_PORT) ||
+          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
         && host_name != NULL && use_ssl == TRUE))
        xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
      else
-        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
    }
  }
@@ -1011,6 +1041,10 @@ check_http (void)
      microsec_firstbyte = deltime (tv_temp);
      elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6;
    }
+    while (pos = memchr(buffer, '\0', i)) {
+      /* replace nul character with a blank */
+      *pos = ' ';
+    }
    buffer[i] = '\0';
    xasprintf (&full_page_new, "%s%s", full_page, buffer);
    free (full_page);
@@ -1052,10 +1086,10 @@ check_http (void)
    die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));
  /* close the connection */
+  if (sd) close(sd);
 #ifdef HAVE_SSL
  np_net_ssl_cleanup();
 #endif
-  if (sd) close(sd);
  /* Save check time */
  microsec = deltime (tv);
@@ -1410,6 +1444,9 @@ redir (char *pos, char *status_line)
         MAX_PORT, server_type, server_address, server_port, server_url,
         display_html ? "</A>" : "");
+  /* reset virtual port */
+  virtual_port = server_port;
  if (verbose)
    printf (_("Redirection to %s://%s:%d%s\n"), server_type,
            host_name ? host_name : server_address, server_port, server_url);
@@ -1442,32 +1479,32 @@ char *perfd_time (double elapsed_time)
  return fperfdata ("time", elapsed_time, "s",
            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, FALSE, 0);
+                   TRUE, 0, TRUE, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 char *perfd_size (int page_len)
@@ -1514,9 +1551,10 @@ print_help (void)
  printf (UT_IPv46);
 #ifdef HAVE_SSL
-  printf (" %s\n", "-S, --ssl=VERSION");
+  printf (" %s\n", "-S, --ssl=VERSION[+]");
  printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
-  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
+  printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+  printf ("    %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
  printf (" %s\n", "--sni");
  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");

diff --git a/plugins/check_http.c b/plugins/check_http.c index 68b470c..e5ef7cc 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c
@@ -91,10 +91,12 @@ struct timeval tv_temp;
91		91
92	int specify_port = FALSE;	92	int specify_port = FALSE;
93	int server_port = HTTP_PORT;	93	int server_port = HTTP_PORT;
		94	int virtual_port = 0;
94	char server_port_text[6] = "";	95	char server_port_text[6] = "";
95	char server_type[6] = "http";	96	char server_type[6] = "http";
96	char *server_address;	97	char *server_address;
97	char *host_name;	98	char *host_name;
		99	int host_name_length;
98	char *server_url;	100	char *server_url;
99	char *user_agent;	101	char *user_agent;
100	int server_url_length;	102	int server_url_length;
@@ -343,9 +345,20 @@ process_arguments (int argc, char **argv)
343	parameters, like -S and -C combinations */	345	parameters, like -S and -C combinations */
344	use_ssl = TRUE;	346	use_ssl = TRUE;
345	if (c=='S' && optarg != NULL) {	347	if (c=='S' && optarg != NULL) {
346	ssl_version = atoi(optarg);	348	int got_plus = strchr(optarg, '+') != NULL;
347	if (ssl_version < 1 \|\| ssl_version > 3)	349
348	usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));	350	if (!strncmp (optarg, "1.2", 3))
		351	ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
		352	else if (!strncmp (optarg, "1.1", 3))
		353	ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
		354	else if (optarg[0] == '1')
		355	ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
		356	else if (optarg[0] == '3')
		357	ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
		358	else if (optarg[0] == '2')
		359	ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
		360	else
		361	usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
349	}	362	}
350	if (specify_port == FALSE)	363	if (specify_port == FALSE)
351	server_port = HTTPS_PORT;	364	server_port = HTTPS_PORT;
@@ -380,11 +393,25 @@ process_arguments (int argc, char **argv)
380	case 'H': /* Host Name (virtual host) */	393	case 'H': /* Host Name (virtual host) */
381	host_name = strdup (optarg);	394	host_name = strdup (optarg);
382	if (host_name[0] == '[') {	395	if (host_name[0] == '[') {
383	if ((p = strstr (host_name, "]:")) != NULL) /* [IPv6]:port */	396	if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */
384	server_port = atoi (p + 2);	397	virtual_port = atoi (p + 2);
		398	/* cut off the port */
		399	host_name_length = strlen (host_name) - strlen (p) - 1;
		400	free (host_name);
		401	host_name = strndup (optarg, host_name_length);
		402	if (specify_port == FALSE)
		403	server_port = virtual_port;
		404	}
385	} else if ((p = strchr (host_name, ':')) != NULL	405	} else if ((p = strchr (host_name, ':')) != NULL
386	&& strchr (++p, ':') == NULL) /* IPv4:port or host:port */	406	&& strchr (++p, ':') == NULL) { /* IPv4:port or host:port */
387	server_port = atoi (p);	407	virtual_port = atoi (p);
		408	/* cut off the port */
		409	host_name_length = strlen (host_name) - strlen (p) - 1;
		410	free (host_name);
		411	host_name = strndup (optarg, host_name_length);
		412	if (specify_port == FALSE)
		413	server_port = virtual_port;
		414	}
388	break;	415	break;
389	case 'I': /* Server IP-address */	416	case 'I': /* Server IP-address */
390	server_address = strdup (optarg);	417	server_address = strdup (optarg);
@@ -539,9 +566,12 @@ process_arguments (int argc, char **argv)
539	if (http_method == NULL)	566	if (http_method == NULL)
540	http_method = strdup ("GET");	567	http_method = strdup ("GET");
541		568
542	if (client_cert && !client_privkey)	569	if (client_cert && !client_privkey)
543	usage4 (_("If you use a client certificate you must also specify a private key file"));	570	usage4 (_("If you use a client certificate you must also specify a private key file"));
544		571
		572	if (virtual_port == 0)
		573	virtual_port = server_port;
		574
545	return TRUE;	575	return TRUE;
546	}	576	}
547		577
@@ -911,8 +941,8 @@ check_http (void)
911	elapsed_time_ssl = (double)microsec_ssl / 1.0e6;	941	elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
912	if (check_cert == TRUE) {	942	if (check_cert == TRUE) {
913	result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);	943	result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
914	np_net_ssl_cleanup();
915	if (sd) close(sd);	944	if (sd) close(sd);
		945	np_net_ssl_cleanup();
916	return result;	946	return result;
917	}	947	}
918	}	948	}
@@ -947,13 +977,13 @@ check_http (void)
947	* 14.23). Some server applications/configurations cause trouble if the	977	* 14.23). Some server applications/configurations cause trouble if the
948	* (default) port is explicitly specified in the "Host:" header line.	978	* (default) port is explicitly specified in the "Host:" header line.
949	*/	979	*/
950	if ((use_ssl == FALSE && server_port == HTTP_PORT) \|\|	980	if ((use_ssl == FALSE && virtual_port == HTTP_PORT) \|\|
951	(use_ssl == TRUE && server_port == HTTPS_PORT) \|\|	981	(use_ssl == TRUE && virtual_port == HTTPS_PORT) \|\|
952	(server_address != NULL && strcmp(http_method, "CONNECT") == 0	982	(server_address != NULL && strcmp(http_method, "CONNECT") == 0
953	&& host_name != NULL && use_ssl == TRUE))	983	&& host_name != NULL && use_ssl == TRUE))
954	xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);	984	xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
955	else	985	else
956	xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);	986	xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
957	}	987	}
958	}	988	}
959		989
@@ -1011,6 +1041,10 @@ check_http (void)
1011	microsec_firstbyte = deltime (tv_temp);	1041	microsec_firstbyte = deltime (tv_temp);
1012	elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6;	1042	elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6;
1013	}	1043	}
		1044	while (pos = memchr(buffer, '\0', i)) {
		1045	/* replace nul character with a blank */
		1046	*pos = ' ';
		1047	}
1014	buffer[i] = '\0';	1048	buffer[i] = '\0';
1015	xasprintf (&full_page_new, "%s%s", full_page, buffer);	1049	xasprintf (&full_page_new, "%s%s", full_page, buffer);
1016	free (full_page);	1050	free (full_page);
@@ -1052,10 +1086,10 @@ check_http (void)
1052	die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));	1086	die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));
1053		1087
1054	/* close the connection */	1088	/* close the connection */
		1089	if (sd) close(sd);
1055	#ifdef HAVE_SSL	1090	#ifdef HAVE_SSL
1056	np_net_ssl_cleanup();	1091	np_net_ssl_cleanup();
1057	#endif	1092	#endif
1058	if (sd) close(sd);
1059		1093
1060	/* Save check time */	1094	/* Save check time */
1061	microsec = deltime (tv);	1095	microsec = deltime (tv);
@@ -1410,6 +1444,9 @@ redir (char pos, char status_line)
1410	MAX_PORT, server_type, server_address, server_port, server_url,	1444	MAX_PORT, server_type, server_address, server_port, server_url,
1411	display_html ? "</A>" : "");	1445	display_html ? "</A>" : "");
1412		1446
		1447	/* reset virtual port */
		1448	virtual_port = server_port;
		1449
1413	if (verbose)	1450	if (verbose)
1414	printf (_("Redirection to %s://%s:%d%s\n"), server_type,	1451	printf (_("Redirection to %s://%s:%d%s\n"), server_type,
1415	host_name ? host_name : server_address, server_port, server_url);	1452	host_name ? host_name : server_address, server_port, server_url);
@@ -1442,32 +1479,32 @@ char *perfd_time (double elapsed_time)
1442	return fperfdata ("time", elapsed_time, "s",	1479	return fperfdata ("time", elapsed_time, "s",
1443	thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,	1480	thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
1444	thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,	1481	thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
1445	TRUE, 0, FALSE, 0);	1482	TRUE, 0, TRUE, socket_timeout);
1446	}	1483	}
1447		1484
1448	char *perfd_time_connect (double elapsed_time_connect)	1485	char *perfd_time_connect (double elapsed_time_connect)
1449	{	1486	{
1450	return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);	1487	return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1451	}	1488	}
1452		1489
1453	char *perfd_time_ssl (double elapsed_time_ssl)	1490	char *perfd_time_ssl (double elapsed_time_ssl)
1454	{	1491	{
1455	return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);	1492	return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1456	}	1493	}
1457		1494
1458	char *perfd_time_headers (double elapsed_time_headers)	1495	char *perfd_time_headers (double elapsed_time_headers)
1459	{	1496	{
1460	return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);	1497	return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1461	}	1498	}
1462		1499
1463	char *perfd_time_firstbyte (double elapsed_time_firstbyte)	1500	char *perfd_time_firstbyte (double elapsed_time_firstbyte)
1464	{	1501	{
1465	return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);	1502	return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1466	}	1503	}
1467		1504
1468	char *perfd_time_transfer (double elapsed_time_transfer)	1505	char *perfd_time_transfer (double elapsed_time_transfer)
1469	{	1506	{
1470	return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);	1507	return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1471	}	1508	}
1472		1509
1473	char *perfd_size (int page_len)	1510	char *perfd_size (int page_len)
@@ -1514,9 +1551,10 @@ print_help (void)
1514	printf (UT_IPv46);	1551	printf (UT_IPv46);
1515		1552
1516	#ifdef HAVE_SSL	1553	#ifdef HAVE_SSL
1517	printf (" %s\n", "-S, --ssl=VERSION");	1554	printf (" %s\n", "-S, --ssl=VERSION[+]");
1518	printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));	1555	printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1519	printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));	1556	printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
		1557	printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
1520	printf (" %s\n", "--sni");	1558	printf (" %s\n", "--sni");
1521	printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));	1559	printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1522	printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");	1560	printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");