From bb16b73130519cf5e93340480c8fd5e7e696a15f Mon Sep 17 00:00:00 2001 From: nafets Date: Mon, 17 Nov 2014 23:00:45 +0100 Subject: added option to exit with an warning, if there is output on STDERR --- plugins/check_by_ssh.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index a877f888..bc172c97 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -49,6 +49,7 @@ unsigned int commands = 0; unsigned int services = 0; int skip_stdout = 0; int skip_stderr = 0; +int warn_on_stderr = 0; char *remotecmd = NULL; char **commargv = NULL; int commargc = 0; @@ -109,7 +110,10 @@ main (int argc, char **argv) if(chld_err.lines > skip_stderr) { printf (_("Remote command execution failed: %s\n"), chld_err.line[skip_stderr]); - return max_state_alt(result, STATE_UNKNOWN); + if ( warn_on_stderr ) + return max_state_alt(result, STATE_WARNING); + else + return max_state_alt(result, STATE_UNKNOWN); } /* this is simple if we're not supposed to be passive. @@ -182,6 +186,7 @@ process_arguments (int argc, char **argv) {"skip", optional_argument, 0, 'S'}, /* backwards compatibility */ {"skip-stdout", optional_argument, 0, 'S'}, {"skip-stderr", optional_argument, 0, 'E'}, + {"warn-on-stderr", no_argument, 0, 'W'}, {"proto1", no_argument, 0, '1'}, {"proto2", no_argument, 0, '2'}, {"use-ipv4", no_argument, 0, '4'}, @@ -301,6 +306,9 @@ process_arguments (int argc, char **argv) else skip_stderr = atoi (optarg); break; + case 'W': /* exit with warning if there is an output on stderr */ + warn_on_stderr = 1; + break; case 'o': /* Extra options for the ssh command */ comm_append("-o"); comm_append(optarg); @@ -408,6 +416,8 @@ print_help (void) printf (" %s\n", _("Ignore all or (if specified) first n lines on STDOUT [optional]")); printf (" %s\n", "-E, --skip-stderr[=n]"); printf (" %s\n", _("Ignore all or (if specified) first n lines on STDERR [optional]")); + printf (" %s\n", "-W, --warn-on-stderr]"); + printf (" %s\n", _("Exit with an warning, if there is an output on STDERR")); printf (" %s\n", "-f"); printf (" %s\n", _("tells ssh to fork rather than create a tty [optional]. This will always return OK if ssh is executed")); printf (" %s\n","-C, --command='COMMAND STRING'"); @@ -460,7 +470,7 @@ print_usage (void) { printf ("%s\n", _("Usage:")); printf (" %s -H -C [-fqv] [-1|-2] [-4|-6]\n" - " [-S [lines]] [-E [lines]] [-t timeout] [-i identity]\n" + " [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n" " [-l user] [-n name] [-s servicelist] [-O outputfile]\n" " [-p port] [-o ssh-option] [-F configfile]\n", progname); -- cgit v1.2.3-74-g34f1 From 05ac8a98a85e748643e6f2ab268587e6f78244f6 Mon Sep 17 00:00:00 2001 From: Elan Ruusamäe Date: Thu, 3 Mar 2016 21:31:27 +0200 Subject: understang ping6 output from iputils package --- plugins/check_ping.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/check_ping.c b/plugins/check_ping.c index 423ecbe5..36de7cf6 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -521,12 +521,13 @@ int error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) { if (strstr (buf, "Network is unreachable") || - strstr (buf, "Destination Net Unreachable") + strstr (buf, "Destination Net Unreachable") || + strstr (buf, "No route") ) die (STATE_CRITICAL, _("CRITICAL - Network Unreachable (%s)\n"), addr); - else if (strstr (buf, "Destination Host Unreachable")) + else if (strstr (buf, "Destination Host Unreachable") || strstr(buf, "Address unreachable")) die (STATE_CRITICAL, _("CRITICAL - Host Unreachable (%s)\n"), addr); - else if (strstr (buf, "Destination Port Unreachable")) + else if (strstr (buf, "Destination Port Unreachable") || strstr(buf, "Port unreachable")) die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Port Unreachable (%s)\n"), addr); else if (strstr (buf, "Destination Protocol Unreachable")) die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Protocol Unreachable (%s)\n"), addr); @@ -534,11 +535,11 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) die (STATE_CRITICAL, _("CRITICAL - Network Prohibited (%s)\n"), addr); else if (strstr (buf, "Destination Host Prohibited")) die (STATE_CRITICAL, _("CRITICAL - Host Prohibited (%s)\n"), addr); - else if (strstr (buf, "Packet filtered")) + else if (strstr (buf, "Packet filtered") || strstr(buf, "Administratively prohibited")) die (STATE_CRITICAL, _("CRITICAL - Packet Filtered (%s)\n"), addr); else if (strstr (buf, "unknown host" )) die (STATE_CRITICAL, _("CRITICAL - Host not found (%s)\n"), addr); - else if (strstr (buf, "Time to live exceeded")) + else if (strstr (buf, "Time to live exceeded") || strstr(buf, "Time exceeded")) die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)\n"), addr); else if (strstr (buf, "Destination unreachable: ")) die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)\n"), addr); -- cgit v1.2.3-74-g34f1 From a1f328900049852d9a2b4c810c28b49e2101e337 Mon Sep 17 00:00:00 2001 From: Ken D Date: Mon, 19 Jun 2017 14:06:05 -0500 Subject: Added option for null zero length string exit codes When using a large distributed network with the same group of checks used against a large number of devices, occationally there are missing cards in a few devices that are present in other devices. Rather than having a large number of unknown results, disable active checking on those large number of result or having to create a unique check configuration for those devices. This option allows you to select an OK, WARNING, CRITICAL or UNKNOWN status while still retaining the default behavior when not present. This also allows a for the check to immediately start checks as intended should the hardware be added that the check is looking for. --- plugins/check_snmp.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index abe54cfb..66d761c6 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -113,6 +113,7 @@ char *authproto = NULL; char *privproto = NULL; char *authpasswd = NULL; char *privpasswd = NULL; +int nulloid = 3; char **oids = NULL; size_t oids_size = 0; char *label; @@ -472,8 +473,16 @@ main (int argc, char **argv) print_thresholds(" thresholds", thlds[i]); } ptr = strpbrk (show, "-0123456789"); - if (ptr == NULL) - die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show); + if (ptr == NULL){ + if (nulloid == 3) + die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show); + else if (nulloid == 0) + die (STATE_OK,_("No valid data returned (%s)\n"), show); + else if (nulloid == 1) + die (STATE_WARNING,_("No valid data returned (%s)\n"), show); + else if (nulloid == 2) + die (STATE_CRITICAL,_("No valid data returned (%s)\n"), show); + } while (i >= response_size) { response_size += OID_COUNT_STEP; response_value = realloc(response_value, response_size * sizeof(*response_value)); @@ -661,6 +670,7 @@ process_arguments (int argc, char **argv) {"oid", required_argument, 0, 'o'}, {"object", required_argument, 0, 'o'}, {"delimiter", required_argument, 0, 'd'}, + {"nulloid", required_argument, 0, 'z'}, {"output-delimiter", required_argument, 0, 'D'}, {"string", required_argument, 0, 's'}, {"timeout", required_argument, 0, 't'}, @@ -705,7 +715,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", + c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:z:", longopts, &option); if (c == -1 || c == EOF) @@ -816,6 +826,12 @@ process_arguments (int argc, char **argv) eval_method[j+1] |= CRIT_PRESENT; } break; + case 'z': /* Null OID Return Check */ + if (!is_integer (optarg)) + usage2 (_("Exit status must be a positive integer"), optarg); + else + nulloid = atoi(optarg); + break; case 's': /* string or substring */ strncpy (string_value, optarg, sizeof (string_value) - 1); string_value[sizeof (string_value) - 1] = 0; @@ -1181,6 +1197,14 @@ print_help (void) printf (" %s \"%s\"\n", _("Delimiter to use when parsing returned data. Default is"), DEFAULT_DELIMITER); printf (" %s\n", _("Any data on the right hand side of the delimiter is considered")); printf (" %s\n", _("to be the data that should be used in the evaluation.")); + printf (" %s\n", "-z, --nulloid=#"); + printf (" %s\n", _("If the check returns a 0 length string or NULL value")); + printf (" %s\n", _("This option allows you to choose what status you want it to exit")); + printf (" %s\n", _("Excluding this option renders the default exit of 3(STATE_UNKNOWN)")); + printf (" %s\n", _("0 = OK")); + printf (" %s\n", _("1 = WARNING")); + printf (" %s\n", _("2 = CRITICAL")); + printf (" %s\n", _("3 = UNKNOWN")); /* Tests Against Integers */ printf (" %s\n", "-w, --warning=THRESHOLD(s)"); -- cgit v1.2.3-74-g34f1 From 69fed9d08363085e8f6689bc8c9df2e9ad0f4cdb Mon Sep 17 00:00:00 2001 From: Ken D Date: Mon, 27 Aug 2018 09:53:11 -0500 Subject: Updated int state to human readable --- plugins/check_snmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 66d761c6..bd13e579 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -113,7 +113,7 @@ char *authproto = NULL; char *privproto = NULL; char *authpasswd = NULL; char *privpasswd = NULL; -int nulloid = 3; +int nulloid = STATE_UNKNOWN; char **oids = NULL; size_t oids_size = 0; char *label; -- cgit v1.2.3-74-g34f1 From 3b252b9ae61b5e5c577ea57f3c6bf00c3bb7517d Mon Sep 17 00:00:00 2001 From: "Mark A. Ziesemer" Date: Sat, 22 Jan 2022 08:58:59 -0600 Subject: Trivial source code formatting only: Use tabs consistently for source code indentation (whitespace), as per https://github.com/monitoring-plugins/monitoring-plugins/blob/master/CODING . (#1424) Looks good, thank you very much. --- plugins/check_ping.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) (limited to 'plugins') diff --git a/plugins/check_ping.c b/plugins/check_ping.c index 5ea11294..741f732e 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -140,7 +140,7 @@ main (int argc, char **argv) if (pl == UNKNOWN_PACKET_LOSS || rta < 0.0) { printf ("%s\n", cmd); die (STATE_UNKNOWN, - _("CRITICAL - Could not interpret output from ping command\n")); + _("CRITICAL - Could not interpret output from ping command\n")); } if (pl >= cpl || rta >= crta || rta < 0) @@ -554,7 +554,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) if (warn_text == NULL) warn_text = strdup (_(WARN_DUPLICATES)); else if (! strstr (warn_text, _(WARN_DUPLICATES)) && - xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1) + xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1) die (STATE_UNKNOWN, _("Unable to realloc warn_text\n")); return (STATE_WARNING); } @@ -574,7 +574,7 @@ print_help (void) printf (_("Use ping to check connection statistics for a remote host.")); - printf ("\n\n"); + printf ("\n\n"); print_usage (); @@ -584,29 +584,29 @@ print_help (void) printf (UT_IPv46); printf (" %s\n", "-H, --hostname=HOST"); - printf (" %s\n", _("host to ping")); - printf (" %s\n", "-w, --warning=THRESHOLD"); - printf (" %s\n", _("warning threshold pair")); - printf (" %s\n", "-c, --critical=THRESHOLD"); - printf (" %s\n", _("critical threshold pair")); - printf (" %s\n", "-p, --packets=INTEGER"); - printf (" %s ", _("number of ICMP ECHO packets to send")); - printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS); - printf (" %s\n", "-L, --link"); - printf (" %s\n", _("show HTML in the plugin output (obsoleted by urlize)")); + printf (" %s\n", _("host to ping")); + printf (" %s\n", "-w, --warning=THRESHOLD"); + printf (" %s\n", _("warning threshold pair")); + printf (" %s\n", "-c, --critical=THRESHOLD"); + printf (" %s\n", _("critical threshold pair")); + printf (" %s\n", "-p, --packets=INTEGER"); + printf (" %s ", _("number of ICMP ECHO packets to send")); + printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS); + printf (" %s\n", "-L, --link"); + printf (" %s\n", _("show HTML in the plugin output (obsoleted by urlize)")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); - printf ("\n"); + printf ("\n"); printf ("%s\n", _("THRESHOLD is ,% where is the round trip average travel")); - printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and is the")); - printf ("%s\n", _("percentage of packet loss to trigger an alarm state.")); + printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and is the")); + printf ("%s\n", _("percentage of packet loss to trigger an alarm state.")); - printf ("\n"); + printf ("\n"); printf ("%s\n", _("This plugin uses the ping command to probe the specified host for packet loss")); - printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output")); - printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in")); - printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/")); + printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output")); + printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in")); + printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/")); printf (UT_SUPPORT); } @@ -614,7 +614,7 @@ print_help (void) void print_usage (void) { - printf ("%s\n", _("Usage:")); + printf ("%s\n", _("Usage:")); printf ("%s -H -w ,%% -c ,%%\n", progname); - printf (" [-p packets] [-t timeout] [-4|-6]\n"); + printf (" [-p packets] [-t timeout] [-4|-6]\n"); } -- cgit v1.2.3-74-g34f1 From cf669f5ff51b746569ded30e990b9d53e5234da0 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sat, 22 Jan 2022 22:23:13 +0100 Subject: Trivial printf fix and a little bit of code style (#1695) * Fix several warnings (and some downright bugs probably) with formating in check_disk Update to master * Fix merge error, I forgot the last time * Fix indentation Co-authored-by: rincewind --- plugins/check_disk.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 54befcad..9652f453 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -230,8 +230,10 @@ main (int argc, char **argv) /* Process for every path in list */ for (path = path_select_list; path; path=path->name_next) { if (verbose >= 3 && path->freespace_percent->warning != NULL && path->freespace_percent->critical != NULL) - printf("Thresholds(pct) for %s warn: %f crit %f\n",path->name, path->freespace_percent->warning->end, - path->freespace_percent->critical->end); + printf("Thresholds(pct) for %s warn: %f crit %f\n", + path->name, + path->freespace_percent->warning->end, + path->freespace_percent->critical->end); if (verbose >= 3 && path->group != NULL) printf("Group of %s: %s\n",path->name,path->group); -- cgit v1.2.3-74-g34f1 From b14e251d0f28cc2acb93df79da099bb3cdb5ec08 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 21 Jan 2022 11:04:14 +0100 Subject: Implements 'host-alive' mode (Closes. #1027) To reduce the check-duration, it addes a host-alive flag which stops testing after the first successful reply. --- plugins/check_fping.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 521d0fef..540650ae 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -65,6 +65,7 @@ double crta; double wrta; int cpl_p = FALSE; int wpl_p = FALSE; +int alive_p = FALSE; int crta_p = FALSE; int wrta_p = FALSE; @@ -150,6 +151,19 @@ main (int argc, char **argv) if (result = spclose (child_process)) /* need to use max_state not max */ status = max_state (status, STATE_WARNING); + if (alive_p && strstr (buf, "avg, 0% loss)")){ + rtastr = strstr (buf, "ms ("); + rtastr = 1 + index (rtastr, '('); + rta = strtod (rtastr, NULL); + loss=strtod ("0",NULL); + die (STATE_OK, + _("FPING %s - %s (rta=%f ms)|%s %s\n"), + state_text (STATE_OK), server_name,rta, + perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), + fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0)); + + } + if (result > 1 ) { status = max_state (status, STATE_UNKNOWN); @@ -275,6 +289,9 @@ process_arguments (int argc, char **argv) static struct option longopts[] = { {"hostname", required_argument, 0, 'H'}, {"sourceip", required_argument, 0, 'S'}, + case 'a': /* host alive mode */ + alive_p = TRUE; + break; {"sourceif", required_argument, 0, 'I'}, {"critical", required_argument, 0, 'c'}, {"warning", required_argument, 0, 'w'}, @@ -304,7 +321,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "+hVvH:S:c:w:b:n:T:i:I:46", longopts, &option); + c = getopt_long (argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:46", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -416,6 +433,9 @@ get_threshold (char *arg, char *rv[2]) arg2 = 1 + strpbrk (arg1, ",:"); if (arg2) { + printf (" %s\n", "-a"); + printf (" %s\n", _("Return OK after first successfull reply")); + arg1[strcspn (arg1, ",:")] = 0; if (strstr (arg1, "%") && strstr (arg2, "%")) die (STATE_UNKNOWN, -- cgit v1.2.3-74-g34f1 From 3bcc64396d8768d984eb58eb0a80213c2a8528ca Mon Sep 17 00:00:00 2001 From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com> Date: Sat, 22 Jan 2022 20:01:49 +0100 Subject: Fixes the positioning of the code and some other changes --- plugins/check_fping.c | 53 +++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 27 deletions(-) (limited to 'plugins') diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 540650ae..be9362ad 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -37,6 +37,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "popen.h" #include "netutils.h" #include "utils.h" +#include enum { PACKET_COUNT = 1, @@ -65,7 +66,7 @@ double crta; double wrta; int cpl_p = FALSE; int wpl_p = FALSE; -int alive_p = FALSE; +bool alive_p = FALSE; int crta_p = FALSE; int wrta_p = FALSE; @@ -148,23 +149,12 @@ main (int argc, char **argv) (void) fclose (child_stderr); /* close the pipe */ - if (result = spclose (child_process)) + result = spclose (child_process); + if (result) { /* need to use max_state not max */ status = max_state (status, STATE_WARNING); - if (alive_p && strstr (buf, "avg, 0% loss)")){ - rtastr = strstr (buf, "ms ("); - rtastr = 1 + index (rtastr, '('); - rta = strtod (rtastr, NULL); - loss=strtod ("0",NULL); - die (STATE_OK, - _("FPING %s - %s (rta=%f ms)|%s %s\n"), - state_text (STATE_OK), server_name,rta, - perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), - fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0)); - } - if (result > 1 ) { status = max_state (status, STATE_UNKNOWN); if (result == 2) { @@ -185,10 +175,7 @@ main (int argc, char **argv) } - -int -textscan (char *buf) -{ +int textscan (char *buf) { char *rtastr = NULL; char *losstr = NULL; char *xmtstr = NULL; @@ -197,6 +184,20 @@ textscan (char *buf) double xmt; int status = STATE_UNKNOWN; + /* stops testing after the first successful reply. */ + if (alive_p && strstr(buf, "avg, 0% loss)")) { + rtastr = strstr (buf, "ms ("); + rtastr = 1 + index(rtastr, '('); + rta = strtod(rtastr, NULL); + loss=strtod("0",NULL); + die (STATE_OK, + _("FPING %s - %s (rta=%f ms)|%s\n"), + state_text (STATE_OK), server_name,rta, + /* No loss since we only waited for the first reply + perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), */ + fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0)); + } + if (strstr (buf, "not found")) { die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name); @@ -289,12 +290,10 @@ process_arguments (int argc, char **argv) static struct option longopts[] = { {"hostname", required_argument, 0, 'H'}, {"sourceip", required_argument, 0, 'S'}, - case 'a': /* host alive mode */ - alive_p = TRUE; - break; {"sourceif", required_argument, 0, 'I'}, {"critical", required_argument, 0, 'c'}, {"warning", required_argument, 0, 'w'}, + {"alive", no_argument, 0, 'a'}, {"bytes", required_argument, 0, 'b'}, {"number", required_argument, 0, 'n'}, {"target-timeout", required_argument, 0, 'T'}, @@ -329,6 +328,9 @@ process_arguments (int argc, char **argv) switch (c) { case '?': /* print short usage statement if args not parsable */ usage5 (); + case 'a': /* host alive mode */ + alive_p = TRUE; + break; case 'h': /* help */ print_help (); exit (STATE_UNKNOWN); @@ -433,9 +435,6 @@ get_threshold (char *arg, char *rv[2]) arg2 = 1 + strpbrk (arg1, ",:"); if (arg2) { - printf (" %s\n", "-a"); - printf (" %s\n", _("Return OK after first successfull reply")); - arg1[strcspn (arg1, ",:")] = 0; if (strstr (arg1, "%") && strstr (arg2, "%")) die (STATE_UNKNOWN, @@ -466,9 +465,7 @@ get_threshold (char *arg, char *rv[2]) } -void -print_help (void) -{ +void print_help (void) { print_revision (progname, NP_VERSION); @@ -494,6 +491,8 @@ print_help (void) printf (" %s\n", _("warning threshold pair")); printf (" %s\n", "-c, --critical=THRESHOLD"); printf (" %s\n", _("critical threshold pair")); + printf (" %s\n", "-a, --alive"); + printf (" %s\n", _("Return OK after first successfull reply")); printf (" %s\n", "-b, --bytes=INTEGER"); printf (" %s (default: %d)\n", _("size of ICMP packet"),PACKET_SIZE); printf (" %s\n", "-n, --number=INTEGER"); -- cgit v1.2.3-74-g34f1 From e2397167c7e5c7a02b68de45de946f63706e7d12 Mon Sep 17 00:00:00 2001 From: datamuc Date: Tue, 25 Jan 2022 10:57:02 +0100 Subject: add --queryname parameter to check_pgsql (#1741) This is used in the long output instead of the actual query. So instead of OK - 'select stuff from various, tables where some_stuff is null and other_stuff is not null' returned 42 one can use --queryname=check_greatest_basket and it will print OK - check_greatest_basket returned 42 That's nicer for alerting purposes, at least in our use case. --- plugins/check_pgsql.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index b8fc5f1d..c893386c 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -85,6 +85,8 @@ char *pgparams = NULL; double twarn = (double)DEFAULT_WARN; double tcrit = (double)DEFAULT_CRIT; char *pgquery = NULL; +#define OPTID_QUERYNAME -1000 +char *pgqueryname = NULL; char *query_warning = NULL; char *query_critical = NULL; thresholds *qthresholds = NULL; @@ -285,6 +287,7 @@ process_arguments (int argc, char **argv) {"database", required_argument, 0, 'd'}, {"option", required_argument, 0, 'o'}, {"query", required_argument, 0, 'q'}, + {"queryname", required_argument, 0, OPTID_QUERYNAME}, {"query_critical", required_argument, 0, 'C'}, {"query_warning", required_argument, 0, 'W'}, {"verbose", no_argument, 0, 'v'}, @@ -368,6 +371,9 @@ process_arguments (int argc, char **argv) case 'q': pgquery = optarg; break; + case OPTID_QUERYNAME: + pgqueryname = optarg; + break; case 'v': verbose++; break; @@ -529,6 +535,9 @@ print_help (void) printf (" %s\n", "-q, --query=STRING"); printf (" %s\n", _("SQL query to run. Only first column in first row will be read")); + printf (" %s\n", "--queryname=STRING"); + printf (" %s\n", _("A name for the query, this string is used instead of the query")); + printf (" %s\n", _("in the long output of the plugin")); printf (" %s\n", "-W, --query-warning=RANGE"); printf (" %s\n", _("SQL query value to result in warning status (double)")); printf (" %s\n", "-C, --query-critical=RANGE"); @@ -642,7 +651,13 @@ do_query (PGconn *conn, char *query) : (my_status == STATE_CRITICAL) ? _("CRITICAL") : _("UNKNOWN")); - printf (_("'%s' returned %f"), query, value); + if(pgqueryname) { + printf (_("%s returned %f"), pgqueryname, value); + } + else { + printf (_("'%s' returned %f"), query, value); + } + printf ("|query=%f;%s;%s;;\n", value, query_warning ? query_warning : "", query_critical ? query_critical : ""); -- cgit v1.2.3-74-g34f1 From 737412f7391ae430a51e8f2c2a3b1ab2d35a6394 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 29 Jan 2022 11:11:36 +0100 Subject: check_http and check_curl: added --max-redirs=N option (feature #1684) --- plugins/check_curl.c | 16 ++++++++++++++-- plugins/check_http.c | 20 ++++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 14cc8463..32d919fe 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -66,13 +66,13 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_BUFFER_SIZE 2048 #define DEFAULT_SERVER_URL "/" #define HTTP_EXPECT "HTTP/" -#define DEFAULT_MAX_REDIRS 15 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN enum { MAX_IPV4_HOSTLENGTH = 255, HTTP_PORT = 80, HTTPS_PORT = 443, - MAX_PORT = 65535 + MAX_PORT = 65535, + DEFAULT_MAX_REDIRS = 15 }; enum { @@ -1210,6 +1210,7 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, + MAX_REDIRS_OPTION, CA_CERT_OPTION, HTTP_VERSION_OPTION, AUTOMATIC_DECOMPRESSION @@ -1254,6 +1255,7 @@ process_arguments (int argc, char **argv) {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, {"show-body", no_argument, 0, 'B'}, + {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, {0, 0, 0, 0} @@ -1512,6 +1514,13 @@ process_arguments (int argc, char **argv) use_sni = TRUE; break; #endif /* LIBCURL_FEATURE_SSL */ + case MAX_REDIRS_OPTION: + if (!is_intnonneg (optarg)) + usage2 (_("Invalid max_redirs count"), optarg); + else { + max_depth = atoi (optarg); + } + break; case 'f': /* onredirect */ if (!strcmp (optarg, "ok")) onredirect = STATE_OK; @@ -1854,6 +1863,9 @@ print_help (void) printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); printf (" %s\n", _("follow uses the old redirection algorithm of check_http.")); printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl.")); + printf (" %s\n", "--max-redirs=INTEGER"); + printf (" %s", _("Maximal number of redirects (default: ")); + printf ("%d)\n", DEFAULT_MAX_REDIRS); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); printf ("\n"); diff --git a/plugins/check_http.c b/plugins/check_http.c index 34fb4f01..df2a79c2 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -52,7 +52,8 @@ enum { MAX_IPV4_HOSTLENGTH = 255, HTTP_PORT = 80, HTTPS_PORT = 443, - MAX_PORT = 65535 + MAX_PORT = 65535, + DEFAULT_MAX_REDIRS = 15 }; #ifdef HAVE_SSL @@ -125,7 +126,7 @@ int sd; int min_page_len = 0; int max_page_len = 0; int redir_depth = 0; -int max_depth = 15; +int max_depth = DEFAULT_MAX_REDIRS; char *http_method; char *http_method_proxy; char *http_post_data; @@ -203,7 +204,8 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, - SNI_OPTION + SNI_OPTION, + MAX_REDIRS_OPTION }; int option = 0; @@ -242,6 +244,7 @@ process_arguments (int argc, char **argv) {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, {"show-body", no_argument, 0, 'B'}, + {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, {0, 0, 0, 0} }; @@ -373,6 +376,13 @@ process_arguments (int argc, char **argv) case SNI_OPTION: use_sni = TRUE; break; + case MAX_REDIRS_OPTION: + if (!is_intnonneg (optarg)) + usage2 (_("Invalid max_redirs count"), optarg); + else { + max_depth = atoi (optarg); + } + break; case 'f': /* onredirect */ if (!strcmp (optarg, "stickyport")) onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; @@ -1657,9 +1667,11 @@ print_help (void) printf (" %s\n", "-f, --onredirect="); printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the")); printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); + printf (" %s\n", "--max-redirs=INTEGER"); + printf (" %s", _("Maximal number of redirects (default: ")); + printf ("%d)\n", DEFAULT_MAX_REDIRS); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); - printf (UT_WARN_CRIT); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); -- cgit v1.2.3-74-g34f1 From ee2a60fc4e26828b115051564706f8fbc4c4b153 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 27 Jan 2022 10:00:58 +0100 Subject: fixed -ffollow for HTTP/2.0 (Fixes #1685): added major_version parsing to PicoHTTPParser --- plugins/check_curl.c | 6 +++--- plugins/picohttpparser/picohttpparser.c | 30 ++++++++++++++++++------------ plugins/picohttpparser/picohttpparser.h | 4 ++-- 3 files changed, 23 insertions(+), 17 deletions(-) (limited to 'plugins') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 32d919fe..7da84de4 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1054,7 +1054,7 @@ redir (curlhelp_write_curlbuf* header_buf) char *new_url; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); location = get_header_value (headers, nof_headers, "location"); @@ -2200,7 +2200,7 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA size_t msglen; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); server_date = get_header_value (headers, nof_headers, "date"); @@ -2258,7 +2258,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri curlhelp_statusline status_line; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); content_length_s = get_header_value (headers, nof_headers, "content-length"); diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c index 74ccc3ef..d9680b79 100644 --- a/plugins/picohttpparser/picohttpparser.c +++ b/plugins/picohttpparser/picohttpparser.c @@ -242,7 +242,7 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last } while (0) /* returned pointer is always within [buf, buf_end), or null */ -static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret) +static const char *parse_http_version(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *ret) { /* we want at least [HTTP/1.] to try to parse */ if (buf_end - buf < 9) { @@ -254,9 +254,13 @@ static const char *parse_http_version(const char *buf, const char *buf_end, int EXPECT_CHAR_NO_CHECK('T'); EXPECT_CHAR_NO_CHECK('P'); EXPECT_CHAR_NO_CHECK('/'); - EXPECT_CHAR_NO_CHECK('1'); - EXPECT_CHAR_NO_CHECK('.'); - PARSE_INT(minor_version, 1); + PARSE_INT(major_version, 1); + if (*major_version == 1) { + EXPECT_CHAR_NO_CHECK('.'); + PARSE_INT(minor_version, 1); + } else { + *minor_version = 0; + } return buf; } @@ -339,7 +343,7 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph } static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path, - size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, + size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) { /* skip first empty line (some clients add CRLF after POST content) */ @@ -364,7 +368,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha *ret = -1; return NULL; } - if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) { return NULL; } if (*buf == '\015') { @@ -381,7 +385,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha } int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path, - size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) + size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) { const char *buf = buf_start, *buf_end = buf_start + len; size_t max_headers = *num_headers; @@ -391,6 +395,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si *method_len = 0; *path = NULL; *path_len = 0; + *major_version = -1; *minor_version = -1; *num_headers = 0; @@ -400,7 +405,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si return r; } - if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers, + if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, major_version, minor_version, headers, num_headers, max_headers, &r)) == NULL) { return r; } @@ -408,11 +413,11 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si return (int)(buf - buf_start); } -static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg, +static const char *parse_response(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) { /* parse "HTTP/1.x" */ - if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) { return NULL; } /* skip space */ @@ -451,13 +456,14 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); } -int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, +int phr_parse_response(const char *buf_start, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t last_len) { const char *buf = buf_start, *buf_end = buf + len; size_t max_headers = *num_headers; int r; + *major_version = -1; *minor_version = -1; *status = 0; *msg = NULL; @@ -470,7 +476,7 @@ int phr_parse_response(const char *buf_start, size_t len, int *minor_version, in return r; } - if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { + if ((buf = parse_response(buf, buf_end, major_version, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { return r; } diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h index 0849f844..8f13b36f 100644 --- a/plugins/picohttpparser/picohttpparser.h +++ b/plugins/picohttpparser/picohttpparser.h @@ -49,10 +49,10 @@ struct phr_header { /* returns number of bytes consumed if successful, -2 if request is partial, * -1 if failed */ int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len, - int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); + int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); /* ditto */ -int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, +int phr_parse_response(const char *_buf, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t last_len); /* ditto */ -- cgit v1.2.3-74-g34f1 From 31bdbfce92de2dc7717fe13a8d1ca8e7dbf850d4 Mon Sep 17 00:00:00 2001 From: Tobias Wiese Date: Sun, 23 May 2021 01:39:15 +0200 Subject: sslutils: use chain from client certificates sslutils used to load only the first certificate when it was given a client certificate file. Added tests for check_http to connect to a http server that expects a client certificate (simple and with chain). Signed-off-by: Tobias Wiese --- plugins/sslutils.c | 2 +- plugins/tests/certs/.gitignore | 2 + plugins/tests/certs/client-cert.pem | 22 ++ plugins/tests/certs/client-key.pem | 28 +++ plugins/tests/certs/clientca-cert.pem | 25 +++ plugins/tests/certs/clientca-key.pem | 28 +++ plugins/tests/certs/clientchain-cert.pem | 45 +++++ plugins/tests/certs/clientchain-key.pem | 28 +++ plugins/tests/certs/clientintermediate-cert.pem | 23 +++ plugins/tests/certs/clientintermediate-key.pem | 28 +++ plugins/tests/certs/expired-cert.pem | 32 +-- plugins/tests/certs/expired-key.pem | 52 ++--- plugins/tests/certs/ext.cnf | 2 + plugins/tests/certs/generate-certs.sh | 63 ++++++ plugins/tests/certs/server-cert.pem | 44 ++-- plugins/tests/certs/server-key.pem | 52 ++--- plugins/tests/check_curl.t | 10 +- plugins/tests/check_http.t | 256 ++++++++++++++---------- 18 files changed, 538 insertions(+), 204 deletions(-) create mode 100644 plugins/tests/certs/.gitignore create mode 100644 plugins/tests/certs/client-cert.pem create mode 100644 plugins/tests/certs/client-key.pem create mode 100644 plugins/tests/certs/clientca-cert.pem create mode 100644 plugins/tests/certs/clientca-key.pem create mode 100644 plugins/tests/certs/clientchain-cert.pem create mode 100644 plugins/tests/certs/clientchain-key.pem create mode 100644 plugins/tests/certs/clientintermediate-cert.pem create mode 100644 plugins/tests/certs/clientintermediate-key.pem create mode 100644 plugins/tests/certs/ext.cnf create mode 100755 plugins/tests/certs/generate-certs.sh (limited to 'plugins') diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 14f6579d..286273f6 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -134,7 +134,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int return STATE_CRITICAL; } if (cert && privkey) { - SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM); + SSL_CTX_use_certificate_chain_file(c, cert); SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); #ifdef USE_OPENSSL if (!SSL_CTX_check_private_key(c)) { diff --git a/plugins/tests/certs/.gitignore b/plugins/tests/certs/.gitignore new file mode 100644 index 00000000..79acaaa5 --- /dev/null +++ b/plugins/tests/certs/.gitignore @@ -0,0 +1,2 @@ +/*.csr +/*.srl diff --git a/plugins/tests/certs/client-cert.pem b/plugins/tests/certs/client-cert.pem new file mode 100644 index 00000000..5709750d --- /dev/null +++ b/plugins/tests/certs/client-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtDCCApwCAQIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD +VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp +bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB +MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X +DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgZ4xCzAJBgNVBAYTAkRFMRAw +DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0 +b3JpbmcgUGx1Z2luczEiMCAGA1UEAwwZTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu +dDErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3EiqfFPomm5dZQPGYG5SrF +rPvyqseXTzCkwUIUzGf+Sfm3s13zx7e3ije/04yKhTXgK59EQ793q7E2aWhSOz3s +hwKKdylFkOIyc5jgbAfF1/pLZMK209rLt/mMRksXCRXYrHdTjRMx1ev4C2407+8Y +8qkf77DuYQmUqCQe7DPOvqLeagdw9JcLGmQNTKHg3fl6wyRl5K1Bsy+qXu2XvEjZ +0Ng7n8LHjOUkTqUEJndOxci9gL5cHU5ttul/GW34dKOtTuMU/pQX6/ywYusOGVOx +RYI76OolRqj5BqbNctDIB/obe2RLo+UVx74/0jAxtH4XS23pYjO7NUpJcytsVG8C +AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYfaY5n4pCq0NWPCdeVVRr4nr+GAfv1TC +/PKcGuEoJZKt7TQT+OOA5yeZMZb53OvtA49D1r9aoJzWe946KElWOEBqxDRi5Cdr +wkqpwGcPT2RfAqA3/cvQZ1XsquboXrCf7ajdl5OC64bs2jkqCFh9gnxuI140g8Ar +Njol8BFxRPaYWOnwuQwmh/2t0FJqr3WSD85HrNqtxUSNGbTdSsvCfgF0v7QVkvLG +3/cbx6z5hxzj2JUjhMnCvn+EbasoJt4xyBFvg67Q2229SMwu9YNqS63GVoKUqhCB +4Gl5v31qx8dAFKuRvnez3ze/6oohwmakZkst4hcQdgZocHhzesvKlg== +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/client-key.pem b/plugins/tests/certs/client-key.pem new file mode 100644 index 00000000..09b6761d --- /dev/null +++ b/plugins/tests/certs/client-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNxIqnxT6JpuXW +UDxmBuUqxaz78qrHl08wpMFCFMxn/kn5t7Nd88e3t4o3v9OMioU14CufREO/d6ux +NmloUjs97IcCincpRZDiMnOY4GwHxdf6S2TCttPay7f5jEZLFwkV2Kx3U40TMdXr ++AtuNO/vGPKpH++w7mEJlKgkHuwzzr6i3moHcPSXCxpkDUyh4N35esMkZeStQbMv +ql7tl7xI2dDYO5/Cx4zlJE6lBCZ3TsXIvYC+XB1Obbbpfxlt+HSjrU7jFP6UF+v8 +sGLrDhlTsUWCO+jqJUao+QamzXLQyAf6G3tkS6PlFce+P9IwMbR+F0tt6WIzuzVK +SXMrbFRvAgMBAAECggEBALtc2pB3p0E6KpAiEU0pvCRdSO1FgsIpAd+eNadRPur2 +fi+XWQkUwGeGBaJL1npja3aqP65PP40pj7nWfNaUAgOZyznCEU0QXiPJor6yo0vU +l5v+aKpwRao107i0RRF80TYGTMx+1LeEqnCqNOZN56gERHlBbkTiWpOZvBzf1143 +oegTcyM6+Ee6+FYNhHaDyIYD0md1S2wGR+IBPet6HwWiakLNKahFPa7lOLIKfmmD +iTtifcbf4724wSe44a0uTeP4JrquZSeIKakm8MEmffmYqpycnaakYefd0Xc5UEsH ++VbhKpOWGY3d8FKHqUsTa+6QyXb2uFPo6A+yWm0pdJECgYEA7Prd5sbWACvXOcHT +ONDBAgyfAVDQwOXi3D4dk6D5mg+/jxl5ZQY5slszJrwsLFtoEzXtYpNfTy3cpNOp +JLbBDZYnqty+5tD8t3/Zv2IBXCAgvuk5CgfJWP5FNAfiyUEE6Vbp6J/5/vAnODsa +fxZryN5UsH0X8ew7AlbfcVNyj4kCgYEA3khetIgn+GR6sv9jFRdCT6aJbp0xMsms +6F4v3L5FG4Kp+SwDHL1bVOhieJ5g8odYp9hDbgTEEqbJfNmyCOu9+OQmZ/mztku7 +6reU8HhYBIvi+hFeJmvqKpdIgU0Zveg4Bst5QordmhPk8AHjBC4xvQ++uh7rwYKd +WVsS08bGDjcCgYEAlAuNARUKsASzakOqHv5a9VrJIttH7povBYRQmd+gzxwzgcRa +UEB5XvEWnYZE2lkoRYgVCtYiXqa6BsasDmGVbVV25okNQckhd8mJUMR7MQBpNJsi +pR+EK/J9bSnYBf52gQdpDYiTdy60ca6KuQZaw5wRsEgV426+1pFK+dM16HECgYBY +cTsdYb9lmbUoW201CxgbUQwFsw3MQ2pE2pT4o8wjcg3nUpe6a61XT08+5uV0Gl4w +CmBp+gN52Fr7DjNEUWg5C64sWLIkqmWOspTUSU3cITyiex6W8wEtCRyUNfU0Fp2U +Nol87HvXvmqtBFMraqXnr8gXjg4H5MxurUoEcWaEaQKBgCT4iIGZwW0Qf2rkFC7B +xObzVGefivVVbaf8/c/LRO8TMLdnExkShMOmCzHeHV4mMEZDLbMOusHCI7xm10EX +l3L1I1Kyqnhm1RH3e7TVWgkTmIDW3V5Fgrhm1jx5Iz6et4sb4Uh+bZq9tTLyqfZY +8s0yJUrfpjRggfk7eUs5s7aY +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/clientca-cert.pem b/plugins/tests/certs/clientca-cert.pem new file mode 100644 index 00000000..9ce7cd7d --- /dev/null +++ b/plugins/tests/certs/clientca-cert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIzCCAwugAwIBAgIUL9Jfp5zv5B29NgDsNEFU2OM/UHswDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN +dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwbTW9u +aXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBt +b25pdG9yaW5nLXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIx +MDIxMVowgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQH +DAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwb +TW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZl +bEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAyxiWsGrsJFHw3VR0pqHviXUfbfKMw8LaCxI5EQZfInsMVkBIGWEW +tFW6qDuAOsMdzsrKOnQRNNt852ts/0Uz++z8zysoauAGpc4JnCZuM5A1DU5CFXBx +w6Ax+1ft3UsTt8C6kfLfs8mPCbtNVqAHrMrIqDxsNSRRxQSqkzp1vD8rwSKcbB1h +u2+lut1bEqMe7dp89jKOtc6G/1tHUFQuLAGFoX/qk9yPscmQNzL6YbLP4m9r/416 +PsxWsAfyY97hmoYo6mSCue5LmeanOsjf4Kzq90hIJRwrpiUGmxGjW+tPLEhQBZw6 +C2wHyN74YIJYX2xREz2ijT0mgsqdhO5ZxwIDAQABo1MwUTAdBgNVHQ4EFgQUtsP9 +Z3fKkhmFp97Kh/cW/UqHMIMwHwYDVR0jBBgwFoAUtsP9Z3fKkhmFp97Kh/cW/UqH +MIMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApO5o+YECwTEv +s+elDJZQ20UYwDSiU9Lpf4EcdnRv6FAb5UlhfRTH3ZdKCc/HX7kcKuy3PsF+b8Pw +EusoKito9OlNEOF5HYAI9/J54/qceqn+SC0INsISeE19PvT0dma7lBSj4OvBv0IS +GYbdztVaKLWqYgYs0mcEzteUc4MZcy1/C+Ru1i1Kp2s9/vIeAw2PV2+kpWtw88Pb +FRJomGngP/hQdwniayCltG/Q1smS4iFEHNI5ayLZj1qJGMHwzqGiRr4KknJKfHzv +fl4NQaFyMY31s1FRIS6QVIRFHVzUAlKZTdzwqEJygg3fUS9n9uDBnyDI/sW7DQuj +yjSmYRS1hw== +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/clientca-key.pem b/plugins/tests/certs/clientca-key.pem new file mode 100644 index 00000000..a939f035 --- /dev/null +++ b/plugins/tests/certs/clientca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLGJawauwkUfDd +VHSmoe+JdR9t8ozDwtoLEjkRBl8iewxWQEgZYRa0VbqoO4A6wx3Oyso6dBE023zn +a2z/RTP77PzPKyhq4AalzgmcJm4zkDUNTkIVcHHDoDH7V+3dSxO3wLqR8t+zyY8J +u01WoAesysioPGw1JFHFBKqTOnW8PyvBIpxsHWG7b6W63VsSox7t2nz2Mo61zob/ +W0dQVC4sAYWhf+qT3I+xyZA3Mvphss/ib2v/jXo+zFawB/Jj3uGahijqZIK57kuZ +5qc6yN/grOr3SEglHCumJQabEaNb608sSFAFnDoLbAfI3vhgglhfbFETPaKNPSaC +yp2E7lnHAgMBAAECggEAJqAWiJbNMlsjI/Tb+pTxqYLM52wpuVFlhpWApOxBS517 +SywOikUcvE9RoI0wZfyVvq5yp4tLenID3z9fC21t5Yu8yOm8VhclLINy8G+epc/X +RyCLEOjBuiLNXq/qXRvaNChDU16NjPPYcFFe9AqbaxFl+BkFu1Wc94tbpYSIv7Qt +L6iBxUTXdgvLM5doa9AazIQzJx+jUsVCgRVQQf3zsLqtp9hH0Pfq+KWFIy5TA+bG +0NFmYyQndRjtT0ihWGuNU7D8AXa+z7abzk+HydIlx4D//vGgdNq92QYPdnu2BBya +5Fs6LkmkUonX/I8FbkLbRKkQWNPMt+Ks21t3xcVBgQKBgQDn4HuHVCPwxgU6Mv+5 +0sHJXYBq1fDzrUt0+iTtYkRqViX+9Mp4sUpYgXext/wXFLcKzQQp5B0g1dLYLSRS +KwhsdiN0J7ZcoP1GMStw8zsayRTf8C3WRU6aACqyFiylYbyh56XomfYgwhja/7l9 +pzpVJD9ecG+mLVAyAkJtK2JolQKBgQDgOZfvrQj0L4QG+9E5VmFc3PE+6k3g+zDO +MWqTSh0fOHqdTEyet4bMC4DogXGVsvw0/UKwbrGHOk0+ltA5VyKUtK/whSutr/+S +nhCHljhV0XUN/I3OFcvezFjM3g0oC4uy1cL30hoM4IfeHM1d3EYse9N1Y/Op+mR6 +Sx+fEku16wKBgQC0KQ7RjuZ95N2a4pUe5En9EtD8MU4Nhs/iC5k1d+yAUn8jIT9P +lzCUo8NEKheMN2Qg2Dor8jlPkdNIc4qM7TKWUxQo49IlFlCzgPCnydRac3HsrMhw +e1ke/pIt3FzEArR1d27I0xcRTL3TKm4M2ynPjWJPFj0peHue33KNL/A+IQKBgEpL +awd0Sxo1wEZcG9gmwf32C01wbzuTn3lCsHB7Ryj4GtCR3nVclCJ50U24zjzu4Fhi +bj1tgA8xhzSs3fOR5phlQkKsrWtQfJtFGm8CnEn7LBDlVMsrN7Dr/qRrEuro4HHy +GDbq+8y2fO5glr955BqLMOadprf0imRnDeQ0OLffAoGBAJio+X+xpglgMOC4BeH9 +9LcYi9nUEw8MDJNGo9/3e0XKA7spd3HShLDvt8YZhFJ2m168qBpGfezuw0+jpWxy +PV9q0dokAgDx4pvCzIKaptZ1D30CWXJZHq25VK1tA41PCUIOh8JD5+R0MpxA5rn2 +DbqL4Vq7K7K0imGENYhHdyM+ +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/clientchain-cert.pem b/plugins/tests/certs/clientchain-cert.pem new file mode 100644 index 00000000..acd1e3e8 --- /dev/null +++ b/plugins/tests/certs/clientchain-cert.pem @@ -0,0 +1,45 @@ +-----BEGIN CERTIFICATE----- +MIIDuTCCAqECAQQwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD +VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp +bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB +MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X +DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgaMxCzAJBgNVBAYTAkRFMRAw +DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0 +b3JpbmcgUGx1Z2luczEnMCUGA1UEAwweTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu +dENoYWluMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMu +b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphvoJBbi/rDvm3+X +8xok0sLCJvCRuUpSbU5wEmREQlkoOGmWK4l6r1JyOphKRBo8+n2MxPiCMvAmTrqx +VlBmkcmyrwWj392Nga+2SLWTziASk5nFrrhV6U79PkgXnETV2Wk1/FNVIFkB8N+B +undsTce8LLiCs7hfA5CK7ctJg8fqsAsmgKBNGzBRWwkbvxZPd6xlY6foIJeD7PQ2 +elvTmrD6WXSZq7GshFpDEkL3AifqrPMdsTnbBpyGgJ/fBM1b2dx9k53e25mgEQmn +iSuYQxn08BsUT0FOvav8ksZLBQz859fuqCtwhikpODO635fD9zK5YkBPlVl+/5xo +SvKOywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBh4zeSKjENfY+VDLtPssaNQz2a +R1ioY40lZ0WoihDSrfG32dqTK/R2YsLKBABjJ7uRYS1NIBMrtS2OktK8BWD5IUTF +FuGuWilu6IWiTKZrLiZh1rsilNDVqwhorRPxDnbF+qVt9EMIvzKnKdJLGF+CWHN9 +yYJDeTD8MK5uR7zUJR3PsgW4ve5pFTi7z2UJ/xRvgOds6bmeeQnvaWDEL7k2+hrr +0G899A086NL3htzaOnIllg0xo2D1o4ToncAJn+cUQVJmHZSg9HYiD4Lg3z8uXPAl +rt/MX7dBm4dnImLXbSg7N3e8FdUtz+kZT9z+beKAeIe9JTbpxtsVUTzUZBBA +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx +EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u +aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp +ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v +cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC +REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS +TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg +Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y +aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV +uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2 +tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26 +4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ +4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR +C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb +c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6 +qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt +Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt +gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0 +yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4 +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/clientchain-key.pem b/plugins/tests/certs/clientchain-key.pem new file mode 100644 index 00000000..0263604f --- /dev/null +++ b/plugins/tests/certs/clientchain-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmG+gkFuL+sO+b +f5fzGiTSwsIm8JG5SlJtTnASZERCWSg4aZYriXqvUnI6mEpEGjz6fYzE+IIy8CZO +urFWUGaRybKvBaPf3Y2Br7ZItZPOIBKTmcWuuFXpTv0+SBecRNXZaTX8U1UgWQHw +34G6d2xNx7wsuIKzuF8DkIrty0mDx+qwCyaAoE0bMFFbCRu/Fk93rGVjp+ggl4Ps +9DZ6W9OasPpZdJmrsayEWkMSQvcCJ+qs8x2xOdsGnIaAn98EzVvZ3H2Tnd7bmaAR +CaeJK5hDGfTwGxRPQU69q/ySxksFDPzn1+6oK3CGKSk4M7rfl8P3MrliQE+VWX7/ +nGhK8o7LAgMBAAECggEAAfTqMyKh4eYrrGVAYPi53lG0/8htrwUVG3yFDXJo628p +biCwSCsCavZJqi8JEOxOM5UvB1L2FauGh/7i/+VKkAUUOcOTPpvZguGTACBDcXYn +Qd3Z2kkJmgn4Kbenr4uQCVOX8zT4F710rGW1nYCyoefsa4pw37UYSW52dH6kiwzW +9k4X251nDMl/twBdOcjZbL768IEa5l4nySLpUNwfrVbSb1NzBoH0dVioh3DTLjt6 +gaShW4eIpaKczht1U97n6/7WNLl6vHX/mR99k/py8OhzhR1ccYpd2IfSHAWyQT0M +K8BoNnkjICrr9oc0FCr2BVJa3IzKHlhukF4GTZiGYQKBgQDWCHTwAmwL4FFEBVhj +pZne/sjaZc8TzPPxA8SkmxwDIZrM7tSu7qUuYgWTM432jZbLILWTyGfXf2PpqyF6 +wOpoBJj1ETkre8ZfRmYvsSvS5vtjF3Drszol+XvZnOclfB5VG3m5P2vYkQ8wI9OE +Y5jUBgDj0RsCNd8QnrC1u54U/wKBgQDGrd5y8S9kUT0P0lkZit7bYjSPJExtClXt +V7YNTjELrVCdc0jranxBWaub8NP3e6TGTi9HiQWvk2eOAS2qyccqlK4+YAK5XO3D +EpFUNNcClq8CErw2POuCAKajrPuSp6vd6q8h4lTzDExVctQS4R9fRKKFBKkPUV5G +UiKFllnKNQKBgQDBGIQXfLfpxwjKK2BhFihKDOc8UhmOrZtvV4zzTJTrJkg4l0f+ +QoN34ytQcHSleXwP6oSmvWkh/GYxjBj6XE2eZndwsYc4ecSwdB0A7gCxl345Gg7g +NqRBWmGoJGxNXzsmYVFiFZvAmK5xKgFMMWbR8lCfOCn7xopmviSC8K9gFQKBgFRb +KmH/SbH8VELNews/TVQ0pEBKlzCM/OLjJOcNVgGxOtM/Say677sHibeST0168AFK +3QQwh3t+yK8gjPVA6xGHQ1w0g7OUY1c6IP5x2QC+XdwxfDxDLXNrN1WzcrVX/78f +j/CBGrR/ekGlmanSb/GRQLfdvLJGSBLveLzjk4gpAoGBANN9RUm/aRz3dDBWex46 +kJ15xKJfLZiUeyDvY5+5d7YF4/tw5LU4XmKQNhiojHecykrTzPUMaGyMrbMPNn32 +WFW9CKMjuBEwWpMDJJb1/5NLEvpwu++sr7bUPZkQl76ot6OqgNHodbP8ATqrNr80 +5b8FrEN1LyfkTbabxNyAWcA0 +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/clientintermediate-cert.pem b/plugins/tests/certs/clientintermediate-cert.pem new file mode 100644 index 00000000..608a8fa2 --- /dev/null +++ b/plugins/tests/certs/clientintermediate-cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx +EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u +aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp +ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v +cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC +REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS +TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg +Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y +aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV +uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2 +tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26 +4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ +4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR +C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb +c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6 +qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt +Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt +gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0 +yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4 +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/clientintermediate-key.pem b/plugins/tests/certs/clientintermediate-key.pem new file mode 100644 index 00000000..13f68874 --- /dev/null +++ b/plugins/tests/certs/clientintermediate-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDqtSA5n2kA7Gty +B545PdWa7ViZjY78L21eGkrMPONNpZTNx0ODTQp2yNd+BsPNKJW68zONfrdoqmap +4Ub7TkPZXNAaK3eSep6tSCXXQWdOi2IkYXkJTn+BjVo/FMnuuPa0Posg0GQlw9PJ +DgyglPX2myy8JrH16tjVHGhfEtuUn7fUL5W+t+12YE/idUpcrbrhqdvWhRCGSCle +kmKYkGYX6/s1sOzVaHbUF7zQpdSH1IqB4+FJBuWvZCVFwDuMuAng8yNn4pgX51r7 +hEHuz4O9NdUMyf0AvzgTXDlS3UTxdlX67hGNY+812Er/sae7E5EL1J3GieqQ9DyG +Iju2E/1tAgMBAAECggEACyYJXtNUoIeaXvM/r8ZhJBfMEpcnyJDUKBklnmfyABky +ZUfmzBDXw2as3b6ihFc+LYAp3bm8KouVjtI1lfBUxrli5StVZa7PZLm9mmjv6Eo0 +ojfDEQ8afWPieoaZRO6iQVOLNkbPyv9vSuiQ7vvEZy9dw54u69h47j6IMqPprDiG +ropUNeGAvTnh1Vf9/8aCHEvHUNHcc4zjzGiQ+E60JgnbpGVeJKoeiMgrQE0yjweo +KyKA47Y6vqP6+AxAaPplXtmrx2UCbMjktHNvLvg42+2UlLS5roiwmJYEN9c6iT6t +y82MJrjEFGZyLG2u6ZQANSJiIWaCnOyT1o2deJ8NoQKBgQD7UxivDTuljQD0so+E +JX9UaFZ9PgS+8LC9v56PciL4XQ7bcCVP5vVgZZPABiQ9i989Wq7qI042Jrfu5qtE +SthlOAu80GvAQV+Oujwo7ZzM6ciQtjMsj63r2uayWXnmQ07QcIg7x7y161Pt9Bqr +LIDrqHziIj/lzT7+6QKZaQwFaQKBgQDvEuSC14CBlMhy2jji71kB/3Ya3c+8dP+A +kQZL9wEWK4a4dm8IaTS8jl1/luhQUzFRMyh2rWaTqqigSe3dvs5DRblhE5NPwTSI +9TO7t1EnzjW3R8LxZZsySyiSFnZ/8mR0empxq0Mov37OdXBj0tXuuzREf/hwijWh +WuLxJUSjZQKBgAIDZ2Y3l+u6lnBfYdDwL/XwJAk6zvTsnq3WdCG4C1mr/St62YGr +WvnbtnRKWE356d7m9BHCGKVMaBrM1EBmzRb6fPWVQde3blmJWmQFi0UE9mtaWkyY +Fg+WoFR7bQOQNHhs/lpkPjnC2dhFJVWLtLiuj9mL5rEjlMab/T5XXhZJAoGBAMEP +FZ8fXbPGrTQqSwPfWpZFcF9zvbynEmkFM/uGRMddcNZnNXSqWJ7nrFNLTuEGvW2g +DU4A6zPV/YQrDz4hRjmHBZOCFlSyZbUvpY4yFAQ7/p66AY+kiHZNwT5vi1P5Luvs +qyaNsZcnRMR+i7rg2EeHv0aNvNdMlNBvL5KikNINAoGAU2P/phdwJOUcqgHavQcQ +ureTEyZ5i5AeNomNeHSj0slG24V9nxOqEL7D00JKln7oAPovYBUWocEnF39uBJe0 +p0Hy7fCCK6EI8/0QyiQuuZmJfDEEvjQqE6irONNH63r2UwDEpDNGFvGsZNuWHLZc +SXADu5oSNu6o6IydiyOx528= +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem index 77a9166e..87fc8e47 100644 --- a/plugins/tests/certs/expired-cert.pem +++ b/plugins/tests/certs/expired-cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL +MIIEETCCAvmgAwIBAgIUVDKkhcUoYFnjYCw12tScPIqQzqIwDQYJKoZIhvcNAQEL BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n -LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx +LXBsdWdpbnMub3JnMB4XDTA4MDEwMTEyMDAwMFoXDTA4MDEwMjEyMDAwMFowgZcx CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp -bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX -YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV -WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0 -p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn -MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7 -G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7 -0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw -HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl -2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z -2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV -EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U -b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7 -eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w== +bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg1dmGT3rVqM +beVWWLy8EAiq9re07AF8sTERy9oIYF5EUq9f0xO53mwwqIWV77O9mF99/kDFGQuQ +NOnICMSHXNtMXEXzfBaMighw0uyCh1o/VCejNQ5x/HU8aLh930g5DIcOJQ3fZ4v9 +8kBaie7+aPgRMVDM1vIrILfedq9Kt56zvPizkXhDeqxjKyIZdrdoBlX5zAfftWtY +HpQ+lkThSSXqQnchN6S2JFejmRtsNnceDVOBBdvlzmH0NlfwjynLK3/EJooTsINy +i9dXD8/Oe8r+UA+nokWvnWC2IAUJjpxW+XAyTG/NofGwX+PwquT0YD5cSlODIwZA +WAimygWLqQIDAQABo1MwUTAdBgNVHQ4EFgQUsKyJAwR9OXWEcSZMQz73GfpxCJIw +HwYDVR0jBBgwFoAUsKyJAwR9OXWEcSZMQz73GfpxCJIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAYKFGX7J3Fc/T9s278w61E2dSsY4DS/mjSDik +fMWvod6eKw0fE3wJOnkWxjEH3VywTY6CmHd/oiJOaD8lr/Vk+BJfYNVBaVNmguyg +4LXoWz9Benx0bAIeuDbNAhOvA4H4aIz8UrD9lKFvKdRp42gPMLtMEbzbLcBdT95D +6BX7EhYm7vTnpitLPgFxVCsJ1JFqv2AQfUm+IkqQkezPs5x0tWLyrvCDNRGJ0kfv +UuowpUZXDOh3k1vB+xaSOFviieLaCW8TSdd5FZgI2HQj4e6vCKsMGuKKZXrMUTI/ +qtrFlUfsOuwourfC5LMHtCyYo5B3uvAWT1eTXxhrGqyleSlxJQ== -----END CERTIFICATE----- diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem index c1510b2d..c5bba569 100644 --- a/plugins/tests/certs/expired-key.pem +++ b/plugins/tests/certs/expired-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg -cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY -N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn -lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx -WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb -Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ -9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP -aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M -kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm -qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr -0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG -KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT -5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7 -ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS -ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM -rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o -ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do -PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB -u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7 -Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh -fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i -YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG -ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP -CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg -7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm -xH3OV8KV4UiTEVxS7ksmGzY= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCDV2YZPetWoxt +5VZYvLwQCKr2t7TsAXyxMRHL2ghgXkRSr1/TE7nebDCohZXvs72YX33+QMUZC5A0 +6cgIxIdc20xcRfN8FoyKCHDS7IKHWj9UJ6M1DnH8dTxouH3fSDkMhw4lDd9ni/3y +QFqJ7v5o+BExUMzW8isgt952r0q3nrO8+LOReEN6rGMrIhl2t2gGVfnMB9+1a1ge +lD6WROFJJepCdyE3pLYkV6OZG2w2dx4NU4EF2+XOYfQ2V/CPKcsrf8QmihOwg3KL +11cPz857yv5QD6eiRa+dYLYgBQmOnFb5cDJMb82h8bBf4/Cq5PRgPlxKU4MjBkBY +CKbKBYupAgMBAAECggEBAJ2mdCKJ7LoWdT4W8pZ3BqZUFGkKCF8wOhhOUDH3+ZQp +IYK3XbdDMF7mMIXIuW4a7W4sLlTwU/Ar98U1JMESwRIMS7YvUke+ngDKKLcDVGwY +Qpjg9vP0v2Al8qT1NbW/nDF0S2aJJbWfAvnblHK5ClFHL9iL107NQYJ8PqzXbnFL +gCQRiZxVHlrbn/73ZUMHPGEoU0711U9hSjrsqrRuSAMC+V38s4HxOomZWutlVAHF +HwClNZBqRO+a2njPyUuV9DM/rl5Tm9IQ89iFo3/QEORICK77HjJYhi+UzdfI5F35 +UntRJt+WLaiAP+K6Vt6oxHSm58qXnOkeLzaAunTTie0CgYEA6OLYfme8xe5zYXWX +rqmKNYdcVfMkvL+vUfVT475o/piRtE54JC1LYWEFAN8paxEWHD5HZMy0+ONNXfGm +zyNNTN/Lagz4WcpdFzKQmhfdro7DzRiDfdvwSLmaZDyE41PPPVVvfrI9IeDiUNY4 +nWLSb3sWo96Iuns+RoMqeA9wkqsCgYEA1U/UqeVQVTPlrWyiB2VXoI1xvFCCJTf8 +4NC0gcisxLRrtINk0BwrUJrRy0x1OLpJWiKwUl/W1GgvPPfhbYcUOb669JNtTIjY +FeIZblCTjz9GzKKmXeDciXvccyEdCJVUlPO3/e2JiJ4mCDjULprifq0a2gcQevFS +PfqVULhBOvsCgYB5KfS7J1vGmv36ucSWAe0/VlKLATqe3RfpCzt/JQTZWSWNaroF +EG/ElUaWIoUZCEW5oglg/0Q0rYYGF4DTCingkhrx7ReVF70BIbSsBzi15d8nKNbY +t4I3RCF4fyggYe1TmsysXS2DH85/gkToVY7oo2CvF0uJwi8vXnTNDDNkiwKBgHKs +mAc94BHt9GtnGzQepx0I7TvvjAe2MZwqlt+uojKdS8mfWXMHscGDeYVxdRMqEoUC +YQfnvfYyjDKaj/XxyE3C237gQsICTyh0hHdpmepIeidIyWdumyDOFZVPF+ylWvM4 +kpFQQb/QRWHmKyti2KCBLw5G/fUaBryLGfprE6ZBAoGBANy5rr41A679UQZ0abev +bOZb7YWOHYp/wReJaQbvLAyR30os3aEY/0ht9S+OWdrgGMezPKvsx2Sqr/CwoFXI +esiklpknr11maEPxnQJYi4FYiXS1a3NCg7yBvKzFEgx2XnMAC3s6zhuZXaFq4zNu +pm5Btrq/NZqtVXovS+UhGLvJ -----END PRIVATE KEY----- diff --git a/plugins/tests/certs/ext.cnf b/plugins/tests/certs/ext.cnf new file mode 100644 index 00000000..d09cee13 --- /dev/null +++ b/plugins/tests/certs/ext.cnf @@ -0,0 +1,2 @@ +[ client_ca ] +basicConstraints = critical, CA:true diff --git a/plugins/tests/certs/generate-certs.sh b/plugins/tests/certs/generate-certs.sh new file mode 100755 index 00000000..78660a26 --- /dev/null +++ b/plugins/tests/certs/generate-certs.sh @@ -0,0 +1,63 @@ +#!/bin/sh -e +# +# Recreates the https server certificates +# +# Set the GEN_EXPIRED environment variable to also regenerate +# the expired certificate. + +cd "$(dirname "$0")" +trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT + +subj() { + c="DE" + st="Bavaria" + l="Munich" + o="Monitoring Plugins" + cn="Monitoring Plugins" + emailAddress="devel@monitoring-plugins.org" + + if [ -n "$1" ]; then + # Add to CN + cn="$cn $1" + fi + + printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \ + "$c" "$st" "$l" "$o" "$cn" "$emailAddress" +} + +# server +openssl req -new -x509 -days 3560 -nodes \ + -keyout server-key.pem -out server-cert.pem \ + -subj "$(subj)" +# server, expired +# there is generally no need to regenerate this, as it will stay epxired +[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \ + openssl req -new -x509 -days 1 -nodes \ + -keyout expired-key.pem -out expired-cert.pem \ + -subj "$(subj)" + +# client, ca +openssl req -new -x509 -days 3560 -nodes \ + -keyout clientca-key.pem -out clientca-cert.pem \ + -subj "$(subj ClientCA)" +echo "01" >clientca-cert.srl +# client +openssl req -new -nodes \ + -keyout client-key.pem -out client-cert.csr \ + -subj "$(subj Client)" +openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \ + -in client-cert.csr -out client-cert.pem +# client, intermediate +openssl req -new -nodes \ + -keyout clientintermediate-key.pem -out clientintermediate-cert.csr \ + -subj "$(subj ClientIntermediate)" +openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \ + -extfile ext.cnf -extensions client_ca \ + -in clientintermediate-cert.csr -out clientintermediate-cert.pem +# client, chain +openssl req -new -nodes \ + -keyout clientchain-key.pem -out clientchain-cert.csr \ + -subj "$(subj ClientChain)" +openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \ + -in clientchain-cert.csr -out clientchain-cert.pem +cat clientintermediate-cert.pem >>clientchain-cert.pem diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem index b84b91d2..d1249ef1 100644 --- a/plugins/tests/certs/server-cert.pem +++ b/plugins/tests/certs/server-cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD -VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD -VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1 -Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y -ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE -RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN -b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr -MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja -uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v -EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe -PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8 -ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi -u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA -AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA -FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN -AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz -VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr -E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8 -vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC -jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk -bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g= +MIIEETCCAvmgAwIBAgIUZwOhY4myaCUaPek3NM+MxbLG9vwwDQYJKoZIhvcNAQEL +BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN +dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u +aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n +LXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIxMDIxMVowgZcx +CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx +GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu +ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp +bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/3eBA4WG6xz +LfM6xcWywxThb1Rp7XAW3ewQd9/PdoWXEe8BJWlLfyYi1drLMcsDywhLkKmW4Vp9 +1R4PAkiljjrB/ZaUMDLJ1ri3dwX4RvXG7crsU3QWFWCBOrf5V2FTRQ2m/H/KyB/6 +rVZANsU47HqTFSPiUm2j7P3wx/wtHeYC+qmNG7zZTjAYPYxfKiod0lytTSmb+h54 +6lxn3+VPEXZAQZlLvPnm/58JnXGrUv7B2yocf5MhKkLJOrGxH2hfwKISfaj2gpOV +m4PUVYiDzCSpq1fPvwbUxIvdO27xprx+mrGOFM6f2UCEOc35w8FSmYiR2yQTnEJK +pbSQD6t1jQIDAQABo1MwUTAdBgNVHQ4EFgQUMeYgglT2aWDlF8KEeF2376AlTGYw +HwYDVR0jBBgwFoAUMeYgglT2aWDlF8KEeF2376AlTGYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAFcEg83rTJdgkp7JLYqK0j8JogSHNlDYchr/r +VxKBgQwfnjSp5A8d5+uTQ9s3QDabw8v7YeSrzYXbbjuWZ61mnl84tzOQ8LMeESnC +CBXRCxB8Ow22WsVTVJq279SGYT+cZrdsmqGVWDi1A0C5kH+XTLAioG5CZmmxemD/ +S92ZoRxGyYfg33r+3X6EMcEYtHKGxCUa3EPcPOL4dq2F3nOnyjiWPZm3786H3NY2 +nsYwrEhAdUFtbYSsV5O0c/Zlc33fmTfh654ab35io1DtwmFo7q8J532dUE007EN0 +mIQmhdrjNJJHIftgSt0fuN5m48oLOnX7vvkz+X0WLWfVTtMr0w== -----END CERTIFICATE----- diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem index 11947555..0de63f8f 100644 --- a/plugins/tests/certs/server-key.pem +++ b/plugins/tests/certs/server-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf -miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ -Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym -/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K// -ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG -msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow -1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR -WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU -00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5 -Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0 -ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c -YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU -l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA -/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS -zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx -bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+ -FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc -B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+ -MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg -D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl -/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK -0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY -p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC -TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc -/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu -N0wdmCAqlQwHR13+F1zrAD7V +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb/d4EDhYbrHMt +8zrFxbLDFOFvVGntcBbd7BB33892hZcR7wElaUt/JiLV2ssxywPLCEuQqZbhWn3V +Hg8CSKWOOsH9lpQwMsnWuLd3BfhG9cbtyuxTdBYVYIE6t/lXYVNFDab8f8rIH/qt +VkA2xTjsepMVI+JSbaPs/fDH/C0d5gL6qY0bvNlOMBg9jF8qKh3SXK1NKZv6Hnjq +XGff5U8RdkBBmUu8+eb/nwmdcatS/sHbKhx/kyEqQsk6sbEfaF/AohJ9qPaCk5Wb +g9RViIPMJKmrV8+/BtTEi907bvGmvH6asY4Uzp/ZQIQ5zfnDwVKZiJHbJBOcQkql +tJAPq3WNAgMBAAECggEBAIvJDUjQVpXxByL8eazviT5SR0jBf6mC3tTWykQRb7ck +/bBEiRrnhDRf3CS9KP4TvO5G8BUU3a2GHYzM08akuKXeiiODidfyfbQ1nUZBAdi9 +FVFF7tK8YcflkVfpTMOMMSggm6m33fc58sQvmQ/0U85XuJvnOEkeJ9pQJa49e8GR +lpCQImF7ygltHPEz4o8qOtNMuPxiHOxpc517+ozQULZk153NTfGok1XctDFFZ3YX +8okLSfcqZ28mdHYSvI9xf60Cm7cT9tunXHwZ0f1esTFiVYpAp+oTJqtdYxr/fYlL +oO8G8iIQ7LjdJfgo84PscpKdSRCq3BfnmER1Eyg6hrUCgYEA/0hL5Y/haz/2jYGy +aa8yZSuD1ZcWtj7pLKrBQnHPHIHsjSBggWhopvonCFvCjgSS1pOFOUAwMGc0T+Dw +rWo3w8cEUyECl3Bw8gbCWtRXaigzU9TPgCWyx1j5dTopQhLObzS/m7fJFElnYNru +jqhsUfWS+NKk8a5+A7i9lv4iBLMCgYEA3Jws3Lfj/Xs7LljrvryTMpPthvUGBcyt +U9Qmf1Hmur90RP5V1rx4FqPQzIeaGQyZDNIUnkhBSqQZNCts3Rzay7N4uQzk8OEg +S8Llnw76wLwi0SJ4okDtT5tpTR6fcS0M9lGN+zvvfUB4+ul8oub0pMcyme/pywEz +ap+x3xAQPL8CgYEAiYOBVtTNof9fqdRurh1w8SyipKDx3BRBeQ02c7tozLt0GIWT +VsJOdXwVIJyFTglKrAnlXvSjwL8nX8wU+eVYyr5fJwSGJ9urC8T2VwVBXW7wTz04 +1Zf5GQdlwW8mIHCPATqR6Kj0yVfNN1BX50L0rqWxmRWnQoUzXn/aqQaWfp8CgYAW +9693/zEeR8EejyVkAy/z+RCml0XcPrXg31pusPErihkpwazgIVkDSmTHlmqFpxkc +C5cX73/UrIbvNoIr9wAUawfrhBsltNpu6MiNKbsTa8LYMRWMFuReAFkTLVf+KWmL +D2yPtmq1iIvP25UdRJw9t3teKWsWtnZK6HtVNM/r8wKBgQDKlqUpy8r4KK+S2w80 +H7rAQJo1DgXsYrgSa2gfppSKro4lm3ltyAfVIrKQKP7uCo9xTGKVQAUPttMs2+17 +nwbwvt7/nG7G1Dk/C/t6b7SJ80VY5b9ZZKIJ0wOjajLufSjPNCe0ZTRn32XusZUn +nYGB5/QXYr5WGV9YhAkRsFJYgA== -----END PRIVATE KEY----- diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t index 29cb03f2..aa72ef67 100755 --- a/plugins/tests/check_curl.t +++ b/plugins/tests/check_curl.t @@ -228,23 +228,25 @@ SKIP: { skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https}; run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); + my $expiry = "Thu Nov 28 21:02:11 2030 +0000"; + $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 12:00:00 2008 +0000.', "output ok" ); } diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index 188f5e75..ea11b2ac 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -3,16 +3,7 @@ # Test check_http by having an actual HTTP server running # # To create the https server certificate: -# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes -# to create a new expired certificate: -# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes -# Country Name (2 letter code) [AU]:DE -# State or Province Name (full name) [Some-State]:Bavaria -# Locality Name (eg, city) []:Munich -# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins -# Organizational Unit Name (eg, section) []: -# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins -# Email Address []:devel@monitoring-plugins.org +# ./certs/generate-certs.sh use strict; use Test::More; @@ -23,7 +14,7 @@ $ENV{'LC_TIME'} = "C"; my $common_tests = 70; my $virtual_port_tests = 8; -my $ssl_only_tests = 8; +my $ssl_only_tests = 12; # Check that all dependent modules are available eval "use HTTP::Daemon 6.01;"; plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@; @@ -59,61 +50,87 @@ $HTTP::Daemon::VERSION = "1.00"; my $port_http = 50000 + int(rand(1000)); my $port_https = $port_http + 1; my $port_https_expired = $port_http + 2; +my $port_https_clientcert = $port_http + 3; # This array keeps sockets around for implementing timeouts my @persist; # Start up all servers my @pids; -my $pid = fork(); -if ($pid) { - # Parent - push @pids, $pid; - if (exists $servers->{https}) { - # Fork a normal HTTPS server - $pid = fork(); - if ($pid) { - # Parent - push @pids, $pid; - # Fork an expired cert server - $pid = fork(); - if ($pid) { - push @pids, $pid; - } else { - my $d = HTTP::Daemon::SSL->new( - LocalPort => $port_https_expired, - LocalAddr => "127.0.0.1", - SSL_cert_file => "$Bin/certs/expired-cert.pem", - SSL_key_file => "$Bin/certs/expired-key.pem", - ) || die; - print "Please contact https expired at: url, ">\n"; - run_server( $d ); - exit; - } - } else { - # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise - local $SIG{'PIPE'} = 'IGNORE'; - my $d = HTTP::Daemon::SSL->new( - LocalPort => $port_https, - LocalAddr => "127.0.0.1", - SSL_cert_file => "$Bin/certs/server-cert.pem", - SSL_key_file => "$Bin/certs/server-key.pem", - ) || die; - print "Please contact https at: url, ">\n"; - run_server( $d ); - exit; - } - } -} else { - # Child - #print "child\n"; +# Fork a HTTP server +my $pid = fork; +defined $pid or die "Failed to fork"; +if (!$pid) { + undef @pids; my $d = HTTP::Daemon->new( LocalPort => $port_http, LocalAddr => "127.0.0.1", ) || die; print "Please contact http at: url, ">\n"; run_server( $d ); - exit; + die "webserver stopped"; +} +push @pids, $pid; + +if (exists $servers->{https}) { + # Fork a normal HTTPS server + $pid = fork; + defined $pid or die "Failed to fork"; + if (!$pid) { + undef @pids; + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/server-cert.pem", + SSL_key_file => "$Bin/certs/server-key.pem", + ) || die; + print "Please contact https at: url, ">\n"; + run_server( $d ); + die "webserver stopped"; + } + push @pids, $pid; + + # Fork an expired cert server + $pid = fork; + defined $pid or die "Failed to fork"; + if (!$pid) { + undef @pids; + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https_expired, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/expired-cert.pem", + SSL_key_file => "$Bin/certs/expired-key.pem", + ) || die; + print "Please contact https expired at: url, ">\n"; + run_server( $d ); + die "webserver stopped"; + } + push @pids, $pid; + + # Fork an client cert expecting server + $pid = fork; + defined $pid or die "Failed to fork"; + if (!$pid) { + undef @pids; + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https_clientcert, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/server-cert.pem", + SSL_key_file => "$Bin/certs/server-key.pem", + SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER | IO::Socket::SSL->SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + SSL_ca_file => "$Bin/certs/clientca-cert.pem", + ) || die; + print "Please contact https client cert at: url, ">\n"; + run_server( $d ); + die "webserver stopped"; + } + push @pids, $pid; } # give our webservers some time to startup @@ -122,60 +139,62 @@ sleep(3); # Run the same server on http and https sub run_server { my $d = shift; - MAINLOOP: while (my $c = $d->accept ) { - while (my $r = $c->get_request) { - if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) { - $c->send_basic_header($1); - $c->send_crlf; - } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) { - $c->send_basic_header; - $c->send_crlf; - $c->send_file_response("$Bin/var/$1"); - } elsif ($r->method eq "GET" and $r->url->path eq "/slow") { - $c->send_basic_header; - $c->send_crlf; - sleep 1; - $c->send_response("slow"); - } elsif ($r->url->path eq "/method") { - if ($r->method eq "DELETE") { - $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED); - } elsif ($r->method eq "foo") { - $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED); + while (1) { + MAINLOOP: while (my $c = $d->accept) { + while (my $r = $c->get_request) { + if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) { + $c->send_basic_header($1); + $c->send_crlf; + } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) { + $c->send_basic_header; + $c->send_crlf; + $c->send_file_response("$Bin/var/$1"); + } elsif ($r->method eq "GET" and $r->url->path eq "/slow") { + $c->send_basic_header; + $c->send_crlf; + sleep 1; + $c->send_response("slow"); + } elsif ($r->url->path eq "/method") { + if ($r->method eq "DELETE") { + $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED); + } elsif ($r->method eq "foo") { + $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED); + } else { + $c->send_status_line(200, $r->method); + } + } elsif ($r->url->path eq "/postdata") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response($r->method.":".$r->content); + } elsif ($r->url->path eq "/redirect") { + $c->send_redirect( "/redirect2" ); + } elsif ($r->url->path eq "/redir_external") { + $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" ); + } elsif ($r->url->path eq "/redirect2") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' )); + } elsif ($r->url->path eq "/redir_timeout") { + $c->send_redirect( "/timeout" ); + } elsif ($r->url->path eq "/timeout") { + # Keep $c from being destroyed, but prevent severe leaks + unshift @persist, $c; + delete($persist[1000]); + next MAINLOOP; + } elsif ($r->url->path eq "/header_check") { + $c->send_basic_header; + $c->send_header('foo'); + $c->send_crlf; + } elsif ($r->url->path eq "/virtual_port") { + # return sent Host header + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); } else { - $c->send_status_line(200, $r->method); + $c->send_error(HTTP::Status->RC_FORBIDDEN); } - } elsif ($r->url->path eq "/postdata") { - $c->send_basic_header; - $c->send_crlf; - $c->send_response($r->method.":".$r->content); - } elsif ($r->url->path eq "/redirect") { - $c->send_redirect( "/redirect2" ); - } elsif ($r->url->path eq "/redir_external") { - $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" ); - } elsif ($r->url->path eq "/redirect2") { - $c->send_basic_header; - $c->send_crlf; - $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' )); - } elsif ($r->url->path eq "/redir_timeout") { - $c->send_redirect( "/timeout" ); - } elsif ($r->url->path eq "/timeout") { - # Keep $c from being destroyed, but prevent severe leaks - unshift @persist, $c; - delete($persist[1000]); - next MAINLOOP; - } elsif ($r->url->path eq "/header_check") { - $c->send_basic_header; - $c->send_header('foo'); - $c->send_crlf; - } elsif ($r->url->path eq "/virtual_port") { - # return sent Host header - $c->send_basic_header; - $c->send_crlf; - $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); - } else { - $c->send_error(HTTP::Status->RC_FORBIDDEN); + $c->close; } - $c->close; } } } @@ -200,25 +219,44 @@ SKIP: { skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https}; run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); + my $expiry = "Thu Nov 28 21:02:11 2030 +0000"; + $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 12:00:00 2008 +0000.', "output ok" ); + # client cert tests + my $cmd; + $cmd = "$command -p $port_https_clientcert" + . " -J \"$Bin/certs/client-cert.pem\"" + . " -K \"$Bin/certs/client-key.pem\"" + . " -u /statuscode/200"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -p $port_https_clientcert" + . " -J \"$Bin/certs/clientchain-cert.pem\"" + . " -K \"$Bin/certs/clientchain-key.pem\"" + . " -u /statuscode/200"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); } my $cmd; -- cgit v1.2.3-74-g34f1 From e781e0d1010b57da0e468cb7e9afb03860870218 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 30 Jan 2022 12:44:02 +0100 Subject: Fix double percentage sign in usage (#1743) --- plugins/check_procs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_procs.c b/plugins/check_procs.c index 48723404..a025ee89 100644 --- a/plugins/check_procs.c +++ b/plugins/check_procs.c @@ -775,7 +775,7 @@ be the total number of running processes\n\n")); printf (" %s\n", "check_procs -w 50000 -c 100000 --metric=VSZ"); printf (" %s\n\n", _("Alert if VSZ of any processes over 50K or 100K")); printf (" %s\n", "check_procs -w 10 -c 20 --metric=CPU"); - printf (" %s\n", _("Alert if CPU of any processes over 10%% or 20%%")); + printf (" %s\n", _("Alert if CPU of any processes over 10\% or 20\%")); printf (UT_SUPPORT); } -- cgit v1.2.3-74-g34f1 From d485b64ef0c08eb04fd6152b61b167c5edadab02 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 30 Jan 2022 19:41:36 +0100 Subject: Description for -M was the wrong way around (#1746) Using -M should show the mountpoint instead of the device the file system originated from. Seems like this was not the case for a long time and now the default is to show the mount point. Using `-M` reverts to showing the (block) device instead. The usage Description was adjusted with this commit. --- plugins/check_disk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 9652f453..66c5dd39 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -961,7 +961,7 @@ print_help (void) printf (" %s\n", _("Only check local filesystems against thresholds. Yet call stat on remote filesystems")); printf (" %s\n", _("to test if they are accessible (e.g. to detect Stale NFS Handles)")); printf (" %s\n", "-M, --mountpoint"); - printf (" %s\n", _("Display the mountpoint instead of the partition")); + printf (" %s\n", _("Display the (block) device instead of the mount point")); printf (" %s\n", "-m, --megabytes"); printf (" %s\n", _("Same as '--units MB'")); printf (" %s\n", "-A, --all"); -- cgit v1.2.3-74-g34f1 From 455fdc1072b85e7d05783546d9e99ed2e61716de Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 10 Apr 2022 16:31:47 +0200 Subject: check_http: added option --continue-after-certificate (#1761) --- plugins/check_http.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/check_http.c b/plugins/check_http.c index df2a79c2..f8ec853b 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -58,6 +58,7 @@ enum { #ifdef HAVE_SSL int check_cert = FALSE; +int continue_after_check_cert = FALSE; int ssl_version = 0; int days_till_exp_warn, days_till_exp_crit; char *randbuff; @@ -205,7 +206,8 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, - MAX_REDIRS_OPTION + MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT }; int option = 0; @@ -233,6 +235,7 @@ process_arguments (int argc, char **argv) {"certificate", required_argument, 0, 'C'}, {"client-cert", required_argument, 0, 'J'}, {"private-key", required_argument, 0, 'K'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -331,6 +334,11 @@ process_arguments (int argc, char **argv) } check_cert = TRUE; goto enable_ssl; +#endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; #endif case 'J': /* use client certificate */ #ifdef HAVE_SSL @@ -981,9 +989,11 @@ check_http (void) elapsed_time_ssl = (double)microsec_ssl / 1.0e6; if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); - if (sd) close(sd); - np_net_ssl_cleanup(); - return result; + if (continue_after_check_cert == FALSE) { + if (sd) close(sd); + np_net_ssl_cleanup(); + return result; + } } } #endif /* HAVE_SSL */ @@ -1608,7 +1618,11 @@ print_help (void) printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); -- cgit v1.2.3-74-g34f1 From a96bdd7349926f2f18aba07db02c5ed472f4caf6 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 10 Apr 2022 16:31:53 +0200 Subject: check_curl: added option --continue-after-certificate (#1761) --- plugins/check_curl.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 7da84de4..a69854a8 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -193,6 +193,7 @@ int followsticky = STICKY_NONE; int use_ssl = FALSE; int use_sni = TRUE; int check_cert = FALSE; +int continue_after_check_cert = FALSE; typedef union { struct curl_slist* to_info; struct curl_certinfo* to_certinfo; @@ -754,7 +755,9 @@ check_http (void) * and we actually have OpenSSL in the monitoring tools */ result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); #endif /* USE_OPENSSL */ @@ -794,13 +797,17 @@ GOT_FIRST_CERT: } BIO_free (cert_BIO); result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, * so we use the libcurl CURLINFO data */ result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #endif /* USE_OPENSSL */ } else { snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), @@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv) INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT, CA_CERT_OPTION, HTTP_VERSION_OPTION, AUTOMATIC_DECOMPRESSION @@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv) {"private-key", required_argument, 0, 'K'}, {"ca-cert", required_argument, 0, CA_CERT_OPTION}, {"verify-cert", no_argument, 0, 'D'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -1402,6 +1411,11 @@ process_arguments (int argc, char **argv) } check_cert = TRUE; goto enable_ssl; +#endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; #endif case 'J': /* use client certificate */ #ifdef LIBCURL_FEATURE_SSL @@ -1800,7 +1814,11 @@ print_help (void) #endif printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); -- cgit v1.2.3-74-g34f1 From ccf4ed25f9c96e4d0cd647bbd8d91f38df75dfc0 Mon Sep 17 00:00:00 2001 From: "Archie L. Cobbs" Date: Thu, 14 Jul 2022 01:47:54 -0500 Subject: check_by_ssh: Add "-U" flag (#1123). (#1774) This causes a 255 exit value from ssh(1), which indicates a connection failure, to return UNKNOWN instead of CRITICAL; similar to check_nrpe's "-u" flag. --- plugins/check_by_ssh.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index 39d49070..1ad547ed 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -50,6 +50,7 @@ unsigned int services = 0; int skip_stdout = 0; int skip_stderr = 0; int warn_on_stderr = 0; +bool unknown_timeout = FALSE; char *remotecmd = NULL; char **commargv = NULL; int commargc = 0; @@ -101,6 +102,13 @@ main (int argc, char **argv) result = cmd_run_array (commargv, &chld_out, &chld_err, 0); + /* SSH returns 255 if connection attempt fails; include the first line of error output */ + if (result == 255 && unknown_timeout) { + printf (_("SSH connection failed: %s\n"), + chld_err.lines > 0 ? chld_err.line[0] : "(no error output)"); + return STATE_UNKNOWN; + } + if (verbose) { for(i = 0; i < chld_out.lines; i++) printf("stdout: %s\n", chld_out.line[i]); @@ -180,6 +188,7 @@ process_arguments (int argc, char **argv) {"verbose", no_argument, 0, 'v'}, {"fork", no_argument, 0, 'f'}, {"timeout", required_argument, 0, 't'}, + {"unknown-timeout", no_argument, 0, 'U'}, {"host", required_argument, 0, 'H'}, /* backward compatibility */ {"hostname", required_argument, 0, 'H'}, {"port", required_argument,0,'p'}, @@ -212,7 +221,7 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "Vvh1246fqt:H:O:p:i:u:l:C:S::E::n:s:o:F:", longopts, + c = getopt_long (argc, argv, "Vvh1246fqt:UH:O:p:i:u:l:C:S::E::n:s:o:F:", longopts, &option); if (c == -1 || c == EOF) @@ -234,6 +243,9 @@ process_arguments (int argc, char **argv) else timeout_interval = atoi (optarg); break; + case 'U': + unknown_timeout = TRUE; + break; case 'H': /* host */ hostname = optarg; break; @@ -445,6 +457,8 @@ print_help (void) printf (" %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]")); printf (UT_WARN_CRIT); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + printf (" %s\n","-U, --unknown-timeout"); + printf (" %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL")); printf (UT_VERBOSE); printf("\n"); printf (" %s\n", _("The most common mode of use is to refer to a local identity file with")); @@ -474,7 +488,7 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf (" %s -H -C [-fqv] [-1|-2] [-4|-6]\n" + printf (" %s -H -C [-fqvU] [-1|-2] [-4|-6]\n" " [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n" " [-l user] [-n name] [-s servicelist] [-O outputfile]\n" " [-p port] [-o ssh-option] [-F configfile]\n", -- cgit v1.2.3-74-g34f1 From 65fc7064295ac70d1388fa4db4d4d2cddd531e24 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Wed, 20 Jul 2022 13:33:49 +0200 Subject: Remove check_http and check_curl test which are somehow always failing (#1777) * Remove failing checks for check_http * Remove failing checks for check_curl --- plugins/t/check_curl.t | 7 +------ plugins/t/check_http.t | 8 +------- 2 files changed, 2 insertions(+), 13 deletions(-) (limited to 'plugins') diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index ada6a045..693f4b25 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t @@ -9,7 +9,7 @@ use Test::More; use POSIX qw/mktime strftime/; use NPTest; -plan tests => 58; +plan tests => 57; my $successOutput = '/OK.*HTTP.*second/'; @@ -188,11 +188,6 @@ SKIP: { like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); - $res = NPTest->testCmd( - "./$plugin --ssl -H www.e-paycobalt.com" - ); - cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); - $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" ); is( $res->return_code, 0, "Redirection based on location is okay"); diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index c137f7b4..0c866229 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -9,7 +9,7 @@ use Test::More; use POSIX qw/mktime strftime/; use NPTest; -plan tests => 50; +plan tests => 49; my $successOutput = '/OK.*HTTP.*second/'; @@ -166,12 +166,6 @@ SKIP: { like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); - $res = NPTest->testCmd( - "./$plugin --ssl -H www.e-paycobalt.com" - ); - cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); - - $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" ); is( $res->return_code, 0, "Redirection based on location is okay"); -- cgit v1.2.3-74-g34f1 From 9f2a9ca3d72023ff9b5707d1872c54d65edc9017 Mon Sep 17 00:00:00 2001 From: adrb Date: Sun, 24 Jul 2022 16:44:16 +0200 Subject: check_snmp: Segfault if number of processed lines is greater than number of thresholds Segfault at line 489 if number of processed lines is greater than number (#1589) of thresholds Co-authored-by: Lorenz <12514511+RincewindsHat@users.noreply.github.com> --- plugins/check_snmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index bd13e579..2601ccd8 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -376,7 +376,7 @@ main (int argc, char **argv) } } - for (line=0, i=0; line < chld_out.lines; line++, i++) { + for (line=0, i=0; line < chld_out.lines && i < numoids ; line++, i++) { if(calculate_rate) conv = "%.10g"; else -- cgit v1.2.3-74-g34f1 From a01de7b33dee837e7a474d9e00131942d7f177f0 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Mon, 25 Jul 2022 10:00:18 +0200 Subject: fix parsing swap values (#1780) tmp_KB changed from float to uint64, so change the sscanf format accordingly. --- plugins/check_swap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_swap.c b/plugins/check_swap.c index bb854beb..6c9418f2 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -150,7 +150,7 @@ main (int argc, char **argv) * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123" * This format exists at least on Debian Linux with a 5.* kernel */ - else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %f %*[k]%*[B]", str, &tmp_KB)) { + else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %lu %*[k]%*[B]", str, &tmp_KB)) { if (verbose >= 3) { printf("Got %s with %lu\n", str, tmp_KB); } -- cgit v1.2.3-74-g34f1 From 3ad5fe9d84138da1451429bfac3b9b4024393d25 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Mon, 25 Jul 2022 10:11:43 +0200 Subject: check_swap: Fix unit for total in perfdata (#1779) * check_swap: Fix unit for total in perfdata * Remove trailing whitespaces --- plugins/check_swap.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'plugins') diff --git a/plugins/check_swap.c b/plugins/check_swap.c index 6c9418f2..ff58b15f 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -1,30 +1,30 @@ /***************************************************************************** -* +* * Monitoring check_swap plugin -* +* * License: GPL * Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net) * Copyright (c) 2000-2007 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_swap plugin -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see . -* -* +* +* *****************************************************************************/ const char *progname = "check_swap"; @@ -389,7 +389,7 @@ main (int argc, char **argv) TRUE, warn_print, TRUE, crit_print, TRUE, 0, - TRUE, (long) total_swap_mb)); + TRUE, (long) total_swap_mb * 1024 * 1024)); return result; } -- cgit v1.2.3-74-g34f1