From 8de299308c52d083b893a87e6924405b652f1f7b Mon Sep 17 00:00:00 2001 From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:22:02 +0100 Subject: check_curl: update TLS notification notes --- plugins/check_curl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 8ea73ce1..ef7d4ee4 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1912,7 +1912,7 @@ void print_help(void) { printf(" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); printf(" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); printf(" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted.")); - printf(" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); + printf(" %s\n", _("Note: SSLv2, SSLv3, TLSv1.0 and TLSv1.1 are deprecated and are usually disabled in libcurl")); printf(" %s\n", "--sni"); printf(" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); # if LIBCURL_VERSION_NUM >= 0x071801 -- cgit v1.2.3-74-g34f1 From e7dbfd42231754b0258f2f92088caba7de3ee9d8 Mon Sep 17 00:00:00 2001 From: Andre Klärner Date: Fri, 29 Nov 2024 10:34:16 +0100 Subject: check_curl: enable internal cookie handling This enables us to enable curl cookie engine by specifying an empty filename as the cookie jar file. This works, since curl's CURLOPT_COOKIEFILE option allows passing an empty string as filename, which it interprets as a request to enable the cookie processing. But since CURLOPT_COOKIEJAR would now attempt to write to a file named by an empty filename, it would break again (or at least produce a warning in verbose output). Overall this is allows to handle checking URLs with cookie based sessions without persisting the cookies to disk, by using the curl-internal redirect following. --- plugins/check_curl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index ef7d4ee4..748201e8 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -818,8 +818,11 @@ int check_http(void) { /* cookie handling */ if (cookie_jar_file != NULL) { - handle_curl_option_return_code(curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR"); + /* enable reading cookies from a file, and if the filename is an empty string, only enable the curl cookie engine */ handle_curl_option_return_code(curl_easy_setopt(curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE"); + /* now enable saving cookies to a file, but only if the filename is not an empty string, since writing it would fail */ + if (*cookie_jar_file) + handle_curl_option_return_code(curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR"); } /* do the request */ @@ -2011,6 +2014,9 @@ void print_help(void) { printf(" %s\n", _("Send HAProxy proxy protocol v1 header (CURLOPT_HAPROXYPROTOCOL).")); printf(" %s\n", "--cookie-jar=FILE"); printf(" %s\n", _("Store cookies in the cookie jar and send them out when requested.")); + printf(" %s\n", _("Specify an empty string as FILE to enable curl's cookie engine without saving")); + printf(" %s\n", _("the cookies to disk. Only enabling the engine without saving to disk requires")); + printf(" %s\n", _("handling multiple requests internally to curl, so use it with --onredirect=curl")); printf("\n"); printf(UT_WARN_CRIT); -- cgit v1.2.3-74-g34f1