|
@@ -42,8 +42,8 @@ const char *email = "devel@nagios-plugins.org";
|
|
|
#ifdef HAVE_SSL
|
|
#ifdef HAVE_SSL
|
|
|
int check_cert = FALSE;
|
|
int check_cert = FALSE;
|
|
|
int days_till_exp_warn, days_till_exp_crit;
|
|
int days_till_exp_warn, days_till_exp_crit;
|
|
|
-# define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
|
|
|
|
|
-# define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
|
|
|
|
|
|
|
+# define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
|
|
|
|
|
+# define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
|
|
|
#else /* ifndef HAVE_SSL */
|
|
#else /* ifndef HAVE_SSL */
|
|
|
# define my_recv(buf, len) read(sd, buf, len)
|
|
# define my_recv(buf, len) read(sd, buf, len)
|
|
|
# define my_send(buf, len) send(sd, buf, len, 0)
|
|
# define my_send(buf, len) send(sd, buf, len, 0)
|
|
@@ -107,6 +107,7 @@ double critical_time = 0;
|
|
|
int check_critical_time = FALSE;
|
|
int check_critical_time = FALSE;
|
|
|
int verbose = 0;
|
|
int verbose = 0;
|
|
|
int use_ssl = FALSE;
|
|
int use_ssl = FALSE;
|
|
|
|
|
+int use_starttls = FALSE;
|
|
|
int use_sni = FALSE;
|
|
int use_sni = FALSE;
|
|
|
short use_proxy_prefix = FALSE;
|
|
short use_proxy_prefix = FALSE;
|
|
|
short use_ehlo = FALSE;
|
|
short use_ehlo = FALSE;
|
|
@@ -199,12 +200,25 @@ main (int argc, char **argv)
|
|
|
result = my_tcp_connect (server_address, server_port, &sd);
|
|
result = my_tcp_connect (server_address, server_port, &sd);
|
|
|
|
|
|
|
|
if (result == STATE_OK) { /* we connected */
|
|
if (result == STATE_OK) { /* we connected */
|
|
|
|
|
+#ifdef HAVE_SSL
|
|
|
|
|
+ if (use_ssl) {
|
|
|
|
|
+ result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
|
|
|
|
|
+ if (result != STATE_OK) {
|
|
|
|
|
+ printf (_("CRITICAL - Cannot create SSL context.\n"));
|
|
|
|
|
+ close(sd);
|
|
|
|
|
+ np_net_ssl_cleanup();
|
|
|
|
|
+ return STATE_CRITICAL;
|
|
|
|
|
+ } else {
|
|
|
|
|
+ ssl_established = 1;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
/* If requested, send PROXY header */
|
|
/* If requested, send PROXY header */
|
|
|
if (use_proxy_prefix) {
|
|
if (use_proxy_prefix) {
|
|
|
if (verbose)
|
|
if (verbose)
|
|
|
printf ("Sending header %s\n", PROXY_PREFIX);
|
|
printf ("Sending header %s\n", PROXY_PREFIX);
|
|
|
- send(sd, PROXY_PREFIX, strlen(PROXY_PREFIX), 0);
|
|
|
|
|
|
|
+ my_send(PROXY_PREFIX, strlen(PROXY_PREFIX));
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/* watch for the SMTP connection string and */
|
|
/* watch for the SMTP connection string and */
|
|
@@ -230,7 +244,7 @@ main (int argc, char **argv)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/* send the HELO/EHLO command */
|
|
/* send the HELO/EHLO command */
|
|
|
- send(sd, helocmd, strlen(helocmd), 0);
|
|
|
|
|
|
|
+ my_send(helocmd, strlen(helocmd));
|
|
|
|
|
|
|
|
/* allow for response to helo command to reach us */
|
|
/* allow for response to helo command to reach us */
|
|
|
if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
|
|
if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
|
|
@@ -243,14 +257,14 @@ main (int argc, char **argv)
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- if(use_ssl && ! supports_tls){
|
|
|
|
|
|
|
+ if(use_starttls && ! supports_tls){
|
|
|
printf(_("WARNING - TLS not supported by server\n"));
|
|
printf(_("WARNING - TLS not supported by server\n"));
|
|
|
smtp_quit();
|
|
smtp_quit();
|
|
|
return STATE_WARNING;
|
|
return STATE_WARNING;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
#ifdef HAVE_SSL
|
|
#ifdef HAVE_SSL
|
|
|
- if(use_ssl) {
|
|
|
|
|
|
|
+ if(use_starttls) {
|
|
|
/* send the STARTTLS command */
|
|
/* send the STARTTLS command */
|
|
|
send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
|
|
send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
|
|
|
|
|
|
|
@@ -495,6 +509,7 @@ process_arguments (int argc, char **argv)
|
|
|
{"use-ipv6", no_argument, 0, '6'},
|
|
{"use-ipv6", no_argument, 0, '6'},
|
|
|
{"help", no_argument, 0, 'h'},
|
|
{"help", no_argument, 0, 'h'},
|
|
|
{"lmtp", no_argument, 0, 'L'},
|
|
{"lmtp", no_argument, 0, 'L'},
|
|
|
|
|
+ {"ssl", no_argument, 0, 's'},
|
|
|
{"starttls",no_argument,0,'S'},
|
|
{"starttls",no_argument,0,'S'},
|
|
|
{"sni", no_argument, 0, SNI_OPTION},
|
|
{"sni", no_argument, 0, SNI_OPTION},
|
|
|
{"certificate",required_argument,0,'D'},
|
|
{"certificate",required_argument,0,'D'},
|
|
@@ -516,7 +531,7 @@ process_arguments (int argc, char **argv)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
while (1) {
|
|
while (1) {
|
|
|
- c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
|
|
|
|
|
|
|
+ c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q",
|
|
|
longopts, &option);
|
|
longopts, &option);
|
|
|
|
|
|
|
|
if (c == -1 || c == EOF)
|
|
if (c == -1 || c == EOF)
|
|
@@ -633,9 +648,13 @@ process_arguments (int argc, char **argv)
|
|
|
#else
|
|
#else
|
|
|
usage (_("SSL support not available - install OpenSSL and recompile"));
|
|
usage (_("SSL support not available - install OpenSSL and recompile"));
|
|
|
#endif
|
|
#endif
|
|
|
|
|
+ case 's':
|
|
|
|
|
+ /* ssl */
|
|
|
|
|
+ use_ssl = TRUE;
|
|
|
|
|
+ break;
|
|
|
case 'S':
|
|
case 'S':
|
|
|
/* starttls */
|
|
/* starttls */
|
|
|
- use_ssl = TRUE;
|
|
|
|
|
|
|
+ use_starttls = TRUE;
|
|
|
use_ehlo = TRUE;
|
|
use_ehlo = TRUE;
|
|
|
break;
|
|
break;
|
|
|
case SNI_OPTION:
|
|
case SNI_OPTION:
|
|
@@ -694,6 +713,14 @@ process_arguments (int argc, char **argv)
|
|
|
if (from_arg==NULL)
|
|
if (from_arg==NULL)
|
|
|
from_arg = strdup(" ");
|
|
from_arg = strdup(" ");
|
|
|
|
|
|
|
|
|
|
+ if (use_starttls && use_ssl) {
|
|
|
|
|
+ usage4 (_("Set either -s/--ssl or -S/--starttls"));
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (use_ssl && use_proxy_prefix) {
|
|
|
|
|
+ usage4 (_("PROXY protocol (-r/--proxy) is not implemented with SSL/TLS (-s/--ssl), yet."));
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
return validate_arguments ();
|
|
return validate_arguments ();
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -851,6 +878,8 @@ print_help (void)
|
|
|
#ifdef HAVE_SSL
|
|
#ifdef HAVE_SSL
|
|
|
printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
|
|
printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
|
|
|
printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
|
|
printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
|
|
|
|
|
+ printf (" %s\n", "-s, --ssl");
|
|
|
|
|
+ printf (" %s\n", _("Use SSL/TLS for the connection."));
|
|
|
printf (" %s\n", "-S, --starttls");
|
|
printf (" %s\n", "-S, --starttls");
|
|
|
printf (" %s\n", _("Use STARTTLS for the connection."));
|
|
printf (" %s\n", _("Use STARTTLS for the connection."));
|
|
|
printf (" %s\n", "--sni");
|
|
printf (" %s\n", "--sni");
|
Franz Schwartau