diff options
Diffstat (limited to 'web/attachments/463009-NegSSLVers.patch')
-rw-r--r-- | web/attachments/463009-NegSSLVers.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/web/attachments/463009-NegSSLVers.patch b/web/attachments/463009-NegSSLVers.patch new file mode 100644 index 0000000..c19d8ce --- /dev/null +++ b/web/attachments/463009-NegSSLVers.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | --- nagios-plugins-1.4.16/plugins/sslutils.c 2012-06-27 19:32:47.000000000 +0200 | ||
2 | +++ nagios-plugins-1.4.16b/plugins/sslutils.c 2013-04-30 12:05:14.000000000 +0200 | ||
3 | @@ -46,8 +46,21 @@ | ||
4 | |||
5 | int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) { | ||
6 | const SSL_METHOD *method = NULL; | ||
7 | + long ver_option = 0; | ||
8 | |||
9 | switch (version) { | ||
10 | + case -3: /* Anything *but* SSLv3 */ | ||
11 | + method = SSLv23_client_method(); | ||
12 | + ver_option = SSL_OP_NO_SSLv3; | ||
13 | + break; | ||
14 | + case -2: /* Anything *but* SSLv2 */ | ||
15 | + method = SSLv23_client_method(); | ||
16 | + ver_option = SSL_OP_NO_SSLv2; | ||
17 | + break; | ||
18 | + case -1: /* Anything *but* TLSv1 */ | ||
19 | + method = SSLv23_client_method(); | ||
20 | + ver_option = SSL_OP_NO_TLSv1; | ||
21 | + break; | ||
22 | case 0: /* Deafult to auto negotiation */ | ||
23 | method = SSLv23_client_method(); | ||
24 | break; | ||
25 | @@ -83,6 +96,7 @@ | ||
26 | #ifdef SSL_OP_NO_TICKET | ||
27 | SSL_CTX_set_options(c, SSL_OP_NO_TICKET); | ||
28 | #endif | ||
29 | + if (ver_option) SSL_CTX_set_options(c, ver_option); | ||
30 | if ((s = SSL_new(c)) != NULL) { | ||
31 | #ifdef SSL_set_tlsext_host_name | ||
32 | if (host_name != NULL) | ||
33 | --- nagios-plugins-1.4.16/plugins/check_http.c 2012-06-27 19:32:47.000000000 +0200 | ||
34 | +++ nagios-plugins-1.4.16b/plugins/check_http.c 2013-04-30 12:08:48.000000000 +0200 | ||
35 | @@ -312,8 +312,8 @@ | ||
36 | ssl_version = 0; | ||
37 | else { | ||
38 | ssl_version = atoi(optarg); | ||
39 | - if (ssl_version < 1 || ssl_version > 3) | ||
40 | - usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); | ||
41 | + if (ssl_version < -3 || ssl_version > 3) | ||
42 | + usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2), 3 (SSLv3) and their negatives (exclude that version)")); | ||
43 | } | ||
44 | if (specify_port == FALSE) | ||
45 | server_port = HTTPS_PORT; | ||
46 | @@ -1348,7 +1348,8 @@ | ||
47 | #ifdef HAVE_SSL | ||
48 | printf (" %s\n", "-S, --ssl=VERSION"); | ||
49 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); | ||
50 | - printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); | ||
51 | + printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3) for positive values, or")); | ||
52 | + printf (" %s\n", _("use of the respective protocol in auto-negotiation when negative.")); | ||
53 | printf (" %s\n", "--sni"); | ||
54 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | ||
55 | printf (" %s\n", "-C, --certificate=INTEGER"); | ||