diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2022-04-10 16:31:47 +0200 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2022-04-10 16:31:47 +0200 |
commit | 455fdc1072b85e7d05783546d9e99ed2e61716de (patch) | |
tree | 3c25998485c7cf4fd05f03589a7024e51082427a | |
parent | 066b6e68242b5e7a6f1eb665df9b227d896aec66 (diff) | |
download | monitoring-plugins-455fdc1072b85e7d05783546d9e99ed2e61716de.tar.gz |
check_http: added option --continue-after-certificate (#1761)
-rw-r--r-- | plugins/check_http.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index df2a79c2..f8ec853b 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -58,6 +58,7 @@ enum { #ifdef HAVE_SSL int check_cert = FALSE; +int continue_after_check_cert = FALSE; int ssl_version = 0; int days_till_exp_warn, days_till_exp_crit; char *randbuff; @@ -205,7 +206,8 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, - MAX_REDIRS_OPTION + MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT }; int option = 0; @@ -233,6 +235,7 @@ process_arguments (int argc, char **argv) {"certificate", required_argument, 0, 'C'}, {"client-cert", required_argument, 0, 'J'}, {"private-key", required_argument, 0, 'K'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -332,6 +335,11 @@ process_arguments (int argc, char **argv) check_cert = TRUE; goto enable_ssl; #endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; +#endif case 'J': /* use client certificate */ #ifdef HAVE_SSL test_file(optarg); @@ -981,9 +989,11 @@ check_http (void) elapsed_time_ssl = (double)microsec_ssl / 1.0e6; if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); - if (sd) close(sd); - np_net_ssl_cleanup(); - return result; + if (continue_after_check_cert == FALSE) { + if (sd) close(sd); + np_net_ssl_cleanup(); + return result; + } } } #endif /* HAVE_SSL */ @@ -1608,7 +1618,11 @@ print_help (void) printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); |