diff options
| author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-18 22:35:29 +0000 | 
|---|---|---|
| committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-18 22:35:29 +0000 | 
| commit | 8611341fb989382545c0c934c700e027d9bbab15 (patch) | |
| tree | f80a127bde75a42f3ba8071702bac6005b9ae2ef /plugins | |
| parent | f4a198463ced6bb3ad8779a10146c88b91385fd2 (diff) | |
| download | monitoring-plugins-8611341fb989382545c0c934c700e027d9bbab15.tar.gz | |
initial "experimental" support for gnutls.  by default openssl is still
used if available, and gnutls is only used if openssl is not available
or explicitly disabled (--without-openssl).   currently the only plugin
i've verified to work is check_tcp, but i had to disable cert checking.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/check_tcp.c | 42 | 
1 files changed, 28 insertions, 14 deletions
| diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index ad8b0429..157588fd 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
| @@ -28,21 +28,25 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
| 28 | #include "netutils.h" | 28 | #include "netutils.h" | 
| 29 | #include "utils.h" | 29 | #include "utils.h" | 
| 30 | 30 | ||
| 31 | #ifdef HAVE_SSL_H | 31 | #ifdef HAVE_GNUTLS_OPENSSL_H | 
| 32 | # include <rsa.h> | 32 | # include <gnutls/openssl.h> | 
| 33 | # include <crypto.h> | ||
| 34 | # include <x509.h> | ||
| 35 | # include <pem.h> | ||
| 36 | # include <ssl.h> | ||
| 37 | # include <err.h> | ||
| 38 | #else | 33 | #else | 
| 39 | # ifdef HAVE_OPENSSL_SSL_H | 34 | # ifdef HAVE_SSL_H | 
| 40 | # include <openssl/rsa.h> | 35 | # include <rsa.h> | 
| 41 | # include <openssl/crypto.h> | 36 | # include <crypto.h> | 
| 42 | # include <openssl/x509.h> | 37 | # include <x509.h> | 
| 43 | # include <openssl/pem.h> | 38 | # include <pem.h> | 
| 44 | # include <openssl/ssl.h> | 39 | # include <ssl.h> | 
| 45 | # include <openssl/err.h> | 40 | # include <err.h> | 
| 41 | # else | ||
| 42 | # ifdef HAVE_OPENSSL_SSL_H | ||
| 43 | # include <openssl/rsa.h> | ||
| 44 | # include <openssl/crypto.h> | ||
| 45 | # include <openssl/x509.h> | ||
| 46 | # include <openssl/pem.h> | ||
| 47 | # include <openssl/ssl.h> | ||
| 48 | # include <openssl/err.h> | ||
| 49 | # endif | ||
| 46 | # endif | 50 | # endif | 
| 47 | #endif | 51 | #endif | 
| 48 | 52 | ||
| @@ -54,7 +58,9 @@ static SSL_CTX *ctx; | |||
| 54 | static SSL *ssl; | 58 | static SSL *ssl; | 
| 55 | static X509 *server_cert; | 59 | static X509 *server_cert; | 
| 56 | static int connect_SSL (void); | 60 | static int connect_SSL (void); | 
| 61 | # ifdef USE_OPENSSL | ||
| 57 | static int check_certificate (X509 **); | 62 | static int check_certificate (X509 **); | 
| 63 | # endif /* USE_OPENSSL */ | ||
| 58 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 64 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 
| 59 | #else | 65 | #else | 
| 60 | # define my_recv(buf, len) read(sd, buf, len) | 66 | # define my_recv(buf, len) read(sd, buf, len) | 
| @@ -231,6 +237,7 @@ main (int argc, char **argv) | |||
| 231 | if (flags & FLAG_SSL && check_cert == TRUE) { | 237 | if (flags & FLAG_SSL && check_cert == TRUE) { | 
| 232 | if (connect_SSL () != OK) | 238 | if (connect_SSL () != OK) | 
| 233 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 239 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 
| 240 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | ||
| 234 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 241 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 
| 235 | result = check_certificate (&server_cert); | 242 | result = check_certificate (&server_cert); | 
| 236 | X509_free(server_cert); | 243 | X509_free(server_cert); | 
| @@ -239,6 +246,7 @@ main (int argc, char **argv) | |||
| 239 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 246 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 
| 240 | result = STATE_CRITICAL; | 247 | result = STATE_CRITICAL; | 
| 241 | } | 248 | } | 
| 249 | # endif /* USE_OPENSSL */ | ||
| 242 | 250 | ||
| 243 | SSL_shutdown (ssl); | 251 | SSL_shutdown (ssl); | 
| 244 | SSL_free (ssl); | 252 | SSL_free (ssl); | 
| @@ -563,12 +571,14 @@ process_arguments (int argc, char **argv) | |||
| 563 | break; | 571 | break; | 
| 564 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ | 572 | case 'D': /* Check SSL cert validity - days 'til certificate expiration */ | 
| 565 | #ifdef HAVE_SSL | 573 | #ifdef HAVE_SSL | 
| 574 | # ifdef USE_OPENSSL /* XXX */ | ||
| 566 | if (!is_intnonneg (optarg)) | 575 | if (!is_intnonneg (optarg)) | 
| 567 | usage2 (_("Invalid certificate expiration period"), optarg); | 576 | usage2 (_("Invalid certificate expiration period"), optarg); | 
| 568 | days_till_exp = atoi (optarg); | 577 | days_till_exp = atoi (optarg); | 
| 569 | check_cert = TRUE; | 578 | check_cert = TRUE; | 
| 570 | flags |= FLAG_SSL; | 579 | flags |= FLAG_SSL; | 
| 571 | break; | 580 | break; | 
| 581 | # endif /* USE_OPENSSL */ | ||
| 572 | #endif | 582 | #endif | 
| 573 | /* fallthrough if we don't have ssl */ | 583 | /* fallthrough if we don't have ssl */ | 
| 574 | case 'S': | 584 | case 'S': | 
| @@ -626,7 +636,9 @@ connect_SSL (void) | |||
| 626 | return OK; | 636 | return OK; | 
| 627 | /* ERR_print_errors_fp (stderr); */ | 637 | /* ERR_print_errors_fp (stderr); */ | 
| 628 | printf (_("CRITICAL - Cannot make SSL connection ")); | 638 | printf (_("CRITICAL - Cannot make SSL connection ")); | 
| 639 | #ifdef USE_OPENSSL /* XXX */ | ||
| 629 | ERR_print_errors_fp (stdout); | 640 | ERR_print_errors_fp (stdout); | 
| 641 | #endif /* USE_OPENSSL */ | ||
| 630 | /* printf("\n"); */ | 642 | /* printf("\n"); */ | 
| 631 | } | 643 | } | 
| 632 | else | 644 | else | 
| @@ -642,6 +654,7 @@ connect_SSL (void) | |||
| 642 | return STATE_CRITICAL; | 654 | return STATE_CRITICAL; | 
| 643 | } | 655 | } | 
| 644 | 656 | ||
| 657 | #ifdef USE_OPENSSL /* XXX */ | ||
| 645 | static int | 658 | static int | 
| 646 | check_certificate (X509 ** certificate) | 659 | check_certificate (X509 ** certificate) | 
| 647 | { | 660 | { | 
| @@ -715,6 +728,7 @@ check_certificate (X509 ** certificate) | |||
| 715 | 728 | ||
| 716 | return STATE_OK; | 729 | return STATE_OK; | 
| 717 | } | 730 | } | 
| 731 | # endif /* USE_OPENSSL */ | ||
| 718 | #endif /* HAVE_SSL */ | 732 | #endif /* HAVE_SSL */ | 
| 719 | 733 | ||
| 720 | 734 | ||
