aboutsummaryrefslogtreecommitdiff
path: root/plugins/check_http.c
diff options
context:
space:
mode:
authorGravatar William Leibzon <william@leibzon.org> 2012-05-21 18:46:45 -0700
committerGravatar Sven Nierlein <sven@nierlein.de> 2012-06-25 12:05:16 +0200
commitfa3d2a4074e1bd8526e37ba5e1a214ae4a1774cf (patch)
tree1d0c780a61db8e719502aed2a7bd9311afd23ac4 /plugins/check_http.c
parent88fdf3a8a8e17f9212e10befe1f24ff3fa1aa8e6 (diff)
downloadmonitoring-plugins-fa3d2a4074e1bd8526e37ba5e1a214ae4a1774cf.tar.gz
applied patch that adds both critical and warning thresholds to certificate expiration checks of check_tcp, check_http, check_smtp
Diffstat (limited to 'plugins/check_http.c')
-rw-r--r--plugins/check_http.c38
1 files changed, 29 insertions, 9 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 315848fc..703e3174 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -58,8 +58,8 @@ enum {
#ifdef HAVE_SSL
int check_cert = FALSE;
-int days_till_exp;
int ssl_version;
+int days_till_exp_warn, days_till_exp_crit;
char *randbuff;
X509 *server_cert;
# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
@@ -178,6 +178,7 @@ process_arguments (int argc, char **argv)
{
int c = 1;
char *p;
+ char *temp;
enum {
INVERT_REGEX = CHAR_MAX + 1,
@@ -282,13 +283,25 @@ process_arguments (int argc, char **argv)
break;
case 'C': /* Check SSL cert validity */
#ifdef HAVE_SSL
- if (!is_intnonneg (optarg))
- usage2 (_("Invalid certificate expiration period"), optarg);
+ if ((temp=strchr(optarg,','))!=NULL) {
+ *temp='\0';
+ if (!is_intnonneg (temp))
+ usage2 (_("Invalid certificate expiration period"), optarg);
+ days_till_exp_warn = atoi(optarg);
+ *temp=',';
+ temp++;
+ if (!is_intnonneg (temp))
+ usage2 (_("Invalid certificate expiration period"), temp);
+ days_till_exp_crit = atoi (temp);
+ }
else {
- days_till_exp = atoi (optarg);
- check_cert = TRUE;
+ days_till_exp_crit=0;
+ if (!is_intnonneg (optarg))
+ usage2 (_("Invalid certificate expiration period"), optarg);
+ days_till_exp_warn = atoi (optarg);
}
- /* Fall through to -S option */
+ check_cert = TRUE;
+ /* Fall through to -S option */
#endif
case 'S': /* use SSL */
#ifndef HAVE_SSL
@@ -810,7 +823,7 @@ check_http (void)
if (result != STATE_OK)
return result;
if (check_cert == TRUE) {
- result = np_net_ssl_check_cert(days_till_exp);
+ result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
np_net_ssl_cleanup();
if (sd) close(sd);
return result;
@@ -1427,6 +1440,13 @@ print_help (void)
printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
printf (" %s\n", _("the certificate is expired."));
+
+ printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
+ printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
+ printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+ printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+ printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+
#endif
printf (UT_SUPPORT);
@@ -1444,6 +1464,6 @@ print_usage (void)
printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
- printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n");
- printf (" [-j method]\n");
+ printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+ printf (" [-T <content-type>] [-j method]\n");
}