Module: check_mk
Branch: master
Commit: 16450b99f90151cae670981b27ce98a403cb81e2
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=16450b99f90151…
Author: Sven Rueß <sr(a)mathias-kettner.de>
Date: Sun Dec 4 15:30:50 2016 +0100
4126 FIX apache_status: Handle https requests lo localhost in case of certificate
mismatch
If the webserver is serving the status site from apache over https and the certificate
does not match the server name, the request was ignored. This is fixed now. The request
is rewritten to localhost without encryption.
---
.werks/4126 | 12 ++++++++++++
ChangeLog | 1 +
agents/plugins/apache_status | 9 +++++++++
3 files changed, 22 insertions(+)
diff --git a/.werks/4126 b/.werks/4126
new file mode 100644
index 0000000..c958652
--- /dev/null
+++ b/.werks/4126
@@ -0,0 +1,12 @@
+Title: apache_status: Handle https requests lo localhost in case of certificate mismatch
+Level: 1
+Component: checks
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.4.0i3
+Date: 1480861671
+
+If the webserver is serving the status site from apache over https and the certificate
+does not match the server name, the request was ignored. This is fixed now. The request
+is rewritten to localhost without encryption.
diff --git a/ChangeLog b/ChangeLog
index 56cec10..45b447f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,7 @@
* 4081 FIX: dell_powerconnect_cpu: Fixed broken metrics
* 3998 FIX: agent_netapp / netapp_api_if: improved mechanism to collect interface
infos. fixes invalid if-speed...
NOTE: Please refer to the migration notes!
+ * 4126 FIX: apache_status: Handle https requests lo localhost in case of certificate
mismatch...
Multisite:
* 4070 Added a painter for the service check period
diff --git a/agents/plugins/apache_status b/agents/plugins/apache_status
index ce44405..2c986f9 100755
--- a/agents/plugins/apache_status
+++ b/agents/plugins/apache_status
@@ -144,6 +144,15 @@ for server in servers:
fd = urllib2.urlopen(url)
else:
raise
+ except Exception, e:
+ if 'doesn\'t match' in str(e):
+ # HACK: workaround if SSL port is found and localhost is using
+ # SSL connections but certifiacte is mismatched
+ portspec = ':80'
+ url = 'http://%s%s/server-status?auto' % (address, portspec)
+ fd = urllib2.urlopen(url)
+ else:
+ raise
for line in fd.read().split('\n'):
if not line.strip():