From 093c5f8e44bb72c2b4916e00dba1ed248f49ec75 Mon Sep 17 00:00:00 2001
From: Colin Darie <colin@darie.eu>
Date: Wed, 29 Aug 2018 16:51:21 +0200
Subject: [PATCH] check_http: added --sni to defaults options

Closes #82
Probably fixes #74 too ?
---
 app/services/ssl.rb                       |  5 +++--
 config/chexpire.defaults.yml              |  4 +++-
 test/jobs/ssl_sync_job_test.rb            |  2 +-
 test/services/check_ssl_processor_test.rb |  2 +-
 test/services/ssl_test.rb                 | 14 ++++++++++----
 5 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/app/services/ssl.rb b/app/services/ssl.rb
index d2baa78..e566352 100644
--- a/app/services/ssl.rb
+++ b/app/services/ssl.rb
@@ -58,8 +58,9 @@ module SSL
 
     def check_http_args
       [
-        "-C 0", # enable SSL mode without any delay warning
-        "-H",   # check_http does not works with fully quoted arg (check_http "-H myhost.org")
+        "-C 0",  # enable SSL mode without any delay warning
+        "--sni", # some certificates must have this option
+        "-H",    # check_http does not works with fully quoted arg (check_http "-H myhost.org")
         domain,
         *custom_check_http_args,
       ].compact
diff --git a/config/chexpire.defaults.yml b/config/chexpire.defaults.yml
index 9d92238..66162bf 100644
--- a/config/chexpire.defaults.yml
+++ b/config/chexpire.defaults.yml
@@ -28,7 +28,9 @@ default: &default
   checks_ssl:
     interval: 0.0                              # pause in second between each check http call
     check_http_path:                           # defaults to check_http in $PATH
-    check_http_args:                           # array of arguments appended to defaults arguments (-C 0 -H $HOSTNAME).
+    check_http_args:                           # array of arguments *appended* after defaults arguments (which are -C 0 --sni -H $HOSTNAME)
+                                               # example: check_http_args: ["-4", "-I 127.0.0.1"]
+
 
 development:
   <<: *default
diff --git a/test/jobs/ssl_sync_job_test.rb b/test/jobs/ssl_sync_job_test.rb
index 3fcd786..e2037a1 100644
--- a/test/jobs/ssl_sync_job_test.rb
+++ b/test/jobs/ssl_sync_job_test.rb
@@ -81,6 +81,6 @@ class SSLSyncJobTest < ActiveJob::TestCase
   end
 
   def expected_command_arg(domain)
-    ["-C 0", "-H", domain]
+    ["-C 0", "--sni", "-H", domain]
   end
 end
diff --git a/test/services/check_ssl_processor_test.rb b/test/services/check_ssl_processor_test.rb
index 8075382..9571cfb 100644
--- a/test/services/check_ssl_processor_test.rb
+++ b/test/services/check_ssl_processor_test.rb
@@ -13,7 +13,7 @@ class CheckSSLProcessorTest < ActiveSupport::TestCase
     check = create(:check, :ssl, :nil_dates, domain: domain)
 
     response = file_fixture("ssl/ssl0.domain.org.txt").read
-    mock_system_command("check_http", ["-C 0", "-H", domain], stdout: response) do
+    mock_system_command("check_http", ["-C 0", "--sni", "-H", domain], stdout: response) do
       @processor.send(:process, check)
     end
 
diff --git a/test/services/ssl_test.rb b/test/services/ssl_test.rb
index 9adc0bc..22ab321 100644
--- a/test/services/ssl_test.rb
+++ b/test/services/ssl_test.rb
@@ -10,7 +10,7 @@ module SSL
     test "should run the command, return the result" do
       result = OpenStruct.new(exit_status: 0)
 
-      mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass|
+      mock_system_klass("check_http", standard_args, result) do |system_klass|
         service = Service.new("example.org", system_klass: system_klass)
         assert_equal result, service.run_command
       end
@@ -19,7 +19,7 @@ module SSL
     test "should raise an exception if exit status > 0" do
       result = OpenStruct.new(exit_status: 1)
 
-      mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass|
+      mock_system_klass("check_http", standard_args, result) do |system_klass|
         service = Service.new("example.org", system_klass: system_klass)
 
         assert_raises SSLCommandError do
@@ -42,7 +42,7 @@ module SSL
       result = OpenStruct.new(exit_status: 0)
       config = OpenStruct.new(check_http_args: ["-f", "-I 127.0.0.1"])
 
-      expected_args = ["-C 0", "-H", "example.org", "-f", "-I 127.0.0.1"]
+      expected_args = standard_args.concat ["-f", "-I 127.0.0.1"]
       mock_system_klass("check_http", expected_args, result) do |system_klass|
         service = Service.new("example.org", configuration: config, system_klass: system_klass)
         assert_equal result, service.run_command
@@ -63,12 +63,18 @@ module SSL
       result = OpenStruct.new(exit_status: 0)
       config = OpenStruct.new(check_http_path: "/usr/local/custom/path")
 
-      mock_system_klass("/usr/local/custom/path", ["-C 0", "-H", "example.org"], result) do |sys|
+      mock_system_klass("/usr/local/custom/path", standard_args, result) do |sys|
         service = Service.new("example.org", configuration: config, system_klass: sys)
         assert_equal result, service.run_command
       end
     end
 
+    private
+
+    def standard_args
+      ["-C 0", "--sni", "-H", "example.org"]
+    end
+
     def mock_system_klass(program, command_args, result)
       system_klass = Minitest::Mock.new
       system_command = Minitest::Mock.new.expect(:execute, result)