Adding d/p/37_check_smtp_Adding_SNI from upstream

2023-06-19 09:07:18 +02:00 · 2023-06-19 09:07:18 +02:00 · 0250eb9348
parent a20810f737
commit 0250eb9348
2 changed files with 87 additions and 0 deletions
--- a/debian/patches/37_check_smtp_Adding_SNI
+++ b/debian/patches/37_check_smtp_Adding_SNI
@ -0,0 +1,86 @@
 From 252272344ea63a164eabc1631e9b77450d2b1c4b Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
 Date: Fri, 30 Aug 2019 11:30:10 +0200
 Subject: [PATCH 1/2] Add support for SNI in check_smtp.
 Add support for SSL/TLS hostname extension support (SNI) for check_smtp
 plugin.
 Backported from nagios-plugins:
 https://github.com/nagios-plugins/nagios-plugins/commit/9f1628f4b5525335ce1d6e48e8ac8b07d0757f82
 ---
 plugins/check_smtp.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)
 diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
 index 70191ad92..c0ab838ac 100644
 --- a/plugins/check_smtp.c
 +++ b/plugins/check_smtp.c
@@ -103,6 +103,7 @@ double critical_time = 0;
 int check_critical_time = FALSE;
 int verbose = 0;
 int use_ssl = FALSE;
 +int use_sni = FALSE;
 short use_proxy_prefix = FALSE;
 short use_ehlo = FALSE;
 short use_lhlo = FALSE;
@@ -234,7 +235,7 @@ main (int argc, char **argv)
 		    smtp_quit();
 		    return STATE_UNKNOWN;
 		  }
 -		  result = np_net_ssl_init(sd);
 +		  result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
 		  if(result != STATE_OK) {
 		    printf (_("CRITICAL - Cannot create SSL context.\n"));
 		    close(sd);
@@ -463,6 +464,10 @@ process_arguments (int argc, char **argv)
 	int c;
 	char* temp;
 +	enum {
 +	  SNI_OPTION
 +	};
 +
 	int option = 0;
 	static struct option longopts[] = {
 		{"hostname", required_argument, 0, 'H'},
@@ -485,6 +490,7 @@ process_arguments (int argc, char **argv)
 		{"help", no_argument, 0, 'h'},
 		{"lmtp", no_argument, 0, 'L'},
 		{"starttls",no_argument,0,'S'},
 +		{"sni", no_argument, 0, SNI_OPTION},
 		{"certificate",required_argument,0,'D'},
 		{"ignore-quit-failure",no_argument,0,'q'},
 		{"proxy",no_argument,0,'r'},
@@ -631,6 +637,13 @@ process_arguments (int argc, char **argv)
 			use_ssl = TRUE;
 			use_ehlo = TRUE;
 			break;
 +		case SNI_OPTION:
 +#ifdef HAVE_SSL
 +			use_sni = TRUE;
 +#else
 +			usage (_("SSL support not available - install OpenSSL and recompile"));
 +#endif
 +			break;
 		case 'r':
 			use_proxy_prefix = TRUE;
 			break;
@@ -839,6 +852,8 @@ print_help (void)
   printf ("    %s\n", _("Minimum number of days a certificate has to be valid."));
   printf (" %s\n", "-S, --starttls");
   printf ("    %s\n", _("Use STARTTLS for the connection."));
 +  printf (" %s\n", "--sni");
 +  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
 #endif
 	printf (" %s\n", "-A, --authtype=STRING");
@@ -875,6 +890,6 @@ print_usage (void)
   printf ("%s\n", _("Usage:"));
   printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
   printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
 -  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [-v] \n");
 +  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n");
 }
--- a/debian/patches/series
+++ b/debian/patches/series
@ -23,3 +23,4 @@
 33_check_procs_exclude-process
 34_check_curl_fix_compare_warning
 36_check_smtp_adding_proxy_header
 37_check_smtp_Adding_SNI