diff options
Diffstat (limited to 'plugins/check_tcp.c')
| -rw-r--r-- | plugins/check_tcp.c | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index fc0adba0..1365b9cb 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
| @@ -86,6 +86,11 @@ static char buffer[MAXBUF]; | |||
| 86 | static int expect_mismatch_state = STATE_WARNING; | 86 | static int expect_mismatch_state = STATE_WARNING; |
| 87 | static int match_flags = NP_MATCH_EXACT; | 87 | static int match_flags = NP_MATCH_EXACT; |
| 88 | 88 | ||
| 89 | #ifdef HAVE_SSL | ||
| 90 | static char *sni = NULL; | ||
| 91 | static int sni_specified = FALSE; | ||
| 92 | #endif | ||
| 93 | |||
| 89 | #define FLAG_SSL 0x01 | 94 | #define FLAG_SSL 0x01 |
| 90 | #define FLAG_VERBOSE 0x02 | 95 | #define FLAG_VERBOSE 0x02 |
| 91 | #define FLAG_TIME_WARN 0x04 | 96 | #define FLAG_TIME_WARN 0x04 |
| @@ -237,18 +242,18 @@ main (int argc, char **argv) | |||
| 237 | gettimeofday (&tv, NULL); | 242 | gettimeofday (&tv, NULL); |
| 238 | 243 | ||
| 239 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); | 244 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); |
| 240 | if (result == STATE_CRITICAL) return STATE_CRITICAL; | 245 | if (result == STATE_CRITICAL) return econn_refuse_state; |
| 241 | 246 | ||
| 242 | #ifdef HAVE_SSL | 247 | #ifdef HAVE_SSL |
| 243 | if (flags & FLAG_SSL){ | 248 | if (flags & FLAG_SSL){ |
| 244 | result = np_net_ssl_init(sd); | 249 | result = np_net_ssl_init_with_hostname(sd, (sni_specified ? sni : NULL)); |
| 245 | if (result == STATE_OK && check_cert == TRUE) { | 250 | if (result == STATE_OK && check_cert == TRUE) { |
| 246 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | 251 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
| 247 | } | 252 | } |
| 248 | } | 253 | } |
| 249 | if(result != STATE_OK){ | 254 | if(result != STATE_OK){ |
| 250 | np_net_ssl_cleanup(); | ||
| 251 | if(sd) close(sd); | 255 | if(sd) close(sd); |
| 256 | np_net_ssl_cleanup(); | ||
| 252 | return result; | 257 | return result; |
| 253 | } | 258 | } |
| 254 | #endif /* HAVE_SSL */ | 259 | #endif /* HAVE_SSL */ |
| @@ -321,10 +326,10 @@ main (int argc, char **argv) | |||
| 321 | if (server_quit != NULL) { | 326 | if (server_quit != NULL) { |
| 322 | my_send(server_quit, strlen(server_quit)); | 327 | my_send(server_quit, strlen(server_quit)); |
| 323 | } | 328 | } |
| 329 | if (sd) close (sd); | ||
| 324 | #ifdef HAVE_SSL | 330 | #ifdef HAVE_SSL |
| 325 | np_net_ssl_cleanup(); | 331 | np_net_ssl_cleanup(); |
| 326 | #endif | 332 | #endif |
| 327 | if (sd) close (sd); | ||
| 328 | 333 | ||
| 329 | microsec = deltime (tv); | 334 | microsec = deltime (tv); |
| 330 | elapsed_time = (double)microsec / 1.0e6; | 335 | elapsed_time = (double)microsec / 1.0e6; |
| @@ -401,6 +406,10 @@ process_arguments (int argc, char **argv) | |||
| 401 | int escape = 0; | 406 | int escape = 0; |
| 402 | char *temp; | 407 | char *temp; |
| 403 | 408 | ||
| 409 | enum { | ||
| 410 | SNI_OPTION = CHAR_MAX + 1 | ||
| 411 | }; | ||
| 412 | |||
| 404 | int option = 0; | 413 | int option = 0; |
| 405 | static struct option longopts[] = { | 414 | static struct option longopts[] = { |
| 406 | {"hostname", required_argument, 0, 'H'}, | 415 | {"hostname", required_argument, 0, 'H'}, |
| @@ -427,6 +436,7 @@ process_arguments (int argc, char **argv) | |||
| 427 | {"version", no_argument, 0, 'V'}, | 436 | {"version", no_argument, 0, 'V'}, |
| 428 | {"help", no_argument, 0, 'h'}, | 437 | {"help", no_argument, 0, 'h'}, |
| 429 | {"ssl", no_argument, 0, 'S'}, | 438 | {"ssl", no_argument, 0, 'S'}, |
| 439 | {"sni", required_argument, 0, SNI_OPTION}, | ||
| 430 | {"certificate", required_argument, 0, 'D'}, | 440 | {"certificate", required_argument, 0, 'D'}, |
| 431 | {0, 0, 0, 0} | 441 | {0, 0, 0, 0} |
| 432 | }; | 442 | }; |
| @@ -463,10 +473,10 @@ process_arguments (int argc, char **argv) | |||
| 463 | usage5 (); | 473 | usage5 (); |
| 464 | case 'h': /* help */ | 474 | case 'h': /* help */ |
| 465 | print_help (); | 475 | print_help (); |
| 466 | exit (STATE_OK); | 476 | exit (STATE_UNKNOWN); |
| 467 | case 'V': /* version */ | 477 | case 'V': /* version */ |
| 468 | print_revision (progname, NP_VERSION); | 478 | print_revision (progname, NP_VERSION); |
| 469 | exit (STATE_OK); | 479 | exit (STATE_UNKNOWN); |
| 470 | case 'v': /* verbose mode */ | 480 | case 'v': /* verbose mode */ |
| 471 | flags |= FLAG_VERBOSE; | 481 | flags |= FLAG_VERBOSE; |
| 472 | match_flags |= NP_MATCH_VERBOSE; | 482 | match_flags |= NP_MATCH_VERBOSE; |
| @@ -577,7 +587,8 @@ process_arguments (int argc, char **argv) | |||
| 577 | if ((temp=strchr(optarg,','))!=NULL) { | 587 | if ((temp=strchr(optarg,','))!=NULL) { |
| 578 | *temp='\0'; | 588 | *temp='\0'; |
| 579 | if (!is_intnonneg (optarg)) | 589 | if (!is_intnonneg (optarg)) |
| 580 | usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg); | 590 | usage2 (_("Invalid certificate expiration period"), optarg); |
| 591 | days_till_exp_warn = atoi (optarg); | ||
| 581 | *temp=','; | 592 | *temp=','; |
| 582 | temp++; | 593 | temp++; |
| 583 | if (!is_intnonneg (temp)) | 594 | if (!is_intnonneg (temp)) |
| @@ -603,6 +614,15 @@ process_arguments (int argc, char **argv) | |||
| 603 | die (STATE_UNKNOWN, _("Invalid option - SSL is not available")); | 614 | die (STATE_UNKNOWN, _("Invalid option - SSL is not available")); |
| 604 | #endif | 615 | #endif |
| 605 | break; | 616 | break; |
| 617 | case SNI_OPTION: | ||
| 618 | #ifdef HAVE_SSL | ||
| 619 | flags |= FLAG_SSL; | ||
| 620 | sni_specified = TRUE; | ||
| 621 | sni = optarg; | ||
| 622 | #else | ||
| 623 | die (STATE_UNKNOWN, _("Invalid option - SSL is not available")); | ||
| 624 | #endif | ||
| 625 | break; | ||
| 606 | case 'A': | 626 | case 'A': |
| 607 | match_flags |= NP_MATCH_ALL; | 627 | match_flags |= NP_MATCH_ALL; |
| 608 | break; | 628 | break; |
| @@ -643,7 +663,7 @@ print_help (void) | |||
| 643 | printf (UT_IPv46); | 663 | printf (UT_IPv46); |
| 644 | 664 | ||
| 645 | printf (" %s\n", "-E, --escape"); | 665 | printf (" %s\n", "-E, --escape"); |
| 646 | printf (" %s\n", _("Can use \\n, \\r, \\t or \\ in send or quit string. Must come before send or quit option")); | 666 | printf (" %s\n", _("Can use \\n, \\r, \\t or \\\\ in send or quit string. Must come before send or quit option")); |
| 647 | printf (" %s\n", _("Default: nothing added to send, \\r\\n added to end of quit")); | 667 | printf (" %s\n", _("Default: nothing added to send, \\r\\n added to end of quit")); |
| 648 | printf (" %s\n", "-s, --send=STRING"); | 668 | printf (" %s\n", "-s, --send=STRING"); |
| 649 | printf (" %s\n", _("String to send to the server")); | 669 | printf (" %s\n", _("String to send to the server")); |
| @@ -670,6 +690,8 @@ print_help (void) | |||
| 670 | printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0).")); | 690 | printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0).")); |
| 671 | printf (" %s\n", "-S, --ssl"); | 691 | printf (" %s\n", "-S, --ssl"); |
| 672 | printf (" %s\n", _("Use SSL for the connection.")); | 692 | printf (" %s\n", _("Use SSL for the connection.")); |
| 693 | printf (" %s\n", "--sni=STRING"); | ||
| 694 | printf (" %s\n", _("SSL server_name")); | ||
| 673 | #endif | 695 | #endif |
| 674 | 696 | ||
| 675 | printf (UT_WARN_CRIT); | 697 | printf (UT_WARN_CRIT); |