The patch applied cleanly, but I might hold off on comitting it to
CVS. The reason for this is I think the encryption should probably
be used on top of SSL, rather than instead of it. I think one of the
big reasons for using SSL/TLS connections is the fact that its harder
to do "replay" attacks and fake check results. If we go with crypto
on top of the TLS connection, I would probably look at brining back
optional support for the mcrypt() library, which handles a number of
crypto algorithms (including Blowfish). Anyone have comments on this
approach? I'm not an SSL/TLS/crypto expert by any means, so I might
be totally off-base.
On 14 Jan 2004 at 15:33, Stephen Strudwick wrote:
> Hi all,
>
> attached is a patch for nrpe that enables blowfish encryption as a
> compile time option.
>
> This is a large patch, so I also have an html document attached
> describing the patch and how to apply/use it.
>
> The patch should be applied to the latest CVS tree for nrpe, not the
> released tar.gz.
>
> I would really appreciate it if it could be considered for addition to
> the cvs tree, and any criticisms etc welcome.
>
> On a related note, I am also preparing a similar patch for nrpe_nt,
> and I also have a load of C plugins almost ready for release for
> nrpe_nt, hopefully they will be ready by the end of the week.
>
> -
> Stephen Strudwick
> Advanced Development Engineer
> Development Group, Product Development
> PIPEX Communications
> http://www.pipexcommunications.net/
>
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]