diff options
| author |  M. Sean Finney <seanius@users.sourceforge.net>
| 2005-10-19 12:59:55 +0000 |
|---|---|---|
| committer | M. Sean Finney <seanius@users.sourceforge.net>
| 2005-10-19 12:59:55 +0000 |
| commit | 65282c7685ca01c57d94d3df93c2f95d5b945e57 (patch) | |
| tree | eb1d0c95752126bd526d939332d14bf40cf7d1f7 /plugins/check_http.c | |
| parent | 8611341fb989382545c0c934c700e027d9bbab15 (diff) | |
| download | monitoring-plugins-65282c7685ca01c57d94d3df93c2f95d5b945e57.tar.gz | |
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple
inclusions (as netlibs now includes common.h)
- all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though
certificate checking still needs to be done.
- modified configure script so you can also explicitly say "without-gnutls"
too (otherwise if you disable openssl you have no way of disabling
gnutls too)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1255 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/check_http.c')
| -rw-r--r-- | plugins/check_http.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c index 35b2cca3..d47f5ce6 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -65,7 +65,9 @@ SSL_CTX *ctx; SSL *ssl; X509 *server_cert; int connect_SSL (void); +# ifdef USE_OPENSSL int check_certificate (X509 **); +# endif #endif int no_body = FALSE; int maximum_age = -1; @@ -166,7 +168,7 @@ main (int argc, char **argv) (void) alarm (socket_timeout); gettimeofday (&tv, NULL); -#ifdef HAVE_SSL +#ifdef USE_OPENSSL if (use_ssl && check_cert == TRUE) { if (connect_SSL () != OK) die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n")); @@ -305,7 +307,7 @@ process_arguments (int argc, char **argv) server_port = HTTPS_PORT; break; case 'C': /* Check SSL cert validity */ -#ifdef HAVE_SSL +#ifdef USE_OPENSSL if (!is_intnonneg (optarg)) usage2 (_("Invalid certificate expiration period"), optarg); else { @@ -799,10 +801,11 @@ check_http (void) if (connect_SSL () != OK) { die (STATE_CRITICAL, _("Unable to open TCP socket\n")); } - +#ifdef USE_OPENSSL if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { X509_free (server_cert); } +#endif else { printf (_("CRITICAL - Cannot retrieve server certificate.\n")); return STATE_CRITICAL; @@ -857,7 +860,9 @@ check_http (void) #ifdef HAVE_SSL if (use_ssl == TRUE) { if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) { +# ifdef USE_OPENSSL ERR_print_errors_fp (stderr); +# endif return STATE_CRITICAL; } } @@ -1278,11 +1283,15 @@ int connect_SSL (void) if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) { /* Do the SSL handshake */ if ((ssl = SSL_new (ctx)) != NULL) { +#ifdef USE_OPENSSL SSL_set_cipher_list(ssl, "ALL"); +#endif SSL_set_fd (ssl, sd); if (SSL_connect (ssl) != -1) return OK; +#ifdef USE_OPENSSL ERR_print_errors_fp (stderr); +#endif } else { printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); @@ -1299,7 +1308,7 @@ int connect_SSL (void) -#ifdef HAVE_SSL +#ifdef USE_OPENSSL int check_certificate (X509 ** certificate) { |