1 files changed, 63 insertions, 0 deletions
diff --git a/web/attachments/338743-check_http.revert-SNI.patch b/web/attachments/338743-check_http.revert-SNI.patch
new file mode 100644
index 0000000..d19f2f1
--- /dev/null
+++ b/web/attachments/338743-check_http.revert-SNI.patch
@@ -0,0 +1,63 @@
+diff --git a/plugins/check_http.c b/plugins/check_http.c
+index 0310203..79f6adf 100644
+--- a/plugins/check_http.c
+++ b/plugins/check_http.c
+@@ -790,7 +790,7 @@ check_http (void)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+ #ifdef HAVE_SSL
+   if (use_ssl == TRUE) {
+-    np_net_ssl_init(sd);
+    np_net_ssl_init_with_hostname(sd, host_name);
+     if (check_cert == TRUE) {
+       result = np_net_ssl_check_cert(days_till_exp);
+       np_net_ssl_cleanup();
+diff --git a/plugins/netutils.h b/plugins/netutils.h
+index b479b74..572a3ae 100644
+--- a/plugins/netutils.h
+++ b/plugins/netutils.h
+@@ -99,6 +99,7 @@ extern int address_family;
+ #ifdef HAVE_SSL
+ /* maybe this could be merged with the above np_net_connect, via some flags */
+ int np_net_ssl_init(int sd);
+int np_net_ssl_init_with_hostname(int sd, char *host_name);
+ void np_net_ssl_cleanup();
+ int np_net_ssl_write(const void *buf, int num);
+ int np_net_ssl_read(void *buf, int num);
+diff --git a/plugins/sslutils.c b/plugins/sslutils.c
+index 1d4ef94..aa571b6 100644
+--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
+@@ -35,7 +35,11 @@ static SSL_CTX *c=NULL;
+ static SSL *s=NULL;
+ static int initialized=0;
+ 
+-int np_net_ssl_init (int sd){
+int np_net_ssl_init (int sd) {
+    return np_net_ssl_init_with_hostname(sd, NULL);
+}
+
+int np_net_ssl_init_with_hostname (int sd, char *host_name) {
+                if (!initialized) {
+                        /* Initialize SSL context */
+                        SSLeay_add_ssl_algorithms ();
+@@ -48,6 +52,10 @@ int np_net_ssl_init (int sd){
+                                return STATE_CRITICAL;
+                }
+                if ((s = SSL_new (c)) != NULL){
+#ifdef SSL_set_tlsext_host_name
+                               if (host_name != NULL)
+                                       SSL_set_tlsext_host_name(s, host_name);
+#endif
+                                SSL_set_fd (s, sd);
+                                if (SSL_connect(s) == 1){
+                                                return OK;
+@@ -65,6 +73,9 @@ int np_net_ssl_init (int sd){
+ 
+ void np_net_ssl_cleanup (){
+                if(s){
+#ifdef SSL_set_tlsext_host_name
+                               SSL_set_tlsext_host_name(s, NULL);
+#endif
+                                SSL_shutdown (s);
+                                SSL_free (s);
+                                if(c) {

diff --git a/web/attachments/338743-check_http.revert-SNI.patch b/web/attachments/338743-check_http.revert-SNI.patch new file mode 100644 index 0000000..d19f2f1 --- /dev/null +++ b/web/attachments/338743-check_http.revert-SNI.patch
@@ -0,0 +1,63 @@
	1	diff --git a/plugins/check_http.c b/plugins/check_http.c
	2	index 0310203..79f6adf 100644
	3	--- a/plugins/check_http.c
	4	+++ b/plugins/check_http.c
	5	@@ -790,7 +790,7 @@ check_http (void)
	6	die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
	7	#ifdef HAVE_SSL
	8	if (use_ssl == TRUE) {
	9	- np_net_ssl_init(sd);
	10	+ np_net_ssl_init_with_hostname(sd, host_name);
	11	if (check_cert == TRUE) {
	12	result = np_net_ssl_check_cert(days_till_exp);
	13	np_net_ssl_cleanup();
	14	diff --git a/plugins/netutils.h b/plugins/netutils.h
	15	index b479b74..572a3ae 100644
	16	--- a/plugins/netutils.h
	17	+++ b/plugins/netutils.h
	18	@@ -99,6 +99,7 @@ extern int address_family;
	19	#ifdef HAVE_SSL
	20	/* maybe this could be merged with the above np_net_connect, via some flags */
	21	int np_net_ssl_init(int sd);
	22	+int np_net_ssl_init_with_hostname(int sd, char *host_name);
	23	void np_net_ssl_cleanup();
	24	int np_net_ssl_write(const void *buf, int num);
	25	int np_net_ssl_read(void *buf, int num);
	26	diff --git a/plugins/sslutils.c b/plugins/sslutils.c
	27	index 1d4ef94..aa571b6 100644
	28	--- a/plugins/sslutils.c
	29	+++ b/plugins/sslutils.c
	30	@@ -35,7 +35,11 @@ static SSL_CTX *c=NULL;
	31	static SSL *s=NULL;
	32	static int initialized=0;
	33
	34	-int np_net_ssl_init (int sd){
	35	+int np_net_ssl_init (int sd) {
	36	+ return np_net_ssl_init_with_hostname(sd, NULL);
	37	+}
	38	+
	39	+int np_net_ssl_init_with_hostname (int sd, char *host_name) {
	40	if (!initialized) {
	41	/* Initialize SSL context */
	42	SSLeay_add_ssl_algorithms ();
	43	@@ -48,6 +52,10 @@ int np_net_ssl_init (int sd){
	44	return STATE_CRITICAL;
	45	}
	46	if ((s = SSL_new (c)) != NULL){
	47	+#ifdef SSL_set_tlsext_host_name
	48	+ if (host_name != NULL)
	49	+ SSL_set_tlsext_host_name(s, host_name);
	50	+#endif
	51	SSL_set_fd (s, sd);
	52	if (SSL_connect(s) == 1){
	53	return OK;
	54	@@ -65,6 +73,9 @@ int np_net_ssl_init (int sd){
	55
	56	void np_net_ssl_cleanup (){
	57	if(s){
	58	+#ifdef SSL_set_tlsext_host_name
	59	+ SSL_set_tlsext_host_name(s, NULL);
	60	+#endif
	61	SSL_shutdown (s);
	62	SSL_free (s);
	63	if(c) {