3 files changed, 62 insertions, 52 deletions
diff --git a/lib/utils_base.c b/lib/utils_base.c
index c458cf61..0f521263 100644
--- a/lib/utils_base.c
+++ b/lib/utils_base.c
@@ -402,26 +402,45 @@ int mp_translate_state (char *state_text) {
 * parse of argv, so that uniqueness in parameters are reflected there.
 */
 char *_np_state_generate_key() {
-        struct sha256_ctx ctx;
        int i;
        char **argv = this_monitoring_plugin->argv;
-        unsigned char result[20];
        char keyname[41];
        char *p=NULL;
-        sha256_init_ctx(&ctx);
+        unsigned char result[256];
-        
+#ifdef USE_OPENSSL
+        /*
+         * This code path is chosen if openssl is available (which should be the most common
+         * scenario). Alternatively, the gnulib implementation/
+         *
+         */
+        EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+        EVP_DigestInit(ctx, EVP_sha256());
+        for(i=0; i<this_monitoring_plugin->argc; i++) {
+                EVP_DigestUpdate(ctx, argv[i], strlen(argv[i]));
+        }
+        EVP_DigestFinal(ctx, result, NULL);
+#else
+        struct sha256_ctx ctx;
        for(i=0; i<this_monitoring_plugin->argc; i++) {
                sha256_process_bytes(argv[i], strlen(argv[i]), &ctx);
        }
-        sha256_finish_ctx(&ctx, &result);
+        sha256_finish_ctx(&ctx, result);
-        
+#endif // FOUNDOPENSSL
        for (i=0; i<20; ++i) {
                sprintf(&keyname[2*i], "%02x", result[i]);
        }
        keyname[40]='\0';
-        
        p = strdup(keyname);
        if(p==NULL) {
                die(STATE_UNKNOWN, _("Cannot execute strdup: %s"), strerror(errno));
diff --git a/lib/utils_base.h b/lib/utils_base.h
index 59065504..9cb42767 100644
--- a/lib/utils_base.h
+++ b/lib/utils_base.h
@@ -2,7 +2,9 @@
 #define _UTILS_BASE_
 /* Header file for Monitoring Plugins utils_base.c */
-#include "sha256.h"
+#ifndef USE_OPENSSL
+# include "sha256.h"
+#endif
 /* This file holds header information for thresholds - use this in preference to 
   individual plugin logic */
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 666a0120..6bc0ba81 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -31,9 +31,8 @@
 #include "netutils.h"
 #ifdef HAVE_SSL
-static SSL_CTX *c=NULL;
+static SSL_CTX *ctx=NULL;
 static SSL *s=NULL;
-static int initialized=0;
 int np_net_ssl_init(int sd) {
        return np_net_ssl_init_with_hostname(sd, NULL);
@@ -48,24 +47,24 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
 }
 int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
-        const SSL_METHOD *method = NULL;
        long options = 0;
+        if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) {
+                printf("%s\n", _("CRITICAL - Cannot create SSL context."));
+                return STATE_CRITICAL;
+        }
        switch (version) {
        case MP_SSLv2: /* SSLv2 protocol */
-#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
                printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
                return STATE_UNKNOWN;
-#else
-                method = SSLv2_client_method();
-                break;
-#endif
        case MP_SSLv3: /* SSLv3 protocol */
 #if defined(OPENSSL_NO_SSL3)
                printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
                return STATE_UNKNOWN;
 #else
-                method = SSLv3_client_method();
+                SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
+                SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION);
                break;
 #endif
        case MP_TLSv1: /* TLSv1 protocol */
@@ -73,7 +72,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
                return STATE_UNKNOWN;
 #else
-                method = TLSv1_client_method();
+                SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+                SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION);
                break;
 #endif
        case MP_TLSv1_1: /* TLSv1.1 protocol */
@@ -81,7 +81,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
                return STATE_UNKNOWN;
 #else
-                method = TLSv1_1_client_method();
+                SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
+                SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION);
                break;
 #endif
        case MP_TLSv1_2: /* TLSv1.2 protocol */
@@ -89,7 +90,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
                return STATE_UNKNOWN;
 #else
-                method = TLSv1_2_client_method();
+                SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
+                SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
                break;
 #endif
        case MP_TLSv1_2_OR_NEWER:
@@ -97,56 +99,43 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
                return STATE_UNKNOWN;
 #else
-                options |= SSL_OP_NO_TLSv1_1;
+                SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
+                break;
 #endif
-                /* FALLTHROUGH */
        case MP_TLSv1_1_OR_NEWER:
 #if !defined(SSL_OP_NO_TLSv1)
                printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
                return STATE_UNKNOWN;
 #else
-                options |= SSL_OP_NO_TLSv1;
+                SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
+                break;
 #endif
-                /* FALLTHROUGH */
        case MP_TLSv1_OR_NEWER:
 #if defined(SSL_OP_NO_SSLv3)
-                options |= SSL_OP_NO_SSLv3;
+                SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+                break;
 #endif
-                /* FALLTHROUGH */
        case MP_SSLv3_OR_NEWER:
 #if defined(SSL_OP_NO_SSLv2)
-                options |= SSL_OP_NO_SSLv2;
+                SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
+                break;
 #endif
-        case MP_SSLv2_OR_NEWER:
-                /* FALLTHROUGH */
-        default: /* Default to auto negotiation */
-                method = SSLv23_client_method();
-        }
-        if (!initialized) {
-                /* Initialize SSL context */
-                SSLeay_add_ssl_algorithms();
-                SSL_load_error_strings();
-                OpenSSL_add_all_algorithms();
-                initialized = 1;
-        }
-        if ((c = SSL_CTX_new(method)) == NULL) {
-                printf("%s\n", _("CRITICAL - Cannot create SSL context."));
-                return STATE_CRITICAL;
        }
        if (cert && privkey) {
 #ifdef USE_OPENSSL
-                if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+                if (!SSL_CTX_use_certificate_chain_file(ctx, cert)) {
 #elif  USE_GNUTLS
-                if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+                if (!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) {
 #else
 #error Unported for unknown SSL library
 #endif
                        printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
                        return STATE_CRITICAL;
                }
-                SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
+                SSL_CTX_use_PrivateKey_file(ctx, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
-                if (!SSL_CTX_check_private_key(c)) {
+                if (!SSL_CTX_check_private_key(ctx)) {
                        printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));
                        return STATE_CRITICAL;
                }
@@ -155,9 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 #ifdef SSL_OP_NO_TICKET
        options |= SSL_OP_NO_TICKET;
 #endif
-        SSL_CTX_set_options(c, options);
+        SSL_CTX_set_options(ctx, options);
-        SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);
+        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
-        if ((s = SSL_new(c)) != NULL) {
+        if ((s = SSL_new(ctx)) != NULL) {
 #ifdef SSL_set_tlsext_host_name
                if (host_name != NULL)
                        SSL_set_tlsext_host_name(s, host_name);
@@ -184,9 +173,9 @@ void np_net_ssl_cleanup() {
 #endif
                SSL_shutdown(s);
                SSL_free(s);
-                if (c) {
+                if (ctx) {
-                        SSL_CTX_free(c);
+                        SSL_CTX_free(ctx);
-                        c=NULL;
+                        ctx=NULL;
                }
                s=NULL;
        }

diff --git a/lib/utils_base.c b/lib/utils_base.c index c458cf61..0f521263 100644 --- a/lib/utils_base.c +++ b/lib/utils_base.c
@@ -402,26 +402,45 @@ int mp_translate_state (char *state_text) {
402	* parse of argv, so that uniqueness in parameters are reflected there.	402	* parse of argv, so that uniqueness in parameters are reflected there.
403	*/	403	*/
404	char *_np_state_generate_key() {	404	char *_np_state_generate_key() {
405	struct sha256_ctx ctx;
406	int i;	405	int i;
407	char **argv = this_monitoring_plugin->argv;	406	char **argv = this_monitoring_plugin->argv;
408	unsigned char result[20];
409	char keyname[41];	407	char keyname[41];
410	char *p=NULL;	408	char *p=NULL;
411		409
412	sha256_init_ctx(&ctx);	410	unsigned char result[256];
413		411
		412	#ifdef USE_OPENSSL
		413	/*
		414	* This code path is chosen if openssl is available (which should be the most common
		415	* scenario). Alternatively, the gnulib implementation/
		416	*
		417	*/
		418	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
		419
		420	EVP_DigestInit(ctx, EVP_sha256());
		421
		422	for(i=0; i<this_monitoring_plugin->argc; i++) {
		423	EVP_DigestUpdate(ctx, argv[i], strlen(argv[i]));
		424	}
		425
		426	EVP_DigestFinal(ctx, result, NULL);
		427	#else
		428
		429	struct sha256_ctx ctx;
		430
414	for(i=0; i<this_monitoring_plugin->argc; i++) {	431	for(i=0; i<this_monitoring_plugin->argc; i++) {
415	sha256_process_bytes(argv[i], strlen(argv[i]), &ctx);	432	sha256_process_bytes(argv[i], strlen(argv[i]), &ctx);
416	}	433	}
417		434
418	sha256_finish_ctx(&ctx, &result);	435	sha256_finish_ctx(&ctx, result);
419		436	#endif // FOUNDOPENSSL
		437
420	for (i=0; i<20; ++i) {	438	for (i=0; i<20; ++i) {
421	sprintf(&keyname[2*i], "%02x", result[i]);	439	sprintf(&keyname[2*i], "%02x", result[i]);
422	}	440	}
		441
423	keyname[40]='\0';	442	keyname[40]='\0';
424		443
425	p = strdup(keyname);	444	p = strdup(keyname);
426	if(p==NULL) {	445	if(p==NULL) {
427	die(STATE_UNKNOWN, _("Cannot execute strdup: %s"), strerror(errno));	446	die(STATE_UNKNOWN, _("Cannot execute strdup: %s"), strerror(errno));


diff --git a/lib/utils_base.h b/lib/utils_base.h index 59065504..9cb42767 100644 --- a/lib/utils_base.h +++ b/lib/utils_base.h
@@ -2,7 +2,9 @@
2	#define _UTILS_BASE_	2	#define _UTILS_BASE_
3	/* Header file for Monitoring Plugins utils_base.c */	3	/* Header file for Monitoring Plugins utils_base.c */
4		4
5	#include "sha256.h"	5	#ifndef USE_OPENSSL
		6	# include "sha256.h"
		7	#endif
6		8
7	/* This file holds header information for thresholds - use this in preference to	9	/* This file holds header information for thresholds - use this in preference to
8	individual plugin logic */	10	individual plugin logic */


diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 666a0120..6bc0ba81 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c
@@ -31,9 +31,8 @@
31	#include "netutils.h"	31	#include "netutils.h"
32		32
33	#ifdef HAVE_SSL	33	#ifdef HAVE_SSL
34	static SSL_CTX *c=NULL;	34	static SSL_CTX *ctx=NULL;
35	static SSL *s=NULL;	35	static SSL *s=NULL;
36	static int initialized=0;
37		36
38	int np_net_ssl_init(int sd) {	37	int np_net_ssl_init(int sd) {
39	return np_net_ssl_init_with_hostname(sd, NULL);	38	return np_net_ssl_init_with_hostname(sd, NULL);
@@ -48,24 +47,24 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
48	}	47	}
49		48
50	int np_net_ssl_init_with_hostname_version_and_cert(int sd, char host_name, int version, char cert, char *privkey) {	49	int np_net_ssl_init_with_hostname_version_and_cert(int sd, char host_name, int version, char cert, char *privkey) {
51	const SSL_METHOD *method = NULL;
52	long options = 0;	50	long options = 0;
53		51
		52	if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) {
		53	printf("%s\n", _("CRITICAL - Cannot create SSL context."));
		54	return STATE_CRITICAL;
		55	}
		56
54	switch (version) {	57	switch (version) {
55	case MP_SSLv2: /* SSLv2 protocol */	58	case MP_SSLv2: /* SSLv2 protocol */
56	#if defined(USE_GNUTLS) \|\| defined(OPENSSL_NO_SSL2)
57	printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));	59	printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
58	return STATE_UNKNOWN;	60	return STATE_UNKNOWN;
59	#else
60	method = SSLv2_client_method();
61	break;
62	#endif
63	case MP_SSLv3: /* SSLv3 protocol */	61	case MP_SSLv3: /* SSLv3 protocol */
64	#if defined(OPENSSL_NO_SSL3)	62	#if defined(OPENSSL_NO_SSL3)
65	printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));	63	printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
66	return STATE_UNKNOWN;	64	return STATE_UNKNOWN;
67	#else	65	#else
68	method = SSLv3_client_method();	66	SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
		67	SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION);
69	break;	68	break;
70	#endif	69	#endif
71	case MP_TLSv1: /* TLSv1 protocol */	70	case MP_TLSv1: /* TLSv1 protocol */
@@ -73,7 +72,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
73	printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));	72	printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
74	return STATE_UNKNOWN;	73	return STATE_UNKNOWN;
75	#else	74	#else
76	method = TLSv1_client_method();	75	SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
		76	SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION);
77	break;	77	break;
78	#endif	78	#endif
79	case MP_TLSv1_1: /* TLSv1.1 protocol */	79	case MP_TLSv1_1: /* TLSv1.1 protocol */
@@ -81,7 +81,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
81	printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));	81	printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
82	return STATE_UNKNOWN;	82	return STATE_UNKNOWN;
83	#else	83	#else
84	method = TLSv1_1_client_method();	84	SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
		85	SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION);
85	break;	86	break;
86	#endif	87	#endif
87	case MP_TLSv1_2: /* TLSv1.2 protocol */	88	case MP_TLSv1_2: /* TLSv1.2 protocol */
@@ -89,7 +90,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
89	printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));	90	printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
90	return STATE_UNKNOWN;	91	return STATE_UNKNOWN;
91	#else	92	#else
92	method = TLSv1_2_client_method();	93	SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
		94	SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
93	break;	95	break;
94	#endif	96	#endif
95	case MP_TLSv1_2_OR_NEWER:	97	case MP_TLSv1_2_OR_NEWER:
@@ -97,56 +99,43 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
97	printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));	99	printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
98	return STATE_UNKNOWN;	100	return STATE_UNKNOWN;
99	#else	101	#else
100	options \|= SSL_OP_NO_TLSv1_1;	102	SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
		103	break;
101	#endif	104	#endif
102	/* FALLTHROUGH */
103	case MP_TLSv1_1_OR_NEWER:	105	case MP_TLSv1_1_OR_NEWER:
104	#if !defined(SSL_OP_NO_TLSv1)	106	#if !defined(SSL_OP_NO_TLSv1)
105	printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));	107	printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
106	return STATE_UNKNOWN;	108	return STATE_UNKNOWN;
107	#else	109	#else
108	options \|= SSL_OP_NO_TLSv1;	110	SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
		111	break;
109	#endif	112	#endif
110	/* FALLTHROUGH */
111	case MP_TLSv1_OR_NEWER:	113	case MP_TLSv1_OR_NEWER:
112	#if defined(SSL_OP_NO_SSLv3)	114	#if defined(SSL_OP_NO_SSLv3)
113	options \|= SSL_OP_NO_SSLv3;	115	SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
		116	break;
114	#endif	117	#endif
115	/* FALLTHROUGH */
116	case MP_SSLv3_OR_NEWER:	118	case MP_SSLv3_OR_NEWER:
117	#if defined(SSL_OP_NO_SSLv2)	119	#if defined(SSL_OP_NO_SSLv2)
118	options \|= SSL_OP_NO_SSLv2;	120	SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
		121	break;
119	#endif	122	#endif
120	case MP_SSLv2_OR_NEWER:
121	/* FALLTHROUGH */
122	default: /* Default to auto negotiation */
123	method = SSLv23_client_method();
124	}
125	if (!initialized) {
126	/* Initialize SSL context */
127	SSLeay_add_ssl_algorithms();
128	SSL_load_error_strings();
129	OpenSSL_add_all_algorithms();
130	initialized = 1;
131	}
132	if ((c = SSL_CTX_new(method)) == NULL) {
133	printf("%s\n", _("CRITICAL - Cannot create SSL context."));
134	return STATE_CRITICAL;
135	}	123	}
		124
136	if (cert && privkey) {	125	if (cert && privkey) {
137	#ifdef USE_OPENSSL	126	#ifdef USE_OPENSSL
138	if (!SSL_CTX_use_certificate_chain_file(c, cert)) {	127	if (!SSL_CTX_use_certificate_chain_file(ctx, cert)) {
139	#elif USE_GNUTLS	128	#elif USE_GNUTLS
140	if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {	129	if (!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) {
141	#else	130	#else
142	#error Unported for unknown SSL library	131	#error Unported for unknown SSL library
143	#endif	132	#endif
144	printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));	133	printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
145	return STATE_CRITICAL;	134	return STATE_CRITICAL;
146	}	135	}
147	SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);	136	SSL_CTX_use_PrivateKey_file(ctx, privkey, SSL_FILETYPE_PEM);
148	#ifdef USE_OPENSSL	137	#ifdef USE_OPENSSL
149	if (!SSL_CTX_check_private_key(c)) {	138	if (!SSL_CTX_check_private_key(ctx)) {
150	printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));	139	printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));
151	return STATE_CRITICAL;	140	return STATE_CRITICAL;
152	}	141	}
@@ -155,9 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
155	#ifdef SSL_OP_NO_TICKET	144	#ifdef SSL_OP_NO_TICKET
156	options \|= SSL_OP_NO_TICKET;	145	options \|= SSL_OP_NO_TICKET;
157	#endif	146	#endif
158	SSL_CTX_set_options(c, options);	147	SSL_CTX_set_options(ctx, options);
159	SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);	148	SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
160	if ((s = SSL_new(c)) != NULL) {	149	if ((s = SSL_new(ctx)) != NULL) {
161	#ifdef SSL_set_tlsext_host_name	150	#ifdef SSL_set_tlsext_host_name
162	if (host_name != NULL)	151	if (host_name != NULL)
163	SSL_set_tlsext_host_name(s, host_name);	152	SSL_set_tlsext_host_name(s, host_name);
@@ -184,9 +173,9 @@ void np_net_ssl_cleanup() {
184	#endif	173	#endif
185	SSL_shutdown(s);	174	SSL_shutdown(s);
186	SSL_free(s);	175	SSL_free(s);
187	if (c) {	176	if (ctx) {
188	SSL_CTX_free(c);	177	SSL_CTX_free(ctx);
189	c=NULL;	178	ctx=NULL;
190	}	179	}
191	s=NULL;	180	s=NULL;
192	}	181	}