diff options
Diffstat (limited to 'web/attachments/318840-sslutils_sni.patch')
-rw-r--r-- | web/attachments/318840-sslutils_sni.patch | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/web/attachments/318840-sslutils_sni.patch b/web/attachments/318840-sslutils_sni.patch new file mode 100644 index 0000000..4251244 --- /dev/null +++ b/web/attachments/318840-sslutils_sni.patch | |||
@@ -0,0 +1,85 @@ | |||
1 | diff --git a/plugins/check_http.c b/plugins/check_http.c | ||
2 | index c8ae67f..33a9379 100644 | ||
3 | --- a/plugins/check_http.c | ||
4 | +++ b/plugins/check_http.c | ||
5 | @@ -790,6 +790,9 @@ check_http (void) | ||
6 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | ||
7 | #ifdef HAVE_SSL | ||
8 | if (use_ssl == TRUE) { | ||
9 | + /* Set host name for SSL/TLS hostname extension support (SNI) */ | ||
10 | + if (host_name) | ||
11 | + np_net_ssl_set_host_name(host_name); | ||
12 | np_net_ssl_init(sd); | ||
13 | if (check_cert == TRUE) { | ||
14 | result = np_net_ssl_check_cert(days_till_exp); | ||
15 | diff --git a/plugins/netutils.h b/plugins/netutils.h | ||
16 | index 6bc5386..c6f863d 100644 | ||
17 | --- a/plugins/netutils.h | ||
18 | +++ b/plugins/netutils.h | ||
19 | @@ -96,6 +96,7 @@ void np_net_ssl_cleanup(); | ||
20 | int np_net_ssl_write(const void *buf, int num); | ||
21 | int np_net_ssl_read(void *buf, int num); | ||
22 | int np_net_ssl_check_cert(int days_till_exp); | ||
23 | +void np_net_ssl_set_host_name(const char *buf); | ||
24 | #endif /* HAVE_SSL */ | ||
25 | |||
26 | #endif /* _NETUTILS_H_ */ | ||
27 | diff --git a/plugins/sslutils.c b/plugins/sslutils.c | ||
28 | index 1d4ef94..a8aee93 100644 | ||
29 | --- a/plugins/sslutils.c | ||
30 | +++ b/plugins/sslutils.c | ||
31 | @@ -34,6 +34,7 @@ | ||
32 | static SSL_CTX *c=NULL; | ||
33 | static SSL *s=NULL; | ||
34 | static int initialized=0; | ||
35 | +const char *host_name=NULL; | ||
36 | |||
37 | int np_net_ssl_init (int sd){ | ||
38 | if (!initialized) { | ||
39 | @@ -48,6 +49,10 @@ int np_net_ssl_init (int sd){ | ||
40 | return STATE_CRITICAL; | ||
41 | } | ||
42 | if ((s = SSL_new (c)) != NULL){ | ||
43 | +#ifdef SSL_set_tlsext_host_name | ||
44 | + if (host_name != NULL) | ||
45 | + SSL_set_tlsext_host_name(s, host_name); | ||
46 | +#endif | ||
47 | SSL_set_fd (s, sd); | ||
48 | if (SSL_connect(s) == 1){ | ||
49 | return OK; | ||
50 | @@ -65,6 +70,9 @@ int np_net_ssl_init (int sd){ | ||
51 | |||
52 | void np_net_ssl_cleanup (){ | ||
53 | if(s){ | ||
54 | +#ifdef SSL_set_tlsext_host_name | ||
55 | + SSL_set_tlsext_host_name(s, NULL); | ||
56 | +#endif | ||
57 | SSL_shutdown (s); | ||
58 | SSL_free (s); | ||
59 | if(c) { | ||
60 | @@ -73,6 +81,7 @@ void np_net_ssl_cleanup (){ | ||
61 | } | ||
62 | s=NULL; | ||
63 | } | ||
64 | + host_name = NULL; | ||
65 | } | ||
66 | |||
67 | int np_net_ssl_write(const void *buf, int num){ | ||
68 | @@ -86,7 +95,7 @@ int np_net_ssl_read(void *buf, int num){ | ||
69 | int np_net_ssl_check_cert(int days_till_exp){ | ||
70 | # ifdef USE_OPENSSL | ||
71 | X509 *certificate=NULL; | ||
72 | - ASN1_STRING *tm; | ||
73 | + ASN1_STRING *tm; | ||
74 | int offset; | ||
75 | struct tm stamp; | ||
76 | float time_left; | ||
77 | @@ -163,4 +172,8 @@ int np_net_ssl_check_cert(int days_till_exp){ | ||
78 | # endif /* USE_OPENSSL */ | ||
79 | } | ||
80 | |||
81 | +void np_net_ssl_set_host_name (const char *buf){ | ||
82 | + host_name = buf; | ||
83 | +} | ||
84 | + | ||
85 | #endif /* HAVE_SSL */ | ||