9 files changed, 151 insertions, 128 deletions
diff --git a/configure.in b/configure.in
index 7ae486c..383f178 100644
--- a/configure.in
+++ b/configure.in
@@ -488,7 +488,7 @@ fi
 dnl check for gnutls if openssl isn't found (or is disabled)
 FOUNDGNUTLS="no"
-if ! test "$FOUNDSSL" = "yes"; then
+if ! test "$FOUNDSSL" = "yes" && ! test "$with_gnutls" = "no"; then
        if test "$GNUTLS" = ""; then
                CPPFLAGS="$CPPFLAGS -I$GNUTLS"
        elif ! test "$LIBGNUTLS_CONFIG" = ""; then
diff --git a/plugins-root/Makefile.am b/plugins-root/Makefile.am
index 81679d5..54e91b0 100644
--- a/plugins-root/Makefile.am
+++ b/plugins-root/Makefile.am
@@ -2,12 +2,12 @@
 VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t 
-INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins
+INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins @SSLINCLUDE@
 datadir = @datadir@
 localedir = $(datadir)/locale
 DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
-LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@
+LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@
 EXTRA_PROGRAMS = check_dhcp check_icmp
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 6b7de7e..beefb32 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -2,12 +2,12 @@
 VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t 
-INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ 
+INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ @SSLINCLUDE@
 datadir = @datadir@
 localedir = $(datadir)/locale
 DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
-LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@
+LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@ 
 MATHLIBS = @MATHLIBS@
 libexec_PROGRAMS = check_disk check_dummy check_http check_load \
@@ -51,7 +51,7 @@ check_dns_LDADD = $(NETLIBS) popen.o
 check_dummy_LDADD = $(BASEOBJS)
 check_fping_LDADD = $(NETLIBS) popen.o
 check_game_LDADD = $(BASEOBJS) popen.o
-check_http_LDADD = $(NETLIBS) $(SSLLIBS)
+check_http_LDADD = $(NETLIBS)
 check_hpjd_LDADD = $(NETLIBS) popen.o
 check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
 check_load_LDADD = $(BASEOBJS) popen.o
@@ -68,10 +68,10 @@ check_procs_LDADD = $(BASEOBJS) popen.o
 check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)
 check_real_LDADD = $(NETLIBS)
 check_snmp_LDADD = $(BASEOBJS) popen.o
-check_smtp_LDADD = $(NETLIBS) $(SSLLIBS)
+check_smtp_LDADD = $(NETLIBS) 
 check_ssh_LDADD = $(NETLIBS)
 check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o
-check_tcp_LDADD = $(NETLIBS) $(SSLLIBS)
+check_tcp_LDADD = $(NETLIBS)
 check_time_LDADD = $(NETLIBS)
 check_udp_LDADD = $(NETLIBS)
 check_ups_LDADD = $(NETLIBS)
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 35b2cca..d47f5ce 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -65,7 +65,9 @@ SSL_CTX *ctx;
 SSL *ssl;
 X509 *server_cert;
 int connect_SSL (void);
+#  ifdef USE_OPENSSL
 int check_certificate (X509 **);
+#  endif
 #endif
 int no_body = FALSE;
 int maximum_age = -1;
@@ -166,7 +168,7 @@ main (int argc, char **argv)
        (void) alarm (socket_timeout);
        gettimeofday (&tv, NULL);
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
        if (use_ssl && check_cert == TRUE) {
                if (connect_SSL () != OK)
                        die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n"));
@@ -305,7 +307,7 @@ process_arguments (int argc, char **argv)
                                server_port = HTTPS_PORT;
                        break;
                case 'C': /* Check SSL cert validity */
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
                        if (!is_intnonneg (optarg))
                                usage2 (_("Invalid certificate expiration period"), optarg);
                        else {
@@ -799,10 +801,11 @@ check_http (void)
                if (connect_SSL () != OK) {
                        die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
                }
+#ifdef USE_OPENSSL
                if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
                        X509_free (server_cert);
                }
+#endif
                else {
                        printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
                        return STATE_CRITICAL;
@@ -857,7 +860,9 @@ check_http (void)
 #ifdef HAVE_SSL
        if (use_ssl == TRUE) {
                if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {
+#  ifdef USE_OPENSSL
                        ERR_print_errors_fp (stderr);
+#  endif
                        return STATE_CRITICAL;
                }
        }
@@ -1278,11 +1283,15 @@ int connect_SSL (void)
        if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
                /* Do the SSL handshake */
                if ((ssl = SSL_new (ctx)) != NULL) {
+#ifdef USE_OPENSSL
                        SSL_set_cipher_list(ssl, "ALL");
+#endif
                        SSL_set_fd (ssl, sd);
                        if (SSL_connect (ssl) != -1)
                                return OK;
+#ifdef USE_OPENSSL
                        ERR_print_errors_fp (stderr);
+#endif
                }
                else {
                        printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
@@ -1299,7 +1308,7 @@ int connect_SSL (void)
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
 int
 check_certificate (X509 ** certificate)
 {
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 3bb6a32..19e9aea 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -53,7 +53,9 @@ SSL_CTX *ctx;
 SSL *ssl;
 X509 *server_cert;
 int connect_STARTTLS (void);
+#  ifdef USE_OPENSSL
 int check_certificate (X509 **);
+#  endif
 #endif
 enum {
@@ -241,6 +243,7 @@ main (int argc, char **argv)
                  } else {
                        ssl_established = TRUE;
                  }
+#  ifdef USE_OPENSSL
                  if ( check_cert ) {
                    if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
                      result = check_certificate (&server_cert);
@@ -254,6 +257,7 @@ main (int argc, char **argv)
                    my_close();
                    return result;
                  }
+#  endif /* USE_OPENSSL */
                }
 #endif
                                
@@ -491,7 +495,7 @@ process_arguments (int argc, char **argv)
                        break;
                case 'D':
                /* Check SSL cert validity */
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
                        if (!is_intnonneg (optarg))
                                usage2 ("Invalid certificate expiration period",optarg);
                                days_till_exp = atoi (optarg);
@@ -645,7 +649,9 @@ connect_STARTTLS (void)
         I look for success instead (1) */
      if (SSL_connect (ssl) == 1)
        return OK;
+#  ifdef USE_OPENSSL
      ERR_print_errors_fp (stderr);
+#  endif
    }
  else
    {
@@ -656,6 +662,7 @@ connect_STARTTLS (void)
  return STATE_CRITICAL;
 }
+#  ifdef USE_OPENSSL
 int
 check_certificate (X509 ** certificate)
 {
@@ -728,6 +735,7 @@ check_certificate (X509 ** certificate)
  
  return STATE_OK;  
 }
+#  endif /* USE_OPENSSL */
 #endif
 int
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 157588f..3ffa4cd 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #include "netutils.h"
 #include "utils.h"
-#ifdef HAVE_GNUTLS_OPENSSL_H
-#  include <gnutls/openssl.h>
-#else
-#  ifdef HAVE_SSL_H
-#    include <rsa.h>
-#    include <crypto.h>
-#    include <x509.h>
-#    include <pem.h>
-#    include <ssl.h>
-#    include <err.h>
-#  else
-#    ifdef HAVE_OPENSSL_SSL_H
-#      include <openssl/rsa.h>
-#      include <openssl/crypto.h>
-#      include <openssl/x509.h>
-#      include <openssl/pem.h>
-#      include <openssl/ssl.h>
-#      include <openssl/err.h>
-#    endif
-#  endif
-#endif
 #ifdef HAVE_SSL
 static int check_cert = FALSE;
 static int days_till_exp;
 static char *randbuff = "";
-static SSL_CTX *ctx;
-static SSL *ssl;
 static X509 *server_cert;
-static int connect_SSL (void);
 # ifdef USE_OPENSSL
 static int check_certificate (X509 **);
 # endif /* USE_OPENSSL */
-# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))
+# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
 #else
 # define my_recv(buf, len) read(sd, buf, len)
+# define my_send(buf, len) send(sd, buf, len, 0)
 #endif
@@ -233,11 +210,21 @@ main (int argc, char **argv)
        /* try to connect to the host at the given port number */
        gettimeofday (&tv, NULL);
+        result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
+        if (result == STATE_CRITICAL) return STATE_CRITICAL;
 #ifdef HAVE_SSL
-        if (flags & FLAG_SSL && check_cert == TRUE) {
+        if (flags & FLAG_SSL){
-                if (connect_SSL () != OK)
+                result = np_net_ssl_init(sd);
+                if(result != STATE_OK) return result;
+                /* XXX does np_net_ssl take care of printing an error?
                        die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
+                */
+        }
 #  ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
+        /*
+        if (flags & FLAG_SSL && check_cert == TRUE) {
                if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
                        result = check_certificate (&server_cert);
                        X509_free(server_cert);
@@ -246,30 +233,21 @@ main (int argc, char **argv)
                        printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
                        result = STATE_CRITICAL;
                }
+        }
+        */
 #  endif /* USE_OPENSSL */
+#endif
-                SSL_shutdown (ssl);
+        if(result != STATE_OK){
-                SSL_free (ssl);
+#ifdef HAVE_SSL
-                SSL_CTX_free (ctx);
+                np_net_ssl_cleanup();
-                close (sd);
+#endif
+                if(sd) close(sd);
                return result;
        }
-        else if (flags & FLAG_SSL)
-                result = connect_SSL ();
-        else
-#endif
-                result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
-        if (result == STATE_CRITICAL)
-                return STATE_CRITICAL;
        if (server_send != NULL) {              /* Something to send? */
-#ifdef HAVE_SSL
+                my_send(server_send, strlen(server_send));
-                if (flags & FLAG_SSL)
-                        SSL_write(ssl, server_send, (int)strlen(server_send));
-                else
-#endif
-                        send (sd, server_send, strlen(server_send), 0);
        }
        if (delay > 0) {
@@ -332,21 +310,12 @@ main (int argc, char **argv)
        }
        if (server_quit != NULL) {
-#ifdef HAVE_SSL
+                my_send(server_quit, strlen(server_quit));
-                if (flags & FLAG_SSL) {
-                        SSL_write (ssl, server_quit, (int)strlen(server_quit));
-                        SSL_shutdown (ssl);
-                        SSL_free (ssl);
-                        SSL_CTX_free (ctx);
-                }
-                else
-#endif
-                        send (sd, server_quit, strlen (server_quit), 0);
        }
+#ifdef HAVE_SSL
-        /* close the connection */
+        np_net_ssl_cleanup();
-        if (sd)
+#endif 
-                close (sd);
+        if (sd) close (sd);
        microsec = deltime (tv);
        elapsed_time = (double)microsec / 1.0e6;
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv)
 /* SSL-specific functions */
 #ifdef HAVE_SSL
-static int
+#  ifdef USE_OPENSSL /* XXX */
-connect_SSL (void)
-{
-  SSL_METHOD *meth;
-  /* Initialize SSL context */
-  SSLeay_add_ssl_algorithms ();
-  meth = SSLv23_client_method ();
-  SSL_load_error_strings ();
-  OpenSSL_add_all_algorithms();
-  if ((ctx = SSL_CTX_new (meth)) == NULL)
-    {
-      printf (_("CRITICAL - Cannot create SSL context.\n"));
-      return STATE_CRITICAL;
-    }
-  /* Initialize alarm signal handling */
-  signal (SIGALRM, socket_timeout_alarm_handler);
-  /* Set socket timeout */
-  alarm (socket_timeout);
-  /* Save start time */
-  time (&start_time);
-  /* Make TCP connection */
-  if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE)
-    {
-    /* Do the SSL handshake */
-      if ((ssl = SSL_new (ctx)) != NULL)
-      {
-        SSL_set_fd (ssl, sd);
-        if (SSL_connect(ssl) == 1)
-          return OK;
-        /* ERR_print_errors_fp (stderr); */
-        printf (_("CRITICAL - Cannot make  SSL connection "));
-#ifdef USE_OPENSSL /* XXX */
-        ERR_print_errors_fp (stdout);
-#endif /* USE_OPENSSL */
-        /* printf("\n"); */
-      }
-      else
-      {
-        printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
-      }
-      SSL_free (ssl);
-    }
-  SSL_CTX_free (ctx);
-  close (sd);
-  return STATE_CRITICAL;
-}
-#ifdef USE_OPENSSL /* XXX */
 static int
 check_certificate (X509 ** certificate)
 {
diff --git a/plugins/common.h b/plugins/common.h
index e10586b..5eac63e 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -32,6 +32,9 @@
 *
 *****************************************************************************/
+#ifndef _COMMON_H_
+#define _COMMON_H_
 #include "config.h"
 #ifdef HAVE_FEATURES_H
@@ -146,6 +149,29 @@ int snprintf(char *str, size_t size, const  char  *format, ...);
 int vsnprintf(char *str, size_t size, const char  *format, va_list ap);
 #endif
+/* SSL implementations */
+#ifdef HAVE_GNUTLS_OPENSSL_H
+#  include <gnutls/openssl.h>
+#else
+#  ifdef HAVE_SSL_H
+#    include <rsa.h>
+#    include <crypto.h>
+#    include <x509.h>
+#    include <pem.h>
+#    include <ssl.h>
+#    include <err.h>
+#  else
+#    ifdef HAVE_OPENSSL_SSL_H
+#      include <openssl/rsa.h>
+#      include <openssl/crypto.h>
+#      include <openssl/x509.h>
+#      include <openssl/pem.h>
+#      include <openssl/ssl.h>
+#      include <openssl/err.h>
+#    endif
+#  endif
+#endif
 /*
 *
 * Standard Values
@@ -191,3 +217,5 @@ enum {
 #ifndef __GNUC__
 # define __attribute__(x) /* do nothing */
 #endif
+#endif /* _COMMON_H_ */
diff --git a/plugins/netutils.c b/plugins/netutils.c
index 9539a7f..e3fbb3a 100644
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -234,6 +234,54 @@ np_net_connect (const char *host_name, int port, int *sd, int proto)
        }
 }
+#ifdef HAVE_SSL
+static SSL_CTX *c=NULL;
+static SSL *s=NULL;
+int np_net_ssl_init (int sd){
+                SSL_METHOD *m=NULL;
+                /* Initialize SSL context */
+                SSLeay_add_ssl_algorithms ();
+                m = SSLv23_client_method ();
+                SSL_load_error_strings ();
+                OpenSSL_add_all_algorithms();
+                if ((c = SSL_CTX_new (m)) == NULL) {
+                                printf (_("CRITICAL - Cannot create SSL context.\n"));
+                                return STATE_CRITICAL;
+                }
+                if ((s = SSL_new (c)) != NULL){
+                                SSL_set_fd (s, sd);
+                                if (SSL_connect(s) == 1){
+                                                return OK;
+                                } else {
+                                                printf (_("CRITICAL - Cannot make SSL connection "));
+#ifdef USE_OPENSSL /* XXX look into ERR_error_string */
+                                                ERR_print_errors_fp (stdout);
+#endif /* USE_OPENSSL */
+                                }
+                } else {
+                                printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
+                }
+                return STATE_CRITICAL;
+}
+void np_net_ssl_cleanup (){
+                if(s){
+                                SSL_shutdown (s);
+                                SSL_free (s);
+                                if(c) SSL_CTX_free (c);
+                }
+}
+int np_net_ssl_write(const void *buf, int num){
+        return SSL_write(s, buf, num);
+}
+int np_net_ssl_read(void *buf, int num){
+        return SSL_read(s, buf, num);
+}
+#endif /* HAVE_SSL */
 int
 send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size)
diff --git a/plugins/netutils.h b/plugins/netutils.h
index 1a52eec..85b5aa9 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -32,7 +32,11 @@
 *
 ******************************************************************************/
+#ifndef _NETUTILS_H_
+#define _NETUTILS_H_
 #include "config.h"
+#include "common.h"
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -77,3 +81,14 @@ extern unsigned int socket_timeout;
 extern int econn_refuse_state;
 extern int was_refused;
 extern int address_family;
+/* SSL-Related functionality */
+#ifdef HAVE_SSL
+/* maybe this could be merged with the above np_net_connect, via some flags */
+int np_net_ssl_init(int sd);
+void np_net_ssl_cleanup();
+int np_net_ssl_write(const void *buf, int num);
+int np_net_ssl_read(void *buf, int num);
+#endif /* HAVE_SSL */
+#endif /* _NETUTILS_H_ */

diff --git a/configure.in b/configure.in index 7ae486c..383f178 100644 --- a/configure.in +++ b/configure.in
@@ -488,7 +488,7 @@ fi
488		488
489	dnl check for gnutls if openssl isn't found (or is disabled)	489	dnl check for gnutls if openssl isn't found (or is disabled)
490	FOUNDGNUTLS="no"	490	FOUNDGNUTLS="no"
491	if ! test "$FOUNDSSL" = "yes"; then	491	if ! test "$FOUNDSSL" = "yes" && ! test "$with_gnutls" = "no"; then
492	if test "$GNUTLS" = ""; then	492	if test "$GNUTLS" = ""; then
493	CPPFLAGS="$CPPFLAGS -I$GNUTLS"	493	CPPFLAGS="$CPPFLAGS -I$GNUTLS"
494	elif ! test "$LIBGNUTLS_CONFIG" = ""; then	494	elif ! test "$LIBGNUTLS_CONFIG" = ""; then


diff --git a/plugins-root/Makefile.am b/plugins-root/Makefile.am index 81679d5..54e91b0 100644 --- a/plugins-root/Makefile.am +++ b/plugins-root/Makefile.am
@@ -2,12 +2,12 @@
2		2
3	VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t	3	VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t
4		4
5	INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins	5	INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins @SSLINCLUDE@
6		6
7	datadir = @datadir@	7	datadir = @datadir@
8	localedir = $(datadir)/locale	8	localedir = $(datadir)/locale
9	DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@	9	DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
10	LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@	10	LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@
11		11
12	EXTRA_PROGRAMS = check_dhcp check_icmp	12	EXTRA_PROGRAMS = check_dhcp check_icmp
13		13


diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 6b7de7e..beefb32 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am
@@ -2,12 +2,12 @@
2		2
3	VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t	3	VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t
4		4
5	INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@	5	INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ @SSLINCLUDE@
6		6
7	datadir = @datadir@	7	datadir = @datadir@
8	localedir = $(datadir)/locale	8	localedir = $(datadir)/locale
9	DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@	9	DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
10	LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@	10	LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@
11	MATHLIBS = @MATHLIBS@	11	MATHLIBS = @MATHLIBS@
12		12
13	libexec_PROGRAMS = check_disk check_dummy check_http check_load \	13	libexec_PROGRAMS = check_disk check_dummy check_http check_load \
@@ -51,7 +51,7 @@ check_dns_LDADD = $(NETLIBS) popen.o
51	check_dummy_LDADD = $(BASEOBJS)	51	check_dummy_LDADD = $(BASEOBJS)
52	check_fping_LDADD = $(NETLIBS) popen.o	52	check_fping_LDADD = $(NETLIBS) popen.o
53	check_game_LDADD = $(BASEOBJS) popen.o	53	check_game_LDADD = $(BASEOBJS) popen.o
54	check_http_LDADD = $(NETLIBS) $(SSLLIBS)	54	check_http_LDADD = $(NETLIBS)
55	check_hpjd_LDADD = $(NETLIBS) popen.o	55	check_hpjd_LDADD = $(NETLIBS) popen.o
56	check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)	56	check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
57	check_load_LDADD = $(BASEOBJS) popen.o	57	check_load_LDADD = $(BASEOBJS) popen.o
@@ -68,10 +68,10 @@ check_procs_LDADD = $(BASEOBJS) popen.o
68	check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)	68	check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)
69	check_real_LDADD = $(NETLIBS)	69	check_real_LDADD = $(NETLIBS)
70	check_snmp_LDADD = $(BASEOBJS) popen.o	70	check_snmp_LDADD = $(BASEOBJS) popen.o
71	check_smtp_LDADD = $(NETLIBS) $(SSLLIBS)	71	check_smtp_LDADD = $(NETLIBS)
72	check_ssh_LDADD = $(NETLIBS)	72	check_ssh_LDADD = $(NETLIBS)
73	check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o	73	check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o
74	check_tcp_LDADD = $(NETLIBS) $(SSLLIBS)	74	check_tcp_LDADD = $(NETLIBS)
75	check_time_LDADD = $(NETLIBS)	75	check_time_LDADD = $(NETLIBS)
76	check_udp_LDADD = $(NETLIBS)	76	check_udp_LDADD = $(NETLIBS)
77	check_ups_LDADD = $(NETLIBS)	77	check_ups_LDADD = $(NETLIBS)


diff --git a/plugins/check_http.c b/plugins/check_http.c index 35b2cca..d47f5ce 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c
@@ -65,7 +65,9 @@ SSL_CTX *ctx;
65	SSL *ssl;	65	SSL *ssl;
66	X509 *server_cert;	66	X509 *server_cert;
67	int connect_SSL (void);	67	int connect_SSL (void);
		68	# ifdef USE_OPENSSL
68	int check_certificate (X509 **);	69	int check_certificate (X509 **);
		70	# endif
69	#endif	71	#endif
70	int no_body = FALSE;	72	int no_body = FALSE;
71	int maximum_age = -1;	73	int maximum_age = -1;
@@ -166,7 +168,7 @@ main (int argc, char **argv)
166	(void) alarm (socket_timeout);	168	(void) alarm (socket_timeout);
167	gettimeofday (&tv, NULL);	169	gettimeofday (&tv, NULL);
168		170
169	#ifdef HAVE_SSL	171	#ifdef USE_OPENSSL
170	if (use_ssl && check_cert == TRUE) {	172	if (use_ssl && check_cert == TRUE) {
171	if (connect_SSL () != OK)	173	if (connect_SSL () != OK)
172	die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n"));	174	die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n"));
@@ -305,7 +307,7 @@ process_arguments (int argc, char **argv)
305	server_port = HTTPS_PORT;	307	server_port = HTTPS_PORT;
306	break;	308	break;
307	case 'C': /* Check SSL cert validity */	309	case 'C': /* Check SSL cert validity */
308	#ifdef HAVE_SSL	310	#ifdef USE_OPENSSL
309	if (!is_intnonneg (optarg))	311	if (!is_intnonneg (optarg))
310	usage2 (_("Invalid certificate expiration period"), optarg);	312	usage2 (_("Invalid certificate expiration period"), optarg);
311	else {	313	else {
@@ -799,10 +801,11 @@ check_http (void)
799	if (connect_SSL () != OK) {	801	if (connect_SSL () != OK) {
800	die (STATE_CRITICAL, _("Unable to open TCP socket\n"));	802	die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
801	}	803	}
802		804	#ifdef USE_OPENSSL
803	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {	805	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
804	X509_free (server_cert);	806	X509_free (server_cert);
805	}	807	}
		808	#endif
806	else {	809	else {
807	printf (_("CRITICAL - Cannot retrieve server certificate.\n"));	810	printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
808	return STATE_CRITICAL;	811	return STATE_CRITICAL;
@@ -857,7 +860,9 @@ check_http (void)
857	#ifdef HAVE_SSL	860	#ifdef HAVE_SSL
858	if (use_ssl == TRUE) {	861	if (use_ssl == TRUE) {
859	if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {	862	if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {
		863	# ifdef USE_OPENSSL
860	ERR_print_errors_fp (stderr);	864	ERR_print_errors_fp (stderr);
		865	# endif
861	return STATE_CRITICAL;	866	return STATE_CRITICAL;
862	}	867	}
863	}	868	}
@@ -1278,11 +1283,15 @@ int connect_SSL (void)
1278	if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {	1283	if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
1279	/* Do the SSL handshake */	1284	/* Do the SSL handshake */
1280	if ((ssl = SSL_new (ctx)) != NULL) {	1285	if ((ssl = SSL_new (ctx)) != NULL) {
		1286	#ifdef USE_OPENSSL
1281	SSL_set_cipher_list(ssl, "ALL");	1287	SSL_set_cipher_list(ssl, "ALL");
		1288	#endif
1282	SSL_set_fd (ssl, sd);	1289	SSL_set_fd (ssl, sd);
1283	if (SSL_connect (ssl) != -1)	1290	if (SSL_connect (ssl) != -1)
1284	return OK;	1291	return OK;
		1292	#ifdef USE_OPENSSL
1285	ERR_print_errors_fp (stderr);	1293	ERR_print_errors_fp (stderr);
		1294	#endif
1286	}	1295	}
1287	else {	1296	else {
1288	printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));	1297	printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
@@ -1299,7 +1308,7 @@ int connect_SSL (void)
1299		1308
1300		1309
1301		1310
1302	#ifdef HAVE_SSL	1311	#ifdef USE_OPENSSL
1303	int	1312	int
1304	check_certificate (X509 ** certificate)	1313	check_certificate (X509 ** certificate)
1305	{	1314	{


diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 3bb6a32..19e9aea 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c
@@ -53,7 +53,9 @@ SSL_CTX *ctx;
53	SSL *ssl;	53	SSL *ssl;
54	X509 *server_cert;	54	X509 *server_cert;
55	int connect_STARTTLS (void);	55	int connect_STARTTLS (void);
		56	# ifdef USE_OPENSSL
56	int check_certificate (X509 **);	57	int check_certificate (X509 **);
		58	# endif
57	#endif	59	#endif
58		60
59	enum {	61	enum {
@@ -241,6 +243,7 @@ main (int argc, char **argv)
241	} else {	243	} else {
242	ssl_established = TRUE;	244	ssl_established = TRUE;
243	}	245	}
		246	# ifdef USE_OPENSSL
244	if ( check_cert ) {	247	if ( check_cert ) {
245	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {	248	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
246	result = check_certificate (&server_cert);	249	result = check_certificate (&server_cert);
@@ -254,6 +257,7 @@ main (int argc, char **argv)
254	my_close();	257	my_close();
255	return result;	258	return result;
256	}	259	}
		260	# endif /* USE_OPENSSL */
257	}	261	}
258	#endif	262	#endif
259		263
@@ -491,7 +495,7 @@ process_arguments (int argc, char **argv)
491	break;	495	break;
492	case 'D':	496	case 'D':
493	/* Check SSL cert validity */	497	/* Check SSL cert validity */
494	#ifdef HAVE_SSL	498	#ifdef USE_OPENSSL
495	if (!is_intnonneg (optarg))	499	if (!is_intnonneg (optarg))
496	usage2 ("Invalid certificate expiration period",optarg);	500	usage2 ("Invalid certificate expiration period",optarg);
497	days_till_exp = atoi (optarg);	501	days_till_exp = atoi (optarg);
@@ -645,7 +649,9 @@ connect_STARTTLS (void)
645	I look for success instead (1) */	649	I look for success instead (1) */
646	if (SSL_connect (ssl) == 1)	650	if (SSL_connect (ssl) == 1)
647	return OK;	651	return OK;
		652	# ifdef USE_OPENSSL
648	ERR_print_errors_fp (stderr);	653	ERR_print_errors_fp (stderr);
		654	# endif
649	}	655	}
650	else	656	else
651	{	657	{
@@ -656,6 +662,7 @@ connect_STARTTLS (void)
656	return STATE_CRITICAL;	662	return STATE_CRITICAL;
657	}	663	}
658		664
		665	# ifdef USE_OPENSSL
659	int	666	int
660	check_certificate (X509 ** certificate)	667	check_certificate (X509 ** certificate)
661	{	668	{
@@ -728,6 +735,7 @@ check_certificate (X509 ** certificate)
728		735
729	return STATE_OK;	736	return STATE_OK;
730	}	737	}
		738	# endif /* USE_OPENSSL */
731	#endif	739	#endif
732		740
733	int	741	int


diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 157588f..3ffa4cd 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
28	#include "netutils.h"	28	#include "netutils.h"
29	#include "utils.h"	29	#include "utils.h"
30		30
31	#ifdef HAVE_GNUTLS_OPENSSL_H
32	# include <gnutls/openssl.h>
33	#else
34	# ifdef HAVE_SSL_H
35	# include <rsa.h>
36	# include <crypto.h>
37	# include <x509.h>
38	# include <pem.h>
39	# include <ssl.h>
40	# include <err.h>
41	# else
42	# ifdef HAVE_OPENSSL_SSL_H
43	# include <openssl/rsa.h>
44	# include <openssl/crypto.h>
45	# include <openssl/x509.h>
46	# include <openssl/pem.h>
47	# include <openssl/ssl.h>
48	# include <openssl/err.h>
49	# endif
50	# endif
51	#endif
52
53	#ifdef HAVE_SSL	31	#ifdef HAVE_SSL
54	static int check_cert = FALSE;	32	static int check_cert = FALSE;
55	static int days_till_exp;	33	static int days_till_exp;
56	static char *randbuff = "";	34	static char *randbuff = "";
57	static SSL_CTX *ctx;
58	static SSL *ssl;
59	static X509 *server_cert;	35	static X509 *server_cert;
60	static int connect_SSL (void);
61	# ifdef USE_OPENSSL	36	# ifdef USE_OPENSSL
62	static int check_certificate (X509 **);	37	static int check_certificate (X509 **);
63	# endif /* USE_OPENSSL */	38	# endif /* USE_OPENSSL */
64	# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))	39	# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
		40	# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
65	#else	41	#else
66	# define my_recv(buf, len) read(sd, buf, len)	42	# define my_recv(buf, len) read(sd, buf, len)
		43	# define my_send(buf, len) send(sd, buf, len, 0)
67	#endif	44	#endif
68		45
69		46
@@ -233,11 +210,21 @@ main (int argc, char **argv)
233		210
234	/* try to connect to the host at the given port number */	211	/* try to connect to the host at the given port number */
235	gettimeofday (&tv, NULL);	212	gettimeofday (&tv, NULL);
		213
		214	result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
		215	if (result == STATE_CRITICAL) return STATE_CRITICAL;
		216
236	#ifdef HAVE_SSL	217	#ifdef HAVE_SSL
237	if (flags & FLAG_SSL && check_cert == TRUE) {	218	if (flags & FLAG_SSL){
238	if (connect_SSL () != OK)	219	result = np_net_ssl_init(sd);
		220	if(result != STATE_OK) return result;
		221	/* XXX does np_net_ssl take care of printing an error?
239	die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));	222	die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
		223	*/
		224	}
240	# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */	225	# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
		226	/*
		227	if (flags & FLAG_SSL && check_cert == TRUE) {
241	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {	228	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
242	result = check_certificate (&server_cert);	229	result = check_certificate (&server_cert);
243	X509_free(server_cert);	230	X509_free(server_cert);
@@ -246,30 +233,21 @@ main (int argc, char **argv)
246	printf(_("CRITICAL - Cannot retrieve server certificate.\n"));	233	printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
247	result = STATE_CRITICAL;	234	result = STATE_CRITICAL;
248	}	235	}
		236	}
		237	*/
249	# endif /* USE_OPENSSL */	238	# endif /* USE_OPENSSL */
		239	#endif
250		240
251	SSL_shutdown (ssl);	241	if(result != STATE_OK){
252	SSL_free (ssl);	242	#ifdef HAVE_SSL
253	SSL_CTX_free (ctx);	243	np_net_ssl_cleanup();
254	close (sd);	244	#endif
		245	if(sd) close(sd);
255	return result;	246	return result;
256	}	247	}
257	else if (flags & FLAG_SSL)
258	result = connect_SSL ();
259	else
260	#endif
261	result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
262
263	if (result == STATE_CRITICAL)
264	return STATE_CRITICAL;
265		248
266	if (server_send != NULL) { /* Something to send? */	249	if (server_send != NULL) { /* Something to send? */
267	#ifdef HAVE_SSL	250	my_send(server_send, strlen(server_send));
268	if (flags & FLAG_SSL)
269	SSL_write(ssl, server_send, (int)strlen(server_send));
270	else
271	#endif
272	send (sd, server_send, strlen(server_send), 0);
273	}	251	}
274		252
275	if (delay > 0) {	253	if (delay > 0) {
@@ -332,21 +310,12 @@ main (int argc, char **argv)
332	}	310	}
333		311
334	if (server_quit != NULL) {	312	if (server_quit != NULL) {
335	#ifdef HAVE_SSL	313	my_send(server_quit, strlen(server_quit));
336	if (flags & FLAG_SSL) {
337	SSL_write (ssl, server_quit, (int)strlen(server_quit));
338	SSL_shutdown (ssl);
339	SSL_free (ssl);
340	SSL_CTX_free (ctx);
341	}
342	else
343	#endif
344	send (sd, server_quit, strlen (server_quit), 0);
345	}	314	}
346		315	#ifdef HAVE_SSL
347	/* close the connection */	316	np_net_ssl_cleanup();
348	if (sd)	317	#endif
349	close (sd);	318	if (sd) close (sd);
350		319
351	microsec = deltime (tv);	320	microsec = deltime (tv);
352	elapsed_time = (double)microsec / 1.0e6;	321	elapsed_time = (double)microsec / 1.0e6;
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv)
600		569
601	/* SSL-specific functions */	570	/* SSL-specific functions */
602	#ifdef HAVE_SSL	571	#ifdef HAVE_SSL
603	static int	572	# ifdef USE_OPENSSL /* XXX */
604	connect_SSL (void)
605	{
606	SSL_METHOD *meth;
607
608	/* Initialize SSL context */
609	SSLeay_add_ssl_algorithms ();
610	meth = SSLv23_client_method ();
611	SSL_load_error_strings ();
612	OpenSSL_add_all_algorithms();
613	if ((ctx = SSL_CTX_new (meth)) == NULL)
614	{
615	printf (_("CRITICAL - Cannot create SSL context.\n"));
616	return STATE_CRITICAL;
617	}
618
619	/* Initialize alarm signal handling */
620	signal (SIGALRM, socket_timeout_alarm_handler);
621
622	/* Set socket timeout */
623	alarm (socket_timeout);
624
625	/* Save start time */
626	time (&start_time);
627
628	/* Make TCP connection */
629	if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE)
630	{
631	/* Do the SSL handshake */
632	if ((ssl = SSL_new (ctx)) != NULL)
633	{
634	SSL_set_fd (ssl, sd);
635	if (SSL_connect(ssl) == 1)
636	return OK;
637	/* ERR_print_errors_fp (stderr); */
638	printf (_("CRITICAL - Cannot make SSL connection "));
639	#ifdef USE_OPENSSL /* XXX */
640	ERR_print_errors_fp (stdout);
641	#endif /* USE_OPENSSL */
642	/* printf("\n"); */
643	}
644	else
645	{
646	printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
647	}
648	SSL_free (ssl);
649	}
650
651	SSL_CTX_free (ctx);
652	close (sd);
653
654	return STATE_CRITICAL;
655	}
656
657	#ifdef USE_OPENSSL /* XXX */
658	static int	573	static int
659	check_certificate (X509 ** certificate)	574	check_certificate (X509 ** certificate)
660	{	575	{


diff --git a/plugins/common.h b/plugins/common.h index e10586b..5eac63e 100644 --- a/plugins/common.h +++ b/plugins/common.h
@@ -32,6 +32,9 @@
32	*	32	*
33	*****************************************************************************/	33	*****************************************************************************/
34		34
		35	#ifndef _COMMON_H_
		36	#define _COMMON_H_
		37
35	#include "config.h"	38	#include "config.h"
36		39
37	#ifdef HAVE_FEATURES_H	40	#ifdef HAVE_FEATURES_H
@@ -146,6 +149,29 @@ int snprintf(char str, size_t size, const char format, ...);
146	int vsnprintf(char str, size_t size, const char format, va_list ap);	149	int vsnprintf(char str, size_t size, const char format, va_list ap);
147	#endif	150	#endif
148		151
		152	/* SSL implementations */
		153	#ifdef HAVE_GNUTLS_OPENSSL_H
		154	# include <gnutls/openssl.h>
		155	#else
		156	# ifdef HAVE_SSL_H
		157	# include <rsa.h>
		158	# include <crypto.h>
		159	# include <x509.h>
		160	# include <pem.h>
		161	# include <ssl.h>
		162	# include <err.h>
		163	# else
		164	# ifdef HAVE_OPENSSL_SSL_H
		165	# include <openssl/rsa.h>
		166	# include <openssl/crypto.h>
		167	# include <openssl/x509.h>
		168	# include <openssl/pem.h>
		169	# include <openssl/ssl.h>
		170	# include <openssl/err.h>
		171	# endif
		172	# endif
		173	#endif
		174
149	/*	175	/*
150	*	176	*
151	* Standard Values	177	* Standard Values
@@ -191,3 +217,5 @@ enum {
191	#ifndef __GNUC__	217	#ifndef __GNUC__
192	# define __attribute__(x) /* do nothing */	218	# define __attribute__(x) /* do nothing */
193	#endif	219	#endif
		220
		221	#endif /* _COMMON_H_ */


diff --git a/plugins/netutils.c b/plugins/netutils.c index 9539a7f..e3fbb3a 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c
@@ -234,6 +234,54 @@ np_net_connect (const char host_name, int port, int sd, int proto)
234	}	234	}
235	}	235	}
236		236
		237	#ifdef HAVE_SSL
		238	static SSL_CTX *c=NULL;
		239	static SSL *s=NULL;
		240
		241	int np_net_ssl_init (int sd){
		242	SSL_METHOD *m=NULL;
		243	/* Initialize SSL context */
		244	SSLeay_add_ssl_algorithms ();
		245	m = SSLv23_client_method ();
		246	SSL_load_error_strings ();
		247	OpenSSL_add_all_algorithms();
		248	if ((c = SSL_CTX_new (m)) == NULL) {
		249	printf (_("CRITICAL - Cannot create SSL context.\n"));
		250	return STATE_CRITICAL;
		251	}
		252	if ((s = SSL_new (c)) != NULL){
		253	SSL_set_fd (s, sd);
		254	if (SSL_connect(s) == 1){
		255	return OK;
		256	} else {
		257	printf (_("CRITICAL - Cannot make SSL connection "));
		258	#ifdef USE_OPENSSL /* XXX look into ERR_error_string */
		259	ERR_print_errors_fp (stdout);
		260	#endif /* USE_OPENSSL */
		261	}
		262	} else {
		263	printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
		264	}
		265	return STATE_CRITICAL;
		266	}
		267
		268	void np_net_ssl_cleanup (){
		269	if(s){
		270	SSL_shutdown (s);
		271	SSL_free (s);
		272	if(c) SSL_CTX_free (c);
		273	}
		274	}
		275
		276	int np_net_ssl_write(const void *buf, int num){
		277	return SSL_write(s, buf, num);
		278	}
		279
		280	int np_net_ssl_read(void *buf, int num){
		281	return SSL_read(s, buf, num);
		282	}
		283
		284	#endif /* HAVE_SSL */
237		285
238	int	286	int
239	send_request (int sd, int proto, const char send_buffer, char recv_buffer, int recv_size)	287	send_request (int sd, int proto, const char send_buffer, char recv_buffer, int recv_size)


diff --git a/plugins/netutils.h b/plugins/netutils.h index 1a52eec..85b5aa9 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h
@@ -32,7 +32,11 @@
32	*	32	*
33	******************************************************************************/	33	******************************************************************************/
34		34
		35	#ifndef _NETUTILS_H_
		36	#define _NETUTILS_H_
		37
35	#include "config.h"	38	#include "config.h"
		39	#include "common.h"
36	#include <netinet/in.h>	40	#include <netinet/in.h>
37	#include <arpa/inet.h>	41	#include <arpa/inet.h>
38		42
@@ -77,3 +81,14 @@ extern unsigned int socket_timeout;
77	extern int econn_refuse_state;	81	extern int econn_refuse_state;
78	extern int was_refused;	82	extern int was_refused;
79	extern int address_family;	83	extern int address_family;
		84
		85	/* SSL-Related functionality */
		86	#ifdef HAVE_SSL
		87	/* maybe this could be merged with the above np_net_connect, via some flags */
		88	int np_net_ssl_init(int sd);
		89	void np_net_ssl_cleanup();
		90	int np_net_ssl_write(const void *buf, int num);
		91	int np_net_ssl_read(void *buf, int num);
		92	#endif /* HAVE_SSL */
		93
		94	#endif /* _NETUTILS_H_ */