From 56bcb4af5888121cef3a3c6bab1084bf225aa012 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Sat, 29 Aug 2009 10:39:09 +0200 Subject: [PATCH] write_http plugin: Implement the usual SSL options. --- src/collectd.conf.pod | 19 +++++++++++ src/write_http.c | 92 ++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 84 insertions(+), 27 deletions(-) diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod index 786572cb..9fd4536f 100644 --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod @@ -3480,6 +3480,25 @@ Optional user name needed for authentication. Optional password needed for authentication. +=item B B|B + +Enable or disable peer SSL certificate verification. See +L for details. Enabled by default. + +=item B B + +Enable or disable peer host name verification. If enabled, the plugin checks if +the C or a C field of the SSL certificate +matches the host name provided by the B option. If this identity check +fails, the connection is aborted. Obviously, only works when connecting to a +SSL enabled server. Enabled by default. + +=item B I + +File that holds one or more SSL certificates. If you want to use HTTPS you will +possibly need this option. What CA certificates come bundled with C +and are checked by default depends on the distribution you use. + =back =head1 THRESHOLD CONFIGURATION diff --git a/src/write_http.c b/src/write_http.c index 912c92dd..b17a3422 100644 --- a/src/write_http.c +++ b/src/write_http.c @@ -45,6 +45,9 @@ struct wh_callback_s char *user; char *pass; char *credentials; + int verify_peer; + int verify_host; + char *cacert; CURL *curl; char curl_errbuf[CURL_ERROR_SIZE]; @@ -126,6 +129,12 @@ static int wh_callback_init (wh_callback_t *cb) /* {{{ */ curl_easy_setopt (cb->curl, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST); } + curl_easy_setopt (cb->curl, CURLOPT_SSL_VERIFYPEER, cb->verify_peer); + curl_easy_setopt (cb->curl, CURLOPT_SSL_VERIFYHOST, + cb->verify_host ? 2 : 0); + if (cb->cacert != NULL) + curl_easy_setopt (cb->curl, CURLOPT_CAINFO, cb->cacert); + wh_reset_buffer (cb); return (0); @@ -207,6 +216,7 @@ static void wh_callback_free (void *data) /* {{{ */ sfree (cb->user); sfree (cb->pass); sfree (cb->credentials); + sfree (cb->cacert); sfree (cb); } /* }}} void wh_callback_free */ @@ -259,33 +269,6 @@ static int wh_value_list_to_string (char *buffer, /* {{{ */ return (0); } /* }}} int wh_value_list_to_string */ -static int config_set_string (char **ret_string, /* {{{ */ - oconfig_item_t *ci) -{ - char *string; - - if ((ci->values_num != 1) - || (ci->values[0].type != OCONFIG_TYPE_STRING)) - { - WARNING ("write_http plugin: The `%s' config option " - "needs exactly one string argument.", ci->key); - return (-1); - } - - string = strdup (ci->values[0].value.string); - if (string == NULL) - { - ERROR ("write_http plugin: strdup failed."); - return (-1); - } - - if (*ret_string != NULL) - free (*ret_string); - *ret_string = string; - - return (0); -} /* }}} int config_set_string */ - static int wh_write_command (const data_set_t *ds, const value_list_t *vl, /* {{{ */ wh_callback_t *cb) { @@ -386,6 +369,47 @@ static int wh_write (const data_set_t *ds, const value_list_t *vl, /* {{{ */ return (status); } /* }}} int wh_write */ +static int config_set_string (char **ret_string, /* {{{ */ + oconfig_item_t *ci) +{ + char *string; + + if ((ci->values_num != 1) + || (ci->values[0].type != OCONFIG_TYPE_STRING)) + { + WARNING ("write_http plugin: The `%s' config option " + "needs exactly one string argument.", ci->key); + return (-1); + } + + string = strdup (ci->values[0].value.string); + if (string == NULL) + { + ERROR ("write_http plugin: strdup failed."); + return (-1); + } + + if (*ret_string != NULL) + free (*ret_string); + *ret_string = string; + + return (0); +} /* }}} int config_set_string */ + +static int config_set_boolean (int *dest, oconfig_item_t *ci) /* {{{ */ +{ + if ((ci->values_num != 1) || (ci->values[0].type != OCONFIG_TYPE_BOOLEAN)) + { + WARNING ("write_http plugin: The `%s' config option " + "needs exactly one boolean argument.", ci->key); + return (-1); + } + + *dest = ci->values[0].value.boolean ? 1 : 0; + + return (0); +} /* }}} int config_set_boolean */ + static int wh_config_url (oconfig_item_t *ci) /* {{{ */ { wh_callback_t *cb; @@ -399,6 +423,14 @@ static int wh_config_url (oconfig_item_t *ci) /* {{{ */ return (-1); } memset (cb, 0, sizeof (*cb)); + cb->location = NULL; + cb->user = NULL; + cb->pass = NULL; + cb->credentials = NULL; + cb->verify_peer = 1; + cb->verify_host = 1; + cb->cacert = NULL; + cb->curl = NULL; pthread_mutex_init (&cb->send_lock, /* attr = */ NULL); @@ -414,6 +446,12 @@ static int wh_config_url (oconfig_item_t *ci) /* {{{ */ config_set_string (&cb->user, child); else if (strcasecmp ("Password", child->key) == 0) config_set_string (&cb->pass, child); + else if (strcasecmp ("VerifyPeer", child->key) == 0) + config_set_boolean (&cb->verify_peer, child); + else if (strcasecmp ("VerifyHost", child->key) == 0) + config_set_boolean (&cb->verify_host, child); + else if (strcasecmp ("CACert", child->key) == 0) + config_set_string (&cb->cacert, child); else { ERROR ("write_http plugin: Invalid configuration " -- 2.11.0