check_http: fix regression related ssl/sni checks

debian/changelog

@@ -7,6 +7,8 @@ nagios-plugins (1.4.14-4) UNRELEASED; urgency=low
     - Provide symlinks from other packages
   * Remove debian/TODO cause it't totally outdated
   * Add 44_check_snmp_perfdata.dpatch to fix regression related perfdata
+  * Add 45_check_http_sni_optional.dpatch to fix regression related ssl/sni
+    checks
 
  -- Jan Wagner <waja@cyconet.org>  Wed, 24 Mar 2010 20:24:51 +0100
 

debian/patches/00list

@@ -20,3 +20,4 @@
 42_check_linux_raid_fix_r10.dpatch
 43_check_http_large_pages_mleak.dpatch
 44_check_snmp_perfdata.dpatch
+45_check_http_sni_optional.dpatch

debian/patches/45_check_http_sni_optional.dpatch

@@ -0,0 +1,77 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 45_check_http_sni_optional.dpatch
+## From: Thomas Guyot-Sionnest <dermoth@aei.ca>
+## Date: Date:   Mon Apr 5 21:06:22 2010 -0400
+## Subject: [PATCH] Fix regression in check_http ssl checks on some servers, making SNI an option
+## X-Git-Url: http://repo.or.cz/w/nagiosplugins.git/blobdiff/e5690e3ddaebdd98bfd96c2303453e4e0d7ed318..fe1c6106d9fb45e62b93443145f902a3449641aa:/plugins/check_http.c
+##
+## DP: Fix regression in check_http ssl checks
+
+@DPATCH@
+
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index 5cdf144..536b400 100644
+--- a/plugins/check_http.c
++++ b/plugins/check_http.c
+@@ -112,6 +112,7 @@ int http_opt_headers_count = 0;
+ int onredirect = STATE_OK;
+ int followsticky = STICKY_NONE;
+ int use_ssl = FALSE;
++int use_sni = FALSE;
+ int verbose = FALSE;
+ int sd;
+ int min_page_len = 0;
+@@ -178,7 +179,8 @@ process_arguments (int argc, char **argv)
+   char *p;
+ 
+   enum {
+-    INVERT_REGEX = CHAR_MAX + 1
++    INVERT_REGEX = CHAR_MAX + 1,
++    SNI_OPTION
+   };
+ 
+   int option = 0;
+@@ -187,6 +189,7 @@ process_arguments (int argc, char **argv)
+     {"link", no_argument, 0, 'L'},
+     {"nohtml", no_argument, 0, 'n'},
+     {"ssl", no_argument, 0, 'S'},
++    {"sni", no_argument, 0, SNI_OPTION},
+     {"post", required_argument, 0, 'P'},
+     {"method", required_argument, 0, 'j'},
+     {"IP-address", required_argument, 0, 'I'},
+@@ -304,6 +307,9 @@ process_arguments (int argc, char **argv)
+       if (specify_port == FALSE)
+         server_port = HTTPS_PORT;
+       break;
++    case SNI_OPTION:
++      use_sni = TRUE;
++      break;
+     case 'f': /* onredirect */
+       if (!strcmp (optarg, "stickyport"))
+         onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
+@@ -797,7 +803,7 @@ check_http (void)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+ #ifdef HAVE_SSL
+   if (use_ssl == TRUE) {
+-    np_net_ssl_init_with_hostname(sd, host_name);
++    np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
+     if (check_cert == TRUE) {
+       result = np_net_ssl_check_cert(days_till_exp);
+       np_net_ssl_cleanup();
+@@ -1323,6 +1329,8 @@ print_help (void)
+ #ifdef HAVE_SSL
+   printf (" %s\n", "-S, --ssl");
+   printf ("   %s\n", _("Connect via SSL. Port defaults to 443"));
++  printf (" %s\n", "--sni");
++  printf ("   %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+   printf (" %s\n", "-C, --certificate=INTEGER");
+   printf ("   %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+   printf ("   %s\n", _("(when this option is used the URL is not checked.)\n"));
+@@ -1427,5 +1435,6 @@ print_usage (void)
+   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+   printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+-  printf ("       [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
++  printf ("       [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
++  printf ("       [-j method]\n");
+ }