summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS7
-rw-r--r--configure.ac6
-rw-r--r--doc/developer-guidelines.sgml7
-rw-r--r--plugins-root/check_dhcp.c43
-rw-r--r--plugins/Makefile.am2
-rw-r--r--plugins/check_disk.c43
-rw-r--r--plugins/check_http.c22
-rw-r--r--plugins/check_smtp.c13
-rw-r--r--plugins/check_snmp.c3
-rw-r--r--plugins/check_ups.c12
-rw-r--r--plugins/netutils.h10
-rw-r--r--plugins/sslutils.c81
-rw-r--r--plugins/t/check_snmp.t4
13 files changed, 131 insertions, 122 deletions
diff --git a/NEWS b/NEWS
index 33e8a5ce..e1efcc67 100644
--- a/NEWS
+++ b/NEWS
@@ -6,14 +6,19 @@ This file documents the major additions and syntax changes between releases.
6 thresholds 6 thresholds
7 New check_snmp "-N" option to specify SNMPv3 context name 7 New check_snmp "-N" option to specify SNMPv3 context name
8 New check_nt "-l" parameters: seconds|minutes|hours|days 8 New check_nt "-l" parameters: seconds|minutes|hours|days
9 Make sure check_disk won't hang on hanging (network) file systems
10 New check_mailq -s option which tells the plugin to use sudo(8) 9 New check_mailq -s option which tells the plugin to use sudo(8)
11 New -W/-C option for check_ldap to check number of entries (Gerhard Lausser) 10 New -W/-C option for check_ldap to check number of entries (Gerhard Lausser)
11 The check_http -S/--ssl option now accepts the arguments "1.1" and "1.2"
12 to force TLSv1.1 and TLSv1.2 connections, respectively
13 The check_http -S/--ssl option now allows for specifying the desired
14 protocol with a "+" suffix to also accept newer versions
12 15
13 FIXES 16 FIXES
14 Let check_real terminate lines with CRLF when talking to the server, as 17 Let check_real terminate lines with CRLF when talking to the server, as
15 mandated by 2326 18 mandated by 2326
16 Fix check_procs on HP-UX 19 Fix check_procs on HP-UX
20 check_smtp's -e/--expect option can now be combined with -S/--starttls
21 Fix incorrect performance data thresholds emitted by check_ups
17 22
18 WARNINGS 23 WARNINGS
19 The format of the performance data emitted by check_mrtgtraf has been 24 The format of the performance data emitted by check_mrtgtraf has been
diff --git a/configure.ac b/configure.ac
index ce1728e3..29de4bdc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -156,12 +156,6 @@ AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
156AC_CHECK_LIB(resolv,main,SOCKETLIBS="$SOCKETLIBS -lresolv") 156AC_CHECK_LIB(resolv,main,SOCKETLIBS="$SOCKETLIBS -lresolv")
157AC_SUBST(SOCKETLIBS) 157AC_SUBST(SOCKETLIBS)
158 158
159dnl Check for POSIX thread libraries
160AC_CHECK_HEADERS(pthread.h)
161AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread",
162 AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread -lrt",-lrt))
163AC_SUBST(THREADLIBS)
164
165dnl 159dnl
166dnl check for math-related functions needing -lm 160dnl check for math-related functions needing -lm
167AC_CHECK_HEADERS(math.h) 161AC_CHECK_HEADERS(math.h)
diff --git a/doc/developer-guidelines.sgml b/doc/developer-guidelines.sgml
index 228d3fa1..6f31f365 100644
--- a/doc/developer-guidelines.sgml
+++ b/doc/developer-guidelines.sgml
@@ -200,9 +200,8 @@
200 operation. Higher-level errors (such as name resolution errors, 200 operation. Higher-level errors (such as name resolution errors,
201 socket timeouts, etc) are outside of the control of plugins and should 201 socket timeouts, etc) are outside of the control of plugins and should
202 generally NOT be reported as UNKNOWN states. 202 generally NOT be reported as UNKNOWN states.
203 </para> 203 </para><para>The --help or --version output should also result in Unknown state.
204 <para>The --help or --version output should also result in Unknown state.</para> 204 </para></entry>
205 </entry>
206 </row> 205 </row>
207 </tbody> 206 </tbody>
208 </tgroup> 207 </tgroup>
@@ -613,7 +612,7 @@
613 The user should be allowed to specify -v multiple times to increase 612 The user should be allowed to specify -v multiple times to increase
614 the verbosity level, as described in <xref linkend="verboselevels">.</para> 613 the verbosity level, as described in <xref linkend="verboselevels">.</para>
615 614
616 The exit code for version information or help should be UNKNOWN 615 <para>The exit code for version information or help should be UNKNOWN
617 (3).</para> 616 (3).</para>
618 </section> 617 </section>
619 618
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c
index 3723e61a..d8afb172 100644
--- a/plugins-root/check_dhcp.c
+++ b/plugins-root/check_dhcp.c
@@ -229,7 +229,7 @@ struct in_addr requested_address;
229 229
230int process_arguments(int, char **); 230int process_arguments(int, char **);
231int call_getopt(int, char **); 231int call_getopt(int, char **);
232int validate_arguments(void); 232int validate_arguments(int, int);
233void print_usage(void); 233void print_usage(void);
234void print_help(void); 234void print_help(void);
235 235
@@ -1059,29 +1059,19 @@ int get_results(void){
1059 1059
1060/* process command-line arguments */ 1060/* process command-line arguments */
1061int process_arguments(int argc, char **argv){ 1061int process_arguments(int argc, char **argv){
1062 int c; 1062 int arg_index;
1063 1063
1064 if(argc<1) 1064 if(argc<1)
1065 return ERROR; 1065 return ERROR;
1066 1066
1067 c=0; 1067 arg_index = call_getopt(argc,argv);
1068 while((c+=(call_getopt(argc-c,&argv[c])))<argc){ 1068 return validate_arguments(argc,arg_index);
1069
1070 /*
1071 if(is_option(argv[c]))
1072 continue;
1073 */
1074 }
1075
1076 return validate_arguments();
1077 } 1069 }
1078 1070
1079 1071
1080 1072
1081int call_getopt(int argc, char **argv){ 1073int call_getopt(int argc, char **argv){
1082 int c=0; 1074 extern int optind;
1083 int i=0;
1084
1085 int option_index = 0; 1075 int option_index = 0;
1086 static struct option long_options[] = 1076 static struct option long_options[] =
1087 { 1077 {
@@ -1098,25 +1088,14 @@ int call_getopt(int argc, char **argv){
1098 }; 1088 };
1099 1089
1100 while(1){ 1090 while(1){
1101 c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index); 1091 int c=0;
1102 1092
1103 i++; 1093 c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index);
1104 1094
1105 if(c==-1||c==EOF||c==1) 1095 if(c==-1||c==EOF||c==1)
1106 break; 1096 break;
1107 1097
1108 switch(c){ 1098 switch(c){
1109 case 'w':
1110 case 'r':
1111 case 't':
1112 case 'i':
1113 i++;
1114 break;
1115 default:
1116 break;
1117 }
1118
1119 switch(c){
1120 1099
1121 case 's': /* DHCP server address */ 1100 case 's': /* DHCP server address */
1122 resolve_host(optarg,&dhcp_ip); 1101 resolve_host(optarg,&dhcp_ip);
@@ -1181,12 +1160,14 @@ int call_getopt(int argc, char **argv){
1181 break; 1160 break;
1182 } 1161 }
1183 } 1162 }
1184 1163 return optind;
1185 return i;
1186 } 1164 }
1187 1165
1188 1166
1189int validate_arguments(void){ 1167int validate_arguments(int argc, int arg_index){
1168
1169 if(argc-optind > 0)
1170 usage(_("Got unexpected non-option argument"));
1190 1171
1191 return OK; 1172 return OK;
1192 } 1173 }
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 41906c53..0ddf9bd1 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS)
71check_cluster_LDADD = $(BASEOBJS) 71check_cluster_LDADD = $(BASEOBJS)
72check_dbi_LDADD = $(NETLIBS) $(DBILIBS) 72check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
73check_dig_LDADD = $(NETLIBS) 73check_dig_LDADD = $(NETLIBS)
74check_disk_LDADD = $(BASEOBJS) $(THREADLIBS) 74check_disk_LDADD = $(BASEOBJS)
75check_dns_LDADD = $(NETLIBS) 75check_dns_LDADD = $(NETLIBS)
76check_dummy_LDADD = $(BASEOBJS) 76check_dummy_LDADD = $(BASEOBJS)
77check_fping_LDADD = $(NETLIBS) 77check_fping_LDADD = $(NETLIBS)
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index 9693bad3..874a0ee0 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -51,9 +51,6 @@ const char *email = "devel@monitoring-plugins.org";
51# include <limits.h> 51# include <limits.h>
52#endif 52#endif
53#include "regex.h" 53#include "regex.h"
54#if HAVE_PTHREAD_H
55# include <pthread.h>
56#endif
57 54
58#ifdef __CYGWIN__ 55#ifdef __CYGWIN__
59# include <windows.h> 56# include <windows.h>
@@ -133,7 +130,6 @@ void print_help (void);
133void print_usage (void); 130void print_usage (void);
134double calculate_percent(uintmax_t, uintmax_t); 131double calculate_percent(uintmax_t, uintmax_t);
135void stat_path (struct parameter_list *p); 132void stat_path (struct parameter_list *p);
136void *do_stat_path (void *p);
137void get_stats (struct parameter_list *p, struct fs_usage *fsp); 133void get_stats (struct parameter_list *p, struct fs_usage *fsp);
138void get_path_stats (struct parameter_list *p, struct fs_usage *fsp); 134void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
139 135
@@ -972,44 +968,6 @@ print_usage (void)
972void 968void
973stat_path (struct parameter_list *p) 969stat_path (struct parameter_list *p)
974{ 970{
975#ifdef HAVE_PTHREAD_H
976 pthread_t stat_thread;
977 int statdone = 0;
978 int timer = timeout_interval;
979 struct timespec req, rem;
980
981 req.tv_sec = 0;
982 pthread_create(&stat_thread, NULL, do_stat_path, p);
983 while (timer-- > 0) {
984 req.tv_nsec = 10000000;
985 nanosleep(&req, &rem);
986 if (pthread_kill(stat_thread, 0)) {
987 statdone = 1;
988 break;
989 } else {
990 req.tv_nsec = 990000000;
991 nanosleep(&req, &rem);
992 }
993 }
994 if (statdone == 1) {
995 pthread_join(stat_thread, NULL);
996 } else {
997 pthread_detach(stat_thread);
998 if (verbose >= 3)
999 printf("stat did not return within %ds on %s\n", timeout_interval, p->name);
1000 printf("DISK %s - ", _("CRITICAL"));
1001 die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout"));
1002 }
1003#else
1004 do_stat_path(p);
1005#endif
1006}
1007
1008void *
1009do_stat_path (void *in)
1010{
1011 struct parameter_list *p = in;
1012
1013 /* Stat entry to check that dir exists and is accessible */ 971 /* Stat entry to check that dir exists and is accessible */
1014 if (verbose >= 3) 972 if (verbose >= 3)
1015 printf("calling stat on %s\n", p->name); 973 printf("calling stat on %s\n", p->name);
@@ -1019,7 +977,6 @@ do_stat_path (void *in)
1019 printf("DISK %s - ", _("CRITICAL")); 977 printf("DISK %s - ", _("CRITICAL"));
1020 die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno)); 978 die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
1021 } 979 }
1022 return NULL;
1023} 980}
1024 981
1025 982
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 68b470ce..2038f4a1 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -343,9 +343,20 @@ process_arguments (int argc, char **argv)
343 parameters, like -S and -C combinations */ 343 parameters, like -S and -C combinations */
344 use_ssl = TRUE; 344 use_ssl = TRUE;
345 if (c=='S' && optarg != NULL) { 345 if (c=='S' && optarg != NULL) {
346 ssl_version = atoi(optarg); 346 int got_plus = strchr(optarg, '+') != NULL;
347 if (ssl_version < 1 || ssl_version > 3) 347
348 usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); 348 if (!strncmp (optarg, "1.2", 3))
349 ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
350 else if (!strncmp (optarg, "1.1", 3))
351 ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
352 else if (optarg[0] == '1')
353 ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
354 else if (optarg[0] == '3')
355 ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
356 else if (optarg[0] == '2')
357 ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
358 else
359 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
349 } 360 }
350 if (specify_port == FALSE) 361 if (specify_port == FALSE)
351 server_port = HTTPS_PORT; 362 server_port = HTTPS_PORT;
@@ -1514,9 +1525,10 @@ print_help (void)
1514 printf (UT_IPv46); 1525 printf (UT_IPv46);
1515 1526
1516#ifdef HAVE_SSL 1527#ifdef HAVE_SSL
1517 printf (" %s\n", "-S, --ssl=VERSION"); 1528 printf (" %s\n", "-S, --ssl=VERSION[+]");
1518 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); 1529 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1519 printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); 1530 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
1531 printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
1520 printf (" %s\n", "--sni"); 1532 printf (" %s\n", "--sni");
1521 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1533 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1522 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 1534 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 56040ff2..1996c6d3 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -231,7 +231,7 @@ main (int argc, char **argv)
231 send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); 231 send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
232 232
233 recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ 233 recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
234 if (!strstr (buffer, server_expect)) { 234 if (!strstr (buffer, SMTP_EXPECT)) {
235 printf (_("Server does not support STARTTLS\n")); 235 printf (_("Server does not support STARTTLS\n"));
236 smtp_quit(); 236 smtp_quit();
237 return STATE_UNKNOWN; 237 return STATE_UNKNOWN;
@@ -276,6 +276,7 @@ main (int argc, char **argv)
276# ifdef USE_OPENSSL 276# ifdef USE_OPENSSL
277 if ( check_cert ) { 277 if ( check_cert ) {
278 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); 278 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
279 smtp_quit();
279 my_close(); 280 my_close();
280 return result; 281 return result;
281 } 282 }
@@ -581,11 +582,6 @@ process_arguments (int argc, char **argv)
581 usage4 (_("Timeout interval must be a positive integer")); 582 usage4 (_("Timeout interval must be a positive integer"));
582 } 583 }
583 break; 584 break;
584 case 'S':
585 /* starttls */
586 use_ssl = TRUE;
587 use_ehlo = TRUE;
588 break;
589 case 'D': 585 case 'D':
590 /* Check SSL cert validity */ 586 /* Check SSL cert validity */
591#ifdef USE_OPENSSL 587#ifdef USE_OPENSSL
@@ -607,9 +603,14 @@ process_arguments (int argc, char **argv)
607 days_till_exp_warn = atoi (optarg); 603 days_till_exp_warn = atoi (optarg);
608 } 604 }
609 check_cert = TRUE; 605 check_cert = TRUE;
606 ignore_send_quit_failure = TRUE;
610#else 607#else
611 usage (_("SSL support not available - install OpenSSL and recompile")); 608 usage (_("SSL support not available - install OpenSSL and recompile"));
612#endif 609#endif
610 case 'S':
611 /* starttls */
612 use_ssl = TRUE;
613 use_ehlo = TRUE;
613 break; 614 break;
614 case '4': 615 case '4':
615 address_family = AF_INET; 616 address_family = AF_INET;
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 28cc44dd..9839d6e8 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org";
41#define DEFAULT_PORT "161" 41#define DEFAULT_PORT "161"
42#define DEFAULT_MIBLIST "ALL" 42#define DEFAULT_MIBLIST "ALL"
43#define DEFAULT_PROTOCOL "1" 43#define DEFAULT_PROTOCOL "1"
44#define DEFAULT_TIMEOUT 1
45#define DEFAULT_RETRIES 5 44#define DEFAULT_RETRIES 5
46#define DEFAULT_AUTH_PROTOCOL "MD5" 45#define DEFAULT_AUTH_PROTOCOL "MD5"
47#define DEFAULT_PRIV_PROTOCOL "DES" 46#define DEFAULT_PRIV_PROTOCOL "DES"
@@ -227,7 +226,7 @@ main (int argc, char **argv)
227 outbuff = strdup (""); 226 outbuff = strdup ("");
228 delimiter = strdup (" = "); 227 delimiter = strdup (" = ");
229 output_delim = strdup (DEFAULT_OUTPUT_DELIMITER); 228 output_delim = strdup (DEFAULT_OUTPUT_DELIMITER);
230 timeout_interval = DEFAULT_TIMEOUT; 229 timeout_interval = DEFAULT_SOCKET_TIMEOUT;
231 retries = DEFAULT_RETRIES; 230 retries = DEFAULT_RETRIES;
232 231
233 np_init( (char *) progname, argc, argv ); 232 np_init( (char *) progname, argc, argv );
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index dc5a348b..e9e56a51 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -242,8 +242,8 @@ main (int argc, char **argv)
242 } 242 }
243 xasprintf (&data, "%s %s", data, 243 xasprintf (&data, "%s %s", data,
244 perfdata ("battery", (long)ups_battery_percent, "%", 244 perfdata ("battery", (long)ups_battery_percent, "%",
245 check_warn, (long)(1000*warning_value), 245 check_warn, (long)(warning_value),
246 check_crit, (long)(1000*critical_value), 246 check_crit, (long)(critical_value),
247 TRUE, 0, TRUE, 100)); 247 TRUE, 0, TRUE, 100));
248 } else { 248 } else {
249 xasprintf (&data, "%s %s", data, 249 xasprintf (&data, "%s %s", data,
@@ -271,8 +271,8 @@ main (int argc, char **argv)
271 } 271 }
272 xasprintf (&data, "%s %s", data, 272 xasprintf (&data, "%s %s", data,
273 perfdata ("load", (long)ups_load_percent, "%", 273 perfdata ("load", (long)ups_load_percent, "%",
274 check_warn, (long)(1000*warning_value), 274 check_warn, (long)(warning_value),
275 check_crit, (long)(1000*critical_value), 275 check_crit, (long)(critical_value),
276 TRUE, 0, TRUE, 100)); 276 TRUE, 0, TRUE, 100));
277 } else { 277 } else {
278 xasprintf (&data, "%s %s", data, 278 xasprintf (&data, "%s %s", data,
@@ -308,8 +308,8 @@ main (int argc, char **argv)
308 } 308 }
309 xasprintf (&data, "%s %s", data, 309 xasprintf (&data, "%s %s", data,
310 perfdata ("temp", (long)ups_temperature, tunits, 310 perfdata ("temp", (long)ups_temperature, tunits,
311 check_warn, (long)(1000*warning_value), 311 check_warn, (long)(warning_value),
312 check_crit, (long)(1000*critical_value), 312 check_crit, (long)(critical_value),
313 TRUE, 0, FALSE, 0)); 313 TRUE, 0, FALSE, 0));
314 } else { 314 } else {
315 xasprintf (&data, "%s %s", data, 315 xasprintf (&data, "%s %s", data,
diff --git a/plugins/netutils.h b/plugins/netutils.h
index c6fce901..2766029e 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -91,6 +91,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
91 91
92/* SSL-Related functionality */ 92/* SSL-Related functionality */
93#ifdef HAVE_SSL 93#ifdef HAVE_SSL
94# define MP_SSLv2 1
95# define MP_SSLv3 2
96# define MP_TLSv1 3
97# define MP_TLSv1_1 4
98# define MP_TLSv1_2 5
99# define MP_SSLv2_OR_NEWER 6
100# define MP_SSLv3_OR_NEWER 7
101# define MP_TLSv1_OR_NEWER 8
102# define MP_TLSv1_1_OR_NEWER 9
103# define MP_TLSv1_2_OR_NEWER 10
94/* maybe this could be merged with the above np_net_connect, via some flags */ 104/* maybe this could be merged with the above np_net_connect, via some flags */
95int np_net_ssl_init(int sd); 105int np_net_ssl_init(int sd);
96int np_net_ssl_init_with_hostname(int sd, char *host_name); 106int np_net_ssl_init_with_hostname(int sd, char *host_name);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index c9882c69..4f9c793c 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -49,28 +49,78 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
49 49
50int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { 50int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
51 SSL_METHOD *method = NULL; 51 SSL_METHOD *method = NULL;
52 long options = 0;
52 53
53 switch (version) { 54 switch (version) {
54 case 0: /* Deafult to auto negotiation */ 55 case MP_SSLv2: /* SSLv2 protocol */
55 method = SSLv23_client_method();
56 break;
57 case 1: /* TLSv1 protocol */
58 method = TLSv1_client_method();
59 break;
60 case 2: /* SSLv2 protocol */
61#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) 56#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
62 printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); 57 printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
63 return STATE_CRITICAL; 58 return STATE_UNKNOWN;
64#else 59#else
65 method = SSLv2_client_method(); 60 method = SSLv2_client_method();
66#endif
67 break; 61 break;
68 case 3: /* SSLv3 protocol */ 62#endif
63 case MP_SSLv3: /* SSLv3 protocol */
64#if defined(OPENSSL_NO_SSL3)
65 printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
66 return STATE_UNKNOWN;
67#else
69 method = SSLv3_client_method(); 68 method = SSLv3_client_method();
70 break; 69 break;
71 default: /* Unsupported */ 70#endif
72 printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); 71 case MP_TLSv1: /* TLSv1 protocol */
73 return STATE_CRITICAL; 72#if defined(OPENSSL_NO_TLS1)
73 printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
74 return STATE_UNKNOWN;
75#else
76 method = TLSv1_client_method();
77 break;
78#endif
79 case MP_TLSv1_1: /* TLSv1.1 protocol */
80#if !defined(SSL_OP_NO_TLSv1_1)
81 printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
82 return STATE_UNKNOWN;
83#else
84 method = TLSv1_1_client_method();
85 break;
86#endif
87 case MP_TLSv1_2: /* TLSv1.2 protocol */
88#if !defined(SSL_OP_NO_TLSv1_2)
89 printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
90 return STATE_UNKNOWN;
91#else
92 method = TLSv1_2_client_method();
93 break;
94#endif
95 case MP_TLSv1_2_OR_NEWER:
96#if !defined(SSL_OP_NO_TLSv1_1)
97 printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
98 return STATE_UNKNOWN;
99#else
100 options |= SSL_OP_NO_TLSv1_1;
101#endif
102 /* FALLTHROUGH */
103 case MP_TLSv1_1_OR_NEWER:
104#if !defined(SSL_OP_NO_TLSv1)
105 printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
106 return STATE_UNKNOWN;
107#else
108 options |= SSL_OP_NO_TLSv1;
109#endif
110 /* FALLTHROUGH */
111 case MP_TLSv1_OR_NEWER:
112#if defined(SSL_OP_NO_SSLv3)
113 options |= SSL_OP_NO_SSLv3;
114#endif
115 /* FALLTHROUGH */
116 case MP_SSLv3_OR_NEWER:
117#if defined(SSL_OP_NO_SSLv2)
118 options |= SSL_OP_NO_SSLv2;
119#endif
120 case MP_SSLv2_OR_NEWER:
121 /* FALLTHROUGH */
122 default: /* Default to auto negotiation */
123 method = SSLv23_client_method();
74 } 124 }
75 if (!initialized) { 125 if (!initialized) {
76 /* Initialize SSL context */ 126 /* Initialize SSL context */
@@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
94#endif 144#endif
95 } 145 }
96#ifdef SSL_OP_NO_TICKET 146#ifdef SSL_OP_NO_TICKET
97 SSL_CTX_set_options(c, SSL_OP_NO_TICKET); 147 options |= SSL_OP_NO_TICKET;
98#endif 148#endif
149 SSL_CTX_set_options(c, options);
99 SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); 150 SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);
100 if ((s = SSL_new(c)) != NULL) { 151 if ((s = SSL_new(c)) != NULL) {
101#ifdef SSL_set_tlsext_host_name 152#ifdef SSL_set_tlsext_host_name
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index 2d6c44a7..aefd872a 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -166,8 +166,8 @@ SKIP: {
166SKIP: { 166SKIP: {
167 skip "no non responsive host defined", 2 if ( ! $host_nonresponsive ); 167 skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
168 $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:"); 168 $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
169 cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" ); 169 cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
170 like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem"); 170 like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
171} 171}
172 172
173SKIP: { 173SKIP: {