diff options
author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 +0000 |
---|---|---|
committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 +0000 |
commit | 65282c7685ca01c57d94d3df93c2f95d5b945e57 (patch) | |
tree | eb1d0c95752126bd526d939332d14bf40cf7d1f7 /plugins/check_http.c | |
parent | 8611341fb989382545c0c934c700e027d9bbab15 (diff) | |
download | monitoring-plugins-65282c7685ca01c57d94d3df93c2f95d5b945e57.tar.gz |
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple
inclusions (as netlibs now includes common.h)
- all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though
certificate checking still needs to be done.
- modified configure script so you can also explicitly say "without-gnutls"
too (otherwise if you disable openssl you have no way of disabling
gnutls too)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1255 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/check_http.c')
-rw-r--r-- | plugins/check_http.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 35b2cca3..d47f5ce6 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -65,7 +65,9 @@ SSL_CTX *ctx; | |||
65 | SSL *ssl; | 65 | SSL *ssl; |
66 | X509 *server_cert; | 66 | X509 *server_cert; |
67 | int connect_SSL (void); | 67 | int connect_SSL (void); |
68 | # ifdef USE_OPENSSL | ||
68 | int check_certificate (X509 **); | 69 | int check_certificate (X509 **); |
70 | # endif | ||
69 | #endif | 71 | #endif |
70 | int no_body = FALSE; | 72 | int no_body = FALSE; |
71 | int maximum_age = -1; | 73 | int maximum_age = -1; |
@@ -166,7 +168,7 @@ main (int argc, char **argv) | |||
166 | (void) alarm (socket_timeout); | 168 | (void) alarm (socket_timeout); |
167 | gettimeofday (&tv, NULL); | 169 | gettimeofday (&tv, NULL); |
168 | 170 | ||
169 | #ifdef HAVE_SSL | 171 | #ifdef USE_OPENSSL |
170 | if (use_ssl && check_cert == TRUE) { | 172 | if (use_ssl && check_cert == TRUE) { |
171 | if (connect_SSL () != OK) | 173 | if (connect_SSL () != OK) |
172 | die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n")); | 174 | die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n")); |
@@ -305,7 +307,7 @@ process_arguments (int argc, char **argv) | |||
305 | server_port = HTTPS_PORT; | 307 | server_port = HTTPS_PORT; |
306 | break; | 308 | break; |
307 | case 'C': /* Check SSL cert validity */ | 309 | case 'C': /* Check SSL cert validity */ |
308 | #ifdef HAVE_SSL | 310 | #ifdef USE_OPENSSL |
309 | if (!is_intnonneg (optarg)) | 311 | if (!is_intnonneg (optarg)) |
310 | usage2 (_("Invalid certificate expiration period"), optarg); | 312 | usage2 (_("Invalid certificate expiration period"), optarg); |
311 | else { | 313 | else { |
@@ -799,10 +801,11 @@ check_http (void) | |||
799 | if (connect_SSL () != OK) { | 801 | if (connect_SSL () != OK) { |
800 | die (STATE_CRITICAL, _("Unable to open TCP socket\n")); | 802 | die (STATE_CRITICAL, _("Unable to open TCP socket\n")); |
801 | } | 803 | } |
802 | 804 | #ifdef USE_OPENSSL | |
803 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 805 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
804 | X509_free (server_cert); | 806 | X509_free (server_cert); |
805 | } | 807 | } |
808 | #endif | ||
806 | else { | 809 | else { |
807 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); | 810 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); |
808 | return STATE_CRITICAL; | 811 | return STATE_CRITICAL; |
@@ -857,7 +860,9 @@ check_http (void) | |||
857 | #ifdef HAVE_SSL | 860 | #ifdef HAVE_SSL |
858 | if (use_ssl == TRUE) { | 861 | if (use_ssl == TRUE) { |
859 | if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) { | 862 | if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) { |
863 | # ifdef USE_OPENSSL | ||
860 | ERR_print_errors_fp (stderr); | 864 | ERR_print_errors_fp (stderr); |
865 | # endif | ||
861 | return STATE_CRITICAL; | 866 | return STATE_CRITICAL; |
862 | } | 867 | } |
863 | } | 868 | } |
@@ -1278,11 +1283,15 @@ int connect_SSL (void) | |||
1278 | if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) { | 1283 | if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) { |
1279 | /* Do the SSL handshake */ | 1284 | /* Do the SSL handshake */ |
1280 | if ((ssl = SSL_new (ctx)) != NULL) { | 1285 | if ((ssl = SSL_new (ctx)) != NULL) { |
1286 | #ifdef USE_OPENSSL | ||
1281 | SSL_set_cipher_list(ssl, "ALL"); | 1287 | SSL_set_cipher_list(ssl, "ALL"); |
1288 | #endif | ||
1282 | SSL_set_fd (ssl, sd); | 1289 | SSL_set_fd (ssl, sd); |
1283 | if (SSL_connect (ssl) != -1) | 1290 | if (SSL_connect (ssl) != -1) |
1284 | return OK; | 1291 | return OK; |
1292 | #ifdef USE_OPENSSL | ||
1285 | ERR_print_errors_fp (stderr); | 1293 | ERR_print_errors_fp (stderr); |
1294 | #endif | ||
1286 | } | 1295 | } |
1287 | else { | 1296 | else { |
1288 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | 1297 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); |
@@ -1299,7 +1308,7 @@ int connect_SSL (void) | |||
1299 | 1308 | ||
1300 | 1309 | ||
1301 | 1310 | ||
1302 | #ifdef HAVE_SSL | 1311 | #ifdef USE_OPENSSL |
1303 | int | 1312 | int |
1304 | check_certificate (X509 ** certificate) | 1313 | check_certificate (X509 ** certificate) |
1305 | { | 1314 | { |