Merge 6d21748470 into 1211edf2ea

2026-05-22 10:25:14 -04:00 · 2026-04-24 15:31:26 +02:00 · 2026-04-24 15:31:26 +02:00 · a296e30e4b
commit a296e30e4b
parent 1211edf2ea 6d21748470
5 changed files with 58 additions and 28 deletions
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@ -251,6 +251,7 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
 	// can be done Check_http tries to check certs as early as possible, and exits with certificate
 	// check result by default. Behave similarly.
 #ifdef LIBCURL_FEATURE_SSL
+#	ifdef HAVE_SSL
 	if (workingState.use_ssl && config.check_cert) {
 		if (verbose > 1) {
 			printf("* adding a subcheck for the certificate\n");
@ -267,6 +268,7 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
 			return sc_result;
 		}
 	}
+#	endif
 #endif

 	mp_subcheck sc_curl = mp_subcheck_init();
@ -1888,7 +1890,8 @@ time_t parse_cert_date(const char *s) {
 #endif     /* LIBCURL_FEATURE_SSL */

 #ifdef LIBCURL_FEATURE_SSL
-#	ifndef MOPL_USE_OPENSSL
+#	if HAVE_SSL
+#		ifndef MOPL_USE_OPENSSL
 /* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to
 * OpenSSL could be this function
 */
@ -2025,5 +2028,6 @@ int net_noopenssl_check_certificate(cert_ptr_union *cert_ptr, int days_till_exp_
 	}
 	return status;
 }
-#	endif /* MOPL_USE_OPENSSL */
-#endif     /* LIBCURL_FEATURE_SSL */
+#		endif /* MOPL_USE_OPENSSL */
+#	endif     // HAVE_SSL
+#endif         /* LIBCURL_FEATURE_SSL */
--- a/plugins/check_curl.d/check_curl_helpers.c
+++ b/plugins/check_curl.d/check_curl_helpers.c
@ -222,7 +222,7 @@ check_curl_configure_curl(const check_curl_static_curl_config config,

 	bool have_local_resolution = hostname_gets_resolved_locally(working_state);
 	if (verbose >= 1) {
-		printf("* have local name resolution: %s\n", (have_local_resolution ? "true": "false"));
+		printf("* have local name resolution: %s\n", (have_local_resolution ? "true" : "false"));
 	}

 	/* enable haproxy protocol */
@ -378,7 +378,8 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
 		curl_easy_setopt(result.curl_state.curl, CURLOPT_HTTPHEADER, result.curl_state.header_list),
 		"CURLOPT_HTTPHEADER");

-#ifdef LIBCURL_FEATURE_SSL
+#if HAVE_SSL
+#	ifdef LIBCURL_FEATURE_SSL
 	/* set SSL version, warn about insecure or unsupported versions */
 	if (working_state.use_ssl) {
 		handle_curl_option_return_code(
@ -432,18 +433,18 @@ check_curl_configure_curl(const check_curl_static_curl_config config,

 	/* try hard to get a stack of certificates to verify against */
 	if (check_cert) {
-#	if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1)
+#		if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1)
 		/* inform curl to report back certificates */
 		switch (ssl_library) {
 		case CURLHELP_SSL_LIBRARY_OPENSSL:
 		case CURLHELP_SSL_LIBRARY_LIBRESSL:
 			/* set callback to extract certificate with OpenSSL context function (works with
 			 * OpenSSL-style libraries only!) */
-#		ifdef MOPL_USE_OPENSSL
+#			ifdef MOPL_USE_OPENSSL
 			/* libcurl and monitoring plugins built with OpenSSL, good */
 			add_sslctx_verify_fun = true;
 			is_openssl_callback = true;
-#		endif /* MOPL_USE_OPENSSL */
+#			endif /* MOPL_USE_OPENSSL */
 			/* libcurl is built with OpenSSL, monitoring plugins, so falling
 			 * back to manually extracting certificate information */
 			handle_curl_option_return_code(
@ -451,29 +452,29 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
 			break;

 		case CURLHELP_SSL_LIBRARY_NSS:
-#		if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+#			if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
 			/* NSS: support for CERTINFO is implemented since 7.34.0 */
 			handle_curl_option_return_code(
 				curl_easy_setopt(result.curl_state.curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
-#		else  /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+#			else  /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
 			die(STATE_CRITICAL,
 				"HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library "
 				"'%s' is too old)\n",
 				curlhelp_get_ssl_library_string(ssl_library));
-#		endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+#			endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
 			break;

 		case CURLHELP_SSL_LIBRARY_GNUTLS:
-#		if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0)
+#			if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0)
 			/* GnuTLS: support for CERTINFO is implemented since 7.42.0 */
 			handle_curl_option_return_code(
 				curl_easy_setopt(result.curl_state.curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
-#		else  /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
+#			else  /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
 			die(STATE_CRITICAL,
 				"HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library "
 				"'%s' is too old)\n",
 				curlhelp_get_ssl_library_string(ssl_library));
-#		endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
+#			endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
 			break;

 		case CURLHELP_SSL_LIBRARY_UNKNOWN:
@ -484,7 +485,7 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
 				curlhelp_get_ssl_library_string(ssl_library));
 			break;
 		}
-#	else  /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
+#		else  /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
 		/* old libcurl, our only hope is OpenSSL, otherwise we are out of luck */
 		if (ssl_library == CURLHELP_SSL_LIBRARY_OPENSSL ||
 			ssl_library == CURLHELP_SSL_LIBRARY_LIBRESSL) {
@ -494,11 +495,11 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
 								"CURLOPT_SSL_CTX_FUNCTION, no OpenSSL library or libcurl "
 								"too old and has no CURLOPT_CERTINFO)\n");
 		}
-#	endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
+#		endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
 	}

-#	if LIBCURL_VERSION_NUM >=                                                                     \
-		MAKE_LIBCURL_VERSION(7, 10, 6) /* required for CURLOPT_SSL_CTX_FUNCTION */
+#		if LIBCURL_VERSION_NUM >=                                                                 \
+			MAKE_LIBCURL_VERSION(7, 10, 6) /* required for CURLOPT_SSL_CTX_FUNCTION */
 	// ssl ctx function is not available with all ssl backends
 	if (curl_easy_setopt(result.curl_state.curl, CURLOPT_SSL_CTX_FUNCTION, NULL) !=
 		CURLE_UNKNOWN_OPTION) {
@ -506,8 +507,9 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
 			curl_easy_setopt(result.curl_state.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun),
 			"CURLOPT_SSL_CTX_FUNCTION");
 	}
-#	endif
-#endif /* LIBCURL_FEATURE_SSL */
+#		endif
+#	endif /* LIBCURL_FEATURE_SSL */
+#endif

 	/* set default or user-given user agent identification */
 	handle_curl_option_return_code(
@ -1302,9 +1304,12 @@ void test_file(char *path) {
 	usage2(_("file does not exist or is not readable"), path);
 }

+#if HAVE_SSL
 mp_subcheck mp_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn,
 										 int days_till_exp_crit);
+#endif

+#if HAVE_SSL
 mp_subcheck check_curl_certificate_checks(CURL *curl, X509 *cert, int warn_days_till_exp,
 										  int crit_days_till_exp) {
 	mp_subcheck sc_cert_result = mp_subcheck_init();
@ -1393,6 +1398,7 @@ mp_subcheck check_curl_certificate_checks(CURL *curl, X509 *cert, int warn_days_

 	return sc_cert_result;
 }
+#endif

 char *fmt_url(check_curl_working_state workingState) {
 	char *url = calloc(DEFAULT_BUFFER_SIZE, sizeof(char));
--- a/plugins/check_curl.d/check_curl_helpers.h
+++ b/plugins/check_curl.d/check_curl_helpers.h
@ -112,7 +112,9 @@ mp_subcheck check_document_dates(const curlhelp_write_curlbuf * /*header_buf*/,
 size_t get_content_length(const curlhelp_write_curlbuf *header_buf,
 						  const curlhelp_write_curlbuf *body_buf);
 int lookup_host(const char *host, char *buf, size_t buflen, sa_family_t addr_family);
+#if HAVE_SSL
 CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm);
+#endif

 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
 const char *strrstr2(const char *haystack, const char *needle);
@ -123,8 +125,10 @@ bool expected_statuscode(const char *reply, const char *statuscodes);
 char *string_statuscode(int major, int minor);

 void test_file(char *path);
+#if HAVE_SSL
 mp_subcheck check_curl_certificate_checks(CURL *curl, X509 *cert, int warn_days_till_exp,
 										  int crit_days_till_exp);
+#endif
 char *fmt_url(check_curl_working_state workingState);

 /* determine_hostname_resolver determines if the host or the proxy resolves the target hostname
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@ -70,7 +70,9 @@ int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor,
 	}
 	return (int)read(socket_descriptor, buf, (size_t)num);
 #else /* ifndef HAVE_SSL */
-	return read(socket_descriptor, buf, len)
+	(void)config;
+	(void)ssl_established;
+	return read(socket_descriptor, buf, num);
 #endif
 }

@ -83,7 +85,9 @@ int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor,
 	}
 	return (int)send(socket_descriptor, buf, (size_t)num, 0);
 #else /* ifndef HAVE_SSL */
-	return send(socket_descriptor, buf, len, 0);
+	(void)config;
+	(void)ssl_established;
+	return send(socket_descriptor, buf, num, 0);
 #endif
 }

@ -258,6 +262,7 @@ int main(int argc, char **argv) {
 		mp_exit(overall);
 	}

+#ifdef HAVE_SSL
 	bool supports_tls = false;
 	if (config.use_ehlo || config.use_lhlo) {
 		if (strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL) {
@ -275,7 +280,6 @@ int main(int argc, char **argv) {
 		mp_exit(overall);
 	}

-#ifdef HAVE_SSL
 	if (config.use_starttls) {
 		/* send the STARTTLS command */
 		send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
@ -792,14 +796,18 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
 			implicit_tls = true;
 			// fallthrough
 		case 's':
-			/* ssl */
+			/* TLS/SSL */
+#ifdef HAVE_SSL
 			result.config.use_ssl = true;
 			result.config.server_port = SMTPS_PORT;
+#endif
 			break;
 		case 'S':
-			/* starttls */
+			/* STARTTLS */
+#ifdef HAVE_SSL
 			result.config.use_starttls = true;
 			result.config.use_ehlo = true;
+#endif
 			break;
 		}
 		case SNI_OPTION:
@ -842,7 +850,9 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
 			break;
 		}
 		case ignore_certificate_expiration_index: {
+#ifdef HAVE_SSL
 			result.config.ignore_certificate_expiration = true;
+#endif
 		}
 		}
 	}
@ -860,6 +870,7 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
 		}
 	}

+#ifdef HAVE_SSL
 	if (result.config.use_starttls && result.config.use_ssl) {
 		if (implicit_tls) {
 			result.config.use_ssl = false;
@ -867,6 +878,7 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
 			usage4(_("Set either -s/--ssl/--tls or -S/--starttls"));
 		}
 	}
+#endif

 	if (server_port_option != 0) {
 		result.config.server_port = server_port_option;
--- a/plugins/check_snmp.d/check_snmp_helpers.c
+++ b/plugins/check_snmp.d/check_snmp_helpers.c
@ -896,7 +896,10 @@ state_key np_enable_state(char *keyname, int expected_data_version, const char *
 char *_np_state_generate_key(int argc, char **argv) {
 	unsigned char result[256];

-#ifdef USE_OPENSSL
+#if HAVE_SSL
+	(void)argc;
+	(void)argv;
+#	ifdef USE_OPENSSL
 	/*
 	 * This code path is chosen if openssl is available (which should be the most common
 	 * scenario). Alternatively, the gnulib implementation/
@ -911,7 +914,7 @@ char *_np_state_generate_key(int argc, char **argv) {
 	}

 	EVP_DigestFinal(ctx, result, NULL);
-#else
+#	else

 	struct sha256_ctx ctx;

@ -920,7 +923,8 @@ char *_np_state_generate_key(int argc, char **argv) {
 	}

 	sha256_finish_ctx(&ctx, result);
-#endif // FOUNDOPENSSL
+#	endif // USE_OPENSSL
+#endif     // HAVE_SSL

 	char keyname[41];
 	for (int i = 0; i < 20; ++i) {