Tree - rpms/nrpe - src.fedoraproject.org

rpms / nrpe

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: ondrejj
EPEL:: ondrejj
Files

Commit: f6d1b4a6329b933d19a7fcca0bba16081f3182d3
Blob Blame History Raw
diff -up ./src/check_nrpe.c.opensslv110 ./src/check_nrpe.c
--- ./src/check_nrpe.c.opensslv110	2017-02-07 11:08:23.647733686 -0500
+++ ./src/check_nrpe.c	2017-02-07 12:44:22.314160593 -0500
@@ -980,9 +980,10 @@ int connect_to_remote()
 			if (peer) {
 				if (sslprm.log_opts & SSL_LogIfClientCert)
 					syslog(LOG_NOTICE, "SSL %s has %s certificate",
-						   rem_host, peer->valid ? "a valid" : "an invalid");
+					       rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
 				if (sslprm.log_opts & SSL_LogCertDetails) {
-					syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
+				        X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
+					syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
 					X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
 					syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
 				}
@@ -1427,7 +1428,7 @@ int verify_callback(int preverify_ok, X5
 	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
 
 	X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
+	X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
 
 	if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
 		&& (sslprm.log_opts & SSL_LogCertDetails)) {
diff -up ./src/nrpe.c.opensslv110 ./src/nrpe.c
--- ./src/nrpe.c.opensslv110	2016-09-08 12:18:58.000000000 -0400
+++ ./src/nrpe.c	2017-02-07 12:42:35.667799987 -0500
@@ -614,7 +614,7 @@ int verify_callback(int preverify_ok, X5
 	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
 
 	X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
+	X509_NAME_oneline(err_cert, issuer, 256);
 
 	if (!preverify_ok && (sslprm.log_opts & SSL_LogCertDetails)) {
 		syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
@@ -1785,12 +1785,14 @@ int handle_conn_ssl(int sock, void *ssl_
 		peer = SSL_get_peer_certificate(ssl);
 
 		if (peer) {
+
 			if (sslprm.log_opts & SSL_LogIfClientCert)
 				syslog(LOG_NOTICE, "SSL Client %s has %svalid certificate",
-					   remote_host, peer->valid ? "a " : "an in");
+				       remote_host, SSL_get_verify_result(ssl) ? "a " : "an in");
 			if (sslprm.log_opts & SSL_LogCertDetails) {
+				X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
 				syslog(LOG_NOTICE, "SSL Client %s Cert Name: %s",
-					   remote_host, peer->name);
+					   remote_host, buffer);
 				X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
 				syslog(LOG_NOTICE, "SSL Client %s Cert Issuer: %s",
 					   remote_host, buffer);
rpms / nrpe

Source Code

Files
