summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cf7c7d8)
raw | patch | inline | side by side (parent: cf7c7d8)
author | Florian Forster <octo@leeloo.lan.home.verplant.org> | |
Sat, 29 Aug 2009 08:39:09 +0000 (10:39 +0200) | ||
committer | Florian Forster <octo@leeloo.lan.home.verplant.org> | |
Sat, 29 Aug 2009 08:39:09 +0000 (10:39 +0200) |
src/collectd.conf.pod | patch | blob | history | |
src/write_http.c | patch | blob | history |
diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod
index 786572cbe52ff031ee3f4911777261d71bc0a7a6..9fd4536faf2ca5ca974359917a3d1960445147ab 100644 (file)
--- a/src/collectd.conf.pod
+++ b/src/collectd.conf.pod
Optional password needed for authentication.
+=item B<VerifyPeer> B<true>|B<false>
+
+Enable or disable peer SSL certificate verification. See
+L<http://curl.haxx.se/docs/sslcerts.html> for details. Enabled by default.
+
+=item B<VerifyHost> B<true|false>
+
+Enable or disable peer host name verification. If enabled, the plugin checks if
+the C<Common Name> or a C<Subject Alternate Name> field of the SSL certificate
+matches the host name provided by the B<URL> option. If this identity check
+fails, the connection is aborted. Obviously, only works when connecting to a
+SSL enabled server. Enabled by default.
+
+=item B<CACert> I<File>
+
+File that holds one or more SSL certificates. If you want to use HTTPS you will
+possibly need this option. What CA certificates come bundled with C<libcurl>
+and are checked by default depends on the distribution you use.
+
=back
=head1 THRESHOLD CONFIGURATION
diff --git a/src/write_http.c b/src/write_http.c
index 912c92dd432f6352fa3a5087c2f40b72d0dd5a7a..b17a3422e1153f15455bd0e1a5ba2a9930d5b6f9 100644 (file)
--- a/src/write_http.c
+++ b/src/write_http.c
char *user;
char *pass;
char *credentials;
+ int verify_peer;
+ int verify_host;
+ char *cacert;
CURL *curl;
char curl_errbuf[CURL_ERROR_SIZE];
curl_easy_setopt (cb->curl, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
}
+ curl_easy_setopt (cb->curl, CURLOPT_SSL_VERIFYPEER, cb->verify_peer);
+ curl_easy_setopt (cb->curl, CURLOPT_SSL_VERIFYHOST,
+ cb->verify_host ? 2 : 0);
+ if (cb->cacert != NULL)
+ curl_easy_setopt (cb->curl, CURLOPT_CAINFO, cb->cacert);
+
wh_reset_buffer (cb);
return (0);
sfree (cb->user);
sfree (cb->pass);
sfree (cb->credentials);
+ sfree (cb->cacert);
sfree (cb);
} /* }}} void wh_callback_free */
return (0);
} /* }}} int wh_value_list_to_string */
-static int config_set_string (char **ret_string, /* {{{ */
- oconfig_item_t *ci)
-{
- char *string;
-
- if ((ci->values_num != 1)
- || (ci->values[0].type != OCONFIG_TYPE_STRING))
- {
- WARNING ("write_http plugin: The `%s' config option "
- "needs exactly one string argument.", ci->key);
- return (-1);
- }
-
- string = strdup (ci->values[0].value.string);
- if (string == NULL)
- {
- ERROR ("write_http plugin: strdup failed.");
- return (-1);
- }
-
- if (*ret_string != NULL)
- free (*ret_string);
- *ret_string = string;
-
- return (0);
-} /* }}} int config_set_string */
-
static int wh_write_command (const data_set_t *ds, const value_list_t *vl, /* {{{ */
wh_callback_t *cb)
{
return (status);
} /* }}} int wh_write */
+static int config_set_string (char **ret_string, /* {{{ */
+ oconfig_item_t *ci)
+{
+ char *string;
+
+ if ((ci->values_num != 1)
+ || (ci->values[0].type != OCONFIG_TYPE_STRING))
+ {
+ WARNING ("write_http plugin: The `%s' config option "
+ "needs exactly one string argument.", ci->key);
+ return (-1);
+ }
+
+ string = strdup (ci->values[0].value.string);
+ if (string == NULL)
+ {
+ ERROR ("write_http plugin: strdup failed.");
+ return (-1);
+ }
+
+ if (*ret_string != NULL)
+ free (*ret_string);
+ *ret_string = string;
+
+ return (0);
+} /* }}} int config_set_string */
+
+static int config_set_boolean (int *dest, oconfig_item_t *ci) /* {{{ */
+{
+ if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_BOOLEAN))
+ {
+ WARNING ("write_http plugin: The `%s' config option "
+ "needs exactly one boolean argument.", ci->key);
+ return (-1);
+ }
+
+ *dest = ci->values[0].value.boolean ? 1 : 0;
+
+ return (0);
+} /* }}} int config_set_boolean */
+
static int wh_config_url (oconfig_item_t *ci) /* {{{ */
{
wh_callback_t *cb;
return (-1);
}
memset (cb, 0, sizeof (*cb));
+ cb->location = NULL;
+ cb->user = NULL;
+ cb->pass = NULL;
+ cb->credentials = NULL;
+ cb->verify_peer = 1;
+ cb->verify_host = 1;
+ cb->cacert = NULL;
+ cb->curl = NULL;
pthread_mutex_init (&cb->send_lock, /* attr = */ NULL);
config_set_string (&cb->user, child);
else if (strcasecmp ("Password", child->key) == 0)
config_set_string (&cb->pass, child);
+ else if (strcasecmp ("VerifyPeer", child->key) == 0)
+ config_set_boolean (&cb->verify_peer, child);
+ else if (strcasecmp ("VerifyHost", child->key) == 0)
+ config_set_boolean (&cb->verify_host, child);
+ else if (strcasecmp ("CACert", child->key) == 0)
+ config_set_string (&cb->cacert, child);
else
{
ERROR ("write_http plugin: Invalid configuration "