diff options
author | Thomas Guyot-Sionnest <dermoth@aei.ca> | 2009-05-20 05:05:35 (GMT) |
---|---|---|
committer | Thomas Guyot-Sionnest <dermoth@aei.ca> | 2009-05-20 05:05:35 (GMT) |
commit | 0489df95fc5ab2c84cd7830df97942a874e431d9 (patch) | |
tree | be2615d44c1f1b86cf668ce55c5e42dc3e3c28f8 | |
parent | 56cf66c9b815ed953245476b7c715f15cf053763 (diff) | |
download | monitoring-plugins-0489df95fc5ab2c84cd7830df97942a874e431d9.tar.gz |
check_http: Add SSL/TLS hostname extension support (SNI) - (#1939022 - Joe Presbrey)
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | THANKS.in | 1 | ||||
-rw-r--r-- | plugins/check_http.c | 2 | ||||
-rw-r--r-- | plugins/netutils.h | 1 | ||||
-rw-r--r-- | plugins/sslutils.c | 13 |
5 files changed, 16 insertions, 2 deletions
@@ -34,6 +34,7 @@ This file documents the major additions and syntax changes between releases. | |||
34 | Fixed typos for check_disk (Chris Pepper) | 34 | Fixed typos for check_disk (Chris Pepper) |
35 | Fixed check_mysql* not using password set in my.cnf (#2531905 - Ben Timby) - Specify an empty password explicitly if you need to override it. | 35 | Fixed check_mysql* not using password set in my.cnf (#2531905 - Ben Timby) - Specify an empty password explicitly if you need to override it. |
36 | Fixed awk subst.in/subst script path error (#2722832 - Martin Foster) | 36 | Fixed awk subst.in/subst script path error (#2722832 - Martin Foster) |
37 | check_http: Add SSL/TLS hostname extension support (SNI) - (#1939022 - Joe Presbrey) | ||
37 | 38 | ||
38 | 1.4.13 25th Sept 2008 | 39 | 1.4.13 25th Sept 2008 |
39 | Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) | 40 | Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen) |
@@ -252,3 +252,4 @@ Oskar Ahner | |||
252 | Chris Pepper | 252 | Chris Pepper |
253 | Ben Timby | 253 | Ben Timby |
254 | Martin Foster | 254 | Martin Foster |
255 | Joe Presbrey | ||
diff --git a/plugins/check_http.c b/plugins/check_http.c index 0310203..79f6adf 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -790,7 +790,7 @@ check_http (void) | |||
790 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | 790 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); |
791 | #ifdef HAVE_SSL | 791 | #ifdef HAVE_SSL |
792 | if (use_ssl == TRUE) { | 792 | if (use_ssl == TRUE) { |
793 | np_net_ssl_init(sd); | 793 | np_net_ssl_init_with_hostname(sd, host_name); |
794 | if (check_cert == TRUE) { | 794 | if (check_cert == TRUE) { |
795 | result = np_net_ssl_check_cert(days_till_exp); | 795 | result = np_net_ssl_check_cert(days_till_exp); |
796 | np_net_ssl_cleanup(); | 796 | np_net_ssl_cleanup(); |
diff --git a/plugins/netutils.h b/plugins/netutils.h index b479b74..572a3ae 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h | |||
@@ -99,6 +99,7 @@ extern int address_family; | |||
99 | #ifdef HAVE_SSL | 99 | #ifdef HAVE_SSL |
100 | /* maybe this could be merged with the above np_net_connect, via some flags */ | 100 | /* maybe this could be merged with the above np_net_connect, via some flags */ |
101 | int np_net_ssl_init(int sd); | 101 | int np_net_ssl_init(int sd); |
102 | int np_net_ssl_init_with_hostname(int sd, char *host_name); | ||
102 | void np_net_ssl_cleanup(); | 103 | void np_net_ssl_cleanup(); |
103 | int np_net_ssl_write(const void *buf, int num); | 104 | int np_net_ssl_write(const void *buf, int num); |
104 | int np_net_ssl_read(void *buf, int num); | 105 | int np_net_ssl_read(void *buf, int num); |
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 1d4ef94..aa571b6 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
@@ -35,7 +35,11 @@ static SSL_CTX *c=NULL; | |||
35 | static SSL *s=NULL; | 35 | static SSL *s=NULL; |
36 | static int initialized=0; | 36 | static int initialized=0; |
37 | 37 | ||
38 | int np_net_ssl_init (int sd){ | 38 | int np_net_ssl_init (int sd) { |
39 | return np_net_ssl_init_with_hostname(sd, NULL); | ||
40 | } | ||
41 | |||
42 | int np_net_ssl_init_with_hostname (int sd, char *host_name) { | ||
39 | if (!initialized) { | 43 | if (!initialized) { |
40 | /* Initialize SSL context */ | 44 | /* Initialize SSL context */ |
41 | SSLeay_add_ssl_algorithms (); | 45 | SSLeay_add_ssl_algorithms (); |
@@ -48,6 +52,10 @@ int np_net_ssl_init (int sd){ | |||
48 | return STATE_CRITICAL; | 52 | return STATE_CRITICAL; |
49 | } | 53 | } |
50 | if ((s = SSL_new (c)) != NULL){ | 54 | if ((s = SSL_new (c)) != NULL){ |
55 | #ifdef SSL_set_tlsext_host_name | ||
56 | if (host_name != NULL) | ||
57 | SSL_set_tlsext_host_name(s, host_name); | ||
58 | #endif | ||
51 | SSL_set_fd (s, sd); | 59 | SSL_set_fd (s, sd); |
52 | if (SSL_connect(s) == 1){ | 60 | if (SSL_connect(s) == 1){ |
53 | return OK; | 61 | return OK; |
@@ -65,6 +73,9 @@ int np_net_ssl_init (int sd){ | |||
65 | 73 | ||
66 | void np_net_ssl_cleanup (){ | 74 | void np_net_ssl_cleanup (){ |
67 | if(s){ | 75 | if(s){ |
76 | #ifdef SSL_set_tlsext_host_name | ||
77 | SSL_set_tlsext_host_name(s, NULL); | ||
78 | #endif | ||
68 | SSL_shutdown (s); | 79 | SSL_shutdown (s); |
69 | SSL_free (s); | 80 | SSL_free (s); |
70 | if(c) { | 81 | if(c) { |