Fix SSL certificate handling & minor printf format fixes

NagiosEnterprises / nrpe

NRPE Agent

GNU General Public License v2.0

257 stars 133 forks source link

Fix SSL certificate handling & minor printf format fixes #254

Closed dougnazar closed 2 years ago

dougnazar commented 3 years ago

Always load CA certificates if available.

Use SSL_CTX_use_certificate_chain_file() to load our public certifcate to allow loading intermediate & root CAs.

Verify that certificate & private key match.

This allows us to present the full certificate chain during handshake with the intermediate & root CAs stored in either the CA file or certificate file or a combination thereof.

dougnazar commented 3 years ago

Noticed the following items while testing with testssl. With the correct options, can now achieve an A+ grade.

Enforce server cipher order
Disable renegotiation.

Plus a few fixes to support compiling in a separate build directory.

sawolf commented 2 years ago

All of these changes look good to me - thanks for the patches