From 8ec63ed5a06cef97ce64b2f5b83e6a742e993df2 Mon Sep 17 00:00:00 2001 From: qgarnier Date: Wed, 3 Jan 2018 14:59:08 +0100 Subject: [PATCH] Fix #825 --- .../apps/nsclient/restapi/mode/query.pm | 5 ++- .../protocols/http/mode/expectedcontent.pm | 5 ++- .../apps/protocols/http/mode/jsoncontent.pm | 5 ++- .../apps/protocols/http/mode/response.pm | 7 ++-- .../apps/protocols/http/mode/soapcontent.pm | 5 ++- centreon-plugins/centreon/plugins/http.pm | 39 ++++++++++++------- 6 files changed, 41 insertions(+), 25 deletions(-) diff --git a/centreon-plugins/apps/nsclient/restapi/mode/query.pm b/centreon-plugins/apps/nsclient/restapi/mode/query.pm index 339d94b71..64f4c6541 100644 --- a/centreon-plugins/apps/nsclient/restapi/mode/query.pm +++ b/centreon-plugins/apps/nsclient/restapi/mode/query.pm @@ -47,6 +47,7 @@ sub new { "proxyurl:s" => { name => 'proxyurl' }, "proxypac:s" => { name => 'proxypac' }, "timeout:s" => { name => 'timeout' }, + "ssl-opt:s@" => { name => 'ssl_opt' }, "ssl:s" => { name => 'ssl' }, "command:s" => { name => 'command' }, "arg:s@" => { name => 'arg' }, @@ -218,9 +219,9 @@ Proxy pac file (can be an url or local file) Threshold for HTTP timeout (Default: 5) -=item B<--ssl> +=item B<--ssl-opt> -Specify SSL version (example : 'sslv3', 'tlsv1'...) +Set SSL Options (--ssl-opt="SSL_version => TLSv1" --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"). =item B<--command> diff --git a/centreon-plugins/apps/protocols/http/mode/expectedcontent.pm b/centreon-plugins/apps/protocols/http/mode/expectedcontent.pm index a573f75df..610eb8449 100644 --- a/centreon-plugins/apps/protocols/http/mode/expectedcontent.pm +++ b/centreon-plugins/apps/protocols/http/mode/expectedcontent.pm @@ -51,6 +51,7 @@ sub new { "timeout:s" => { name => 'timeout' }, "no-follow" => { name => 'no_follow', }, "ssl:s" => { name => 'ssl', }, + "ssl-opt:s@" => { name => 'ssl_opt' }, "cert-file:s" => { name => 'cert_file' }, "key-file:s" => { name => 'key_file' }, "cacert-file:s" => { name => 'cacert_file' }, @@ -216,9 +217,9 @@ Threshold for HTTP timeout (Default: 5) Do not follow http redirect -=item B<--ssl> +=item B<--ssl-opt> -Specify SSL version (example : 'sslv3', 'tlsv1'...) +Set SSL Options (--ssl-opt="SSL_version => TLSv1" --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"). =item B<--cert-file> diff --git a/centreon-plugins/apps/protocols/http/mode/jsoncontent.pm b/centreon-plugins/apps/protocols/http/mode/jsoncontent.pm index b9354c1e3..88f70d817 100644 --- a/centreon-plugins/apps/protocols/http/mode/jsoncontent.pm +++ b/centreon-plugins/apps/protocols/http/mode/jsoncontent.pm @@ -54,6 +54,7 @@ sub new { "header:s@" => { name => 'header' }, "get-param:s@" => { name => 'get_param' }, "timeout:s" => { name => 'timeout', default => 10 }, + "ssl-opt:s@" => { name => 'ssl_opt' }, "ssl:s" => { name => 'ssl', }, "cert-file:s" => { name => 'cert_file' }, "key-file:s" => { name => 'key_file' }, @@ -409,9 +410,9 @@ Specify password for basic authentification (Mandatory if --credentials is speci Threshold for HTTP timeout (Default: 10) -=item B<--ssl> +=item B<--ssl-opt> -Specify SSL version (example : 'sslv3', 'tlsv1'...) +Set SSL Options (--ssl-opt="SSL_version => TLSv1" --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"). =item B<--cert-file> diff --git a/centreon-plugins/apps/protocols/http/mode/response.pm b/centreon-plugins/apps/protocols/http/mode/response.pm index 16f2ea2f3..fb0f8fe77 100644 --- a/centreon-plugins/apps/protocols/http/mode/response.pm +++ b/centreon-plugins/apps/protocols/http/mode/response.pm @@ -49,7 +49,8 @@ sub new { "proxypac:s" => { name => 'proxypac' }, "timeout:s" => { name => 'timeout' }, "no-follow" => { name => 'no_follow', }, - "ssl:s" => { name => 'ssl' }, + "ssl:s" => { name => 'ssl' }, + "ssl-opt:s@" => { name => 'ssl_opt' }, "cert-file:s" => { name => 'cert_file' }, "key-file:s" => { name => 'key_file' }, "cacert-file:s" => { name => 'cacert_file' }, @@ -202,9 +203,9 @@ Threshold for HTTP timeout (Default: 5) Do not follow http redirect -=item B<--ssl> +=item B<--ssl-opt> -Specify SSL version (example : 'sslv3', 'tlsv1'...) +Set SSL Options (--ssl-opt="SSL_version => TLSv1" --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"). =item B<--cert-file> diff --git a/centreon-plugins/apps/protocols/http/mode/soapcontent.pm b/centreon-plugins/apps/protocols/http/mode/soapcontent.pm index 01ebd87f0..b10cfb79a 100644 --- a/centreon-plugins/apps/protocols/http/mode/soapcontent.pm +++ b/centreon-plugins/apps/protocols/http/mode/soapcontent.pm @@ -53,6 +53,7 @@ sub new { "proxypac:s" => { name => 'proxypac' }, "header:s@" => { name => 'header' }, "timeout:s" => { name => 'timeout', default => 10 }, + "ssl-opt:s@" => { name => 'ssl_opt' }, "ssl:s" => { name => 'ssl', }, "cert-file:s" => { name => 'cert_file' }, "key-file:s" => { name => 'key_file' }, @@ -436,9 +437,9 @@ Specify password for basic authentification (Mandatory if --credentials is speci Threshold for HTTP timeout (Default: 10) -=item B<--ssl> +=item B<--ssl-opt> -Specify SSL version (example : 'sslv3', 'tlsv1'...) +Set SSL Options (--ssl-opt="SSL_version => TLSv1" --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"). =item B<--cert-file> diff --git a/centreon-plugins/centreon/plugins/http.pm b/centreon-plugins/centreon/plugins/http.pm index 29a702476..fa6b655c6 100644 --- a/centreon-plugins/centreon/plugins/http.pm +++ b/centreon-plugins/centreon/plugins/http.pm @@ -121,6 +121,29 @@ sub check_options { $options{request}->{$_} =~ s/%\{http_code\}/\$response->code/g; } } + + $self->{ssl_context} = ''; + if (!defined($options{request}->{ssl_opt})) { + $options{request}->{ssl_opt} = []; + } + if (defined($options{request}->{ssl}) && $options{request}->{ssl} ne '') { + push @{$options{request}->{ssl_opt}}, 'SSL_version => ' . $options{request}->{ssl}; + } + if (defined($options{request}->{cert_file}) && !defined($options{request}->{cert_pkcs12})) { + push @{$options{request}->{ssl_opt}}, 'SSL_use_cert => 1'; + push @{$options{request}->{ssl_opt}}, 'SSL_cert_file => "' . $options{request}->{cert_file} . '"'; + push @{$options{request}->{ssl_opt}}, 'SSL_key_file => "' . $options{request}->{key_file} . '"' + if (defined($options{request}->{key_file})); + push @{$options{request}->{ssl_opt}}, 'SSL_ca_file => "' . $options{request}->{cacert_file} . '"' + if (defined($options{request}->{cacert_file})); + } + my $append = ''; + foreach (@{$options{request}->{ssl_opt}}) { + if ($_ ne '') { + $self->{ssl_context} .= $append . $_; + $append = ', '; + } + } } sub get_port { @@ -256,20 +279,8 @@ sub request { $ENV{HTTPS_PKCS12_PASSWORD} = $request_options->{cert_pwd}; } - my $ssl_context; - if (defined($request_options->{ssl}) && $request_options->{ssl} ne '') { - $ssl_context = { SSL_version => $request_options->{ssl} }; - } - if (defined($request_options->{cert_file}) && !defined($request_options->{cert_pkcs12})) { - $ssl_context = {} if (!defined($ssl_context)); - $ssl_context->{SSL_use_cert} = 1; - $ssl_context->{SSL_cert_file} = $request_options->{cert_file}; - $ssl_context->{SSL_key_file} = $request_options->{key_file} if (defined($request_options->{key_file})); - $ssl_context->{SSL_ca_file} = $request_options->{cacert_file} if (defined($request_options->{cacert_file})); - } - - if (defined($ssl_context)) { - my $context = new IO::Socket::SSL::SSL_Context(%{$ssl_context}); + if (defined($self->{ssl_context}) && $self->{ssl_context} ne '') { + my $context = new IO::Socket::SSL::SSL_Context(eval $self->{ssl_context}); IO::Socket::SSL::set_default_context($context); }