diff options
author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 (GMT) |
---|---|---|
committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 (GMT) |
commit | 65282c7685ca01c57d94d3df93c2f95d5b945e57 (patch) | |
tree | eb1d0c95752126bd526d939332d14bf40cf7d1f7 /plugins | |
parent | 8611341fb989382545c0c934c700e027d9bbab15 (diff) | |
download | monitoring-plugins-65282c7685ca01c57d94d3df93c2f95d5b945e57.tar.gz |
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple
inclusions (as netlibs now includes common.h)
- all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though
certificate checking still needs to be done.
- modified configure script so you can also explicitly say "without-gnutls"
too (otherwise if you disable openssl you have no way of disabling
gnutls too)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1255 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/Makefile.am | 10 | ||||
-rw-r--r-- | plugins/check_http.c | 17 | ||||
-rw-r--r-- | plugins/check_smtp.c | 10 | ||||
-rw-r--r-- | plugins/check_tcp.c | 145 | ||||
-rw-r--r-- | plugins/common.h | 28 | ||||
-rw-r--r-- | plugins/netutils.c | 48 | ||||
-rw-r--r-- | plugins/netutils.h | 15 |
7 files changed, 148 insertions, 125 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 6b7de7e..beefb32 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am | |||
@@ -2,12 +2,12 @@ | |||
2 | 2 | ||
3 | VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t | 3 | VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t |
4 | 4 | ||
5 | INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ | 5 | INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ @SSLINCLUDE@ |
6 | 6 | ||
7 | datadir = @datadir@ | 7 | datadir = @datadir@ |
8 | localedir = $(datadir)/locale | 8 | localedir = $(datadir)/locale |
9 | DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ | 9 | DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ |
10 | LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@ | 10 | LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@ |
11 | MATHLIBS = @MATHLIBS@ | 11 | MATHLIBS = @MATHLIBS@ |
12 | 12 | ||
13 | libexec_PROGRAMS = check_disk check_dummy check_http check_load \ | 13 | libexec_PROGRAMS = check_disk check_dummy check_http check_load \ |
@@ -51,7 +51,7 @@ check_dns_LDADD = $(NETLIBS) popen.o | |||
51 | check_dummy_LDADD = $(BASEOBJS) | 51 | check_dummy_LDADD = $(BASEOBJS) |
52 | check_fping_LDADD = $(NETLIBS) popen.o | 52 | check_fping_LDADD = $(NETLIBS) popen.o |
53 | check_game_LDADD = $(BASEOBJS) popen.o | 53 | check_game_LDADD = $(BASEOBJS) popen.o |
54 | check_http_LDADD = $(NETLIBS) $(SSLLIBS) | 54 | check_http_LDADD = $(NETLIBS) |
55 | check_hpjd_LDADD = $(NETLIBS) popen.o | 55 | check_hpjd_LDADD = $(NETLIBS) popen.o |
56 | check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS) | 56 | check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS) |
57 | check_load_LDADD = $(BASEOBJS) popen.o | 57 | check_load_LDADD = $(BASEOBJS) popen.o |
@@ -68,10 +68,10 @@ check_procs_LDADD = $(BASEOBJS) popen.o | |||
68 | check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS) | 68 | check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS) |
69 | check_real_LDADD = $(NETLIBS) | 69 | check_real_LDADD = $(NETLIBS) |
70 | check_snmp_LDADD = $(BASEOBJS) popen.o | 70 | check_snmp_LDADD = $(BASEOBJS) popen.o |
71 | check_smtp_LDADD = $(NETLIBS) $(SSLLIBS) | 71 | check_smtp_LDADD = $(NETLIBS) |
72 | check_ssh_LDADD = $(NETLIBS) | 72 | check_ssh_LDADD = $(NETLIBS) |
73 | check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o | 73 | check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o |
74 | check_tcp_LDADD = $(NETLIBS) $(SSLLIBS) | 74 | check_tcp_LDADD = $(NETLIBS) |
75 | check_time_LDADD = $(NETLIBS) | 75 | check_time_LDADD = $(NETLIBS) |
76 | check_udp_LDADD = $(NETLIBS) | 76 | check_udp_LDADD = $(NETLIBS) |
77 | check_ups_LDADD = $(NETLIBS) | 77 | check_ups_LDADD = $(NETLIBS) |
diff --git a/plugins/check_http.c b/plugins/check_http.c index 35b2cca..d47f5ce 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -65,7 +65,9 @@ SSL_CTX *ctx; | |||
65 | SSL *ssl; | 65 | SSL *ssl; |
66 | X509 *server_cert; | 66 | X509 *server_cert; |
67 | int connect_SSL (void); | 67 | int connect_SSL (void); |
68 | # ifdef USE_OPENSSL | ||
68 | int check_certificate (X509 **); | 69 | int check_certificate (X509 **); |
70 | # endif | ||
69 | #endif | 71 | #endif |
70 | int no_body = FALSE; | 72 | int no_body = FALSE; |
71 | int maximum_age = -1; | 73 | int maximum_age = -1; |
@@ -166,7 +168,7 @@ main (int argc, char **argv) | |||
166 | (void) alarm (socket_timeout); | 168 | (void) alarm (socket_timeout); |
167 | gettimeofday (&tv, NULL); | 169 | gettimeofday (&tv, NULL); |
168 | 170 | ||
169 | #ifdef HAVE_SSL | 171 | #ifdef USE_OPENSSL |
170 | if (use_ssl && check_cert == TRUE) { | 172 | if (use_ssl && check_cert == TRUE) { |
171 | if (connect_SSL () != OK) | 173 | if (connect_SSL () != OK) |
172 | die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n")); | 174 | die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n")); |
@@ -305,7 +307,7 @@ process_arguments (int argc, char **argv) | |||
305 | server_port = HTTPS_PORT; | 307 | server_port = HTTPS_PORT; |
306 | break; | 308 | break; |
307 | case 'C': /* Check SSL cert validity */ | 309 | case 'C': /* Check SSL cert validity */ |
308 | #ifdef HAVE_SSL | 310 | #ifdef USE_OPENSSL |
309 | if (!is_intnonneg (optarg)) | 311 | if (!is_intnonneg (optarg)) |
310 | usage2 (_("Invalid certificate expiration period"), optarg); | 312 | usage2 (_("Invalid certificate expiration period"), optarg); |
311 | else { | 313 | else { |
@@ -799,10 +801,11 @@ check_http (void) | |||
799 | if (connect_SSL () != OK) { | 801 | if (connect_SSL () != OK) { |
800 | die (STATE_CRITICAL, _("Unable to open TCP socket\n")); | 802 | die (STATE_CRITICAL, _("Unable to open TCP socket\n")); |
801 | } | 803 | } |
802 | 804 | #ifdef USE_OPENSSL | |
803 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 805 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
804 | X509_free (server_cert); | 806 | X509_free (server_cert); |
805 | } | 807 | } |
808 | #endif | ||
806 | else { | 809 | else { |
807 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); | 810 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); |
808 | return STATE_CRITICAL; | 811 | return STATE_CRITICAL; |
@@ -857,7 +860,9 @@ check_http (void) | |||
857 | #ifdef HAVE_SSL | 860 | #ifdef HAVE_SSL |
858 | if (use_ssl == TRUE) { | 861 | if (use_ssl == TRUE) { |
859 | if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) { | 862 | if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) { |
863 | # ifdef USE_OPENSSL | ||
860 | ERR_print_errors_fp (stderr); | 864 | ERR_print_errors_fp (stderr); |
865 | # endif | ||
861 | return STATE_CRITICAL; | 866 | return STATE_CRITICAL; |
862 | } | 867 | } |
863 | } | 868 | } |
@@ -1278,11 +1283,15 @@ int connect_SSL (void) | |||
1278 | if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) { | 1283 | if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) { |
1279 | /* Do the SSL handshake */ | 1284 | /* Do the SSL handshake */ |
1280 | if ((ssl = SSL_new (ctx)) != NULL) { | 1285 | if ((ssl = SSL_new (ctx)) != NULL) { |
1286 | #ifdef USE_OPENSSL | ||
1281 | SSL_set_cipher_list(ssl, "ALL"); | 1287 | SSL_set_cipher_list(ssl, "ALL"); |
1288 | #endif | ||
1282 | SSL_set_fd (ssl, sd); | 1289 | SSL_set_fd (ssl, sd); |
1283 | if (SSL_connect (ssl) != -1) | 1290 | if (SSL_connect (ssl) != -1) |
1284 | return OK; | 1291 | return OK; |
1292 | #ifdef USE_OPENSSL | ||
1285 | ERR_print_errors_fp (stderr); | 1293 | ERR_print_errors_fp (stderr); |
1294 | #endif | ||
1286 | } | 1295 | } |
1287 | else { | 1296 | else { |
1288 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | 1297 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); |
@@ -1299,7 +1308,7 @@ int connect_SSL (void) | |||
1299 | 1308 | ||
1300 | 1309 | ||
1301 | 1310 | ||
1302 | #ifdef HAVE_SSL | 1311 | #ifdef USE_OPENSSL |
1303 | int | 1312 | int |
1304 | check_certificate (X509 ** certificate) | 1313 | check_certificate (X509 ** certificate) |
1305 | { | 1314 | { |
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 3bb6a32..19e9aea 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c | |||
@@ -53,7 +53,9 @@ SSL_CTX *ctx; | |||
53 | SSL *ssl; | 53 | SSL *ssl; |
54 | X509 *server_cert; | 54 | X509 *server_cert; |
55 | int connect_STARTTLS (void); | 55 | int connect_STARTTLS (void); |
56 | # ifdef USE_OPENSSL | ||
56 | int check_certificate (X509 **); | 57 | int check_certificate (X509 **); |
58 | # endif | ||
57 | #endif | 59 | #endif |
58 | 60 | ||
59 | enum { | 61 | enum { |
@@ -241,6 +243,7 @@ main (int argc, char **argv) | |||
241 | } else { | 243 | } else { |
242 | ssl_established = TRUE; | 244 | ssl_established = TRUE; |
243 | } | 245 | } |
246 | # ifdef USE_OPENSSL | ||
244 | if ( check_cert ) { | 247 | if ( check_cert ) { |
245 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 248 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
246 | result = check_certificate (&server_cert); | 249 | result = check_certificate (&server_cert); |
@@ -254,6 +257,7 @@ main (int argc, char **argv) | |||
254 | my_close(); | 257 | my_close(); |
255 | return result; | 258 | return result; |
256 | } | 259 | } |
260 | # endif /* USE_OPENSSL */ | ||
257 | } | 261 | } |
258 | #endif | 262 | #endif |
259 | 263 | ||
@@ -491,7 +495,7 @@ process_arguments (int argc, char **argv) | |||
491 | break; | 495 | break; |
492 | case 'D': | 496 | case 'D': |
493 | /* Check SSL cert validity */ | 497 | /* Check SSL cert validity */ |
494 | #ifdef HAVE_SSL | 498 | #ifdef USE_OPENSSL |
495 | if (!is_intnonneg (optarg)) | 499 | if (!is_intnonneg (optarg)) |
496 | usage2 ("Invalid certificate expiration period",optarg); | 500 | usage2 ("Invalid certificate expiration period",optarg); |
497 | days_till_exp = atoi (optarg); | 501 | days_till_exp = atoi (optarg); |
@@ -645,7 +649,9 @@ connect_STARTTLS (void) | |||
645 | I look for success instead (1) */ | 649 | I look for success instead (1) */ |
646 | if (SSL_connect (ssl) == 1) | 650 | if (SSL_connect (ssl) == 1) |
647 | return OK; | 651 | return OK; |
652 | # ifdef USE_OPENSSL | ||
648 | ERR_print_errors_fp (stderr); | 653 | ERR_print_errors_fp (stderr); |
654 | # endif | ||
649 | } | 655 | } |
650 | else | 656 | else |
651 | { | 657 | { |
@@ -656,6 +662,7 @@ connect_STARTTLS (void) | |||
656 | return STATE_CRITICAL; | 662 | return STATE_CRITICAL; |
657 | } | 663 | } |
658 | 664 | ||
665 | # ifdef USE_OPENSSL | ||
659 | int | 666 | int |
660 | check_certificate (X509 ** certificate) | 667 | check_certificate (X509 ** certificate) |
661 | { | 668 | { |
@@ -728,6 +735,7 @@ check_certificate (X509 ** certificate) | |||
728 | 735 | ||
729 | return STATE_OK; | 736 | return STATE_OK; |
730 | } | 737 | } |
738 | # endif /* USE_OPENSSL */ | ||
731 | #endif | 739 | #endif |
732 | 740 | ||
733 | int | 741 | int |
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 157588f..3ffa4cd 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
28 | #include "netutils.h" | 28 | #include "netutils.h" |
29 | #include "utils.h" | 29 | #include "utils.h" |
30 | 30 | ||
31 | #ifdef HAVE_GNUTLS_OPENSSL_H | ||
32 | # include <gnutls/openssl.h> | ||
33 | #else | ||
34 | # ifdef HAVE_SSL_H | ||
35 | # include <rsa.h> | ||
36 | # include <crypto.h> | ||
37 | # include <x509.h> | ||
38 | # include <pem.h> | ||
39 | # include <ssl.h> | ||
40 | # include <err.h> | ||
41 | # else | ||
42 | # ifdef HAVE_OPENSSL_SSL_H | ||
43 | # include <openssl/rsa.h> | ||
44 | # include <openssl/crypto.h> | ||
45 | # include <openssl/x509.h> | ||
46 | # include <openssl/pem.h> | ||
47 | # include <openssl/ssl.h> | ||
48 | # include <openssl/err.h> | ||
49 | # endif | ||
50 | # endif | ||
51 | #endif | ||
52 | |||
53 | #ifdef HAVE_SSL | 31 | #ifdef HAVE_SSL |
54 | static int check_cert = FALSE; | 32 | static int check_cert = FALSE; |
55 | static int days_till_exp; | 33 | static int days_till_exp; |
56 | static char *randbuff = ""; | 34 | static char *randbuff = ""; |
57 | static SSL_CTX *ctx; | ||
58 | static SSL *ssl; | ||
59 | static X509 *server_cert; | 35 | static X509 *server_cert; |
60 | static int connect_SSL (void); | ||
61 | # ifdef USE_OPENSSL | 36 | # ifdef USE_OPENSSL |
62 | static int check_certificate (X509 **); | 37 | static int check_certificate (X509 **); |
63 | # endif /* USE_OPENSSL */ | 38 | # endif /* USE_OPENSSL */ |
64 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 39 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
40 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | ||
65 | #else | 41 | #else |
66 | # define my_recv(buf, len) read(sd, buf, len) | 42 | # define my_recv(buf, len) read(sd, buf, len) |
43 | # define my_send(buf, len) send(sd, buf, len, 0) | ||
67 | #endif | 44 | #endif |
68 | 45 | ||
69 | 46 | ||
@@ -233,11 +210,21 @@ main (int argc, char **argv) | |||
233 | 210 | ||
234 | /* try to connect to the host at the given port number */ | 211 | /* try to connect to the host at the given port number */ |
235 | gettimeofday (&tv, NULL); | 212 | gettimeofday (&tv, NULL); |
213 | |||
214 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); | ||
215 | if (result == STATE_CRITICAL) return STATE_CRITICAL; | ||
216 | |||
236 | #ifdef HAVE_SSL | 217 | #ifdef HAVE_SSL |
237 | if (flags & FLAG_SSL && check_cert == TRUE) { | 218 | if (flags & FLAG_SSL){ |
238 | if (connect_SSL () != OK) | 219 | result = np_net_ssl_init(sd); |
220 | if(result != STATE_OK) return result; | ||
221 | /* XXX does np_net_ssl take care of printing an error? | ||
239 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 222 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); |
223 | */ | ||
224 | } | ||
240 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | 225 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ |
226 | /* | ||
227 | if (flags & FLAG_SSL && check_cert == TRUE) { | ||
241 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 228 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
242 | result = check_certificate (&server_cert); | 229 | result = check_certificate (&server_cert); |
243 | X509_free(server_cert); | 230 | X509_free(server_cert); |
@@ -246,30 +233,21 @@ main (int argc, char **argv) | |||
246 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 233 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); |
247 | result = STATE_CRITICAL; | 234 | result = STATE_CRITICAL; |
248 | } | 235 | } |
236 | } | ||
237 | */ | ||
249 | # endif /* USE_OPENSSL */ | 238 | # endif /* USE_OPENSSL */ |
239 | #endif | ||
250 | 240 | ||
251 | SSL_shutdown (ssl); | 241 | if(result != STATE_OK){ |
252 | SSL_free (ssl); | 242 | #ifdef HAVE_SSL |
253 | SSL_CTX_free (ctx); | 243 | np_net_ssl_cleanup(); |
254 | close (sd); | 244 | #endif |
245 | if(sd) close(sd); | ||
255 | return result; | 246 | return result; |
256 | } | 247 | } |
257 | else if (flags & FLAG_SSL) | ||
258 | result = connect_SSL (); | ||
259 | else | ||
260 | #endif | ||
261 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); | ||
262 | |||
263 | if (result == STATE_CRITICAL) | ||
264 | return STATE_CRITICAL; | ||
265 | 248 | ||
266 | if (server_send != NULL) { /* Something to send? */ | 249 | if (server_send != NULL) { /* Something to send? */ |
267 | #ifdef HAVE_SSL | 250 | my_send(server_send, strlen(server_send)); |
268 | if (flags & FLAG_SSL) | ||
269 | SSL_write(ssl, server_send, (int)strlen(server_send)); | ||
270 | else | ||
271 | #endif | ||
272 | send (sd, server_send, strlen(server_send), 0); | ||
273 | } | 251 | } |
274 | 252 | ||
275 | if (delay > 0) { | 253 | if (delay > 0) { |
@@ -332,21 +310,12 @@ main (int argc, char **argv) | |||
332 | } | 310 | } |
333 | 311 | ||
334 | if (server_quit != NULL) { | 312 | if (server_quit != NULL) { |
335 | #ifdef HAVE_SSL | 313 | my_send(server_quit, strlen(server_quit)); |
336 | if (flags & FLAG_SSL) { | ||
337 | SSL_write (ssl, server_quit, (int)strlen(server_quit)); | ||
338 | SSL_shutdown (ssl); | ||
339 | SSL_free (ssl); | ||
340 | SSL_CTX_free (ctx); | ||
341 | } | ||
342 | else | ||
343 | #endif | ||
344 | send (sd, server_quit, strlen (server_quit), 0); | ||
345 | } | 314 | } |
346 | 315 | #ifdef HAVE_SSL | |
347 | /* close the connection */ | 316 | np_net_ssl_cleanup(); |
348 | if (sd) | 317 | #endif |
349 | close (sd); | 318 | if (sd) close (sd); |
350 | 319 | ||
351 | microsec = deltime (tv); | 320 | microsec = deltime (tv); |
352 | elapsed_time = (double)microsec / 1.0e6; | 321 | elapsed_time = (double)microsec / 1.0e6; |
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv) | |||
600 | 569 | ||
601 | /* SSL-specific functions */ | 570 | /* SSL-specific functions */ |
602 | #ifdef HAVE_SSL | 571 | #ifdef HAVE_SSL |
603 | static int | 572 | # ifdef USE_OPENSSL /* XXX */ |
604 | connect_SSL (void) | ||
605 | { | ||
606 | SSL_METHOD *meth; | ||
607 | |||
608 | /* Initialize SSL context */ | ||
609 | SSLeay_add_ssl_algorithms (); | ||
610 | meth = SSLv23_client_method (); | ||
611 | SSL_load_error_strings (); | ||
612 | OpenSSL_add_all_algorithms(); | ||
613 | if ((ctx = SSL_CTX_new (meth)) == NULL) | ||
614 | { | ||
615 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
616 | return STATE_CRITICAL; | ||
617 | } | ||
618 | |||
619 | /* Initialize alarm signal handling */ | ||
620 | signal (SIGALRM, socket_timeout_alarm_handler); | ||
621 | |||
622 | /* Set socket timeout */ | ||
623 | alarm (socket_timeout); | ||
624 | |||
625 | /* Save start time */ | ||
626 | time (&start_time); | ||
627 | |||
628 | /* Make TCP connection */ | ||
629 | if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE) | ||
630 | { | ||
631 | /* Do the SSL handshake */ | ||
632 | if ((ssl = SSL_new (ctx)) != NULL) | ||
633 | { | ||
634 | SSL_set_fd (ssl, sd); | ||
635 | if (SSL_connect(ssl) == 1) | ||
636 | return OK; | ||
637 | /* ERR_print_errors_fp (stderr); */ | ||
638 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
639 | #ifdef USE_OPENSSL /* XXX */ | ||
640 | ERR_print_errors_fp (stdout); | ||
641 | #endif /* USE_OPENSSL */ | ||
642 | /* printf("\n"); */ | ||
643 | } | ||
644 | else | ||
645 | { | ||
646 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
647 | } | ||
648 | SSL_free (ssl); | ||
649 | } | ||
650 | |||
651 | SSL_CTX_free (ctx); | ||
652 | close (sd); | ||
653 | |||
654 | return STATE_CRITICAL; | ||
655 | } | ||
656 | |||
657 | #ifdef USE_OPENSSL /* XXX */ | ||
658 | static int | 573 | static int |
659 | check_certificate (X509 ** certificate) | 574 | check_certificate (X509 ** certificate) |
660 | { | 575 | { |
diff --git a/plugins/common.h b/plugins/common.h index e10586b..5eac63e 100644 --- a/plugins/common.h +++ b/plugins/common.h | |||
@@ -32,6 +32,9 @@ | |||
32 | * | 32 | * |
33 | *****************************************************************************/ | 33 | *****************************************************************************/ |
34 | 34 | ||
35 | #ifndef _COMMON_H_ | ||
36 | #define _COMMON_H_ | ||
37 | |||
35 | #include "config.h" | 38 | #include "config.h" |
36 | 39 | ||
37 | #ifdef HAVE_FEATURES_H | 40 | #ifdef HAVE_FEATURES_H |
@@ -146,6 +149,29 @@ int snprintf(char *str, size_t size, const char *format, ...); | |||
146 | int vsnprintf(char *str, size_t size, const char *format, va_list ap); | 149 | int vsnprintf(char *str, size_t size, const char *format, va_list ap); |
147 | #endif | 150 | #endif |
148 | 151 | ||
152 | /* SSL implementations */ | ||
153 | #ifdef HAVE_GNUTLS_OPENSSL_H | ||
154 | # include <gnutls/openssl.h> | ||
155 | #else | ||
156 | # ifdef HAVE_SSL_H | ||
157 | # include <rsa.h> | ||
158 | # include <crypto.h> | ||
159 | # include <x509.h> | ||
160 | # include <pem.h> | ||
161 | # include <ssl.h> | ||
162 | # include <err.h> | ||
163 | # else | ||
164 | # ifdef HAVE_OPENSSL_SSL_H | ||
165 | # include <openssl/rsa.h> | ||
166 | # include <openssl/crypto.h> | ||
167 | # include <openssl/x509.h> | ||
168 | # include <openssl/pem.h> | ||
169 | # include <openssl/ssl.h> | ||
170 | # include <openssl/err.h> | ||
171 | # endif | ||
172 | # endif | ||
173 | #endif | ||
174 | |||
149 | /* | 175 | /* |
150 | * | 176 | * |
151 | * Standard Values | 177 | * Standard Values |
@@ -191,3 +217,5 @@ enum { | |||
191 | #ifndef __GNUC__ | 217 | #ifndef __GNUC__ |
192 | # define __attribute__(x) /* do nothing */ | 218 | # define __attribute__(x) /* do nothing */ |
193 | #endif | 219 | #endif |
220 | |||
221 | #endif /* _COMMON_H_ */ | ||
diff --git a/plugins/netutils.c b/plugins/netutils.c index 9539a7f..e3fbb3a 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c | |||
@@ -234,6 +234,54 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) | |||
234 | } | 234 | } |
235 | } | 235 | } |
236 | 236 | ||
237 | #ifdef HAVE_SSL | ||
238 | static SSL_CTX *c=NULL; | ||
239 | static SSL *s=NULL; | ||
240 | |||
241 | int np_net_ssl_init (int sd){ | ||
242 | SSL_METHOD *m=NULL; | ||
243 | /* Initialize SSL context */ | ||
244 | SSLeay_add_ssl_algorithms (); | ||
245 | m = SSLv23_client_method (); | ||
246 | SSL_load_error_strings (); | ||
247 | OpenSSL_add_all_algorithms(); | ||
248 | if ((c = SSL_CTX_new (m)) == NULL) { | ||
249 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
250 | return STATE_CRITICAL; | ||
251 | } | ||
252 | if ((s = SSL_new (c)) != NULL){ | ||
253 | SSL_set_fd (s, sd); | ||
254 | if (SSL_connect(s) == 1){ | ||
255 | return OK; | ||
256 | } else { | ||
257 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
258 | #ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | ||
259 | ERR_print_errors_fp (stdout); | ||
260 | #endif /* USE_OPENSSL */ | ||
261 | } | ||
262 | } else { | ||
263 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
264 | } | ||
265 | return STATE_CRITICAL; | ||
266 | } | ||
267 | |||
268 | void np_net_ssl_cleanup (){ | ||
269 | if(s){ | ||
270 | SSL_shutdown (s); | ||
271 | SSL_free (s); | ||
272 | if(c) SSL_CTX_free (c); | ||
273 | } | ||
274 | } | ||
275 | |||
276 | int np_net_ssl_write(const void *buf, int num){ | ||
277 | return SSL_write(s, buf, num); | ||
278 | } | ||
279 | |||
280 | int np_net_ssl_read(void *buf, int num){ | ||
281 | return SSL_read(s, buf, num); | ||
282 | } | ||
283 | |||
284 | #endif /* HAVE_SSL */ | ||
237 | 285 | ||
238 | int | 286 | int |
239 | send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) | 287 | send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) |
diff --git a/plugins/netutils.h b/plugins/netutils.h index 1a52eec..85b5aa9 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h | |||
@@ -32,7 +32,11 @@ | |||
32 | * | 32 | * |
33 | ******************************************************************************/ | 33 | ******************************************************************************/ |
34 | 34 | ||
35 | #ifndef _NETUTILS_H_ | ||
36 | #define _NETUTILS_H_ | ||
37 | |||
35 | #include "config.h" | 38 | #include "config.h" |
39 | #include "common.h" | ||
36 | #include <netinet/in.h> | 40 | #include <netinet/in.h> |
37 | #include <arpa/inet.h> | 41 | #include <arpa/inet.h> |
38 | 42 | ||
@@ -77,3 +81,14 @@ extern unsigned int socket_timeout; | |||
77 | extern int econn_refuse_state; | 81 | extern int econn_refuse_state; |
78 | extern int was_refused; | 82 | extern int was_refused; |
79 | extern int address_family; | 83 | extern int address_family; |
84 | |||
85 | /* SSL-Related functionality */ | ||
86 | #ifdef HAVE_SSL | ||
87 | /* maybe this could be merged with the above np_net_connect, via some flags */ | ||
88 | int np_net_ssl_init(int sd); | ||
89 | void np_net_ssl_cleanup(); | ||
90 | int np_net_ssl_write(const void *buf, int num); | ||
91 | int np_net_ssl_read(void *buf, int num); | ||
92 | #endif /* HAVE_SSL */ | ||
93 | |||
94 | #endif /* _NETUTILS_H_ */ | ||