summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorThomas Guyot-Sionnest <dermoth@aei.ca>2009-05-20 05:05:35 (GMT)
committerThomas Guyot-Sionnest <dermoth@aei.ca>2009-05-20 05:05:35 (GMT)
commit0489df95fc5ab2c84cd7830df97942a874e431d9 (patch)
treebe2615d44c1f1b86cf668ce55c5e42dc3e3c28f8 /plugins
parent56cf66c9b815ed953245476b7c715f15cf053763 (diff)
downloadmonitoring-plugins-0489df95fc5ab2c84cd7830df97942a874e431d9.tar.gz
check_http: Add SSL/TLS hostname extension support (SNI) - (#1939022 - Joe Presbrey)
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_http.c2
-rw-r--r--plugins/netutils.h1
-rw-r--r--plugins/sslutils.c13
3 files changed, 14 insertions, 2 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 0310203..79f6adf 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -790,7 +790,7 @@ check_http (void)
790 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); 790 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
791#ifdef HAVE_SSL 791#ifdef HAVE_SSL
792 if (use_ssl == TRUE) { 792 if (use_ssl == TRUE) {
793 np_net_ssl_init(sd); 793 np_net_ssl_init_with_hostname(sd, host_name);
794 if (check_cert == TRUE) { 794 if (check_cert == TRUE) {
795 result = np_net_ssl_check_cert(days_till_exp); 795 result = np_net_ssl_check_cert(days_till_exp);
796 np_net_ssl_cleanup(); 796 np_net_ssl_cleanup();
diff --git a/plugins/netutils.h b/plugins/netutils.h
index b479b74..572a3ae 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -99,6 +99,7 @@ extern int address_family;
99#ifdef HAVE_SSL 99#ifdef HAVE_SSL
100/* maybe this could be merged with the above np_net_connect, via some flags */ 100/* maybe this could be merged with the above np_net_connect, via some flags */
101int np_net_ssl_init(int sd); 101int np_net_ssl_init(int sd);
102int np_net_ssl_init_with_hostname(int sd, char *host_name);
102void np_net_ssl_cleanup(); 103void np_net_ssl_cleanup();
103int np_net_ssl_write(const void *buf, int num); 104int np_net_ssl_write(const void *buf, int num);
104int np_net_ssl_read(void *buf, int num); 105int np_net_ssl_read(void *buf, int num);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 1d4ef94..aa571b6 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -35,7 +35,11 @@ static SSL_CTX *c=NULL;
35static SSL *s=NULL; 35static SSL *s=NULL;
36static int initialized=0; 36static int initialized=0;
37 37
38int np_net_ssl_init (int sd){ 38int np_net_ssl_init (int sd) {
39 return np_net_ssl_init_with_hostname(sd, NULL);
40}
41
42int np_net_ssl_init_with_hostname (int sd, char *host_name) {
39 if (!initialized) { 43 if (!initialized) {
40 /* Initialize SSL context */ 44 /* Initialize SSL context */
41 SSLeay_add_ssl_algorithms (); 45 SSLeay_add_ssl_algorithms ();
@@ -48,6 +52,10 @@ int np_net_ssl_init (int sd){
48 return STATE_CRITICAL; 52 return STATE_CRITICAL;
49 } 53 }
50 if ((s = SSL_new (c)) != NULL){ 54 if ((s = SSL_new (c)) != NULL){
55#ifdef SSL_set_tlsext_host_name
56 if (host_name != NULL)
57 SSL_set_tlsext_host_name(s, host_name);
58#endif
51 SSL_set_fd (s, sd); 59 SSL_set_fd (s, sd);
52 if (SSL_connect(s) == 1){ 60 if (SSL_connect(s) == 1){
53 return OK; 61 return OK;
@@ -65,6 +73,9 @@ int np_net_ssl_init (int sd){
65 73
66void np_net_ssl_cleanup (){ 74void np_net_ssl_cleanup (){
67 if(s){ 75 if(s){
76#ifdef SSL_set_tlsext_host_name
77 SSL_set_tlsext_host_name(s, NULL);
78#endif
68 SSL_shutdown (s); 79 SSL_shutdown (s);
69 SSL_free (s); 80 SSL_free (s);
70 if(c) { 81 if(c) {