From 84fd9ae893b53c7dfde78845817d4e1c87b7fed5 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Mon, 18 May 2020 13:43:17 +0200 Subject: check_curl: use CURLOPT_RESOLVE to fix connecting to the right ip when using ssl, the composed url contains the hostname instead of the specified ip. So use CURLOPT_RESOLVE to make curl still connect to the ip. --- plugins/check_curl.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 947144a4..2b0e3783 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -366,6 +366,17 @@ check_http (void) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, socket_timeout), "CURLOPT_CONNECTTIMEOUT"); handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_TIMEOUT, socket_timeout), "CURLOPT_TIMEOUT"); + // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy + if(use_ssl) { + struct curl_slist *host = NULL; + char dnscache[DEFAULT_BUFFER_SIZE]; + snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, server_address); + host = curl_slist_append(NULL, dnscache); + curl_easy_setopt(curl, CURLOPT_RESOLVE, host); + if (verbose>=1) + printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache); + } + /* compose URL: use the address we want to connect to, set Host: header later */ snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", use_ssl ? "https" : "http", -- cgit v1.2.3-74-g34f1