summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvagrant <vagrant@debiantesting-64>2016-11-13 19:39:46 (GMT)
committerSven Nierlein <sven@nierlein.de>2016-11-13 21:14:02 (GMT)
commitfe1c4bb0e5ea3632d608a6b8b7e51d580856d833 (patch)
tree5fceabfc6f53b2bf7505bba099fa75d6cc8159bc
parent2f845e9ebc2b7bcf6472e0191752215d351e4e7c (diff)
downloadmonitoring-plugins-fe1c4bb.tar.gz
add openssl 1.1 supportrefs/pull/1443/head
changes: - CRYPTO_lock detection replaced in configure.ac. We don't use that function anywhere, so just replace it with the suggested one from https://wiki.openssl.org/index.php/Library_Initialization#Autoconf - OPENSSL_NO_SSL2 is no longer defined while ssl2 is not included. Set it ourself using the suggested openssl 1.1 version check from https://wiki.openssl.org/index.php/1.1_API_Changes#Backward_compatibility - openssl 1.1 sends a sigpipe if the connection is still open when calling SSL_shutdown(), so move the close before the shutdown. Signed-off-by: Sven Nierlein <sven@nierlein.de>
-rw-r--r--configure.ac6
-rw-r--r--plugins/check_http.c4
-rw-r--r--plugins/check_smtp.c8
-rw-r--r--plugins/check_tcp.c4
-rw-r--r--plugins/common.h7
5 files changed, 19 insertions, 10 deletions
diff --git a/configure.ac b/configure.ac
index 0a554af..5ef56f7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -493,15 +493,15 @@ if ! test x"$with_openssl" = x"no"; then
493 dnl Check for crypto lib 493 dnl Check for crypto lib
494 _SAVEDLIBS="$LIBS" 494 _SAVEDLIBS="$LIBS"
495 LIBS="-L${with_openssl}/lib" 495 LIBS="-L${with_openssl}/lib"
496 AC_CHECK_LIB(crypto,CRYPTO_lock) 496 AC_CHECK_LIB(crypto,CRYPTO_new_ex_data)
497 if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then 497 if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
498 dnl Check for SSL lib 498 dnl Check for SSL lib
499 AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto) 499 AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto)
500 fi 500 fi
501 LIBS="$_SAVEDLIBS" 501 LIBS="$_SAVEDLIBS"
502 502
503 dnl test headers and libs to decide whether check_http should use SSL 503 dnl test headers and libs to decide whether check_http should use SSL
504 if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then 504 if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
505 if test "$ac_cv_lib_ssl_main" = "yes"; then 505 if test "$ac_cv_lib_ssl_main" = "yes"; then
506 if test "$FOUNDINCLUDE" = "yes"; then 506 if test "$FOUNDINCLUDE" = "yes"; then
507 FOUNDOPENSSL="yes" 507 FOUNDOPENSSL="yes"
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 60fe4d5..2347a6f 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -941,8 +941,8 @@ check_http (void)
941 elapsed_time_ssl = (double)microsec_ssl / 1.0e6; 941 elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
942 if (check_cert == TRUE) { 942 if (check_cert == TRUE) {
943 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); 943 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
944 np_net_ssl_cleanup();
945 if (sd) close(sd); 944 if (sd) close(sd);
945 np_net_ssl_cleanup();
946 return result; 946 return result;
947 } 947 }
948 } 948 }
@@ -1086,10 +1086,10 @@ check_http (void)
1086 die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n")); 1086 die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));
1087 1087
1088 /* close the connection */ 1088 /* close the connection */
1089 if (sd) close(sd);
1089#ifdef HAVE_SSL 1090#ifdef HAVE_SSL
1090 np_net_ssl_cleanup(); 1091 np_net_ssl_cleanup();
1091#endif 1092#endif
1092 if (sd) close(sd);
1093 1093
1094 /* Save check time */ 1094 /* Save check time */
1095 microsec = deltime (tv); 1095 microsec = deltime (tv);
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 1996c6d..f5a6fa3 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -239,8 +239,8 @@ main (int argc, char **argv)
239 result = np_net_ssl_init(sd); 239 result = np_net_ssl_init(sd);
240 if(result != STATE_OK) { 240 if(result != STATE_OK) {
241 printf (_("CRITICAL - Cannot create SSL context.\n")); 241 printf (_("CRITICAL - Cannot create SSL context.\n"));
242 np_net_ssl_cleanup();
243 close(sd); 242 close(sd);
243 np_net_ssl_cleanup();
244 return STATE_CRITICAL; 244 return STATE_CRITICAL;
245 } else { 245 } else {
246 ssl_established = 1; 246 ssl_established = 1;
@@ -764,10 +764,12 @@ recvlines(char *buf, size_t bufsize)
764int 764int
765my_close (void) 765my_close (void)
766{ 766{
767 int result;
768 result = close(sd);
767#ifdef HAVE_SSL 769#ifdef HAVE_SSL
768 np_net_ssl_cleanup(); 770 np_net_ssl_cleanup();
769#endif 771#endif
770 return close(sd); 772 return result;
771} 773}
772 774
773 775
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 6dc9aa9..61333bd 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -247,8 +247,8 @@ main (int argc, char **argv)
247 } 247 }
248 } 248 }
249 if(result != STATE_OK){ 249 if(result != STATE_OK){
250 np_net_ssl_cleanup();
251 if(sd) close(sd); 250 if(sd) close(sd);
251 np_net_ssl_cleanup();
252 return result; 252 return result;
253 } 253 }
254#endif /* HAVE_SSL */ 254#endif /* HAVE_SSL */
@@ -321,10 +321,10 @@ main (int argc, char **argv)
321 if (server_quit != NULL) { 321 if (server_quit != NULL) {
322 my_send(server_quit, strlen(server_quit)); 322 my_send(server_quit, strlen(server_quit));
323 } 323 }
324 if (sd) close (sd);
324#ifdef HAVE_SSL 325#ifdef HAVE_SSL
325 np_net_ssl_cleanup(); 326 np_net_ssl_cleanup();
326#endif 327#endif
327 if (sd) close (sd);
328 328
329 microsec = deltime (tv); 329 microsec = deltime (tv);
330 elapsed_time = (double)microsec / 1.0e6; 330 elapsed_time = (double)microsec / 1.0e6;
diff --git a/plugins/common.h b/plugins/common.h
index 01003b3..8719b50 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -161,6 +161,13 @@
161# endif 161# endif
162#endif 162#endif
163 163
164/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */
165#ifdef OPENSSL_VERSION_NUMBER
166# if OPENSSL_VERSION_NUMBER >= 0x10100000
167# define OPENSSL_NO_SSL2
168# endif
169#endif
170
164/* 171/*
165 * 172 *
166 * Standard Values 173 * Standard Values