diff options
author | vagrant <vagrant@debiantesting-64> | 2016-11-13 19:39:46 +0000 |
---|---|---|
committer | Sven Nierlein <sven@nierlein.de> | 2016-11-13 21:14:02 +0000 |
commit | fe1c4bb0e5ea3632d608a6b8b7e51d580856d833 (patch) | |
tree | 5fceabfc6f53b2bf7505bba099fa75d6cc8159bc | |
parent | 2f845e9ebc2b7bcf6472e0191752215d351e4e7c (diff) | |
download | monitoring-plugins-fe1c4bb.tar.gz |
add openssl 1.1 support
changes:
- CRYPTO_lock detection replaced in configure.ac. We don't use that
function anywhere, so just replace it with the suggested one from
https://wiki.openssl.org/index.php/Library_Initialization#Autoconf
- OPENSSL_NO_SSL2 is no longer defined while ssl2 is not included.
Set it ourself using the suggested openssl 1.1 version check from
https://wiki.openssl.org/index.php/1.1_API_Changes#Backward_compatibility
- openssl 1.1 sends a sigpipe if the connection is still open when
calling SSL_shutdown(), so move the close before the shutdown.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | plugins/check_http.c | 4 | ||||
-rw-r--r-- | plugins/check_smtp.c | 8 | ||||
-rw-r--r-- | plugins/check_tcp.c | 4 | ||||
-rw-r--r-- | plugins/common.h | 7 |
5 files changed, 19 insertions, 10 deletions
diff --git a/configure.ac b/configure.ac index 0a554af6..5ef56f75 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -493,15 +493,15 @@ if ! test x"$with_openssl" = x"no"; then | |||
493 | dnl Check for crypto lib | 493 | dnl Check for crypto lib |
494 | _SAVEDLIBS="$LIBS" | 494 | _SAVEDLIBS="$LIBS" |
495 | LIBS="-L${with_openssl}/lib" | 495 | LIBS="-L${with_openssl}/lib" |
496 | AC_CHECK_LIB(crypto,CRYPTO_lock) | 496 | AC_CHECK_LIB(crypto,CRYPTO_new_ex_data) |
497 | if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then | 497 | if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then |
498 | dnl Check for SSL lib | 498 | dnl Check for SSL lib |
499 | AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto) | 499 | AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto) |
500 | fi | 500 | fi |
501 | LIBS="$_SAVEDLIBS" | 501 | LIBS="$_SAVEDLIBS" |
502 | 502 | ||
503 | dnl test headers and libs to decide whether check_http should use SSL | 503 | dnl test headers and libs to decide whether check_http should use SSL |
504 | if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then | 504 | if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then |
505 | if test "$ac_cv_lib_ssl_main" = "yes"; then | 505 | if test "$ac_cv_lib_ssl_main" = "yes"; then |
506 | if test "$FOUNDINCLUDE" = "yes"; then | 506 | if test "$FOUNDINCLUDE" = "yes"; then |
507 | FOUNDOPENSSL="yes" | 507 | FOUNDOPENSSL="yes" |
diff --git a/plugins/check_http.c b/plugins/check_http.c index 60fe4d52..2347a6f2 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -941,8 +941,8 @@ check_http (void) | |||
941 | elapsed_time_ssl = (double)microsec_ssl / 1.0e6; | 941 | elapsed_time_ssl = (double)microsec_ssl / 1.0e6; |
942 | if (check_cert == TRUE) { | 942 | if (check_cert == TRUE) { |
943 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | 943 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
944 | np_net_ssl_cleanup(); | ||
945 | if (sd) close(sd); | 944 | if (sd) close(sd); |
945 | np_net_ssl_cleanup(); | ||
946 | return result; | 946 | return result; |
947 | } | 947 | } |
948 | } | 948 | } |
@@ -1086,10 +1086,10 @@ check_http (void) | |||
1086 | die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n")); | 1086 | die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n")); |
1087 | 1087 | ||
1088 | /* close the connection */ | 1088 | /* close the connection */ |
1089 | if (sd) close(sd); | ||
1089 | #ifdef HAVE_SSL | 1090 | #ifdef HAVE_SSL |
1090 | np_net_ssl_cleanup(); | 1091 | np_net_ssl_cleanup(); |
1091 | #endif | 1092 | #endif |
1092 | if (sd) close(sd); | ||
1093 | 1093 | ||
1094 | /* Save check time */ | 1094 | /* Save check time */ |
1095 | microsec = deltime (tv); | 1095 | microsec = deltime (tv); |
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 1996c6d3..f5a6fa3d 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c | |||
@@ -239,8 +239,8 @@ main (int argc, char **argv) | |||
239 | result = np_net_ssl_init(sd); | 239 | result = np_net_ssl_init(sd); |
240 | if(result != STATE_OK) { | 240 | if(result != STATE_OK) { |
241 | printf (_("CRITICAL - Cannot create SSL context.\n")); | 241 | printf (_("CRITICAL - Cannot create SSL context.\n")); |
242 | np_net_ssl_cleanup(); | ||
243 | close(sd); | 242 | close(sd); |
243 | np_net_ssl_cleanup(); | ||
244 | return STATE_CRITICAL; | 244 | return STATE_CRITICAL; |
245 | } else { | 245 | } else { |
246 | ssl_established = 1; | 246 | ssl_established = 1; |
@@ -764,10 +764,12 @@ recvlines(char *buf, size_t bufsize) | |||
764 | int | 764 | int |
765 | my_close (void) | 765 | my_close (void) |
766 | { | 766 | { |
767 | int result; | ||
768 | result = close(sd); | ||
767 | #ifdef HAVE_SSL | 769 | #ifdef HAVE_SSL |
768 | np_net_ssl_cleanup(); | 770 | np_net_ssl_cleanup(); |
769 | #endif | 771 | #endif |
770 | return close(sd); | 772 | return result; |
771 | } | 773 | } |
772 | 774 | ||
773 | 775 | ||
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 6dc9aa96..61333bd7 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -247,8 +247,8 @@ main (int argc, char **argv) | |||
247 | } | 247 | } |
248 | } | 248 | } |
249 | if(result != STATE_OK){ | 249 | if(result != STATE_OK){ |
250 | np_net_ssl_cleanup(); | ||
251 | if(sd) close(sd); | 250 | if(sd) close(sd); |
251 | np_net_ssl_cleanup(); | ||
252 | return result; | 252 | return result; |
253 | } | 253 | } |
254 | #endif /* HAVE_SSL */ | 254 | #endif /* HAVE_SSL */ |
@@ -321,10 +321,10 @@ main (int argc, char **argv) | |||
321 | if (server_quit != NULL) { | 321 | if (server_quit != NULL) { |
322 | my_send(server_quit, strlen(server_quit)); | 322 | my_send(server_quit, strlen(server_quit)); |
323 | } | 323 | } |
324 | if (sd) close (sd); | ||
324 | #ifdef HAVE_SSL | 325 | #ifdef HAVE_SSL |
325 | np_net_ssl_cleanup(); | 326 | np_net_ssl_cleanup(); |
326 | #endif | 327 | #endif |
327 | if (sd) close (sd); | ||
328 | 328 | ||
329 | microsec = deltime (tv); | 329 | microsec = deltime (tv); |
330 | elapsed_time = (double)microsec / 1.0e6; | 330 | elapsed_time = (double)microsec / 1.0e6; |
diff --git a/plugins/common.h b/plugins/common.h index 01003b3b..8719b502 100644 --- a/plugins/common.h +++ b/plugins/common.h | |||
@@ -161,6 +161,13 @@ | |||
161 | # endif | 161 | # endif |
162 | #endif | 162 | #endif |
163 | 163 | ||
164 | /* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */ | ||
165 | #ifdef OPENSSL_VERSION_NUMBER | ||
166 | # if OPENSSL_VERSION_NUMBER >= 0x10100000 | ||
167 | # define OPENSSL_NO_SSL2 | ||
168 | # endif | ||
169 | #endif | ||
170 | |||
164 | /* | 171 | /* |
165 | * | 172 | * |
166 | * Standard Values | 173 | * Standard Values |