[Nagiosplug-checkins] nagiosplug/plugins check_tcp.c,1.66,1.67
M. Sean Finney
seanius at users.sourceforge.net
Tue Oct 18 15:37:04 CEST 2005
Update of /cvsroot/nagiosplug/nagiosplug/plugins
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19928/plugins
Modified Files:
check_tcp.c
Log Message:
initial "experimental" support for gnutls. by default openssl is still
used if available, and gnutls is only used if openssl is not available
or explicitly disabled (--without-openssl). currently the only plugin
i've verified to work is check_tcp, but i had to disable cert checking.
Index: check_tcp.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/check_tcp.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -d -r1.66 -r1.67
--- check_tcp.c 5 Jun 2005 17:43:58 -0000 1.66
+++ check_tcp.c 18 Oct 2005 22:35:29 -0000 1.67
@@ -28,21 +28,25 @@
#include "netutils.h"
#include "utils.h"
-#ifdef HAVE_SSL_H
-# include <rsa.h>
-# include <crypto.h>
-# include <x509.h>
-# include <pem.h>
-# include <ssl.h>
-# include <err.h>
+#ifdef HAVE_GNUTLS_OPENSSL_H
+# include <gnutls/openssl.h>
#else
-# ifdef HAVE_OPENSSL_SSL_H
-# include <openssl/rsa.h>
-# include <openssl/crypto.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/ssl.h>
-# include <openssl/err.h>
+# ifdef HAVE_SSL_H
+# include <rsa.h>
+# include <crypto.h>
+# include <x509.h>
+# include <pem.h>
+# include <ssl.h>
+# include <err.h>
+# else
+# ifdef HAVE_OPENSSL_SSL_H
+# include <openssl/rsa.h>
+# include <openssl/crypto.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# endif
# endif
#endif
@@ -54,7 +58,9 @@
static SSL *ssl;
static X509 *server_cert;
static int connect_SSL (void);
+# ifdef USE_OPENSSL
static int check_certificate (X509 **);
+# endif /* USE_OPENSSL */
# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))
#else
# define my_recv(buf, len) read(sd, buf, len)
@@ -231,6 +237,7 @@
if (flags & FLAG_SSL && check_cert == TRUE) {
if (connect_SSL () != OK)
die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
+# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
result = check_certificate (&server_cert);
X509_free(server_cert);
@@ -239,6 +246,7 @@
printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
result = STATE_CRITICAL;
}
+# endif /* USE_OPENSSL */
SSL_shutdown (ssl);
SSL_free (ssl);
@@ -563,12 +571,14 @@
break;
case 'D': /* Check SSL cert validity - days 'til certificate expiration */
#ifdef HAVE_SSL
+# ifdef USE_OPENSSL /* XXX */
if (!is_intnonneg (optarg))
usage2 (_("Invalid certificate expiration period"), optarg);
days_till_exp = atoi (optarg);
check_cert = TRUE;
flags |= FLAG_SSL;
break;
+# endif /* USE_OPENSSL */
#endif
/* fallthrough if we don't have ssl */
case 'S':
@@ -626,7 +636,9 @@
return OK;
/* ERR_print_errors_fp (stderr); */
printf (_("CRITICAL - Cannot make SSL connection "));
+#ifdef USE_OPENSSL /* XXX */
ERR_print_errors_fp (stdout);
+#endif /* USE_OPENSSL */
/* printf("\n"); */
}
else
@@ -642,6 +654,7 @@
return STATE_CRITICAL;
}
+#ifdef USE_OPENSSL /* XXX */
static int
check_certificate (X509 ** certificate)
{
@@ -715,6 +728,7 @@
return STATE_OK;
}
+# endif /* USE_OPENSSL */
#endif /* HAVE_SSL */
More information about the Commits
mailing list