1 files changed, 85 insertions, 0 deletions
diff --git a/web/attachments/318840-sslutils_sni.patch b/web/attachments/318840-sslutils_sni.patch
new file mode 100644
index 0000000..4251244
--- /dev/null
+++ b/web/attachments/318840-sslutils_sni.patch
@@ -0,0 +1,85 @@
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index c8ae67f..33a9379 100644
+--- a/plugins/check_http.c
+++ b/plugins/check_http.c
+@@ -790,6 +790,9 @@ check_http (void)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+ #ifdef HAVE_SSL
+   if (use_ssl == TRUE) {
+    /* Set host name for SSL/TLS hostname extension support (SNI) */
+    if (host_name)
+      np_net_ssl_set_host_name(host_name);
+     np_net_ssl_init(sd);
+     if (check_cert == TRUE) {
+       result = np_net_ssl_check_cert(days_till_exp);
+diff --git a/plugins/netutils.h b/plugins/netutils.h
+index 6bc5386..c6f863d 100644
+--- a/plugins/netutils.h
+++ b/plugins/netutils.h
+@@ -96,6 +96,7 @@ void np_net_ssl_cleanup();
+ int np_net_ssl_write(const void *buf, int num);
+ int np_net_ssl_read(void *buf, int num);
+ int np_net_ssl_check_cert(int days_till_exp);
+void np_net_ssl_set_host_name(const char *buf);
+ #endif /* HAVE_SSL */
+ 
+ #endif /* _NETUTILS_H_ */
+diff --git a/plugins/sslutils.c b/plugins/sslutils.c
+index 1d4ef94..a8aee93 100644
+--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
+@@ -34,6 +34,7 @@
+ static SSL_CTX *c=NULL;
+ static SSL *s=NULL;
+ static int initialized=0;
+const char *host_name=NULL;
+ 
+ int np_net_ssl_init (int sd){
+                if (!initialized) {
+@@ -48,6 +49,10 @@ int np_net_ssl_init (int sd){
+                                return STATE_CRITICAL;
+                }
+                if ((s = SSL_new (c)) != NULL){
+#ifdef SSL_set_tlsext_host_name
+                               if (host_name != NULL)
+                                               SSL_set_tlsext_host_name(s, host_name);
+#endif
+                                SSL_set_fd (s, sd);
+                                if (SSL_connect(s) == 1){
+                                                return OK;
+@@ -65,6 +70,9 @@ int np_net_ssl_init (int sd){
+ 
+ void np_net_ssl_cleanup (){
+                if(s){
+#ifdef SSL_set_tlsext_host_name
+                               SSL_set_tlsext_host_name(s, NULL);
+#endif
+                                SSL_shutdown (s);
+                                SSL_free (s);
+                                if(c) {
+@@ -73,6 +81,7 @@ void np_net_ssl_cleanup (){
+                                }
+                                s=NULL;
+                }
+               host_name = NULL;
+ }
+ 
+ int np_net_ssl_write(const void *buf, int num){
+@@ -86,7 +95,7 @@ int np_net_ssl_read(void *buf, int num){
+ int np_net_ssl_check_cert(int days_till_exp){
+ #  ifdef USE_OPENSSL
+        X509 *certificate=NULL;
+-        ASN1_STRING *tm;
+       ASN1_STRING *tm;
+        int offset;
+        struct tm stamp;
+        float time_left;
+@@ -163,4 +172,8 @@ int np_net_ssl_check_cert(int days_till_exp){
+ #  endif /* USE_OPENSSL */
+ }
+ 
+void np_net_ssl_set_host_name (const char *buf){
+       host_name = buf;
+}
+
+ #endif /* HAVE_SSL */

diff --git a/web/attachments/318840-sslutils_sni.patch b/web/attachments/318840-sslutils_sni.patch new file mode 100644 index 0000000..4251244 --- /dev/null +++ b/web/attachments/318840-sslutils_sni.patch
@@ -0,0 +1,85 @@
	1	diff --git a/plugins/check_http.c b/plugins/check_http.c
	2	index c8ae67f..33a9379 100644
	3	--- a/plugins/check_http.c
	4	+++ b/plugins/check_http.c
	5	@@ -790,6 +790,9 @@ check_http (void)
	6	die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
	7	#ifdef HAVE_SSL
	8	if (use_ssl == TRUE) {
	9	+ /* Set host name for SSL/TLS hostname extension support (SNI) */
	10	+ if (host_name)
	11	+ np_net_ssl_set_host_name(host_name);
	12	np_net_ssl_init(sd);
	13	if (check_cert == TRUE) {
	14	result = np_net_ssl_check_cert(days_till_exp);
	15	diff --git a/plugins/netutils.h b/plugins/netutils.h
	16	index 6bc5386..c6f863d 100644
	17	--- a/plugins/netutils.h
	18	+++ b/plugins/netutils.h
	19	@@ -96,6 +96,7 @@ void np_net_ssl_cleanup();
	20	int np_net_ssl_write(const void *buf, int num);
	21	int np_net_ssl_read(void *buf, int num);
	22	int np_net_ssl_check_cert(int days_till_exp);
	23	+void np_net_ssl_set_host_name(const char *buf);
	24	#endif /* HAVE_SSL */
	25
	26	#endif /* _NETUTILS_H_ */
	27	diff --git a/plugins/sslutils.c b/plugins/sslutils.c
	28	index 1d4ef94..a8aee93 100644
	29	--- a/plugins/sslutils.c
	30	+++ b/plugins/sslutils.c
	31	@@ -34,6 +34,7 @@
	32	static SSL_CTX *c=NULL;
	33	static SSL *s=NULL;
	34	static int initialized=0;
	35	+const char *host_name=NULL;
	36
	37	int np_net_ssl_init (int sd){
	38	if (!initialized) {
	39	@@ -48,6 +49,10 @@ int np_net_ssl_init (int sd){
	40	return STATE_CRITICAL;
	41	}
	42	if ((s = SSL_new (c)) != NULL){
	43	+#ifdef SSL_set_tlsext_host_name
	44	+ if (host_name != NULL)
	45	+ SSL_set_tlsext_host_name(s, host_name);
	46	+#endif
	47	SSL_set_fd (s, sd);
	48	if (SSL_connect(s) == 1){
	49	return OK;
	50	@@ -65,6 +70,9 @@ int np_net_ssl_init (int sd){
	51
	52	void np_net_ssl_cleanup (){
	53	if(s){
	54	+#ifdef SSL_set_tlsext_host_name
	55	+ SSL_set_tlsext_host_name(s, NULL);
	56	+#endif
	57	SSL_shutdown (s);
	58	SSL_free (s);
	59	if(c) {
	60	@@ -73,6 +81,7 @@ void np_net_ssl_cleanup (){
	61	}
	62	s=NULL;
	63	}
	64	+ host_name = NULL;
	65	}
	66
	67	int np_net_ssl_write(const void *buf, int num){
	68	@@ -86,7 +95,7 @@ int np_net_ssl_read(void *buf, int num){
	69	int np_net_ssl_check_cert(int days_till_exp){
	70	# ifdef USE_OPENSSL
	71	X509 *certificate=NULL;
	72	- ASN1_STRING *tm;
	73	+ ASN1_STRING *tm;
	74	int offset;
	75	struct tm stamp;
	76	float time_left;
	77	@@ -163,4 +172,8 @@ int np_net_ssl_check_cert(int days_till_exp){
	78	# endif /* USE_OPENSSL */
	79	}
	80
	81	+void np_net_ssl_set_host_name (const char *buf){
	82	+ host_name = buf;
	83	+}
	84	+
	85	#endif /* HAVE_SSL */