aboutsummaryrefslogtreecommitdiff
path: root/plugins/sslutils.c
AgeCommit message (Collapse)Author
2014-06-12Fix compilation with GnuTLSGravatar Holger Weiss
GnuTLS doesn't provide a SSL_CTX_check_private_key() function. Closes #1254.
2014-01-19Project rename initial commit.Gravatar Monitoring Plugins Development Team
This is an initial take at renaming the project to Monitoring Plugins. It's not expected to be fully complete, and it is expected to break things (The perl module for instance). More testing will be required before this goes mainline.
2013-09-10Don't mark SSL_METHOD variable as "const"Gravatar Holger Weiss
The SSL_CTX_new(3) function expects a non-"const" SSL_METHOD value.
2013-09-10Move global variables from .h to .c filesGravatar Holger Weiss
Simplify things by moving the definition of global variables into .c files, where they belong.
2013-08-20Set SSL_MODE_AUTO_RETRY flagGravatar Holger Weiss
We use OpenSSL (or GnuTLS) with blocking semantics, and we don't want SSL_read(3) or SSL_write(3) calls to return SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE (see #3614716).
2013-08-18Abbreviate function nameGravatar Holger Weiss
Make a very long function name at least a little bit shorter.
2013-05-17added support for client authentication via SSLGravatar Lionel Cons
2012-06-25check_http: added test for warning thresholdsGravatar Sven Nierlein
fixed typo in sslutils
2012-06-25applied patch that adds both critical and warning thresholds to certificate ↵Gravatar William Leibzon
expiration checks of check_tcp, check_http, check_smtp
2012-06-11Fix whitespace and capitalization issuesGravatar Holger Weiss
Fix indentation and whitespace issues, and correct some capitalization errors in error messages. The behaviour is unchanged.
2012-06-11Don't use SSLv2 when compiling against GnuTLSGravatar Holger Weiss
GnuTLS doesn't support SSL version 2.
2012-06-06sslutils: Check if OpenSSL supports SSLv2.Gravatar Sebastian Harl
Recent versions/builds seem to disable that feature.
2012-05-28Add support for specifying SSL protocol versionGravatar Holger Weiss
The check_http -S/--ssl option now takes an optional argument which specifies the desired SSL/TLS protocol version (#3285367 - Jason Lunn).
2012-05-07Disable stateless SSL session resumptionGravatar Holger Weiss
Some versions of OpenSSL fail to negotiate the SSL connection with at least some versions of Tomcat if stateless SSL session resumption support (see RFC4507) is enabled: | CRITICAL - Cannot make SSL connection | 140099330348712:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1195:SSL alert number 10 The problem is reproducible with OpenSSL 1.0.0h, but not with OpenSSL 0.9.8o-4squeeze12 (as shipped with Debian 6.0.4). We work around it by disabling the RFC4507 functionality when using OpenSSL versions which support it. Thanks to Dag Bakke for reporting the issue and for giving me access to a server I could use to reproduce the problem.
2011-02-04check_http: check for and print the certificate cnGravatar Thomas Guyot-Sionnest
This patch adds a check for the certificate cn (hostname) to normal certificate checks. It returns CRITICAL if th cn is missing, otherwise it prints it in the normal output. Patch by Stéphane Urbanovski
2009-05-20Whitespace changes onlyGravatar Thomas Guyot-Sionnest
2009-05-20check_http: Add SSL/TLS hostname extension support (SNI) - (#1939022 - Joe ↵Gravatar Thomas Guyot-Sionnest
Presbrey)
2009-03-19Revert "Add timezone support and fix checks around cert expiration" (keep ↵Gravatar Thomas Guyot-Sionnest
the expiration fix) This reverts commit d41a33a434558189300113c28b26e2d3d681d390.
2009-03-18Add timezone support and fix checks around cert expirationGravatar Thomas Guyot-Sionnest
2008-11-23Removing CVS/SVN tags and replacing with git-based versioningGravatar Thomas Guyot-Sionnest
For contrib/, full tags have been imported from subversion git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2091 f882894a-f735-0410-b71e-b25c423dba1c
2008-01-31Bump plugins/ to GPLv3 (non-plugind files)Gravatar Thomas Guyot-Sionnest
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1918 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Call the SSL library initialization functions only once (not for everyGravatar Holger Weiss
SSL connection). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1726 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Save an entire CPU cycle if c points to NULL already.Gravatar Holger Weiss
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1725 f882894a-f735-0410-b71e-b25c423dba1c
2007-06-01Set the pointers to the SSL and SSL_CTX objects back to NULL afterGravatar Holger Weiss
freeing them in np_net_ssl_cleanup(). This fixes a check_http segfault if an SSL site redirects to a non-SSL one (reported by Aravind Gottipati via IRC). git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1724 f882894a-f735-0410-b71e-b25c423dba1c
2006-06-18updating help and usage and licenseGravatar Benoit Mortier
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1434 f882894a-f735-0410-b71e-b25c423dba1c
2005-10-31code cleanups, largely resulting from turning on -Wall. mostlyGravatar M. Sean Finney
unused variables and explicit casting issues, but there were a couple gotchas in there too. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1267 f882894a-f735-0410-b71e-b25c423dba1c
2005-10-23- compartmentalized ssl code into seperate sslutils.cGravatar M. Sean Finney
- ssl-related cleanups in configure.in, and now openssl/gnutls options automatically disable each other. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c