[pkg-nagios-changes] [Git][nagios-team/monitoring-plugins][master] 3 commits: Adding d/p/18_check_curl_fix_TLS_notes from upstream

Jan Wagner (@waja) gitlab at salsa.debian.org
Tue Dec 3 08:39:20 GMT 2024 


Jan Wagner pushed to branch master at Debian Nagios Maintainer Group / monitoring-plugins


Commits:
043d328f by Jan Wagner at 2024-12-03T09:25:14+01:00
Adding d/p/18_check_curl_fix_TLS_notes from upstream

https://patch-diff.githubusercontent.com/raw/monitoring-plugins/monitoring-plugins/pull/2050.patch

- - - - -
bf600138 by Jan Wagner at 2024-12-03T09:33:47+01:00
Adding d/p/19_check_curl_cookie_handling from upstream

https://patch-diff.githubusercontent.com/raw/monitoring-plugins/monitoring-plugins/pull/2052.patch

- - - - -
86f8f03a by Jan Wagner at 2024-12-03T09:38:42+01:00
Merge branch 'development'

- - - - -


3 changed files:

- + debian/patches/18_check_curl_fix_TLS_notes
- + debian/patches/19_check_curl_cookie_handling
- debian/patches/series


Changes:

=====================================
debian/patches/18_check_curl_fix_TLS_notes
=====================================
@@ -0,0 +1,21 @@
+From 8de299308c52d083b893a87e6924405b652f1f7b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lorenz=20K=C3=A4stle?=
+ <12514511+RincewindsHat at users.noreply.github.com>
+Date: Wed, 27 Nov 2024 14:22:02 +0100
+Subject: [PATCH] check_curl: update TLS notification notes
+
+---
+ plugins/check_curl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -2013,7 +2013,7 @@
+   printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
+   printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+   printf ("    %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted."));
+-  printf ("    %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
++  printf ("    %s\n", _("Note: SSLv2, SSLv3, TLSv1.0 and TLSv1.1 are deprecated and are usually disabled in libcurl"));
+   printf (" %s\n", "--sni");
+   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+ #if LIBCURL_VERSION_NUM >= 0x071801


=====================================
debian/patches/19_check_curl_cookie_handling
=====================================
@@ -0,0 +1,46 @@
+From 191d15354ba32a483fd4f8017595c7eb82ee5650 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andre=20Kl=C3=A4rner?= <kandre at ak-online.be>
+Date: Fri, 29 Nov 2024 10:34:16 +0100
+Subject: [PATCH] check_curl: enable internal cookie handling
+
+This enables us to enable curl cookie engine by specifying an empty
+filename as the cookie jar file.
+
+This works, since curl's CURLOPT_COOKIEFILE option allows passing an
+empty string as filename, which it interprets as a request to enable the
+cookie processing. But since CURLOPT_COOKIEJAR would now attempt to
+write to a file named by an empty filename, it would break again (or at
+least produce a warning in verbose output).
+
+Overall this is allows to handle checking URLs with cookie based
+sessions without persisting the cookies to disk, by using the
+curl-internal redirect following.
+---
+ plugins/check_curl.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -831,8 +831,11 @@
+ 
+   /* cookie handling */
+   if (cookie_jar_file != NULL) {
+-    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
++    /* enable reading cookies from a file, and if the filename is an empty string, only enable the curl cookie engine */
+     handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE");
++    /* now enable saving cookies to a file, but only if the filename is not an empty string, since writing it would fail */
++    if (*cookie_jar_file)
++      handle_curl_option_return_code(curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
+   }
+ 
+   /* do the request */
+@@ -2111,6 +2114,9 @@
+   printf(" %s\n", "--haproxy-protocol");
+   printf("    %s\n", _("Send HAProxy proxy protocol v1 header (CURLOPT_HAPROXYPROTOCOL)."));
+   printf (" %s\n", "--cookie-jar=FILE");
++  printf ("    %s\n", _("Specify an empty string as FILE to enable curl's cookie engine without saving"));
++  printf ("    %s\n", _("the cookies to disk. Only enabling the engine without saving to disk requires"));
++  printf ("    %s\n", _("handling multiple requests internally to curl, so use it with --onredirect=curl"));
+   printf ("    %s\n", _("Store cookies in the cookie jar and send them out when requested."));
+   printf ("\n");
+ 


=====================================
debian/patches/series
=====================================
@@ -9,4 +9,6 @@
 15_check_curl_fix_regex
 16_check_curl_openssl_error
 17_check_fping_dontfrag_random
+18_check_curl_fix_TLS_notes
+19_check_curl_cookie_handling
 # feature patches



View it on GitLab: https://salsa.debian.org/nagios-team/monitoring-plugins/-/compare/3c5882d3a9f828c41a794ff2cd98c0901c991cda...86f8f03a5aff54bbc1cddc155bfd37a17b741433

-- 
View it on GitLab: https://salsa.debian.org/nagios-team/monitoring-plugins/-/compare/3c5882d3a9f828c41a794ff2cd98c0901c991cda...86f8f03a5aff54bbc1cddc155bfd37a17b741433
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20241203/1b169b25/attachment-0001.htm>

More information about the pkg-nagios-changes mailing list