diff --git a/debian/changelog b/debian/changelog index 91a75b3..0b71f3c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ nagios-plugins (1.4.14-4) UNRELEASED; urgency=low - Provide symlinks from other packages * Remove debian/TODO cause it't totally outdated * Add 44_check_snmp_perfdata.dpatch to fix regression related perfdata + * Add 45_check_http_sni_optional.dpatch to fix regression related ssl/sni + checks -- Jan Wagner Wed, 24 Mar 2010 20:24:51 +0100 diff --git a/debian/patches/00list b/debian/patches/00list index 197dad3..758c328 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -20,3 +20,4 @@ 42_check_linux_raid_fix_r10.dpatch 43_check_http_large_pages_mleak.dpatch 44_check_snmp_perfdata.dpatch +45_check_http_sni_optional.dpatch diff --git a/debian/patches/45_check_http_sni_optional.dpatch b/debian/patches/45_check_http_sni_optional.dpatch new file mode 100644 index 0000000..86073fc --- /dev/null +++ b/debian/patches/45_check_http_sni_optional.dpatch @@ -0,0 +1,77 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 45_check_http_sni_optional.dpatch +## From: Thomas Guyot-Sionnest +## Date: Date: Mon Apr 5 21:06:22 2010 -0400 +## Subject: [PATCH] Fix regression in check_http ssl checks on some servers, making SNI an option +## X-Git-Url: http://repo.or.cz/w/nagiosplugins.git/blobdiff/e5690e3ddaebdd98bfd96c2303453e4e0d7ed318..fe1c6106d9fb45e62b93443145f902a3449641aa:/plugins/check_http.c +## +## DP: Fix regression in check_http ssl checks + +@DPATCH@ + +diff --git a/plugins/check_http.c b/plugins/check_http.c +index 5cdf144..536b400 100644 +--- a/plugins/check_http.c ++++ b/plugins/check_http.c +@@ -112,6 +112,7 @@ int http_opt_headers_count = 0; + int onredirect = STATE_OK; + int followsticky = STICKY_NONE; + int use_ssl = FALSE; ++int use_sni = FALSE; + int verbose = FALSE; + int sd; + int min_page_len = 0; +@@ -178,7 +179,8 @@ process_arguments (int argc, char **argv) + char *p; + + enum { +- INVERT_REGEX = CHAR_MAX + 1 ++ INVERT_REGEX = CHAR_MAX + 1, ++ SNI_OPTION + }; + + int option = 0; +@@ -187,6 +189,7 @@ process_arguments (int argc, char **argv) + {"link", no_argument, 0, 'L'}, + {"nohtml", no_argument, 0, 'n'}, + {"ssl", no_argument, 0, 'S'}, ++ {"sni", no_argument, 0, SNI_OPTION}, + {"post", required_argument, 0, 'P'}, + {"method", required_argument, 0, 'j'}, + {"IP-address", required_argument, 0, 'I'}, +@@ -304,6 +307,9 @@ process_arguments (int argc, char **argv) + if (specify_port == FALSE) + server_port = HTTPS_PORT; + break; ++ case SNI_OPTION: ++ use_sni = TRUE; ++ break; + case 'f': /* onredirect */ + if (!strcmp (optarg, "stickyport")) + onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; +@@ -797,7 +803,7 @@ check_http (void) + die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); + #ifdef HAVE_SSL + if (use_ssl == TRUE) { +- np_net_ssl_init_with_hostname(sd, host_name); ++ np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); + if (check_cert == TRUE) { + result = np_net_ssl_check_cert(days_till_exp); + np_net_ssl_cleanup(); +@@ -1323,6 +1329,8 @@ print_help (void) + #ifdef HAVE_SSL + printf (" %s\n", "-S, --ssl"); + printf (" %s\n", _("Connect via SSL. Port defaults to 443")); ++ printf (" %s\n", "--sni"); ++ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); + printf (" %s\n", "-C, --certificate=INTEGER"); + printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); + printf (" %s\n", _("(when this option is used the URL is not checked.)\n")); +@@ -1427,5 +1435,6 @@ print_usage (void) + printf (" [-b proxy_auth] [-f ]\n"); + printf (" [-e ] [-s string] [-l] [-r | -R ]\n"); + printf (" [-P string] [-m :] [-4|-6] [-N] [-M ]\n"); +- printf (" [-A string] [-k string] [-S] [-C ] [-T ] [-j method]\n"); ++ printf (" [-A string] [-k string] [-S] [--sni] [-C ] [-T ]\n"); ++ printf (" [-j method]\n"); + }