Home Verkennen Help
Inloggen
LBP
/
nagios-plugins
spiegel van https://github.com/nagios-plugins/nagios-plugins.git
4
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

Fix regression in check_http ssl checks on some servers

The fix is making SNI an option.
Thomas Guyot-Sionnest 16 jaren geleden
bovenliggende
e5690e3dda
commit
fe1c6106d9
2 gewijzigde bestanden met toevoegingen van 13 en 3 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 1 0
      NEWS
  2. 12 3
      plugins/check_http.c

+ 1 - 0
NEWS
Bestand weergeven 

@@ -12,6 +12,7 @@ This file documents the major additions and syntax changes between releases.
 
 	Fix memory leak in check_http for large pages (Jimmy Bergman - #2957455)
 
 	Fix compilation with GCC 2.96 (Konstantin Khomoutov - #2977105)
 
 	Fix regression introduced in #1867716 where partially valid performance strings would not be printed anymore
 
+	Fix regression in check_http ssl checks on some servers - make SNI an option
 
 	WARNINGS
 
 	Updated developer documentation to say that performance labels should not have an equals sign or
 
 	single quote in the label

+ 12 - 3
plugins/check_http.c
Bestand weergeven 

@@ -112,6 +112,7 @@ int http_opt_headers_count = 0;
 
 int onredirect = STATE_OK;
 
 int followsticky = STICKY_NONE;
 
 int use_ssl = FALSE;
 
+int use_sni = FALSE;
 
 int verbose = FALSE;
 
 int sd;
 
 int min_page_len = 0;
 
@@ -178,7 +179,8 @@ process_arguments (int argc, char **argv)
 
   char *p;
 
 
   enum {
 
-    INVERT_REGEX = CHAR_MAX + 1
 
+    INVERT_REGEX = CHAR_MAX + 1,
 
+    SNI_OPTION
 
   };
 
 
   int option = 0;
 
@@ -187,6 +189,7 @@ process_arguments (int argc, char **argv)
 
     {"link", no_argument, 0, 'L'},
 
     {"nohtml", no_argument, 0, 'n'},
 
     {"ssl", no_argument, 0, 'S'},
 
+    {"sni", no_argument, 0, SNI_OPTION},
 
     {"post", required_argument, 0, 'P'},
 
     {"method", required_argument, 0, 'j'},
 
     {"IP-address", required_argument, 0, 'I'},
 
@@ -304,6 +307,9 @@ process_arguments (int argc, char **argv)
 
       if (specify_port == FALSE)
 
         server_port = HTTPS_PORT;
 
       break;
 
+    case SNI_OPTION:
 
+      use_sni = TRUE;
 
+      break;
 
     case 'f': /* onredirect */
 
       if (!strcmp (optarg, "stickyport"))
 
         onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
 
@@ -797,7 +803,7 @@ check_http (void)
 
     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
 
 #ifdef HAVE_SSL
 
   if (use_ssl == TRUE) {
 
-    np_net_ssl_init_with_hostname(sd, host_name);
 
+    np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
 
     if (check_cert == TRUE) {
 
       result = np_net_ssl_check_cert(days_till_exp);
 
       np_net_ssl_cleanup();
 
@@ -1323,6 +1329,8 @@ print_help (void)
 
 #ifdef HAVE_SSL
 
   printf (" %s\n", "-S, --ssl");
 
   printf ("   %s\n", _("Connect via SSL. Port defaults to 443"));
 
+  printf (" %s\n", "--sni");
 
+  printf ("   %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
 
   printf (" %s\n", "-C, --certificate=INTEGER");
 
   printf ("   %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
 
   printf ("   %s\n", _("(when this option is used the URL is not checked.)\n"));
 
@@ -1427,5 +1435,6 @@ print_usage (void)
 
   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
 
   printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
 
   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
 
-  printf ("       [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
 
+  printf ("       [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
 
+  printf ("       [-j method]\n");
 
 }