From 2715835da10aad3703c33b4d5822b2f41df7e737 Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Sun, 1 Jun 2008 15:44:10 +0200 Subject: [PATCH] ascent plugin: Added "Verify{Peer,Host}" configuration options. Those options may be used to disable peer SSL certificate or peer host name verification respectively. The apache and nginx plugins already support those options, so this makes configuration of plugins using libcurl more consistent. Signed-off-by: Sebastian Harl Signed-off-by: Florian Forster --- src/ascent.c | 26 ++++++++++++++++++++++---- src/collectd.conf.pod | 13 +++++++++++++ 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/src/ascent.c b/src/ascent.c index 6b4f21fc..c443d387 100644 --- a/src/ascent.c +++ b/src/ascent.c @@ -91,10 +91,12 @@ struct player_info_s typedef struct player_info_s player_info_t; #define PLAYER_INFO_STATIC_INIT { -1, -1, -1, -1, -1 } -static char *url = NULL; -static char *user = NULL; -static char *pass = NULL; -static char *cacert = NULL; +static char *url = NULL; +static char *user = NULL; +static char *pass = NULL; +static char *verify_peer = NULL; +static char *verify_host = NULL; +static char *cacert = NULL; static CURL *curl = NULL; @@ -108,6 +110,8 @@ static const char *config_keys[] = "URL", "User", "Password", + "VerifyPeer", + "VerifyHost", "CACert" }; static int config_keys_num = STATIC_ARRAY_SIZE (config_keys); @@ -500,6 +504,10 @@ static int ascent_config (const char *key, const char *value) /* {{{ */ return (config_set (&user, value)); else if (strcasecmp (key, "Password") == 0) return (config_set (&pass, value)); + else if (strcasecmp (key, "VerifyPeer") == 0) + return (config_set (&verify_peer, value)); + else if (strcasecmp (key, "VerifyHost") == 0) + return (config_set (&verify_host, value)); else if (strcasecmp (key, "CACert") == 0) return (config_set (&cacert, value)); else @@ -550,6 +558,16 @@ static int ascent_init (void) /* {{{ */ curl_easy_setopt (curl, CURLOPT_URL, url); + if ((verify_peer == NULL) || (strcmp (verify_peer, "true") == 0)) + curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 1); + else + curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0); + + if ((verify_host == NULL) || (strcmp (verify_host, "true") == 0)) + curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 2); + else + curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0); + if (cacert != NULL) curl_easy_setopt (curl, CURLOPT_CAINFO, cacert); diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod index 2c4ff462..2b3dedf7 100644 --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod @@ -232,6 +232,19 @@ Optional user name needed for authentication. Optional password needed for authentication. +=item B B + +Enable or disable peer SSL certificate verification. See +L for details. Enabled by default. + +=item B B + +Enable or disable peer host name verification. If enabled, the plugin checks +if the C or a C field of the SSL +certificate matches the host name provided by the B option. If this +identity check fails, the connection is aborted. Obviously, only works when +connecting to a SSL enabled server. Enabled by default. + =item B I File that holds one or more SSL certificates. If you want to use HTTPS you will -- 2.11.0