summaryrefslogtreecommitdiffstats
path: root/plugins/sslutils.c
AgeCommit message (Collapse)AuthorFilesLines
2013-08-20Set SSL_MODE_AUTO_RETRY flagHolger Weiss1-0/+1
We use OpenSSL (or GnuTLS) with blocking semantics, and we don't want SSL_read(3) or SSL_write(3) calls to return SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE (see #3614716).
2013-08-18Abbreviate function nameHolger Weiss1-2/+2
Make a very long function name at least a little bit shorter.
2013-05-17added support for client authentication via SSLrefs/pull/48/headLionel Cons1-0/+12
2012-06-25check_http: added test for warning thresholdsSven Nierlein1-2/+2
fixed typo in sslutils
2012-06-25applied patch that adds both critical and warning thresholds to certificate ↵William Leibzon1-6/+12
expiration checks of check_tcp, check_http, check_smtp
2012-06-11Fix whitespace and capitalization issuesHolger Weiss1-80/+80
Fix indentation and whitespace issues, and correct some capitalization errors in error messages. The behaviour is unchanged.
2012-06-11Don't use SSLv2 when compiling against GnuTLSHolger Weiss1-2/+2
GnuTLS doesn't support SSL version 2.
2012-06-06sslutils: Check if OpenSSL supports SSLv2.refs/pull/6/headSebastian Harl1-0/+5
Recent versions/builds seem to disable that feature.
2012-05-28Add support for specifying SSL protocol versionHolger Weiss1-1/+24
The check_http -S/--ssl option now takes an optional argument which specifies the desired SSL/TLS protocol version (#3285367 - Jason Lunn).
2012-05-07Disable stateless SSL session resumptionHolger Weiss1-0/+3
Some versions of OpenSSL fail to negotiate the SSL connection with at least some versions of Tomcat if stateless SSL session resumption support (see RFC4507) is enabled: | CRITICAL - Cannot make SSL connection | 140099330348712:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1195:SSL alert number 10 The problem is reproducible with OpenSSL 1.0.0h, but not with OpenSSL 0.9.8o-4squeeze12 (as shipped with Debian 6.0.4). We work around it by disabling the RFC4507 functionality when using OpenSSL versions which support it. Thanks to Dag Bakke for reporting the issue and for giving me access to a server I could use to reproduce the problem.
2011-02-04check_http: check for and print the certificate cnThomas Guyot-Sionnest1-10/+28
This patch adds a check for the certificate cn (hostname) to normal certificate checks. It returns CRITICAL if th cn is missing, otherwise it prints it in the normal output. Patch by Stéphane Urbanovski
2009-05-20Whitespace changes onlyThomas Guyot-Sionnest1-2/+2
2009-05-20check_http: Add SSL/TLS hostname extension support (SNI) - (#1939022 - Joe ↵Thomas Guyot-Sionnest1-1/+12
Presbrey)
2009-03-19Revert "Add timezone support and fix checks around cert expiration" (keep ↵Thomas Guyot-Sionnest1-8/+5
the expiration fix) This reverts commit d41a33a434558189300113c28b26e2d3d681d390.
2009-03-18Add timezone support and fix checks around cert expirationThomas Guyot-Sionnest1-5/+10
2008-11-23Removing CVS/SVN tags and replacing with git-based versioningThomas Guyot-Sionnest1-3/+0
For contrib/, full tags have been imported from subversion git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2091 f882894a-f735-0410-b71e-b25c423dba1c
2008-01-31Bump plugins/ to GPLv3 (non-plugind files)Thomas Guyot-Sionnest1-18/+16
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1918 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Call the SSL library initialization functions only once (not for everyHolger Weiss1-7/+9
SSL connection). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1726 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Save an entire CPU cycle if c points to NULL already.Holger Weiss1-2/+4
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1725 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Set the pointers to the SSL and SSL_CTX objects back to NULL afterHolger Weiss1-0/+2
freeing them in np_net_ssl_cleanup(). This fixes a check_http segfault if an SSL site redirects to a non-SSL one (reported by Aravind Gottipati via IRC). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1724 f882894a-f735-0410-b71e-b25c423dba1c
2006-06-18updating help and usage and licenseBenoit Mortier1-7/+7
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1434 f882894a-f735-0410-b71e-b25c423dba1c
2005-10-31code cleanups, largely resulting from turning on -Wall. mostlyM. Sean Finney1-0/+1
unused variables and explicit casting issues, but there were a couple gotchas in there too. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1267 f882894a-f735-0410-b71e-b25c423dba1c
2005-10-23- compartmentalized ssl code into seperate sslutils.cM. Sean Finney1-0/+162
- ssl-related cleanups in configure.in, and now openssl/gnutls options automatically disable each other. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c