plugins-root/Makefile.am | 3 2 + 1 - 0 !
plugins-root/Makefile.in | 3 2 + 1 - 0 !
2 files changed, 4 insertions(+), 2 deletions(-)

---

plugins-scripts/check_disk_smb.pl | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---

plugins-scripts/utils.pm.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

plugins/check_curl.c | 15 10 + 5 - 0 !
plugins/tests/check_curl.t | 14 11 + 3 - 0 !
plugins/tests/check_http.t | 12 11 + 1 - 0 !
3 files changed, 32 insertions(+), 9 deletions(-)

 [patch] check_curl: fix relative redirects on non-standard port

Having a webserver respond with a relative redirect as for ex. in `Location: /path/to.html`
check_curl would use the wrong standard http/https port instead
of crafting the absolute url using the given scheme/hostname and port.

Adding a new test case for this for check_http and check_curl. check_http did
it correct already, so no fix necessary there.

before:

    %>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv
    **** HEADER ****
    HTTP/1.1 302 Found
    ...
    Location: /redirect2

    ...
    * Seen redirect location /redirect2
    ** scheme: (null)
    ** host: (null)
    ** port: (null)
    ** path: /redirect2
    Redirection to http://127.0.0.1:80/redirect2

fixed:

    %>./check_curl -H 127.0.0.1 -p 50493 -f follow -u /redirect_rel -s redirected -vvv
    **** HEADER ****
    HTTP/1.1 302 Found
    ...
    Location: /redirect2

    ...
    * Seen redirect location /redirect2
    ** scheme: (null)
    ** host: (null)
    ** port: (null)
    ** path: /redirect2
    Redirection to http://127.0.0.1:50493/redirect2

Signed-off-by: Sven Nierlein <sven@nierlein.de>

plugins/check_curl.c | 17 9 + 8 - 0 !
1 file changed, 9 insertions(+), 8 deletions(-)

 [patch] check_curl: raise ssl issue when --continue-after-certificate
 is used

This change aims to raise the worst status between the SSL check and the HTTP check.

before:
check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $?
CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000).
HTTP OK: HTTP/2 200  - 22807 bytes in 0.076 second response time |time=0.075516s;;;0.000000;10.000000 size=22807B;;;0;
0

after:
/usr/lib/nagios/ovh/check_curl -H www.google.fr -S --continue-after-certificate --certificate 4000,4000 ; echo $?
CRITICAL - Certificate '*.google.fr' expires in 74 day(s) (Tue 22 Oct 2024 12:53:52 PM GMT +0000).
HTTP OK: HTTP/2 200  - 22840 bytes in 0.090 second response time |time=0.090463s;;;0.000000;10.000000 size=22840B;;;0;
2

plugins/check_curl.c | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 [patch] check_curl: documentation for --certificate, --cookie-jar

From the mere help output for -C / --certificate, I was confused about
what its two integer parameters do. Unfortunately, I also missed out on
the explaining examples later. Since I like to have basic documentation
for each flag, I tried to make the arguments as short as possible.

The other fix was one hyphen too many for the --cookie-jar option.

plugins/check_mysql.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

---

plugins/check_curl.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---

plugins/check_curl.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 [patch 1/3] check_curl: fix help for state regex option

The help output of `check-curl` contained a typo,
the real option is `state-regex` and not `regex-state` as
the help suggests.
Also added the two possible options to avoid confusion.

plugins/check_curl.c | 29 22 + 7 - 0 !
1 file changed, 22 insertions(+), 7 deletions(-)

 [patch] fix check_curl: openssl ssl_read: error:0a000126:ssl
 routines::unexpected eof while reading, errno 0

using check_curl on a probably embedded device responding as 'Server: GoAhead-Webs'

    %> check_curl -H ... -S -vvv

    > GET / HTTP/1.1
    Host: ...
    User-Agent: check_curl/v2.4.0 (monitoring-plugins 2.4.0, libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0)
    Accept: */*
    Connection: close

    * Mark bundle as not supporting multiuse
    * HTTP 1.0, assume close after body
    < HTTP/1.0 302 Redirect
    < Server: GoAhead-Webs
    < Date: Tue Mar 26 17:57:16 2019
    < Cache-Control: no-cache, no-store, must-revalidate,private
    < Pragma: no-cache
    < Expires: 0
    < Content-Type: text/html
    < X-Frame-Options: sameorigin
    < X-XSS-Protection: 1; mode=block
    < X-Content-Type-Options: nosniff
    < Location: https://...
    <
    * OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0
    * Closing connection 0

reading the discussion on https://github.com/openssl/openssl/discussions/22690 suggest to set the option SSL_OP_IGNORE_UNEXPECTED_EOF
which makes check_curl behave like check_http at this point.
Since this is a rather new flag, fencing it in ifdefs.
And since there can only be one ssl ctx function, we need to move both tasks into one function.

plugins/check_fping.c | 22 20 + 2 - 0 !
1 file changed, 20 insertions(+), 2 deletions(-)

 [patch] add dontfrag/random for fping

Support the dont fragment and randomise packet data options for check_fping

plugins/check_curl.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] check_curl: update tls notification notes

plugins/check_curl.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 [patch] check_curl: enable internal cookie handling

This enables us to enable curl cookie engine by specifying an empty
filename as the cookie jar file.

This works, since curl's CURLOPT_COOKIEFILE option allows passing an
empty string as filename, which it interprets as a request to enable the
cookie processing. But since CURLOPT_COOKIEJAR would now attempt to
write to a file named by an empty filename, it would break again (or at
least produce a warning in verbose output).

Overall this is allows to handle checking URLs with cookie based
sessions without persisting the cookies to disk, by using the
curl-internal redirect following.

plugins-root/check_icmp.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] check_icmp: set rtmin initially

plugins/check_http.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] check_http: fix documentation for --state-regex

plugins/check_by_ssh.c | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 [patch] check_by_ssh: remove warning/critical from help

plugins/sslutils.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] change error message for missing certificate

The old error message is quite similar to the openssl `failed to retrieve issuer certificate` and can mislead users to troubleshooting certificate stores.

The new message should be distinct enough to make it clear to users that this is not a problem raised by the underlying SSL implementation, but a problem inside monitoring-plugins.

plugins/check_http.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 [patch] check_http: adding deprecation text

plugins/check_users.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] check_users: use sd_get_uids instead of sd_get_session

Previously check_users in combination with systemd used
sd_get_sessions (3) to aquire the number of users, probably
with the idea that every users opens a session.
Turns out, that a user can have multiple sessions and we only really
want to know how many users there are.

This commit changes to sd_get_uids (3) to achieve that target.

plugins/check_mysql.c | 95 77 + 18 - 0 !
1 file changed, 77 insertions(+), 18 deletions(-)

 [patch 1/2] add mysql server version dectection and adaptive replica
 query