debian/pkg-monitoring-plugins
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Drop patches integrated upstream

Browse source
This commit is contained in:
Jan Wagner 2016-11-30 14:58:15 +01:00
parent 055195ca56
commit 79b42f53ea
6 changed files with 0 additions and 656 deletions
Download patch file Download diff file Expand all files Collapse all files

28
debian/patches/15_check_smtp_expect vendored
View file

@ -1,28 +0,0 @@
From b6de2341f8683d51b8723b772e4753507b1607f5 Mon Sep 17 00:00:00 2001
From: Oliver Skibbe <oliskibbe@gmail.com>
Date: Thu, 8 Oct 2015 09:04:29 +0200
Subject: [PATCH] check_smtp.c: modified SSL check for use with -e
- currently STARTTLS check does not work with -e if there's text
like '220 hostname ESMTP*'. This is caused by SMTP answer from
host. Postfix answer: 220 2.0.0 Ready to start TLS, Exchange
2010: 220 2.0.0 SMTP server ready. This fix checks against 220
closes #1093
---
plugins/check_smtp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 2e9b68b..1996c6d 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -231,7 +231,7 @@ main (int argc, char **argv)
send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
- if (!strstr (buffer, server_expect)) {
+ if (!strstr (buffer, SMTP_EXPECT)) {
printf (_("Server does not support STARTTLS\n"));
smtp_quit();
return STATE_UNKNOWN;

31
debian/patches/16_check_smtp_quit vendored
View file

@ -1,31 +0,0 @@
From b317aaf32a8a054f0274aef9137353bffef7a80c Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Tue, 6 Oct 2015 23:21:17 +0200
Subject: [PATCH] check_smtp: QUIT SMTP connection when "-D" is used
Don't forget to issue an SMTP QUIT command when the -D/--certificate
option is specified. This avoids undesired MTA log messages.
---
plugins/check_smtp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 56040ff..753ea3e 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -276,6 +276,7 @@ main (int argc, char **argv)
# ifdef USE_OPENSSL
if ( check_cert ) {
result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+ smtp_quit();
my_close();
return result;
}
@@ -607,6 +608,7 @@ process_arguments (int argc, char **argv)
days_till_exp_warn = atoi (optarg);
}
check_cert = TRUE;
+ ignore_send_quit_failure = TRUE;
#else
usage (_("SSL support not available - install OpenSSL and recompile"));
#endif

36
debian/patches/17_check_smtp_forcetls_on_cert vendored
View file

@ -1,36 +0,0 @@
From dfe66c01c0b556dfbac9c1d901d3ba9ed6a1deac Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Tue, 6 Oct 2015 23:28:24 +0200
Subject: [PATCH] check_smtp: Let "-D" option imply "-S"
---
plugins/check_smtp.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 753ea3e..2e9b68b 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -582,11 +582,6 @@ process_arguments (int argc, char **argv)
usage4 (_("Timeout interval must be a positive integer"));
}
break;
- case 'S':
- /* starttls */
- use_ssl = TRUE;
- use_ehlo = TRUE;
- break;
case 'D':
/* Check SSL cert validity */
#ifdef USE_OPENSSL
@@ -612,6 +607,10 @@ process_arguments (int argc, char **argv)
#else
usage (_("SSL support not available - install OpenSSL and recompile"));
#endif
+ case 'S':
+ /* starttls */
+ use_ssl = TRUE;
+ use_ehlo = TRUE;
break;
case '4':
address_family = AF_INET;

347
debian/patches/20_check_radius_radcli vendored
View file

@ -1,347 +0,0 @@
--- a/configure.ac
+++ b/configure.ac
@@ -273,26 +273,33 @@
dnl Check for radius libraries
AS_IF([test "x$with_radius" != "xno"], [
_SAVEDLIBS="$LIBS"
- AC_CHECK_LIB(freeradius-client,rc_read_config)
- if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then
+ AC_CHECK_LIB(radcli,rc_read_config)
+ if test "$ac_cv_lib_radcli_rc_read_config" = "yes"; then
EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
- RADIUSLIBS="-lfreeradius-client"
+ RADIUSLIBS="-lradcli"
AC_SUBST(RADIUSLIBS)
else
- AC_CHECK_LIB(radiusclient-ng,rc_read_config)
- if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then
+ AC_CHECK_LIB(freeradius-client,rc_read_config)
+ if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then
EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
- RADIUSLIBS="-lradiusclient-ng"
+ RADIUSLIBS="-lfreeradius-client"
AC_SUBST(RADIUSLIBS)
else
- AC_CHECK_LIB(radiusclient,rc_read_config)
- if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then
+ AC_CHECK_LIB(radiusclient-ng,rc_read_config)
+ if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then
EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
- RADIUSLIBS="-lradiusclient"
+ RADIUSLIBS="-lradiusclient-ng"
AC_SUBST(RADIUSLIBS)
else
- AC_MSG_WARN([Skipping radius plugin])
- AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).])
+ AC_CHECK_LIB(radiusclient,rc_read_config)
+ if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then
+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
+ RADIUSLIBS="-lradiusclient"
+ AC_SUBST(RADIUSLIBS)
+ else
+ AC_MSG_WARN([Skipping radius plugin])
+ AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).])
+ fi
fi
fi
fi
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -36,7 +36,9 @@
#include "utils.h"
#include "netutils.h"
-#if defined(HAVE_LIBFREERADIUS_CLIENT)
+#if defined(HAVE_LIBRADCLI)
+#include <radcli/radcli.h>
+#elif defined(HAVE_LIBFREERADIUS_CLIENT)
#include <freeradius-client.h>
#elif defined(HAVE_LIBRADIUSCLIENT_NG)
#include <radiusclient-ng.h>
@@ -48,22 +50,24 @@
void print_help (void);
void print_usage (void);
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
#define my_rc_conf_str(a) rc_conf_str(rch,a)
+#if defined(HAVE_LIBRADCLI)
+#define my_rc_send_server(a,b) rc_send_server(rch,a,b,AUTH)
+#else
#define my_rc_send_server(a,b) rc_send_server(rch,a,b)
-#ifdef HAVE_LIBFREERADIUS_CLIENT
+#endif
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI)
#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f)
#else
#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f)
#endif
-#define my_rc_own_ipaddress() rc_own_ipaddress(rch)
#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d)
#define my_rc_read_dictionary(a) rc_read_dictionary(rch, a)
#else
#define my_rc_conf_str(a) rc_conf_str(a)
#define my_rc_send_server(a,b) rc_send_server(a, b)
#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f)
-#define my_rc_own_ipaddress() rc_own_ipaddress()
#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
#define my_rc_read_dictionary(a) rc_read_dictionary(a)
#endif
@@ -76,7 +80,7 @@
int my_rc_read_config(char *);
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
rc_handle *rch = NULL;
#endif
@@ -90,7 +94,6 @@
unsigned short port = PW_AUTH_UDP_PORT;
int retries = 1;
int verbose = FALSE;
-ENV *env = NULL;
/******************************************************************************
@@ -150,6 +153,8 @@
int
main (int argc, char **argv)
{
+ struct sockaddr_storage ss;
+ char name[HOST_NAME_MAX];
char msg[BUFFER_LEN];
SEND_DATA data;
int result = STATE_UNKNOWN;
@@ -185,15 +190,14 @@
die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n"));
}
- if (nasipaddress != NULL) {
- if (rc_good_ipaddr (nasipaddress))
- die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
- if ((client_id = rc_get_ipaddr(nasipaddress)) == 0)
- die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
- } else {
- if ((client_id = my_rc_own_ipaddress ()) == 0)
- die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address\n"));
+ if (nasipaddress == NULL) {
+ if (gethostname (name, sizeof(name)) != 0)
+ die (STATE_UNKNOWN, _("gethostname() failed!\n"));
+ nasipaddress = name;
}
+ if (!dns_lookup (nasipaddress, &ss, AF_INET)) /* TODO: Support IPv6. */
+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
+ client_id = ntohl (((struct sockaddr_in *)&ss)->sin_addr.s_addr);
if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL)
die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
@@ -399,7 +403,7 @@
int my_rc_read_config(char * a)
{
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
rch = rc_read_config(a);
return (rch == NULL) ? 1 : 0;
#else
--- a/config.h.in
+++ b/config.h.in
@@ -483,6 +483,9 @@
/* Define to 1 if you have the `pthread' library (-lpthread). */
#undef HAVE_LIBPTHREAD
+/* Define to 1 if you have the `radcli' library (-lradcli). */
+#undef HAVE_LIBRADCLI
+
/* Define to 1 if you have the `radiusclient' library (-lradiusclient). */
#undef HAVE_LIBRADIUSCLIENT
--- a/configure
+++ b/configure
@@ -14963,7 +14963,57 @@
if test "x$with_radius" != "xno"; then :
_SAVEDLIBS="$LIBS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lfreeradius-client" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradcli" >&5
+$as_echo_n "checking for rc_read_config in -lradcli... " >&6; }
+if ${ac_cv_lib_radcli_rc_read_config+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lradcli $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char rc_read_config ();
+int
+main ()
+{
+return rc_read_config ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_radcli_rc_read_config=yes
+else
+ ac_cv_lib_radcli_rc_read_config=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_radcli_rc_read_config" >&5
+$as_echo "$ac_cv_lib_radcli_rc_read_config" >&6; }
+if test "x$ac_cv_lib_radcli_rc_read_config" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBRADCLI 1
+_ACEOF
+
+ LIBS="-lradcli $LIBS"
+
+fi
+
+ if test "$ac_cv_lib_radcli_rc_read_config" = "yes"; then
+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
+ RADIUSLIBS="-lradcli"
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lfreeradius-client" >&5
$as_echo_n "checking for rc_read_config in -lfreeradius-client... " >&6; }
if ${ac_cv_lib_freeradius_client_rc_read_config+:} false; then :
$as_echo_n "(cached) " >&6
@@ -15008,12 +15058,12 @@
fi
- if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then
- EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
- RADIUSLIBS="-lfreeradius-client"
+ if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then
+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
+ RADIUSLIBS="-lfreeradius-client"
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient-ng" >&5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient-ng" >&5
$as_echo_n "checking for rc_read_config in -lradiusclient-ng... " >&6; }
if ${ac_cv_lib_radiusclient_ng_rc_read_config+:} false; then :
$as_echo_n "(cached) " >&6
@@ -15058,12 +15108,12 @@
fi
- if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then
- EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
- RADIUSLIBS="-lradiusclient-ng"
+ if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then
+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
+ RADIUSLIBS="-lradiusclient-ng"
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient" >&5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient" >&5
$as_echo_n "checking for rc_read_config in -lradiusclient... " >&6; }
if ${ac_cv_lib_radiusclient_rc_read_config+:} false; then :
$as_echo_n "(cached) " >&6
@@ -15108,15 +15158,16 @@
fi
- if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then
- EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
- RADIUSLIBS="-lradiusclient"
+ if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then
+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)"
+ RADIUSLIBS="-lradiusclient"
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Skipping radius plugin" >&5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Skipping radius plugin" >&5
$as_echo "$as_me: WARNING: Skipping radius plugin" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: install radius libs to compile this plugin (see REQUIREMENTS)." >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: install radius libs to compile this plugin (see REQUIREMENTS)." >&5
$as_echo "$as_me: WARNING: install radius libs to compile this plugin (see REQUIREMENTS)." >&2;}
+ fi
fi
fi
fi
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -357,20 +357,21 @@
}
int
-resolve_host_or_addr (const char *address, int family)
+dns_lookup (const char *in, struct sockaddr_storage *ss, int family)
{
struct addrinfo hints;
struct addrinfo *res;
int retval;
- memset (&hints, 0, sizeof (hints));
+ memset (&hints, 0, sizeof(struct addrinfo));
hints.ai_family = family;
- retval = getaddrinfo (address, NULL, &hints, &res);
+ retval = getaddrinfo (in, NULL, &hints, &res);
if (retval != 0)
return FALSE;
- else {
- freeaddrinfo (res);
- return TRUE;
- }
+
+ if (ss != NULL)
+ memcpy (ss, res->ai_addr, res->ai_addrlen);
+ freeaddrinfo (res);
+ return TRUE;
}
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -45,6 +45,10 @@
# endif /* UNIX_PATH_MAX */
#endif /* HAVE_SYS_UN_H */
+#ifndef HOST_MAX_BYTES
+# define HOST_MAX_BYTES 255
+#endif
+
/* process_request and wrapper macros */
#define process_tcp_request(addr, port, sbuf, rbuf, rsize) \
process_request(addr, port, IPPROTO_TCP, sbuf, rbuf, rsize)
@@ -71,8 +75,9 @@
/* "is_*" wrapper macros and functions */
int is_host (const char *);
int is_addr (const char *);
-int resolve_host_or_addr (const char *, int);
+int dns_lookup (const char *, struct sockaddr_storage *, int);
void host_or_die(const char *str);
+#define resolve_host_or_addr(addr, family) dns_lookup(addr, NULL, family)
#define is_inet_addr(addr) resolve_host_or_addr(addr, AF_INET)
#ifdef USE_IPV6
# define is_inet6_addr(addr) resolve_host_or_addr(addr, AF_INET6)
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -59,10 +59,6 @@
#define SMTP_STARTTLS "STARTTLS\r\n"
#define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
-#ifndef HOST_MAX_BYTES
-#define HOST_MAX_BYTES 255
-#endif
-
#define EHLO_SUPPORTS_STARTTLS 1
int process_arguments (int, char **);

204
debian/patches/21_openssl11 vendored
View file

@ -1,204 +0,0 @@
From fe1c4bb0e5ea3632d608a6b8b7e51d580856d833 Mon Sep 17 00:00:00 2001
From: vagrant <vagrant@debiantesting-64>
Date: Sun, 13 Nov 2016 19:39:46 +0000
Subject: [PATCH] add openssl 1.1 support
changes:
- CRYPTO_lock detection replaced in configure.ac. We don't use that
function anywhere, so just replace it with the suggested one from
https://wiki.openssl.org/index.php/Library_Initialization#Autoconf
- OPENSSL_NO_SSL2 is no longer defined while ssl2 is not included.
Set it ourself using the suggested openssl 1.1 version check from
https://wiki.openssl.org/index.php/1.1_API_Changes#Backward_compatibility
- openssl 1.1 sends a sigpipe if the connection is still open when
calling SSL_shutdown(), so move the close before the shutdown.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
---
configure.ac | 6 +++---
plugins/check_http.c | 4 ++--
plugins/check_smtp.c | 8 +++++---
plugins/check_tcp.c | 4 ++--
plugins/common.h | 7 +++++++
5 files changed, 19 insertions(+), 10 deletions(-)
--- a/configure.ac
+++ b/configure.ac
@@ -493,15 +493,15 @@
dnl Check for crypto lib
_SAVEDLIBS="$LIBS"
LIBS="-L${with_openssl}/lib"
- AC_CHECK_LIB(crypto,CRYPTO_lock)
- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then
+ AC_CHECK_LIB(crypto,CRYPTO_new_ex_data)
+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
dnl Check for SSL lib
AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto)
fi
LIBS="$_SAVEDLIBS"
dnl test headers and libs to decide whether check_http should use SSL
- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then
+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
if test "$ac_cv_lib_ssl_main" = "yes"; then
if test "$FOUNDINCLUDE" = "yes"; then
FOUNDOPENSSL="yes"
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -886,8 +886,8 @@
elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
- np_net_ssl_cleanup();
if (sd) close(sd);
+ np_net_ssl_cleanup();
return result;
}
}
@@ -1005,10 +1005,10 @@
die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));
/* close the connection */
+ if (sd) close(sd);
#ifdef HAVE_SSL
np_net_ssl_cleanup();
#endif
- if (sd) close(sd);
/* Save check time */
microsec = deltime (tv);
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -239,8 +239,8 @@
result = np_net_ssl_init(sd);
if(result != STATE_OK) {
printf (_("CRITICAL - Cannot create SSL context.\n"));
- np_net_ssl_cleanup();
close(sd);
+ np_net_ssl_cleanup();
return STATE_CRITICAL;
} else {
ssl_established = 1;
@@ -764,10 +764,12 @@
int
my_close (void)
{
+ int result;
+ result = close(sd);
#ifdef HAVE_SSL
- np_net_ssl_cleanup();
+ np_net_ssl_cleanup();
#endif
- return close(sd);
+ return result;
}
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -247,8 +247,8 @@
}
}
if(result != STATE_OK){
- np_net_ssl_cleanup();
if(sd) close(sd);
+ np_net_ssl_cleanup();
return result;
}
#endif /* HAVE_SSL */
@@ -321,10 +321,10 @@
if (server_quit != NULL) {
my_send(server_quit, strlen(server_quit));
}
+ if (sd) close (sd);
#ifdef HAVE_SSL
np_net_ssl_cleanup();
#endif
- if (sd) close (sd);
microsec = deltime (tv);
elapsed_time = (double)microsec / 1.0e6;
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -161,6 +161,13 @@
# endif
#endif
+/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */
+#ifdef OPENSSL_VERSION_NUMBER
+# if OPENSSL_VERSION_NUMBER >= 0x10100000
+# define OPENSSL_NO_SSL2
+# endif
+#endif
+
/*
*
* Standard Values
--- a/configure
+++ b/configure
@@ -15775,9 +15775,9 @@
_SAVEDLIBS="$LIBS"
LIBS="-L${with_openssl}/lib"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_lock in -lcrypto" >&5
-$as_echo_n "checking for CRYPTO_lock in -lcrypto... " >&6; }
-if ${ac_cv_lib_crypto_CRYPTO_lock+:} false; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5
+$as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -15791,27 +15791,27 @@
#ifdef __cplusplus
extern "C"
#endif
-char CRYPTO_lock ();
+char CRYPTO_new_ex_data ();
int
main ()
{
-return CRYPTO_lock ();
+return CRYPTO_new_ex_data ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_crypto_CRYPTO_lock=yes
+ ac_cv_lib_crypto_CRYPTO_new_ex_data=yes
else
- ac_cv_lib_crypto_CRYPTO_lock=no
+ ac_cv_lib_crypto_CRYPTO_new_ex_data=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5
-$as_echo "$ac_cv_lib_crypto_CRYPTO_lock" >&6; }
-if test "x$ac_cv_lib_crypto_CRYPTO_lock" = xyes; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_CRYPTO_new_ex_data" >&5
+$as_echo "$ac_cv_lib_crypto_CRYPTO_new_ex_data" >&6; }
+if test "x$ac_cv_lib_crypto_CRYPTO_new_ex_data" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBCRYPTO 1
_ACEOF
@@ -15820,7 +15820,7 @@
fi
- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then
+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lssl" >&5
$as_echo_n "checking for main in -lssl... " >&6; }
if ${ac_cv_lib_ssl_main+:} false; then :
@@ -15858,7 +15858,7 @@
fi
LIBS="$_SAVEDLIBS"
- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then
+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then
if test "$ac_cv_lib_ssl_main" = "yes"; then
if test "$FOUNDINCLUDE" = "yes"; then
FOUNDOPENSSL="yes"

10
debian/patches/series vendored
View file

@ -1,12 +1,2 @@
02_check_icmp_links
# commited upstream
#10_sslutils_checksslv3
#11_check_dhcp_parsing_option
#12_check_ups_perf_data_hresholds
#13_check_snmp_timeout
#14_sslutils_superfluous_parenthesis
15_check_smtp_expect
16_check_smtp_quit
17_check_smtp_forcetls_on_cert
20_check_radius_radcli
21_openssl11