diff options
author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-18 22:35:29 +0000 |
---|---|---|
committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-18 22:35:29 +0000 |
commit | 8611341fb989382545c0c934c700e027d9bbab15 (patch) | |
tree | f80a127bde75a42f3ba8071702bac6005b9ae2ef | |
parent | f4a198463ced6bb3ad8779a10146c88b91385fd2 (diff) | |
download | monitoring-plugins-8611341fb989382545c0c934c700e027d9bbab15.tar.gz |
initial "experimental" support for gnutls. by default openssl is still
used if available, and gnutls is only used if openssl is not available
or explicitly disabled (--without-openssl). currently the only plugin
i've verified to work is check_tcp, but i had to disable cert checking.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r-- | configure.in | 36 | ||||
-rw-r--r-- | plugins/check_tcp.c | 42 |
2 files changed, 63 insertions, 15 deletions
diff --git a/configure.in b/configure.in index 86cb99fa..7ae486ce 100644 --- a/configure.in +++ b/configure.in | |||
@@ -103,6 +103,7 @@ dnl Checks for programs. | |||
103 | AC_PATH_PROG(PYTHON,python) | 103 | AC_PATH_PROG(PYTHON,python) |
104 | AC_PATH_PROG(SH,sh) | 104 | AC_PATH_PROG(SH,sh) |
105 | AC_PATH_PROG(PERL,perl) | 105 | AC_PATH_PROG(PERL,perl) |
106 | AC_PATH_PROG(LIBGNUTLS_CONFIG,libgnutls-config) | ||
106 | 107 | ||
107 | dnl allow them to override the path of perl | 108 | dnl allow them to override the path of perl |
108 | AC_ARG_WITH(perl, | 109 | AC_ARG_WITH(perl, |
@@ -111,6 +112,12 @@ AC_ARG_WITH(perl, | |||
111 | with_perl=$withval,with_perl=$PERL) | 112 | with_perl=$withval,with_perl=$PERL) |
112 | AC_SUBST(PERL, $with_perl) | 113 | AC_SUBST(PERL, $with_perl) |
113 | 114 | ||
115 | dnl allow for gnutls, if it exists, instead of openssl | ||
116 | AC_ARG_WITH(gnutls, | ||
117 | ACX_HELP_STRING([--with-gnutls=PATH], | ||
118 | [path to gnutls installation root]), | ||
119 | GNUTLS=$withval) | ||
120 | |||
114 | AC_PATH_PROG(HOSTNAME,hostname) | 121 | AC_PATH_PROG(HOSTNAME,hostname) |
115 | AC_PATH_PROG(BASENAME,basename) | 122 | AC_PATH_PROG(BASENAME,basename) |
116 | 123 | ||
@@ -409,6 +416,7 @@ if test "$FOUNDINCLUDE" = "no"; then | |||
409 | CPPFLAGS="$_SAVEDCPPFLAGS" | 416 | CPPFLAGS="$_SAVEDCPPFLAGS" |
410 | fi | 417 | fi |
411 | 418 | ||
419 | |||
412 | dnl Check for OpenSSL location | 420 | dnl Check for OpenSSL location |
413 | AC_PATH_PROG(OPENSSL,openssl) | 421 | AC_PATH_PROG(OPENSSL,openssl) |
414 | if test "$OPENSSL" = "/usr/bin/openssl"; then | 422 | if test "$OPENSSL" = "/usr/bin/openssl"; then |
@@ -478,18 +486,43 @@ else | |||
478 | fi | 486 | fi |
479 | fi | 487 | fi |
480 | 488 | ||
489 | dnl check for gnutls if openssl isn't found (or is disabled) | ||
490 | FOUNDGNUTLS="no" | ||
491 | if ! test "$FOUNDSSL" = "yes"; then | ||
492 | if test "$GNUTLS" = ""; then | ||
493 | CPPFLAGS="$CPPFLAGS -I$GNUTLS" | ||
494 | elif ! test "$LIBGNUTLS_CONFIG" = ""; then | ||
495 | CPPFLAGS="$CPPFLAGS -I`$LIBGNUTLS_CONFIG --prefix`" | ||
496 | fi | ||
497 | AC_CHECK_HEADERS([gnutls/openssl.h],FOUNDGNUTLS="yes",) | ||
498 | if test "$FOUNDGNUTLS" = "yes"; then | ||
499 | AC_CHECK_LIB(gnutls-openssl,main,SSLLIBS="-lgnutls-openssl") | ||
500 | FOUNDSSL="yes" | ||
501 | fi | ||
502 | fi | ||
503 | dnl end check for gnutls | ||
504 | |||
481 | if test "$FOUNDSSL" = "yes"; then | 505 | if test "$FOUNDSSL" = "yes"; then |
482 | check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp" | 506 | check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp" |
483 | AC_SUBST(check_tcp_ssl) | 507 | AC_SUBST(check_tcp_ssl) |
484 | AC_SUBST(SSLLIBS) | 508 | AC_SUBST(SSLLIBS) |
485 | AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) | 509 | AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) |
486 | with_openssl="yes" | 510 | if test "$FOUNDGNUTLS" = "no"; then |
511 | AC_DEFINE(USE_OPENSSL,1,[Define if using OpenSSL libraries]) | ||
512 | with_openssl="yes" | ||
513 | with_gnutls="no" | ||
514 | else | ||
515 | AC_DEFINE(USE_GNUTLS,1,[Define if using gnutls libraries]) | ||
516 | with_gnutls="yes" | ||
517 | with_openssl="no" | ||
518 | fi | ||
487 | else | 519 | else |
488 | if test "$FOUNDSSL" = "no"; then | 520 | if test "$FOUNDSSL" = "no"; then |
489 | AC_MSG_WARN([OpenSSL libs could not be found]) | 521 | AC_MSG_WARN([OpenSSL libs could not be found]) |
490 | dnl else deliberately disabled | 522 | dnl else deliberately disabled |
491 | fi | 523 | fi |
492 | with_openssl="no" | 524 | with_openssl="no" |
525 | with_gnutls="no" | ||
493 | CPPFLAGS="$_SAVEDCPPFLAGS" | 526 | CPPFLAGS="$_SAVEDCPPFLAGS" |
494 | LDFLAGS="$_SAVEDLDFLAGS" | 527 | LDFLAGS="$_SAVEDLDFLAGS" |
495 | fi | 528 | fi |
@@ -1597,4 +1630,5 @@ ACX_FEATURE([with],[ping6-command]) | |||
1597 | ACX_FEATURE([with],[lwres]) | 1630 | ACX_FEATURE([with],[lwres]) |
1598 | ACX_FEATURE([with],[ipv6]) | 1631 | ACX_FEATURE([with],[ipv6]) |
1599 | ACX_FEATURE([with],[openssl]) | 1632 | ACX_FEATURE([with],[openssl]) |
1633 | ACX_FEATURE([with],[gnutls]) | ||
1600 | ACX_FEATURE([enable],[emulate-getaddrinfo]) | 1634 | ACX_FEATURE([enable],[emulate-getaddrinfo]) |
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index ad8b0429..157588fd 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -28,21 +28,25 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
28 | #include "netutils.h" | 28 | #include "netutils.h" |
29 | #include "utils.h" | 29 | #include "utils.h" |
30 | 30 | ||
31 | #ifdef HAVE_SSL_H | 31 | #ifdef HAVE_GNUTLS_OPENSSL_H |
32 | # include <rsa.h> | 32 | # include <gnutls/openssl.h> |
33 | # include <crypto.h> | ||
34 | # include <x509.h> | ||
35 | # include <pem.h> | ||
36 | # include <ssl.h> | ||
37 | # include <err.h> | ||
38 | #else | 33 | #else |
39 | # ifdef HAVE_OPENSSL_SSL_H | 34 | # ifdef HAVE_SSL_H |
40 | # include <openssl/rsa.h> | 35 | # include <rsa.h> |
41 | # include <openssl/crypto.h> | 36 | # include <crypto.h> |
42 | # include <openssl/x509.h> | 37 | # include <x509.h> |
43 | # include <openssl/pem.h> | 38 | # include <pem.h> |
44 | # include <openssl/ssl.h> | 39 | # include <ssl.h> |
45 | # include <openssl/err.h> | 40 | # include <err.h> |
41 | # else | ||
42 | # ifdef HAVE_OPENSSL_SSL_H | ||
43 | # include <openssl/rsa.h> | ||
44 | # include <openssl/crypto.h> | ||
45 | # include <openssl/x509.h> | ||
46 | # include <openssl/pem.h> | ||
47 | # include <openssl/ssl.h> | ||
48 | # include <openssl/err.h> | ||
49 | # endif | ||
46 | # endif | 50 | # endif |
47 | #endif | 51 | #endif |
48 | 52 | ||
@@ -54,7 +58,9 @@ static SSL_CTX *ctx; | |||
54 | static SSL *ssl; | 58 | static SSL *ssl; |
55 | static X509 *server_cert; | 59 | static X509 *server_cert; |
56 | static int connect_SSL (void); | 60 | static int connect_SSL (void); |
61 | # ifdef USE_OPENSSL | ||
57 | static int check_certificate (X509 **); | 62 | static int check_certificate (X509 **); |
63 | # endif /* USE_OPENSSL */ | ||
58 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 64 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) |
59 | #else | 65 | #else |
60 | # define my_recv(buf, len) read(sd, buf, len) | 66 | # define my_recv(buf, len) read(sd, buf, len) |
@@ -231,6 +237,7 @@ main (int argc, char **argv) | |||
231 | if (flags & FLAG_SSL && check_cert == TRUE) { | 237 | if (flags & FLAG_SSL && check_cert == TRUE) { |
232 | if (connect_SSL () != OK) | 238 | if (connect_SSL () != OK) |
233 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 239 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); |
240 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | ||
234 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 241 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
235 | result = check_certificate (&server_cert); | 242 | result = check_certificate (&server_cert); |
236 | X509_free(server_cert); | 243 | X509_free(server_cert); |
@@ -239,6 +246,7 @@ main (int argc, char **argv) | |||
239 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 246 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); |
240 | result = STATE_CRITICAL; | 247 | result = STATE_CRITICAL; |
241 | } | 248 | } |
249 | # endif /* USE_OPENSSL */ | ||
242 | 250 | ||
243 | SSL_shutdown (ssl); | 251 | SSL_shutdown (ssl); |
244 | SSL_free (ssl); | 252 | SSL_free (ssl); |
@@ -563,12 +571,14 @@ process_arguments (int argc, char **argv) | |||
563 | break; | 571 | break; |
564 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ | 572 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ |
565 | #ifdef HAVE_SSL | 573 | #ifdef HAVE_SSL |
574 | # ifdef USE_OPENSSL /* XXX */ | ||
566 | if (!is_intnonneg (optarg)) | 575 | if (!is_intnonneg (optarg)) |
567 | usage2 (_("Invalid certificate expiration period"), optarg); | 576 | usage2 (_("Invalid certificate expiration period"), optarg); |
568 | days_till_exp = atoi (optarg); | 577 | days_till_exp = atoi (optarg); |
569 | check_cert = TRUE; | 578 | check_cert = TRUE; |
570 | flags |= FLAG_SSL; | 579 | flags |= FLAG_SSL; |
571 | break; | 580 | break; |
581 | # endif /* USE_OPENSSL */ | ||
572 | #endif | 582 | #endif |
573 | /* fallthrough if we don't have ssl */ | 583 | /* fallthrough if we don't have ssl */ |
574 | case 'S': | 584 | case 'S': |
@@ -626,7 +636,9 @@ connect_SSL (void) | |||
626 | return OK; | 636 | return OK; |
627 | /* ERR_print_errors_fp (stderr); */ | 637 | /* ERR_print_errors_fp (stderr); */ |
628 | printf (_("CRITICAL - Cannot make SSL connection ")); | 638 | printf (_("CRITICAL - Cannot make SSL connection ")); |
639 | #ifdef USE_OPENSSL /* XXX */ | ||
629 | ERR_print_errors_fp (stdout); | 640 | ERR_print_errors_fp (stdout); |
641 | #endif /* USE_OPENSSL */ | ||
630 | /* printf("\n"); */ | 642 | /* printf("\n"); */ |
631 | } | 643 | } |
632 | else | 644 | else |
@@ -642,6 +654,7 @@ connect_SSL (void) | |||
642 | return STATE_CRITICAL; | 654 | return STATE_CRITICAL; |
643 | } | 655 | } |
644 | 656 | ||
657 | #ifdef USE_OPENSSL /* XXX */ | ||
645 | static int | 658 | static int |
646 | check_certificate (X509 ** certificate) | 659 | check_certificate (X509 ** certificate) |
647 | { | 660 | { |
@@ -715,6 +728,7 @@ check_certificate (X509 ** certificate) | |||
715 | 728 | ||
716 | return STATE_OK; | 729 | return STATE_OK; |
717 | } | 730 | } |
731 | # endif /* USE_OPENSSL */ | ||
718 | #endif /* HAVE_SSL */ | 732 | #endif /* HAVE_SSL */ |
719 | 733 | ||
720 | 734 | ||