diff options
Diffstat (limited to 'web/attachments/408370-ssl_version.patch')
-rw-r--r-- | web/attachments/408370-ssl_version.patch | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/web/attachments/408370-ssl_version.patch b/web/attachments/408370-ssl_version.patch new file mode 100644 index 0000000..dde90e8 --- /dev/null +++ b/web/attachments/408370-ssl_version.patch | |||
@@ -0,0 +1,130 @@ | |||
1 | --- nagios-plugins-1.4.15/plugins/sslutils.c 2010-07-27 20:47:16.000000000 +0000 | ||
2 | +++ nagios-plugins-1.4.15-patched/plugins/sslutils.c 2011-04-12 14:13:29.035426121 +0000 | ||
3 | @@ -40,6 +40,28 @@ | ||
4 | } | ||
5 | |||
6 | int np_net_ssl_init_with_hostname (int sd, char *host_name) { | ||
7 | + return np_net_ssl_init_with_hostname_and_version (sd, host_name, 0); | ||
8 | +} | ||
9 | + | ||
10 | +int np_net_ssl_init_with_hostname_and_version (int sd, char *host_name, int version) { | ||
11 | + const SSL_METHOD * method = NULL; | ||
12 | + switch ( version ) { | ||
13 | + case 0: /* Deafult to auto negotiation */ | ||
14 | + method = SSLv23_client_method(); | ||
15 | + break; | ||
16 | + case 1: /* TLSv1 protocol */ | ||
17 | + method = TLSv1_client_method(); | ||
18 | + break; | ||
19 | + case 2: /* SSLv2 protocol */ | ||
20 | + method = SSLv2_client_method(); | ||
21 | + break; | ||
22 | + case 3: /* SSLv3 protocol */ | ||
23 | + method = SSLv3_client_method(); | ||
24 | + break; | ||
25 | + default: /* Unsupported */ | ||
26 | + printf ("%s\n", _("CRITICAL - Unsupported SSL Protocol Version.")); | ||
27 | + return STATE_CRITICAL; | ||
28 | + } | ||
29 | if (!initialized) { | ||
30 | /* Initialize SSL context */ | ||
31 | SSLeay_add_ssl_algorithms (); | ||
32 | @@ -47,7 +69,7 @@ | ||
33 | OpenSSL_add_all_algorithms (); | ||
34 | initialized = 1; | ||
35 | } | ||
36 | - if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) { | ||
37 | + if ((c = SSL_CTX_new (method)) == NULL) { | ||
38 | printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); | ||
39 | return STATE_CRITICAL; | ||
40 | } | ||
41 | |||
42 | |||
43 | --- nagios-plugins-1.4.15/plugins/check_http.c 2010-07-27 20:47:16.000000000 +0000 | ||
44 | +++ nagios-plugins-1.4.15-patched/plugins/check_http.c 2011-04-12 14:14:58.426446596 +0000 | ||
45 | @@ -34,7 +34,7 @@ | ||
46 | /* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */ | ||
47 | |||
48 | const char *progname = "check_http"; | ||
49 | -const char *copyright = "1999-2008"; | ||
50 | +const char *copyright = "1999-2011"; | ||
51 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; | ||
52 | |||
53 | #include "common.h" | ||
54 | @@ -59,6 +59,7 @@ | ||
55 | #ifdef HAVE_SSL | ||
56 | int check_cert = FALSE; | ||
57 | int days_till_exp; | ||
58 | +int ssl_version; | ||
59 | char *randbuff; | ||
60 | X509 *server_cert; | ||
61 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | ||
62 | @@ -189,7 +190,7 @@ | ||
63 | STD_LONG_OPTS, | ||
64 | {"link", no_argument, 0, 'L'}, | ||
65 | {"nohtml", no_argument, 0, 'n'}, | ||
66 | - {"ssl", no_argument, 0, 'S'}, | ||
67 | + {"ssl", optional_argument, 0, 'S'}, | ||
68 | {"sni", no_argument, 0, SNI_OPTION}, | ||
69 | {"post", required_argument, 0, 'P'}, | ||
70 | {"method", required_argument, 0, 'j'}, | ||
71 | @@ -235,7 +236,7 @@ | ||
72 | } | ||
73 | |||
74 | while (1) { | ||
75 | - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); | ||
76 | + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLS::m:M:N", longopts, &option); | ||
77 | if (c == -1 || c == EOF) | ||
78 | break; | ||
79 | |||
80 | @@ -305,6 +306,21 @@ | ||
81 | usage4 (_("Invalid option - SSL is not available")); | ||
82 | #endif | ||
83 | use_ssl = TRUE; | ||
84 | + if (optarg == NULL) | ||
85 | + ssl_version = 0; | ||
86 | + else if (!is_intnonneg (optarg)) | ||
87 | + usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); | ||
88 | + else { | ||
89 | + ssl_version = atoi( optarg ); | ||
90 | + switch ( ssl_version ) { | ||
91 | + case 1: | ||
92 | + case 2: | ||
93 | + case 3: break; | ||
94 | + default: | ||
95 | + usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); | ||
96 | + break; | ||
97 | + } | ||
98 | + } | ||
99 | if (specify_port == FALSE) | ||
100 | server_port = HTTPS_PORT; | ||
101 | break; | ||
102 | @@ -807,7 +823,7 @@ | ||
103 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | ||
104 | #ifdef HAVE_SSL | ||
105 | if (use_ssl == TRUE) { | ||
106 | - np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); | ||
107 | + np_net_ssl_init_with_hostname_and_version(sd, (use_sni ? host_name : NULL), ssl_version); | ||
108 | if (check_cert == TRUE) { | ||
109 | result = np_net_ssl_check_cert(days_till_exp); | ||
110 | np_net_ssl_cleanup(); | ||
111 | @@ -1335,8 +1351,10 @@ | ||
112 | printf (UT_IPv46); | ||
113 | |||
114 | #ifdef HAVE_SSL | ||
115 | - printf (" %s\n", "-S, --ssl"); | ||
116 | + printf (" %s\n", "-S, --ssl=VERSION"); | ||
117 | printf (" %s\n", _("Connect via SSL. Port defaults to 443")); | ||
118 | + printf (" %s\n", _("VERSION is optional, and prevents auto negotiation.")); | ||
119 | + printf (" %s\n", _("1 = TLSv1, 2 = SSLv2, 3 = SSLv3.")); | ||
120 | printf (" %s\n", "--sni"); | ||
121 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | ||
122 | printf (" %s\n", "-C, --certificate=INTEGER"); | ||
123 | @@ -1441,6 +1459,6 @@ | ||
124 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | ||
125 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | ||
126 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | ||
127 | - printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n"); | ||
128 | + printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n"); | ||
129 | printf (" [-j method]\n"); | ||
130 | } | ||