summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f4a1984)
raw | patch | inline | side by side (parent: f4a1984)
author | M. Sean Finney <seanius@users.sourceforge.net> | |
Tue, 18 Oct 2005 22:35:29 +0000 (22:35 +0000) | ||
committer | M. Sean Finney <seanius@users.sourceforge.net> | |
Tue, 18 Oct 2005 22:35:29 +0000 (22:35 +0000) |
used if available, and gnutls is only used if openssl is not available
or explicitly disabled (--without-openssl). currently the only plugin
i've verified to work is check_tcp, but i had to disable cert checking.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c
or explicitly disabled (--without-openssl). currently the only plugin
i've verified to work is check_tcp, but i had to disable cert checking.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c
configure.in | patch | blob | history | |
plugins/check_tcp.c | patch | blob | history |
diff --git a/configure.in b/configure.in
index 86cb99fa44c6a11b7f5c4dbfd1bbe3c42483dd34..7ae486ce22925b8a0078b5405ed02d37d94ae60a 100644 (file)
--- a/configure.in
+++ b/configure.in
AC_PATH_PROG(PYTHON,python)
AC_PATH_PROG(SH,sh)
AC_PATH_PROG(PERL,perl)
+AC_PATH_PROG(LIBGNUTLS_CONFIG,libgnutls-config)
dnl allow them to override the path of perl
AC_ARG_WITH(perl,
with_perl=$withval,with_perl=$PERL)
AC_SUBST(PERL, $with_perl)
+dnl allow for gnutls, if it exists, instead of openssl
+AC_ARG_WITH(gnutls,
+ ACX_HELP_STRING([--with-gnutls=PATH],
+ [path to gnutls installation root]),
+ GNUTLS=$withval)
+
AC_PATH_PROG(HOSTNAME,hostname)
AC_PATH_PROG(BASENAME,basename)
CPPFLAGS="$_SAVEDCPPFLAGS"
fi
+
dnl Check for OpenSSL location
AC_PATH_PROG(OPENSSL,openssl)
if test "$OPENSSL" = "/usr/bin/openssl"; then
fi
fi
+dnl check for gnutls if openssl isn't found (or is disabled)
+FOUNDGNUTLS="no"
+if ! test "$FOUNDSSL" = "yes"; then
+ if test "$GNUTLS" = ""; then
+ CPPFLAGS="$CPPFLAGS -I$GNUTLS"
+ elif ! test "$LIBGNUTLS_CONFIG" = ""; then
+ CPPFLAGS="$CPPFLAGS -I`$LIBGNUTLS_CONFIG --prefix`"
+ fi
+ AC_CHECK_HEADERS([gnutls/openssl.h],FOUNDGNUTLS="yes",)
+ if test "$FOUNDGNUTLS" = "yes"; then
+ AC_CHECK_LIB(gnutls-openssl,main,SSLLIBS="-lgnutls-openssl")
+ FOUNDSSL="yes"
+ fi
+fi
+dnl end check for gnutls
+
if test "$FOUNDSSL" = "yes"; then
check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp"
AC_SUBST(check_tcp_ssl)
AC_SUBST(SSLLIBS)
AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found])
- with_openssl="yes"
+ if test "$FOUNDGNUTLS" = "no"; then
+ AC_DEFINE(USE_OPENSSL,1,[Define if using OpenSSL libraries])
+ with_openssl="yes"
+ with_gnutls="no"
+ else
+ AC_DEFINE(USE_GNUTLS,1,[Define if using gnutls libraries])
+ with_gnutls="yes"
+ with_openssl="no"
+ fi
else
if test "$FOUNDSSL" = "no"; then
AC_MSG_WARN([OpenSSL libs could not be found])
dnl else deliberately disabled
fi
with_openssl="no"
+ with_gnutls="no"
CPPFLAGS="$_SAVEDCPPFLAGS"
LDFLAGS="$_SAVEDLDFLAGS"
fi
ACX_FEATURE([with],[lwres])
ACX_FEATURE([with],[ipv6])
ACX_FEATURE([with],[openssl])
+ACX_FEATURE([with],[gnutls])
ACX_FEATURE([enable],[emulate-getaddrinfo])
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index ad8b0429009d40037f474d71f1daeae56e6a14d8..157588fdee4ebf4bfb954962399bd62635d23e5b 100644 (file)
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
#include "netutils.h"
#include "utils.h"
-#ifdef HAVE_SSL_H
-# include <rsa.h>
-# include <crypto.h>
-# include <x509.h>
-# include <pem.h>
-# include <ssl.h>
-# include <err.h>
+#ifdef HAVE_GNUTLS_OPENSSL_H
+# include <gnutls/openssl.h>
#else
-# ifdef HAVE_OPENSSL_SSL_H
-# include <openssl/rsa.h>
-# include <openssl/crypto.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/ssl.h>
-# include <openssl/err.h>
+# ifdef HAVE_SSL_H
+# include <rsa.h>
+# include <crypto.h>
+# include <x509.h>
+# include <pem.h>
+# include <ssl.h>
+# include <err.h>
+# else
+# ifdef HAVE_OPENSSL_SSL_H
+# include <openssl/rsa.h>
+# include <openssl/crypto.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# endif
# endif
#endif
static SSL *ssl;
static X509 *server_cert;
static int connect_SSL (void);
+# ifdef USE_OPENSSL
static int check_certificate (X509 **);
+# endif /* USE_OPENSSL */
# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))
#else
# define my_recv(buf, len) read(sd, buf, len)
if (flags & FLAG_SSL && check_cert == TRUE) {
if (connect_SSL () != OK)
die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
+# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
result = check_certificate (&server_cert);
X509_free(server_cert);
printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
result = STATE_CRITICAL;
}
+# endif /* USE_OPENSSL */
SSL_shutdown (ssl);
SSL_free (ssl);
break;
case 'D': /* Check SSL cert validity - days 'til certificate expiration */
#ifdef HAVE_SSL
+# ifdef USE_OPENSSL /* XXX */
if (!is_intnonneg (optarg))
usage2 (_("Invalid certificate expiration period"), optarg);
days_till_exp = atoi (optarg);
check_cert = TRUE;
flags |= FLAG_SSL;
break;
+# endif /* USE_OPENSSL */
#endif
/* fallthrough if we don't have ssl */
case 'S':
return OK;
/* ERR_print_errors_fp (stderr); */
printf (_("CRITICAL - Cannot make SSL connection "));
+#ifdef USE_OPENSSL /* XXX */
ERR_print_errors_fp (stdout);
+#endif /* USE_OPENSSL */
/* printf("\n"); */
}
else
return STATE_CRITICAL;
}
+#ifdef USE_OPENSSL /* XXX */
static int
check_certificate (X509 ** certificate)
{
return STATE_OK;
}
+# endif /* USE_OPENSSL */
#endif /* HAVE_SSL */