diff options
Diffstat (limited to 'web/attachments/338743-check_http.revert-SNI.patch')
-rw-r--r-- | web/attachments/338743-check_http.revert-SNI.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/web/attachments/338743-check_http.revert-SNI.patch b/web/attachments/338743-check_http.revert-SNI.patch new file mode 100644 index 0000000..d19f2f1 --- /dev/null +++ b/web/attachments/338743-check_http.revert-SNI.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | diff --git a/plugins/check_http.c b/plugins/check_http.c | ||
2 | index 0310203..79f6adf 100644 | ||
3 | --- a/plugins/check_http.c | ||
4 | +++ b/plugins/check_http.c | ||
5 | @@ -790,7 +790,7 @@ check_http (void) | ||
6 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | ||
7 | #ifdef HAVE_SSL | ||
8 | if (use_ssl == TRUE) { | ||
9 | - np_net_ssl_init(sd); | ||
10 | + np_net_ssl_init_with_hostname(sd, host_name); | ||
11 | if (check_cert == TRUE) { | ||
12 | result = np_net_ssl_check_cert(days_till_exp); | ||
13 | np_net_ssl_cleanup(); | ||
14 | diff --git a/plugins/netutils.h b/plugins/netutils.h | ||
15 | index b479b74..572a3ae 100644 | ||
16 | --- a/plugins/netutils.h | ||
17 | +++ b/plugins/netutils.h | ||
18 | @@ -99,6 +99,7 @@ extern int address_family; | ||
19 | #ifdef HAVE_SSL | ||
20 | /* maybe this could be merged with the above np_net_connect, via some flags */ | ||
21 | int np_net_ssl_init(int sd); | ||
22 | +int np_net_ssl_init_with_hostname(int sd, char *host_name); | ||
23 | void np_net_ssl_cleanup(); | ||
24 | int np_net_ssl_write(const void *buf, int num); | ||
25 | int np_net_ssl_read(void *buf, int num); | ||
26 | diff --git a/plugins/sslutils.c b/plugins/sslutils.c | ||
27 | index 1d4ef94..aa571b6 100644 | ||
28 | --- a/plugins/sslutils.c | ||
29 | +++ b/plugins/sslutils.c | ||
30 | @@ -35,7 +35,11 @@ static SSL_CTX *c=NULL; | ||
31 | static SSL *s=NULL; | ||
32 | static int initialized=0; | ||
33 | |||
34 | -int np_net_ssl_init (int sd){ | ||
35 | +int np_net_ssl_init (int sd) { | ||
36 | + return np_net_ssl_init_with_hostname(sd, NULL); | ||
37 | +} | ||
38 | + | ||
39 | +int np_net_ssl_init_with_hostname (int sd, char *host_name) { | ||
40 | if (!initialized) { | ||
41 | /* Initialize SSL context */ | ||
42 | SSLeay_add_ssl_algorithms (); | ||
43 | @@ -48,6 +52,10 @@ int np_net_ssl_init (int sd){ | ||
44 | return STATE_CRITICAL; | ||
45 | } | ||
46 | if ((s = SSL_new (c)) != NULL){ | ||
47 | +#ifdef SSL_set_tlsext_host_name | ||
48 | + if (host_name != NULL) | ||
49 | + SSL_set_tlsext_host_name(s, host_name); | ||
50 | +#endif | ||
51 | SSL_set_fd (s, sd); | ||
52 | if (SSL_connect(s) == 1){ | ||
53 | return OK; | ||
54 | @@ -65,6 +73,9 @@ int np_net_ssl_init (int sd){ | ||
55 | |||
56 | void np_net_ssl_cleanup (){ | ||
57 | if(s){ | ||
58 | +#ifdef SSL_set_tlsext_host_name | ||
59 | + SSL_set_tlsext_host_name(s, NULL); | ||
60 | +#endif | ||
61 | SSL_shutdown (s); | ||
62 | SSL_free (s); | ||
63 | if(c) { | ||