summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e5690e3)
raw | patch | inline | side by side (parent: e5690e3)
author | Thomas Guyot-Sionnest <dermoth@aei.ca> | |
Tue, 6 Apr 2010 01:06:22 +0000 (21:06 -0400) | ||
committer | Thomas Guyot-Sionnest <dermoth@aei.ca> | |
Tue, 6 Apr 2010 01:06:22 +0000 (21:06 -0400) |
The fix is making SNI an option.
NEWS | patch | blob | history | |
plugins/check_http.c | patch | blob | history |
index e261abfdd245c73aec80afe919c927c99644d88e..5305d448e01020b91ff993a85d99667fe5e429c4 100644 (file)
--- a/NEWS
+++ b/NEWS
Fix memory leak in check_http for large pages (Jimmy Bergman - #2957455)
Fix compilation with GCC 2.96 (Konstantin Khomoutov - #2977105)
Fix regression introduced in #1867716 where partially valid performance strings would not be printed anymore
Fix memory leak in check_http for large pages (Jimmy Bergman - #2957455)
Fix compilation with GCC 2.96 (Konstantin Khomoutov - #2977105)
Fix regression introduced in #1867716 where partially valid performance strings would not be printed anymore
+ Fix regression in check_http ssl checks on some servers - make SNI an option
WARNINGS
Updated developer documentation to say that performance labels should not have an equals sign or
single quote in the label
WARNINGS
Updated developer documentation to say that performance labels should not have an equals sign or
single quote in the label
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5cdf144bdf8b2bf788fe27dae84fedd52f410529..536b40085c138eb8bc122e2998a2ffc44efa3571 100644 (file)
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
int onredirect = STATE_OK;
int followsticky = STICKY_NONE;
int use_ssl = FALSE;
int onredirect = STATE_OK;
int followsticky = STICKY_NONE;
int use_ssl = FALSE;
+int use_sni = FALSE;
int verbose = FALSE;
int sd;
int min_page_len = 0;
int verbose = FALSE;
int sd;
int min_page_len = 0;
char *p;
enum {
char *p;
enum {
- INVERT_REGEX = CHAR_MAX + 1
+ INVERT_REGEX = CHAR_MAX + 1,
+ SNI_OPTION
};
int option = 0;
};
int option = 0;
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
+ {"sni", no_argument, 0, SNI_OPTION},
{"post", required_argument, 0, 'P'},
{"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
{"post", required_argument, 0, 'P'},
{"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
+ case SNI_OPTION:
+ use_sni = TRUE;
+ break;
case 'f': /* onredirect */
if (!strcmp (optarg, "stickyport"))
onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
case 'f': /* onredirect */
if (!strcmp (optarg, "stickyport"))
onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
- np_net_ssl_init_with_hostname(sd, host_name);
+ np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
np_net_ssl_cleanup();
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
np_net_ssl_cleanup();
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", "--sni");
+ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
printf (" %s\n", "-C, --certificate=INTEGER");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
- printf (" [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
+ printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+ printf (" [-j method]\n");
}
}