Accueil Explorer Aide
Connexion
LBP
/
nagios-plugins
miroir de https://github.com/nagios-plugins/nagios-plugins.git
4
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

TLS1.3 support based on Openssl preview. Work done during IETF 101 hackathon

TechnoLord il y a 8 ans
Parent
d2b6cf7362
commit
076d9370db
3 fichiers modifiés avec 31 ajouts et 7 suppressions
Vue séparée Afficher les stats Diff
  1. 4 2
      plugins/check_http.c
  2. 7 5
      plugins/netutils.h
  3. 20 0
      plugins/sslutils.c

+ 4 - 2
plugins/check_http.c
Voir le fichier 

@@ -349,7 +349,9 @@ enable_ssl:
 
             if (c=='S' && optarg != NULL) {
 
                 int got_plus = strchr(optarg, '+') != NULL;
 
 
-                if (!strncmp (optarg, "1.2", 3))
 
+                if (!strncmp (optarg, "1.3", 3))
 
+                    ssl_version = got_plus ? MP_TLSv1_3_OR_NEWER : MP_TLSv1_3;
 
+                else if (!strncmp (optarg, "1.2", 3))
 
                     ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
 
                 else if (!strncmp (optarg, "1.1", 3))
 
                     ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
 
@@ -360,7 +362,7 @@ enable_ssl:
 
                 else if (optarg[0] == '2')
 
                     ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
 
                 else
 
-                    usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
 
+                    usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)"));
 
             }
 
             if (specify_port == FALSE)
 
                 server_port = HTTPS_PORT;

+ 7 - 5
plugins/netutils.h
Voir le fichier 

@@ -94,11 +94,13 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
 
 #  define MP_TLSv1 3
 
 #  define MP_TLSv1_1 4
 
 #  define MP_TLSv1_2 5
 
-#  define MP_SSLv2_OR_NEWER 6
 
-#  define MP_SSLv3_OR_NEWER 7
 
-#  define MP_TLSv1_OR_NEWER 8
 
-#  define MP_TLSv1_1_OR_NEWER 9
 
-#  define MP_TLSv1_2_OR_NEWER 10
 
+#  define MP_TLSv1_3 6
 
+#  define MP_SSLv2_OR_NEWER 7
 
+#  define MP_SSLv3_OR_NEWER 8
 
+#  define MP_TLSv1_OR_NEWER 9
 
+#  define MP_TLSv1_1_OR_NEWER 10
 
+#  define MP_TLSv1_2_OR_NEWER 11
 
+#  define MP_TLSv1_3_OR_NEWER 12
 
 /* maybe this could be merged with the above np_net_connect, via some flags */
 
 int np_net_ssl_init(int sd);
 
 int np_net_ssl_init_with_hostname(int sd, char *host_name);

+ 20 - 0
plugins/sslutils.c
Voir le fichier 

@@ -95,6 +95,26 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 
 #else
 
 		method = TLSv1_2_client_method();
 
 		break;
 
+#endif
 
+	case MP_TLSv1_3: /* TLSv1.3 protocol */
 
+#if !defined(SSL_OP_NO_TLSv1_3)
 
+	printf ("%s\n", _("Your OpenSSL version hasn't been compiled with TLS 1.$
 
+	return STATE_UNKNOWN;
 
+#else
 
+	method = TLS_client_method();
 
+	options |= SSL_OP_NO_SSLv2;
 
+	options |= SSL_OP_NO_SSLv3;
 
+	options |= SSL_OP_NO_TLSv1;
 
+	options |= SSL_OP_NO_TLSv1_1;
 
+	options |= SSL_OP_NO_TLSv1_2;
 
+	break;
 
+#endif
 
+	case MP_TLSv1_3_OR_NEWER:
 
+#if !defined(SSL_OP_NO_TLSv1_2)
 
+		printf("%s\n", _("UNKNOWN - Disabling TLSv1.2 is not supported by your SSL library."));
 
+		return STATE_UNKNOWN;
 
+#else
 
+		options |= SSL_OP_NO_TLSv1_2;
 
 #endif
 
 	case MP_TLSv1_2_OR_NEWER:
 
 #if !defined(SSL_OP_NO_TLSv1_1)