Submiting patch for nrpe

[Ethan Galstad]

Hi Stephen -

The patch applied cleanly, but I might hold off on comitting it to 
CVS.  The reason for this is I think the encryption should probably 
be used on top of SSL, rather than instead of it.  I think one of the 
big reasons for using SSL/TLS connections is the fact that its harder 
to do "replay" attacks and fake check results.  If we go with crypto 
on top of the TLS connection, I would probably look at brining back 
optional support for the mcrypt() library, which handles a number of 
crypto algorithms (including Blowfish).  Anyone have comments on this 
approach?  I'm not an SSL/TLS/crypto expert by any means, so I might 
be totally off-base. :-)


On 14 Jan 2004 at 15:33, Stephen Strudwick wrote:

> Hi all,
> 
> attached is a patch for nrpe that enables blowfish encryption as a
> compile time option.
> 
> This is a large patch, so I also have an html document attached
> describing the patch and how to apply/use it.
> 
> The patch should be applied to the latest CVS tree for nrpe, not the
> released tar.gz.
> 
> I would really appreciate it if it could be considered for addition to
> the cvs tree, and any criticisms etc welcome.
> 
> On a related note, I am also preparing a similar patch for nrpe_nt,
> and I also have a load of C plugins almost ready for release for
> nrpe_nt, hopefully they will be ready by the end of the week.
> 
> -
> Stephen Strudwick
> Advanced Development Engineer
> Development Group, Product Development
> PIPEX Communications
> http://www.pipexcommunications.net/
> 



Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn