diff options
| author | Holger Weiss <holger@zedat.fu-berlin.de> | 2012-05-28 15:16:04 (GMT) |
|---|---|---|
| committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2012-05-28 15:16:04 (GMT) |
| commit | bc3307ed6e9911ef9a9e882b00bdb2fa32158fa3 (patch) | |
| tree | 428186b29058adb1a8b4c0e93e2ce6dedbe674d4 /plugins/sslutils.c | |
| parent | 5a5d3d7013dbc098a5fed9831fa443af93bdd983 (diff) | |
| download | monitoring-plugins-bc3307ed6e9911ef9a9e882b00bdb2fa32158fa3.tar.gz | |
Add support for specifying SSL protocol version
The check_http -S/--ssl option now takes an optional argument which
specifies the desired SSL/TLS protocol version (#3285367 - Jason Lunn).
Diffstat (limited to 'plugins/sslutils.c')
| -rw-r--r-- | plugins/sslutils.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 6e86dc6..2157764 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
| @@ -41,6 +41,29 @@ int np_net_ssl_init (int sd) { | |||
| 41 | } | 41 | } |
| 42 | 42 | ||
| 43 | int np_net_ssl_init_with_hostname (int sd, char *host_name) { | 43 | int np_net_ssl_init_with_hostname (int sd, char *host_name) { |
| 44 | return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); | ||
| 45 | } | ||
| 46 | |||
| 47 | int np_net_ssl_init_with_hostname_and_version (int sd, char *host_name, int version) { | ||
| 48 | const SSL_METHOD *method = NULL; | ||
| 49 | |||
| 50 | switch (version) { | ||
| 51 | case 0: /* Deafult to auto negotiation */ | ||
| 52 | method = SSLv23_client_method(); | ||
| 53 | break; | ||
| 54 | case 1: /* TLSv1 protocol */ | ||
| 55 | method = TLSv1_client_method(); | ||
| 56 | break; | ||
| 57 | case 2: /* SSLv2 protocol */ | ||
| 58 | method = SSLv2_client_method(); | ||
| 59 | break; | ||
| 60 | case 3: /* SSLv3 protocol */ | ||
| 61 | method = SSLv3_client_method(); | ||
| 62 | break; | ||
| 63 | default: /* Unsupported */ | ||
| 64 | printf ("%s\n", _("CRITICAL - Unsupported SSL Protocol Version.")); | ||
| 65 | return STATE_CRITICAL; | ||
| 66 | } | ||
| 44 | if (!initialized) { | 67 | if (!initialized) { |
| 45 | /* Initialize SSL context */ | 68 | /* Initialize SSL context */ |
| 46 | SSLeay_add_ssl_algorithms (); | 69 | SSLeay_add_ssl_algorithms (); |
| @@ -48,7 +71,7 @@ int np_net_ssl_init_with_hostname (int sd, char *host_name) { | |||
| 48 | OpenSSL_add_all_algorithms (); | 71 | OpenSSL_add_all_algorithms (); |
| 49 | initialized = 1; | 72 | initialized = 1; |
| 50 | } | 73 | } |
| 51 | if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) { | 74 | if ((c = SSL_CTX_new (method)) == NULL) { |
| 52 | printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); | 75 | printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); |
| 53 | return STATE_CRITICAL; | 76 | return STATE_CRITICAL; |
| 54 | } | 77 | } |