[Nagiosplug-devel] proxy_auth patch for check_http

Alex alex at zengers.de
Thu Sep 13 19:52:16 CEST 2007


Hello,

i've written a little patch (see attacted), which adds proxy_auth support for the
check_http command. The patch is basicly copied from the http_auth
code, just changed variable names and the header which is sent.

greetz
alex

-- 
We're sysadmins.  To us, data is a protocol-overhead.
-------------- next part --------------
--- check_http.c	2006-10-03 04:04:10.000000000 +0200
+++ check_http_v2.c	2007-09-05 21:38:02.000000000 +0200
@@ -1,210 +1,102 @@
-/****************************************************************************
- *
- * Program: HTTP plugin for Nagios
- * License: GPL
- *
- * License Information:
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * $Id: check_http.c,v 1.23 2003/02/18 21:56:24 tonvoon Exp $
- *
- *****************************************************************************/
+/******************************************************************************
+*
+* Nagios check_http plugin
+*
+* License: GPL
+* Copyright (c) 1999-2006 nagios-plugins team
+*
+* Last Modified: $Date: 2007/03/06 22:45:57 $
+*
+* Description:
+*
+* This file contains the check_http plugin
+*
+*  This plugin tests the HTTP service on the specified host. It can test
+*  normal (http) and secure (https) servers, follow redirects, search for
+*  strings and regular expressions, check connection times, and report on
+*  certificate expiration times.
+*
+*
+* License Information:
+*
+* This program is free software; you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation; either version 2 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ $Id: check_http.c,v 1.101 2007/03/06 22:45:57 tonvoon Exp $
+ 
+******************************************************************************/
+/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
 
 const char *progname = "check_http";
-#define REVISION "$Revision: 1.23 $"
-#define COPYRIGHT "1999-2001"
-#define AUTHORS "Ethan Galstad/Karl DeBisschop"
-#define EMAIL "kdebisschop at users.sourceforge.net"
-
-#include "config.h"
-#include "common.h"
-#include "netutils.h"
-#include "utils.h"
-
-#define SUMMARY "\
-This plugin tests the HTTP service on the specified host. It can test\n\
-normal (http) and secure (https) servers, follow redirects, search for\n\
-strings and regular expressions, check connection times, and report on\n\
-certificate expiration times.\n"
-
-#define OPTIONS "\
-(-H <vhost> | -I <IP-address>) [-u <uri>] [-p <port>]\n\
-            [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n\
-            [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n\
-            [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n\
-            [-P string]"
-
-#define LONGOPTIONS "\
- -H, --hostname=ADDRESS\n\
-    Host name argument for servers using host headers (virtual host)\n\
- -I, --IP-address=ADDRESS\n\
-   IP address or name (use numeric address if possible to bypass DNS lookup).\n\
- -e, --expect=STRING\n\
-   String to expect in first (status) line of server response (default: %s)\n\
-   If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)\n\
- -s, --string=STRING\n\
-   String to expect in the content\n\
- -u, --url=PATH\n\
-   URL to GET or POST (default: /)\n\
- -p, --port=INTEGER\n\
-   Port number (default: %d)\n\
- -P, --post=STRING\n\
-   URL encoded http POST data\n\
- -w, --warning=INTEGER\n\
-   Response time to result in warning status (seconds)\n\
- -c, --critical=INTEGER\n\
-   Response time to result in critical status (seconds)\n\
- -t, --timeout=INTEGER\n\
-   Seconds before connection times out (default: %d)\n\
- -a, --authorization=AUTH_PAIR\n\
-   Username:password on sites with basic authentication\n\
- -L, --link=URL\n\
-   Wrap output in HTML link (obsoleted by urlize)\n\
- -f, --onredirect=<ok|warning|critical|follow>\n\
-   How to handle redirected pages\n%s%s\
- -v, --verbose\n\
-    Show details for command-line debugging (do not use with nagios server)\n\
- -h, --help\n\
-    Print detailed help screen\n\
- -V, --version\n\
-    Print version information\n"
+const char *revision = "$Revision: 1.102 $";
+const char *copyright = "1999-2006";
+const char *email = "nagiosplug-devel at lists.sourceforge.net";
+
+#include "../plugins/common.h"
+#include "../plugins/netutils.h"
+#include "../plugins/utils.h"
 
-#ifdef HAVE_SSL
-#define SSLOPTIONS "\
- -S, --ssl\n\
-    Connect via SSL\n\
- -C, --certificate=INTEGER\n\
-    Minimum number of days a certificate has to be valid.\n\
-    (when this option is used the url is not checked.)\n"
-#else
-#define SSLOPTIONS ""
-#endif
-
-#ifdef HAVE_REGEX_H
-#define REGOPTIONS "\
- -l, --linespan\n\
-    Allow regex to span newlines (must precede -r or -R)\n\
- -r, --regex, --ereg=STRING\n\
-    Search page for regex STRING\n\
- -R, --eregi=STRING\n\
-    Search page for case-insensitive regex STRING\n"
-#else
-#define REGOPTIONS ""
-#endif
-
-#define DESCRIPTION "\
-This plugin will attempt to open an HTTP connection with the host. Successul\n\
-connects return STATE_OK, refusals and timeouts return STATE_CRITICAL, other\n\
-errors return STATE_UNKNOWN.  Successful connects, but incorrect reponse\n\
-messages from the host result in STATE_WARNING return values.  If you are\n\
-checking a virtual server that uses \"host headers\" you must supply the FQDN\n\
-\(fully qualified domain name) as the [host_name] argument.\n"
-
-#define SSLDESCRIPTION "\
-This plugin can also check whether an SSL enabled web server is able to\n\
-serve content (optionally within a specified time) or whether the X509 \n\
-certificate is still valid for the specified number of days.\n\n\
-CHECK CONTENT: check_http -w 5 -c 10 --ssl www.verisign.com\n\n\
-When the 'www.verisign.com' server returns its content within 5 seconds, a\n\
-STATE_OK will be returned. When the server returns its content but exceeds\n\
-the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,\n\
-a STATE_CRITICAL will be returned.\n\n\
-CHECK CERTIFICATE: check_http www.verisign.com -C 14\n\n\
-When the certificate of 'www.verisign.com' is valid for more than 14 days, a\n\
-STATE_OK is returned. When the certificate is still valid, but for less than\n\
-14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when\n\
-the certificate is expired.\n"
-
-#ifdef HAVE_SSL_H
-#include <rsa.h>
-#include <crypto.h>
-#include <x509.h>
-#include <pem.h>
-#include <ssl.h>
-#include <err.h>
-#include <rand.h>
-#endif
+#define INPUT_DELIMITER ";"
 
-#ifdef HAVE_OPENSSL_SSL_H
-#include <openssl/rsa.h>
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#endif
+#define HTTP_EXPECT "HTTP/1."
+enum {
+  MAX_IPV4_HOSTLENGTH = 255,
+  HTTP_PORT = 80,
+  HTTPS_PORT = 443
+};
 
 #ifdef HAVE_SSL
 int check_cert = FALSE;
 int days_till_exp;
-char *randbuff = "";
-SSL_CTX *ctx;
-SSL *ssl;
+char *randbuff;
 X509 *server_cert;
-int connect_SSL (void);
-int check_certificate (X509 **);
-#endif
+#  define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+#  define my_send(buf, len) ((use_ssl) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#else /* ifndef HAVE_SSL */
+#  define my_recv(buf, len) read(sd, buf, len)
+#  define my_send(buf, len) send(sd, buf, len, 0)
+#endif /* HAVE_SSL */
+int no_body = FALSE;
+int maximum_age = -1;
 
-#ifdef HAVE_REGEX_H
 enum {
-	REGS = 2,
-	MAX_RE_SIZE = 256
+  REGS = 2,
+  MAX_RE_SIZE = 256
 };
-#include <regex.h>
+#include "regex.h"
 regex_t preg;
 regmatch_t pmatch[REGS];
 char regexp[MAX_RE_SIZE];
 char errbuf[MAX_INPUT_BUFFER];
 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
 int errcode;
-#endif
+int invert_regex = 0;
 
 struct timeval tv;
 
-#define server_type_check(server_type) \
-(strcmp (server_type, "https") ? FALSE : TRUE)
-
-#define server_port_check(use_ssl) (use_ssl ? HTTPS_PORT : HTTP_PORT)
-
-#define HDR_LOCATION "%*[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]: "
-#define URI_HTTP "%[HTPShtps]://"
-#define URI_HOST "%[a-zA-Z0-9.-]"
-#define URI_PORT ":%[0-9]"
-#define URI_PATH "%[/a-zA-Z0-9._-=@,]"
-
-enum {
-	MAX_IPV4_HOSTLENGTH = 64,
-	HTTP_PORT = 80,
-	HTTPS_PORT = 443
-};
-
-#define HTTP_EXPECT "HTTP/1."
 #define HTTP_URL "/"
 #define CRLF "\r\n"
 
-char timestamp[17] = "";
 int specify_port = FALSE;
 int server_port = HTTP_PORT;
 char server_port_text[6] = "";
 char server_type[6] = "http";
-char *server_address = ""; 
-char *host_name = "";
-char *server_url = HTTP_URL;
-int server_url_length = 1;
+char *server_address;
+char *host_name;
+char *server_url;
+char *user_agent;
+int server_url_length;
 int server_expect_yn = 0;
 char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
 char string_expect[MAX_INPUT_BUFFER] = "";
@@ -213,848 +105,1266 @@
 double critical_time = 0;
 int check_critical_time = FALSE;
 char user_auth[MAX_INPUT_BUFFER] = "";
+// proxy_auth
+char proxy_auth[MAX_INPUT_BUFFER] = "";
 int display_html = FALSE;
+char **http_opt_headers;
+int http_opt_headers_count = 0;
 int onredirect = STATE_OK;
 int use_ssl = FALSE;
 int verbose = FALSE;
 int sd;
-char *http_method = "GET";
-char *http_post_data = "";
+int min_page_len = 0;
+int max_page_len = 0;
+int redir_depth = 0;
+int max_depth = 15;
+char *http_method;
+char *http_post_data;
+char *http_content_type;
 char buffer[MAX_INPUT_BUFFER];
 
-void print_usage (void);
-void print_help (void);
 int process_arguments (int, char **);
-static char *base64 (char *bin, int len);
+static char *base64 (const char *bin, size_t len);
 int check_http (void);
-int my_recv (void);
-int my_close (void);
+void redir (char *pos, char *status_line);
+int server_type_check(const char *type);
+int server_port_check(int ssl_flag);
+char *perfd_time (double microsec);
+char *perfd_size (int page_len);
+void print_help (void);
+void print_usage (void);
 
 int
 main (int argc, char **argv)
 {
-	int result = STATE_UNKNOWN;
-
-	if (process_arguments (argc, argv) == ERROR)
-		usage ("check_http: could not parse arguments\n");
+  int result = STATE_UNKNOWN;
 
-	if (strstr (timestamp, ":")) {
-		if (strstr (server_url, "?"))
-			asprintf (&server_url, "%s&%s", server_url, timestamp);
-		else
-			asprintf (&server_url, "%s?%s", server_url, timestamp);
-	}
-
-	if (display_html == TRUE)
-		printf ("<A HREF=\"http://%s:%d%s\" target=\"_blank\">",
-		        host_name, server_port, server_url);
-
-	/* initialize alarm signal handling, set socket timeout, start timer */
-	(void) signal (SIGALRM, socket_timeout_alarm_handler);
-	(void) alarm (socket_timeout);
-	gettimeofday (&tv, NULL);
+  /* Set default URL. Must be malloced for subsequent realloc if --onredirect=follow */
+  server_url = strdup(HTTP_URL);
+  server_url_length = strlen(server_url);
+  asprintf (&user_agent, "User-Agent: check_http/%s (nagios-plugins %s)",
+            clean_revstring (revision), VERSION);
+
+  if (process_arguments (argc, argv) == ERROR)
+    usage4 (_("Could not parse arguments"));
+
+  if (display_html == TRUE)
+    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">", 
+      use_ssl ? "https" : "http", host_name,
+      server_port, server_url);
+
+  /* initialize alarm signal handling, set socket timeout, start timer */
+  (void) signal (SIGALRM, socket_timeout_alarm_handler);
+  (void) alarm (socket_timeout);
+  gettimeofday (&tv, NULL);
 
-#ifdef HAVE_SSL
-	if (use_ssl && check_cert == TRUE) {
-		if (connect_SSL () != OK)
-			terminate (STATE_CRITICAL,
-			           "HTTP CRITICAL - Could not make SSL connection\n");
-		if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
-			result = check_certificate (&server_cert);
-			X509_free (server_cert);
-		}
-		else {
-			printf ("ERROR: Cannot retrieve server certificate.\n");
-			result = STATE_CRITICAL;
-		}
-		SSL_shutdown (ssl);
-		SSL_free (ssl);
-		SSL_CTX_free (ctx);
-		close (sd);
-	}
-	else {
-		result = check_http ();
-	}
-#else
-	result = check_http ();
-#endif
-	return result;
+  result = check_http ();
+  return result;
 }
-
+
 
 
 /* process command-line arguments */
 int
 process_arguments (int argc, char **argv)
 {
-	int c = 1;
-
-#ifdef HAVE_GETOPT_H
-	int option_index = 0;
-	static struct option long_options[] = {
-		STD_LONG_OPTS,
-		{"file",required_argument,0,'F'},
-		{"link", no_argument, 0, 'L'},
-		{"nohtml", no_argument, 0, 'n'},
-		{"ssl", no_argument, 0, 'S'},
-		{"verbose", no_argument, 0, 'v'},
-		{"post", required_argument, 0, 'P'},
-		{"IP-address", required_argument, 0, 'I'},
-		{"string", required_argument, 0, 's'},
-		{"regex", required_argument, 0, 'r'},
-		{"ereg", required_argument, 0, 'r'},
-		{"eregi", required_argument, 0, 'R'},
- 		{"linespan", no_argument, 0, 'l'},
-		{"onredirect", required_argument, 0, 'f'},
-		{"certificate", required_argument, 0, 'C'},
-		{0, 0, 0, 0}
-	};
-#endif
-
-	if (argc < 2)
-		return ERROR;
+  int c = 1;
 
-	for (c = 1; c < argc; c++) {
-		if (strcmp ("-to", argv[c]) == 0)
-			strcpy (argv[c], "-t");
-		if (strcmp ("-hn", argv[c]) == 0)
-			strcpy (argv[c], "-H");
-		if (strcmp ("-wt", argv[c]) == 0)
-			strcpy (argv[c], "-w");
-		if (strcmp ("-ct", argv[c]) == 0)
-			strcpy (argv[c], "-c");
-		if (strcmp ("-nohtml", argv[c]) == 0)
-			strcpy (argv[c], "-n");
-	}
-
-#define OPTCHARS "Vvht:c:w:H:P:I:a:e:p:s:R:r:u:f:C:nlLS"
-
-	while (1) {
-#ifdef HAVE_GETOPT_H
-		c = getopt_long (argc, argv, OPTCHARS, long_options, &option_index);
-#else
-		c = getopt (argc, argv, OPTCHARS);
+  enum {
+    INVERT_REGEX = CHAR_MAX + 1
+  };
+
+  int option = 0;
+  static struct option longopts[] = {
+    STD_LONG_OPTS,
+    {"link", no_argument, 0, 'L'},
+    {"nohtml", no_argument, 0, 'n'},
+    {"ssl", no_argument, 0, 'S'},
+    {"post", required_argument, 0, 'P'},
+    {"IP-address", required_argument, 0, 'I'},
+    {"url", required_argument, 0, 'u'},
+    {"port", required_argument, 0, 'p'},
+    {"authorization", required_argument, 0, 'a'},
+    {"proxy-authorization", required_argument, 0, 'y'},
+    {"string", required_argument, 0, 's'},
+    {"expect", required_argument, 0, 'e'},
+    {"regex", required_argument, 0, 'r'},
+    {"ereg", required_argument, 0, 'r'},
+    {"eregi", required_argument, 0, 'R'},
+    {"linespan", no_argument, 0, 'l'},
+    {"onredirect", required_argument, 0, 'f'},
+    {"certificate", required_argument, 0, 'C'},
+    {"useragent", required_argument, 0, 'A'},
+    {"header", required_argument, 0, 'k'},
+    {"no-body", no_argument, 0, 'N'},
+    {"max-age", required_argument, 0, 'M'},
+    {"content-type", required_argument, 0, 'T'},
+    {"pagesize", required_argument, 0, 'm'},
+    {"invert-regex", no_argument, NULL, INVERT_REGEX},
+    {"use-ipv4", no_argument, 0, '4'},
+    {"use-ipv6", no_argument, 0, '6'},
+    {0, 0, 0, 0}
+  };
+
+  if (argc < 2)
+    return ERROR;
+
+  for (c = 1; c < argc; c++) {
+    if (strcmp ("-to", argv[c]) == 0)
+      strcpy (argv[c], "-t");
+    if (strcmp ("-hn", argv[c]) == 0)
+      strcpy (argv[c], "-H");
+    if (strcmp ("-wt", argv[c]) == 0)
+      strcpy (argv[c], "-w");
+    if (strcmp ("-ct", argv[c]) == 0)
+      strcpy (argv[c], "-c");
+    if (strcmp ("-nohtml", argv[c]) == 0)
+      strcpy (argv[c], "-n");
+  }
+
+  while (1) {
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:T:I:a:y:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
+    if (c == -1 || c == EOF)
+      break;
+
+    switch (c) {
+    case '?': /* usage */
+      usage5 ();
+      break;
+    case 'h': /* help */
+      print_help ();
+      exit (STATE_OK);
+      break;
+    case 'V': /* version */
+      print_revision (progname, revision);
+      exit (STATE_OK);
+      break;
+    case 't': /* timeout period */
+      if (!is_intnonneg (optarg))
+        usage2 (_("Timeout interval must be a positive integer"), optarg);
+      else
+        socket_timeout = atoi (optarg);
+      break;
+    case 'c': /* critical time threshold */
+      if (!is_nonnegative (optarg))
+        usage2 (_("Critical threshold must be integer"), optarg);
+      else {
+        critical_time = strtod (optarg, NULL);
+        check_critical_time = TRUE;
+      }
+      break;
+    case 'w': /* warning time threshold */
+      if (!is_nonnegative (optarg))
+        usage2 (_("Warning threshold must be integer"), optarg);
+      else {
+        warning_time = strtod (optarg, NULL);
+        check_warning_time = TRUE;
+      }
+      break;
+    case 'A': /* User Agent String */
+      asprintf (&user_agent, "User-Agent: %s", optarg);
+      break;
+    case 'k': /* Additional headers */
+      if (http_opt_headers_count == 0)
+        http_opt_headers = malloc (sizeof (char *) * (++http_opt_headers_count));
+      else
+        http_opt_headers = realloc (http_opt_headers, sizeof (char *) * (++http_opt_headers_count));
+      http_opt_headers[http_opt_headers_count - 1] = optarg;
+      /* asprintf (&http_opt_headers, "%s", optarg); */
+      break;
+    case 'L': /* show html link */
+      display_html = TRUE;
+      break;
+    case 'n': /* do not show html link */
+      display_html = FALSE;
+      break;
+    case 'C': /* Check SSL cert validity */
+#ifdef HAVE_SSL
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid certificate expiration period"), optarg);
+      else {
+        days_till_exp = atoi (optarg);
+        check_cert = TRUE;
+      }
+     /* Fall through to -S option */
 #endif
-		if (c == -1 || c == EOF)
-			break;
-
-		switch (c) {
-		case '?': /* usage */
-			usage2 ("unknown argument", optarg);
-			break;
-		case 'h': /* help */
-			print_help ();
-			exit (STATE_OK);
-			break;
-		case 'V': /* version */
-			print_revision (progname, REVISION);
-			exit (STATE_OK);
-			break;
-		case 't': /* timeout period */
-			if (!is_intnonneg (optarg))
-				usage2 ("timeout interval must be a non-negative integer", optarg);
-			socket_timeout = atoi (optarg);
-			break;
-		case 'c': /* critical time threshold */
-			if (!is_intnonneg (optarg))
-				usage2 ("invalid critical threshold", optarg);
-			critical_time = strtod (optarg, NULL);
-			check_critical_time = TRUE;
-			break;
-		case 'w': /* warning time threshold */
-			if (!is_intnonneg (optarg))
-				usage2 ("invalid warning threshold", optarg);
-			warning_time = strtod (optarg, NULL);
-			check_warning_time = TRUE;
-			break;
-		case 'L': /* show html link */
-			display_html = TRUE;
-			break;
-		case 'n': /* do not show html link */
-			display_html = FALSE;
-			break;
-		case 'S': /* use SSL */
+    case 'S': /* use SSL */
 #ifndef HAVE_SSL
-			usage ("check_http: invalid option - SSL is not available\n");
-#endif
-			use_ssl = TRUE;
-			if (specify_port == FALSE)
-				server_port = HTTPS_PORT;
-			break;
-		case 'C': /* Check SSL cert validity */
-#ifdef HAVE_SSL
-			if (!is_intnonneg (optarg))
-				usage2 ("invalid certificate expiration period", optarg);
-			days_till_exp = atoi (optarg);
-			check_cert = TRUE;
-#else
-			usage ("check_http: invalid option - SSL is not available\n");
+      usage4 (_("Invalid option - SSL is not available"));
 #endif
-			break;
-		case 'f': /* onredirect */
-			if (!strcmp (optarg, "follow"))
-				onredirect = STATE_DEPENDENT;
-			if (!strcmp (optarg, "unknown"))
-				onredirect = STATE_UNKNOWN;
-			if (!strcmp (optarg, "ok"))
-				onredirect = STATE_OK;
-			if (!strcmp (optarg, "warning"))
-				onredirect = STATE_WARNING;
-			if (!strcmp (optarg, "critical"))
-				onredirect = STATE_CRITICAL;
-			if (verbose)
-				printf("option f:%d \n", onredirect);  
-			break;
-		/* Note: H, I, and u must be malloc'd or will fail on redirects */
-		case 'H': /* Host Name (virtual host) */
- 			asprintf (&host_name, "%s", optarg);
-			break;
-		case 'I': /* Server IP-address */
- 			asprintf (&server_address, "%s", optarg);
-			break;
-		case 'u': /* Host or server */
-			asprintf (&server_url, "%s", optarg);
-			server_url_length = strlen (server_url);
-			break;
-		case 'p': /* Host or server */
-			if (!is_intnonneg (optarg))
-				usage2 ("invalid port number", optarg);
-			server_port = atoi (optarg);
-			specify_port = TRUE;
-			break;
-		case 'a': /* authorization info */
-			strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
-			user_auth[MAX_INPUT_BUFFER - 1] = 0;
-			break;
-		case 'P': /* HTTP POST data in URL encoded format */
-			asprintf (&http_method, "%s", "POST");
-			asprintf (&http_post_data, "%s", optarg);
-			break;
-		case 's': /* string or substring */
-			strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
-			string_expect[MAX_INPUT_BUFFER - 1] = 0;
-			break;
-		case 'e': /* string or substring */
-			strncpy (server_expect, optarg, MAX_INPUT_BUFFER - 1);
-			server_expect[MAX_INPUT_BUFFER - 1] = 0;
-			server_expect_yn = 1;
-			break;
-#ifndef HAVE_REGEX_H
- 		case 'l': /* linespan */
- 		case 'r': /* linespan */
- 		case 'R': /* linespan */
-			usage ("check_http: call for regex which was not a compiled option\n");
-			break;
+      use_ssl = TRUE;
+      if (specify_port == FALSE)
+        server_port = HTTPS_PORT;
+      break;
+    case 'f': /* onredirect */
+      if (!strcmp (optarg, "follow"))
+        onredirect = STATE_DEPENDENT;
+      if (!strcmp (optarg, "unknown"))
+        onredirect = STATE_UNKNOWN;
+      if (!strcmp (optarg, "ok"))
+        onredirect = STATE_OK;
+      if (!strcmp (optarg, "warning"))
+        onredirect = STATE_WARNING;
+      if (!strcmp (optarg, "critical"))
+        onredirect = STATE_CRITICAL;
+      if (verbose)
+        printf(_("option f:%d \n"), onredirect);  
+      break;
+    /* Note: H, I, and u must be malloc'd or will fail on redirects */
+    case 'H': /* Host Name (virtual host) */
+      host_name = strdup (optarg);
+      if (strstr (optarg, ":"))
+        sscanf (optarg, "%*[^:]:%d", &server_port);
+      break;
+    case 'I': /* Server IP-address */
+      server_address = strdup (optarg);
+      break;
+    case 'u': /* URL path */
+      server_url = strdup (optarg);
+      server_url_length = strlen (server_url);
+      break;
+    case 'p': /* Server port */
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid port number"), optarg);
+      else {
+        server_port = atoi (optarg);
+        specify_port = TRUE;
+      }
+      break;
+    case 'a': /* authorization info */
+      strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
+      user_auth[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'y': /* proxy-authorization info */
+      strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER -1);
+      proxy_auth[MAX_INPUT_BUFFER -1] = 0;
+      break;
+    case 'P': /* HTTP POST data in URL encoded format */
+      if (http_method || http_post_data) break;
+      http_method = strdup("POST");
+      http_post_data = strdup (optarg);
+      break;
+    case 's': /* string or substring */
+      strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
+      string_expect[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'e': /* string or substring */
+      strncpy (server_expect, optarg, MAX_INPUT_BUFFER - 1);
+      server_expect[MAX_INPUT_BUFFER - 1] = 0;
+      server_expect_yn = 1;
+      break;
+    case 'T': /* Content-type */
+      asprintf (&http_content_type, "%s", optarg);
+      break;
+    case 'l': /* linespan */
+      cflags &= ~REG_NEWLINE;
+      break;
+    case 'R': /* regex */
+      cflags |= REG_ICASE;
+    case 'r': /* regex */
+      strncpy (regexp, optarg, MAX_RE_SIZE - 1);
+      regexp[MAX_RE_SIZE - 1] = 0;
+      errcode = regcomp (&preg, regexp, cflags);
+      if (errcode != 0) {
+        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
+        return ERROR;
+      }
+      break;
+    case INVERT_REGEX:
+      invert_regex = 1;
+      break;
+    case '4':
+      address_family = AF_INET;
+      break;
+    case '6':
+#ifdef USE_IPV6
+      address_family = AF_INET6;
 #else
- 		case 'l': /* linespan */
- 			cflags &= ~REG_NEWLINE;
- 			break;
-		case 'R': /* regex */
-			cflags |= REG_ICASE;
-		case 'r': /* regex */
-			strncpy (regexp, optarg, MAX_RE_SIZE - 1);
-			regexp[MAX_RE_SIZE - 1] = 0;
-			errcode = regcomp (&preg, regexp, cflags);
-			if (errcode != 0) {
-				(void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
-				printf ("Could Not Compile Regular Expression: %s", errbuf);
-				return ERROR;
-			}
-			break;
+      usage4 (_("IPv6 support not available"));
 #endif
-		case 'v': /* verbose */
-			verbose = TRUE;
-			break;
-		}
-	}
-
-	c = optind;
-
-	if (strcmp (server_address, "") == 0 && c < argc)
-			asprintf (&server_address, "%s", argv[c++]);
-
-	if (strcmp (host_name, "") == 0 && c < argc)
- 		asprintf (&host_name, "%s", argv[c++]);
-
-	if (strcmp (server_address ,"") == 0) {
-		if (strcmp (host_name, "") == 0)
-			usage ("check_http: you must specify a server address or host name\n");
-		else
-			asprintf (&server_address, "%s", host_name);
-	}
+      break;
+    case 'v': /* verbose */
+      verbose = TRUE;
+      break;
+    case 'm': /* min_page_length */
+      {
+      char *tmp;
+      if (strchr(optarg, ':') != (char *)NULL) {
+        /* range, so get two values, min:max */
+        tmp = strtok(optarg, ":");
+        if (tmp == NULL) {
+          printf("Bad format: try \"-m min:max\"\n");
+          exit (STATE_WARNING);
+        } else
+          min_page_len = atoi(tmp);
+
+        tmp = strtok(NULL, ":");
+        if (tmp == NULL) {
+          printf("Bad format: try \"-m min:max\"\n");
+          exit (STATE_WARNING);
+        } else
+          max_page_len = atoi(tmp);
+      } else 
+        min_page_len = atoi (optarg);
+      break;
+      }
+    case 'N': /* no-body */
+      no_body = TRUE;
+      break;
+    case 'M': /* max-age */
+                  {
+                    int L = strlen(optarg);
+                    if (L && optarg[L-1] == 'm')
+                      maximum_age = atoi (optarg) * 60;
+                    else if (L && optarg[L-1] == 'h')
+                      maximum_age = atoi (optarg) * 60 * 60;
+                    else if (L && optarg[L-1] == 'd')
+                      maximum_age = atoi (optarg) * 60 * 60 * 24;
+                    else if (L && (optarg[L-1] == 's' ||
+                                   isdigit (optarg[L-1])))
+                      maximum_age = atoi (optarg);
+                    else {
+                      fprintf (stderr, "unparsable max-age: %s\n", optarg);
+                      exit (STATE_WARNING);
+                    }
+                  }
+                  break;
+    }
+  }
+
+  c = optind;
+
+  if (server_address == NULL && c < argc)
+    server_address = strdup (argv[c++]);
+
+  if (host_name == NULL && c < argc)
+    host_name = strdup (argv[c++]);
+
+  if (server_address == NULL) {
+    if (host_name == NULL)
+      usage4 (_("You must specify a server address or host name"));
+    else
+      server_address = strdup (host_name);
+  }
 
-	return TRUE;
+  if (check_critical_time && critical_time>(double)socket_timeout)
+    socket_timeout = (int)critical_time + 1;
+
+  if (http_method == NULL)
+    http_method = strdup ("GET");
+
+  return TRUE;
 }
-
+
 
 
 /* written by lauri alanko */
 static char *
-base64 (char *bin, int len)
+base64 (const char *bin, size_t len)
 {
 
-	char *buf = (char *) malloc ((len + 2) / 3 * 4 + 1);
-	int i = 0, j = 0;
+  char *buf = (char *) malloc ((len + 2) / 3 * 4 + 1);
+  size_t i = 0, j = 0;
 
-	char BASE64_END = '=';
-	char base64_table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+  char BASE64_END = '=';
+  char base64_table[64];
+  strncpy (base64_table, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", 64);
+
+  while (j < len - 2) {
+    buf[i++] = base64_table[bin[j] >> 2];
+    buf[i++] = base64_table[((bin[j] & 3) << 4) | (bin[j + 1] >> 4)];
+    buf[i++] = base64_table[((bin[j + 1] & 15) << 2) | (bin[j + 2] >> 6)];
+    buf[i++] = base64_table[bin[j + 2] & 63];
+    j += 3;
+  }
+
+  switch (len - j) {
+  case 1:
+    buf[i++] = base64_table[bin[j] >> 2];
+    buf[i++] = base64_table[(bin[j] & 3) << 4];
+    buf[i++] = BASE64_END;
+    buf[i++] = BASE64_END;
+    break;
+  case 2:
+    buf[i++] = base64_table[bin[j] >> 2];
+    buf[i++] = base64_table[((bin[j] & 3) << 4) | (bin[j + 1] >> 4)];
+    buf[i++] = base64_table[(bin[j + 1] & 15) << 2];
+    buf[i++] = BASE64_END;
+    break;
+  case 0:
+    break;
+  }
 
-	while (j < len - 2) {
-		buf[i++] = base64_table[bin[j] >> 2];
-		buf[i++] = base64_table[((bin[j] & 3) << 4) | (bin[j + 1] >> 4)];
-		buf[i++] = base64_table[((bin[j + 1] & 15) << 2) | (bin[j + 2] >> 6)];
-		buf[i++] = base64_table[bin[j + 2] & 63];
-		j += 3;
-	}
-
-	switch (len - j) {
-	case 1:
-		buf[i++] = base64_table[bin[j] >> 2];
-		buf[i++] = base64_table[(bin[j] & 3) << 4];
-		buf[i++] = BASE64_END;
-		buf[i++] = BASE64_END;
-		break;
-	case 2:
-		buf[i++] = base64_table[bin[j] >> 2];
-		buf[i++] = base64_table[((bin[j] & 3) << 4) | (bin[j + 1] >> 4)];
-		buf[i++] = base64_table[(bin[j + 1] & 15) << 2];
-		buf[i++] = BASE64_END;
-		break;
-	case 0:
-		break;
-	}
-
-	buf[i] = '\0';
-	return buf;
+  buf[i] = '\0';
+  return buf;
 }
-
 
 
-int
-check_http (void)
+
+/* Returns 1 if we're done processing the document body; 0 to keep going */
+static int
+document_headers_done (char *full_page)
 {
-	char *msg = NULL;
-	char *status_line = "";
-	char *header = NULL;
-	char *page = "";
-	char *auth = NULL;
-	int i = 0;
-	size_t pagesize = 0;
-	char *full_page = "";
-	char *buf = NULL;
-	char *pos = "";
-	char *x = NULL;
-	char *orig_url = NULL;
-	double elapsed_time;
-#ifdef HAVE_SSL
-	int sslerr;
-#endif
+  const char *body;
 
-	/* try to connect to the host at the given port number */
-#ifdef HAVE_SSL
-	if (use_ssl == TRUE) {
+  for (body = full_page; *body; body++) {
+    if (!strncmp (body, "\n\n", 2) || !strncmp (body, "\n\r\n", 3))
+      break;
+  }
 
-		if (connect_SSL () != OK) {
-			terminate (STATE_CRITICAL, "Unable to open TCP socket");
-		}
-
-		if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
-			X509_free (server_cert);
-		}
-		else {
-			printf ("ERROR: Cannot retrieve server certificate.\n");
-			return STATE_CRITICAL;
-		}
+  if (!*body)
+    return 0;  /* haven't read end of headers yet */
 
-	}
-	else {
-#endif
-		if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
-			terminate (STATE_CRITICAL, "Unable to open TCP socket");
-#ifdef HAVE_SSL
-	}
-#endif
+  full_page[body - full_page] = 0;
+  return 1;
+}
+
+static time_t
+parse_time_string (const char *string)
+{
+  struct tm tm;
+  time_t t;
+  memset (&tm, 0, sizeof(tm));
+
+  /* Like this: Tue, 25 Dec 2001 02:59:03 GMT */
+
+  if (isupper (string[0])  &&  /* Tue */
+    islower (string[1])  &&
+    islower (string[2])  &&
+    ',' ==   string[3]   &&
+    ' ' ==   string[4]   &&
+    (isdigit(string[5]) || string[5] == ' ') &&   /* 25 */
+    isdigit (string[6])  &&
+    ' ' ==   string[7]   &&
+    isupper (string[8])  &&  /* Dec */
+    islower (string[9])  &&
+    islower (string[10]) &&
+    ' ' ==   string[11]  &&
+    isdigit (string[12]) &&  /* 2001 */
+    isdigit (string[13]) &&
+    isdigit (string[14]) &&
+    isdigit (string[15]) &&
+    ' ' ==   string[16]  &&
+    isdigit (string[17]) &&  /* 02: */
+    isdigit (string[18]) &&
+    ':' ==   string[19]  &&
+    isdigit (string[20]) &&  /* 59: */
+    isdigit (string[21]) &&
+    ':' ==   string[22]  &&
+    isdigit (string[23]) &&  /* 03 */
+    isdigit (string[24]) &&
+    ' ' ==   string[25]  &&
+    'G' ==   string[26]  &&  /* GMT */
+    'M' ==   string[27]  &&  /* GMT */
+    'T' ==   string[28]) {
+
+    tm.tm_sec  = 10 * (string[23]-'0') + (string[24]-'0');
+    tm.tm_min  = 10 * (string[20]-'0') + (string[21]-'0');
+    tm.tm_hour = 10 * (string[17]-'0') + (string[18]-'0');
+    tm.tm_mday = 10 * (string[5] == ' ' ? 0 : string[5]-'0') + (string[6]-'0');
+    tm.tm_mon = (!strncmp (string+8, "Jan", 3) ? 0 :
+      !strncmp (string+8, "Feb", 3) ? 1 :
+      !strncmp (string+8, "Mar", 3) ? 2 :
+      !strncmp (string+8, "Apr", 3) ? 3 :
+      !strncmp (string+8, "May", 3) ? 4 :
+      !strncmp (string+8, "Jun", 3) ? 5 :
+      !strncmp (string+8, "Jul", 3) ? 6 :
+      !strncmp (string+8, "Aug", 3) ? 7 :
+      !strncmp (string+8, "Sep", 3) ? 8 :
+      !strncmp (string+8, "Oct", 3) ? 9 :
+      !strncmp (string+8, "Nov", 3) ? 10 :
+      !strncmp (string+8, "Dec", 3) ? 11 :
+      -1);
+    tm.tm_year = ((1000 * (string[12]-'0') +
+      100 * (string[13]-'0') +
+      10 * (string[14]-'0') +
+      (string[15]-'0'))
+      - 1900);
+
+    tm.tm_isdst = 0;  /* GMT is never in DST, right? */
+
+    if (tm.tm_mon < 0 || tm.tm_mday < 1 || tm.tm_mday > 31)
+      return 0;
+
+    /* 
+    This is actually wrong: we need to subtract the local timezone
+    offset from GMT from this value.  But, that's ok in this usage,
+    because we only comparing these two GMT dates against each other,
+    so it doesn't matter what time zone we parse them in.
+    */
+
+    t = mktime (&tm);
+    if (t == (time_t) -1) t = 0;
+
+    if (verbose) {
+      const char *s = string;
+      while (*s && *s != '\r' && *s != '\n')
+      fputc (*s++, stdout);
+      printf (" ==> %lu\n", (unsigned long) t);
+    }
+
+    return t;
+
+  } else {
+    return 0;
+  }
+}
 
-	asprintf (&buf, "%s %s HTTP/1.0\r\n", http_method, server_url);
 
-	/* optionally send the host header info (not clear if it's usable) */
-	if (strcmp (host_name, ""))
-		asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
-
-	/* send user agent */
-	asprintf (&buf, "%sUser-Agent: check_http/%s (nagios-plugins %s)\r\n",
-	          buf, clean_revstring (REVISION), PACKAGE_VERSION);
-
-	/* optionally send the authentication info */
-	if (strcmp (user_auth, "")) {
-		auth = base64 (user_auth, strlen (user_auth));
-		asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
-	}
-
-	/* either send http POST data */
-	if (strlen (http_post_data)) {
-		asprintf (&buf, "%sContent-Type: application/x-www-form-urlencoded\r\n", buf);
-		asprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, strlen (http_post_data));
-		asprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
-	}
-	else {
-		/* or just a newline so the server knows we're done with the request */
-		asprintf (&buf, "%s%s", buf, CRLF);
-	}
 
+static void
+check_document_dates (const char *headers)
+{
+  const char *s;
+  char *server_date = 0;
+  char *document_date = 0;
+
+  s = headers;
+  while (*s) {
+    const char *field = s;
+    const char *value = 0;
+
+    /* Find the end of the header field */
+    while (*s && !isspace(*s) && *s != ':')
+      s++;
+
+    /* Remember the header value, if any. */
+    if (*s == ':')
+      value = ++s;
+
+    /* Skip to the end of the header, including continuation lines. */
+    while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
+      s++;
+    s++;
+
+    /* Process this header. */
+    if (value && value > field+2) {
+      char *ff = (char *) malloc (value-field);
+      char *ss = ff;
+      while (field < value-1)
+        *ss++ = tolower(*field++);
+      *ss++ = 0;
+
+      if (!strcmp (ff, "date") || !strcmp (ff, "last-modified")) {
+        const char *e;
+        while (*value && isspace (*value))
+          value++;
+        for (e = value; *e && *e != '\r' && *e != '\n'; e++)
+          ;
+        ss = (char *) malloc (e - value + 1);
+        strncpy (ss, value, e - value);
+        ss[e - value] = 0;
+        if (!strcmp (ff, "date")) {
+          if (server_date) free (server_date);
+          server_date = ss;
+        } else {
+          if (document_date) free (document_date);
+          document_date = ss;
+        }
+      }
+      free (ff);
+    }
+  }
+
+  /* Done parsing the body.  Now check the dates we (hopefully) parsed.  */
+  if (!server_date || !*server_date) {
+    die (STATE_UNKNOWN, _("Server date unknown\n"));
+  } else if (!document_date || !*document_date) {
+    die (STATE_CRITICAL, _("Document modification date unknown\n"));
+  } else {
+    time_t srv_data = parse_time_string (server_date);
+    time_t doc_data = parse_time_string (document_date);
+
+    if (srv_data <= 0) {
+      die (STATE_CRITICAL, _("CRITICAL - Server date \"%100s\" unparsable"), server_date);
+    } else if (doc_data <= 0) {
+      die (STATE_CRITICAL, _("CRITICAL - Document date \"%100s\" unparsable"), document_date);
+    } else if (doc_data > srv_data + 30) {
+      die (STATE_CRITICAL, _("CRITICAL - Document is %d seconds in the future\n"), (int)doc_data - (int)srv_data);
+    } else if (doc_data < srv_data - maximum_age) {
+    int n = (srv_data - doc_data);
+    if (n > (60 * 60 * 24 * 2))
+      die (STATE_CRITICAL,
+        _("CRITICAL - Last modified %.1f days ago\n"),
+        ((float) n) / (60 * 60 * 24));
+  else
+    die (STATE_CRITICAL,
+        _("CRITICAL - Last modified %d:%02d:%02d ago\n"),
+        n / (60 * 60), (n / 60) % 60, n % 60);
+    }
+
+    free (server_date);
+    free (document_date);
+  }
+}
+
+int
+get_content_length (const char *headers)
+{
+  const char *s;
+  int content_length = 0;
+
+  s = headers;
+  while (*s) {
+    const char *field = s;
+    const char *value = 0;
+
+    /* Find the end of the header field */
+    while (*s && !isspace(*s) && *s != ':')
+      s++;
+
+    /* Remember the header value, if any. */
+    if (*s == ':')
+      value = ++s;
+
+    /* Skip to the end of the header, including continuation lines. */
+    while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
+      s++;
+    s++;
+
+    /* Process this header. */
+    if (value && value > field+2) {
+      char *ff = (char *) malloc (value-field);
+      char *ss = ff;
+      while (field < value-1)
+        *ss++ = tolower(*field++);
+      *ss++ = 0;
+
+      if (!strcmp (ff, "content-length")) {
+        const char *e;
+        while (*value && isspace (*value))
+          value++;
+        for (e = value; *e && *e != '\r' && *e != '\n'; e++)
+          ;
+        ss = (char *) malloc (e - value + 1);
+        strncpy (ss, value, e - value);
+        ss[e - value] = 0;
+        content_length = atoi(ss);
+        free (ss);
+      }
+      free (ff);
+    }
+  }
+  return (content_length);
+}
+
+int
+check_http (void)
+{
+  char *msg;
+  char *status_line;
+  char *status_code;
+  char *header;
+  char *page;
+  char *auth;
+  // proxy-auth
+  char *pauth;
+  int http_status;
+  int i = 0;
+  size_t pagesize = 0;
+  char *full_page;
+  char *buf;
+  char *pos;
+  long microsec;
+  double elapsed_time;
+  int page_len = 0;
+  int result = STATE_UNKNOWN;
+
+  /* try to connect to the host at the given port number */
+  if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
+    die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
 #ifdef HAVE_SSL
-	if (use_ssl == TRUE) {
-		if (SSL_write (ssl, buf, strlen (buf)) == -1) {
-			ERR_print_errors_fp (stderr);
-			return STATE_CRITICAL;
-		}
-	}
-	else {
+  if (use_ssl == TRUE) {
+    np_net_ssl_init(sd);
+    if (check_cert == TRUE) {
+      result = np_net_ssl_check_cert(days_till_exp);
+      np_net_ssl_cleanup();
+      if(sd) close(sd);
+      return result;
+    }
+  }
+#endif /* HAVE_SSL */
+
+  asprintf (&buf, "%s %s HTTP/1.0\r\n%s\r\n", http_method, server_url, user_agent);
+
+  /* optionally send the host header info */
+  if (host_name)
+    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+
+  /* optionally send any other header tag */
+  if (http_opt_headers_count) {
+    for (i = 0; i < http_opt_headers_count ; i++) {
+      for ((pos = strtok(http_opt_headers[i], INPUT_DELIMITER)); pos; (pos = strtok(NULL, INPUT_DELIMITER)))
+        asprintf (&buf, "%s%s\r\n", buf, pos);
+    }
+    free(http_opt_headers);
+  }
+
+  /* optionally send the authentication info */
+  if (strlen(user_auth)) {
+    auth = base64 (user_auth, strlen (user_auth));
+    asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth);
+  }
+
+  /* optionally send the proxy-authentication info */
+  if (strlen(proxy_auth)) {
+    pauth = base64 (proxy_auth, strlen (proxy_auth));
+    asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, pauth);
+  }
+
+  /* either send http POST data */
+  if (http_post_data) {
+    if (http_content_type) {
+      asprintf (&buf, "%sContent-Type: %s\r\n", buf, http_content_type);
+    } else {
+      asprintf (&buf, "%sContent-Type: application/x-www-form-urlencoded\r\n", buf);
+    }
+    
+    asprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, (int)strlen (http_post_data));
+    asprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
+  }
+  else {
+    /* or just a newline so the server knows we're done with the request */
+    asprintf (&buf, "%s%s", buf, CRLF);
+  }
+
+  if (verbose) printf ("%s\n", buf);
+  my_send (buf, strlen (buf));
+
+  /* fetch the page */
+  full_page = strdup("");
+  while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
+    buffer[i] = '\0';
+    asprintf (&full_page, "%s%s", full_page, buffer);
+    pagesize += i;
+
+                if (no_body && document_headers_done (full_page)) {
+                  i = 0;
+                  break;
+                }
+  }
+
+  if (i < 0 && errno != ECONNRESET) {
+#ifdef HAVE_SSL
+    /*
+    if (use_ssl) {
+      sslerr=SSL_get_error(ssl, i);
+      if ( sslerr == SSL_ERROR_SSL ) {
+        die (STATE_WARNING, _("Client Certificate Required\n"));
+      } else {
+        die (STATE_CRITICAL, _("Error on receive\n"));
+      }
+    }
+    else {
+    */
 #endif
-		send (sd, buf, strlen (buf), 0);
+      die (STATE_CRITICAL, _("Error on receive\n"));
 #ifdef HAVE_SSL
-	}
+      /* XXX
+    }
+    */
 #endif
+  }
 
-	/* fetch the page */
-	while ((i = my_recv ()) > 0) {
-		buffer[i] = '\0';
-		asprintf (&full_page, "%s%s", full_page, buffer);
-		pagesize += i;
-	}
+  /* return a CRITICAL status if we couldn't read any data */
+  if (pagesize == (size_t) 0)
+    die (STATE_CRITICAL, _("No data received from host\n"));
 
-	if (i < 0) {
+  /* close the connection */
 #ifdef HAVE_SSL
-		sslerr=SSL_get_error(ssl, i);
-		if ( sslerr == SSL_ERROR_SSL ) {
-			terminate (STATE_WARNING, "Client Certificate Required\n");
-		} else {
-			terminate (STATE_CRITICAL, "Error in recv()");
-		}
-#else
-		terminate (STATE_CRITICAL, "Error in recv()");
+  np_net_ssl_cleanup();
 #endif
-	}
+  if(sd) close(sd);
 
-	/* return a CRITICAL status if we couldn't read any data */
-	if (pagesize == (size_t) 0)
-		terminate (STATE_CRITICAL, "No data received %s", timestamp);
-
-	/* close the connection */
-	my_close ();
-
-	/* reset the alarm */
-	alarm (0);
-
-	/* leave full_page untouched so we can free it later */
-	page = full_page;
-
-	if (verbose)
-		printf ("Page is %d characters\n", pagesize);
-
-	/* find status line and null-terminate it */
-	status_line = page;
-	page += (size_t) strcspn (page, "\r\n");
-	pos = page;
-	page += (size_t) strspn (page, "\r\n");
-	status_line[strcspn(status_line, "\r\n")] = 0;
-	strip (status_line);
-	if (verbose)
-		printf ("STATUS: %s\n", status_line);
-
-	/* find header info and null terminate it */
-	header = page;
-	while (strcspn (page, "\r\n") > 0) {
-		page += (size_t) strcspn (page, "\r\n");
-		pos = page;
-		if ((strspn (page, "\r") == 1 && strspn (page, "\r\n") >= 2) ||
-		    (strspn (page, "\n") == 1 && strspn (page, "\r\n") >= 2))
-			page += (size_t) 2;
-		else
-			page += (size_t) 1;
-	}
-	page += (size_t) strspn (page, "\r\n");
-	header[pos - header] = 0;
-	if (verbose)
-		printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header, page);
-
-	/* make sure the status line matches the response we are looking for */
-	if (!strstr (status_line, server_expect)) {
-		if (server_port == HTTP_PORT)
-			asprintf (&msg, "Invalid HTTP response received from host\n");
-		else
-			asprintf (&msg,
-			                "Invalid HTTP response received from host on port %d\n",
-			                server_port);
-		terminate (STATE_CRITICAL, msg);
-	}
-
-
-	/* Exit here if server_expect was set by user and not default */
-	if ( server_expect_yn  )  {
-		asprintf (&msg, "HTTP OK: Status line output matched \"%s\"\n",
-	                  server_expect);
-		if (verbose)
-			printf ("%s\n",msg);
-
-	}
-	else {
-	
-
-		/* check the return code */
-		/* server errors result in a critical state */
-		if (strstr (status_line, "500") ||
-	  	  strstr (status_line, "501") ||
-	    	strstr (status_line, "502") ||
-		    strstr (status_line, "503")) {
-			terminate (STATE_CRITICAL, "HTTP CRITICAL: %s\n", status_line);
-		}
-
-		/* client errors result in a warning state */
-		if (strstr (status_line, "400") ||
-	  	  strstr (status_line, "401") ||
-	    	strstr (status_line, "402") ||
-		    strstr (status_line, "403") ||
-		    strstr (status_line, "404")) {
-			terminate (STATE_WARNING, "HTTP WARNING: %s\n", status_line);
-		}
-
-		/* check redirected page if specified */
-		if (strstr (status_line, "300") ||
-	  	  strstr (status_line, "301") ||
-	    	strstr (status_line, "302") ||
-		    strstr (status_line, "303") ||
-		    strstr (status_line, "304")) {
-			if (onredirect == STATE_DEPENDENT) {
-
-				asprintf (&orig_url, "%s", server_url);
-				pos = header;
-				while (pos) {
-					server_address = realloc (server_address, MAX_IPV4_HOSTLENGTH);
-					if (server_address == NULL)
-						terminate (STATE_UNKNOWN,
-										 "HTTP UNKNOWN: could not allocate server_address");
-					if (strcspn (pos, "\r\n") > server_url_length) {
-						server_url = realloc (server_url, strcspn (pos, "\r\n"));
-						if (server_url == NULL)
-							terminate (STATE_UNKNOWN,
-							           "HTTP UNKNOWN: could not allocate server_url");
-						server_url_length = strcspn (pos, "\r\n");
-					}
-					if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST URI_PORT URI_PATH, server_type, server_address, server_port_text, server_url) == 4) {
-						asprintf (&host_name, "%s", server_address);
-						use_ssl = server_type_check (server_type);
-						server_port = atoi (server_port_text);
-						check_http ();
-					}
-					else if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST URI_PATH, server_type, server_address, server_url) == 3 ) { 
-						asprintf (&host_name, "%s", server_address);
-						use_ssl = server_type_check (server_type);
-						server_port = server_port_check (use_ssl);
-						check_http ();
-					}
-					else if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST URI_PORT, server_type, server_address, server_port_text) == 3) {
-						asprintf (&host_name, "%s", server_address);
-						strcpy (server_url, "/");
-						use_ssl = server_type_check (server_type);
-						server_port = atoi (server_port_text);
-						check_http ();
-					}
-					else if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST, server_type, server_address) == 2) {
-						asprintf (&host_name, "%s", server_address);
-						strcpy (server_url, "/");
-						use_ssl = server_type_check (server_type);
-						server_port = server_port_check (use_ssl);
-						check_http ();
-					}
-					else if (sscanf (pos, HDR_LOCATION URI_PATH, server_url) == 1) {
-						if ((server_url[0] != '/') && (x = strrchr(orig_url, '/'))) {
-							*x = '\0';
-							asprintf (&server_url, "%s/%s", orig_url, server_url);
-						}
-						check_http ();
-					} 					
-					pos += (size_t) strcspn (pos, "\r\n");
-					pos += (size_t) strspn (pos, "\r\n");
-				} /* end while (pos) */
-				printf ("HTTP UNKNOWN: Could not find redirect location - %s%s",
-				        status_line, (display_html ? "</A>" : ""));
-				exit (STATE_UNKNOWN);
-			} /* end if (onredirect == STATE_DEPENDENT) */
-			
-			else if (onredirect == STATE_UNKNOWN)
-				printf ("HTTP UNKNOWN");
-			else if (onredirect == STATE_OK)
-				printf ("HTTP ok");
-			else if (onredirect == STATE_WARNING)
-				printf ("HTTP WARNING");
-			else if (onredirect == STATE_CRITICAL)
-				printf ("HTTP CRITICAL");
-			elapsed_time = delta_time (tv);
-			asprintf (&msg, ": %s - %7.3f second response time %s%s|time=%7.3f\n",
-		                 status_line, elapsed_time, timestamp,
-	                   (display_html ? "</A>" : ""), elapsed_time);
-			terminate (onredirect, msg);
-		} /* end if (strstr (status_line, "30[0-4]") */
-
-
-	} /* end else (server_expect_yn)  */
-
-		
-	/* check elapsed time */
-	elapsed_time = delta_time (tv);
-	asprintf (&msg, "HTTP problem: %s - %7.3f second response time %s%s|time=%7.3f\n",
-	               status_line, elapsed_time, timestamp,
-	               (display_html ? "</A>" : ""), elapsed_time);
-	if (check_critical_time == TRUE && elapsed_time > critical_time)
-		terminate (STATE_CRITICAL, msg);
-	if (check_warning_time == TRUE && elapsed_time > warning_time)
-		terminate (STATE_WARNING, msg);
-
-	/* Page and Header content checks go here */
-	/* these checks should be last */
-
-	if (strlen (string_expect)) {
-		if (strstr (page, string_expect)) {
-			printf ("HTTP ok: %s - %7.3f second response time %s%s|time=%7.3f\n",
-			        status_line, elapsed_time,
-			        timestamp, (display_html ? "</A>" : ""), elapsed_time);
-			exit (STATE_OK);
-		}
-		else {
-			printf ("HTTP CRITICAL: string not found%s|time=%7.3f\n",
-			        (display_html ? "</A>" : ""), elapsed_time);
-			exit (STATE_CRITICAL);
-		}
-	}
-#ifdef HAVE_REGEX_H
-	if (strlen (regexp)) {
-		errcode = regexec (&preg, page, REGS, pmatch, 0);
-		if (errcode == 0) {
-			printf ("HTTP ok: %s - %7.3f second response time %s%s|time=%7.3f\n",
-			        status_line, elapsed_time,
-			        timestamp, (display_html ? "</A>" : ""), elapsed_time);
-			exit (STATE_OK);
-		}
-		else {
-			if (errcode == REG_NOMATCH) {
-				printf ("HTTP CRITICAL: pattern not found%s|time=%7.3f\n",
-				        (display_html ? "</A>" : ""), elapsed_time);
-				exit (STATE_CRITICAL);
-			}
-			else {
-				regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
-				printf ("Execute Error: %s\n", errbuf);
-				exit (STATE_CRITICAL);
-			}
-		}
-	}
-#endif
+  /* reset the alarm */
+  alarm (0);
 
-	/* We only get here if all tests have been passed */
-	asprintf (&msg, "HTTP ok: %s - %7.3f second response time %s%s|time=%7.3f\n",
-	                status_line, (float)elapsed_time,
-	                timestamp, (display_html ? "</A>" : ""), elapsed_time);
-	terminate (STATE_OK, msg);
-	return STATE_UNKNOWN;
+  /* leave full_page untouched so we can free it later */
+  page = full_page;
+
+  if (verbose)
+    printf ("%s://%s:%d%s is %d characters\n",
+      use_ssl ? "https" : "http", server_address,
+      server_port, server_url, (int)pagesize);
+
+  /* find status line and null-terminate it */
+  status_line = page;
+  page += (size_t) strcspn (page, "\r\n");
+  pos = page;
+  page += (size_t) strspn (page, "\r\n");
+  status_line[strcspn(status_line, "\r\n")] = 0;
+  strip (status_line);
+  if (verbose)
+    printf ("STATUS: %s\n", status_line);
+
+  /* find header info and null-terminate it */
+  header = page;
+  while (strcspn (page, "\r\n") > 0) {
+    page += (size_t) strcspn (page, "\r\n");
+    pos = page;
+    if ((strspn (page, "\r") == 1 && strspn (page, "\r\n") >= 2) ||
+        (strspn (page, "\n") == 1 && strspn (page, "\r\n") >= 2))
+      page += (size_t) 2;
+    else
+      page += (size_t) 1;
+  }
+  page += (size_t) strspn (page, "\r\n");
+  header[pos - header] = 0;
+  if (verbose)
+    printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header,
+                (no_body ? "  [[ skipped ]]" : page));
+
+  /* make sure the status line matches the response we are looking for */
+  if (!strstr (status_line, server_expect)) {
+    if (server_port == HTTP_PORT)
+      asprintf (&msg,
+                _("Invalid HTTP response received from host\n"));
+    else
+      asprintf (&msg,
+                _("Invalid HTTP response received from host on port %d\n"),
+                server_port);
+    die (STATE_CRITICAL, "%s", msg);
+  }
+
+  /* Exit here if server_expect was set by user and not default */
+  if ( server_expect_yn  )  {
+    asprintf (&msg,
+              _("HTTP OK: Status line output matched \"%s\"\n"),
+              server_expect);
+    if (verbose)
+      printf ("%s\n",msg);
+  }
+  else {
+    /* Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF */
+    /* HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT */
+    /* Status-Code = 3 DIGITS */
+
+    status_code = strchr (status_line, ' ') + sizeof (char);
+    if (strspn (status_code, "1234567890") != 3)
+      die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status Line (%s)\n"), status_line);
+
+    http_status = atoi (status_code);
+
+    /* check the return code */
+
+    if (http_status >= 600 || http_status < 100)
+      die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status (%s)\n"), status_line);
+
+    /* server errors result in a critical state */
+    else if (http_status >= 500)
+      die (STATE_CRITICAL, _("HTTP CRITICAL: %s\n"), status_line);
+
+    /* client errors result in a warning state */
+    else if (http_status >= 400)
+      die (STATE_WARNING, _("HTTP WARNING: %s\n"), status_line);
+
+    /* check redirected page if specified */
+    else if (http_status >= 300) {
+
+      if (onredirect == STATE_DEPENDENT)
+        redir (header, status_line);
+      else if (onredirect == STATE_UNKNOWN)
+        printf (_("UNKNOWN"));
+      else if (onredirect == STATE_OK)
+        printf (_("OK"));
+      else if (onredirect == STATE_WARNING)
+        printf (_("WARNING"));
+      else if (onredirect == STATE_CRITICAL)
+        printf (_("CRITICAL"));
+      microsec = deltime (tv);
+      elapsed_time = (double)microsec / 1.0e6;
+      die (onredirect,
+           _(" - %s - %.3f second response time %s|%s %s\n"),
+           status_line, elapsed_time, 
+           (display_html ? "</A>" : ""),
+           perfd_time (elapsed_time), perfd_size (pagesize));
+    } /* end if (http_status >= 300) */
+
+  } /* end else (server_expect_yn)  */
+    
+        if (maximum_age >= 0) {
+          check_document_dates (header);
+        }
+
+  /* check elapsed time */
+  microsec = deltime (tv);
+  elapsed_time = (double)microsec / 1.0e6;
+  asprintf (&msg,
+            _("HTTP WARNING: %s - %.3f second response time %s|%s %s\n"),
+            status_line, elapsed_time, 
+            (display_html ? "</A>" : ""),
+            perfd_time (elapsed_time), perfd_size (pagesize));
+  if (check_critical_time == TRUE && elapsed_time > critical_time)
+    die (STATE_CRITICAL, "%s", msg);
+  if (check_warning_time == TRUE && elapsed_time > warning_time)
+    die (STATE_WARNING, "%s", msg);
+
+  /* Page and Header content checks go here */
+  /* these checks should be last */
+
+  if (strlen (string_expect)) {
+    if (strstr (page, string_expect)) {
+      printf (_("HTTP OK %s - %.3f second response time %s|%s %s\n"),
+              status_line, elapsed_time,
+              (display_html ? "</A>" : ""),
+              perfd_time (elapsed_time), perfd_size (pagesize));
+      exit (STATE_OK);
+    }
+    else {
+      printf (_("CRITICAL - string not found%s|%s %s\n"),
+              (display_html ? "</A>" : ""),
+              perfd_time (elapsed_time), perfd_size (pagesize));
+      exit (STATE_CRITICAL);
+    }
+  }
+
+  if (strlen (regexp)) {
+    errcode = regexec (&preg, page, REGS, pmatch, 0);
+    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+      printf (_("HTTP OK %s - %.3f second response time %s|%s %s\n"),
+              status_line, elapsed_time,
+              (display_html ? "</A>" : ""),
+              perfd_time (elapsed_time), perfd_size (pagesize));
+      exit (STATE_OK);
+    }
+    else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
+      if (invert_regex == 0) 
+        msg = strdup(_("pattern not found"));
+      else 
+        msg = strdup(_("pattern found"));
+      printf (("%s - %s%s|%s %s\n"),
+        _("CRITICAL"),
+        msg,
+        (display_html ? "</A>" : ""),
+        perfd_time (elapsed_time), perfd_size (pagesize));
+      exit (STATE_CRITICAL);
+    }
+    else {
+      regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+      printf (_("CRITICAL - Execute Error: %s\n"), errbuf);
+      exit (STATE_CRITICAL);
+    }
+  }
+
+  /* make sure the page is of an appropriate size */
+  /* page_len = get_content_length(header); */
+  page_len = pagesize;
+  if ((max_page_len > 0) && (page_len > max_page_len)) {
+    printf (_("HTTP WARNING: page size %d too large%s|%s\n"),
+      page_len, (display_html ? "</A>" : ""), perfd_size (page_len) );
+    exit (STATE_WARNING);
+  } else if ((min_page_len > 0) && (page_len < min_page_len)) {
+    printf (_("HTTP WARNING: page size %d too small%s|%s\n"),
+      page_len, (display_html ? "</A>" : ""), perfd_size (page_len) );
+    exit (STATE_WARNING);
+  }
+  /* We only get here if all tests have been passed */
+  asprintf (&msg, _("HTTP OK %s - %d bytes in %.3f seconds %s|%s %s\n"),
+            status_line, page_len, elapsed_time,
+            (display_html ? "</A>" : ""),
+            perfd_time (elapsed_time), perfd_size (page_len));
+  die (STATE_OK, "%s", msg);
+  return STATE_UNKNOWN;
 }
 
 
 
-#ifdef HAVE_SSL
-int connect_SSL (void)
+/* per RFC 2396 */
+#define HDR_LOCATION "%*[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]: "
+#define URI_HTTP "%[HTPShtps]://"
+#define URI_HOST "%[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+#define URI_PORT ":%[0123456789]"
+#define URI_PATH "%[-_.!~*'();/?:@&=+$,%#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+#define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH
+#define HD2 URI_HTTP URI_HOST URI_PATH
+#define HD3 URI_HTTP URI_HOST URI_PORT
+#define HD4 URI_HTTP URI_HOST
+#define HD5 URI_PATH
+
+void
+redir (char *pos, char *status_line)
 {
-	SSL_METHOD *meth;
+  int i = 0;
+  char *x;
+  char xx[2];
+  char type[6];
+  char *addr;
+  char port[6];
+  char *url;
+
+  addr = malloc (MAX_IPV4_HOSTLENGTH + 1);
+  if (addr == NULL)
+    die (STATE_UNKNOWN, _("Could not allocate addr\n"));
+  
+  url = malloc (strcspn (pos, "\r\n"));
+  if (url == NULL)
+    die (STATE_UNKNOWN, _("Could not allocate url\n"));
+
+  while (pos) {
+    sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i);
+    if (i == 0) {
+      pos += (size_t) strcspn (pos, "\r\n");
+      pos += (size_t) strspn (pos, "\r\n");
+      if (strlen(pos) == 0) 
+        die (STATE_UNKNOWN,
+             _("UNKNOWN - Could not find redirect location - %s%s\n"),
+             status_line, (display_html ? "</A>" : ""));
+      continue;
+    }
+
+    pos += i;
+    pos += strspn (pos, " \t\r\n");
+
+    url = realloc (url, strcspn (pos, "\r\n"));
+    if (url == NULL)
+      die (STATE_UNKNOWN, _("could not allocate url\n"));
+
+    /* URI_HTTP, URI_HOST, URI_PORT, URI_PATH */
+    if (sscanf (pos, HD1, type, addr, port, url) == 4) {
+      use_ssl = server_type_check (type);
+      i = atoi (port);
+    }
+
+    /* URI_HTTP URI_HOST URI_PATH */
+    else if (sscanf (pos, HD2, type, addr, url) == 3 ) { 
+      use_ssl = server_type_check (type);
+      i = server_port_check (use_ssl);
+    }
+
+    /* URI_HTTP URI_HOST URI_PORT */
+    else if(sscanf (pos, HD3, type, addr, port) == 3) {
+      strcpy (url, HTTP_URL);
+      use_ssl = server_type_check (type);
+      i = atoi (port);
+    }
+
+    /* URI_HTTP URI_HOST */
+    else if(sscanf (pos, HD4, type, addr) == 2) {
+      strcpy (url, HTTP_URL);
+      use_ssl = server_type_check (type);
+      i = server_port_check (use_ssl);
+    }
+
+    /* URI_PATH */
+    else if (sscanf (pos, HD5, url) == 1) {
+      /* relative url */
+      if ((url[0] != '/')) {
+        if ((x = strrchr(server_url, '/')))
+          *x = '\0';
+        asprintf (&url, "%s/%s", server_url, url);
+      }
+      i = server_port;
+      strcpy (type, server_type);
+      strcpy (addr, host_name);
+    }           
+
+    else {
+      die (STATE_UNKNOWN,
+           _("UNKNOWN - Could not parse redirect location - %s%s\n"),
+           pos, (display_html ? "</A>" : ""));
+    }
+
+    break;
+
+  } /* end while (pos) */
+
+  if (++redir_depth > max_depth)
+    die (STATE_WARNING,
+         _("WARNING - maximum redirection depth %d exceeded - %s://%s:%d%s%s\n"),
+         max_depth, type, addr, i, url, (display_html ? "</A>" : ""));
+
+  if (server_port==i &&
+      !strcmp(server_address, addr) &&
+      (host_name && !strcmp(host_name, addr)) &&
+      !strcmp(server_url, url))
+    die (STATE_WARNING,
+         _("WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+         type, addr, i, url, (display_html ? "</A>" : ""));
+
+  server_port = i;
+  strcpy (server_type, type);
+
+  free (host_name);
+  host_name = strdup (addr);
 
-	asprintf (&randbuff, "%s", "qwertyuiopasdfghjklqwertyuiopasdfghjkl");
-	RAND_seed (randbuff, strlen (randbuff));
-	if (verbose)
-		printf("SSL seeding: %s\n", (RAND_status()==1 ? "OK" : "Failed") );
-
-	/* Initialize SSL context */
-	SSLeay_add_ssl_algorithms ();
-	meth = SSLv23_client_method ();
-	SSL_load_error_strings ();
-	if ((ctx = SSL_CTX_new (meth)) == NULL) {
-		printf ("ERROR: Cannot create SSL context.\n");
-		return STATE_CRITICAL;
-	}
-
-	/* Initialize alarm signal handling */
-	signal (SIGALRM, socket_timeout_alarm_handler);
-
-	/* Set socket timeout */
-	alarm (socket_timeout);
-
-	/* Save start time */
-	gettimeofday (&tv, NULL);
-
-	/* Make TCP connection */
-	if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
-		/* Do the SSL handshake */
-		if ((ssl = SSL_new (ctx)) != NULL) {
-			SSL_set_cipher_list(ssl, "ALL");
-			SSL_set_fd (ssl, sd);
-			if (SSL_connect (ssl) != -1)
-				return OK;
-			ERR_print_errors_fp (stderr);
-		}
-		else {
-			printf ("ERROR: Cannot initiate SSL handshake.\n");
-		}
-		SSL_free (ssl);
-	}
+  free (server_address);
+  server_address = strdup (addr);
 
-	SSL_CTX_free (ctx);
-	close (sd);
+  free (server_url);
+  server_url = strdup (url);
 
-	return STATE_CRITICAL;
+  check_http ();
 }
-#endif
 
-#ifdef HAVE_SSL
-int
-check_certificate (X509 ** certificate)
-{
-	ASN1_STRING *tm;
-	int offset;
-	struct tm stamp;
-	int days_left;
-
-
-	/* Retrieve timestamp of certificate */
-	tm = X509_get_notAfter (*certificate);
-
-	/* Generate tm structure to process timestamp */
-	if (tm->type == V_ASN1_UTCTIME) {
-		if (tm->length < 10) {
-			printf ("ERROR: Wrong time format in certificate.\n");
-			return STATE_CRITICAL;
-		}
-		else {
-			stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
-			if (stamp.tm_year < 50)
-				stamp.tm_year += 100;
-			offset = 0;
-		}
-	}
-	else {
-		if (tm->length < 12) {
-			printf ("ERROR: Wrong time format in certificate.\n");
-			return STATE_CRITICAL;
-		}
-		else {
-			stamp.tm_year =
-				(tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
-				(tm->data[2] - '0') * 10 + (tm->data[3] - '0');
-			stamp.tm_year -= 1900;
-			offset = 2;
-		}
-	}
-	stamp.tm_mon =
-		(tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
-	stamp.tm_mday =
-		(tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
-	stamp.tm_hour =
-		(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
-	stamp.tm_min =
-		(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-	stamp.tm_sec = 0;
-	stamp.tm_isdst = -1;
-
-	days_left = (mktime (&stamp) - time (NULL)) / 86400;
-	snprintf
-		(timestamp, 16, "%02d/%02d/%04d %02d:%02d",
-		 stamp.tm_mon + 1,
-		 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-
-	if (days_left > 0 && days_left <= days_till_exp) {
-		printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
-		return STATE_WARNING;
-	}
-	if (days_left < 0) {
-		printf ("Certificate expired on %s.\n", timestamp);
-		return STATE_CRITICAL;
-	}
-
-	if (days_left == 0) {
-		printf ("Certificate expires today (%s).\n", timestamp);
-		return STATE_WARNING;
-	}
 
-	printf ("Certificate will expire on %s.\n", timestamp);
 
-	return STATE_OK;
+int
+server_type_check (const char *type)
+{
+  if (strcmp (type, "https"))
+    return FALSE;
+  else
+    return TRUE;
 }
-#endif
-
-
 
 int
-my_recv (void)
+server_port_check (int ssl_flag)
 {
-	int i;
-#ifdef HAVE_SSL
-	if (use_ssl) {
-		i = SSL_read (ssl, buffer, MAX_INPUT_BUFFER - 1);
-	}
-	else {
-		i = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-	}
-#else
-	i = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-#endif
-	return i;
+  if (ssl_flag)
+    return HTTPS_PORT;
+  else
+    return HTTP_PORT;
 }
 
-
-int
-my_close (void)
+char *perfd_time (double elapsed_time)
 {
-#ifdef HAVE_SSL
-	if (use_ssl == TRUE) {
-		SSL_shutdown (ssl);
-		SSL_free (ssl);
-		SSL_CTX_free (ctx);
-		return 0;
-	}
-	else {
-#endif
-		return close (sd);
-#ifdef HAVE_SSL
-	}
-#endif
+  return fperfdata ("time", elapsed_time, "s",
+            check_warning_time, warning_time,
+            check_critical_time, critical_time,
+                   TRUE, 0, FALSE, 0);
 }
-
 
 
+
+char *perfd_size (int page_len)
+{
+  return perfdata ("size", page_len, "B",
+            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?TRUE:FALSE), 0,
+            TRUE, 0, FALSE, 0);
+}
+
 void
 print_help (void)
 {
-	print_revision (progname, REVISION);
-	printf
-		("Copyright (c) %s %s <%s>\n\n%s\n",
-		 COPYRIGHT, AUTHORS, EMAIL, SUMMARY);
-	print_usage ();
-	printf ("NOTE: One or both of -H and -I must be specified\n");
-	printf ("\nOptions:\n" LONGOPTIONS "\n", HTTP_EXPECT, HTTP_PORT,
-	        DEFAULT_SOCKET_TIMEOUT, SSLOPTIONS, REGOPTIONS);
+  print_revision (progname, revision);
+
+  printf ("Copyright (c) 1999 Ethan Galstad <nagios at nagios.org>\n");
+  printf (COPYRIGHT, copyright, email);
+
+  printf ("%s\n", _("This plugin tests the HTTP service on the specified host. It can test"));
+  printf ("%s\n", _("normal (http) and secure (https) servers, follow redirects, search for"));
+  printf ("%s\n", _("strings and regular expressions, check connection times, and report on"));
+  printf ("%s\n", _("certificate expiration times."));
+
+  printf ("\n\n");
+
+  print_usage ();
+
+  printf (_("NOTE: One or both of -H and -I must be specified"));
+
+  printf ("\n");
+
+  printf (_(UT_HELP_VRSN));
+
+  printf (" %s\n", "-H, --hostname=ADDRESS");
+  printf ("    %s\n", _("Host name argument for servers using host headers (virtual host)"));
+  printf ("    %s\n", _("Append a port to include it in the header (eg: example.com:5000)"));
+  printf (" %s\n", "-I, --IP-address=ADDRESS");
+  printf ("    %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup)."));
+  printf (" %s\n", "-p, --port=INTEGER");
+  printf (" %s", _("Port number (default: "));
+  printf ("%d)\n", HTTP_PORT);
+
+  printf (_(UT_IPv46));
+
 #ifdef HAVE_SSL
-	printf (SSLDESCRIPTION);
+  printf (" %s\n", "-S, --ssl");
+  printf ("   %s\n", _("Connect via SSL. Port defaults to 443"));
+  printf (" %s\n", "-C, --certificate=INTEGER");
+  printf ("   %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+  printf ("   %s\n", _("(when this option is used the url is not checked.)\n"));
+#endif
+
+  printf (" %s\n", "-e, --expect=STRING");
+  printf ("    %s\n", _("String to expect in first (status) line of server response (default: "));
+  printf ("%s)\n", HTTP_EXPECT);
+  printf ("    %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)"));
+  printf (" %s\n", "-s, --string=STRING");
+  printf ("    %s\n", _("String to expect in the content"));
+  printf (" %s\n", "-u, --url=PATH");
+  printf ("    %s\n", _("URL to GET or POST (default: /)"));
+  printf (" %s\n", "-P, --post=STRING");
+  printf ("    %s\n", _("URL encoded http POST data"));
+  printf (" %s\n", "-N, --no-body");
+  printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
+  printf ("    %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)"));
+  printf (" %s\n", "-M, --max-age=SECONDS");
+  printf ("    %s\n", _("Warn if document is more than SECONDS old. the number can also be of"));
+  printf ("    %s\n", _("the form \"10m\" for minutes, \"10h\" for hours, or \"10d\" for days."));
+  printf (" %s\n", "-T, --content-type=STRING");
+  printf ("    %s\n", _("specify Content-Type header media type when POSTing\n"));
+
+  printf (" %s\n", "-l, --linespan");
+  printf ("    %s\n", _("Allow regex to span newlines (must precede -r or -R)"));
+  printf (" %s\n", "-r, --regex, --ereg=STRING");
+  printf ("    %s\n", _("Search page for regex STRING"));
+  printf (" %s\n", "-R, --eregi=STRING");
+  printf ("    %s\n", _("Search page for case-insensitive regex STRING"));
+  printf (" %s\n", "--invert-regex");
+  printf ("    %s\n", _("Return CRITICAL if found, OK if not\n"));
+
+  printf (" %s\n", "-a, --authorization=AUTH_PAIR");
+  printf ("    %s\n", _("Username:password on sites with basic authentication"));
+  printf (" %s\n", "-y, --proxy-authorization=AUTH_PAIR");
+  printf ("    %s\n", _("Username:password on proxys with basic authentication"));
+  printf (" %s\n", "-A, --useragent=STRING");
+  printf ("    %s\n", _("String to be sent in http header as \"User Agent\""));
+  printf (" %s\n", "-k, --header=STRING");
+  printf ("    %s\n", _(" Any other tags to be sent in http header. Use multiple times for additional headers"));
+  printf (" %s\n", "-L, --link");
+  printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
+  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow>");
+  printf ("    %s\n", _("How to handle redirected pages"));
+  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
+  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
+
+  printf (_(UT_WARN_CRIT));
+
+  printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
+
+  printf (_(UT_VERBOSE));
+
+  printf (_("Notes:"));
+  printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
+  printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
+  printf (" %s\n", _("other errors return STATE_UNKNOWN.  Successful connects, but incorrect reponse"));
+  printf (" %s\n", _("messages from the host result in STATE_WARNING return values.  If you are"));
+  printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
+  printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
+
+#ifdef HAVE_SSL
+  printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to"));
+  printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 "));
+  printf (" %s\n", _("certificate is still valid for the specified number of days."));
+  printf (_("Examples:"));
+  printf (" %s\n\n", "CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com");
+  printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n\n", _("a STATE_CRITICAL will be returned."));
+
+  printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 14");
+  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
+  printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+  printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
+  printf (" %s\n\n", _("the certificate is expired."));
 #endif
+
+  printf (_(UT_SUPPORT));
+
 }
 
 
+
 void
 print_usage (void)
 {
-	printf ("Usage:\n" " %s %s\n"
-#ifdef HAVE_GETOPT_H
-	        " %s (-h | --help) for detailed help\n"
-	        " %s (-V | --version) for version information\n",
-#else
-	        " %s -h for detailed help\n"
-	        " %s -V for version information\n",
-#endif
-	progname, OPTIONS, progname, progname);
+  printf (_("Usage:"));
+  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
+  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
+  printf ("       [-a auth] [-y proxy-auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n");
+  printf ("       [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string]\n");
+  printf ("       [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string] [-k string]\n");
 }


More information about the Devel mailing list