Merge branch 'development'

debian/patches/18_check_curl_fix_TLS_notes

@@ -0,0 +1,21 @@
+From 8de299308c52d083b893a87e6924405b652f1f7b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lorenz=20K=C3=A4stle?=
+ <12514511+RincewindsHat@users.noreply.github.com>
+Date: Wed, 27 Nov 2024 14:22:02 +0100
+Subject: [PATCH] check_curl: update TLS notification notes
+
+---
+ plugins/check_curl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -2013,7 +2013,7 @@
+   printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
+   printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+   printf ("    %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted."));
+-  printf ("    %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
++  printf ("    %s\n", _("Note: SSLv2, SSLv3, TLSv1.0 and TLSv1.1 are deprecated and are usually disabled in libcurl"));
+   printf (" %s\n", "--sni");
+   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+ #if LIBCURL_VERSION_NUM >= 0x071801

debian/patches/19_check_curl_cookie_handling

@@ -0,0 +1,46 @@
+From 191d15354ba32a483fd4f8017595c7eb82ee5650 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andre=20Kl=C3=A4rner?= <kandre@ak-online.be>
+Date: Fri, 29 Nov 2024 10:34:16 +0100
+Subject: [PATCH] check_curl: enable internal cookie handling
+
+This enables us to enable curl cookie engine by specifying an empty
+filename as the cookie jar file.
+
+This works, since curl's CURLOPT_COOKIEFILE option allows passing an
+empty string as filename, which it interprets as a request to enable the
+cookie processing. But since CURLOPT_COOKIEJAR would now attempt to
+write to a file named by an empty filename, it would break again (or at
+least produce a warning in verbose output).
+
+Overall this is allows to handle checking URLs with cookie based
+sessions without persisting the cookies to disk, by using the
+curl-internal redirect following.
+---
+ plugins/check_curl.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/plugins/check_curl.c
++++ b/plugins/check_curl.c
+@@ -831,8 +831,11 @@
+ 
+   /* cookie handling */
+   if (cookie_jar_file != NULL) {
+-    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
++    /* enable reading cookies from a file, and if the filename is an empty string, only enable the curl cookie engine */
+     handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE");
++    /* now enable saving cookies to a file, but only if the filename is not an empty string, since writing it would fail */
++    if (*cookie_jar_file)
++      handle_curl_option_return_code(curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
+   }
+ 
+   /* do the request */
+@@ -2111,6 +2114,9 @@
+   printf(" %s\n", "--haproxy-protocol");
+   printf("    %s\n", _("Send HAProxy proxy protocol v1 header (CURLOPT_HAPROXYPROTOCOL)."));
+   printf (" %s\n", "--cookie-jar=FILE");
++  printf ("    %s\n", _("Specify an empty string as FILE to enable curl's cookie engine without saving"));
++  printf ("    %s\n", _("the cookies to disk. Only enabling the engine without saving to disk requires"));
++  printf ("    %s\n", _("handling multiple requests internally to curl, so use it with --onredirect=curl"));
+   printf ("    %s\n", _("Store cookies in the cookie jar and send them out when requested."));
+   printf ("\n");
+ 

debian/patches/series

@@ -9,4 +9,6 @@
 15_check_curl_fix_regex
 16_check_curl_openssl_error
 17_check_fping_dontfrag_random
+18_check_curl_fix_TLS_notes
+19_check_curl_cookie_handling
 # feature patches