summaryrefslogtreecommitdiffstats
path: root/plugins/sslutils.c
AgeCommit message (Collapse)AuthorFilesLines
2023-04-17Replace deprecated TLS client functionsRincewindsHat1-44/+33
2023-02-10Merge pull request #1832 from RincewindsHat/gnulib_update_2023Lorenz1-11/+12
Gnulib update 2023 and attendant fixes
2023-02-08Make preprocessor fallback for gnutls more readablerefs/pull/1839/headLorenz Kästle1-3/+1
2023-02-04fallback to SSL_CTX_use_certificate_file for gnutlsAndreas Baumann1-1/+12
2023-02-02sslutils.c: Move function after a function it uses to avoid forward declarationsRincewindsHat1-11/+12
2022-01-30sslutils: use chain from client certificatesTobias Wiese1-1/+1
sslutils used to load only the first certificate when it was given a client certificate file. Added tests for check_http to connect to a http server that expects a client certificate (simple and with chain). Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
2018-10-22check_curl: implement certificate checksSven Nierlein1-12/+21
Signed-off-by: Sven Nierlein <sven@nierlein.de>
2016-11-21sslutils: Address compiler warningHolger Weiss1-1/+1
SSLv23_client_method() and friends return a pointer to a const-qualified SSL_METHOD.
2016-11-07GMT expiry displayPeter (pir) Radcliffe1-1/+10
Change solution to display GMT time in the local display format with the offset number of hours from GMT to be clear about what timezone this is if the local display format does not include offset.
2016-11-07Use GMT timezone in SSL certsPeter (pir) Radcliffe1-3/+3
SSL certs are required to use times in GMT per https://www.ietf.org/rfc/rfc5280.txt but the mktime() here assumes the current timezone. Fix the time_t conversion to be done assuming GMT with timegm() and only do it once rather than twice. Display the expiry date and time with ISO format years and give an offset from GMT and a timezone to be very clear about exactly what time is being displayed. Time given is correct and now in the machine’s timezone.
2015-10-06Merge branch 'pr/1373'Holger Weiss1-15/+66
* pr/1373: check_http: Allow for requesting TLSv1.1/TLSv1.2
2015-10-04check_http: Allow for requesting TLSv1.1/TLSv1.2refs/pull/1373/headHolger Weiss1-15/+66
check_http's -S/--ssl option now allows for requesting the TLSv1.1 and TLSv1.2 protocols. Apart from that, a '+' suffix can be appended in oder to also accept newer protocols than the specified version. Closes #1338, and closes #1354, and closes #1359.
2015-10-02fix typo from #1336Sven Nierlein1-2/+3
if exactly one hour before the expire date, we would mixup minutes and hours. Signed-off-by: Sven Nierlein <sven@nierlein.de>
2015-10-02Update sslutils.cMatthias Hähnel1-14/+23
Fixed Output if the expiration time is below one hour and code cleanup
2015-10-02Update sslutils.cMatthias Hähnel1-0/+7
optimize output if certificate expires in less then 24h thx to axel.schmalowsky@sixt.com for this patch
2014-07-21sslutils: expire time in local timezone formatJan Wagner1-5/+4
sshutils prints the expiry time of certificates in US format this patch uses the strftime %c, I don't know how portable that is Thanks to Neil Prockter. Closes #1188 Closes #1161 Closes #977 Closes #976 Closes #975 Closes #840 Closes #382
2014-06-11Fix compilation with GnuTLSHolger Weiss1-0/+2
GnuTLS doesn't provide a SSL_CTX_check_private_key() function. Closes #1254.
2014-01-19Project rename initial commit.Monitoring Plugins Development Team1-2/+2
This is an initial take at renaming the project to Monitoring Plugins. It's not expected to be fully complete, and it is expected to break things (The perl module for instance). More testing will be required before this goes mainline.
2013-09-10Don't mark SSL_METHOD variable as "const"Holger Weiss1-1/+1
The SSL_CTX_new(3) function expects a non-"const" SSL_METHOD value.
2013-09-10Move global variables from .h to .c filesHolger Weiss1-1/+0
Simplify things by moving the definition of global variables into .c files, where they belong.
2013-08-20Set SSL_MODE_AUTO_RETRY flagHolger Weiss1-0/+1
We use OpenSSL (or GnuTLS) with blocking semantics, and we don't want SSL_read(3) or SSL_write(3) calls to return SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE (see #3614716).
2013-08-18Abbreviate function nameHolger Weiss1-2/+2
Make a very long function name at least a little bit shorter.
2013-05-17added support for client authentication via SSLrefs/pull/48/headLionel Cons1-0/+12
2012-06-25check_http: added test for warning thresholdsSven Nierlein1-2/+2
fixed typo in sslutils
2012-06-25applied patch that adds both critical and warning thresholds to certificate ↵William Leibzon1-6/+12
expiration checks of check_tcp, check_http, check_smtp
2012-06-11Fix whitespace and capitalization issuesHolger Weiss1-80/+80
Fix indentation and whitespace issues, and correct some capitalization errors in error messages. The behaviour is unchanged.
2012-06-11Don't use SSLv2 when compiling against GnuTLSHolger Weiss1-2/+2
GnuTLS doesn't support SSL version 2.
2012-06-06sslutils: Check if OpenSSL supports SSLv2.refs/pull/6/headSebastian Harl1-0/+5
Recent versions/builds seem to disable that feature.
2012-05-28Add support for specifying SSL protocol versionHolger Weiss1-1/+24
The check_http -S/--ssl option now takes an optional argument which specifies the desired SSL/TLS protocol version (#3285367 - Jason Lunn).
2012-05-07Disable stateless SSL session resumptionHolger Weiss1-0/+3
Some versions of OpenSSL fail to negotiate the SSL connection with at least some versions of Tomcat if stateless SSL session resumption support (see RFC4507) is enabled: | CRITICAL - Cannot make SSL connection | 140099330348712:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1195:SSL alert number 10 The problem is reproducible with OpenSSL 1.0.0h, but not with OpenSSL 0.9.8o-4squeeze12 (as shipped with Debian 6.0.4). We work around it by disabling the RFC4507 functionality when using OpenSSL versions which support it. Thanks to Dag Bakke for reporting the issue and for giving me access to a server I could use to reproduce the problem.
2011-02-04check_http: check for and print the certificate cnThomas Guyot-Sionnest1-10/+28
This patch adds a check for the certificate cn (hostname) to normal certificate checks. It returns CRITICAL if th cn is missing, otherwise it prints it in the normal output. Patch by Stéphane Urbanovski
2009-05-20Whitespace changes onlyThomas Guyot-Sionnest1-2/+2
2009-05-20check_http: Add SSL/TLS hostname extension support (SNI) - (#1939022 - Joe ↵Thomas Guyot-Sionnest1-1/+12
Presbrey)
2009-03-19Revert "Add timezone support and fix checks around cert expiration" (keep ↵Thomas Guyot-Sionnest1-8/+5
the expiration fix) This reverts commit d41a33a434558189300113c28b26e2d3d681d390.
2009-03-18Add timezone support and fix checks around cert expirationThomas Guyot-Sionnest1-5/+10
2008-11-23Removing CVS/SVN tags and replacing with git-based versioningThomas Guyot-Sionnest1-3/+0
For contrib/, full tags have been imported from subversion git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2091 f882894a-f735-0410-b71e-b25c423dba1c
2008-01-31Bump plugins/ to GPLv3 (non-plugind files)Thomas Guyot-Sionnest1-18/+16
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1918 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Call the SSL library initialization functions only once (not for everyHolger Weiss1-7/+9
SSL connection). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1726 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Save an entire CPU cycle if c points to NULL already.Holger Weiss1-2/+4
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1725 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Set the pointers to the SSL and SSL_CTX objects back to NULL afterHolger Weiss1-0/+2
freeing them in np_net_ssl_cleanup(). This fixes a check_http segfault if an SSL site redirects to a non-SSL one (reported by Aravind Gottipati via IRC). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1724 f882894a-f735-0410-b71e-b25c423dba1c
2006-06-18updating help and usage and licenseBenoit Mortier1-7/+7
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1434 f882894a-f735-0410-b71e-b25c423dba1c
2005-10-31code cleanups, largely resulting from turning on -Wall. mostlyM. Sean Finney1-0/+1
unused variables and explicit casting issues, but there were a couple gotchas in there too. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1267 f882894a-f735-0410-b71e-b25c423dba1c
2005-10-23- compartmentalized ssl code into seperate sslutils.cM. Sean Finney1-0/+162
- ssl-related cleanups in configure.in, and now openssl/gnutls options automatically disable each other. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c