debmon
/
nagios-nrpe
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 3.1.1

This commit is contained in:
Mario Fetka 2017-06-20 10:37:07 +02:00
parent e08d40390d
commit 02b430a86c
13 changed files with 171 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Changelog
View File

@ -2,7 +2,22 @@
NRPE Changelog
**************
3.x.x - 201x-xx-xx
3.1.1 - 2017-05-24
------------------
FIXES
- The '--log-file=' or '-g' option is missing from the help (John Frickson)
- check_nrpe = segfault when specifying a config file (John Frickson)
- Alternate log file not being used soon enough (John Frickson)
- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
- Fix build failure with -Werror=format-security (Bas Couwenberg)
- Fixed a typo in `nrpe.spec.in` (John Frickson)
- More detailed error logging for SSL (John Frickson)
- Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
3.1.0 - 2017-04-17
------------------
ENHANCEMENTS
- Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)

66
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for nrpe 3.1.0-rc1.
# Generated by GNU Autoconf 2.69 for nrpe 3.1.1.
#
# Report bugs to <nagios-users@lists.sourceforge.net>.
#
@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='nrpe'
PACKAGE_TARNAME='nrpe'
PACKAGE_VERSION='3.1.0-rc1'
PACKAGE_STRING='nrpe 3.1.0-rc1'
PACKAGE_VERSION='3.1.1'
PACKAGE_STRING='nrpe 3.1.1'
PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
@ -757,6 +757,7 @@ with_logdir
with_piddir
with_pipedir
enable_ssl
with_need_dh
with_ssl
with_ssl_inc
with_ssl_lib
@ -1319,7 +1320,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures nrpe 3.1.0-rc1 to adapt to many kinds of systems.
\`configure' configures nrpe 3.1.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1369,7 +1370,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of nrpe 3.1.0-rc1:";;
short | recursive ) echo "Configuration of nrpe 3.1.1:";;
esac
cat <<\_ACEOF
@ -1422,6 +1423,7 @@ Optional Packages:
--with-logdir=DIR where log files should be placed
--with-piddir=DIR where the PID file should be placed
--with-pipedir=DIR where socket and pipe files should be placed
--with-need-dh set to 'no' to not include Diffie-Hellman SSL logic
--with-ssl=DIR sets location of the SSL installation
--with-ssl-inc=DIR sets location of the SSL include files
--with-ssl-lib=DIR sets location of the SSL libraries
@ -1514,7 +1516,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
nrpe configure 3.1.0-rc1
nrpe configure 3.1.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2120,7 +2122,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by nrpe $as_me 3.1.0-rc1, which was
It was created by nrpe $as_me 3.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2485,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
PKG_NAME=nrpe
PKG_VERSION="3.1.0-rc1"
PKG_VERSION="3.1.1"
PKG_HOME_URL="http://www.nagios.org/"
PKG_REL_DATE="2017-04-06"
PKG_REL_DATE="2017-05-24"
RPM_RELEASE=1
LANG=C
@ -3020,29 +3022,29 @@ fi
inetd_disabled=""
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
elif test "$opsys" = "osx"; then
inetd_type="launchd"
fi
if test x"$inetd_type" = x; then
case $dist_type in #(
case $dist_type in #(
solaris) :
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
inetd_type="$init_type"
else
inetd_type="inetd"
fi ;; #(
inetd_type="$init_type"
else
inetd_type="inetd"
fi ;; #(
*bsd*) :
inetd_type=`ps -A -o comm -c | grep inetd` ;; #(
osx) :
inetd_type=`launchd` ;; #(
aix|hp-ux) :
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1` ;; #(
*) :
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND` ;; #(
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1` ;; #(
*) :
;;
esac
if test x"$inetd_type" = x; then
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
fi
fi
if test x"$inetd_type" = x; then
@ -4346,7 +4348,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by nrpe $as_me 3.1.0-rc1, which was
This file was extended by nrpe $as_me 3.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -4400,7 +4402,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
nrpe config.status 3.1.0-rc1
nrpe config.status 3.1.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@ -7278,9 +7280,19 @@ else
fi
need_dh=yes
# Check whether --with-need_dh was given.
if test "${with_need_dh+set}" = set; then :
withval=$with_need_dh; need_dh=$withval
else
nrpe_group=need_dh
fi
if test x$check_for_ssl = xyes; then
# need_dh should only be set for NRPE
need_dh=yes
# need_dh=yes
# -------------------------------
@ -8272,7 +8284,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by nrpe $as_me 3.1.0-rc1, which was
This file was extended by nrpe $as_me 3.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -8335,7 +8347,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
nrpe config.status 3.1.0-rc1
nrpe config.status 3.1.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

14
configure.ac
View File

@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],)
define([AC_CACHE_SAVE],)
m4_include([build-aux/custom_help.m4])
AC_INIT([nrpe],[3.1.0-rc1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
AC_INIT([nrpe],[3.1.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
AC_CONFIG_SRCDIR([src/nrpe.c])
AC_CONFIG_AUX_DIR([build-aux])
AC_PREFIX_DEFAULT(/usr/local/nagios)
PKG_NAME=nrpe
PKG_VERSION="3.1.0-rc1"
PKG_VERSION="3.1.1"
PKG_HOME_URL="http://www.nagios.org/"
PKG_REL_DATE="2017-04-06"
PKG_REL_DATE="2017-05-24"
RPM_RELEASE=1
LANG=C
@ -304,10 +304,16 @@ AC_ARG_ENABLE([ssl],
fi
],check_for_ssl=yes)
need_dh=yes
AC_ARG_WITH([need_dh],
AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]),
[need_dh=$withval],
[nrpe_group=need_dh])
dnl Optional SSL library and include paths
if test x$check_for_ssl = xyes; then
# need_dh should only be set for NRPE
need_dh=yes
# need_dh=yes
AC_NAGIOS_GET_SSL
fi

BIN
docs/NRPE.odt
View File

Binary file not shown.

BIN
docs/NRPE.pdf
View File

Binary file not shown.

6
include/common.h.in
View File

@ -2,7 +2,7 @@
*
* COMMON.H - NRPE Common Include File
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
* Last Modified: 2017-04-06
* Last Modified: 2017-05-24
*
* License:
*
@ -33,8 +33,8 @@
# endif
#endif
#define PROGRAM_VERSION "3.1.0-rc1"
#define MODIFICATION_DATE "2017-04-06"
#define PROGRAM_VERSION "3.1.1"
#define MODIFICATION_DATE "2017-05-24"
#define OK 0
#define ERROR -1

43
macros/ax_nagios_get_inetd
View File

@ -93,29 +93,30 @@ AC_SUBST(inetd_type)
inetd_disabled=""
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
elif test "$opsys" = "osx"; then
inetd_type="launchd"
fi
AS_CASE([$dist_type],
[solaris],
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
inetd_type="$init_type"
else
inetd_type="inetd"
fi,
[*bsd*],
inetd_type=`ps -A -o comm -c | grep inetd`,
[osx],
inetd_type=`launchd`,
[aix|hp-ux],
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
[*],
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
if test x"$inetd_type" = x; then
AS_CASE([$dist_type],
[solaris],
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
inetd_type="$init_type"
else
inetd_type="inetd"
fi,
[*bsd*],
inetd_type=`ps -A -o comm -c | grep inetd`,
[aix|hp-ux],
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
[*],
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
if test x"$init_type" = "xupstart"; then
inetd_type="upstart"
fi
fi
if test x"$inetd_type" = x; then

4
nrpe.spec.in
View File

@ -9,7 +9,7 @@
%endif
%if %{islinux}
%define _init_dir @initdir@
%define _init_tyhpe @init_type@
%define _init_type @init_type@
%define _exec_prefix %{_prefix}/sbin
%define _bindir %{_prefix}/sbin
%define _sbindir %{_prefix}/lib/nagios/cgi
@ -22,7 +22,7 @@
%define _sysconfdir /etc/nagios
%define name @PACKAGE_NAME@
%define version 3.1.0-rc1
%define version 3.1.1
%define release @RPM_RELEASE@
%define nsusr @nrpe_user@
%define nsgrp @nrpe_group@

4
src/acl.c
View File

@ -565,9 +565,9 @@ int is_an_allowed_host(int family, void *host)
break;
}
}
dns_acl_curr = dns_acl_curr->next;
}
dns_acl_curr = dns_acl_curr->next;
}
return 0;
}

55
src/check_nrpe.c
View File

@ -4,7 +4,7 @@
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
* License: GPL
*
* Last Modified: 2017-04-06
* Last Modified: 2017-05-24
*
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
*
@ -116,8 +116,6 @@ int main(int argc, char **argv)
result = process_arguments(argc, argv, 0);
open_log_file();
if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE)
usage(result); /* usage() will call exit() */
@ -466,6 +464,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
break;
}
log_file = strdup(optarg);
open_log_file();
break;
default:
@ -558,10 +557,10 @@ int read_config_file(char *fname)
bufp = buf;
while (argc < 50) {
while (*bufp && strchr(delims, *bufp))
++bufp;
if (*bufp == '\0')
break;
while (strchr(delims, *bufp))
++bufp;
argv[argc] = my_strsep(&bufp, delims);
if (!argv[argc++])
break;
@ -667,7 +666,7 @@ void usage(int result)
printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n"
" [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n"
" [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>]\n"
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n"
" [-c <command>] [-a <arglist...>]\n");
printf("\n");
printf("Options:\n");
@ -704,6 +703,7 @@ void usage(int result)
printf(" <logopts> = SSL Logging Options\n");
printf(" <bindaddr> = bind to local address\n");
printf(" <cfg-file> = configuration file to use\n");
printf(" <log-file> = full path to the log file to write to\n");
printf(" [port] = The port on which the daemon is running (default=%d)\n",
DEFAULT_SERVER_PORT);
printf(" [command] = The name of the command that the remote daemon should run\n");
@ -743,7 +743,7 @@ void usage(int result)
void setup_ssl()
{
#ifdef HAVE_SSL
int vrfy;
int vrfy, x;
if (sslprm.log_opts & SSL_LogStartup) {
char *val;
@ -878,7 +878,9 @@ void setup_ssl()
break;
case TLSv1_2:
case TLSv1_2_plus:
#ifdef SSL_OP_NO_TLSv1_1
ssl_opts |= SSL_OP_NO_TLSv1_1;
#endif
case TLSv1_1:
case TLSv1_1_plus:
ssl_opts |= SSL_OP_NO_TLSv1;
@ -897,14 +899,23 @@ void setup_ssl()
if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
SSL_CTX_free(ctx);
printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Error: could not use certificate file '%s': %s\n",
sslprm.cert_file, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
SSL_CTX_free(ctx);
printf("Error: could not use private key file '%s'.\n",
sslprm.privatekey_file);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Error: could not use private key file '%s': %s\n",
sslprm.privatekey_file, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
}
@ -913,8 +924,12 @@ void setup_ssl()
vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
SSL_CTX_free(ctx);
printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Error: could not use CA certificate '%s': %s\n",
sslprm.privatekey_file, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
}
@ -932,8 +947,12 @@ void setup_ssl()
}
if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
SSL_CTX_free(ctx);
printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
printf("Could not set SSL/TLS cipher list '%s': %s\n",
sslprm.cipher_list, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
}
@ -965,7 +984,7 @@ int connect_to_remote()
struct sockaddr addr;
struct in_addr *inaddr;
socklen_t addrlen;
int result, rc, ssl_err, ern;
int result, rc, ssl_err, ern, x, nerrs = 0;
/* try to connect to the host at the given port number */
if ((sd =
@ -1004,7 +1023,6 @@ int connect_to_remote()
ssl_err = SSL_get_error(ssl, rc);
if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
int x, nerrs = 0;
rc = 0;
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
@ -1015,9 +1033,16 @@ int connect_to_remote()
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
rem_host, rc, ssl_err);
} else
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
rem_host, rc, ssl_err);
} else {
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
rem_host, ERR_reason_error_string(x));
++nerrs;
}
if (nerrs == 0)
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: "
"rc=%d SSL-error=%d", rem_host, rc, ssl_err);
}
if (ssl_err == 5) {
/* Often, errno will be zero, so print a generic message here */

38
src/nrpe.c
View File

@ -186,8 +186,6 @@ int main(int argc, char **argv)
return STATE_CRITICAL;
}
open_log_file();
if (!nasty_metachars)
nasty_metachars = strdup(NASTY_METACHARS);
@ -244,6 +242,7 @@ void init_ssl(void)
#ifdef HAVE_SSL
DH *dh;
char seedfile[FILENAME_MAX];
char errstr[120] = { "" };
int i, c, x, vrfy;
unsigned long ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE;
@ -315,7 +314,10 @@ void init_ssl(void)
ctx = SSL_CTX_new(meth);
if (ctx == NULL) {
logit(LOG_ERR, "Error: could not create SSL context");
while ((x = ERR_get_error()) != 0) {
ERR_error_string(x, errstr);
logit(LOG_ERR, "Error: could not create SSL context : %s", errstr);
}
SSL_CTX_free(ctx);
exit(STATE_CRITICAL);
}
@ -359,7 +361,9 @@ void init_ssl(void)
break;
case TLSv1_2:
case TLSv1_2_plus:
#ifdef SSL_OP_NO_TLSv1_1
ssl_opts |= SSL_OP_NO_TLSv1_1;
#endif
case TLSv1_1:
case TLSv1_1_plus:
ssl_opts |= SSL_OP_NO_TLSv1;
@ -377,7 +381,6 @@ void init_ssl(void)
SSL_CTX_set_options(ctx, ssl_opts);
if (sslprm.cert_file != NULL) {
char errstr[120] = { "" };
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
SSL_CTX_free(ctx);
while ((x = ERR_get_error()) != 0) {
@ -388,9 +391,12 @@ void init_ssl(void)
exit(STATE_CRITICAL);
}
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
while ((x = ERR_get_error()) != 0) {
ERR_error_string(x, errstr);
logit(LOG_ERR, "Error: could not use private key file '%s' : %s",
sslprm.privatekey_file, errstr);
}
SSL_CTX_free(ctx);
logit(LOG_ERR, "Error: could not use private key file '%s'",
sslprm.privatekey_file);
exit(STATE_CRITICAL);
}
}
@ -401,6 +407,10 @@ void init_ssl(void)
vrfy |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
logit(LOG_ERR, "Error: could not use certificate file '%s': %s\n",
sslprm.cacert_file, ERR_reason_error_string(x));
}
SSL_CTX_free(ctx);
logit(LOG_ERR, "Error: could not use CA certificate '%s'", sslprm.cacert_file);
exit(STATE_CRITICAL);
@ -651,13 +661,13 @@ void cleanup(void)
free_memory(); /* free all memory we allocated */
if (sigrestart == TRUE && sigshutdown == FALSE) {
close_log_file();
result = read_config_file(config_file); /* read the config file */
if (result == ERROR) { /* exit if there are errors... */
logit(LOG_ERR, "Config file '%s' contained errors, bailing out...", config_file);
exit(STATE_CRITICAL);
}
open_log_file();
return;
}
@ -950,10 +960,11 @@ int read_config_file(char *filename)
else if (!strcmp(varname, "nasty_metachars"))
nasty_metachars = strdup(varvalue);
else if (!strcmp(varname, "log_file"))
else if (!strcmp(varname, "log_file")) {
log_file = strdup(varvalue);
open_log_file();
else {
} else {
logit(LOG_WARNING, "Unknown option specified in config file '%s' - Line %d\n",
filename, line);
continue;
@ -1852,6 +1863,7 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
#else
const SSL_CIPHER *c;
#endif
const char *errmsg = NULL;
char buffer[MAX_INPUT_BUFFER];
SSL *ssl = (SSL*)ssl_ptr;
X509 *peer;
@ -1869,8 +1881,14 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
int nerrs = 0;
rc = 0;
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
errmsg = ERR_reason_error_string(x);
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
remote_host, ERR_reason_error_string(x));
remote_host, errmsg);
if (errmsg && !strcmp(errmsg, "no shared cipher")) {
if (sslprm.cert_file == NULL || sslprm.cacert_file == NULL)
logit(LOG_ERR, "Error: This could be because you have not "
"specified certificate or ca-certificate files");
}
++nerrs;
}
if (nerrs == 0)

9
src/utils.c
View File

@ -31,6 +31,7 @@
#include "../include/common.h"
#include "../include/utils.h"
#include <stdarg.h>
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
@ -469,6 +470,7 @@ char *my_strsep(char **stringp, const char *delim)
void open_log_file()
{
int fh;
int flags = O_RDWR|O_APPEND|O_CREAT;
struct stat st;
close_log_file();
@ -476,7 +478,10 @@ void open_log_file()
if (!log_file)
return;
if ((fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
#ifdef O_NOFOLLOW
flags |= O_NOFOLLOW;
#endif
if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
return;
@ -527,7 +532,7 @@ void logit(int priority, const char *format, ...)
fflush(log_fp);
} else
syslog(priority, buffer);
syslog(priority, "%s", buffer);
free(buffer);
}

4
update-version
View File

@ -28,10 +28,10 @@ else
fi
# Current version number
CURRENTVERSION=3.1.0-rc1
CURRENTVERSION=3.1.1
# Last date
LASTDATE=2017-04-06
LASTDATE=2017-05-24
if [ "x$1" = "x" ]
then