From 78ce3144e38791a8ea2ee5832a91b24d743dccd3 Mon Sep 17 00:00:00 2001 From: Yannick Martin Date: Fri, 9 Aug 2024 12:14:28 +0200 Subject: check_curl: raise SSL issue when --continue-after-certificate is used This change aims to raise the worst status between the SSL check and the HTTP check. before: check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22807 bytes in 0.076 second response time |time=0.075516s;;;0.000000;10.000000 size=22807B;;;0; 0 after: /usr/lib/nagios/ovh/check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $? CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000). HTTP OK: HTTP/2 200 - 22840 bytes in 0.090 second response time |time=0.090463s;;;0.000000;10.000000 size=22840B;;;0; 2 diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 01e2770..4522e6c 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -468,6 +468,7 @@ int check_http (void) { int result = STATE_OK; + int result_ssl = STATE_OK; int page_len = 0; int i; char *force_host_header = NULL; @@ -852,9 +853,9 @@ check_http (void) /* check certificate with OpenSSL functions, curl has been built against OpenSSL * and we actually have OpenSSL in the monitoring tools */ - result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); + result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); if (!continue_after_check_cert) { - return result; + return result_ssl; } #else /* USE_OPENSSL */ die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); @@ -898,17 +899,17 @@ GOT_FIRST_CERT: die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); } BIO_free (cert_BIO); - result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); + result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); if (!continue_after_check_cert) { - return result; + return result_ssl; } #else /* USE_OPENSSL */ /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, * so we use the libcurl CURLINFO data */ - result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); + result_ssl = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); if (!continue_after_check_cert) { - return result; + return result_ssl; } #endif /* USE_OPENSSL */ } else { @@ -1176,7 +1177,7 @@ GOT_FIRST_CERT: } /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ - die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", + die (max_state_alt(result, result_ssl), "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), status_line.http_code, status_line.msg, strlen(msg) > 0 ? " - " : "", @@ -1186,7 +1187,7 @@ GOT_FIRST_CERT: (show_body ? body_buf.buf : ""), (show_body ? "\n" : "") ); - return result; + return max_state_alt(result, result_ssl); } int -- cgit v0.10-9-g596f