initial "experimental" support for gnutls. by default openssl is still

used if available, and gnutls is only used if openssl is not available or explicitly disabled (--without-openssl). currently the only plugin i've verified to work is check_tcp, but i had to disable cert checking. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c
author: M. Sean Finney <seanius@users.sourceforge.net> 2005-10-18 22:35:29 (GMT)
committer: M. Sean Finney <seanius@users.sourceforge.net> 2005-10-18 22:35:29 (GMT)
commit: 8611341fb989382545c0c934c700e027d9bbab15 (patch)
tree: f80a127bde75a42f3ba8071702bac6005b9ae2ef
parent: f4a198463ced6bb3ad8779a10146c88b91385fd2 (diff)
download: monitoring-plugins-8611341fb989382545c0c934c700e027d9bbab15.tar.gz
2 files changed, 63 insertions, 15 deletions
diff --git a/configure.in b/configure.in
index 86cb99f..7ae486c 100644
--- a/configure.in
+++ b/configure.in
@@ -103,6 +103,7 @@ dnl Checks for programs.
 AC_PATH_PROG(PYTHON,python)
 AC_PATH_PROG(SH,sh)
 AC_PATH_PROG(PERL,perl)
+AC_PATH_PROG(LIBGNUTLS_CONFIG,libgnutls-config)
 dnl allow them to override the path of perl
 AC_ARG_WITH(perl,
@@ -111,6 +112,12 @@ AC_ARG_WITH(perl,
                        with_perl=$withval,with_perl=$PERL)
 AC_SUBST(PERL, $with_perl)
+dnl allow for gnutls, if it exists, instead of openssl
+AC_ARG_WITH(gnutls,
+            ACX_HELP_STRING([--with-gnutls=PATH],
+                            [path to gnutls installation root]),
+            GNUTLS=$withval)
 AC_PATH_PROG(HOSTNAME,hostname)
 AC_PATH_PROG(BASENAME,basename)
@@ -409,6 +416,7 @@ if test "$FOUNDINCLUDE" = "no"; then
  CPPFLAGS="$_SAVEDCPPFLAGS"
 fi
 dnl Check for OpenSSL location
 AC_PATH_PROG(OPENSSL,openssl)
 if test "$OPENSSL" = "/usr/bin/openssl"; then
@@ -478,18 +486,43 @@ else
  fi
 fi
+dnl check for gnutls if openssl isn't found (or is disabled)
+FOUNDGNUTLS="no"
+if ! test "$FOUNDSSL" = "yes"; then
+        if test "$GNUTLS" = ""; then
+                CPPFLAGS="$CPPFLAGS -I$GNUTLS"
+        elif ! test "$LIBGNUTLS_CONFIG" = ""; then
+                CPPFLAGS="$CPPFLAGS -I`$LIBGNUTLS_CONFIG --prefix`"
+        fi
+        AC_CHECK_HEADERS([gnutls/openssl.h],FOUNDGNUTLS="yes",)
+        if test "$FOUNDGNUTLS" = "yes"; then
+                AC_CHECK_LIB(gnutls-openssl,main,SSLLIBS="-lgnutls-openssl")
+                FOUNDSSL="yes"
+        fi
+fi
+dnl end check for gnutls
 if test "$FOUNDSSL" = "yes"; then
  check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp"
  AC_SUBST(check_tcp_ssl)
  AC_SUBST(SSLLIBS)
  AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found])
-  with_openssl="yes"
+  if test "$FOUNDGNUTLS" = "no"; then
+        AC_DEFINE(USE_OPENSSL,1,[Define if using OpenSSL libraries])
+        with_openssl="yes"
+        with_gnutls="no"
+  else
+        AC_DEFINE(USE_GNUTLS,1,[Define if using gnutls libraries])
+        with_gnutls="yes"
+        with_openssl="no"
+  fi
 else
  if test "$FOUNDSSL" = "no"; then
    AC_MSG_WARN([OpenSSL libs could not be found])
  dnl else deliberately disabled
  fi
  with_openssl="no"
+  with_gnutls="no"
  CPPFLAGS="$_SAVEDCPPFLAGS"
  LDFLAGS="$_SAVEDLDFLAGS"
 fi
@@ -1597,4 +1630,5 @@ ACX_FEATURE([with],[ping6-command])
 ACX_FEATURE([with],[lwres])
 ACX_FEATURE([with],[ipv6])
 ACX_FEATURE([with],[openssl])
+ACX_FEATURE([with],[gnutls])
 ACX_FEATURE([enable],[emulate-getaddrinfo])
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index ad8b042..157588f 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -28,21 +28,25 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #include "netutils.h"
 #include "utils.h"
-#ifdef HAVE_SSL_H
+#ifdef HAVE_GNUTLS_OPENSSL_H
-#  include <rsa.h>
+#  include <gnutls/openssl.h>
-#  include <crypto.h>
-#  include <x509.h>
-#  include <pem.h>
-#  include <ssl.h>
-#  include <err.h>
 #else
-#  ifdef HAVE_OPENSSL_SSL_H
+#  ifdef HAVE_SSL_H
-#    include <openssl/rsa.h>
+#    include <rsa.h>
-#    include <openssl/crypto.h>
+#    include <crypto.h>
-#    include <openssl/x509.h>
+#    include <x509.h>
-#    include <openssl/pem.h>
+#    include <pem.h>
-#    include <openssl/ssl.h>
+#    include <ssl.h>
-#    include <openssl/err.h>
+#    include <err.h>
+#  else
+#    ifdef HAVE_OPENSSL_SSL_H
+#      include <openssl/rsa.h>
+#      include <openssl/crypto.h>
+#      include <openssl/x509.h>
+#      include <openssl/pem.h>
+#      include <openssl/ssl.h>
+#      include <openssl/err.h>
+#    endif
 #  endif
 #endif
@@ -54,7 +58,9 @@ static SSL_CTX *ctx;
 static SSL *ssl;
 static X509 *server_cert;
 static int connect_SSL (void);
+# ifdef USE_OPENSSL
 static int check_certificate (X509 **);
+# endif /* USE_OPENSSL */
 # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))
 #else
 # define my_recv(buf, len) read(sd, buf, len)
@@ -231,6 +237,7 @@ main (int argc, char **argv)
        if (flags & FLAG_SSL && check_cert == TRUE) {
                if (connect_SSL () != OK)
                        die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
+#  ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
                if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
                        result = check_certificate (&server_cert);
                        X509_free(server_cert);
@@ -239,6 +246,7 @@ main (int argc, char **argv)
                        printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
                        result = STATE_CRITICAL;
                }
+#  endif /* USE_OPENSSL */
                SSL_shutdown (ssl);
                SSL_free (ssl);
@@ -563,12 +571,14 @@ process_arguments (int argc, char **argv)
                        break;
                case 'D': /* Check SSL cert validity - days 'til certificate expiration */
 #ifdef HAVE_SSL
+#  ifdef USE_OPENSSL /* XXX */
                        if (!is_intnonneg (optarg))
                                usage2 (_("Invalid certificate expiration period"), optarg);
                        days_till_exp = atoi (optarg);
                        check_cert = TRUE;
                        flags |= FLAG_SSL;
                        break;
+#  endif /* USE_OPENSSL */
 #endif
                        /* fallthrough if we don't have ssl */
                case 'S':
@@ -626,7 +636,9 @@ connect_SSL (void)
          return OK;
        /* ERR_print_errors_fp (stderr); */
        printf (_("CRITICAL - Cannot make  SSL connection "));
+#ifdef USE_OPENSSL /* XXX */
        ERR_print_errors_fp (stdout);
+#endif /* USE_OPENSSL */
        /* printf("\n"); */
      }
      else
@@ -642,6 +654,7 @@ connect_SSL (void)
  return STATE_CRITICAL;
 }
+#ifdef USE_OPENSSL /* XXX */
 static int
 check_certificate (X509 ** certificate)
 {
@@ -715,6 +728,7 @@ check_certificate (X509 ** certificate)
        return STATE_OK;
 }
+#  endif /* USE_OPENSSL */
 #endif /* HAVE_SSL */
author	M. Sean Finney <seanius@users.sourceforge.net>	2005-10-18 22:35:29 (GMT)
committer	M. Sean Finney <seanius@users.sourceforge.net>	2005-10-18 22:35:29 (GMT)
commit	8611341fb989382545c0c934c700e027d9bbab15 (patch)
tree	f80a127bde75a42f3ba8071702bac6005b9ae2ef
parent	f4a198463ced6bb3ad8779a10146c88b91385fd2 (diff)
download	monitoring-plugins-8611341fb989382545c0c934c700e027d9bbab15.tar.gz