diff --git a/debian/patches/37_check_smtp_Adding_SNI b/debian/patches/37_check_smtp_Adding_SNI new file mode 100644 index 0000000..e92731b --- /dev/null +++ b/debian/patches/37_check_smtp_Adding_SNI @@ -0,0 +1,86 @@ +From 252272344ea63a164eabc1631e9b77450d2b1c4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= +Date: Fri, 30 Aug 2019 11:30:10 +0200 +Subject: [PATCH 1/2] Add support for SNI in check_smtp. + +Add support for SSL/TLS hostname extension support (SNI) for check_smtp +plugin. + +Backported from nagios-plugins: +https://github.com/nagios-plugins/nagios-plugins/commit/9f1628f4b5525335ce1d6e48e8ac8b07d0757f82 +--- + plugins/check_smtp.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c +index 70191ad92..c0ab838ac 100644 +--- a/plugins/check_smtp.c ++++ b/plugins/check_smtp.c +@@ -103,6 +103,7 @@ double critical_time = 0; + int check_critical_time = FALSE; + int verbose = 0; + int use_ssl = FALSE; ++int use_sni = FALSE; + short use_proxy_prefix = FALSE; + short use_ehlo = FALSE; + short use_lhlo = FALSE; +@@ -234,7 +235,7 @@ main (int argc, char **argv) + smtp_quit(); + return STATE_UNKNOWN; + } +- result = np_net_ssl_init(sd); ++ result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); + if(result != STATE_OK) { + printf (_("CRITICAL - Cannot create SSL context.\n")); + close(sd); +@@ -463,6 +464,10 @@ process_arguments (int argc, char **argv) + int c; + char* temp; + ++ enum { ++ SNI_OPTION ++ }; ++ + int option = 0; + static struct option longopts[] = { + {"hostname", required_argument, 0, 'H'}, +@@ -485,6 +490,7 @@ process_arguments (int argc, char **argv) + {"help", no_argument, 0, 'h'}, + {"lmtp", no_argument, 0, 'L'}, + {"starttls",no_argument,0,'S'}, ++ {"sni", no_argument, 0, SNI_OPTION}, + {"certificate",required_argument,0,'D'}, + {"ignore-quit-failure",no_argument,0,'q'}, + {"proxy",no_argument,0,'r'}, +@@ -631,6 +637,13 @@ process_arguments (int argc, char **argv) + use_ssl = TRUE; + use_ehlo = TRUE; + break; ++ case SNI_OPTION: ++#ifdef HAVE_SSL ++ use_sni = TRUE; ++#else ++ usage (_("SSL support not available - install OpenSSL and recompile")); ++#endif ++ break; + case 'r': + use_proxy_prefix = TRUE; + break; +@@ -839,6 +852,8 @@ print_help (void) + printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); + printf (" %s\n", "-S, --starttls"); + printf (" %s\n", _("Use STARTTLS for the connection.")); ++ printf (" %s\n", "--sni"); ++ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); + #endif + + printf (" %s\n", "-A, --authtype=STRING"); +@@ -875,6 +890,6 @@ print_usage (void) + printf ("%s\n", _("Usage:")); + printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname); + printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); +- printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [-v] \n"); ++ printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n"); + } + + diff --git a/debian/patches/series b/debian/patches/series index e0639fc..f3436e7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -23,3 +23,4 @@ 33_check_procs_exclude-process 34_check_curl_fix_compare_warning 36_check_smtp_adding_proxy_header +37_check_smtp_Adding_SNI