Merge remote-tracking branch 'monitoring-plugins/pr/1443'

* monitoring-plugins/pr/1443:
  add openssl 1.1 support

5 files changed, 19 insertions, 10 deletions

diff --git a/configure.ac b/configure.ac
index 1368780..367e82a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -500,15 +500,15 @@ if ! test x"$with_openssl" = x"no"; then
         dnl Check for crypto lib
         _SAVEDLIBS="$LIBS"
         LIBS="-L${with_openssl}/lib"
-        AC_CHECK_LIB(crypto,CRYPTO_lock)
-        if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then
+        AC_CHECK_LIB(crypto,CRYPTO_new_ex_data)
+        if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
                 dnl Check for SSL lib
                 AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto)
         fi
         LIBS="$_SAVEDLIBS"
 
         dnl test headers and libs to decide whether check_http should use SSL
-        if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then
+        if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
                 if test "$ac_cv_lib_ssl_main" = "yes"; then
                         if test "$FOUNDINCLUDE" = "yes"; then
                                 FOUNDOPENSSL="yes"
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 60fe4d5..2347a6f 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -941,8 +941,8 @@ check_http (void)
     elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
     if (check_cert == TRUE) {
       result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      np_net_ssl_cleanup();
       if (sd) close(sd);
+      np_net_ssl_cleanup();
       return result;
     }
   }
@@ -1086,10 +1086,10 @@ check_http (void)
     die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));
 
   /* close the connection */
+  if (sd) close(sd);
 #ifdef HAVE_SSL
   np_net_ssl_cleanup();
 #endif
-  if (sd) close(sd);
 
   /* Save check time */
   microsec = deltime (tv);
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 05e81f2..587a724 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -235,8 +235,8 @@ main (int argc, char **argv)
                   result = np_net_ssl_init(sd);
                   if(result != STATE_OK) {
                     printf (_("CRITICAL - Cannot create SSL context.\n"));
-                    np_net_ssl_cleanup();
                     close(sd);
+                    np_net_ssl_cleanup();
                     return STATE_CRITICAL;
                   } else {
                         ssl_established = 1;
@@ -760,10 +760,12 @@ recvlines(char *buf, size_t bufsize)
 int
 my_close (void)
 {
+        int result;
+        result = close(sd);
 #ifdef HAVE_SSL
-  np_net_ssl_cleanup();
+        np_net_ssl_cleanup();
 #endif
-  return close(sd);
+        return result;
 }
 
 
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 6dc9aa9..61333bd 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -247,8 +247,8 @@ main (int argc, char **argv)
                 }
         }
         if(result != STATE_OK){
-                np_net_ssl_cleanup();
                 if(sd) close(sd);
+                np_net_ssl_cleanup();
                 return result;
         }
 #endif /* HAVE_SSL */
@@ -321,10 +321,10 @@ main (int argc, char **argv)
         if (server_quit != NULL) {
                 my_send(server_quit, strlen(server_quit));
         }
+        if (sd) close (sd);
 #ifdef HAVE_SSL
         np_net_ssl_cleanup();
 #endif
-        if (sd) close (sd);
 
         microsec = deltime (tv);
         elapsed_time = (double)microsec / 1.0e6;
diff --git a/plugins/common.h b/plugins/common.h
index 01003b3..8719b50 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -161,6 +161,13 @@
 #  endif
 #endif
 
+/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */
+#ifdef OPENSSL_VERSION_NUMBER
+#  if OPENSSL_VERSION_NUMBER >= 0x10100000
+#   define OPENSSL_NO_SSL2
+#  endif
+#endif
+
 /*
  *
  * Standard Values