diff options
| -rw-r--r-- | configure.in | 36 | ||||
| -rw-r--r-- | plugins/check_tcp.c | 42 |
2 files changed, 63 insertions, 15 deletions
diff --git a/configure.in b/configure.in index 86cb99f..7ae486c 100644 --- a/configure.in +++ b/configure.in | |||
| @@ -103,6 +103,7 @@ dnl Checks for programs. | |||
| 103 | AC_PATH_PROG(PYTHON,python) | 103 | AC_PATH_PROG(PYTHON,python) |
| 104 | AC_PATH_PROG(SH,sh) | 104 | AC_PATH_PROG(SH,sh) |
| 105 | AC_PATH_PROG(PERL,perl) | 105 | AC_PATH_PROG(PERL,perl) |
| 106 | AC_PATH_PROG(LIBGNUTLS_CONFIG,libgnutls-config) | ||
| 106 | 107 | ||
| 107 | dnl allow them to override the path of perl | 108 | dnl allow them to override the path of perl |
| 108 | AC_ARG_WITH(perl, | 109 | AC_ARG_WITH(perl, |
| @@ -111,6 +112,12 @@ AC_ARG_WITH(perl, | |||
| 111 | with_perl=$withval,with_perl=$PERL) | 112 | with_perl=$withval,with_perl=$PERL) |
| 112 | AC_SUBST(PERL, $with_perl) | 113 | AC_SUBST(PERL, $with_perl) |
| 113 | 114 | ||
| 115 | dnl allow for gnutls, if it exists, instead of openssl | ||
| 116 | AC_ARG_WITH(gnutls, | ||
| 117 | ACX_HELP_STRING([--with-gnutls=PATH], | ||
| 118 | [path to gnutls installation root]), | ||
| 119 | GNUTLS=$withval) | ||
| 120 | |||
| 114 | AC_PATH_PROG(HOSTNAME,hostname) | 121 | AC_PATH_PROG(HOSTNAME,hostname) |
| 115 | AC_PATH_PROG(BASENAME,basename) | 122 | AC_PATH_PROG(BASENAME,basename) |
| 116 | 123 | ||
| @@ -409,6 +416,7 @@ if test "$FOUNDINCLUDE" = "no"; then | |||
| 409 | CPPFLAGS="$_SAVEDCPPFLAGS" | 416 | CPPFLAGS="$_SAVEDCPPFLAGS" |
| 410 | fi | 417 | fi |
| 411 | 418 | ||
| 419 | |||
| 412 | dnl Check for OpenSSL location | 420 | dnl Check for OpenSSL location |
| 413 | AC_PATH_PROG(OPENSSL,openssl) | 421 | AC_PATH_PROG(OPENSSL,openssl) |
| 414 | if test "$OPENSSL" = "/usr/bin/openssl"; then | 422 | if test "$OPENSSL" = "/usr/bin/openssl"; then |
| @@ -478,18 +486,43 @@ else | |||
| 478 | fi | 486 | fi |
| 479 | fi | 487 | fi |
| 480 | 488 | ||
| 489 | dnl check for gnutls if openssl isn't found (or is disabled) | ||
| 490 | FOUNDGNUTLS="no" | ||
| 491 | if ! test "$FOUNDSSL" = "yes"; then | ||
| 492 | if test "$GNUTLS" = ""; then | ||
| 493 | CPPFLAGS="$CPPFLAGS -I$GNUTLS" | ||
| 494 | elif ! test "$LIBGNUTLS_CONFIG" = ""; then | ||
| 495 | CPPFLAGS="$CPPFLAGS -I`$LIBGNUTLS_CONFIG --prefix`" | ||
| 496 | fi | ||
| 497 | AC_CHECK_HEADERS([gnutls/openssl.h],FOUNDGNUTLS="yes",) | ||
| 498 | if test "$FOUNDGNUTLS" = "yes"; then | ||
| 499 | AC_CHECK_LIB(gnutls-openssl,main,SSLLIBS="-lgnutls-openssl") | ||
| 500 | FOUNDSSL="yes" | ||
| 501 | fi | ||
| 502 | fi | ||
| 503 | dnl end check for gnutls | ||
| 504 | |||
| 481 | if test "$FOUNDSSL" = "yes"; then | 505 | if test "$FOUNDSSL" = "yes"; then |
| 482 | check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp" | 506 | check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp" |
| 483 | AC_SUBST(check_tcp_ssl) | 507 | AC_SUBST(check_tcp_ssl) |
| 484 | AC_SUBST(SSLLIBS) | 508 | AC_SUBST(SSLLIBS) |
| 485 | AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) | 509 | AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) |
| 486 | with_openssl="yes" | 510 | if test "$FOUNDGNUTLS" = "no"; then |
| 511 | AC_DEFINE(USE_OPENSSL,1,[Define if using OpenSSL libraries]) | ||
| 512 | with_openssl="yes" | ||
| 513 | with_gnutls="no" | ||
| 514 | else | ||
| 515 | AC_DEFINE(USE_GNUTLS,1,[Define if using gnutls libraries]) | ||
| 516 | with_gnutls="yes" | ||
| 517 | with_openssl="no" | ||
| 518 | fi | ||
| 487 | else | 519 | else |
| 488 | if test "$FOUNDSSL" = "no"; then | 520 | if test "$FOUNDSSL" = "no"; then |
| 489 | AC_MSG_WARN([OpenSSL libs could not be found]) | 521 | AC_MSG_WARN([OpenSSL libs could not be found]) |
| 490 | dnl else deliberately disabled | 522 | dnl else deliberately disabled |
| 491 | fi | 523 | fi |
| 492 | with_openssl="no" | 524 | with_openssl="no" |
| 525 | with_gnutls="no" | ||
| 493 | CPPFLAGS="$_SAVEDCPPFLAGS" | 526 | CPPFLAGS="$_SAVEDCPPFLAGS" |
| 494 | LDFLAGS="$_SAVEDLDFLAGS" | 527 | LDFLAGS="$_SAVEDLDFLAGS" |
| 495 | fi | 528 | fi |
| @@ -1597,4 +1630,5 @@ ACX_FEATURE([with],[ping6-command]) | |||
| 1597 | ACX_FEATURE([with],[lwres]) | 1630 | ACX_FEATURE([with],[lwres]) |
| 1598 | ACX_FEATURE([with],[ipv6]) | 1631 | ACX_FEATURE([with],[ipv6]) |
| 1599 | ACX_FEATURE([with],[openssl]) | 1632 | ACX_FEATURE([with],[openssl]) |
| 1633 | ACX_FEATURE([with],[gnutls]) | ||
| 1600 | ACX_FEATURE([enable],[emulate-getaddrinfo]) | 1634 | ACX_FEATURE([enable],[emulate-getaddrinfo]) |
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index ad8b042..157588f 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
| @@ -28,21 +28,25 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
| 28 | #include "netutils.h" | 28 | #include "netutils.h" |
| 29 | #include "utils.h" | 29 | #include "utils.h" |
| 30 | 30 | ||
| 31 | #ifdef HAVE_SSL_H | 31 | #ifdef HAVE_GNUTLS_OPENSSL_H |
| 32 | # include <rsa.h> | 32 | # include <gnutls/openssl.h> |
| 33 | # include <crypto.h> | ||
| 34 | # include <x509.h> | ||
| 35 | # include <pem.h> | ||
| 36 | # include <ssl.h> | ||
| 37 | # include <err.h> | ||
| 38 | #else | 33 | #else |
| 39 | # ifdef HAVE_OPENSSL_SSL_H | 34 | # ifdef HAVE_SSL_H |
| 40 | # include <openssl/rsa.h> | 35 | # include <rsa.h> |
| 41 | # include <openssl/crypto.h> | 36 | # include <crypto.h> |
| 42 | # include <openssl/x509.h> | 37 | # include <x509.h> |
| 43 | # include <openssl/pem.h> | 38 | # include <pem.h> |
| 44 | # include <openssl/ssl.h> | 39 | # include <ssl.h> |
| 45 | # include <openssl/err.h> | 40 | # include <err.h> |
| 41 | # else | ||
| 42 | # ifdef HAVE_OPENSSL_SSL_H | ||
| 43 | # include <openssl/rsa.h> | ||
| 44 | # include <openssl/crypto.h> | ||
| 45 | # include <openssl/x509.h> | ||
| 46 | # include <openssl/pem.h> | ||
| 47 | # include <openssl/ssl.h> | ||
| 48 | # include <openssl/err.h> | ||
| 49 | # endif | ||
| 46 | # endif | 50 | # endif |
| 47 | #endif | 51 | #endif |
| 48 | 52 | ||
| @@ -54,7 +58,9 @@ static SSL_CTX *ctx; | |||
| 54 | static SSL *ssl; | 58 | static SSL *ssl; |
| 55 | static X509 *server_cert; | 59 | static X509 *server_cert; |
| 56 | static int connect_SSL (void); | 60 | static int connect_SSL (void); |
| 61 | # ifdef USE_OPENSSL | ||
| 57 | static int check_certificate (X509 **); | 62 | static int check_certificate (X509 **); |
| 63 | # endif /* USE_OPENSSL */ | ||
| 58 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 64 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) |
| 59 | #else | 65 | #else |
| 60 | # define my_recv(buf, len) read(sd, buf, len) | 66 | # define my_recv(buf, len) read(sd, buf, len) |
| @@ -231,6 +237,7 @@ main (int argc, char **argv) | |||
| 231 | if (flags & FLAG_SSL && check_cert == TRUE) { | 237 | if (flags & FLAG_SSL && check_cert == TRUE) { |
| 232 | if (connect_SSL () != OK) | 238 | if (connect_SSL () != OK) |
| 233 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 239 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); |
| 240 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | ||
| 234 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 241 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
| 235 | result = check_certificate (&server_cert); | 242 | result = check_certificate (&server_cert); |
| 236 | X509_free(server_cert); | 243 | X509_free(server_cert); |
| @@ -239,6 +246,7 @@ main (int argc, char **argv) | |||
| 239 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 246 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); |
| 240 | result = STATE_CRITICAL; | 247 | result = STATE_CRITICAL; |
| 241 | } | 248 | } |
| 249 | # endif /* USE_OPENSSL */ | ||
| 242 | 250 | ||
| 243 | SSL_shutdown (ssl); | 251 | SSL_shutdown (ssl); |
| 244 | SSL_free (ssl); | 252 | SSL_free (ssl); |
| @@ -563,12 +571,14 @@ process_arguments (int argc, char **argv) | |||
| 563 | break; | 571 | break; |
| 564 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ | 572 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ |
| 565 | #ifdef HAVE_SSL | 573 | #ifdef HAVE_SSL |
| 574 | # ifdef USE_OPENSSL /* XXX */ | ||
| 566 | if (!is_intnonneg (optarg)) | 575 | if (!is_intnonneg (optarg)) |
| 567 | usage2 (_("Invalid certificate expiration period"), optarg); | 576 | usage2 (_("Invalid certificate expiration period"), optarg); |
| 568 | days_till_exp = atoi (optarg); | 577 | days_till_exp = atoi (optarg); |
| 569 | check_cert = TRUE; | 578 | check_cert = TRUE; |
| 570 | flags |= FLAG_SSL; | 579 | flags |= FLAG_SSL; |
| 571 | break; | 580 | break; |
| 581 | # endif /* USE_OPENSSL */ | ||
| 572 | #endif | 582 | #endif |
| 573 | /* fallthrough if we don't have ssl */ | 583 | /* fallthrough if we don't have ssl */ |
| 574 | case 'S': | 584 | case 'S': |
| @@ -626,7 +636,9 @@ connect_SSL (void) | |||
| 626 | return OK; | 636 | return OK; |
| 627 | /* ERR_print_errors_fp (stderr); */ | 637 | /* ERR_print_errors_fp (stderr); */ |
| 628 | printf (_("CRITICAL - Cannot make SSL connection ")); | 638 | printf (_("CRITICAL - Cannot make SSL connection ")); |
| 639 | #ifdef USE_OPENSSL /* XXX */ | ||
| 629 | ERR_print_errors_fp (stdout); | 640 | ERR_print_errors_fp (stdout); |
| 641 | #endif /* USE_OPENSSL */ | ||
| 630 | /* printf("\n"); */ | 642 | /* printf("\n"); */ |
| 631 | } | 643 | } |
| 632 | else | 644 | else |
| @@ -642,6 +654,7 @@ connect_SSL (void) | |||
| 642 | return STATE_CRITICAL; | 654 | return STATE_CRITICAL; |
| 643 | } | 655 | } |
| 644 | 656 | ||
| 657 | #ifdef USE_OPENSSL /* XXX */ | ||
| 645 | static int | 658 | static int |
| 646 | check_certificate (X509 ** certificate) | 659 | check_certificate (X509 ** certificate) |
| 647 | { | 660 | { |
| @@ -715,6 +728,7 @@ check_certificate (X509 ** certificate) | |||
| 715 | 728 | ||
| 716 | return STATE_OK; | 729 | return STATE_OK; |
| 717 | } | 730 | } |
| 731 | # endif /* USE_OPENSSL */ | ||
| 718 | #endif /* HAVE_SSL */ | 732 | #endif /* HAVE_SSL */ |
| 719 | 733 | ||
| 720 | 734 | ||