--0016364c7db96f6aeb046f235542
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi all !
Here's a(nother) patch that provide SSL/TLS support to the NDOUtils.
What are its main characteristics ?
This patch uses the GNU TLS library for all cryptographic-related
tasks. Encryption can be configured to use either anonymous temporary
keys or certificates, the latter being able to provide authentication.
How to activate it ?
By default all SSL/TLS related code won't be compiled (the USE_TLS
macro needs to be defined). Once this macro has been set, nodutils
will be compiled with SSL/TLS support but you will have to activate it
in your configuration (either in a file or by a command line switch)
so that you can finally use it. I'm no autotools expert so I won't
provide any addin to the current files. But this shouldn't be
difficult, if any autoconf adept wan't to have a look...
How to configure it ?
There are 4 variables that can be defined :
- use_tls : whether or not TLS should be activated on the socket
- tls_cert : public certificate in PEM format. Will be used by the
peer to encrypt the connection
- tls_key : private key in PEM format. Used to decrypt the connection
- tls_ca : if one want authentication to be enforced, this variable
shall be set to the Certification Authority's public certificate (in
PEM format) that should have delivered the certificate of the peer. If
not, connection will be dropped.
Those variables can directly be defined in ndomod and ndo2db
configuration files. For file2sock and log2ndo, use command-line
switches :
-T (or --tls) for use_tls
-c (or --cert) for tls_cert
-k (or --key) for tls_key
-C (or --ca) for tls_ca
If tls_cert _and_ tls_key are set, the connection will be encrypted
thanks to the certificate. If not, an anonymous temporary key will be
used.
Please, let me know what you think about it.
Best regards,
--=20
Matthieu KERMAGORET | D=E9veloppeur
[email protected]
MERETHIS est =E9diteur du logiciel Centreon.
--0016364c7db96f6aeb046f235542
Content-Type: text/x-diff; charset=US-ASCII; name="ndoutils-tls.patch"
Content-Disposition: attachment; filename="ndoutils-tls.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_fxd8pozy0
ZGlmZiAtTmF1ciBhL2luY2x1ZGUvaW8uaCBiL2luY2x1ZGUvaW8uaAotLS0gYS9pbmNsdWRlL2lv
LmgJMjAwNy0wMS0wOCAwMTozNTo1NC4wMDAwMDAwMDAgKzAxMDAKKysrIGIvaW5jbHVkZS9pby5o
CTIwMDktMDctMjAgMDk6NDY6NDMuMDAwMDAwMDAwICswMjAwCkBAIC05LDYgKzksOSBAQAogI2lm
bmRlZiBfTkRPX0lPX0gKICNkZWZpbmUgX05ET19JT19ICiAKKyNpZmRlZiBVU0VfVExTCisjIGlu
Y2x1ZGUgPGdudXRscy9nbnV0bHMuaD4KKyNlbmRpZiAvKiBVU0VfVExTICovCiAjaW5jbHVkZSAi
Y29uZmlnLmgiCiAKIApAQCAtMzEsMTYgKzM0LDQxIEBACiAJdm9pZCAqbW1hcF9idWY7CiAgICAg
ICAgIH1uZG9fbW1hcGZpbGU7CiAKKyNpZmRlZiBVU0VfVExTCisvKiBUTFNfQ09ORiBzdHJ1Y3R1
cmUgLSBob2xkIFRMUyBjb25maWd1cmF0aW9uICovCit0eXBlZGVmIHN0cnVjdCBuZG9fdGxzX2Nv
bmZfc3RydWN0eworCWludCB1c2U7CisJY2hhciAqY2VydDsKKwljaGFyICprZXk7CisJY2hhciAq
Y2E7CisJfW5kb190bHNfY29uZjsKKworLyogVExTX0RBVEEgLSBzdG9yZSBUTFMgaW5mb3JtYXRp
b25zICovCit0eXBlZGVmIHN0cnVjdCBuZG9fdGxzX2RhdGFfc3RydWN0eworCWdudXRsc19zZXNz
aW9uX3Qgc2Vzc2lvbjsKKwl1bmlvbnsKKwkJZ251dGxzX2Fub25fY2xpZW50X2NyZWRlbnRpYWxz
X3QgYW5vbjsKKwkJZ251dGxzX2NlcnRpZmljYXRlX2NyZWRlbnRpYWxzX3QgY2VydDsKKwkJfWNy
ZWQ7CisJfW5kb190bHNfZGF0YTsKKyNlbmRpZiAvKiBVU0VfVExTICovCiAKIG5kb19tbWFwZmls
ZSAqbmRvX21tYXBfZm9wZW4oY2hhciAqKTsKIGludCBuZG9fbW1hcF9mY2xvc2UobmRvX21tYXBm
aWxlICopOwogY2hhciAqbmRvX21tYXBfZmdldHMobmRvX21tYXBmaWxlICopOwogCisjaWZkZWYg
VVNFX1RMUworaW50IG5kb19zaW5rX29wZW4oY2hhciAqLGludCxpbnQsaW50LGludCxpbnQgKixj
b25zdCBuZG9fdGxzX2NvbmYgKixuZG9fdGxzX2RhdGEgKik7CitpbnQgbmRvX3Npbmtfd3JpdGUo
aW50LGNoYXIgKixpbnQsbmRvX3Rsc19kYXRhICopOworaW50IG5kb19zaW5rX3dyaXRlX25ld2xp
bmUoaW50LG5kb190bHNfZGF0YSAqKTsKK2ludCBuZG9fc2lua19jbG9zZShpbnQsbmRvX3Rsc19k
YXRhICopOworI2Vsc2UKIGludCBuZG9fc2lua19vcGVuKGNoYXIgKixpbnQsaW50LGludCxpbnQs
aW50ICopOwogaW50IG5kb19zaW5rX3dyaXRlKGludCxjaGFyICosaW50KTsKIGludCBuZG9fc2lu
a193cml0ZV9uZXdsaW5lKGludCk7Ci1pbnQgbmRvX3NpbmtfZmx1c2goaW50KTsKIGludCBuZG9f
c2lua19jbG9zZShpbnQpOworI2VuZGlm
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]