From 8611341fb989382545c0c934c700e027d9bbab15 Mon Sep 17 00:00:00 2001 From: "M. Sean Finney" Date: Tue, 18 Oct 2005 22:35:29 +0000 Subject: [PATCH] initial "experimental" support for gnutls. by default openssl is still used if available, and gnutls is only used if openssl is not available or explicitly disabled (--without-openssl). currently the only plugin i've verified to work is check_tcp, but i had to disable cert checking. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1254 f882894a-f735-0410-b71e-b25c423dba1c --- configure.in | 36 +++++++++++++++++++++++++++++++++++- plugins/check_tcp.c | 42 ++++++++++++++++++++++++++++-------------- 2 files changed, 63 insertions(+), 15 deletions(-) diff --git a/configure.in b/configure.in index 86cb99f..7ae486c 100644 --- a/configure.in +++ b/configure.in @@ -103,6 +103,7 @@ dnl Checks for programs. AC_PATH_PROG(PYTHON,python) AC_PATH_PROG(SH,sh) AC_PATH_PROG(PERL,perl) +AC_PATH_PROG(LIBGNUTLS_CONFIG,libgnutls-config) dnl allow them to override the path of perl AC_ARG_WITH(perl, @@ -111,6 +112,12 @@ AC_ARG_WITH(perl, with_perl=$withval,with_perl=$PERL) AC_SUBST(PERL, $with_perl) +dnl allow for gnutls, if it exists, instead of openssl +AC_ARG_WITH(gnutls, + ACX_HELP_STRING([--with-gnutls=PATH], + [path to gnutls installation root]), + GNUTLS=$withval) + AC_PATH_PROG(HOSTNAME,hostname) AC_PATH_PROG(BASENAME,basename) @@ -409,6 +416,7 @@ if test "$FOUNDINCLUDE" = "no"; then CPPFLAGS="$_SAVEDCPPFLAGS" fi + dnl Check for OpenSSL location AC_PATH_PROG(OPENSSL,openssl) if test "$OPENSSL" = "/usr/bin/openssl"; then @@ -478,18 +486,43 @@ else fi fi +dnl check for gnutls if openssl isn't found (or is disabled) +FOUNDGNUTLS="no" +if ! test "$FOUNDSSL" = "yes"; then + if test "$GNUTLS" = ""; then + CPPFLAGS="$CPPFLAGS -I$GNUTLS" + elif ! test "$LIBGNUTLS_CONFIG" = ""; then + CPPFLAGS="$CPPFLAGS -I`$LIBGNUTLS_CONFIG --prefix`" + fi + AC_CHECK_HEADERS([gnutls/openssl.h],FOUNDGNUTLS="yes",) + if test "$FOUNDGNUTLS" = "yes"; then + AC_CHECK_LIB(gnutls-openssl,main,SSLLIBS="-lgnutls-openssl") + FOUNDSSL="yes" + fi +fi +dnl end check for gnutls + if test "$FOUNDSSL" = "yes"; then check_tcp_ssl="check_simap check_spop check_jabber check_nntps check_ssmtp" AC_SUBST(check_tcp_ssl) AC_SUBST(SSLLIBS) AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) - with_openssl="yes" + if test "$FOUNDGNUTLS" = "no"; then + AC_DEFINE(USE_OPENSSL,1,[Define if using OpenSSL libraries]) + with_openssl="yes" + with_gnutls="no" + else + AC_DEFINE(USE_GNUTLS,1,[Define if using gnutls libraries]) + with_gnutls="yes" + with_openssl="no" + fi else if test "$FOUNDSSL" = "no"; then AC_MSG_WARN([OpenSSL libs could not be found]) dnl else deliberately disabled fi with_openssl="no" + with_gnutls="no" CPPFLAGS="$_SAVEDCPPFLAGS" LDFLAGS="$_SAVEDLDFLAGS" fi @@ -1597,4 +1630,5 @@ ACX_FEATURE([with],[ping6-command]) ACX_FEATURE([with],[lwres]) ACX_FEATURE([with],[ipv6]) ACX_FEATURE([with],[openssl]) +ACX_FEATURE([with],[gnutls]) ACX_FEATURE([enable],[emulate-getaddrinfo]) diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index ad8b042..157588f 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -28,21 +28,25 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; #include "netutils.h" #include "utils.h" -#ifdef HAVE_SSL_H -# include -# include -# include -# include -# include -# include +#ifdef HAVE_GNUTLS_OPENSSL_H +# include #else -# ifdef HAVE_OPENSSL_SSL_H -# include -# include -# include -# include -# include -# include +# ifdef HAVE_SSL_H +# include +# include +# include +# include +# include +# include +# else +# ifdef HAVE_OPENSSL_SSL_H +# include +# include +# include +# include +# include +# include +# endif # endif #endif @@ -54,7 +58,9 @@ static SSL_CTX *ctx; static SSL *ssl; static X509 *server_cert; static int connect_SSL (void); +# ifdef USE_OPENSSL static int check_certificate (X509 **); +# endif /* USE_OPENSSL */ # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) #else # define my_recv(buf, len) read(sd, buf, len) @@ -231,6 +237,7 @@ main (int argc, char **argv) if (flags & FLAG_SSL && check_cert == TRUE) { if (connect_SSL () != OK) die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); +# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { result = check_certificate (&server_cert); X509_free(server_cert); @@ -239,6 +246,7 @@ main (int argc, char **argv) printf(_("CRITICAL - Cannot retrieve server certificate.\n")); result = STATE_CRITICAL; } +# endif /* USE_OPENSSL */ SSL_shutdown (ssl); SSL_free (ssl); @@ -563,12 +571,14 @@ process_arguments (int argc, char **argv) break; case 'D': /* Check SSL cert validity - days 'til certificate expiration */ #ifdef HAVE_SSL +# ifdef USE_OPENSSL /* XXX */ if (!is_intnonneg (optarg)) usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp = atoi (optarg); check_cert = TRUE; flags |= FLAG_SSL; break; +# endif /* USE_OPENSSL */ #endif /* fallthrough if we don't have ssl */ case 'S': @@ -626,7 +636,9 @@ connect_SSL (void) return OK; /* ERR_print_errors_fp (stderr); */ printf (_("CRITICAL - Cannot make SSL connection ")); +#ifdef USE_OPENSSL /* XXX */ ERR_print_errors_fp (stdout); +#endif /* USE_OPENSSL */ /* printf("\n"); */ } else @@ -642,6 +654,7 @@ connect_SSL (void) return STATE_CRITICAL; } +#ifdef USE_OPENSSL /* XXX */ static int check_certificate (X509 ** certificate) { @@ -715,6 +728,7 @@ check_certificate (X509 ** certificate) return STATE_OK; } +# endif /* USE_OPENSSL */ #endif /* HAVE_SSL */ -- 2.30.2