From bce7a1082ab7e0c92b1ee282f71030b9c8f74abc Mon Sep 17 00:00:00 2001 From: Jan Vansteenkiste Date: Fri, 21 Nov 2025 08:59:51 +0100 Subject: [PATCH 1/3] Ignore files created by bundler --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index b14a330..e197f21 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,7 @@ .rbenv-* .ruby-* Gemfile.lock + +## ignore files created by bundler +.bundle/ +vendor/ From d16fbf5e315be8799f4881a111b22e6f8571c656 Mon Sep 17 00:00:00 2001 From: Jan Vansteenkiste Date: Fri, 21 Nov 2025 09:00:21 +0100 Subject: [PATCH 2/3] Add support for --cacert and --capath --- README.md | 2 ++ check_http_json.rb | 14 ++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/README.md b/README.md index fcc452f..e23e0b4 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,8 @@ Usage: ./check_http_json.rb -u -e -w -c --cert PATH Client certificate file path --key PATH Private key file path --insecure Disable SSL certificate verification (insecure) + --cacert PATH CA certificate to verify peer against + --capath PATH CA directory to verify peer against ``` The `--warn` and `--crit` arguments conform to the Nagios [threshold format guidelines]. diff --git a/check_http_json.rb b/check_http_json.rb index 229aaf8..a9672df 100755 --- a/check_http_json.rb +++ b/check_http_json.rb @@ -186,6 +186,8 @@ def uri_target(options) http.verify_mode = OpenSSL::SSL::VERIFY_NONE else http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.ca_file = options[:cacert] if options[:cacert] + http.ca_path = options[:capath] if options[:capath] end if options[:cert] && options[:key] http.cert = OpenSSL::X509::Certificate.new(File.read(options[:cert])) @@ -447,6 +449,18 @@ def parse_args(options) opts.on('--insecure', 'Disable SSL certificate verification (insecure)') do options[:insecure] = true end + + options[:cacert] = nil + opts.on('--cacert PATH', 'CA certificate to verify peer against') do |x| + options[:cacert] = x + end + + options[:capath] = nil + opts.on('--capath PATH', 'CA directory to verify peer against') do |x| + options[:capath] = x + end + + end optparse.parse! From 8ef2c3be9f6911fa158344ede199d56806c5ca5e Mon Sep 17 00:00:00 2001 From: Jan Vansteenkiste Date: Fri, 21 Nov 2025 09:01:16 +0100 Subject: [PATCH 3/3] Bring README.md in sync with script output --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e23e0b4..89a5c0f 100644 --- a/README.md +++ b/README.md @@ -29,10 +29,10 @@ Usage: ./check_http_json.rb -u -e -w -c --result_warn_regex REGEX Warning if element matches REGEX. --result_crit_regex is required. --result_unknown_regex REGEX Unknown if element matches REGEX. --result_crit_regex is required. --result_crit_regex REGEX Critical if element matches REGEX. --result_warn_regex is required. - -p, --perf ELEMENT Output additional fields (performance metrics). - --perf_splitter CHARACTER Additional fields delimiter (default is comma). + -p, --perf ELEMENT Output additional fields (performance metrics); comma-separated. + --perf_splitter CHARACTER Specify an alternative character to split performance keys. --output_alt_pipe CHARACTER Specify a character to replace reserved pipes in the output. Default: ! - --perf_regex REGEX Output additional fields expressed as regular expression. + --perf_regex REGEX Output additional fields (performance metrics) expressed as regular expression. --perf_regex_global Check all occurring matches. --perf-regex is required. -t, --timeout SECONDS Wait before HTTP timeout. --cert PATH Client certificate file path