Updated NRPE with a fix for SECLEVEL in OpenSSL > 1.1.0 since ADH was…

… moved to no-op
NagiosEnterprises · Jun 23, 2017 · 99b0de9 · 99b0de9
1 parent bada7dd
commit 99b0de9
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 6 deletions.
diff --git a/THANKS b/THANKS
@@ -8,6 +8,7 @@ Bas Couwenberg
 Bill Mitchell
 Bjoern Beutel
 Brian Seklecki
+Bryan Heden
 Derrick Bennett
 Elan Ruusamäe
 Eric Mislivec
@@ -16,10 +17,12 @@ Gerhard Lausser
 Graham Collinson
 Grant Byers
 Grégory Starck
+jaclu@grm.se
 James Peterson
 Jari Takkala
 Jason Cook
 Jobst Schmalenbach
+John Frickson
 John Maag
 Jon Andrews
 Josh Soref
@@ -48,5 +51,4 @@ Subhendu Ghosh
 Sven Nierlein
 Thierry Bertaud
 Ton Voon
-Vadim Antipov
-jaclu@grm.se
+Vadim Antipov
diff --git a/src/check_nrpe.c b/src/check_nrpe.c
@@ -942,8 +942,13 @@ void setup_ssl()
 			}
 		} else {
 			/* use anonymous DH ciphers */
-			if (sslprm.allowDH == 2)
-				strcpy(sslprm.cipher_list, "ADH");
+			if (sslprm.allowDH == 2) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+				strncpy(sslprm.cipher_list, "ADH@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
+#else
+				strncpy(sslprm.cipher_list, "ADH", MAX_FILENAME_LENGTH - 1);
+#endif
+			}
 		}
 
 		if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {

diff --git a/src/nrpe.c b/src/nrpe.c
@@ -422,8 +422,14 @@ void init_ssl(void)
 			strcat(sslprm.cipher_list, ":!ADH");
 	} else {
 		/* use anonymous DH ciphers */
-		if (sslprm.allowDH == 2)
-			strcpy(sslprm.cipher_list, "ADH");
+		if (sslprm.allowDH == 2) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+			strncpy(sslprm.cipher_list, "ADH@SECLEVEL=0", MAX_FILENAME_LENGTH - 1);
+#else
+			strncpy(sslprm.cipher_list, "ADH", MAX_FILENAME_LENGTH - 1);
+#endif
+		}
+
 #ifdef USE_SSL_DH
 		dh = get_dh2048();
 		SSL_CTX_set_tmp_dh(ctx, dh);