[checkmk-commits] 6117 check_http: Add the possibility to perform certificate checks over a proxy

6 Jul 2018

Module: check_mk
Branch: master
Commit: 4dd2c672edd6ba42f9cb24d45fc33c5f9f9e619f
URL:   
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4dd2c672edd6ba…

Author: Tom Baerwinkel &lt;tb(a)mathias-kettner.de&gt;
Date:   Fri Jun 29 13:08:38 2018 +0200

6117 check_http: Add the possibility to perform certificate checks over a proxy

Change-Id: Id9fe1410ab0ebd4a6b237cce6f7fc036cb5d5cbf

---

 .werks/6117                       | 10 ++++++++++
 checks/check_http                 | 11 ++++++++++-
 web/plugins/wato/active_checks.py | 22 ++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/.werks/6117 b/.werks/6117
new file mode 100644
index 0000000..dc53989
--- /dev/null
+++ b/.werks/6117
@@ -0,0 +1,10 @@
+Title: check_http: Add the possibility to perform certificate checks over a proxy
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1530270478
+Class: feature
+
+
diff --git a/checks/check_http b/checks/check_http
index 60fa94f..52b13e1 100644
--- a/checks/check_http
+++ b/checks/check_http
@@ -47,7 +47,12 @@ def _certificate_args(address_family, address, settings):
     args = []
 
     if "cert_host" in settings:
-        if settings.get("sni"):
+        if settings.get('proxy'):
+            args += [ '-I', settings['proxy'] ]
+            args += [ '-H', settings['cert_host'] ]
+            args.append('--ssl')
+            args += ['-j', 'CONNECT']
+        elif settings.get("sni"):
             args += [ '-H', settings['cert_host'] ]
         else:
             args += [ '-I', settings['cert_host'] ]
@@ -61,6 +66,10 @@ def _certificate_args(address_family, address, settings):
     if "port" in settings:
         args += [ '-p', settings["port"] ]
 
+    if "proxy_auth" in settings:
+        username, password = settings["proxy_auth"]
+        args += [ "-b", passwordstore_get_cmdline("%s:%%s" %
username, password) ]
+
     if "cert_days" in settings:
         # legacy behavior
         if type(settings["cert_days"]) == int:
diff --git a/web/plugins/wato/active_checks.py b/web/plugins/wato/active_checks.py
index 269aab7..aae43a2 100644
--- a/web/plugins/wato/active_checks.py
+++ b/web/plugins/wato/active_checks.py
@@ -1196,6 +1196,28 @@ register_rule(group,
                                     title = _("Enable SSL/TLS hostname extension
support (SNI)"),
                                 ),
                             ),
+                            ( "proxy",
+                                TextAscii(
+                                    title = _("Proxy host"),
+                                    help = _("To use a proxy you have to specify the
Port of the proxy. ")
+                                ),
+                            ),
+                            ( "proxy_auth",
+                                Tuple(
+                                    title = _("Proxy-Authorization"),
+                                    help = _("Credentials for HTTP Proxy with basic
authentication"),
+                                    elements = [
+                                        TextAscii(
+                                            title = _("Username"),
+                                            size = 12,
+                                            allow_empty = False
+                                        ),
+                                        IndividualOrStoredPassword(
+                                            title = _("Password"),
+                                        ),
+                                    ]
+                                )
+                            ),
                         ],
                         required_keys = [ "cert_days" ],
                     ),


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] 6117 check_http: Add the possibility to perform certificate checks over a proxy