From 0b6423f9c99d9edf8c96fefd0f6c453859395aa1 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Mon, 30 Sep 2013 00:03:24 +0200
Subject: Import Nagios Plugins site

Import the Nagios Plugins web site, Cronjobs, infrastructure scripts,
and configuration files.
---
 web/attachments/408370-ssl_version.patch | 130 +++++++++++++++++++++++++++++++
 1 file changed, 130 insertions(+)
 create mode 100644 web/attachments/408370-ssl_version.patch

(limited to 'web/attachments/408370-ssl_version.patch')

diff --git a/web/attachments/408370-ssl_version.patch b/web/attachments/408370-ssl_version.patch
new file mode 100644
index 0000000..dde90e8
--- /dev/null
+++ b/web/attachments/408370-ssl_version.patch
@@ -0,0 +1,130 @@
+--- nagios-plugins-1.4.15/plugins/sslutils.c	2010-07-27 20:47:16.000000000 +0000
++++ nagios-plugins-1.4.15-patched/plugins/sslutils.c	2011-04-12 14:13:29.035426121 +0000
+@@ -40,6 +40,28 @@
+ }
+ 
+ int np_net_ssl_init_with_hostname (int sd, char *host_name) {
++                return  np_net_ssl_init_with_hostname_and_version (sd, host_name, 0);
++}
++
++int np_net_ssl_init_with_hostname_and_version (int sd, char *host_name, int version) {
++                const SSL_METHOD * method = NULL;
++                switch ( version ) {
++                  case 0: /* Deafult to auto negotiation */
++                    method = SSLv23_client_method();
++                    break;
++                  case 1: /* TLSv1 protocol */
++                    method = TLSv1_client_method();
++                    break;
++                  case 2: /* SSLv2 protocol */
++                    method = SSLv2_client_method();
++                    break;
++                  case 3: /* SSLv3 protocol */
++                    method = SSLv3_client_method();
++                    break;
++                  default: /* Unsupported */
++                    printf ("%s\n", _("CRITICAL - Unsupported SSL Protocol Version."));
++                    return STATE_CRITICAL;
++                } 
+ 		if (!initialized) {
+ 			/* Initialize SSL context */
+ 			SSLeay_add_ssl_algorithms ();
+@@ -47,7 +69,7 @@
+ 			OpenSSL_add_all_algorithms ();
+ 			initialized = 1;
+ 		}
+-		if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) {
++		if ((c = SSL_CTX_new (method)) == NULL) {
+ 				printf ("%s\n", _("CRITICAL - Cannot create SSL context."));
+ 				return STATE_CRITICAL;
+ 		}
+
+
+--- nagios-plugins-1.4.15/plugins/check_http.c	2010-07-27 20:47:16.000000000 +0000
++++ nagios-plugins-1.4.15-patched/plugins/check_http.c	2011-04-12 14:14:58.426446596 +0000
+@@ -34,7 +34,7 @@
+ /* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
+ 
+ const char *progname = "check_http";
+-const char *copyright = "1999-2008";
++const char *copyright = "1999-2011";
+ const char *email = "nagiosplug-devel@lists.sourceforge.net";
+ 
+ #include "common.h"
+@@ -59,6 +59,7 @@
+ #ifdef HAVE_SSL
+ int check_cert = FALSE;
+ int days_till_exp;
++int ssl_version;
+ char *randbuff;
+ X509 *server_cert;
+ #  define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+@@ -189,7 +190,7 @@
+     STD_LONG_OPTS,
+     {"link", no_argument, 0, 'L'},
+     {"nohtml", no_argument, 0, 'n'},
+-    {"ssl", no_argument, 0, 'S'},
++    {"ssl", optional_argument, 0, 'S'},
+     {"sni", no_argument, 0, SNI_OPTION},
+     {"post", required_argument, 0, 'P'},
+     {"method", required_argument, 0, 'j'},
+@@ -235,7 +236,7 @@
+   }
+ 
+   while (1) {
+-    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
++    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLS::m:M:N", longopts, &option);
+     if (c == -1 || c == EOF)
+       break;
+ 
+@@ -305,6 +306,21 @@
+       usage4 (_("Invalid option - SSL is not available"));
+ #endif
+       use_ssl = TRUE;
++      if (optarg == NULL)
++        ssl_version = 0;
++      else if (!is_intnonneg (optarg))
++        usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
++      else {
++        ssl_version = atoi( optarg );
++        switch ( ssl_version ) {
++          case 1:
++          case 2:
++          case 3: break;
++          default:
++            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
++            break;
++        }
++      }
+       if (specify_port == FALSE)
+         server_port = HTTPS_PORT;
+       break;
+@@ -807,7 +823,7 @@
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+ #ifdef HAVE_SSL
+   if (use_ssl == TRUE) {
+-    np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
++    np_net_ssl_init_with_hostname_and_version(sd, (use_sni ? host_name : NULL), ssl_version);
+     if (check_cert == TRUE) {
+       result = np_net_ssl_check_cert(days_till_exp);
+       np_net_ssl_cleanup();
+@@ -1335,8 +1351,10 @@
+   printf (UT_IPv46);
+ 
+ #ifdef HAVE_SSL
+-  printf (" %s\n", "-S, --ssl");
++  printf (" %s\n", "-S, --ssl=VERSION");
+   printf ("   %s\n", _("Connect via SSL. Port defaults to 443"));
++  printf ("   %s\n", _("VERSION is optional, and prevents auto negotiation."));
++  printf ("   %s\n", _("1 = TLSv1, 2 = SSLv2, 3 = SSLv3."));
+   printf (" %s\n", "--sni");
+   printf ("   %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+   printf (" %s\n", "-C, --certificate=INTEGER");
+@@ -1441,6 +1459,6 @@
+   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+   printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+-  printf ("       [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
++  printf ("       [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n");
+   printf ("       [-j method]\n");
+ }
-- 
cgit v1.2.3-74-g34f1