diff -urN ../ndoutils-1.4b7/include/common.h ./include/common.h
--- ../ndoutils-1.4b7/include/common.h	2007-01-08 01:35:54.000000000 +0100
+++ ./include/common.h	2008-11-06 12:24:14.000000000 +0100
@@ -18,4 +18,16 @@
 #define NDO_OK        0
 
 
+#define HAVE_SSL 1
+#ifdef HAVE_SSL
+#include <rsa.h>
+#include <crypto.h>
+#include <dh.h>
+#include <pem.h>
+#include <ssl.h>
+#include <err.h>
+#include <rand.h>
+#endif
+
+
 #endif
diff -urN ../ndoutils-1.4b7/include/dh.h ./include/dh.h
--- ../ndoutils-1.4b7/include/dh.h	1970-01-01 01:00:00.000000000 +0100
+++ ./include/dh.h	2008-11-06 10:59:56.000000000 +0100
@@ -0,0 +1,26 @@
+#ifndef HEADER_DH_H
+#define HEADER_DH_H 1
+#include <openssl/dh.h>
+#endif
+DH *get_dh512()
+	{
+	static unsigned char dh512_p[]={
+		0xDF,0x28,0x54,0x54,0x42,0x96,0x87,0x0D,0x67,0x9D,0xCA,0x57,
+		0x53,0xF2,0x05,0x3A,0xE9,0x7E,0x7A,0xC3,0x00,0x3B,0x80,0x90,
+		0xBA,0x0E,0x8D,0xE1,0x1E,0x8A,0x30,0x9A,0x6B,0x26,0x7C,0x55,
+		0x70,0x82,0x7B,0x30,0xE5,0x1D,0x83,0x4B,0xB2,0x9B,0xE8,0xAA,
+		0xFA,0x41,0x72,0x14,0xF4,0x23,0x29,0x03,0xDB,0x8D,0xCF,0x3C,
+		0x79,0xE0,0x5F,0x13,
+		};
+	static unsigned char dh512_g[]={
+		0x02,
+		};
+	DH *dh;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		{ DH_free(dh); return(NULL); }
+	return(dh);
+	}
diff -urN ../ndoutils-1.4b7/include/io.h ./include/io.h
--- ../ndoutils-1.4b7/include/io.h	2007-01-08 01:35:54.000000000 +0100
+++ ./include/io.h	2008-11-06 16:20:24.000000000 +0100
@@ -47,4 +47,5 @@
 char *ndo_escape_buffer(char *);
 char *ndo_unescape_buffer(char *);
 
+
 #endif
diff -urN ../ndoutils-1.4b7/src/io.c ./src/io.c
--- ../ndoutils-1.4b7/src/io.c	2007-01-08 01:35:50.000000000 +0100
+++ ./src/io.c	2008-11-06 16:28:30.000000000 +0100
@@ -12,6 +12,16 @@
 #include "../include/io.h"
 
 
+#ifdef HAVE_SSL
+SSL_METHOD *meth;
+SSL_CTX *ctx;
+SSL *ssl;
+int use_ssl=NDO_TRUE;
+#else
+int use_ssl=NDO_FALSE;
+#endif
+
+
 
 
 /**************************************************************/
@@ -140,6 +150,7 @@
 	struct hostent *hp=NULL;
 	mode_t mode=S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP;
 	int newfd=0;
+	int rc;
 
 	/* use file */
 	if(type==NDO_SINK_FILE){
@@ -178,6 +189,22 @@
 
 	/* we are sending output to a TCP socket */
 	else if(type==NDO_SINK_TCPSOCKET){
+#ifdef HAVE_SSL
+		if(use_ssl==NDO_TRUE){
+			SSL_library_init();
+                	SSLeay_add_ssl_algorithms();
+                	meth=SSLv23_client_method();
+                	SSL_load_error_strings();
+                	if((ctx=SSL_CTX_new(meth))==NULL){
+                        	printf("CHECK_NRPE: Error - could not create SSL context.\n");
+                        	return NDO_ERROR;
+                        	}
+                	/* ADDED 01/19/2004 */
+                	/* use only TLSv1 protocol */
+                	SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+			}
+#endif
+
 
 		if(name==NULL)
 			return NDO_ERROR;
@@ -208,7 +235,24 @@
 			close(newfd);
 			return NDO_ERROR;
 		        }
-	        }
+#ifdef HAVE_SSL
+		if(use_ssl==NDO_TRUE){
+			if((ssl=SSL_new(ctx))!=NULL){
+                        	SSL_CTX_set_cipher_list(ctx,"ADH");
+                        	SSL_set_fd(ssl,newfd);
+                        	if((rc=SSL_connect(ssl))!=1){
+					printf("Error - Could not complete SSL handshake.\n");
+					SSL_CTX_free(ctx);
+	                        	close(newfd);
+					return NDO_ERROR;
+					}
+			}else{
+				printf("CHECK_NRPE: Error - Could not create SSL connection structure.\n");
+				return NDO_ERROR;
+				}
+			}
+#endif
+	}
 
 	/* unknown sink type */
 	else
@@ -234,8 +278,13 @@
 	while(tbytes<buflen){
 
 		/* try to write everything we have left */
-		result=write(fd,buf+tbytes,buflen-tbytes);
-
+		if(use_ssl==NDO_FALSE)
+			result=write(fd,buf+tbytes,buflen-tbytes);
+#ifdef HAVE_SSL
+		else{
+			result=SSL_write(ssl,buf+tbytes,buflen-tbytes);	
+		}
+#endif
 		/* some kind of error occurred */
 		if(result==-1){
 
diff -urN ../ndoutils-1.4b7/src/Makefile.new ./src/Makefile.new
--- ../ndoutils-1.4b7/src/Makefile.new	1970-01-01 01:00:00.000000000 +0100
+++ ./src/Makefile.new	2008-11-06 13:46:29.000000000 +0100
@@ -0,0 +1,96 @@
+###############################
+# Makefile for NDO
+#
+# Last Modified: 10-02-2007
+###############################
+
+
+# Source code directories
+SRC_INCLUDE=../include
+
+CC=gcc
+
+CFLAGS=-g -O2 -DHAVE_CONFIG_H 
+
+# We don't like ANSI because ANSI doesn't like us! phhht!
+#CFLAGS=-g -Wall -ansi -pedantic -DHAVE_CONFIG_H
+
+# Compiler flags for use with Valgrind
+#CFLAGS=-O0 -g -DHAVE_CONFIG_H
+
+MOD_CFLAGS=-fPIC
+LDFLAGS=
+MOD_LDFLAGS=-shared
+LIBS=-lz 
+SOCKETLIBS= -lnsl
+DBCFLAGS=
+DBLDFLAGS= -L/usr/lib/mysql
+DBLIBS= -lmysqlclient
+MATHLIBS=-lm
+OTHERLIBS=-lssl -lcrypto
+
+COMMON_INC=$(SRC_INCLUDE)/config.h $(SRC_INCLUDE)/common.h $(SRC_INCLUDE)/io.h $(SRC_INCLUDE)/protoapi.h $(SRC_INCLUDE)/utils.h
+COMMON_SRC=io.c utils.c
+COMMON_OBJS=io.o utils.o
+
+NDO_INC=$(SRC_INCLUDE)/ndo2db.h $(SRC_INCLUDE)/db.h
+NDO_SRC=db.c
+NDO_OBJS=db.o
+
+CP=@CP@
+
+
+all: file2sock log2ndo ndo2db ndomod sockdebug
+
+file2sock: file2sock.c $(COMMON_INC) $(COMMON_OBJS)
+	$(CC) $(CFLAGS) -o $@ -I/usr/include/openssl file2sock.c $(COMMON_OBJS) $(LDFLAGS) $(LIBS) $(MATHLIBS) $(SOCKETLIBS) $(OTHERLIBS)
+
+log2ndo: log2ndo.c $(COMMON_INC) $(COMMON_OBJS)
+	$(CC) $(CFLAGS) -o $@ log2ndo.c -I/usr/include/openssl $(COMMON_OBJS) $(LDFLAGS) $(LIBS) $(MATHLIBS) $(SOCKETLIBS) $(OTHERLIBS)
+
+ndo2db:
+	$(MAKE) ndo2db-2x
+	$(MAKE) ndo2db-3x
+
+ndo2db-2x: ndo2db.c $(NDO_INC) $(NDO_OBJS) $(COMMON_INC) $(COMMON_OBJS) dbhandlers-2x.o
+	$(CC) $(CFLAGS) $(DBCFLAGS) -D BUILD_NAGIOS_2X -o ndo2db-2x ndo2db.c dbhandlers-2x.o $(COMMON_OBJS) $(NDO_OBJS) $(LDFLAGS) $(DBLDFLAGS) $(LIBS) $(SOCKETLIBS) $(DBLIBS) $(MATHLIBS) $(OTHERLIBS) -I/usr/include/openssl
+
+ndo2db-3x: ndo2db.c $(NDO_INC) $(NDO_OBJS) $(COMMON_INC) $(COMMON_OBJS) dbhandlers-3x.o
+	$(CC) $(CFLAGS) $(DBCFLAGS) -D BUILD_NAGIOS_3X -o ndo2db-3x ndo2db.c dbhandlers-3x.o $(COMMON_OBJS) $(NDO_OBJS) $(LDFLAGS) $(DBLDFLAGS) $(LIBS) $(SOCKETLIBS) $(DBLIBS) $(MATHLIBS) $(OTHERLIBS) -I/usr/include/openssl
+
+ndomod: 
+	$(MAKE) ndomod-2x.o
+	$(MAKE) ndomod-3x.o
+
+ndomod-2x.o: ndomod.c $(COMMON_INC) $(COMMON_OBJS)
+	$(CC) $(MOD_CFLAGS) $(CFLAGS) -D BUILD_NAGIOS_2X -o ndomod-2x.o ndomod.c $(COMMON_OBJS) $(MOD_LDFLAGS) $(LDFLAGS) $(LIBS) $(SOCKETLIBS) $(OTHERLIBS) -I/usr/include/openssl
+
+ndomod-3x.o: ndomod.c $(COMMON_INC) $(COMMON_OBJS)
+	$(CC) $(MOD_CFLAGS) $(CFLAGS) -D BUILD_NAGIOS_3X -o ndomod-3x.o ndomod.c $(COMMON_OBJS) $(MOD_LDFLAGS) $(LDFLAGS) $(LIBS) $(SOCKETLIBS) $(OTHERLIBS) -I/usr/include/openssl
+
+sockdebug: sockdebug.c $(COMMON_INC) $(COMMON_OBJS)
+	$(CC) $(CFLAGS) -o $@ sockdebug.c $(COMMON_OBJS) $(LDFLAGS) $(LIBS) $(MATHLIBS) $(SOCKETLIBS) $(OTHERLIBS)
+
+io.o: io.c $(SRC_INCLUDE)/io.h
+	$(CC) $(MOD_CFLAGS) -I/usr/include/openssl $(CFLAGS) -c -o $@ io.c
+
+utils.o: utils.c $(SRC_INCLUDE)/utils.h
+	$(CC) $(MOD_CFLAGS) $(CFLAGS) -c -o $@ utils.c
+
+db.o: db.c $(SRC_INCLUDE)/db.h
+	$(CC) $(CFLAGS) -c -o $@ db.c
+
+dbhandlers-2x.o: dbhandlers.c $(SRC_INCLUDE)/dbhandlers.h
+	$(CC) $(CFLAGS) -D BUILD_NAGIOS_2X -c -o $@ dbhandlers.c
+
+dbhandlers-3x.o: dbhandlers.c $(SRC_INCLUDE)/dbhandlers.h
+	$(CC) $(CFLAGS) -D BUILD_NAGIOS_3X -c -o $@ dbhandlers.c
+
+clean:
+	rm -f core file2sock log2ndo ndo2db-2x ndo2db-3x sockdebug *.o
+	rm -f *~ */*~
+
+distclean: clean
+	rm -f Makefile
+
+devclean: distclean
diff -urN ../ndoutils-1.4b7/src/ndo2db.c ./src/ndo2db.c
--- ../ndoutils-1.4b7/src/ndo2db.c	2007-10-31 19:17:05.000000000 +0100
+++ ./src/ndo2db.c	2008-11-06 16:07:52.000000000 +0100
@@ -28,6 +28,14 @@
 #define NDO2DB_NAME "NDO2DB"
 #define NDO2DB_DATE "10-31-2007"
 
+#ifdef HAVE_SSL
+#include "../include/dh.h"
+SSL_METHOD *meth;
+SSL_CTX *ctx;
+int     allow_weak_random_seed=FALSE;
+#endif
+extern int use_ssl;
+
 
 extern int errno;
 
@@ -76,6 +84,12 @@
 	mtrace();
 #endif
 
+#ifdef HAVE_SSL
+        DH *dh;
+        char seedfile[FILENAME_MAX];
+        int i,c;
+#endif
+
 	result=ndo2db_process_arguments(argc,argv);
 
         if(result!=NDO_OK || ndo2db_show_help==NDO_TRUE || ndo2db_show_license==NDO_TRUE || ndo2db_show_version==NDO_TRUE){
@@ -88,6 +102,9 @@
 		printf("Copyright(c) 2005-2007 Ethan Galstad (nagios@nagios.org)\n");
 		printf("Last Modified: %s\n",NDO2DB_DATE);
 		printf("License: GPL v2\n");
+#ifdef HAVE_SSL
+                printf("SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required\n");
+#endif
 		printf("\n");
 		printf("Stores Nagios event and configuration data to a database for later retrieval\n");
 		printf("and processing.  Clients that are capable of sending data to the NDO2DB daemon\n");
@@ -117,6 +134,53 @@
 		printf("One or more required parameters is missing or incorrect.\n");
 		exit(1);
 	        }
+#ifdef HAVE_SSL
+	/* initialize SSL */
+        if(use_ssl==NDO_TRUE){
+                SSL_library_init();
+                SSLeay_add_ssl_algorithms();
+                meth=SSLv23_server_method();
+                SSL_load_error_strings();
+
+                /* use week random seed if necessary */
+                if(allow_weak_random_seed && (RAND_status()==0)){
+
+                        if(RAND_file_name(seedfile,sizeof(seedfile)-1))
+                                if(RAND_load_file(seedfile,-1))
+                                        RAND_write_file(seedfile);
+
+                        if(RAND_status()==0){
+                                syslog(LOG_ERR,"Warning: SSL/TLS uses a weak random seed which is highly discouraged");
+                                srand(time(NULL));
+                                for(i=0;i<500 && RAND_status()==0;i++){
+                                        for(c=0;c<sizeof(seedfile);c+=sizeof(int)){
+                                                *((int *)(seedfile+c))=rand();
+                                                }
+                                        RAND_seed(seedfile,sizeof(seedfile));
+                                        }
+                                }
+                }
+                if((ctx=SSL_CTX_new(meth))==NULL){
+                        syslog(LOG_ERR,"Error: could not create SSL context.\n");
+                        exit(1);
+                        }
+
+                /* ADDED 01/19/2004 */
+                /* use only TLSv1 protocol */
+                SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
+                /* use anonymous DH ciphers */
+                SSL_CTX_set_cipher_list(ctx,"ADH");
+                dh=get_dh512();
+                SSL_CTX_set_tmp_dh(ctx,dh);
+                DH_free(dh);
+              	syslog(LOG_INFO,"INFO: SSL/TLS initialized. All network traffic will be encrypted.");
+               
+        }else{
+                syslog(LOG_INFO,"INFO: SSL/TLS NOT initialized. Network encryption DISABLED.");
+        }
+	/*Fin Hack SSL*/
+#endif
 
 	/* make sure we support the db option chosen... */
 #ifdef USE_MYSQL
@@ -132,6 +196,11 @@
 #endif
 	if(db_supported==NDO_FALSE){
 		printf("Support for the specified database server is either not yet supported, or was not found on your system.\n");
+#ifdef HAVE_SSL
+        	if(use_ssl==NDO_TRUE)
+                	SSL_CTX_free(ctx);
+#endif
+
 		exit(1);
 	        }
 
@@ -171,6 +240,12 @@
 	/* free memory */
 	ndo2db_free_program_memory();
 
+#ifdef HAVE_SSL
+        if(use_ssl==NDO_TRUE)
+                SSL_CTX_free(ctx);
+#endif
+
+
 	return 0;
         }
 
@@ -374,6 +449,9 @@
 		ndo2db_debug_verbosity=atoi(val);
 	else if(!strcmp(var,"max_debug_file_size"))
 		ndo2db_max_debug_file_size=strtoul(val,NULL,0);
+	else if(!strcmp(var,"use_ssl"))
+		use_ssl=strtoul(val,NULL,0);
+
 
 	return NDO_OK;
         }
@@ -788,6 +866,14 @@
 	int result=0;
 	int error=NDO_FALSE;
 
+#ifdef HAVE_SSL
+	SSL *ssl=NULL;
+#endif
+
+#ifdef DEBUG
+	FILE *errfp;
+#endif
+
 	/* open syslog facility */
 	/*openlog("ndo2db",0,LOG_DAEMON);*/
 
@@ -812,20 +898,64 @@
 	ndo2db_db_init(&idi);
 	ndo2db_db_connect(&idi);
 
+#ifdef HAVE_SSL
+	if(use_ssl==NDO_TRUE){
+		if((ssl=SSL_new(ctx))!=NULL){
+                        SSL_set_fd(ssl,sd);
+			/* keep attempting the request if needed */
+                        while(((result=SSL_accept(ssl))!=1) && (SSL_get_error(ssl,result)==SSL_ERROR_WANT_READ));
+
+                        if(result!=1){
+				syslog(LOG_ERR,"Error: Could not complete SSL handshake. %d\n",SSL_get_error(ssl,result));
+#ifdef DEBUG
+				errfp=fopen("/tmp/err.log","w");
+				ERR_print_errors_fp(errfp);
+				fclose(errfp);
+#endif
+				return NDO_ERROR;
+				}
+			}
+		}
+#endif	
+
+
 	/* read all data from client */
 	while(1){
+		if(use_ssl==NDO_FALSE)
+			result=read(sd,buf,sizeof(buf)-1);
+#ifdef HAVE_SSL
+		else{
+			result=SSL_read(ssl,buf,sizeof(buf)-1);
+			if(result==-1 && (SSL_get_error(ssl,result)==SSL_ERROR_WANT_READ)){
+				syslog(LOG_ERR,"SSL read error\n");
+				}
+			}
+#endif
+
 
-		result=read(sd,buf,sizeof(buf)-1);
 
 		/* bail out on hard errors */
 		if(result==-1 && (errno!=EAGAIN && errno!=EINTR)){
 			error=NDO_TRUE;
+#ifdef HAVE_SSL
+			if(ssl){
+				SSL_shutdown(ssl);
+				SSL_free(ssl);
+				syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+	                        }
+#endif
 			break;
 		        }
 
 		/* zero bytes read means we lost the connection with the client */
 		if(result==0){
-
+#ifdef HAVE_SSL
+			if(ssl){
+				SSL_shutdown(ssl);
+				SSL_free(ssl);
+				syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
+				}
+#endif
 			/* gracefully back out of current operation... */
 			ndo2db_db_goodbye(&idi);
 
diff -urN ../ndoutils-1.4b7/src/ndomod.c ./src/ndomod.c
--- ../ndoutils-1.4b7/src/ndomod.c	2007-10-31 19:17:05.000000000 +0100
+++ ./src/ndomod.c	2008-11-06 16:21:17.000000000 +0100
@@ -104,7 +104,7 @@
 
 extern int __nagios_object_structure_version;
 
-
+extern int use_ssl;
 
 #define DEBUG_NDO 1
 
@@ -428,6 +428,10 @@
 	else if(!strcmp(var,"buffer_file"))
 		ndomod_buffer_file=strdup(val);
 
+	else if(!strcmp(var,"use_ssl"))
+		use_ssl=strtoul(val,NULL,0);
+
+
 	else
 		return NDO_ERROR;