SSL/TLS encryption + authentication in NDOUtils

Matthieu Kermagoret mkermagoret at merethis.com
Mon Jul 20 15:44:13 CEST 2009

Previous message: [PATCH] - 3.0.3: only send out a service recovery escalation if a service is recovering from a non-OK state listed in the escalation or only 'r' is specified as an escalation option
Next message: ndoutils segfault
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all !

Here's a(nother) patch that provide SSL/TLS support to the NDOUtils.


What are its main characteristics ?

This patch uses the GNU TLS library for all cryptographic-related
tasks. Encryption can be configured to use either anonymous temporary
keys or certificates, the latter being able to provide authentication.


How to activate it ?

By default all SSL/TLS related code won't be compiled (the USE_TLS
macro needs to be defined). Once this macro has been set, nodutils
will be compiled with SSL/TLS support but you will have to activate it
in your configuration (either in a file or by a command line switch)
so that you can finally use it. I'm no autotools expert so I won't
provide any addin to the current files. But this shouldn't be
difficult, if any autoconf adept wan't to have a look...


How to configure it ?

There are 4 variables that can be defined :
  - use_tls : whether or not TLS should be activated on the socket
  - tls_cert : public certificate in PEM format. Will be used by the
peer to encrypt the connection
  - tls_key : private key in PEM format. Used to decrypt the connection
  - tls_ca : if one want authentication to be enforced, this variable
shall be set to the Certification Authority's public certificate (in
PEM format) that should have delivered the certificate of the peer. If
not, connection will be dropped.

Those variables can directly be defined in ndomod and ndo2db
configuration files. For file2sock and log2ndo, use command-line
switches :
  -T (or --tls) for use_tls
  -c <certification> (or --cert) for tls_cert
  -k <key> (or --key) for tls_key
  -C <CA> (or --ca) for tls_ca

If tls_cert _and_ tls_key are set, the connection will be encrypted
thanks to the certificate. If not, an anonymous temporary key will be
used.

Please, let me know what you think about it.

Best regards,

-- 
Matthieu KERMAGORET | Développeur

mkermagoret at merethis.com

MERETHIS est éditeur du logiciel Centreon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ndoutils-tls.patch
Type: text/x-diff
Size: 25066 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20090720/15fdb46f/attachment.patch>
-------------- next part --------------
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel

Previous message: [PATCH] - 3.0.3: only send out a service recovery escalation if a service is recovering from a non-OK state listed in the escalation or only 'r' is specified as an escalation option
Next message: ndoutils segfault
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list