summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorM. Sean Finney <seanius@users.sourceforge.net>2005-10-19 12:59:55 +0000
committerM. Sean Finney <seanius@users.sourceforge.net>2005-10-19 12:59:55 +0000
commit65282c7685ca01c57d94d3df93c2f95d5b945e57 (patch)
treeeb1d0c95752126bd526d939332d14bf40cf7d1f7
parent8611341fb989382545c0c934c700e027d9bbab15 (diff)
downloadmonitoring-plugins-65282c7685ca01c57d94d3df93c2f95d5b945e57.tar.gz
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple inclusions (as netlibs now includes common.h) - all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though certificate checking still needs to be done. - modified configure script so you can also explicitly say "without-gnutls" too (otherwise if you disable openssl you have no way of disabling gnutls too) git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1255 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat
-rw-r--r--configure.in2
-rw-r--r--plugins-root/Makefile.am4
-rw-r--r--plugins/Makefile.am10
-rw-r--r--plugins/check_http.c17
-rw-r--r--plugins/check_smtp.c10
-rw-r--r--plugins/check_tcp.c145
-rw-r--r--plugins/common.h28
-rw-r--r--plugins/netutils.c48
-rw-r--r--plugins/netutils.h15
9 files changed, 151 insertions, 128 deletions
diff --git a/configure.in b/configure.in
index 7ae486ce..383f1788 100644
--- a/configure.in
+++ b/configure.in
@@ -488,7 +488,7 @@ fi
488 488
489dnl check for gnutls if openssl isn't found (or is disabled) 489dnl check for gnutls if openssl isn't found (or is disabled)
490FOUNDGNUTLS="no" 490FOUNDGNUTLS="no"
491if ! test "$FOUNDSSL" = "yes"; then 491if ! test "$FOUNDSSL" = "yes" && ! test "$with_gnutls" = "no"; then
492 if test "$GNUTLS" = ""; then 492 if test "$GNUTLS" = ""; then
493 CPPFLAGS="$CPPFLAGS -I$GNUTLS" 493 CPPFLAGS="$CPPFLAGS -I$GNUTLS"
494 elif ! test "$LIBGNUTLS_CONFIG" = ""; then 494 elif ! test "$LIBGNUTLS_CONFIG" = ""; then
diff --git a/plugins-root/Makefile.am b/plugins-root/Makefile.am
index 81679d53..54e91b08 100644
--- a/plugins-root/Makefile.am
+++ b/plugins-root/Makefile.am
@@ -2,12 +2,12 @@
2 2
3VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t 3VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t
4 4
5INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins 5INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins @SSLINCLUDE@
6 6
7datadir = @datadir@ 7datadir = @datadir@
8localedir = $(datadir)/locale 8localedir = $(datadir)/locale
9DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ 9DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
10LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@ 10LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@
11 11
12EXTRA_PROGRAMS = check_dhcp check_icmp 12EXTRA_PROGRAMS = check_dhcp check_icmp
13 13
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 6b7de7e3..beefb32f 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -2,12 +2,12 @@
2 2
3VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t 3VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t
4 4
5INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ 5INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ @SSLINCLUDE@
6 6
7datadir = @datadir@ 7datadir = @datadir@
8localedir = $(datadir)/locale 8localedir = $(datadir)/locale
9DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ 9DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
10LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@ 10LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@
11MATHLIBS = @MATHLIBS@ 11MATHLIBS = @MATHLIBS@
12 12
13libexec_PROGRAMS = check_disk check_dummy check_http check_load \ 13libexec_PROGRAMS = check_disk check_dummy check_http check_load \
@@ -51,7 +51,7 @@ check_dns_LDADD = $(NETLIBS) popen.o
51check_dummy_LDADD = $(BASEOBJS) 51check_dummy_LDADD = $(BASEOBJS)
52check_fping_LDADD = $(NETLIBS) popen.o 52check_fping_LDADD = $(NETLIBS) popen.o
53check_game_LDADD = $(BASEOBJS) popen.o 53check_game_LDADD = $(BASEOBJS) popen.o
54check_http_LDADD = $(NETLIBS) $(SSLLIBS) 54check_http_LDADD = $(NETLIBS)
55check_hpjd_LDADD = $(NETLIBS) popen.o 55check_hpjd_LDADD = $(NETLIBS) popen.o
56check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS) 56check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
57check_load_LDADD = $(BASEOBJS) popen.o 57check_load_LDADD = $(BASEOBJS) popen.o
@@ -68,10 +68,10 @@ check_procs_LDADD = $(BASEOBJS) popen.o
68check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS) 68check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)
69check_real_LDADD = $(NETLIBS) 69check_real_LDADD = $(NETLIBS)
70check_snmp_LDADD = $(BASEOBJS) popen.o 70check_snmp_LDADD = $(BASEOBJS) popen.o
71check_smtp_LDADD = $(NETLIBS) $(SSLLIBS) 71check_smtp_LDADD = $(NETLIBS)
72check_ssh_LDADD = $(NETLIBS) 72check_ssh_LDADD = $(NETLIBS)
73check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o 73check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o
74check_tcp_LDADD = $(NETLIBS) $(SSLLIBS) 74check_tcp_LDADD = $(NETLIBS)
75check_time_LDADD = $(NETLIBS) 75check_time_LDADD = $(NETLIBS)
76check_udp_LDADD = $(NETLIBS) 76check_udp_LDADD = $(NETLIBS)
77check_ups_LDADD = $(NETLIBS) 77check_ups_LDADD = $(NETLIBS)
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 35b2cca3..d47f5ce6 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -65,7 +65,9 @@ SSL_CTX *ctx;
65SSL *ssl; 65SSL *ssl;
66X509 *server_cert; 66X509 *server_cert;
67int connect_SSL (void); 67int connect_SSL (void);
68# ifdef USE_OPENSSL
68int check_certificate (X509 **); 69int check_certificate (X509 **);
70# endif
69#endif 71#endif
70int no_body = FALSE; 72int no_body = FALSE;
71int maximum_age = -1; 73int maximum_age = -1;
@@ -166,7 +168,7 @@ main (int argc, char **argv)
166 (void) alarm (socket_timeout); 168 (void) alarm (socket_timeout);
167 gettimeofday (&tv, NULL); 169 gettimeofday (&tv, NULL);
168 170
169#ifdef HAVE_SSL 171#ifdef USE_OPENSSL
170 if (use_ssl && check_cert == TRUE) { 172 if (use_ssl && check_cert == TRUE) {
171 if (connect_SSL () != OK) 173 if (connect_SSL () != OK)
172 die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n")); 174 die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n"));
@@ -305,7 +307,7 @@ process_arguments (int argc, char **argv)
305 server_port = HTTPS_PORT; 307 server_port = HTTPS_PORT;
306 break; 308 break;
307 case 'C': /* Check SSL cert validity */ 309 case 'C': /* Check SSL cert validity */
308#ifdef HAVE_SSL 310#ifdef USE_OPENSSL
309 if (!is_intnonneg (optarg)) 311 if (!is_intnonneg (optarg))
310 usage2 (_("Invalid certificate expiration period"), optarg); 312 usage2 (_("Invalid certificate expiration period"), optarg);
311 else { 313 else {
@@ -799,10 +801,11 @@ check_http (void)
799 if (connect_SSL () != OK) { 801 if (connect_SSL () != OK) {
800 die (STATE_CRITICAL, _("Unable to open TCP socket\n")); 802 die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
801 } 803 }
802 804#ifdef USE_OPENSSL
803 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { 805 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
804 X509_free (server_cert); 806 X509_free (server_cert);
805 } 807 }
808#endif
806 else { 809 else {
807 printf (_("CRITICAL - Cannot retrieve server certificate.\n")); 810 printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
808 return STATE_CRITICAL; 811 return STATE_CRITICAL;
@@ -857,7 +860,9 @@ check_http (void)
857#ifdef HAVE_SSL 860#ifdef HAVE_SSL
858 if (use_ssl == TRUE) { 861 if (use_ssl == TRUE) {
859 if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) { 862 if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {
863# ifdef USE_OPENSSL
860 ERR_print_errors_fp (stderr); 864 ERR_print_errors_fp (stderr);
865# endif
861 return STATE_CRITICAL; 866 return STATE_CRITICAL;
862 } 867 }
863 } 868 }
@@ -1278,11 +1283,15 @@ int connect_SSL (void)
1278 if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) { 1283 if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
1279 /* Do the SSL handshake */ 1284 /* Do the SSL handshake */
1280 if ((ssl = SSL_new (ctx)) != NULL) { 1285 if ((ssl = SSL_new (ctx)) != NULL) {
1286#ifdef USE_OPENSSL
1281 SSL_set_cipher_list(ssl, "ALL"); 1287 SSL_set_cipher_list(ssl, "ALL");
1288#endif
1282 SSL_set_fd (ssl, sd); 1289 SSL_set_fd (ssl, sd);
1283 if (SSL_connect (ssl) != -1) 1290 if (SSL_connect (ssl) != -1)
1284 return OK; 1291 return OK;
1292#ifdef USE_OPENSSL
1285 ERR_print_errors_fp (stderr); 1293 ERR_print_errors_fp (stderr);
1294#endif
1286 } 1295 }
1287 else { 1296 else {
1288 printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); 1297 printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
@@ -1299,7 +1308,7 @@ int connect_SSL (void)
1299 1308
1300 1309
1301 1310
1302#ifdef HAVE_SSL 1311#ifdef USE_OPENSSL
1303int 1312int
1304check_certificate (X509 ** certificate) 1313check_certificate (X509 ** certificate)
1305{ 1314{
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 3bb6a32b..19e9aea8 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -53,7 +53,9 @@ SSL_CTX *ctx;
53SSL *ssl; 53SSL *ssl;
54X509 *server_cert; 54X509 *server_cert;
55int connect_STARTTLS (void); 55int connect_STARTTLS (void);
56# ifdef USE_OPENSSL
56int check_certificate (X509 **); 57int check_certificate (X509 **);
58# endif
57#endif 59#endif
58 60
59enum { 61enum {
@@ -241,6 +243,7 @@ main (int argc, char **argv)
241 } else { 243 } else {
242 ssl_established = TRUE; 244 ssl_established = TRUE;
243 } 245 }
246# ifdef USE_OPENSSL
244 if ( check_cert ) { 247 if ( check_cert ) {
245 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { 248 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
246 result = check_certificate (&server_cert); 249 result = check_certificate (&server_cert);
@@ -254,6 +257,7 @@ main (int argc, char **argv)
254 my_close(); 257 my_close();
255 return result; 258 return result;
256 } 259 }
260# endif /* USE_OPENSSL */
257 } 261 }
258#endif 262#endif
259 263
@@ -491,7 +495,7 @@ process_arguments (int argc, char **argv)
491 break; 495 break;
492 case 'D': 496 case 'D':
493 /* Check SSL cert validity */ 497 /* Check SSL cert validity */
494#ifdef HAVE_SSL 498#ifdef USE_OPENSSL
495 if (!is_intnonneg (optarg)) 499 if (!is_intnonneg (optarg))
496 usage2 ("Invalid certificate expiration period",optarg); 500 usage2 ("Invalid certificate expiration period",optarg);
497 days_till_exp = atoi (optarg); 501 days_till_exp = atoi (optarg);
@@ -645,7 +649,9 @@ connect_STARTTLS (void)
645 I look for success instead (1) */ 649 I look for success instead (1) */
646 if (SSL_connect (ssl) == 1) 650 if (SSL_connect (ssl) == 1)
647 return OK; 651 return OK;
652# ifdef USE_OPENSSL
648 ERR_print_errors_fp (stderr); 653 ERR_print_errors_fp (stderr);
654# endif
649 } 655 }
650 else 656 else
651 { 657 {
@@ -656,6 +662,7 @@ connect_STARTTLS (void)
656 return STATE_CRITICAL; 662 return STATE_CRITICAL;
657} 663}
658 664
665# ifdef USE_OPENSSL
659int 666int
660check_certificate (X509 ** certificate) 667check_certificate (X509 ** certificate)
661{ 668{
@@ -728,6 +735,7 @@ check_certificate (X509 ** certificate)
728 735
729 return STATE_OK; 736 return STATE_OK;
730} 737}
738# endif /* USE_OPENSSL */
731#endif 739#endif
732 740
733int 741int
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 157588fd..3ffa4cd6 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
28#include "netutils.h" 28#include "netutils.h"
29#include "utils.h" 29#include "utils.h"
30 30
31#ifdef HAVE_GNUTLS_OPENSSL_H
32# include <gnutls/openssl.h>
33#else
34# ifdef HAVE_SSL_H
35# include <rsa.h>
36# include <crypto.h>
37# include <x509.h>
38# include <pem.h>
39# include <ssl.h>
40# include <err.h>
41# else
42# ifdef HAVE_OPENSSL_SSL_H
43# include <openssl/rsa.h>
44# include <openssl/crypto.h>
45# include <openssl/x509.h>
46# include <openssl/pem.h>
47# include <openssl/ssl.h>
48# include <openssl/err.h>
49# endif
50# endif
51#endif
52
53#ifdef HAVE_SSL 31#ifdef HAVE_SSL
54static int check_cert = FALSE; 32static int check_cert = FALSE;
55static int days_till_exp; 33static int days_till_exp;
56static char *randbuff = ""; 34static char *randbuff = "";
57static SSL_CTX *ctx;
58static SSL *ssl;
59static X509 *server_cert; 35static X509 *server_cert;
60static int connect_SSL (void);
61# ifdef USE_OPENSSL 36# ifdef USE_OPENSSL
62static int check_certificate (X509 **); 37static int check_certificate (X509 **);
63# endif /* USE_OPENSSL */ 38# endif /* USE_OPENSSL */
64# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) 39# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
40# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
65#else 41#else
66# define my_recv(buf, len) read(sd, buf, len) 42# define my_recv(buf, len) read(sd, buf, len)
43# define my_send(buf, len) send(sd, buf, len, 0)
67#endif 44#endif
68 45
69 46
@@ -233,11 +210,21 @@ main (int argc, char **argv)
233 210
234 /* try to connect to the host at the given port number */ 211 /* try to connect to the host at the given port number */
235 gettimeofday (&tv, NULL); 212 gettimeofday (&tv, NULL);
213
214 result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
215 if (result == STATE_CRITICAL) return STATE_CRITICAL;
216
236#ifdef HAVE_SSL 217#ifdef HAVE_SSL
237 if (flags & FLAG_SSL && check_cert == TRUE) { 218 if (flags & FLAG_SSL){
238 if (connect_SSL () != OK) 219 result = np_net_ssl_init(sd);
220 if(result != STATE_OK) return result;
221 /* XXX does np_net_ssl take care of printing an error?
239 die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); 222 die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
223 */
224 }
240# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ 225# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
226 /*
227 if (flags & FLAG_SSL && check_cert == TRUE) {
241 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { 228 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
242 result = check_certificate (&server_cert); 229 result = check_certificate (&server_cert);
243 X509_free(server_cert); 230 X509_free(server_cert);
@@ -246,30 +233,21 @@ main (int argc, char **argv)
246 printf(_("CRITICAL - Cannot retrieve server certificate.\n")); 233 printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
247 result = STATE_CRITICAL; 234 result = STATE_CRITICAL;
248 } 235 }
236 }
237 */
249# endif /* USE_OPENSSL */ 238# endif /* USE_OPENSSL */
239#endif
250 240
251 SSL_shutdown (ssl); 241 if(result != STATE_OK){
252 SSL_free (ssl); 242#ifdef HAVE_SSL
253 SSL_CTX_free (ctx); 243 np_net_ssl_cleanup();
254 close (sd); 244#endif
245 if(sd) close(sd);
255 return result; 246 return result;
256 } 247 }
257 else if (flags & FLAG_SSL)
258 result = connect_SSL ();
259 else
260#endif
261 result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
262
263 if (result == STATE_CRITICAL)
264 return STATE_CRITICAL;
265 248
266 if (server_send != NULL) { /* Something to send? */ 249 if (server_send != NULL) { /* Something to send? */
267#ifdef HAVE_SSL 250 my_send(server_send, strlen(server_send));
268 if (flags & FLAG_SSL)
269 SSL_write(ssl, server_send, (int)strlen(server_send));
270 else
271#endif
272 send (sd, server_send, strlen(server_send), 0);
273 } 251 }
274 252
275 if (delay > 0) { 253 if (delay > 0) {
@@ -332,21 +310,12 @@ main (int argc, char **argv)
332 } 310 }
333 311
334 if (server_quit != NULL) { 312 if (server_quit != NULL) {
335#ifdef HAVE_SSL 313 my_send(server_quit, strlen(server_quit));
336 if (flags & FLAG_SSL) {
337 SSL_write (ssl, server_quit, (int)strlen(server_quit));
338 SSL_shutdown (ssl);
339 SSL_free (ssl);
340 SSL_CTX_free (ctx);
341 }
342 else
343#endif
344 send (sd, server_quit, strlen (server_quit), 0);
345 } 314 }
346 315#ifdef HAVE_SSL
347 /* close the connection */ 316 np_net_ssl_cleanup();
348 if (sd) 317#endif
349 close (sd); 318 if (sd) close (sd);
350 319
351 microsec = deltime (tv); 320 microsec = deltime (tv);
352 elapsed_time = (double)microsec / 1.0e6; 321 elapsed_time = (double)microsec / 1.0e6;
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv)
600 569
601/* SSL-specific functions */ 570/* SSL-specific functions */
602#ifdef HAVE_SSL 571#ifdef HAVE_SSL
603static int 572# ifdef USE_OPENSSL /* XXX */
604connect_SSL (void)
605{
606 SSL_METHOD *meth;
607
608 /* Initialize SSL context */
609 SSLeay_add_ssl_algorithms ();
610 meth = SSLv23_client_method ();
611 SSL_load_error_strings ();
612 OpenSSL_add_all_algorithms();
613 if ((ctx = SSL_CTX_new (meth)) == NULL)
614 {
615 printf (_("CRITICAL - Cannot create SSL context.\n"));
616 return STATE_CRITICAL;
617 }
618
619 /* Initialize alarm signal handling */
620 signal (SIGALRM, socket_timeout_alarm_handler);
621
622 /* Set socket timeout */
623 alarm (socket_timeout);
624
625 /* Save start time */
626 time (&start_time);
627
628 /* Make TCP connection */
629 if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE)
630 {
631 /* Do the SSL handshake */
632 if ((ssl = SSL_new (ctx)) != NULL)
633 {
634 SSL_set_fd (ssl, sd);
635 if (SSL_connect(ssl) == 1)
636 return OK;
637 /* ERR_print_errors_fp (stderr); */
638 printf (_("CRITICAL - Cannot make SSL connection "));
639#ifdef USE_OPENSSL /* XXX */
640 ERR_print_errors_fp (stdout);
641#endif /* USE_OPENSSL */
642 /* printf("\n"); */
643 }
644 else
645 {
646 printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
647 }
648 SSL_free (ssl);
649 }
650
651 SSL_CTX_free (ctx);
652 close (sd);
653
654 return STATE_CRITICAL;
655}
656
657#ifdef USE_OPENSSL /* XXX */
658static int 573static int
659check_certificate (X509 ** certificate) 574check_certificate (X509 ** certificate)
660{ 575{
diff --git a/plugins/common.h b/plugins/common.h
index e10586bc..5eac63e4 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -32,6 +32,9 @@
32 * 32 *
33 *****************************************************************************/ 33 *****************************************************************************/
34 34
35#ifndef _COMMON_H_
36#define _COMMON_H_
37
35#include "config.h" 38#include "config.h"
36 39
37#ifdef HAVE_FEATURES_H 40#ifdef HAVE_FEATURES_H
@@ -146,6 +149,29 @@ int snprintf(char *str, size_t size, const char *format, ...);
146int vsnprintf(char *str, size_t size, const char *format, va_list ap); 149int vsnprintf(char *str, size_t size, const char *format, va_list ap);
147#endif 150#endif
148 151
152/* SSL implementations */
153#ifdef HAVE_GNUTLS_OPENSSL_H
154# include <gnutls/openssl.h>
155#else
156# ifdef HAVE_SSL_H
157# include <rsa.h>
158# include <crypto.h>
159# include <x509.h>
160# include <pem.h>
161# include <ssl.h>
162# include <err.h>
163# else
164# ifdef HAVE_OPENSSL_SSL_H
165# include <openssl/rsa.h>
166# include <openssl/crypto.h>
167# include <openssl/x509.h>
168# include <openssl/pem.h>
169# include <openssl/ssl.h>
170# include <openssl/err.h>
171# endif
172# endif
173#endif
174
149/* 175/*
150 * 176 *
151 * Standard Values 177 * Standard Values
@@ -191,3 +217,5 @@ enum {
191#ifndef __GNUC__ 217#ifndef __GNUC__
192# define __attribute__(x) /* do nothing */ 218# define __attribute__(x) /* do nothing */
193#endif 219#endif
220
221#endif /* _COMMON_H_ */
diff --git a/plugins/netutils.c b/plugins/netutils.c
index 9539a7f0..e3fbb3aa 100644
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -234,6 +234,54 @@ np_net_connect (const char *host_name, int port, int *sd, int proto)
234 } 234 }
235} 235}
236 236
237#ifdef HAVE_SSL
238static SSL_CTX *c=NULL;
239static SSL *s=NULL;
240
241int np_net_ssl_init (int sd){
242 SSL_METHOD *m=NULL;
243 /* Initialize SSL context */
244 SSLeay_add_ssl_algorithms ();
245 m = SSLv23_client_method ();
246 SSL_load_error_strings ();
247 OpenSSL_add_all_algorithms();
248 if ((c = SSL_CTX_new (m)) == NULL) {
249 printf (_("CRITICAL - Cannot create SSL context.\n"));
250 return STATE_CRITICAL;
251 }
252 if ((s = SSL_new (c)) != NULL){
253 SSL_set_fd (s, sd);
254 if (SSL_connect(s) == 1){
255 return OK;
256 } else {
257 printf (_("CRITICAL - Cannot make SSL connection "));
258#ifdef USE_OPENSSL /* XXX look into ERR_error_string */
259 ERR_print_errors_fp (stdout);
260#endif /* USE_OPENSSL */
261 }
262 } else {
263 printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
264 }
265 return STATE_CRITICAL;
266}
267
268void np_net_ssl_cleanup (){
269 if(s){
270 SSL_shutdown (s);
271 SSL_free (s);
272 if(c) SSL_CTX_free (c);
273 }
274}
275
276int np_net_ssl_write(const void *buf, int num){
277 return SSL_write(s, buf, num);
278}
279
280int np_net_ssl_read(void *buf, int num){
281 return SSL_read(s, buf, num);
282}
283
284#endif /* HAVE_SSL */
237 285
238int 286int
239send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) 287send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size)
diff --git a/plugins/netutils.h b/plugins/netutils.h
index 1a52eecc..85b5aa99 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -32,7 +32,11 @@
32* 32*
33******************************************************************************/ 33******************************************************************************/
34 34
35#ifndef _NETUTILS_H_
36#define _NETUTILS_H_
37
35#include "config.h" 38#include "config.h"
39#include "common.h"
36#include <netinet/in.h> 40#include <netinet/in.h>
37#include <arpa/inet.h> 41#include <arpa/inet.h>
38 42
@@ -77,3 +81,14 @@ extern unsigned int socket_timeout;
77extern int econn_refuse_state; 81extern int econn_refuse_state;
78extern int was_refused; 82extern int was_refused;
79extern int address_family; 83extern int address_family;
84
85/* SSL-Related functionality */
86#ifdef HAVE_SSL
87/* maybe this could be merged with the above np_net_connect, via some flags */
88int np_net_ssl_init(int sd);
89void np_net_ssl_cleanup();
90int np_net_ssl_write(const void *buf, int num);
91int np_net_ssl_read(void *buf, int num);
92#endif /* HAVE_SSL */
93
94#endif /* _NETUTILS_H_ */