Module: check_mk
Branch: master
Commit: b7acbb68fc5a6018bab1490040806d5bc5a142e9
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b7acbb68fc5a60…
Author: Moritz Kiemer <mo(a)mathias-kettner.de>
Date: Wed Mar 27 14:18:13 2019 +0100
check_http: refactor common SNI option
CMK-1873
Change-Id: I43ff11d6ab65941ca98f26bae9959e7bb2af93f8
---
checks/check_http | 18 ++++++++----------
cmk/gui/plugins/wato/active_checks.py | 25 ++++++++-----------------
2 files changed, 16 insertions(+), 27 deletions(-)
diff --git a/checks/check_http b/checks/check_http
index 849abeb..bd63cb2 100644
--- a/checks/check_http
+++ b/checks/check_http
@@ -42,6 +42,9 @@ def _transform_check_http(params):
if "proxy_auth" in mode:
proxy["auth"] = mode["proxy_auth"]
+ if "sni" in mode:
+ transformed["sni"] = mode.pop("sni")
+
return transformed
@@ -74,7 +77,7 @@ def _get_proxy(params):
return ProxySettings(proxy.get("address"), proxy.get("port"),
auth)
-def _certificate_args(host, proxy, settings):
+def _certificate_args(host, proxy, settings, sni_flag):
args = []
server = settings.get('cert_host', host.address)
@@ -90,9 +93,6 @@ def _certificate_args(host, proxy, settings):
warn, crit = settings["cert_days"]
args += ['-C', '%d,%d' % (warn, crit)]
- if "sni" in settings:
- args += ['--sni']
-
server_port = settings.get("port")
specify_port = proxy.port if proxy else server_port
@@ -107,7 +107,7 @@ def _certificate_args(host, proxy, settings):
if server_port:
server += ':%s' % server_port
- elif settings.get("sni"):
+ elif sni_flag:
args += ['-H', server]
args += [server]
@@ -146,9 +146,6 @@ def _url_args(host, proxy, settings):
elif ssl:
args += ['--ssl=%s' % ssl]
- if "sni" in settings:
- args += ['--sni']
-
if "response_time" in settings:
args += [
'-w',
@@ -230,9 +227,10 @@ def check_http_arguments(params):
host = _get_host(settings)
proxy = _get_proxy(params)
+ args = ['--sni'] if params.get("sni") else []
if mode_name == 'cert':
- return _certificate_args(host, proxy, settings)
- return _url_args(host, proxy, settings)
+ return args + _certificate_args(host, proxy, settings,
params.get("sni"))
+ return args + _url_args(host, proxy, settings)
def check_http_description(params):
diff --git a/cmk/gui/plugins/wato/active_checks.py
b/cmk/gui/plugins/wato/active_checks.py
index 11407cd3..64f8512 100644
--- a/cmk/gui/plugins/wato/active_checks.py
+++ b/cmk/gui/plugins/wato/active_checks.py
@@ -1003,6 +1003,11 @@ class RulespecActiveChecksHttp(HostRulespec):
"<tt>HTTP</tt> or
<tt>HTTPS</tt>."),
allow_empty=False)),
("proxy", self._proxyspec()),
+ ("sni",
+ FixedValue(
+ value=True,
+ totext="",
+ title=_("Enable SSL/TLS hostname extension support
(SNI)"))),
("mode",
CascadingDropdown(
title=_("Mode of the Check"),
@@ -1059,13 +1064,6 @@ class RulespecActiveChecksHttp(HostRulespec):
),
forth=lambda x: x is True and "auto"
or x,
)),
- ("sni",
- FixedValue(
- value=True,
- totext=_("enable SNI"),
- title=_(
- "Enable SSL/TLS hostname extension
support (SNI)"),
- )),
("response_time",
Tuple(
title=_("Expected response time"),
@@ -1282,16 +1280,6 @@ class RulespecActiveChecksHttp(HostRulespec):
),
("port", self._portspec(443)),
_ip_address_family_element(),
- (
- "sni",
- FixedValue(
- value=True,
- totext=_("enable SNI"),
- title=_(
- "Enable SSL/TLS hostname extension
support (SNI)"
- ),
- ),
- ),
],
required_keys=["cert_days"],
)),
@@ -1326,6 +1314,9 @@ class RulespecActiveChecksHttp(HostRulespec):
if auth:
proxy["auth"] = auth
+ if "sni" in mode:
+ transformed["sni"] = mode.pop("sni")
+
return transformed