[Pkg-nagios-changes] [pkg-nagios-plugins] 233/413: check_http: fix regression related ssl/sni checks

Jan Wagner waja at moszumanska.debian.org
Tue Nov 26 23:13:27 UTC 2013 

This is an automated email from the git hooks/post-receive script.

waja pushed a commit to branch master
in repository pkg-nagios-plugins.

commit ff44890fbe3fea4beb496943db16fb6dbd2e6b85
Author: Jan Wagner <waja at cyconet.org>
Date:   Thu Apr 8 17:39:28 2010 +0000

    check_http: fix regression related ssl/sni checks
---
 debian/changelog                                 |  2 +
 debian/patches/00list                            |  1 +
 debian/patches/45_check_http_sni_optional.dpatch | 77 ++++++++++++++++++++++++
 3 files changed, 80 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 91a75b3..0b71f3c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ nagios-plugins (1.4.14-4) UNRELEASED; urgency=low
     - Provide symlinks from other packages
   * Remove debian/TODO cause it't totally outdated
   * Add 44_check_snmp_perfdata.dpatch to fix regression related perfdata
+  * Add 45_check_http_sni_optional.dpatch to fix regression related ssl/sni
+    checks
 
  -- Jan Wagner <waja at cyconet.org>  Wed, 24 Mar 2010 20:24:51 +0100
 
diff --git a/debian/patches/00list b/debian/patches/00list
index 197dad3..758c328 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -20,3 +20,4 @@
 42_check_linux_raid_fix_r10.dpatch
 43_check_http_large_pages_mleak.dpatch
 44_check_snmp_perfdata.dpatch
+45_check_http_sni_optional.dpatch
diff --git a/debian/patches/45_check_http_sni_optional.dpatch b/debian/patches/45_check_http_sni_optional.dpatch
new file mode 100644
index 0000000..86073fc
--- /dev/null
+++ b/debian/patches/45_check_http_sni_optional.dpatch
@@ -0,0 +1,77 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 45_check_http_sni_optional.dpatch
+## From: Thomas Guyot-Sionnest <dermoth at aei.ca>
+## Date: Date:   Mon Apr 5 21:06:22 2010 -0400
+## Subject: [PATCH] Fix regression in check_http ssl checks on some servers, making SNI an option
+## X-Git-Url: http://repo.or.cz/w/nagiosplugins.git/blobdiff/e5690e3ddaebdd98bfd96c2303453e4e0d7ed318..fe1c6106d9fb45e62b93443145f902a3449641aa:/plugins/check_http.c
+##
+## DP: Fix regression in check_http ssl checks
+
+ at DPATCH@
+
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index 5cdf144..536b400 100644
+--- a/plugins/check_http.c
++++ b/plugins/check_http.c
+@@ -112,6 +112,7 @@ int http_opt_headers_count = 0;
+ int onredirect = STATE_OK;
+ int followsticky = STICKY_NONE;
+ int use_ssl = FALSE;
++int use_sni = FALSE;
+ int verbose = FALSE;
+ int sd;
+ int min_page_len = 0;
+@@ -178,7 +179,8 @@ process_arguments (int argc, char **argv)
+   char *p;
+ 
+   enum {
+-    INVERT_REGEX = CHAR_MAX + 1
++    INVERT_REGEX = CHAR_MAX + 1,
++    SNI_OPTION
+   };
+ 
+   int option = 0;
+@@ -187,6 +189,7 @@ process_arguments (int argc, char **argv)
+     {"link", no_argument, 0, 'L'},
+     {"nohtml", no_argument, 0, 'n'},
+     {"ssl", no_argument, 0, 'S'},
++    {"sni", no_argument, 0, SNI_OPTION},
+     {"post", required_argument, 0, 'P'},
+     {"method", required_argument, 0, 'j'},
+     {"IP-address", required_argument, 0, 'I'},
+@@ -304,6 +307,9 @@ process_arguments (int argc, char **argv)
+       if (specify_port == FALSE)
+         server_port = HTTPS_PORT;
+       break;
++    case SNI_OPTION:
++      use_sni = TRUE;
++      break;
+     case 'f': /* onredirect */
+       if (!strcmp (optarg, "stickyport"))
+         onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
+@@ -797,7 +803,7 @@ check_http (void)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+ #ifdef HAVE_SSL
+   if (use_ssl == TRUE) {
+-    np_net_ssl_init_with_hostname(sd, host_name);
++    np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
+     if (check_cert == TRUE) {
+       result = np_net_ssl_check_cert(days_till_exp);
+       np_net_ssl_cleanup();
+@@ -1323,6 +1329,8 @@ print_help (void)
+ #ifdef HAVE_SSL
+   printf (" %s\n", "-S, --ssl");
+   printf ("   %s\n", _("Connect via SSL. Port defaults to 443"));
++  printf (" %s\n", "--sni");
++  printf ("   %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+   printf (" %s\n", "-C, --certificate=INTEGER");
+   printf ("   %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+   printf ("   %s\n", _("(when this option is used the URL is not checked.)\n"));
+@@ -1427,5 +1435,6 @@ print_usage (void)
+   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+   printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+-  printf ("       [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
++  printf ("       [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
++  printf ("       [-j method]\n");
+ }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins.git

More information about the Pkg-nagios-changes mailing list