summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorM. Sean Finney <seanius@users.sourceforge.net>2005-10-18 22:35:29 +0000
committerM. Sean Finney <seanius@users.sourceforge.net>2005-10-18 22:35:29 +0000
commit8611341fb989382545c0c934c700e027d9bbab15 (patch)
treef80a127bde75a42f3ba8071702bac6005b9ae2ef
parentf4a198463ced6bb3ad8779a10146c88b91385fd2 (diff)
downloadmonitoring-plugins-8611341fb989382545c0c934c700e027d9bbab15.tar.gz
initial "experimental" support for gnutls. by default openssl is still
used if available, and gnutls is only used if openssl is not available or explicitly disabled (--without-openssl). currently the only plugin i've verified to work is check_tcp, but i had to disable cert checking. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r--configure.in36
-rw-r--r--plugins/check_tcp.c42
2 files changed, 63 insertions, 15 deletions
diff --git a/configure.in b/configure.in
index 86cb99fa..7ae486ce 100644
--- a/configure.in
+++ b/configure.in
@@ -103,6 +103,7 @@ dnl Checks for programs.
103AC_PATH_PROG(PYTHON,python) 103AC_PATH_PROG(PYTHON,python)
104AC_PATH_PROG(SH,sh) 104AC_PATH_PROG(SH,sh)
105AC_PATH_PROG(PERL,perl) 105AC_PATH_PROG(PERL,perl)
106AC_PATH_PROG(LIBGNUTLS_CONFIG,libgnutls-config)
106 107
107dnl allow them to override the path of perl 108dnl allow them to override the path of perl
108AC_ARG_WITH(perl, 109AC_ARG_WITH(perl,
@@ -111,6 +112,12 @@ AC_ARG_WITH(perl,
111 with_perl=$withval,with_perl=$PERL) 112 with_perl=$withval,with_perl=$PERL)
112AC_SUBST(PERL, $with_perl) 113AC_SUBST(PERL, $with_perl)
113 114
115dnl allow for gnutls, if it exists, instead of openssl
116AC_ARG_WITH(gnutls,
117 ACX_HELP_STRING([--with-gnutls=PATH],
118 [path to gnutls installation root]),
119 GNUTLS=$withval)
120
114AC_PATH_PROG(HOSTNAME,hostname) 121AC_PATH_PROG(HOSTNAME,hostname)
115AC_PATH_PROG(BASENAME,basename) 122AC_PATH_PROG(BASENAME,basename)
116 123
@@ -409,6 +416,7 @@ if test "$FOUNDINCLUDE" = "no"; then
409 CPPFLAGS="$_SAVEDCPPFLAGS" 416 CPPFLAGS="$_SAVEDCPPFLAGS"
410fi 417fi
411 418
419
412dnl Check for OpenSSL location 420dnl Check for OpenSSL location
413AC_PATH_PROG(OPENSSL,openssl) 421AC_PATH_PROG(OPENSSL,openssl)
414if test "$OPENSSL" = "/usr/bin/openssl"; then 422if test "$OPENSSL" = "/usr/bin/openssl"; then
@@ -478,18 +486,43 @@ else
478 fi 486 fi
479fi 487fi
480 488
489dnl check for gnutls if openssl isn't found (or is disabled)
490FOUNDGNUTLS="no"
491if ! test "$FOUNDSSL" = "yes"; then
492 if test "$GNUTLS" = ""; then
493 CPPFLAGS="$CPPFLAGS -I$GNUTLS"
494 elif ! test "$LIBGNUTLS_CONFIG" = ""; then
495 CPPFLAGS="$CPPFLAGS -I`$LIBGNUTLS_CONFIG --prefix`"
496 fi
497 AC_CHECK_HEADERS([gnutls/openssl.h],FOUNDGNUTLS="yes",)
498 if test "$FOUNDGNUTLS" = "yes"; then
499 AC_CHECK_LIB(gnutls-openssl,main,SSLLIBS="-lgnutls-openssl")
500 FOUNDSSL="yes"
501 fi
502fi
503dnl end check for gnutls
504
481if test "$FOUNDSSL" = "yes"; then 505if test "$FOUNDSSL" = "yes"; then
482 check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp" 506 check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp"
483 AC_SUBST(check_tcp_ssl) 507 AC_SUBST(check_tcp_ssl)
484 AC_SUBST(SSLLIBS) 508 AC_SUBST(SSLLIBS)
485 AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) 509 AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found])
486 with_openssl="yes" 510 if test "$FOUNDGNUTLS" = "no"; then
511 AC_DEFINE(USE_OPENSSL,1,[Define if using OpenSSL libraries])
512 with_openssl="yes"
513 with_gnutls="no"
514 else
515 AC_DEFINE(USE_GNUTLS,1,[Define if using gnutls libraries])
516 with_gnutls="yes"
517 with_openssl="no"
518 fi
487else 519else
488 if test "$FOUNDSSL" = "no"; then 520 if test "$FOUNDSSL" = "no"; then
489 AC_MSG_WARN([OpenSSL libs could not be found]) 521 AC_MSG_WARN([OpenSSL libs could not be found])
490 dnl else deliberately disabled 522 dnl else deliberately disabled
491 fi 523 fi
492 with_openssl="no" 524 with_openssl="no"
525 with_gnutls="no"
493 CPPFLAGS="$_SAVEDCPPFLAGS" 526 CPPFLAGS="$_SAVEDCPPFLAGS"
494 LDFLAGS="$_SAVEDLDFLAGS" 527 LDFLAGS="$_SAVEDLDFLAGS"
495fi 528fi
@@ -1597,4 +1630,5 @@ ACX_FEATURE([with],[ping6-command])
1597ACX_FEATURE([with],[lwres]) 1630ACX_FEATURE([with],[lwres])
1598ACX_FEATURE([with],[ipv6]) 1631ACX_FEATURE([with],[ipv6])
1599ACX_FEATURE([with],[openssl]) 1632ACX_FEATURE([with],[openssl])
1633ACX_FEATURE([with],[gnutls])
1600ACX_FEATURE([enable],[emulate-getaddrinfo]) 1634ACX_FEATURE([enable],[emulate-getaddrinfo])
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index ad8b0429..157588fd 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -28,21 +28,25 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
28#include "netutils.h" 28#include "netutils.h"
29#include "utils.h" 29#include "utils.h"
30 30
31#ifdef HAVE_SSL_H 31#ifdef HAVE_GNUTLS_OPENSSL_H
32# include <rsa.h> 32# include <gnutls/openssl.h>
33# include <crypto.h>
34# include <x509.h>
35# include <pem.h>
36# include <ssl.h>
37# include <err.h>
38#else 33#else
39# ifdef HAVE_OPENSSL_SSL_H 34# ifdef HAVE_SSL_H
40# include <openssl/rsa.h> 35# include <rsa.h>
41# include <openssl/crypto.h> 36# include <crypto.h>
42# include <openssl/x509.h> 37# include <x509.h>
43# include <openssl/pem.h> 38# include <pem.h>
44# include <openssl/ssl.h> 39# include <ssl.h>
45# include <openssl/err.h> 40# include <err.h>
41# else
42# ifdef HAVE_OPENSSL_SSL_H
43# include <openssl/rsa.h>
44# include <openssl/crypto.h>
45# include <openssl/x509.h>
46# include <openssl/pem.h>
47# include <openssl/ssl.h>
48# include <openssl/err.h>
49# endif
46# endif 50# endif
47#endif 51#endif
48 52
@@ -54,7 +58,9 @@ static SSL_CTX *ctx;
54static SSL *ssl; 58static SSL *ssl;
55static X509 *server_cert; 59static X509 *server_cert;
56static int connect_SSL (void); 60static int connect_SSL (void);
61# ifdef USE_OPENSSL
57static int check_certificate (X509 **); 62static int check_certificate (X509 **);
63# endif /* USE_OPENSSL */
58# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) 64# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))
59#else 65#else
60# define my_recv(buf, len) read(sd, buf, len) 66# define my_recv(buf, len) read(sd, buf, len)
@@ -231,6 +237,7 @@ main (int argc, char **argv)
231 if (flags & FLAG_SSL && check_cert == TRUE) { 237 if (flags & FLAG_SSL && check_cert == TRUE) {
232 if (connect_SSL () != OK) 238 if (connect_SSL () != OK)
233 die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); 239 die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
240# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
234 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { 241 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
235 result = check_certificate (&server_cert); 242 result = check_certificate (&server_cert);
236 X509_free(server_cert); 243 X509_free(server_cert);
@@ -239,6 +246,7 @@ main (int argc, char **argv)
239 printf(_("CRITICAL - Cannot retrieve server certificate.\n")); 246 printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
240 result = STATE_CRITICAL; 247 result = STATE_CRITICAL;
241 } 248 }
249# endif /* USE_OPENSSL */
242 250
243 SSL_shutdown (ssl); 251 SSL_shutdown (ssl);
244 SSL_free (ssl); 252 SSL_free (ssl);
@@ -563,12 +571,14 @@ process_arguments (int argc, char **argv)
563 break; 571 break;
564 case 'D': /* Check SSL cert validity - days 'til certificate expiration */ 572 case 'D': /* Check SSL cert validity - days 'til certificate expiration */
565#ifdef HAVE_SSL 573#ifdef HAVE_SSL
574# ifdef USE_OPENSSL /* XXX */
566 if (!is_intnonneg (optarg)) 575 if (!is_intnonneg (optarg))
567 usage2 (_("Invalid certificate expiration period"), optarg); 576 usage2 (_("Invalid certificate expiration period"), optarg);
568 days_till_exp = atoi (optarg); 577 days_till_exp = atoi (optarg);
569 check_cert = TRUE; 578 check_cert = TRUE;
570 flags |= FLAG_SSL; 579 flags |= FLAG_SSL;
571 break; 580 break;
581# endif /* USE_OPENSSL */
572#endif 582#endif
573 /* fallthrough if we don't have ssl */ 583 /* fallthrough if we don't have ssl */
574 case 'S': 584 case 'S':
@@ -626,7 +636,9 @@ connect_SSL (void)
626 return OK; 636 return OK;
627 /* ERR_print_errors_fp (stderr); */ 637 /* ERR_print_errors_fp (stderr); */
628 printf (_("CRITICAL - Cannot make SSL connection ")); 638 printf (_("CRITICAL - Cannot make SSL connection "));
639#ifdef USE_OPENSSL /* XXX */
629 ERR_print_errors_fp (stdout); 640 ERR_print_errors_fp (stdout);
641#endif /* USE_OPENSSL */
630 /* printf("\n"); */ 642 /* printf("\n"); */
631 } 643 }
632 else 644 else
@@ -642,6 +654,7 @@ connect_SSL (void)
642 return STATE_CRITICAL; 654 return STATE_CRITICAL;
643} 655}
644 656
657#ifdef USE_OPENSSL /* XXX */
645static int 658static int
646check_certificate (X509 ** certificate) 659check_certificate (X509 ** certificate)
647{ 660{
@@ -715,6 +728,7 @@ check_certificate (X509 ** certificate)
715 728
716 return STATE_OK; 729 return STATE_OK;
717} 730}
731# endif /* USE_OPENSSL */
718#endif /* HAVE_SSL */ 732#endif /* HAVE_SSL */
719 733
720 734