aboutsummaryrefslogtreecommitdiff
path: root/plugins/check_http.c
diff options
context:
space:
mode:
authorGravatar Thomas Guyot-Sionnest <dermoth@aei.ca> 2010-04-05 21:06:22 -0400
committerGravatar Thomas Guyot-Sionnest <dermoth@aei.ca> 2010-04-05 21:06:22 -0400
commitfe1c6106d9fb45e62b93443145f902a3449641aa (patch)
tree774a954575275e355254bc8c7c05ced673557aaa /plugins/check_http.c
parente5690e3ddaebdd98bfd96c2303453e4e0d7ed318 (diff)
downloadmonitoring-plugins-fe1c6106d9fb45e62b93443145f902a3449641aa.tar.gz
Fix regression in check_http ssl checks on some servers
The fix is making SNI an option.
Diffstat (limited to 'plugins/check_http.c')
-rw-r--r--plugins/check_http.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5cdf144b..536b4008 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -112,6 +112,7 @@ int http_opt_headers_count = 0;
int onredirect = STATE_OK;
int followsticky = STICKY_NONE;
int use_ssl = FALSE;
+int use_sni = FALSE;
int verbose = FALSE;
int sd;
int min_page_len = 0;
@@ -178,7 +179,8 @@ process_arguments (int argc, char **argv)
char *p;
enum {
- INVERT_REGEX = CHAR_MAX + 1
+ INVERT_REGEX = CHAR_MAX + 1,
+ SNI_OPTION
};
int option = 0;
@@ -187,6 +189,7 @@ process_arguments (int argc, char **argv)
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
+ {"sni", no_argument, 0, SNI_OPTION},
{"post", required_argument, 0, 'P'},
{"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
@@ -304,6 +307,9 @@ process_arguments (int argc, char **argv)
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
+ case SNI_OPTION:
+ use_sni = TRUE;
+ break;
case 'f': /* onredirect */
if (!strcmp (optarg, "stickyport"))
onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
@@ -797,7 +803,7 @@ check_http (void)
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
- np_net_ssl_init_with_hostname(sd, host_name);
+ np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
np_net_ssl_cleanup();
@@ -1323,6 +1329,8 @@ print_help (void)
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", "--sni");
+ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
@@ -1427,5 +1435,6 @@ print_usage (void)
printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
- printf (" [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
+ printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+ printf (" [-j method]\n");
}