From 0b6423f9c99d9edf8c96fefd0f6c453859395aa1 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Mon, 30 Sep 2013 00:03:24 +0200
Subject: Import Nagios Plugins site

Import the Nagios Plugins web site, Cronjobs, infrastructure scripts,
and configuration files.
---
 web/attachments/463009-NegSSLVers.patch | 55 +++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 web/attachments/463009-NegSSLVers.patch

(limited to 'web/attachments/463009-NegSSLVers.patch')

diff --git a/web/attachments/463009-NegSSLVers.patch b/web/attachments/463009-NegSSLVers.patch
new file mode 100644
index 0000000..c19d8ce
--- /dev/null
+++ b/web/attachments/463009-NegSSLVers.patch
@@ -0,0 +1,55 @@
+--- nagios-plugins-1.4.16/plugins/sslutils.c	2012-06-27 19:32:47.000000000 +0200
++++ nagios-plugins-1.4.16b/plugins/sslutils.c	2013-04-30 12:05:14.000000000 +0200
+@@ -46,8 +46,21 @@
+ 
+ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
+ 	const SSL_METHOD *method = NULL;
++	long ver_option = 0;
+ 
+ 	switch (version) {
++	case -3: /* Anything *but* SSLv3 */
++		method = SSLv23_client_method();
++		ver_option = SSL_OP_NO_SSLv3;
++		break;
++	case -2: /* Anything *but* SSLv2 */
++		method = SSLv23_client_method();
++		ver_option = SSL_OP_NO_SSLv2;
++		break;
++	case -1: /* Anything *but* TLSv1 */
++		method = SSLv23_client_method();
++		ver_option = SSL_OP_NO_TLSv1;
++		break;
+ 	case 0: /* Deafult to auto negotiation */
+ 		method = SSLv23_client_method();
+ 		break;
+@@ -83,6 +96,7 @@
+ #ifdef SSL_OP_NO_TICKET
+ 	SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
+ #endif
++	if (ver_option) SSL_CTX_set_options(c, ver_option);
+ 	if ((s = SSL_new(c)) != NULL) {
+ #ifdef SSL_set_tlsext_host_name
+ 		if (host_name != NULL)
+--- nagios-plugins-1.4.16/plugins/check_http.c	2012-06-27 19:32:47.000000000 +0200
++++ nagios-plugins-1.4.16b/plugins/check_http.c	2013-04-30 12:08:48.000000000 +0200
+@@ -312,8 +312,8 @@
+         ssl_version = 0;
+       else {
+         ssl_version = atoi(optarg);
+-        if (ssl_version < 1 || ssl_version > 3)
+-            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
++        if (ssl_version < -3 || ssl_version > 3)
++            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2), 3 (SSLv3) and their negatives (exclude that version)"));
+       }
+       if (specify_port == FALSE)
+         server_port = HTTPS_PORT;
+@@ -1348,7 +1348,8 @@
+ #ifdef HAVE_SSL
+   printf (" %s\n", "-S, --ssl=VERSION");
+   printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
+-  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
++  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3) for positive values, or"));
++  printf ("    %s\n", _("use of the respective protocol in auto-negotiation when negative."));
+   printf (" %s\n", "--sni");
+   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+   printf (" %s\n", "-C, --certificate=INTEGER");
-- 
cgit v1.2.3-74-g34f1