[checkmk-commits] 4126 FIX apache_status: Handle https requests lo localhost in case of certificate mismatch

Sven Rueß sr at mathias-kettner.de
Sun Dec 4 15:32:34 CET 2016


Module: check_mk
Branch: master
Commit: 16450b99f90151cae670981b27ce98a403cb81e2
URL:    http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=16450b99f90151cae670981b27ce98a403cb81e2

Author: Sven Rueß <sr at mathias-kettner.de>
Date:   Sun Dec  4 15:30:50 2016 +0100

4126 FIX apache_status: Handle https requests lo localhost in case of certificate mismatch

If the webserver is serving the status site from apache over https and the certificate
does not match the server name, the request was ignored. This is fixed now. The request
is rewritten to localhost without encryption.

---

 .werks/4126                  | 12 ++++++++++++
 ChangeLog                    |  1 +
 agents/plugins/apache_status |  9 +++++++++
 3 files changed, 22 insertions(+)

diff --git a/.werks/4126 b/.werks/4126
new file mode 100644
index 0000000..c958652
--- /dev/null
+++ b/.werks/4126
@@ -0,0 +1,12 @@
+Title: apache_status: Handle https requests lo localhost in case of certificate mismatch
+Level: 1
+Component: checks
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.4.0i3
+Date: 1480861671
+
+If the webserver is serving the status site from apache over https and the certificate
+does not match the server name, the request was ignored. This is fixed now. The request
+is rewritten to localhost without encryption.
diff --git a/ChangeLog b/ChangeLog
index 56cec10..45b447f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,7 @@
     * 4081 FIX: dell_powerconnect_cpu: Fixed broken metrics
     * 3998 FIX: agent_netapp / netapp_api_if: improved mechanism to collect interface infos. fixes invalid if-speed...
             NOTE: Please refer to the migration notes!
+    * 4126 FIX: apache_status: Handle https requests lo localhost in case of certificate mismatch...
 
     Multisite:
     * 4070 Added a painter for the service check period
diff --git a/agents/plugins/apache_status b/agents/plugins/apache_status
index ce44405..2c986f9 100755
--- a/agents/plugins/apache_status
+++ b/agents/plugins/apache_status
@@ -144,6 +144,15 @@ for server in servers:
                 fd = urllib2.urlopen(url)
             else:
                 raise
+        except Exception, e:
+            if 'doesn\'t match' in str(e):
+                # HACK: workaround if SSL port is found and localhost is using
+                # SSL connections but certifiacte is mismatched
+                portspec = ':80'
+                url = 'http://%s%s/server-status?auto' % (address, portspec)
+                fd = urllib2.urlopen(url)
+            else:
+                raise
 
         for line in fd.read().split('\n'):
             if not line.strip():



More information about the checkmk-commits mailing list