1 files changed, 145 insertions, 0 deletions

diff --git a/web/attachments/367917-check_http.HTTP_CONNECT_patch b/web/attachments/367917-check_http.HTTP_CONNECT_patch
new file mode 100644
index 0000000..00a4008
--- /dev/null
+++ b/web/attachments/367917-check_http.HTTP_CONNECT_patch
@@ -0,0 +1,145 @@
+*** plugins/check_http.c.orig   2010-03-18 15:05:53.000000000 -0400
+--- plugins/check_http.c        2010-03-23 14:26:48.000000000 -0400
+***************
+*** 121,126 ****
+--- 121,127 ----
+  char *http_post_data;
+  char *http_content_type;
+  char buffer[MAX_INPUT_BUFFER];
++ int http_connect = FALSE;
+  
+  int process_arguments (int, char **);
+  int check_http (void);
+***************
+*** 186,191 ****
+--- 187,193 ----
+      {"link", no_argument, 0, 'L'},
+      {"nohtml", no_argument, 0, 'n'},
+      {"ssl", no_argument, 0, 'S'},
++     {"http-connect", no_argument, 0, 'K'},
+      {"post", required_argument, 0, 'P'},
+      {"method", required_argument, 0, 'j'},
+      {"IP-address", required_argument, 0, 'I'},
+***************
+*** 229,235 ****
+    }
+  
+    while (1) {
+!     c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
+      if (c == -1 || c == EOF)
+        break;
+  
+--- 231,237 ----
+    }
+  
+    while (1) {
+!     c = getopt_long (argc, argv, "Vvh46Kt:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
+      if (c == -1 || c == EOF)
+        break;
+  
+***************
+*** 401,406 ****
+--- 403,411 ----
+        usage4 (_("IPv6 support not available"));
+  #endif
+        break;
++     case 'K': /* use http-connect */
++       http_connect = TRUE;
++       break;
+      case 'v': /* verbose */
+        verbose = TRUE;
+        break;
+***************
+*** 790,795 ****
+--- 795,807 ----
+      die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+  #ifdef HAVE_SSL
+    if (use_ssl == TRUE) {
++ 
++     if (http_connect == TRUE) {
++       /* only using port 443 */
++       if (http_connect_through_proxy(host_name, 443, user_agent, sd) != STATE_OK)
++       die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open proxy tunnel TCP socket\n"));
++     }
++ 
+      np_net_ssl_init_with_hostname(sd, host_name);
+      if (check_cert == TRUE) {
+        result = np_net_ssl_check_cert(days_till_exp);
+***************
+*** 1234,1239 ****
+--- 1246,1290 ----
+  }
+  
+  
++ 
++ /* start the HTTP CONNECT method exchange with a proxy host */
++ int
++ http_connect_through_proxy (char *host_name, int port, char *user_agent, int sd)
++ {
++   int result;
++   char *send_buffer=NULL;
++   char recv_buffer[MAX_INPUT_BUFFER];
++   char *status_line;
++   char *status_code;
++   int http_status;
++ 
++   asprintf( &send_buffer, "CONNECT %s:%d HTTP/1.0\r\nUser-agent: %s\r\n\r\n", host_name, port, user_agent);
++ 
++   result = STATE_OK;
++   result = send_tcp_request (sd, send_buffer, recv_buffer, sizeof(recv_buffer));
++   if (result != STATE_OK)
++     return result;
++ 
++   status_line = recv_buffer;
++   status_line[strcspn(status_line, "\r\n")] = 0;
++   strip (status_line);
++   if (verbose)
++     printf ("HTTP_CONNECT STATUS: %s\n", status_line);
++ 
++   status_code = strchr (status_line, ' ') + sizeof (char);
++   if (strspn (status_code, "1234567890") != 3)
++     die (STATE_CRITICAL, _("HTTP CRITICAL: HTTP_CONNECT Returns Invalid Status Line (%s)\n"), status_line);
++ 
++   http_status = atoi (status_code);
++ 
++   if (http_status != 200) {
++     die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid HTTP Connect Proxy Status (%s)\n"), status_line);
++   }
++ 
++   return STATE_OK;
++ }
++ 
++ 
+  int
+  server_type_check (const char *type)
+  {
+***************
+*** 1308,1313 ****
+--- 1359,1368 ----
+  #ifdef HAVE_SSL
+    printf (" %s\n", "-S, --ssl");
+    printf ("   %s\n", _("Connect via SSL. Port defaults to 443"));
++   printf (" %s\n", "-K, --http-connect");
++   printf ("   %s\n", _("Connect to a proxy using the HTTP CONNECT protocol (SSL tunnel)."));
++   printf ("   %s\n", _("Requires -S option.  Will only connect to host through tunnel"));
++   printf ("   %s\n", _("on port 443."));
+    printf (" %s\n", "-C, --certificate=INTEGER");
+    printf ("   %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+    printf ("   %s\n", _("(when this option is used the URL is not checked.)\n"));
+***************
+*** 1406,1412 ****
+  {
+    printf (_("Usage:"));
+    printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
+!   printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
+    printf ("       [-a auth] [-f <ok | warn | critcal | follow | sticky | stickyport>]\n");
+    printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+    printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+--- 1461,1467 ----
+  {
+    printf (_("Usage:"));
+    printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
+!   printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-K]\n");
+    printf ("       [-a auth] [-f <ok | warn | critcal | follow | sticky | stickyport>]\n");
+    printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+    printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");