From c4704e163ebf54277ff901f06f09126ef3a3bc7f Mon Sep 17 00:00:00 2001
From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>
Date: Thu, 2 Feb 2023 12:03:44 +0100
Subject: sslutils.c: Move function after a function it uses to avoid forward
 declarations

---
 plugins/sslutils.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

(limited to 'plugins/sslutils.c')

diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 286273f6..4f12ddaf 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -191,17 +191,6 @@ int np_net_ssl_read(void *buf, int num) {
 	return SSL_read(s, buf, num);
 }
 
-int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
-#  ifdef USE_OPENSSL
-	X509 *certificate = NULL;
-	certificate=SSL_get_peer_certificate(s);
-	return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
-#  else /* ifndef USE_OPENSSL */
-	printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
-	return STATE_WARNING;
-#  endif /* USE_OPENSSL */
-}
-
 int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
 	X509_NAME *subj=NULL;
@@ -328,4 +317,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int
 #  endif /* USE_OPENSSL */
 }
 
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+	X509 *certificate = NULL;
+	certificate=SSL_get_peer_certificate(s);
+	return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+	printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+	return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+
 #endif /* HAVE_SSL */
-- 
cgit v1.2.3-74-g34f1


From 6f0ce3804a396ce89c09f50123e5f31b5b525b31 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sat, 4 Feb 2023 16:19:46 +0100
Subject: fallback to SSL_CTX_use_certificate_file for gnutls

---
 plugins/sslutils.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'plugins/sslutils.c')

diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 286273f6..d542c499 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,18 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 		return STATE_CRITICAL;
 	}
 	if (cert && privkey) {
-		SSL_CTX_use_certificate_chain_file(c, cert);
+#ifdef USE_OPENSSL
+		if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+#else
+#if USE_GNUTLS
+		if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+#else
+#error Unported for unknown SSL library
+#endif
+#endif
+			printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
+			return STATE_CRITICAL;
+		}
 		SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
 		if (!SSL_CTX_check_private_key(c)) {
-- 
cgit v1.2.3-74-g34f1


From 28b5a1cc454774474b98037acd283a1da4c3f7ad Mon Sep 17 00:00:00 2001
From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>
Date: Thu, 9 Feb 2023 00:35:20 +0100
Subject: Make preprocessor fallback for gnutls more readable

---
 plugins/sslutils.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'plugins/sslutils.c')

diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index d542c499..a7d80196 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -136,12 +136,10 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 	if (cert && privkey) {
 #ifdef USE_OPENSSL
 		if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
-#else
-#if USE_GNUTLS
+#elif  USE_GNUTLS
 		if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
 #else
 #error Unported for unknown SSL library
-#endif
 #endif
 			printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
 			return STATE_CRITICAL;
-- 
cgit v1.2.3-74-g34f1