diff --git a/.gitignore b/.gitignore index b14a330..e197f21 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,7 @@ .rbenv-* .ruby-* Gemfile.lock + +## ignore files created by bundler +.bundle/ +vendor/ diff --git a/README.md b/README.md index fcc452f..89a5c0f 100644 --- a/README.md +++ b/README.md @@ -29,15 +29,17 @@ Usage: ./check_http_json.rb -u -e -w -c --result_warn_regex REGEX Warning if element matches REGEX. --result_crit_regex is required. --result_unknown_regex REGEX Unknown if element matches REGEX. --result_crit_regex is required. --result_crit_regex REGEX Critical if element matches REGEX. --result_warn_regex is required. - -p, --perf ELEMENT Output additional fields (performance metrics). - --perf_splitter CHARACTER Additional fields delimiter (default is comma). + -p, --perf ELEMENT Output additional fields (performance metrics); comma-separated. + --perf_splitter CHARACTER Specify an alternative character to split performance keys. --output_alt_pipe CHARACTER Specify a character to replace reserved pipes in the output. Default: ! - --perf_regex REGEX Output additional fields expressed as regular expression. + --perf_regex REGEX Output additional fields (performance metrics) expressed as regular expression. --perf_regex_global Check all occurring matches. --perf-regex is required. -t, --timeout SECONDS Wait before HTTP timeout. --cert PATH Client certificate file path --key PATH Private key file path --insecure Disable SSL certificate verification (insecure) + --cacert PATH CA certificate to verify peer against + --capath PATH CA directory to verify peer against ``` The `--warn` and `--crit` arguments conform to the Nagios [threshold format guidelines]. diff --git a/check_http_json.rb b/check_http_json.rb index 229aaf8..a9672df 100755 --- a/check_http_json.rb +++ b/check_http_json.rb @@ -186,6 +186,8 @@ def uri_target(options) http.verify_mode = OpenSSL::SSL::VERIFY_NONE else http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.ca_file = options[:cacert] if options[:cacert] + http.ca_path = options[:capath] if options[:capath] end if options[:cert] && options[:key] http.cert = OpenSSL::X509::Certificate.new(File.read(options[:cert])) @@ -447,6 +449,18 @@ def parse_args(options) opts.on('--insecure', 'Disable SSL certificate verification (insecure)') do options[:insecure] = true end + + options[:cacert] = nil + opts.on('--cacert PATH', 'CA certificate to verify peer against') do |x| + options[:cacert] = x + end + + options[:capath] = nil + opts.on('--capath PATH', 'CA directory to verify peer against') do |x| + options[:capath] = x + end + + end optparse.parse!