1 files changed, 55 insertions, 0 deletions
diff --git a/web/attachments/463009-NegSSLVers.patch b/web/attachments/463009-NegSSLVers.patch
new file mode 100644
index 0000000..c19d8ce
--- /dev/null
+++ b/web/attachments/463009-NegSSLVers.patch
@@ -0,0 +1,55 @@
+--- nagios-plugins-1.4.16/plugins/sslutils.c    2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16b/plugins/sslutils.c   2013-04-30 12:05:14.000000000 +0200
+@@ -46,8 +46,21 @@
+ 
+ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
+        const SSL_METHOD *method = NULL;
+       long ver_option = 0;
+ 
+        switch (version) {
+       case -3: /* Anything *but* SSLv3 */
+               method = SSLv23_client_method();
+               ver_option = SSL_OP_NO_SSLv3;
+               break;
+       case -2: /* Anything *but* SSLv2 */
+               method = SSLv23_client_method();
+               ver_option = SSL_OP_NO_SSLv2;
+               break;
+       case -1: /* Anything *but* TLSv1 */
+               method = SSLv23_client_method();
+               ver_option = SSL_OP_NO_TLSv1;
+               break;
+        case 0: /* Deafult to auto negotiation */
+                method = SSLv23_client_method();
+                break;
+@@ -83,6 +96,7 @@
+ #ifdef SSL_OP_NO_TICKET
+        SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
+ #endif
+       if (ver_option) SSL_CTX_set_options(c, ver_option);
+        if ((s = SSL_new(c)) != NULL) {
+ #ifdef SSL_set_tlsext_host_name
+                if (host_name != NULL)
+--- nagios-plugins-1.4.16/plugins/check_http.c  2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16b/plugins/check_http.c 2013-04-30 12:08:48.000000000 +0200
+@@ -312,8 +312,8 @@
+         ssl_version = 0;
+       else {
+         ssl_version = atoi(optarg);
+-        if (ssl_version < 1 || ssl_version > 3)
+-            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
+        if (ssl_version < -3 || ssl_version > 3)
+            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2), 3 (SSLv3) and their negatives (exclude that version)"));
+       }
+       if (specify_port == FALSE)
+         server_port = HTTPS_PORT;
+@@ -1348,7 +1348,8 @@
+ #ifdef HAVE_SSL
+   printf (" %s\n", "-S, --ssl=VERSION");
+   printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
+-  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
+  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3) for positive values, or"));
+  printf ("    %s\n", _("use of the respective protocol in auto-negotiation when negative."));
+   printf (" %s\n", "--sni");
+   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+   printf (" %s\n", "-C, --certificate=INTEGER");

diff --git a/web/attachments/463009-NegSSLVers.patch b/web/attachments/463009-NegSSLVers.patch new file mode 100644 index 0000000..c19d8ce --- /dev/null +++ b/web/attachments/463009-NegSSLVers.patch
@@ -0,0 +1,55 @@
	1	--- nagios-plugins-1.4.16/plugins/sslutils.c 2012-06-27 19:32:47.000000000 +0200
	2	+++ nagios-plugins-1.4.16b/plugins/sslutils.c 2013-04-30 12:05:14.000000000 +0200
	3	@@ -46,8 +46,21 @@
	4
	5	int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
	6	const SSL_METHOD *method = NULL;
	7	+ long ver_option = 0;
	8
	9	switch (version) {
	10	+ case -3: /* Anything but SSLv3 */
	11	+ method = SSLv23_client_method();
	12	+ ver_option = SSL_OP_NO_SSLv3;
	13	+ break;
	14	+ case -2: /* Anything but SSLv2 */
	15	+ method = SSLv23_client_method();
	16	+ ver_option = SSL_OP_NO_SSLv2;
	17	+ break;
	18	+ case -1: /* Anything but TLSv1 */
	19	+ method = SSLv23_client_method();
	20	+ ver_option = SSL_OP_NO_TLSv1;
	21	+ break;
	22	case 0: /* Deafult to auto negotiation */
	23	method = SSLv23_client_method();
	24	break;
	25	@@ -83,6 +96,7 @@
	26	#ifdef SSL_OP_NO_TICKET
	27	SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
	28	#endif
	29	+ if (ver_option) SSL_CTX_set_options(c, ver_option);
	30	if ((s = SSL_new(c)) != NULL) {
	31	#ifdef SSL_set_tlsext_host_name
	32	if (host_name != NULL)
	33	--- nagios-plugins-1.4.16/plugins/check_http.c 2012-06-27 19:32:47.000000000 +0200
	34	+++ nagios-plugins-1.4.16b/plugins/check_http.c 2013-04-30 12:08:48.000000000 +0200
	35	@@ -312,8 +312,8 @@
	36	ssl_version = 0;
	37	else {
	38	ssl_version = atoi(optarg);
	39	- if (ssl_version < 1 \|\| ssl_version > 3)
	40	- usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
	41	+ if (ssl_version < -3 \|\| ssl_version > 3)
	42	+ usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2), 3 (SSLv3) and their negatives (exclude that version)"));
	43	}
	44	if (specify_port == FALSE)
	45	server_port = HTTPS_PORT;
	46	@@ -1348,7 +1348,8 @@
	47	#ifdef HAVE_SSL
	48	printf (" %s\n", "-S, --ssl=VERSION");
	49	printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
	50	- printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
	51	+ printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3) for positive values, or"));
	52	+ printf (" %s\n", _("use of the respective protocol in auto-negotiation when negative."));
	53	printf (" %s\n", "--sni");
	54	printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
	55	printf (" %s\n", "-C, --certificate=INTEGER");