From 3d274ef2b6049d2a903f2795bb18fbb993990957 Mon Sep 17 00:00:00 2001 From: toni-moreno Date: Tue, 24 Feb 2015 11:53:41 +0100 Subject: [PATCH] added SSLCiphers into Instance section to select ciphers from client --- src/apache.c | 6 ++++++ src/collectd.conf.pod | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/src/apache.c b/src/apache.c index 75ef3e1b..3c4354f2 100644 --- a/src/apache.c +++ b/src/apache.c @@ -48,6 +48,7 @@ struct apache_s _Bool verify_peer; _Bool verify_host; char *cacert; + char *ssl_ciphers; char *server; /* user specific server type */ char *apache_buffer; char apache_curl_error[CURL_ERROR_SIZE]; @@ -72,6 +73,7 @@ static void apache_free (apache_t *st) sfree (st->user); sfree (st->pass); sfree (st->cacert); + sfree (st->ssl_ciphers); sfree (st->server); sfree (st->apache_buffer); if (st->curl) { @@ -205,6 +207,8 @@ static int config_add (oconfig_item_t *ci) status = cf_util_get_boolean (child, &st->verify_host); else if (strcasecmp ("CACert", child->key) == 0) status = cf_util_get_string (child, &st->cacert); + else if (strcasecmp ("SSLCiphers", child->key) == 0) + status = cf_util_get_string (child, &st->ssl_ciphers); else if (strcasecmp ("Server", child->key) == 0) status = cf_util_get_string (child, &st->server); else @@ -361,6 +365,8 @@ static int init_host (apache_t *st) /* {{{ */ st->verify_host ? 2L : 0L); if (st->cacert != NULL) curl_easy_setopt (st->curl, CURLOPT_CAINFO, st->cacert); + if (st->ssl_ciphers != NULL) + curl_easy_setopt (st->curl, CURLOPT_SSL_CIPHER_LIST,st->ssl_ciphers); return (0); } /* }}} int init_host */ diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod index 2ee22197..b9d83e59 100644 --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod @@ -766,6 +766,11 @@ File that holds one or more SSL certificates. If you want to use HTTPS you will possibly need this option. What CA certificates come bundled with C and are checked by default depends on the distribution you use. +=item B I + +(SSL) Specifies which ciphers to use in the connection. The list of ciphers must +specify valid ciphers. Read up on SSL cipher list details on this URL: + http://www.openssl.org/docs/apps/ciphers.html =back =head2 Plugin C -- 2.11.0