1 /*****************************************************************************
3 * Monitoring check_curl plugin
6 * Copyright (c) 1999-2019 Monitoring Plugins Development Team
10 * This file contains the check_curl plugin
12 * This plugin tests the HTTP service on the specified host. It can test
13 * normal (http) and secure (https) servers, follow redirects, search for
14 * strings and regular expressions, check connection times, and report on
15 * certificate expiration times.
17 * This plugin uses functions from the curl library, see
20 * This program is free software: you can redistribute it and/or modify
21 * it under the terms of the GNU General Public License as published by
22 * the Free Software Foundation, either version 3 of the License, or
23 * (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program. If not, see <http://www.gnu.org/licenses/>.
34 *****************************************************************************/
35 const char *progname
= "check_curl";
37 const char *copyright
= "2006-2019";
38 const char *email
= "devel@monitoring-plugins.org";
45 #ifndef LIBCURL_PROTOCOL_HTTP
46 #error libcurl compiled without HTTP support, compiling check_curl plugin does not makes a lot of sense
49 #include "curl/curl.h"
50 #include "curl/easy.h"
52 #include "picohttpparser.h"
54 #include "uriparser/Uri.h"
56 #include <arpa/inet.h>
58 #define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch))
60 #define DEFAULT_BUFFER_SIZE 2048
61 #define DEFAULT_SERVER_URL "/"
62 #define HTTP_EXPECT "HTTP/"
63 #define DEFAULT_MAX_REDIRS 15
64 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
66 MAX_IPV4_HOSTLENGTH
= 255,
83 /* for buffers for header and body */
88 } curlhelp_write_curlbuf
;
90 /* for buffering the data sent in PUT */
95 } curlhelp_read_curlbuf
;
97 /* for parsing the HTTP status line */
99 int http_major
; /* major version of the protocol, always 1 (HTTP/0.9
100 * never reached the big internet most likely) */
101 int http_minor
; /* minor version of the protocol, usually 0 or 1 */
102 int http_code
; /* HTTP return code as in RFC 2145 */
103 int http_subcode
; /* Microsoft IIS extension, HTTP subcodes, see
104 * http://support.microsoft.com/kb/318380/en-us */
105 const char *msg
; /* the human readable message */
106 char *first_line
; /* a copy of the first line */
107 } curlhelp_statusline
;
109 /* to know the underlying SSL library used by libcurl */
110 typedef enum curlhelp_ssl_library
{
111 CURLHELP_SSL_LIBRARY_UNKNOWN
,
112 CURLHELP_SSL_LIBRARY_OPENSSL
,
113 CURLHELP_SSL_LIBRARY_LIBRESSL
,
114 CURLHELP_SSL_LIBRARY_GNUTLS
,
115 CURLHELP_SSL_LIBRARY_NSS
116 } curlhelp_ssl_library
;
124 regmatch_t pmatch
[REGS
];
125 char regexp
[MAX_RE_SIZE
];
126 int cflags
= REG_NOSUB
| REG_EXTENDED
| REG_NEWLINE
;
128 int invert_regex
= 0;
130 char *server_address
;
132 char *server_url
= 0;
133 char server_ip
[DEFAULT_BUFFER_SIZE
];
134 struct curl_slist
*server_ips
= NULL
;
135 int specify_port
= FALSE
;
136 unsigned short server_port
= HTTP_PORT
;
137 unsigned short virtual_port
= 0;
138 int host_name_length
;
139 char output_header_search
[30] = "";
140 char output_string_search
[30] = "";
141 char *warning_thresholds
= NULL
;
142 char *critical_thresholds
= NULL
;
143 int days_till_exp_warn
, days_till_exp_crit
;
145 char user_agent
[DEFAULT_BUFFER_SIZE
];
147 int show_extended_perfdata
= FALSE
;
148 int min_page_len
= 0;
149 int max_page_len
= 0;
151 int max_depth
= DEFAULT_MAX_REDIRS
;
152 char *http_method
= NULL
;
153 char *http_post_data
= NULL
;
154 char *http_content_type
= NULL
;
156 struct curl_slist
*header_list
= NULL
;
157 curlhelp_write_curlbuf body_buf
;
158 curlhelp_write_curlbuf header_buf
;
159 curlhelp_statusline status_line
;
160 curlhelp_read_curlbuf put_buf
;
161 char http_header
[DEFAULT_BUFFER_SIZE
];
163 long socket_timeout
= DEFAULT_SOCKET_TIMEOUT
;
166 double time_appconnect
;
168 double time_firstbyte
;
169 char errbuf
[CURL_ERROR_SIZE
+1];
171 char url
[DEFAULT_BUFFER_SIZE
];
172 char msg
[DEFAULT_BUFFER_SIZE
];
173 char perfstring
[DEFAULT_BUFFER_SIZE
];
174 char header_expect
[MAX_INPUT_BUFFER
] = "";
175 char string_expect
[MAX_INPUT_BUFFER
] = "";
176 char server_expect
[MAX_INPUT_BUFFER
] = HTTP_EXPECT
;
177 int server_expect_yn
= 0;
178 char user_auth
[MAX_INPUT_BUFFER
] = "";
179 char proxy_auth
[MAX_INPUT_BUFFER
] = "";
180 char **http_opt_headers
;
181 int http_opt_headers_count
= 0;
182 int display_html
= FALSE
;
183 int onredirect
= STATE_OK
;
184 int followmethod
= FOLLOW_HTTP_CURL
;
185 int followsticky
= STICKY_NONE
;
188 int check_cert
= FALSE
;
190 struct curl_slist
* to_info
;
191 struct curl_certinfo
* to_certinfo
;
193 cert_ptr_union cert_ptr
;
194 int ssl_version
= CURL_SSLVERSION_DEFAULT
;
195 char *client_cert
= NULL
;
196 char *client_privkey
= NULL
;
197 char *ca_cert
= NULL
;
198 int is_openssl_callback
= FALSE
;
199 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
201 #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
203 int maximum_age
= -1;
204 int address_family
= AF_UNSPEC
;
205 curlhelp_ssl_library ssl_library
= CURLHELP_SSL_LIBRARY_UNKNOWN
;
206 int curl_http_version
= CURL_HTTP_VERSION_NONE
;
208 int process_arguments (int, char**);
209 void handle_curl_option_return_code (CURLcode res
, const char* option
);
210 int check_http (void);
211 void redir (curlhelp_write_curlbuf
*);
212 char *perfd_time (double microsec
);
213 char *perfd_time_connect (double microsec
);
214 char *perfd_time_ssl (double microsec
);
215 char *perfd_time_firstbyte (double microsec
);
216 char *perfd_time_headers (double microsec
);
217 char *perfd_time_transfer (double microsec
);
218 char *perfd_size (int page_len
);
219 void print_help (void);
220 void print_usage (void);
221 void print_curl_version (void);
222 int curlhelp_initwritebuffer (curlhelp_write_curlbuf
*);
223 int curlhelp_buffer_write_callback (void*, size_t , size_t , void*);
224 void curlhelp_freewritebuffer (curlhelp_write_curlbuf
*);
225 int curlhelp_initreadbuffer (curlhelp_read_curlbuf
*, const char *, size_t);
226 int curlhelp_buffer_read_callback (void *, size_t , size_t , void *);
227 void curlhelp_freereadbuffer (curlhelp_read_curlbuf
*);
228 curlhelp_ssl_library
curlhelp_get_ssl_library (CURL
*);
229 const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library
);
230 int net_noopenssl_check_certificate (cert_ptr_union
*, int, int);
232 int curlhelp_parse_statusline (const char*, curlhelp_statusline
*);
233 void curlhelp_free_statusline (curlhelp_statusline
*);
234 char *get_header_value (const struct phr_header
* headers
, const size_t nof_headers
, const char* header
);
235 int check_document_dates (const curlhelp_write_curlbuf
*, char (*msg
)[DEFAULT_BUFFER_SIZE
]);
236 int get_content_length (const curlhelp_write_curlbuf
* header_buf
, const curlhelp_write_curlbuf
* body_buf
);
238 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
239 int np_net_ssl_check_certificate(X509
*certificate
, int days_till_exp_warn
, int days_till_exp_crit
);
240 #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
242 void remove_newlines (char *);
243 void test_file (char *);
246 main (int argc
, char **argv
)
248 int result
= STATE_UNKNOWN
;
250 setlocale (LC_ALL
, "");
251 bindtextdomain (PACKAGE
, LOCALEDIR
);
252 textdomain (PACKAGE
);
254 /* Parse extra opts if any */
255 argv
= np_extra_opts (&argc
, argv
, progname
);
258 snprintf( user_agent
, DEFAULT_BUFFER_SIZE
, "%s/v%s (monitoring-plugins %s, %s)",
259 progname
, NP_VERSION
, VERSION
, curl_version());
261 /* parse arguments */
262 if (process_arguments (argc
, argv
) == ERROR
)
263 usage4 (_("Could not parse arguments"));
265 if (display_html
== TRUE
)
266 printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
267 use_ssl
? "https" : "http",
268 host_name
? host_name
: server_address
,
269 virtual_port
? virtual_port
: server_port
,
272 result
= check_http ();
279 int verify_callback(int preverify_ok
, X509_STORE_CTX
*x509_ctx
)
281 /* TODO: we get all certificates of the chain, so which ones
283 * TODO: is the last certificate always the server certificate?
285 cert
= X509_STORE_CTX_get_current_cert(x509_ctx
);
289 CURLcode
sslctxfun(CURL
*curl
, SSL_CTX
*sslctx
, void *parm
)
291 SSL_CTX_set_verify(sslctx
, SSL_VERIFY_PEER
, verify_callback
);
296 #endif /* USE_OPENSSL */
297 #endif /* HAVE_SSL */
299 /* Checks if the server 'reply' is one of the expected 'statuscodes' */
301 expected_statuscode (const char *reply
, const char *statuscodes
)
303 char *expected
, *code
;
306 if ((expected
= strdup (statuscodes
)) == NULL
)
307 die (STATE_UNKNOWN
, _("HTTP UNKNOWN - Memory allocation error\n"));
309 for (code
= strtok (expected
, ","); code
!= NULL
; code
= strtok (NULL
, ","))
310 if (strstr (reply
, code
) != NULL
) {
320 handle_curl_option_return_code (CURLcode res
, const char* option
)
322 if (res
!= CURLE_OK
) {
323 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("Error while setting cURL option '%s': cURL returned %d - %s"),
324 option
, res
, curl_easy_strerror(res
));
325 die (STATE_CRITICAL
, "HTTP CRITICAL - %s\n", msg
);
332 int result
= STATE_OK
;
335 char *force_host_header
= NULL
;
337 /* initialize curl */
338 if (curl_global_init (CURL_GLOBAL_DEFAULT
) != CURLE_OK
)
339 die (STATE_UNKNOWN
, "HTTP UNKNOWN - curl_global_init failed\n");
341 if ((curl
= curl_easy_init()) == NULL
)
342 die (STATE_UNKNOWN
, "HTTP UNKNOWN - curl_easy_init failed\n");
345 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_VERBOSE
, TRUE
), "CURLOPT_VERBOSE");
347 /* print everything on stdout like check_http would do */
348 handle_curl_option_return_code (curl_easy_setopt(curl
, CURLOPT_STDERR
, stdout
), "CURLOPT_STDERR");
350 /* initialize buffer for body of the answer */
351 if (curlhelp_initwritebuffer(&body_buf
) < 0)
352 die (STATE_UNKNOWN
, "HTTP CRITICAL - out of memory allocating buffer for body\n");
353 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_WRITEFUNCTION
, (curl_write_callback
)curlhelp_buffer_write_callback
), "CURLOPT_WRITEFUNCTION");
354 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_WRITEDATA
, (void *)&body_buf
), "CURLOPT_WRITEDATA");
356 /* initialize buffer for header of the answer */
357 if (curlhelp_initwritebuffer( &header_buf
) < 0)
358 die (STATE_UNKNOWN
, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
359 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_HEADERFUNCTION
, (curl_write_callback
)curlhelp_buffer_write_callback
), "CURLOPT_HEADERFUNCTION");
360 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_WRITEHEADER
, (void *)&header_buf
), "CURLOPT_WRITEHEADER");
362 /* set the error buffer */
363 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_ERRORBUFFER
, errbuf
), "CURLOPT_ERRORBUFFER");
366 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_CONNECTTIMEOUT
, socket_timeout
), "CURLOPT_CONNECTTIMEOUT");
367 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_TIMEOUT
, socket_timeout
), "CURLOPT_TIMEOUT");
369 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
371 struct curl_slist
*host
= NULL
;
372 char dnscache
[DEFAULT_BUFFER_SIZE
];
373 snprintf (dnscache
, DEFAULT_BUFFER_SIZE
, "%s:%d:%s", host_name
, server_port
, server_address
);
374 host
= curl_slist_append(NULL
, dnscache
);
375 curl_easy_setopt(curl
, CURLOPT_RESOLVE
, host
);
377 printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache
);
380 /* compose URL: use the address we want to connect to, set Host: header later */
381 snprintf (url
, DEFAULT_BUFFER_SIZE
, "%s://%s:%d%s",
382 use_ssl
? "https" : "http",
383 use_ssl
? host_name
: server_address
,
389 printf ("* curl CURLOPT_URL: %s\n", url
);
390 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_URL
, url
), "CURLOPT_URL");
392 /* extract proxy information for legacy proxy https requests */
393 if (!strcmp(http_method
, "CONNECT") || strstr(server_url
, "http") == server_url
) {
394 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_PROXY
, server_address
), "CURLOPT_PROXY");
395 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_PROXYPORT
, (long)server_port
), "CURLOPT_PROXYPORT");
397 printf ("* curl CURLOPT_PROXY: %s:%d\n", server_address
, server_port
);
399 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_URL
, server_url
), "CURLOPT_URL");
402 /* disable body for HEAD request */
403 if (http_method
&& !strcmp (http_method
, "HEAD" )) {
407 /* set HTTP protocol version */
408 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_HTTP_VERSION
, curl_http_version
), "CURLOPT_HTTP_VERSION");
410 /* set HTTP method */
412 if (!strcmp(http_method
, "POST"))
413 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_POST
, 1), "CURLOPT_POST");
414 else if (!strcmp(http_method
, "PUT"))
415 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_UPLOAD
, 1), "CURLOPT_UPLOAD");
417 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_CUSTOMREQUEST
, http_method
), "CURLOPT_CUSTOMREQUEST");
420 /* check if Host header is explicitly set in options */
421 if (http_opt_headers_count
) {
422 for (i
= 0; i
< http_opt_headers_count
; i
++) {
423 if (strncmp(http_opt_headers
[i
], "Host:", 5) == 0) {
424 force_host_header
= http_opt_headers
[i
];
429 /* set hostname (virtual hosts), not needed if CURLOPT_CONNECT_TO is used, but left in anyway */
430 if(host_name
!= NULL
&& force_host_header
== NULL
) {
431 if((virtual_port
!= HTTP_PORT
&& !use_ssl
) || (virtual_port
!= HTTPS_PORT
&& use_ssl
)) {
432 snprintf(http_header
, DEFAULT_BUFFER_SIZE
, "Host: %s:%d", host_name
, virtual_port
);
434 snprintf(http_header
, DEFAULT_BUFFER_SIZE
, "Host: %s", host_name
);
436 header_list
= curl_slist_append (header_list
, http_header
);
439 /* always close connection, be nice to servers */
440 snprintf (http_header
, DEFAULT_BUFFER_SIZE
, "Connection: close");
441 header_list
= curl_slist_append (header_list
, http_header
);
443 /* attach additional headers supplied by the user */
444 /* optionally send any other header tag */
445 if (http_opt_headers_count
) {
446 for (i
= 0; i
< http_opt_headers_count
; i
++) {
447 header_list
= curl_slist_append (header_list
, http_opt_headers
[i
]);
449 /* This cannot be free'd here because a redirection will then try to access this and segfault */
450 /* Covered in a testcase in tests/check_http.t */
451 /* free(http_opt_headers); */
454 /* set HTTP headers */
455 handle_curl_option_return_code (curl_easy_setopt( curl
, CURLOPT_HTTPHEADER
, header_list
), "CURLOPT_HTTPHEADER");
457 #ifdef LIBCURL_FEATURE_SSL
459 /* set SSL version, warn about unsecure or unsupported versions */
461 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_SSLVERSION
, ssl_version
), "CURLOPT_SSLVERSION");
464 /* client certificate and key to present to server (SSL) */
466 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_SSLCERT
, client_cert
), "CURLOPT_SSLCERT");
468 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_SSLKEY
, client_privkey
), "CURLOPT_SSLKEY");
470 /* per default if we have a CA verify both the peer and the
471 * hostname in the certificate, can be switched off later */
472 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_CAINFO
, ca_cert
), "CURLOPT_CAINFO");
473 handle_curl_option_return_code (curl_easy_setopt( curl
, CURLOPT_SSL_VERIFYPEER
, 1), "CURLOPT_SSL_VERIFYPEER");
474 handle_curl_option_return_code (curl_easy_setopt( curl
, CURLOPT_SSL_VERIFYHOST
, 2), "CURLOPT_SSL_VERIFYHOST");
476 /* backward-compatible behaviour, be tolerant in checks
477 * TODO: depending on more options have aspects we want
478 * to be less tolerant about ssl verfications
480 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_SSL_VERIFYPEER
, 0), "CURLOPT_SSL_VERIFYPEER");
481 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_SSL_VERIFYHOST
, 0), "CURLOPT_SSL_VERIFYHOST");
484 /* detect SSL library used by libcurl */
485 ssl_library
= curlhelp_get_ssl_library (curl
);
487 /* try hard to get a stack of certificates to verify against */
489 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1)
490 /* inform curl to report back certificates */
491 switch (ssl_library
) {
492 case CURLHELP_SSL_LIBRARY_OPENSSL
:
493 case CURLHELP_SSL_LIBRARY_LIBRESSL
:
494 /* set callback to extract certificate with OpenSSL context function (works with
495 * OpenSSL-style libraries only!) */
497 /* libcurl and monitoring plugins built with OpenSSL, good */
498 handle_curl_option_return_code (curl_easy_setopt(curl
, CURLOPT_SSL_CTX_FUNCTION
, sslctxfun
), "CURLOPT_SSL_CTX_FUNCTION");
499 is_openssl_callback
= TRUE
;
500 #else /* USE_OPENSSL */
501 #endif /* USE_OPENSSL */
502 /* libcurl is built with OpenSSL, monitoring plugins, so falling
503 * back to manually extracting certificate information */
504 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_CERTINFO
, 1L), "CURLOPT_CERTINFO");
507 case CURLHELP_SSL_LIBRARY_NSS
:
508 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
509 /* NSS: support for CERTINFO is implemented since 7.34.0 */
510 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_CERTINFO
, 1L), "CURLOPT_CERTINFO");
511 #else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
512 die (STATE_CRITICAL
, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library
));
513 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
516 case CURLHELP_SSL_LIBRARY_GNUTLS
:
517 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0)
518 /* GnuTLS: support for CERTINFO is implemented since 7.42.0 */
519 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_CERTINFO
, 1L), "CURLOPT_CERTINFO");
520 #else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
521 die (STATE_CRITICAL
, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library
));
522 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
525 case CURLHELP_SSL_LIBRARY_UNKNOWN
:
527 die (STATE_CRITICAL
, "HTTP CRITICAL - Cannot retrieve certificates (unknown SSL library '%s', must implement first)\n", curlhelp_get_ssl_library_string (ssl_library
));
530 #else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
531 /* old libcurl, our only hope is OpenSSL, otherwise we are out of luck */
532 if (ssl_library
== CURLHELP_SSL_LIBRARY_OPENSSL
|| ssl_library
== CURLHELP_SSL_LIBRARY_LIBRESSL
)
533 handle_curl_option_return_code (curl_easy_setopt(curl
, CURLOPT_SSL_CTX_FUNCTION
, sslctxfun
), "CURLOPT_SSL_CTX_FUNCTION");
535 die (STATE_CRITICAL
, "HTTP CRITICAL - Cannot retrieve certificates (no CURLOPT_SSL_CTX_FUNCTION, no OpenSSL library or libcurl too old and has no CURLOPT_CERTINFO)\n");
536 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
539 #endif /* LIBCURL_FEATURE_SSL */
541 /* set default or user-given user agent identification */
542 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_USERAGENT
, user_agent
), "CURLOPT_USERAGENT");
544 /* proxy-authentication */
545 if (strcmp(proxy_auth
, ""))
546 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_PROXYUSERPWD
, proxy_auth
), "CURLOPT_PROXYUSERPWD");
549 if (strcmp(user_auth
, ""))
550 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_USERPWD
, user_auth
), "CURLOPT_USERPWD");
552 /* TODO: parameter auth method, bitfield of following methods:
553 * CURLAUTH_BASIC (default)
560 * convenience tokens for typical sets of methods:
561 * CURLAUTH_ANYSAFE: most secure, without BASIC
562 * or CURLAUTH_ANY: most secure, even BASIC if necessary
564 * handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST ), "CURLOPT_HTTPAUTH");
567 /* handle redirections */
568 if (onredirect
== STATE_DEPENDENT
) {
569 if( followmethod
== FOLLOW_LIBCURL
) {
570 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_FOLLOWLOCATION
, 1), "CURLOPT_FOLLOWLOCATION");
572 /* default -1 is infinite, not good, could lead to zombie plugins!
573 Setting it to one bigger than maximal limit to handle errors nicely below
575 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_MAXREDIRS
, max_depth
+1), "CURLOPT_MAXREDIRS");
577 /* for now allow only http and https (we are a http(s) check plugin in the end) */
578 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
579 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_REDIR_PROTOCOLS
, CURLPROTO_HTTP
| CURLPROTO_HTTPS
), "CURLOPT_REDIRECT_PROTOCOLS");
580 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
582 /* TODO: handle the following aspects of redirection, make them
583 * command line options too later:
584 CURLOPT_POSTREDIR: method switch
585 CURLINFO_REDIRECT_URL: custom redirect option
586 CURLOPT_REDIRECT_PROTOCOLS: allow people to step outside safe protocols
587 CURLINFO_REDIRECT_COUNT: get the number of redirects, print it, maybe a range option here is nice like for expected page size?
590 /* old style redirection is handled below */
596 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_NOBODY
, 1), "CURLOPT_NOBODY");
598 /* IPv4 or IPv6 forced DNS resolution */
599 if (address_family
== AF_UNSPEC
)
600 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_IPRESOLVE
, CURL_IPRESOLVE_WHATEVER
), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_WHATEVER)");
601 else if (address_family
== AF_INET
)
602 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_IPRESOLVE
, CURL_IPRESOLVE_V4
), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V4)");
603 #if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
604 else if (address_family
== AF_INET6
)
605 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_IPRESOLVE
, CURL_IPRESOLVE_V6
), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V6)");
608 /* either send http POST data (any data, not only POST)*/
609 if (!strcmp(http_method
, "POST") ||!strcmp(http_method
, "PUT")) {
610 /* set content of payload for POST and PUT */
611 if (http_content_type
) {
612 snprintf (http_header
, DEFAULT_BUFFER_SIZE
, "Content-Type: %s", http_content_type
);
613 header_list
= curl_slist_append (header_list
, http_header
);
615 /* NULL indicates "HTTP Continue" in libcurl, provide an empty string
616 * in case of no POST/PUT data */
619 if (!strcmp(http_method
, "POST")) {
620 /* POST method, set payload with CURLOPT_POSTFIELDS */
621 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_POSTFIELDS
, http_post_data
), "CURLOPT_POSTFIELDS");
622 } else if (!strcmp(http_method
, "PUT")) {
623 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_READFUNCTION
, (curl_read_callback
)curlhelp_buffer_read_callback
), "CURLOPT_READFUNCTION");
624 curlhelp_initreadbuffer (&put_buf
, http_post_data
, strlen (http_post_data
));
625 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_READDATA
, (void *)&put_buf
), "CURLOPT_READDATA");
626 handle_curl_option_return_code (curl_easy_setopt (curl
, CURLOPT_INFILESIZE
, (curl_off_t
)strlen (http_post_data
)), "CURLOPT_INFILESIZE");
631 res
= curl_easy_perform(curl
);
633 if (verbose
>=2 && http_post_data
)
634 printf ("**** REQUEST CONTENT ****\n%s\n", http_post_data
);
636 /* free header and server IP resolve lists, we don't need it anymore */
637 curl_slist_free_all (header_list
); header_list
= NULL
;
638 curl_slist_free_all (server_ips
); server_ips
= NULL
;
640 /* Curl errors, result in critical Nagios state */
641 if (res
!= CURLE_OK
) {
642 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
643 server_port
, res
, curl_easy_strerror(res
));
644 die (STATE_CRITICAL
, "HTTP CRITICAL - %s\n", msg
);
647 /* certificate checks */
648 #ifdef LIBCURL_FEATURE_SSL
649 if (use_ssl
== TRUE
) {
650 if (check_cert
== TRUE
) {
651 if (is_openssl_callback
) {
653 /* check certificate with OpenSSL functions, curl has been built against OpenSSL
654 * and we actually have OpenSSL in the monitoring tools
656 result
= np_net_ssl_check_certificate(cert
, days_till_exp_warn
, days_till_exp_crit
);
658 #else /* USE_OPENSSL */
659 die (STATE_CRITICAL
, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
660 #endif /* USE_OPENSSL */
663 struct curl_slist
*slist
;
665 cert_ptr
.to_info
= NULL
;
666 res
= curl_easy_getinfo (curl
, CURLINFO_CERTINFO
, &cert_ptr
.to_info
);
667 if (!res
&& cert_ptr
.to_info
) {
669 /* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert parsing
670 * We only check the first certificate and assume it's the one of the server
672 const char* raw_cert
= NULL
;
673 for (i
= 0; i
< cert_ptr
.to_certinfo
->num_of_certs
; i
++) {
674 for (slist
= cert_ptr
.to_certinfo
->certinfo
[i
]; slist
; slist
= slist
->next
) {
676 printf ("%d ** %s\n", i
, slist
->data
);
677 if (strncmp (slist
->data
, "Cert:", 5) == 0) {
678 raw_cert
= &slist
->data
[5];
685 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
686 die (STATE_CRITICAL
, "HTTP CRITICAL - %s\n", msg
);
688 BIO
* cert_BIO
= BIO_new (BIO_s_mem());
689 BIO_write (cert_BIO
, raw_cert
, strlen(raw_cert
));
690 cert
= PEM_read_bio_X509 (cert_BIO
, NULL
, NULL
, NULL
);
692 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("Cannot read certificate from CERTINFO information - BIO error"));
693 die (STATE_CRITICAL
, "HTTP CRITICAL - %s\n", msg
);
696 result
= np_net_ssl_check_certificate(cert
, days_till_exp_warn
, days_till_exp_crit
);
698 #else /* USE_OPENSSL */
699 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
700 * so we use the libcurl CURLINFO data
702 result
= net_noopenssl_check_certificate(&cert_ptr
, days_till_exp_warn
, days_till_exp_crit
);
704 #endif /* USE_OPENSSL */
706 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("Cannot retrieve certificates - cURL returned %d - %s"),
707 res
, curl_easy_strerror(res
));
708 die (STATE_CRITICAL
, "HTTP CRITICAL - %s\n", msg
);
713 #endif /* LIBCURL_FEATURE_SSL */
715 /* we got the data and we executed the request in a given time, so we can append
716 * performance data to the answer always
718 handle_curl_option_return_code (curl_easy_getinfo (curl
, CURLINFO_TOTAL_TIME
, &total_time
), "CURLINFO_TOTAL_TIME");
719 page_len
= get_content_length(&header_buf
, &body_buf
);
720 if(show_extended_perfdata
) {
721 handle_curl_option_return_code (curl_easy_getinfo(curl
, CURLINFO_CONNECT_TIME
, &time_connect
), "CURLINFO_CONNECT_TIME");
722 handle_curl_option_return_code (curl_easy_getinfo(curl
, CURLINFO_APPCONNECT_TIME
, &time_appconnect
), "CURLINFO_APPCONNECT_TIME");
723 handle_curl_option_return_code (curl_easy_getinfo(curl
, CURLINFO_PRETRANSFER_TIME
, &time_headers
), "CURLINFO_PRETRANSFER_TIME");
724 handle_curl_option_return_code (curl_easy_getinfo(curl
, CURLINFO_STARTTRANSFER_TIME
, &time_firstbyte
), "CURLINFO_STARTTRANSFER_TIME");
725 snprintf(perfstring
, DEFAULT_BUFFER_SIZE
, "%s %s %s %s %s %s %s",
726 perfd_time(total_time
),
727 perfd_size(page_len
),
728 perfd_time_connect(time_connect
),
729 use_ssl
== TRUE
? perfd_time_ssl (time_appconnect
-time_connect
) : "",
730 perfd_time_headers(time_headers
- time_appconnect
),
731 perfd_time_firstbyte(time_firstbyte
- time_headers
),
732 perfd_time_transfer(total_time
-time_firstbyte
)
735 snprintf(perfstring
, DEFAULT_BUFFER_SIZE
, "%s %s",
736 perfd_time(total_time
),
741 /* return a CRITICAL status if we couldn't read any data */
742 if (strlen(header_buf
.buf
) == 0 && strlen(body_buf
.buf
) == 0)
743 die (STATE_CRITICAL
, _("HTTP CRITICAL - No header received from host\n"));
745 /* get status line of answer, check sanity of HTTP code */
746 if (curlhelp_parse_statusline (header_buf
.buf
, &status_line
) < 0) {
747 snprintf (msg
, DEFAULT_BUFFER_SIZE
, "Unparsable status line in %.3g seconds response time|%s\n",
748 total_time
, perfstring
);
749 die (STATE_CRITICAL
, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code
, msg
);
752 /* get result code from cURL */
753 handle_curl_option_return_code (curl_easy_getinfo (curl
, CURLINFO_RESPONSE_CODE
, &code
), "CURLINFO_RESPONSE_CODE");
755 printf ("* curl CURLINFO_RESPONSE_CODE is %ld\n", code
);
757 /* print status line, header, body if verbose */
759 printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header_buf
.buf
,
760 (no_body
? " [[ skipped ]]" : body_buf
.buf
));
763 /* make sure the status line matches the response we are looking for */
764 if (!expected_statuscode(status_line
.first_line
, server_expect
)) {
765 if (server_port
== HTTP_PORT
)
766 snprintf(msg
, DEFAULT_BUFFER_SIZE
, _("Invalid HTTP response received from host: %s\n"), status_line
.first_line
);
768 snprintf(msg
, DEFAULT_BUFFER_SIZE
, _("Invalid HTTP response received from host on port %d: %s\n"), server_port
, status_line
.first_line
);
769 die (STATE_CRITICAL
, "HTTP CRITICAL - %s", msg
);
772 if( server_expect_yn
) {
773 snprintf(msg
, DEFAULT_BUFFER_SIZE
, _("Status line output matched \"%s\" - "), server_expect
);
779 /* illegal return codes result in a critical state */
780 if (code
>= 600 || code
< 100) {
781 die (STATE_CRITICAL
, _("HTTP CRITICAL: Invalid Status (%d, %.40s)\n"), status_line
.http_code
, status_line
.msg
);
782 /* server errors result in a critical state */
783 } else if (code
>= 500) {
784 result
= STATE_CRITICAL
;
785 /* client errors result in a warning state */
786 } else if (code
>= 400) {
787 result
= STATE_WARNING
;
788 /* check redirected page if specified */
789 } else if (code
>= 300) {
790 if (onredirect
== STATE_DEPENDENT
) {
791 if( followmethod
== FOLLOW_LIBCURL
) {
792 code
= status_line
.http_code
;
794 /* old check_http style redirection, if we come
795 * back here, we are in the same status as with
801 /* this is a specific code in the command line to
802 * be returned when a redirection is encoutered
805 result
= max_state_alt (onredirect
, result
);
806 /* all other codes are considered ok */
812 /* libcurl redirection internally, handle error states here */
813 if( followmethod
== FOLLOW_LIBCURL
) {
814 handle_curl_option_return_code (curl_easy_getinfo (curl
, CURLINFO_REDIRECT_COUNT
, &redir_depth
), "CURLINFO_REDIRECT_COUNT");
816 printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth
);
817 if (redir_depth
> max_depth
) {
818 snprintf (msg
, DEFAULT_BUFFER_SIZE
, "maximum redirection depth %d exceeded in libcurl",
820 die (STATE_WARNING
, "HTTP WARNING - %s", msg
);
824 /* check status codes, set exit status accordingly */
825 if( status_line
.http_code
!= code
) {
826 die (STATE_CRITICAL
, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"),
827 status_line
.http_major
, status_line
.http_minor
,
828 status_line
.http_code
, status_line
.msg
, code
);
831 if (maximum_age
>= 0) {
832 result
= max_state_alt(check_document_dates(&header_buf
, &msg
), result
);
835 /* Page and Header content checks go here */
837 if (strlen (header_expect
)) {
838 if (!strstr (header_buf
.buf
, header_expect
)) {
839 strncpy(&output_header_search
[0],header_expect
,sizeof(output_header_search
));
840 if(output_header_search
[sizeof(output_header_search
)-1]!='\0') {
841 bcopy("...",&output_header_search
[sizeof(output_header_search
)-4],4);
843 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg
, output_header_search
, use_ssl
? "https" : "http", host_name
? host_name
: server_address
, server_port
, server_url
);
844 result
= STATE_CRITICAL
;
848 if (strlen (string_expect
)) {
849 if (!strstr (body_buf
.buf
, string_expect
)) {
850 strncpy(&output_string_search
[0],string_expect
,sizeof(output_string_search
));
851 if(output_string_search
[sizeof(output_string_search
)-1]!='\0') {
852 bcopy("...",&output_string_search
[sizeof(output_string_search
)-4],4);
854 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg
, output_string_search
, use_ssl
? "https" : "http", host_name
? host_name
: server_address
, server_port
, server_url
);
855 result
= STATE_CRITICAL
;
859 if (strlen (regexp
)) {
860 errcode
= regexec (&preg
, body_buf
.buf
, REGS
, pmatch
, 0);
861 if ((errcode
== 0 && invert_regex
== 0) || (errcode
== REG_NOMATCH
&& invert_regex
== 1)) {
862 /* OK - No-op to avoid changing the logic around it */
863 result
= max_state_alt(STATE_OK
, result
);
865 else if ((errcode
== REG_NOMATCH
&& invert_regex
== 0) || (errcode
== 0 && invert_regex
== 1)) {
866 if (invert_regex
== 0)
867 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("%spattern not found, "), msg
);
869 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("%spattern found, "), msg
);
870 result
= STATE_CRITICAL
;
873 regerror (errcode
, &preg
, errbuf
, MAX_INPUT_BUFFER
);
874 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("%sExecute Error: %s, "), msg
, errbuf
);
875 result
= STATE_UNKNOWN
;
879 /* make sure the page is of an appropriate size */
880 if ((max_page_len
> 0) && (page_len
> max_page_len
)) {
881 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("%spage size %d too large, "), msg
, page_len
);
882 result
= max_state_alt(STATE_WARNING
, result
);
883 } else if ((min_page_len
> 0) && (page_len
< min_page_len
)) {
884 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("%spage size %d too small, "), msg
, page_len
);
885 result
= max_state_alt(STATE_WARNING
, result
);
888 /* -w, -c: check warning and critical level */
889 result
= max_state_alt(get_status(total_time
, thlds
), result
);
891 /* Cut-off trailing characters */
892 if(msg
[strlen(msg
)-2] == ',')
893 msg
[strlen(msg
)-2] = '\0';
895 msg
[strlen(msg
)-3] = '\0';
897 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
898 die (result
, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n",
899 state_text(result
), status_line
.http_major
, status_line
.http_minor
,
900 status_line
.http_code
, status_line
.msg
,
901 strlen(msg
) > 0 ? " - " : "",
902 msg
, page_len
, total_time
,
903 (display_html
? "</A>" : ""),
906 /* proper cleanup after die? */
907 curlhelp_free_statusline(&status_line
);
908 curl_easy_cleanup (curl
);
909 curl_global_cleanup ();
910 curlhelp_freewritebuffer (&body_buf
);
911 curlhelp_freewritebuffer (&header_buf
);
912 if (!strcmp (http_method
, "PUT")) {
913 curlhelp_freereadbuffer (&put_buf
);
920 uri_strcmp (const UriTextRangeA range
, const char* s
)
922 if (!range
.first
) return -1;
923 if (range
.afterLast
- range
.first
< strlen (s
)) return -1;
924 return strncmp (s
, range
.first
, min( range
.afterLast
- range
.first
, strlen (s
)));
928 uri_string (const UriTextRangeA range
, char* buf
, size_t buflen
)
930 if (!range
.first
) return "(null)";
931 strncpy (buf
, range
.first
, max (buflen
, range
.afterLast
- range
.first
));
932 buf
[max (buflen
, range
.afterLast
- range
.first
)] = '\0';
933 buf
[range
.afterLast
- range
.first
] = '\0';
938 redir (curlhelp_write_curlbuf
* header_buf
)
940 char *location
= NULL
;
941 curlhelp_statusline status_line
;
942 struct phr_header headers
[255];
943 size_t nof_headers
= 255;
945 char buf
[DEFAULT_BUFFER_SIZE
];
946 char ipstr
[INET_ADDR_MAX_SIZE
];
951 int res
= phr_parse_response (header_buf
->buf
, header_buf
->buflen
,
952 &status_line
.http_minor
, &status_line
.http_code
, &status_line
.msg
, &msglen
,
953 headers
, &nof_headers
, 0);
955 location
= get_header_value (headers
, nof_headers
, "location");
958 printf(_("* Seen redirect location %s\n"), location
);
960 if (++redir_depth
> max_depth
)
962 _("HTTP WARNING - maximum redirection depth %d exceeded - %s%s\n"),
963 max_depth
, location
, (display_html
? "</A>" : ""));
965 UriParserStateA state
;
968 if (uriParseUriA (&state
, location
) != URI_SUCCESS
) {
969 if (state
.errorCode
== URI_ERROR_SYNTAX
) {
971 _("HTTP UNKNOWN - Could not parse redirect location '%s'%s\n"),
972 location
, (display_html
? "</A>" : ""));
973 } else if (state
.errorCode
== URI_ERROR_MALLOC
) {
974 die (STATE_UNKNOWN
, _("HTTP UNKNOWN - Could not allocate URL\n"));
979 printf (_("** scheme: %s\n"),
980 uri_string (uri
.scheme
, buf
, DEFAULT_BUFFER_SIZE
));
981 printf (_("** host: %s\n"),
982 uri_string (uri
.hostText
, buf
, DEFAULT_BUFFER_SIZE
));
983 printf (_("** port: %s\n"),
984 uri_string (uri
.portText
, buf
, DEFAULT_BUFFER_SIZE
));
985 if (uri
.hostData
.ip4
) {
986 inet_ntop (AF_INET
, uri
.hostData
.ip4
->data
, ipstr
, sizeof (ipstr
));
987 printf (_("** IPv4: %s\n"), ipstr
);
989 if (uri
.hostData
.ip6
) {
990 inet_ntop (AF_INET
, uri
.hostData
.ip6
->data
, ipstr
, sizeof (ipstr
));
991 printf (_("** IPv6: %s\n"), ipstr
);
994 printf (_("** path: "));
995 const UriPathSegmentA
* p
= uri
.pathHead
;
996 for (; p
; p
= p
->next
) {
997 printf ("/%s", uri_string (p
->text
, buf
, DEFAULT_BUFFER_SIZE
));
1001 if (uri
.query
.first
) {
1002 printf (_("** query: %s\n"),
1003 uri_string (uri
.query
, buf
, DEFAULT_BUFFER_SIZE
));
1005 if (uri
.fragment
.first
) {
1006 printf (_("** fragment: %s\n"),
1007 uri_string (uri
.fragment
, buf
, DEFAULT_BUFFER_SIZE
));
1011 use_ssl
= !uri_strcmp (uri
.scheme
, "https");
1013 /* we do a sloppy test here only, because uriparser would have failed
1014 * above, if the port would be invalid, we just check for MAX_PORT
1016 if (uri
.portText
.first
) {
1017 new_port
= atoi (uri_string (uri
.portText
, buf
, DEFAULT_BUFFER_SIZE
));
1019 new_port
= HTTP_PORT
;
1021 new_port
= HTTPS_PORT
;
1023 if (new_port
> MAX_PORT
)
1025 _("HTTP UNKNOWN - Redirection to port above %d - %s%s\n"),
1026 MAX_PORT
, location
, display_html
? "</A>" : "");
1028 /* by RFC 7231 relative URLs in Location should be taken relative to
1029 * the original URL, so wy try to form a new absolute URL here
1031 if (!uri
.scheme
.first
&& !uri
.hostText
.first
) {
1032 new_host
= strdup (host_name
? host_name
: server_address
);
1034 new_host
= strdup (uri_string (uri
.hostText
, buf
, DEFAULT_BUFFER_SIZE
));
1037 /* compose new path */
1038 /* TODO: handle fragments and query part of URL */
1039 new_url
= (char *)calloc( 1, DEFAULT_BUFFER_SIZE
);
1041 const UriPathSegmentA
* p
= uri
.pathHead
;
1042 for (; p
; p
= p
->next
) {
1043 strncat (new_url
, "/", DEFAULT_BUFFER_SIZE
);
1044 strncat (new_url
, uri_string (p
->text
, buf
, DEFAULT_BUFFER_SIZE
), DEFAULT_BUFFER_SIZE
);
1048 if (server_port
==new_port
&&
1049 !strncmp(server_address
, new_host
, MAX_IPV4_HOSTLENGTH
) &&
1050 (host_name
&& !strncmp(host_name
, new_host
, MAX_IPV4_HOSTLENGTH
)) &&
1051 !strcmp(server_url
, new_url
))
1053 _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
1054 use_ssl
? "https" : "http", new_host
, new_port
, new_url
, (display_html
? "</A>" : ""));
1056 /* set new values for redirected request */
1058 if (!(followsticky
& STICKY_HOST
)) {
1059 free (server_address
);
1060 server_address
= strndup (new_host
, MAX_IPV4_HOSTLENGTH
);
1062 if (!(followsticky
& STICKY_PORT
)) {
1063 server_port
= (unsigned short)new_port
;
1067 host_name
= strndup (new_host
, MAX_IPV4_HOSTLENGTH
);
1069 /* reset virtual port */
1070 virtual_port
= server_port
;
1074 server_url
= new_url
;
1076 uriFreeUriMembersA (&uri
);
1079 printf (_("Redirection to %s://%s:%d%s\n"), use_ssl
? "https" : "http",
1080 host_name
? host_name
: server_address
, server_port
, server_url
);
1082 /* TODO: the hash component MUST be taken from the original URL and
1083 * attached to the URL in Location
1089 /* check whether a file exists */
1091 test_file (char *path
)
1093 if (access(path
, R_OK
) == 0)
1095 usage2 (_("file does not exist or is not readable"), path
);
1099 process_arguments (int argc
, char **argv
)
1106 INVERT_REGEX
= CHAR_MAX
+ 1,
1114 static struct option longopts
[] = {
1116 {"link", no_argument
, 0, 'L'},
1117 {"nohtml", no_argument
, 0, 'n'},
1118 {"ssl", optional_argument
, 0, 'S'},
1119 {"sni", no_argument
, 0, SNI_OPTION
},
1120 {"post", required_argument
, 0, 'P'},
1121 {"method", required_argument
, 0, 'j'},
1122 {"IP-address", required_argument
, 0, 'I'},
1123 {"url", required_argument
, 0, 'u'},
1124 {"port", required_argument
, 0, 'p'},
1125 {"authorization", required_argument
, 0, 'a'},
1126 {"proxy-authorization", required_argument
, 0, 'b'},
1127 {"header-string", required_argument
, 0, 'd'},
1128 {"string", required_argument
, 0, 's'},
1129 {"expect", required_argument
, 0, 'e'},
1130 {"regex", required_argument
, 0, 'r'},
1131 {"ereg", required_argument
, 0, 'r'},
1132 {"eregi", required_argument
, 0, 'R'},
1133 {"linespan", no_argument
, 0, 'l'},
1134 {"onredirect", required_argument
, 0, 'f'},
1135 {"certificate", required_argument
, 0, 'C'},
1136 {"client-cert", required_argument
, 0, 'J'},
1137 {"private-key", required_argument
, 0, 'K'},
1138 {"ca-cert", required_argument
, 0, CA_CERT_OPTION
},
1139 {"useragent", required_argument
, 0, 'A'},
1140 {"header", required_argument
, 0, 'k'},
1141 {"no-body", no_argument
, 0, 'N'},
1142 {"max-age", required_argument
, 0, 'M'},
1143 {"content-type", required_argument
, 0, 'T'},
1144 {"pagesize", required_argument
, 0, 'm'},
1145 {"invert-regex", no_argument
, NULL
, INVERT_REGEX
},
1146 {"use-ipv4", no_argument
, 0, '4'},
1147 {"use-ipv6", no_argument
, 0, '6'},
1148 {"extended-perfdata", no_argument
, 0, 'E'},
1149 {"http-version", required_argument
, 0, HTTP_VERSION_OPTION
},
1156 /* support check_http compatible arguments */
1157 for (c
= 1; c
< argc
; c
++) {
1158 if (strcmp ("-to", argv
[c
]) == 0)
1159 strcpy (argv
[c
], "-t");
1160 if (strcmp ("-hn", argv
[c
]) == 0)
1161 strcpy (argv
[c
], "-H");
1162 if (strcmp ("-wt", argv
[c
]) == 0)
1163 strcpy (argv
[c
], "-w");
1164 if (strcmp ("-ct", argv
[c
]) == 0)
1165 strcpy (argv
[c
], "-c");
1166 if (strcmp ("-nohtml", argv
[c
]) == 0)
1167 strcpy (argv
[c
], "-n");
1170 server_url
= strdup(DEFAULT_SERVER_URL
);
1173 c
= getopt_long (argc
, argv
, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts
, &option
);
1174 if (c
== -1 || c
== EOF
|| c
== 1)
1180 exit(STATE_UNKNOWN
);
1183 print_revision(progname
, NP_VERSION
);
1184 print_curl_version();
1185 exit(STATE_UNKNOWN
);
1190 case 't': /* timeout period */
1191 if (!is_intnonneg (optarg
))
1192 usage2 (_("Timeout interval must be a positive integer"), optarg
);
1194 socket_timeout
= (int)strtol (optarg
, NULL
, 10);
1196 case 'c': /* critical time threshold */
1197 critical_thresholds
= optarg
;
1199 case 'w': /* warning time threshold */
1200 warning_thresholds
= optarg
;
1202 case 'H': /* virtual host */
1203 host_name
= strdup (optarg
);
1204 if (host_name
[0] == '[') {
1205 if ((p
= strstr (host_name
, "]:")) != NULL
) { /* [IPv6]:port */
1206 virtual_port
= atoi (p
+ 2);
1207 /* cut off the port */
1208 host_name_length
= strlen (host_name
) - strlen (p
) - 1;
1210 host_name
= strndup (optarg
, host_name_length
);
1212 } else if ((p
= strchr (host_name
, ':')) != NULL
1213 && strchr (++p
, ':') == NULL
) { /* IPv4:port or host:port */
1214 virtual_port
= atoi (p
);
1215 /* cut off the port */
1216 host_name_length
= strlen (host_name
) - strlen (p
) - 1;
1218 host_name
= strndup (optarg
, host_name_length
);
1221 case 'I': /* internet address */
1222 server_address
= strdup (optarg
);
1224 case 'u': /* URL path */
1225 server_url
= strdup (optarg
);
1227 case 'p': /* Server port */
1228 if (!is_intnonneg (optarg
))
1229 usage2 (_("Invalid port number, expecting a non-negative number"), optarg
);
1231 if( strtol(optarg
, NULL
, 10) > MAX_PORT
)
1232 usage2 (_("Invalid port number, supplied port number is too big"), optarg
);
1233 server_port
= (unsigned short)strtol(optarg
, NULL
, 10);
1234 specify_port
= TRUE
;
1237 case 'a': /* authorization info */
1238 strncpy (user_auth
, optarg
, MAX_INPUT_BUFFER
- 1);
1239 user_auth
[MAX_INPUT_BUFFER
- 1] = 0;
1241 case 'b': /* proxy-authorization info */
1242 strncpy (proxy_auth
, optarg
, MAX_INPUT_BUFFER
- 1);
1243 proxy_auth
[MAX_INPUT_BUFFER
- 1] = 0;
1245 case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
1246 if (! http_post_data
)
1247 http_post_data
= strdup (optarg
);
1249 http_method
= strdup("POST");
1251 case 'j': /* Set HTTP method */
1254 http_method
= strdup (optarg
);
1256 case 'A': /* useragent */
1257 strncpy (user_agent
, optarg
, DEFAULT_BUFFER_SIZE
);
1258 user_agent
[DEFAULT_BUFFER_SIZE
-1] = '\0';
1260 case 'k': /* Additional headers */
1261 if (http_opt_headers_count
== 0)
1262 http_opt_headers
= malloc (sizeof (char *) * (++http_opt_headers_count
));
1264 http_opt_headers
= realloc (http_opt_headers
, sizeof (char *) * (++http_opt_headers_count
));
1265 http_opt_headers
[http_opt_headers_count
- 1] = optarg
;
1267 case 'L': /* show html link */
1268 display_html
= TRUE
;
1270 case 'n': /* do not show html link */
1271 display_html
= FALSE
;
1273 case 'C': /* Check SSL cert validity */
1274 #ifdef LIBCURL_FEATURE_SSL
1275 if ((temp
=strchr(optarg
,','))!=NULL
) {
1277 if (!is_intnonneg (optarg
))
1278 usage2 (_("Invalid certificate expiration period"), optarg
);
1279 days_till_exp_warn
= atoi(optarg
);
1282 if (!is_intnonneg (temp
))
1283 usage2 (_("Invalid certificate expiration period"), temp
);
1284 days_till_exp_crit
= atoi (temp
);
1287 days_till_exp_crit
=0;
1288 if (!is_intnonneg (optarg
))
1289 usage2 (_("Invalid certificate expiration period"), optarg
);
1290 days_till_exp_warn
= atoi (optarg
);
1295 case 'J': /* use client certificate */
1296 #ifdef LIBCURL_FEATURE_SSL
1298 client_cert
= optarg
;
1301 case 'K': /* use client private key */
1302 #ifdef LIBCURL_FEATURE_SSL
1304 client_privkey
= optarg
;
1307 #ifdef LIBCURL_FEATURE_SSL
1308 case CA_CERT_OPTION
: /* use CA chain file */
1313 case 'S': /* use SSL */
1314 #ifdef LIBCURL_FEATURE_SSL
1317 /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
1318 * Only set if it's non-zero. This helps when we include multiple
1319 * parameters, like -S and -C combinations */
1320 ssl_version
= CURL_SSLVERSION_DEFAULT
;
1321 if (c
=='S' && optarg
!= NULL
) {
1322 char *plus_ptr
= strchr(optarg
, '+');
1328 if (optarg
[0] == '2')
1329 ssl_version
= CURL_SSLVERSION_SSLv2
;
1330 else if (optarg
[0] == '3')
1331 ssl_version
= CURL_SSLVERSION_SSLv3
;
1332 else if (!strcmp (optarg
, "1") || !strcmp (optarg
, "1.0"))
1333 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1334 ssl_version
= CURL_SSLVERSION_TLSv1_0
;
1336 ssl_version
= CURL_SSLVERSION_DEFAULT
;
1337 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1338 else if (!strcmp (optarg
, "1.1"))
1339 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1340 ssl_version
= CURL_SSLVERSION_TLSv1_1
;
1342 ssl_version
= CURL_SSLVERSION_DEFAULT
;
1343 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1344 else if (!strcmp (optarg
, "1.2"))
1345 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1346 ssl_version
= CURL_SSLVERSION_TLSv1_2
;
1348 ssl_version
= CURL_SSLVERSION_DEFAULT
;
1349 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1350 else if (!strcmp (optarg
, "1.3"))
1351 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
1352 ssl_version
= CURL_SSLVERSION_TLSv1_3
;
1354 ssl_version
= CURL_SSLVERSION_DEFAULT
;
1355 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
1357 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
1359 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
1361 switch (ssl_version
) {
1362 case CURL_SSLVERSION_TLSv1_3
:
1363 ssl_version
|= CURL_SSLVERSION_MAX_TLSv1_3
;
1365 case CURL_SSLVERSION_TLSv1_2
:
1366 case CURL_SSLVERSION_TLSv1_1
:
1367 case CURL_SSLVERSION_TLSv1_0
:
1368 ssl_version
|= CURL_SSLVERSION_MAX_DEFAULT
;
1372 switch (ssl_version
) {
1373 case CURL_SSLVERSION_TLSv1_3
:
1374 ssl_version
|= CURL_SSLVERSION_MAX_TLSv1_3
;
1376 case CURL_SSLVERSION_TLSv1_2
:
1377 ssl_version
|= CURL_SSLVERSION_MAX_TLSv1_2
;
1379 case CURL_SSLVERSION_TLSv1_1
:
1380 ssl_version
|= CURL_SSLVERSION_MAX_TLSv1_1
;
1382 case CURL_SSLVERSION_TLSv1_0
:
1383 ssl_version
|= CURL_SSLVERSION_MAX_TLSv1_0
;
1387 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
1389 printf(_("* Set SSL/TLS version to %d\n"), ssl_version
);
1390 if (specify_port
== FALSE
)
1391 server_port
= HTTPS_PORT
;
1393 #else /* LIBCURL_FEATURE_SSL */
1394 /* -C -J and -K fall through to here without SSL */
1395 usage4 (_("Invalid option - SSL is not available"));
1397 case SNI_OPTION
: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
1400 #endif /* LIBCURL_FEATURE_SSL */
1401 case 'f': /* onredirect */
1402 if (!strcmp (optarg
, "ok"))
1403 onredirect
= STATE_OK
;
1404 else if (!strcmp (optarg
, "warning"))
1405 onredirect
= STATE_WARNING
;
1406 else if (!strcmp (optarg
, "critical"))
1407 onredirect
= STATE_CRITICAL
;
1408 else if (!strcmp (optarg
, "unknown"))
1409 onredirect
= STATE_UNKNOWN
;
1410 else if (!strcmp (optarg
, "follow"))
1411 onredirect
= STATE_DEPENDENT
;
1412 else if (!strcmp (optarg
, "stickyport"))
1413 onredirect
= STATE_DEPENDENT
, followmethod
= FOLLOW_HTTP_CURL
, followsticky
= STICKY_HOST
|STICKY_PORT
;
1414 else if (!strcmp (optarg
, "sticky"))
1415 onredirect
= STATE_DEPENDENT
, followmethod
= FOLLOW_HTTP_CURL
, followsticky
= STICKY_HOST
;
1416 else if (!strcmp (optarg
, "follow"))
1417 onredirect
= STATE_DEPENDENT
, followmethod
= FOLLOW_HTTP_CURL
, followsticky
= STICKY_NONE
;
1418 else if (!strcmp (optarg
, "curl"))
1419 onredirect
= STATE_DEPENDENT
, followmethod
= FOLLOW_LIBCURL
;
1420 else usage2 (_("Invalid onredirect option"), optarg
);
1422 printf(_("* Following redirects set to %s\n"), state_text(onredirect
));
1424 case 'd': /* string or substring */
1425 strncpy (header_expect
, optarg
, MAX_INPUT_BUFFER
- 1);
1426 header_expect
[MAX_INPUT_BUFFER
- 1] = 0;
1428 case 's': /* string or substring */
1429 strncpy (string_expect
, optarg
, MAX_INPUT_BUFFER
- 1);
1430 string_expect
[MAX_INPUT_BUFFER
- 1] = 0;
1432 case 'e': /* string or substring */
1433 strncpy (server_expect
, optarg
, MAX_INPUT_BUFFER
- 1);
1434 server_expect
[MAX_INPUT_BUFFER
- 1] = 0;
1435 server_expect_yn
= 1;
1437 case 'T': /* Content-type */
1438 http_content_type
= strdup (optarg
);
1440 case 'l': /* linespan */
1441 cflags
&= ~REG_NEWLINE
;
1443 case 'R': /* regex */
1444 cflags
|= REG_ICASE
;
1445 case 'r': /* regex */
1446 strncpy (regexp
, optarg
, MAX_RE_SIZE
- 1);
1447 regexp
[MAX_RE_SIZE
- 1] = 0;
1448 errcode
= regcomp (&preg
, regexp
, cflags
);
1450 (void) regerror (errcode
, &preg
, errbuf
, MAX_INPUT_BUFFER
);
1451 printf (_("Could Not Compile Regular Expression: %s"), errbuf
);
1459 address_family
= AF_INET
;
1462 #if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
1463 address_family
= AF_INET6
;
1465 usage4 (_("IPv6 support not available"));
1468 case 'm': /* min_page_length */
1471 if (strchr(optarg
, ':') != (char *)NULL
) {
1472 /* range, so get two values, min:max */
1473 tmp
= strtok(optarg
, ":");
1475 printf("Bad format: try \"-m min:max\"\n");
1476 exit (STATE_WARNING
);
1478 min_page_len
= atoi(tmp
);
1480 tmp
= strtok(NULL
, ":");
1482 printf("Bad format: try \"-m min:max\"\n");
1483 exit (STATE_WARNING
);
1485 max_page_len
= atoi(tmp
);
1487 min_page_len
= atoi (optarg
);
1490 case 'N': /* no-body */
1493 case 'M': /* max-age */
1495 int L
= strlen(optarg
);
1496 if (L
&& optarg
[L
-1] == 'm')
1497 maximum_age
= atoi (optarg
) * 60;
1498 else if (L
&& optarg
[L
-1] == 'h')
1499 maximum_age
= atoi (optarg
) * 60 * 60;
1500 else if (L
&& optarg
[L
-1] == 'd')
1501 maximum_age
= atoi (optarg
) * 60 * 60 * 24;
1502 else if (L
&& (optarg
[L
-1] == 's' ||
1503 isdigit (optarg
[L
-1])))
1504 maximum_age
= atoi (optarg
);
1506 fprintf (stderr
, "unparsable max-age: %s\n", optarg
);
1507 exit (STATE_WARNING
);
1510 printf ("* Maximal age of document set to %d seconds\n", maximum_age
);
1513 case 'E': /* show extended perfdata */
1514 show_extended_perfdata
= TRUE
;
1516 case HTTP_VERSION_OPTION
:
1517 curl_http_version
= CURL_HTTP_VERSION_NONE
;
1518 if (strcmp (optarg
, "1.0") == 0) {
1519 curl_http_version
= CURL_HTTP_VERSION_1_0
;
1520 } else if (strcmp (optarg
, "1.1") == 0) {
1521 curl_http_version
= CURL_HTTP_VERSION_1_1
;
1522 } else if ((strcmp (optarg
, "2.0") == 0) || (strcmp (optarg
, "2") == 0)) {
1523 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0)
1524 curl_http_version
= CURL_HTTP_VERSION_2_0
;
1526 curl_http_version
= CURL_HTTP_VERSION_NONE
;
1527 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
1529 fprintf (stderr
, "unkown http-version parameter: %s\n", optarg
);
1530 exit (STATE_WARNING
);
1534 /* print short usage statement if args not parsable */
1542 if (server_address
== NULL
&& c
< argc
)
1543 server_address
= strdup (argv
[c
++]);
1545 if (host_name
== NULL
&& c
< argc
)
1546 host_name
= strdup (argv
[c
++]);
1548 if (server_address
== NULL
) {
1549 if (host_name
== NULL
)
1550 usage4 (_("You must specify a server address or host name"));
1552 server_address
= strdup (host_name
);
1555 set_thresholds(&thlds
, warning_thresholds
, critical_thresholds
);
1557 if (critical_thresholds
&& thlds
->critical
->end
>(double)socket_timeout
)
1558 socket_timeout
= (int)thlds
->critical
->end
+ 1;
1560 printf ("* Socket timeout set to %ld seconds\n", socket_timeout
);
1562 if (http_method
== NULL
)
1563 http_method
= strdup ("GET");
1565 if (client_cert
&& !client_privkey
)
1566 usage4 (_("If you use a client certificate you must also specify a private key file"));
1568 if (virtual_port
== 0)
1569 virtual_port
= server_port
;
1571 if ((use_ssl
&& server_port
== HTTPS_PORT
) || (!use_ssl
&& server_port
== HTTP_PORT
))
1572 if(specify_port
== FALSE
)
1573 server_port
= virtual_port
;
1579 char *perfd_time (double elapsed_time
)
1581 return fperfdata ("time", elapsed_time
, "s",
1582 thlds
->warning
?TRUE
:FALSE
, thlds
->warning
?thlds
->warning
->end
:0,
1583 thlds
->critical
?TRUE
:FALSE
, thlds
->critical
?thlds
->critical
->end
:0,
1584 TRUE
, 0, TRUE
, socket_timeout
);
1587 char *perfd_time_connect (double elapsed_time_connect
)
1589 return fperfdata ("time_connect", elapsed_time_connect
, "s", FALSE
, 0, FALSE
, 0, FALSE
, 0, TRUE
, socket_timeout
);
1592 char *perfd_time_ssl (double elapsed_time_ssl
)
1594 return fperfdata ("time_ssl", elapsed_time_ssl
, "s", FALSE
, 0, FALSE
, 0, FALSE
, 0, TRUE
, socket_timeout
);
1597 char *perfd_time_headers (double elapsed_time_headers
)
1599 return fperfdata ("time_headers", elapsed_time_headers
, "s", FALSE
, 0, FALSE
, 0, FALSE
, 0, TRUE
, socket_timeout
);
1602 char *perfd_time_firstbyte (double elapsed_time_firstbyte
)
1604 return fperfdata ("time_firstbyte", elapsed_time_firstbyte
, "s", FALSE
, 0, FALSE
, 0, FALSE
, 0, TRUE
, socket_timeout
);
1607 char *perfd_time_transfer (double elapsed_time_transfer
)
1609 return fperfdata ("time_transfer", elapsed_time_transfer
, "s", FALSE
, 0, FALSE
, 0, FALSE
, 0, TRUE
, socket_timeout
);
1612 char *perfd_size (int page_len
)
1614 return perfdata ("size", page_len
, "B",
1615 (min_page_len
>0?TRUE
:FALSE
), min_page_len
,
1616 (min_page_len
>0?TRUE
:FALSE
), 0,
1623 print_revision (progname
, NP_VERSION
);
1625 printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
1626 printf (COPYRIGHT
, copyright
, email
);
1628 printf ("%s\n", _("This plugin tests the HTTP service on the specified host. It can test"));
1629 printf ("%s\n", _("normal (http) and secure (https) servers, follow redirects, search for"));
1630 printf ("%s\n", _("strings and regular expressions, check connection times, and report on"));
1631 printf ("%s\n", _("certificate expiration times."));
1633 printf ("%s\n", _("It makes use of libcurl to do so. It tries to be as compatible to check_http"));
1634 printf ("%s\n", _("as possible."));
1640 printf (_("NOTE: One or both of -H and -I must be specified"));
1644 printf (UT_HELP_VRSN
);
1645 printf (UT_EXTRA_OPTS
);
1647 printf (" %s\n", "-H, --hostname=ADDRESS");
1648 printf (" %s\n", _("Host name argument for servers using host headers (virtual host)"));
1649 printf (" %s\n", _("Append a port to include it in the header (eg: example.com:5000)"));
1650 printf (" %s\n", "-I, --IP-address=ADDRESS");
1651 printf (" %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup)."));
1652 printf (" %s\n", "-p, --port=INTEGER");
1653 printf (" %s", _("Port number (default: "));
1654 printf ("%d)\n", HTTP_PORT
);
1658 #ifdef LIBCURL_FEATURE_SSL
1659 printf (" %s\n", "-S, --ssl=VERSION[+]");
1660 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1661 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
1662 printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
1663 printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
1664 printf (" %s\n", "--sni");
1665 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1666 #if LIBCURL_VERSION_NUM >= 0x071801
1667 printf (" %s\n", _("Note: --sni is the default in libcurl as SSLv2 and SSLV3 are deprecated and"));
1668 printf (" %s\n", _(" SNI only really works since TLSv1.0"));
1670 printf (" %s\n", _("Note: SNI is not supported in libcurl before 7.18.1"));
1672 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
1673 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
1674 printf (" %s\n", _("(when this option is used the URL is not checked.)"));
1675 printf (" %s\n", "-J, --client-cert=FILE");
1676 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
1677 printf (" %s\n", _("to be used in establishing the SSL session"));
1678 printf (" %s\n", "-K, --private-key=FILE");
1679 printf (" %s\n", _("Name of file containing the private key (PEM format)"));
1680 printf (" %s\n", _("matching the client certificate"));
1681 printf (" %s\n", "--ca-cert=FILE");
1682 printf (" %s\n", _("CA certificate file to verify peer against"));
1685 printf (" %s\n", "-e, --expect=STRING");
1686 printf (" %s\n", _("Comma-delimited list of strings, at least one of them is expected in"));
1687 printf (" %s", _("the first (status) line of the server response (default: "));
1688 printf ("%s)\n", HTTP_EXPECT
);
1689 printf (" %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)"));
1690 printf (" %s\n", "-d, --header-string=STRING");
1691 printf (" %s\n", _("String to expect in the response headers"));
1692 printf (" %s\n", "-s, --string=STRING");
1693 printf (" %s\n", _("String to expect in the content"));
1694 printf (" %s\n", "-u, --url=PATH");
1695 printf (" %s\n", _("URL to GET or POST (default: /)"));
1696 printf (" %s\n", "-P, --post=STRING");
1697 printf (" %s\n", _("URL encoded http POST data"));
1698 printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
1699 printf (" %s\n", _("Set HTTP method."));
1700 printf (" %s\n", "-N, --no-body");
1701 printf (" %s\n", _("Don't wait for document body: stop reading after headers."));
1702 printf (" %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)"));
1703 printf (" %s\n", "-M, --max-age=SECONDS");
1704 printf (" %s\n", _("Warn if document is more than SECONDS old. the number can also be of"));
1705 printf (" %s\n", _("the form \"10m\" for minutes, \"10h\" for hours, or \"10d\" for days."));
1706 printf (" %s\n", "-T, --content-type=STRING");
1707 printf (" %s\n", _("specify Content-Type header media type when POSTing\n"));
1708 printf (" %s\n", "-l, --linespan");
1709 printf (" %s\n", _("Allow regex to span newlines (must precede -r or -R)"));
1710 printf (" %s\n", "-r, --regex, --ereg=STRING");
1711 printf (" %s\n", _("Search page for regex STRING"));
1712 printf (" %s\n", "-R, --eregi=STRING");
1713 printf (" %s\n", _("Search page for case-insensitive regex STRING"));
1714 printf (" %s\n", "--invert-regex");
1715 printf (" %s\n", _("Return CRITICAL if found, OK if not\n"));
1716 printf (" %s\n", "-a, --authorization=AUTH_PAIR");
1717 printf (" %s\n", _("Username:password on sites with basic authentication"));
1718 printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
1719 printf (" %s\n", _("Username:password on proxy-servers with basic authentication"));
1720 printf (" %s\n", "-A, --useragent=STRING");
1721 printf (" %s\n", _("String to be sent in http header as \"User Agent\""));
1722 printf (" %s\n", "-k, --header=STRING");
1723 printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
1724 printf (" %s\n", "-E, --extended-perfdata");
1725 printf (" %s\n", _("Print additional performance data"));
1726 printf (" %s\n", "-L, --link");
1727 printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
1728 printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport|curl>");
1729 printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
1730 printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same."));
1731 printf (" %s\n", _("follow uses the old redirection algorithm of check_http."));
1732 printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl."));
1733 printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
1734 printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
1736 printf (" %s\n", "--http-version=VERSION");
1737 printf (" %s\n", _("Connect via specific HTTP protocol."));
1738 printf (" %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
1741 printf (UT_WARN_CRIT
);
1743 printf (UT_CONN_TIMEOUT
, DEFAULT_SOCKET_TIMEOUT
);
1745 printf (UT_VERBOSE
);
1748 printf ("%s\n", _("Notes:"));
1749 printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
1750 printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
1751 printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect response"));
1752 printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are"));
1753 printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
1754 printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
1756 #ifdef LIBCURL_FEATURE_SSL
1758 printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to"));
1759 printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 "));
1760 printf (" %s\n", _("certificate is still valid for the specified number of days."));
1762 printf (" %s\n", _("Please note that this plugin does not check if the presented server"));
1763 printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate"));
1764 printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
1766 printf ("%s\n", _("Examples:"));
1767 printf (" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
1768 printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
1769 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
1770 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
1771 printf (" %s\n", _("a STATE_CRITICAL will be returned."));
1773 printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14");
1774 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
1775 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1776 printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
1777 printf (" %s\n\n", _("the certificate is expired."));
1779 printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14");
1780 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
1781 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1782 printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
1783 printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
1786 printf ("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:");
1787 printf (" %s\n", _("It is recommended to use an environment proxy like:"));
1788 printf (" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org"));
1789 printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
1790 printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ -H www.monitoring-plugins.org"));
1792 #ifdef LIBCURL_FEATURE_SSL
1793 printf ("\n %s\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
1794 printf (" %s\n", _("It is recommended to use an environment proxy like:"));
1795 printf (" %s\n", _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S"));
1796 printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
1797 printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
1798 printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
1799 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
1800 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
1801 printf (" %s\n", _("a STATE_CRITICAL will be returned."));
1805 printf (UT_SUPPORT
);
1814 printf ("%s\n", _("Usage:"));
1815 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname
);
1816 printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>]\n");
1817 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
1818 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
1819 printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
1820 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
1821 printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
1822 printf (" [-T <content-type>] [-j method]\n");
1823 printf (" [--http-version=<version>]\n");
1825 printf ("%s\n", _("WARNING: check_curl is experimental. Please use"));
1826 printf ("%s\n\n", _("check_http if you need a stable version."));
1830 print_curl_version (void)
1832 printf( "%s\n", curl_version());
1836 curlhelp_initwritebuffer (curlhelp_write_curlbuf
*buf
)
1838 buf
->bufsize
= DEFAULT_BUFFER_SIZE
;
1840 buf
->buf
= (char *)malloc ((size_t)buf
->bufsize
);
1841 if (buf
->buf
== NULL
) return -1;
1846 curlhelp_buffer_write_callback (void *buffer
, size_t size
, size_t nmemb
, void *stream
)
1848 curlhelp_write_curlbuf
*buf
= (curlhelp_write_curlbuf
*)stream
;
1850 while (buf
->bufsize
< buf
->buflen
+ size
* nmemb
+ 1) {
1851 buf
->bufsize
*= buf
->bufsize
* 2;
1852 buf
->buf
= (char *)realloc (buf
->buf
, buf
->bufsize
);
1853 if (buf
->buf
== NULL
) return -1;
1856 memcpy (buf
->buf
+ buf
->buflen
, buffer
, size
* nmemb
);
1857 buf
->buflen
+= size
* nmemb
;
1858 buf
->buf
[buf
->buflen
] = '\0';
1860 return (int)(size
* nmemb
);
1864 curlhelp_buffer_read_callback (void *buffer
, size_t size
, size_t nmemb
, void *stream
)
1866 curlhelp_read_curlbuf
*buf
= (curlhelp_read_curlbuf
*)stream
;
1868 size_t n
= min (nmemb
* size
, buf
->buflen
- buf
->pos
);
1870 memcpy (buffer
, buf
->buf
+ buf
->pos
, n
);
1877 curlhelp_freewritebuffer (curlhelp_write_curlbuf
*buf
)
1884 curlhelp_initreadbuffer (curlhelp_read_curlbuf
*buf
, const char *data
, size_t datalen
)
1886 buf
->buflen
= datalen
;
1887 buf
->buf
= (char *)malloc ((size_t)buf
->buflen
);
1888 if (buf
->buf
== NULL
) return -1;
1889 memcpy (buf
->buf
, data
, datalen
);
1895 curlhelp_freereadbuffer (curlhelp_read_curlbuf
*buf
)
1901 /* TODO: where to put this, it's actually part of sstrings2 (logically)?
1904 strrstr2(const char *haystack
, const char *needle
)
1908 const char *prev_pos
;
1911 if (haystack
== NULL
|| needle
== NULL
)
1914 if (haystack
[0] == '\0' || needle
[0] == '\0')
1920 len
= strlen (needle
);
1922 pos
= strstr (pos
, needle
);
1932 if (*pos
== '\0') return prev_pos
;
1937 curlhelp_parse_statusline (const char *buf
, curlhelp_statusline
*status_line
)
1939 char *first_line_end
;
1941 size_t first_line_len
;
1944 char *first_line_buf
;
1946 /* find last start of a new header */
1947 start
= strrstr2 (buf
, "\r\nHTTP");
1948 if (start
!= NULL
) {
1953 first_line_end
= strstr(buf
, "\r\n");
1954 if (first_line_end
== NULL
) return -1;
1956 first_line_len
= (size_t)(first_line_end
- buf
);
1957 status_line
->first_line
= (char *)malloc (first_line_len
+ 1);
1958 if (status_line
->first_line
== NULL
) return -1;
1959 memcpy (status_line
->first_line
, buf
, first_line_len
);
1960 status_line
->first_line
[first_line_len
] = '\0';
1961 first_line_buf
= strdup( status_line
->first_line
);
1963 /* protocol and version: "HTTP/x.x" SP or "HTTP/2" SP */
1965 p
= strtok(first_line_buf
, "/");
1966 if( p
== NULL
) { free( first_line_buf
); return -1; }
1967 if( strcmp( p
, "HTTP" ) != 0 ) { free( first_line_buf
); return -1; }
1969 p
= strtok( NULL
, " " );
1970 if( p
== NULL
) { free( first_line_buf
); return -1; }
1971 if( strchr( p
, '.' ) != NULL
) {
1975 ppp
= strtok( p
, "." );
1976 status_line
->http_major
= (int)strtol( p
, &pp
, 10 );
1977 if( *pp
!= '\0' ) { free( first_line_buf
); return -1; }
1978 ppp
= strtok( NULL
, " " );
1979 status_line
->http_minor
= (int)strtol( p
, &pp
, 10 );
1980 if( *pp
!= '\0' ) { free( first_line_buf
); return -1; }
1981 p
+= 4; /* 1.x SP */
1984 status_line
->http_major
= (int)strtol( p
, &pp
, 10 );
1985 status_line
->http_minor
= 0;
1989 /* status code: "404" or "404.1", then SP */
1991 p
= strtok( p
, " " );
1992 if( p
== NULL
) { free( first_line_buf
); return -1; }
1993 if( strchr( p
, '.' ) != NULL
) {
1995 ppp
= strtok( p
, "." );
1996 status_line
->http_code
= (int)strtol( ppp
, &pp
, 10 );
1997 if( *pp
!= '\0' ) { free( first_line_buf
); return -1; }
1998 ppp
= strtok( NULL
, "" );
1999 status_line
->http_subcode
= (int)strtol( ppp
, &pp
, 10 );
2000 if( *pp
!= '\0' ) { free( first_line_buf
); return -1; }
2001 p
+= 6; /* 400.1 SP */
2003 status_line
->http_code
= (int)strtol( p
, &pp
, 10 );
2004 status_line
->http_subcode
= -1;
2005 if( *pp
!= '\0' ) { free( first_line_buf
); return -1; }
2006 p
+= 4; /* 400 SP */
2009 /* Human readable message: "Not Found" CRLF */
2011 p
= strtok( p
, "" );
2012 if( p
== NULL
) { status_line
->msg
= ""; return 0; }
2013 status_line
->msg
= status_line
->first_line
+ ( p
- first_line_buf
);
2014 free( first_line_buf
);
2020 curlhelp_free_statusline (curlhelp_statusline
*status_line
)
2022 free (status_line
->first_line
);
2026 remove_newlines (char *s
)
2030 for (p
= s
; *p
!= '\0'; p
++)
2031 if (*p
== '\r' || *p
== '\n')
2036 get_header_value (const struct phr_header
* headers
, const size_t nof_headers
, const char* header
)
2039 for( i
= 0; i
< nof_headers
; i
++ ) {
2040 if( strncasecmp( header
, headers
[i
].name
, max( headers
[i
].name_len
, 4 ) ) == 0 ) {
2041 return strndup( headers
[i
].value
, headers
[i
].value_len
);
2048 check_document_dates (const curlhelp_write_curlbuf
*header_buf
, char (*msg
)[DEFAULT_BUFFER_SIZE
])
2050 char *server_date
= NULL
;
2051 char *document_date
= NULL
;
2052 int date_result
= STATE_OK
;
2053 curlhelp_statusline status_line
;
2054 struct phr_header headers
[255];
2055 size_t nof_headers
= 255;
2058 int res
= phr_parse_response (header_buf
->buf
, header_buf
->buflen
,
2059 &status_line
.http_minor
, &status_line
.http_code
, &status_line
.msg
, &msglen
,
2060 headers
, &nof_headers
, 0);
2062 server_date
= get_header_value (headers
, nof_headers
, "date");
2063 document_date
= get_header_value (headers
, nof_headers
, "last-modified");
2065 if (!server_date
|| !*server_date
) {
2066 snprintf (*msg
, DEFAULT_BUFFER_SIZE
, _("%sServer date unknown, "), *msg
);
2067 date_result
= max_state_alt(STATE_UNKNOWN
, date_result
);
2068 } else if (!document_date
|| !*document_date
) {
2069 snprintf (*msg
, DEFAULT_BUFFER_SIZE
, _("%sDocument modification date unknown, "), *msg
);
2070 date_result
= max_state_alt(STATE_CRITICAL
, date_result
);
2072 time_t srv_data
= curl_getdate (server_date
, NULL
);
2073 time_t doc_data
= curl_getdate (document_date
, NULL
);
2075 printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date
, (int)srv_data
, document_date
, (int)doc_data
);
2076 if (srv_data
<= 0) {
2077 snprintf (*msg
, DEFAULT_BUFFER_SIZE
, _("%sServer date \"%100s\" unparsable, "), *msg
, server_date
);
2078 date_result
= max_state_alt(STATE_CRITICAL
, date_result
);
2079 } else if (doc_data
<= 0) {
2080 snprintf (*msg
, DEFAULT_BUFFER_SIZE
, _("%sDocument date \"%100s\" unparsable, "), *msg
, document_date
);
2081 date_result
= max_state_alt(STATE_CRITICAL
, date_result
);
2082 } else if (doc_data
> srv_data
+ 30) {
2083 snprintf (*msg
, DEFAULT_BUFFER_SIZE
, _("%sDocument is %d seconds in the future, "), *msg
, (int)doc_data
- (int)srv_data
);
2084 date_result
= max_state_alt(STATE_CRITICAL
, date_result
);
2085 } else if (doc_data
< srv_data
- maximum_age
) {
2086 int n
= (srv_data
- doc_data
);
2087 if (n
> (60 * 60 * 24 * 2)) {
2088 snprintf (*msg
, DEFAULT_BUFFER_SIZE
, _("%sLast modified %.1f days ago, "), *msg
, ((float) n
) / (60 * 60 * 24));
2089 date_result
= max_state_alt(STATE_CRITICAL
, date_result
);
2091 snprintf (*msg
, DEFAULT_BUFFER_SIZE
, _("%sLast modified %d:%02d:%02d ago, "), *msg
, n
/ (60 * 60), (n
/ 60) % 60, n
% 60);
2092 date_result
= max_state_alt(STATE_CRITICAL
, date_result
);
2097 if (server_date
) free (server_date
);
2098 if (document_date
) free (document_date
);
2105 get_content_length (const curlhelp_write_curlbuf
* header_buf
, const curlhelp_write_curlbuf
* body_buf
)
2108 int content_length
= 0;
2110 struct phr_header headers
[255];
2111 size_t nof_headers
= 255;
2113 char *content_length_s
= NULL
;
2114 curlhelp_statusline status_line
;
2116 int res
= phr_parse_response (header_buf
->buf
, header_buf
->buflen
,
2117 &status_line
.http_minor
, &status_line
.http_code
, &status_line
.msg
, &msglen
,
2118 headers
, &nof_headers
, 0);
2120 content_length_s
= get_header_value (headers
, nof_headers
, "content-length");
2121 if (!content_length_s
) {
2122 return header_buf
->buflen
+ body_buf
->buflen
;
2124 content_length_s
+= strspn (content_length_s
, " \t");
2125 content_length
= atoi (content_length_s
);
2126 if (content_length
!= body_buf
->buflen
) {
2127 /* TODO: should we warn if the actual and the reported body length don't match? */
2130 if (content_length_s
) free (content_length_s
);
2132 return header_buf
->buflen
+ body_buf
->buflen
;
2135 /* TODO: is there a better way in libcurl to check for the SSL library? */
2136 curlhelp_ssl_library
2137 curlhelp_get_ssl_library (CURL
* curl
)
2139 curl_version_info_data
* version_data
;
2142 curlhelp_ssl_library ssl_library
= CURLHELP_SSL_LIBRARY_UNKNOWN
;
2144 version_data
= curl_version_info (CURLVERSION_NOW
);
2145 if (version_data
== NULL
) return CURLHELP_SSL_LIBRARY_UNKNOWN
;
2147 ssl_version
= strdup (version_data
->ssl_version
);
2148 if (ssl_version
== NULL
) return CURLHELP_SSL_LIBRARY_UNKNOWN
;
2150 library
= strtok (ssl_version
, "/");
2151 if (library
== NULL
) return CURLHELP_SSL_LIBRARY_UNKNOWN
;
2153 if (strcmp (library
, "OpenSSL") == 0)
2154 ssl_library
= CURLHELP_SSL_LIBRARY_OPENSSL
;
2155 else if (strcmp (library
, "LibreSSL") == 0)
2156 ssl_library
= CURLHELP_SSL_LIBRARY_LIBRESSL
;
2157 else if (strcmp (library
, "GnuTLS") == 0)
2158 ssl_library
= CURLHELP_SSL_LIBRARY_GNUTLS
;
2159 else if (strcmp (library
, "NSS") == 0)
2160 ssl_library
= CURLHELP_SSL_LIBRARY_NSS
;
2163 printf ("* SSL library string is : %s %s (%d)\n", version_data
->ssl_version
, library
, ssl_library
);
2171 curlhelp_get_ssl_library_string (curlhelp_ssl_library ssl_library
)
2173 switch (ssl_library
) {
2174 case CURLHELP_SSL_LIBRARY_OPENSSL
:
2176 case CURLHELP_SSL_LIBRARY_LIBRESSL
:
2178 case CURLHELP_SSL_LIBRARY_GNUTLS
:
2180 case CURLHELP_SSL_LIBRARY_NSS
:
2182 case CURLHELP_SSL_LIBRARY_UNKNOWN
:
2188 #ifdef LIBCURL_FEATURE_SSL
2191 parse_cert_date (const char *s
)
2199 /* Jan 17 14:25:12 2020 GMT */
2200 res
= strptime (s
, "%Y-%m-%d %H:%M:%S GMT", &tm
);
2201 /* Sep 11 12:00:00 2020 GMT */
2202 if (res
== NULL
) strptime (s
, "%Y %m %d %H:%M:%S GMT", &tm
);
2203 date
= mktime (&tm
);
2208 /* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to
2209 * OpenSSL could be this function
2212 net_noopenssl_check_certificate (cert_ptr_union
* cert_ptr
, int days_till_exp_warn
, int days_till_exp_crit
)
2215 struct curl_slist
* slist
;
2216 int cname_found
= 0;
2217 char* start_date_str
= NULL
;
2218 char* end_date_str
= NULL
;
2225 char timestamp
[50] = "";
2226 int status
= STATE_UNKNOWN
;
2229 printf ("**** REQUEST CERTIFICATES ****\n");
2231 for (i
= 0; i
< cert_ptr
->to_certinfo
->num_of_certs
; i
++) {
2232 for (slist
= cert_ptr
->to_certinfo
->certinfo
[i
]; slist
; slist
= slist
->next
) {
2233 /* find first common name in subject,
2234 * TODO: check alternative subjects for
2235 * TODO: have a decent parser here and not a hack
2236 * multi-host certificate, check wildcards
2238 if (strncasecmp (slist
->data
, "Subject:", 8) == 0) {
2240 char* p
= strstr (slist
->data
, "CN=");
2243 p
= strstr (slist
->data
, "CN = ");
2246 if (strncmp (host_name
, p
+d
, strlen (host_name
)) == 0) {
2250 } else if (strncasecmp (slist
->data
, "Start Date:", 11) == 0) {
2251 start_date_str
= &slist
->data
[11];
2252 } else if (strncasecmp (slist
->data
, "Expire Date:", 12) == 0) {
2253 end_date_str
= &slist
->data
[12];
2254 } else if (strncasecmp (slist
->data
, "Cert:", 5) == 0) {
2255 goto HAVE_FIRST_CERT
;
2258 printf ("%d ** %s\n", i
, slist
->data
);
2264 printf ("**** REQUEST CERTIFICATES ****\n");
2267 printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
2268 return STATE_CRITICAL
;
2271 start_date
= parse_cert_date (start_date_str
);
2272 if (start_date
<= 0) {
2273 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("WARNING - Unparsable 'Start Date' in certificate: '%s'"),
2276 return STATE_WARNING
;
2279 end_date
= parse_cert_date (end_date_str
);
2280 if (end_date
<= 0) {
2281 snprintf (msg
, DEFAULT_BUFFER_SIZE
, _("WARNING - Unparsable 'Expire Date' in certificate: '%s'"),
2284 return STATE_WARNING
;
2287 time_left
= difftime (end_date
, time(NULL
));
2288 days_left
= time_left
/ 86400;
2290 setenv("TZ", "GMT", 1);
2292 strftime(timestamp
, 50, "%c %z", localtime(&end_date
));
2294 setenv("TZ", tz
, 1);
2299 if (days_left
> 0 && days_left
<= days_till_exp_warn
) {
2300 printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left
>days_till_exp_crit
)?"WARNING":"CRITICAL", host_name
, days_left
, timestamp
);
2301 if (days_left
> days_till_exp_crit
)
2302 status
= STATE_WARNING
;
2304 status
= STATE_CRITICAL
;
2305 } else if (days_left
== 0 && time_left
> 0) {
2306 if (time_left
>= 3600)
2307 time_remaining
= (int) time_left
/ 3600;
2309 time_remaining
= (int) time_left
/ 60;
2311 printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
2312 (days_left
>days_till_exp_crit
) ? "WARNING" : "CRITICAL", host_name
, time_remaining
,
2313 time_left
>= 3600 ? "hours" : "minutes", timestamp
);
2315 if ( days_left
> days_till_exp_crit
)
2316 status
= STATE_WARNING
;
2318 status
= STATE_CRITICAL
;
2319 } else if (time_left
< 0) {
2320 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), host_name
, timestamp
);
2321 status
=STATE_CRITICAL
;
2322 } else if (days_left
== 0) {
2323 printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left
>days_till_exp_crit
)?"WARNING":"CRITICAL", host_name
, timestamp
);
2324 if (days_left
> days_till_exp_crit
)
2325 status
= STATE_WARNING
;
2327 status
= STATE_CRITICAL
;
2329 printf(_("OK - Certificate '%s' will expire on %s.\n"), host_name
, timestamp
);
2334 #endif /* USE_OPENSSL */
2335 #endif /* LIBCURL_FEATURE_SSL */