summaryrefslogtreecommitdiffstats
path: root/plugins/check_http.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_http.c')
-rw-r--r--plugins/check_http.c38
1 files changed, 29 insertions, 9 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 315848fc..703e3174 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -58,8 +58,8 @@ enum {
58 58
59#ifdef HAVE_SSL 59#ifdef HAVE_SSL
60int check_cert = FALSE; 60int check_cert = FALSE;
61int days_till_exp;
62int ssl_version; 61int ssl_version;
62int days_till_exp_warn, days_till_exp_crit;
63char *randbuff; 63char *randbuff;
64X509 *server_cert; 64X509 *server_cert;
65# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) 65# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
@@ -178,6 +178,7 @@ process_arguments (int argc, char **argv)
178{ 178{
179 int c = 1; 179 int c = 1;
180 char *p; 180 char *p;
181 char *temp;
181 182
182 enum { 183 enum {
183 INVERT_REGEX = CHAR_MAX + 1, 184 INVERT_REGEX = CHAR_MAX + 1,
@@ -282,13 +283,25 @@ process_arguments (int argc, char **argv)
282 break; 283 break;
283 case 'C': /* Check SSL cert validity */ 284 case 'C': /* Check SSL cert validity */
284#ifdef HAVE_SSL 285#ifdef HAVE_SSL
285 if (!is_intnonneg (optarg)) 286 if ((temp=strchr(optarg,','))!=NULL) {
286 usage2 (_("Invalid certificate expiration period"), optarg); 287 *temp='\0';
288 if (!is_intnonneg (temp))
289 usage2 (_("Invalid certificate expiration period"), optarg);
290 days_till_exp_warn = atoi(optarg);
291 *temp=',';
292 temp++;
293 if (!is_intnonneg (temp))
294 usage2 (_("Invalid certificate expiration period"), temp);
295 days_till_exp_crit = atoi (temp);
296 }
287 else { 297 else {
288 days_till_exp = atoi (optarg); 298 days_till_exp_crit=0;
289 check_cert = TRUE; 299 if (!is_intnonneg (optarg))
300 usage2 (_("Invalid certificate expiration period"), optarg);
301 days_till_exp_warn = atoi (optarg);
290 } 302 }
291 /* Fall through to -S option */ 303 check_cert = TRUE;
304 /* Fall through to -S option */
292#endif 305#endif
293 case 'S': /* use SSL */ 306 case 'S': /* use SSL */
294#ifndef HAVE_SSL 307#ifndef HAVE_SSL
@@ -810,7 +823,7 @@ check_http (void)
810 if (result != STATE_OK) 823 if (result != STATE_OK)
811 return result; 824 return result;
812 if (check_cert == TRUE) { 825 if (check_cert == TRUE) {
813 result = np_net_ssl_check_cert(days_till_exp); 826 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
814 np_net_ssl_cleanup(); 827 np_net_ssl_cleanup();
815 if (sd) close(sd); 828 if (sd) close(sd);
816 return result; 829 return result;
@@ -1427,6 +1440,13 @@ print_help (void)
1427 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); 1440 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1428 printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); 1441 printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
1429 printf (" %s\n", _("the certificate is expired.")); 1442 printf (" %s\n", _("the certificate is expired."));
1443
1444 printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
1445 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
1446 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1447 printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
1448 printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
1449
1430#endif 1450#endif
1431 1451
1432 printf (UT_SUPPORT); 1452 printf (UT_SUPPORT);
@@ -1444,6 +1464,6 @@ print_usage (void)
1444 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); 1464 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
1445 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); 1465 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
1446 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); 1466 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
1447 printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n"); 1467 printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
1448 printf (" [-j method]\n"); 1468 printf (" [-T <content-type>] [-j method]\n");
1449} 1469}