diff options
author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-18 22:35:29 +0000 |
---|---|---|
committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-18 22:35:29 +0000 |
commit | 8611341fb989382545c0c934c700e027d9bbab15 (patch) | |
tree | f80a127bde75a42f3ba8071702bac6005b9ae2ef /plugins | |
parent | f4a198463ced6bb3ad8779a10146c88b91385fd2 (diff) | |
download | monitoring-plugins-8611341fb989382545c0c934c700e027d9bbab15.tar.gz |
initial "experimental" support for gnutls. by default openssl is still
used if available, and gnutls is only used if openssl is not available
or explicitly disabled (--without-openssl). currently the only plugin
i've verified to work is check_tcp, but i had to disable cert checking.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_tcp.c | 42 |
1 files changed, 28 insertions, 14 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index ad8b0429..157588fd 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -28,21 +28,25 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
28 | #include "netutils.h" | 28 | #include "netutils.h" |
29 | #include "utils.h" | 29 | #include "utils.h" |
30 | 30 | ||
31 | #ifdef HAVE_SSL_H | 31 | #ifdef HAVE_GNUTLS_OPENSSL_H |
32 | # include <rsa.h> | 32 | # include <gnutls/openssl.h> |
33 | # include <crypto.h> | ||
34 | # include <x509.h> | ||
35 | # include <pem.h> | ||
36 | # include <ssl.h> | ||
37 | # include <err.h> | ||
38 | #else | 33 | #else |
39 | # ifdef HAVE_OPENSSL_SSL_H | 34 | # ifdef HAVE_SSL_H |
40 | # include <openssl/rsa.h> | 35 | # include <rsa.h> |
41 | # include <openssl/crypto.h> | 36 | # include <crypto.h> |
42 | # include <openssl/x509.h> | 37 | # include <x509.h> |
43 | # include <openssl/pem.h> | 38 | # include <pem.h> |
44 | # include <openssl/ssl.h> | 39 | # include <ssl.h> |
45 | # include <openssl/err.h> | 40 | # include <err.h> |
41 | # else | ||
42 | # ifdef HAVE_OPENSSL_SSL_H | ||
43 | # include <openssl/rsa.h> | ||
44 | # include <openssl/crypto.h> | ||
45 | # include <openssl/x509.h> | ||
46 | # include <openssl/pem.h> | ||
47 | # include <openssl/ssl.h> | ||
48 | # include <openssl/err.h> | ||
49 | # endif | ||
46 | # endif | 50 | # endif |
47 | #endif | 51 | #endif |
48 | 52 | ||
@@ -54,7 +58,9 @@ static SSL_CTX *ctx; | |||
54 | static SSL *ssl; | 58 | static SSL *ssl; |
55 | static X509 *server_cert; | 59 | static X509 *server_cert; |
56 | static int connect_SSL (void); | 60 | static int connect_SSL (void); |
61 | # ifdef USE_OPENSSL | ||
57 | static int check_certificate (X509 **); | 62 | static int check_certificate (X509 **); |
63 | # endif /* USE_OPENSSL */ | ||
58 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 64 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) |
59 | #else | 65 | #else |
60 | # define my_recv(buf, len) read(sd, buf, len) | 66 | # define my_recv(buf, len) read(sd, buf, len) |
@@ -231,6 +237,7 @@ main (int argc, char **argv) | |||
231 | if (flags & FLAG_SSL && check_cert == TRUE) { | 237 | if (flags & FLAG_SSL && check_cert == TRUE) { |
232 | if (connect_SSL () != OK) | 238 | if (connect_SSL () != OK) |
233 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 239 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); |
240 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | ||
234 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 241 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
235 | result = check_certificate (&server_cert); | 242 | result = check_certificate (&server_cert); |
236 | X509_free(server_cert); | 243 | X509_free(server_cert); |
@@ -239,6 +246,7 @@ main (int argc, char **argv) | |||
239 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 246 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); |
240 | result = STATE_CRITICAL; | 247 | result = STATE_CRITICAL; |
241 | } | 248 | } |
249 | # endif /* USE_OPENSSL */ | ||
242 | 250 | ||
243 | SSL_shutdown (ssl); | 251 | SSL_shutdown (ssl); |
244 | SSL_free (ssl); | 252 | SSL_free (ssl); |
@@ -563,12 +571,14 @@ process_arguments (int argc, char **argv) | |||
563 | break; | 571 | break; |
564 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ | 572 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ |
565 | #ifdef HAVE_SSL | 573 | #ifdef HAVE_SSL |
574 | # ifdef USE_OPENSSL /* XXX */ | ||
566 | if (!is_intnonneg (optarg)) | 575 | if (!is_intnonneg (optarg)) |
567 | usage2 (_("Invalid certificate expiration period"), optarg); | 576 | usage2 (_("Invalid certificate expiration period"), optarg); |
568 | days_till_exp = atoi (optarg); | 577 | days_till_exp = atoi (optarg); |
569 | check_cert = TRUE; | 578 | check_cert = TRUE; |
570 | flags |= FLAG_SSL; | 579 | flags |= FLAG_SSL; |
571 | break; | 580 | break; |
581 | # endif /* USE_OPENSSL */ | ||
572 | #endif | 582 | #endif |
573 | /* fallthrough if we don't have ssl */ | 583 | /* fallthrough if we don't have ssl */ |
574 | case 'S': | 584 | case 'S': |
@@ -626,7 +636,9 @@ connect_SSL (void) | |||
626 | return OK; | 636 | return OK; |
627 | /* ERR_print_errors_fp (stderr); */ | 637 | /* ERR_print_errors_fp (stderr); */ |
628 | printf (_("CRITICAL - Cannot make SSL connection ")); | 638 | printf (_("CRITICAL - Cannot make SSL connection ")); |
639 | #ifdef USE_OPENSSL /* XXX */ | ||
629 | ERR_print_errors_fp (stdout); | 640 | ERR_print_errors_fp (stdout); |
641 | #endif /* USE_OPENSSL */ | ||
630 | /* printf("\n"); */ | 642 | /* printf("\n"); */ |
631 | } | 643 | } |
632 | else | 644 | else |
@@ -642,6 +654,7 @@ connect_SSL (void) | |||
642 | return STATE_CRITICAL; | 654 | return STATE_CRITICAL; |
643 | } | 655 | } |
644 | 656 | ||
657 | #ifdef USE_OPENSSL /* XXX */ | ||
645 | static int | 658 | static int |
646 | check_certificate (X509 ** certificate) | 659 | check_certificate (X509 ** certificate) |
647 | { | 660 | { |
@@ -715,6 +728,7 @@ check_certificate (X509 ** certificate) | |||
715 | 728 | ||
716 | return STATE_OK; | 729 | return STATE_OK; |
717 | } | 730 | } |
731 | # endif /* USE_OPENSSL */ | ||
718 | #endif /* HAVE_SSL */ | 732 | #endif /* HAVE_SSL */ |
719 | 733 | ||
720 | 734 | ||