--- src/libs/zbxcrypto/tls.c.orig 2016-12-21 08:08:40 UTC +++ src/libs/zbxcrypto/tls.c @@ -54,7 +54,8 @@ # define ZBX_TLS_CIPHERSUITE_ALL 2 /* select ciphersuites with certificate and PSK */ #endif -#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x1010000fL /* for OpenSSL 1.0.1/1.0.2 (before 1.1.0) */ +#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x1010000fL \ + || defined(LIBRESSL_VERSION_NUMBER) /* for OpenSSL 1.0.1/1.0.2 (before 1.1.0) */ /* mutexes for multi-threaded OpenSSL (see "man 3ssl threads" and example in crypto/threads/mttest.c) */ @@ -178,8 +179,10 @@ extern char *CONFIG_TLS_SERVER_CERT_I extern char *CONFIG_TLS_SERVER_CERT_SUBJECT; extern char *CONFIG_TLS_CERT_FILE; extern char *CONFIG_TLS_KEY_FILE; +#ifndef OPENSSL_NO_PSK extern char *CONFIG_TLS_PSK_IDENTITY; extern char *CONFIG_TLS_PSK_FILE; +#endif ZBX_THREAD_LOCAL static char *my_psk_identity = NULL; ZBX_THREAD_LOCAL static size_t my_psk_identity_len = 0; @@ -216,11 +219,13 @@ ZBX_THREAD_LOCAL static const SSL_METHOD ZBX_THREAD_LOCAL static SSL_CTX *ctx_cert = NULL; ZBX_THREAD_LOCAL static SSL_CTX *ctx_psk = NULL; ZBX_THREAD_LOCAL static SSL_CTX *ctx_all = NULL; +#ifndef OPENSSL_NO_PSK /* variables for passing required PSK identity and PSK info to client callback function */ ZBX_THREAD_LOCAL static char *psk_identity_for_cb = NULL; ZBX_THREAD_LOCAL static size_t psk_identity_len_for_cb = 0; ZBX_THREAD_LOCAL static char *psk_for_cb = NULL; ZBX_THREAD_LOCAL static size_t psk_len_for_cb = 0; +#endif static int init_done = 0; /* buffer for messages produced by zbx_openssl_info_cb() */ ZBX_THREAD_LOCAL char info_buf[256]; @@ -532,11 +537,13 @@ static const char *zbx_tls_parameter_nam if (&CONFIG_TLS_KEY_FILE == param) return ZBX_TLS_PARAMETER_CONFIG_FILE == type ? "TLSKeyFile" : "--tls-key-file"; +#ifndef OPENSSL_NO_PSK if (&CONFIG_TLS_PSK_IDENTITY == param) return ZBX_TLS_PARAMETER_CONFIG_FILE == type ? "TLSPSKIdentity" : "--tls-psk-identity"; if (&CONFIG_TLS_PSK_FILE == param) return ZBX_TLS_PARAMETER_CONFIG_FILE == type ? "TLSPSKFile" : "--tls-psk-file"; +#endif THIS_SHOULD_NEVER_HAPPEN; @@ -742,8 +749,10 @@ void zbx_tls_validate_config(void) zbx_tls_parameter_not_empty(&CONFIG_TLS_SERVER_CERT_SUBJECT); zbx_tls_parameter_not_empty(&CONFIG_TLS_CERT_FILE); zbx_tls_parameter_not_empty(&CONFIG_TLS_KEY_FILE); +#ifndef OPENSSL_NO_PSK zbx_tls_parameter_not_empty(&CONFIG_TLS_PSK_IDENTITY); zbx_tls_parameter_not_empty(&CONFIG_TLS_PSK_FILE); +#endif /* parse and validate 'TLSConnect' parameter (in zabbix_proxy.conf, zabbix_agentd.conf) and '--tls-connect' */ /* parameter (in zabbix_get and zabbix_sender) */ @@ -756,8 +765,10 @@ void zbx_tls_validate_config(void) configured_tls_connect_mode = ZBX_TCP_SEC_UNENCRYPTED; else if (0 == strcmp(CONFIG_TLS_CONNECT, ZBX_TCP_SEC_TLS_CERT_TXT)) configured_tls_connect_mode = ZBX_TCP_SEC_TLS_CERT; +#ifndef OPENSSL_NO_PSK else if (0 == strcmp(CONFIG_TLS_CONNECT, ZBX_TCP_SEC_TLS_PSK_TXT)) configured_tls_connect_mode = ZBX_TCP_SEC_TLS_PSK; +#endif else zbx_tls_validation_error(ZBX_TLS_VALIDATION_INVALID, &CONFIG_TLS_CONNECT, NULL); } @@ -785,8 +796,10 @@ void zbx_tls_validate_config(void) accept_modes_tmp |= ZBX_TCP_SEC_UNENCRYPTED; else if (0 == strcmp(p, ZBX_TCP_SEC_TLS_CERT_TXT)) accept_modes_tmp |= ZBX_TCP_SEC_TLS_CERT; +#ifndef OPENSSL_NO_PSK else if (0 == strcmp(p, ZBX_TCP_SEC_TLS_PSK_TXT)) accept_modes_tmp |= ZBX_TCP_SEC_TLS_PSK; +#endif else { zbx_free(s); @@ -841,6 +854,7 @@ void zbx_tls_validate_config(void) &CONFIG_TLS_CERT_FILE); } +#ifndef OPENSSL_NO_PSK /* either both a PSK and a PSK identity must be defined or none of them */ if (NULL != CONFIG_TLS_PSK_FILE && NULL == CONFIG_TLS_PSK_IDENTITY) @@ -852,6 +866,7 @@ void zbx_tls_validate_config(void) /* PSK identity must be a valid UTF-8 string (RFC 4279 says Unicode) */ if (NULL != CONFIG_TLS_PSK_IDENTITY && SUCCEED != zbx_is_utf8(CONFIG_TLS_PSK_IDENTITY)) zbx_tls_validation_error(ZBX_TLS_VALIDATION_UTF8, &CONFIG_TLS_PSK_IDENTITY, NULL); +#endif /* active agentd, active proxy, zabbix_get, and zabbix_sender specific validation */ @@ -867,11 +882,13 @@ void zbx_tls_validate_config(void) &CONFIG_TLS_CONNECT); } +#ifndef OPENSSL_NO_PSK if (NULL != CONFIG_TLS_PSK_FILE && NULL == CONFIG_TLS_CONNECT) { zbx_tls_validation_error(ZBX_TLS_VALIDATION_DEPENDENCY, &CONFIG_TLS_PSK_FILE, &CONFIG_TLS_CONNECT); } +#endif if (0 != (configured_tls_connect_mode & ZBX_TCP_SEC_TLS_CERT) && NULL == CONFIG_TLS_CERT_FILE) { @@ -879,11 +896,13 @@ void zbx_tls_validate_config(void) &CONFIG_TLS_CERT_FILE); } +#ifndef OPENSSL_NO_PSK if (0 != (configured_tls_connect_mode & ZBX_TCP_SEC_TLS_PSK) && NULL == CONFIG_TLS_PSK_FILE) { zbx_tls_validation_error(ZBX_TLS_VALIDATION_REQUIREMENT, &CONFIG_TLS_CONNECT, &CONFIG_TLS_PSK_FILE); } +#endif } /* passive agentd and passive proxy specific validation */ @@ -899,11 +918,13 @@ void zbx_tls_validate_config(void) &CONFIG_TLS_ACCEPT); } +#ifndef OPENSSL_NO_PSK if (NULL != CONFIG_TLS_PSK_FILE && NULL == CONFIG_TLS_ACCEPT) { zbx_tls_validation_error(ZBX_TLS_VALIDATION_DEPENDENCY, &CONFIG_TLS_PSK_FILE, &CONFIG_TLS_ACCEPT); } +#endif if (0 != (configured_tls_accept_modes & ZBX_TCP_SEC_TLS_CERT) && NULL == CONFIG_TLS_CERT_FILE) { @@ -911,11 +932,13 @@ void zbx_tls_validate_config(void) &CONFIG_TLS_CERT_FILE); } +#ifndef OPENSSL_NO_PSK if (0 != (configured_tls_accept_modes & ZBX_TCP_SEC_TLS_PSK) && NULL == CONFIG_TLS_PSK_FILE) { zbx_tls_validation_error(ZBX_TLS_VALIDATION_REQUIREMENT, &CONFIG_TLS_ACCEPT, &CONFIG_TLS_PSK_FILE); } +#endif } } #endif /* defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) */ @@ -1363,6 +1386,7 @@ static int zbx_psk_cb(gnutls_session_t s * by this callback function. We use global variables to pass this info. * * * ******************************************************************************/ +#ifndef OPENSSL_NO_PSK static unsigned int zbx_psk_client_cb(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) { @@ -1396,6 +1420,7 @@ static unsigned int zbx_psk_client_cb(SS return (unsigned int)psk_len_for_cb; } +#endif /****************************************************************************** * * @@ -1529,6 +1554,7 @@ static void zbx_check_psk_identity_len(s * at runtime. * * * ******************************************************************************/ +#ifndef OPENSSL_NO_PSK static void zbx_read_psk_file(void) { FILE *f; @@ -1593,6 +1619,7 @@ out: zbx_tls_free(); exit(EXIT_FAILURE); } +#endif /* OPENSSL_NO_PSK */ #endif #if defined(HAVE_POLARSSL) @@ -3152,6 +3179,7 @@ void zbx_tls_init_child(void) /* Create context for PSK-only authentication. PSK can come from configuration file (in proxy, agentd) */ /* and later from database (in server, proxy). */ +#ifndef OPENSSL_NO_PSK if (NULL != CONFIG_TLS_PSK_FILE || 0 != (program_type & (ZBX_PROGRAM_TYPE_SERVER | ZBX_PROGRAM_TYPE_PROXY))) { if (NULL == (ctx_psk = SSL_CTX_new(method))) @@ -3160,6 +3188,7 @@ void zbx_tls_init_child(void) if (1 != SSL_CTX_set_min_proto_version(ctx_psk, TLS1_2_VERSION)) goto out_method; } +#endif /* Sometimes we need to be ready for both certificate and PSK whichever comes in. Set up a universal context */ /* for certificate and PSK authentication to prepare for both. */ @@ -3314,6 +3343,7 @@ void zbx_tls_init_child(void) /* 'TLSPSKIdentity' and 'TLSPSKFile' parameters (in zabbix_proxy.conf, zabbix_agentd.conf). */ /* Load pre-shared key and identity to be used with the pre-shared key. */ +#ifndef OPENSSL_NO_PSK if (NULL != CONFIG_TLS_PSK_FILE) { my_psk_identity = CONFIG_TLS_PSK_IDENTITY; @@ -3339,6 +3369,7 @@ void zbx_tls_init_child(void) psk_for_cb = my_psk; psk_len_for_cb = my_psk_len; } +#endif if (NULL != ctx_cert) { @@ -3375,6 +3406,7 @@ void zbx_tls_init_child(void) zbx_log_ciphersuites(__function_name, "certificate", ctx_cert); } +#ifndef OPENSSL_NO_PSK if (NULL != ctx_psk) { const char *ciphers; @@ -3408,6 +3440,7 @@ void zbx_tls_init_child(void) zbx_log_ciphersuites(__function_name, "PSK", ctx_psk); } +#endif if (NULL != ctx_all) { @@ -3415,8 +3448,10 @@ void zbx_tls_init_child(void) SSL_CTX_set_info_callback(ctx_all, zbx_openssl_info_cb); +#ifndef OPENSSL_NO_PSK if (0 != (program_type & (ZBX_PROGRAM_TYPE_SERVER | ZBX_PROGRAM_TYPE_PROXY | ZBX_PROGRAM_TYPE_AGENTD))) SSL_CTX_set_psk_server_callback(ctx_all, zbx_psk_server_cb); +#endif SSL_CTX_set_mode(ctx_all, SSL_MODE_AUTO_RETRY); SSL_CTX_set_options(ctx_all, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_TICKET); @@ -4188,6 +4223,7 @@ int zbx_tls_connect(zbx_socket_t *s, uns goto out; } } +#ifndef OPENSSL_NO_PSK else if (ZBX_TCP_SEC_TLS_PSK == tls_connect) { zabbix_log(LOG_LEVEL_DEBUG, "In %s(): psk_identity:\"%s\"", __function_name, @@ -4242,6 +4278,7 @@ int zbx_tls_connect(zbx_socket_t *s, uns psk_len_for_cb = (size_t)psk_len; } } +#endif else { *error = zbx_strdup(*error, "invalid connection parameters"); @@ -5675,7 +5712,8 @@ int zbx_tls_get_attr_cert(const zbx_sock } #endif -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) \ + || (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) /****************************************************************************** * * * Function: zbx_tls_get_attr_psk * --- src/libs/zbxcrypto/tls.h.orig 2016-12-21 08:08:40 UTC +++ src/libs/zbxcrypto/tls.h @@ -60,11 +60,13 @@ typedef struct gnutls_priority_t ciphersuites_psk; #elif defined(HAVE_OPENSSL) SSL_CTX *ctx_cert; +#ifndef OPENSSL_NO_PSK SSL_CTX *ctx_psk; char *psk_identity_for_cb; size_t psk_identity_len_for_cb; char *psk_for_cb; size_t psk_len_for_cb; +#endif /* OPENSSL_NO_PSKOPENSSL_NO_PSK */ #endif } ZBX_THREAD_SENDVAL_TLS_ARGS; --- src/libs/zbxdbcache/dbconfig.c.orig 2016-12-21 08:08:40 UTC +++ src/libs/zbxdbcache/dbconfig.c @@ -33,6 +33,7 @@ #include "zbxregexp.h" #include "cfg.h" #include "../zbxcrypto/tls_tcp_active.h" +#include static int sync_in_progress = 0; @@ -273,7 +274,8 @@ ZBX_DC_CALCITEM; typedef zbx_item_history_value_t ZBX_DC_DELTAITEM; -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ + (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) typedef struct { const char *tls_psk_identity; /* pre-shared key identity */ @@ -321,7 +323,9 @@ typedef struct #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) const char *tls_issuer; const char *tls_subject; +#ifndef OPENSSL_NO_PSK ZBX_DC_PSK *tls_dc_psk; +#endif /* OPENSSL_NO_PSK */ #endif const char *error; const char *snmp_error; @@ -1370,7 +1374,8 @@ static void DCsync_hosts(DB_RESULT resul time_t now; signed char ipmi_authtype; unsigned char ipmi_privilege; -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ + (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) ZBX_DC_PSK *psk_i, psk_i_local; zbx_ptr_pair_t *psk_owner, psk_owner_local; zbx_hashset_t psk_owners; @@ -1380,7 +1385,8 @@ static void DCsync_hosts(DB_RESULT resul zbx_vector_uint64_create(&ids); zbx_vector_uint64_reserve(&ids, config->hosts.num_data + 32); -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ + (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) zbx_hashset_create(&psk_owners, 0, ZBX_DEFAULT_PTR_HASH_FUNC, ZBX_DEFAULT_PTR_COMPARE_FUNC); #endif now = time(NULL); @@ -1523,7 +1529,7 @@ static void DCsync_hosts(DB_RESULT resul /* done */ /* */ /*****************************************************************************/ - +#ifndef OPENSSL_NO_PSK psk_owner = NULL; if ('\0' == *row[33] || '\0' == *row[34]) /* new PSKid or value empty */ @@ -1645,6 +1651,7 @@ done: zbx_hashset_insert(&psk_owners, &psk_owner_local, sizeof(psk_owner_local)); } } +#endif /* OPENSSL_NO_PSK */ #endif ZBX_STR2UCHAR(host->tls_connect, row[29]); ZBX_STR2UCHAR(host->tls_accept, row[30]); @@ -1841,6 +1848,7 @@ done: zbx_strpool_release(host->tls_issuer); zbx_strpool_release(host->tls_subject); +#ifndef OPENSSL_NO_PSK /* Maintain 'psks' index. Unlink and delete the PSK identity. */ if (NULL != host->tls_dc_psk) { @@ -1854,13 +1862,15 @@ done: zbx_hashset_remove_direct(&config->psks, psk_i); } } +#endif /* OPENSSL_NO_PSK */ #endif zbx_hashset_iter_remove(&iter); } zbx_vector_uint64_destroy(&ids); -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ + (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) zbx_hashset_destroy(&psk_owners); #endif zabbix_log(LOG_LEVEL_DEBUG, "End of %s()", __function_name); @@ -5169,7 +5179,8 @@ static int __config_regexp_compare(const return r1->name == r2->name ? 0 : strcmp(r1->name, r2->name); } -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ + (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) static zbx_hash_t __config_psk_hash(const void *data) { const ZBX_DC_PSK *psk_i = (const ZBX_DC_PSK *)data; @@ -5284,7 +5295,8 @@ void init_configuration_cache(void) CREATE_HASHSET_EXT(config->interface_snmpaddrs, 0, __config_interface_addr_hash, __config_interface_addr_compare); CREATE_HASHSET_EXT(config->regexps, 0, __config_regexp_hash, __config_regexp_compare); -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ + (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) CREATE_HASHSET_EXT(config->psks, 0, __config_psk_hash, __config_psk_compare); #endif for (i = 0; i < CONFIG_TIMER_FORKS; i++) @@ -5473,6 +5485,7 @@ static void DCget_host(DC_HOST *dst_host strscpy(dst_host->tls_issuer, src_host->tls_issuer); strscpy(dst_host->tls_subject, src_host->tls_subject); +#ifndef OPENSSL_NO_PSK if (NULL == src_host->tls_dc_psk) { *dst_host->tls_psk_identity = '\0'; @@ -5483,6 +5496,7 @@ static void DCget_host(DC_HOST *dst_host strscpy(dst_host->tls_psk_identity, src_host->tls_dc_psk->tls_psk_identity); strscpy(dst_host->tls_psk, src_host->tls_dc_psk->tls_psk); } +#endif /* OPENSSL_NO_PSK */ #endif if (NULL != (ipmihost = zbx_hashset_search(&config->ipmihosts, &src_host->hostid))) { @@ -5573,6 +5587,7 @@ int DCcheck_proxy_permissions(const char return FAIL; } } +#ifndef OPENSSL_NO_PSK else if (ZBX_TCP_SEC_TLS_PSK == sock->connection_type) { if (SUCCEED != zbx_tls_get_attr_psk(sock, &attr)) @@ -5582,6 +5597,7 @@ int DCcheck_proxy_permissions(const char return FAIL; } } +#endif else if (ZBX_TCP_SEC_UNENCRYPTED != sock->connection_type) { *error = zbx_strdup(*error, "internal error: invalid connection type"); @@ -5632,6 +5648,7 @@ int DCcheck_proxy_permissions(const char return FAIL; } } +#ifndef OPENSSL_NO_PSK else if (ZBX_TCP_SEC_TLS_PSK == sock->connection_type) { if (NULL != dc_host->tls_dc_psk) @@ -5653,6 +5670,7 @@ int DCcheck_proxy_permissions(const char return FAIL; } } +#endif /* OPENSSL_NO_PSK */ #endif *hostid = dc_host->hostid; @@ -5661,7 +5679,8 @@ int DCcheck_proxy_permissions(const char return SUCCEED; } -#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) +#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ + (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) /****************************************************************************** * * * Function: DCget_psk_by_identity * @@ -7987,11 +8006,13 @@ static void DCget_proxy(DC_PROXY *dst_pr strscpy(dst_proxy->tls_arg1, host->tls_issuer); strscpy(dst_proxy->tls_arg2, host->tls_subject); } +#ifndef OPENSSL_NO_PSK else if (ZBX_TCP_SEC_TLS_PSK == host->tls_connect && NULL != host->tls_dc_psk) { strscpy(dst_proxy->tls_arg1, host->tls_dc_psk->tls_psk_identity); strscpy(dst_proxy->tls_arg2, host->tls_dc_psk->tls_psk); } +#endif /* OPENSSL_NO_PSK */ else /* ZBX_TCP_SEC_UNENCRYPTED */ #endif { --- src/libs/zbxdbhigh/proxy.c.orig 2016-12-21 08:08:41 UTC +++ src/libs/zbxdbhigh/proxy.c @@ -28,6 +28,7 @@ #include "discovery.h" #include "zbxalgo.h" #include "../zbxcrypto/tls_tcp_active.h" +#include extern unsigned int configured_tls_accept_modes; @@ -2054,9 +2055,13 @@ void process_mass_data(zbx_socket_t *soc #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) if (0 == proxy_hostid && ((ZBX_TCP_SEC_TLS_CERT == sock->connection_type && - SUCCEED != zbx_tls_get_attr_cert(sock, &attr)) || - (ZBX_TCP_SEC_TLS_PSK == sock->connection_type && - SUCCEED != zbx_tls_get_attr_psk(sock, &attr)))) + SUCCEED != zbx_tls_get_attr_cert(sock, &attr)) +#ifndef OPENSSL_NO_PSK + || (ZBX_TCP_SEC_TLS_PSK == sock->connection_type && + SUCCEED != zbx_tls_get_attr_psk(sock, &attr)) +#endif + ) + ) { THIS_SHOULD_NEVER_HAPPEN; return; --- src/zabbix_server/trapper/active.c.orig 2016-12-21 08:08:40 UTC +++ src/zabbix_server/trapper/active.c @@ -26,6 +26,7 @@ #include "active.h" #include "../../libs/zbxcrypto/tls_tcp_active.h" +#include extern unsigned char program_type; @@ -131,6 +132,7 @@ static int get_hostid_by_host(const zbx_ goto done; } } +#ifndef OPENSSL_NO_PSK else if (ZBX_TCP_SEC_TLS_PSK == sock->connection_type) { zbx_tls_conn_attr_t attr; @@ -151,6 +153,7 @@ static int get_hostid_by_host(const zbx_ goto done; } } +#endif /* OPENSSL_NO_PSK */ #endif ZBX_STR2UINT64(*hostid, row[0]); --- src/zabbix_server/trapper/trapper.c.orig 2016-12-21 08:08:40 UTC +++ src/zabbix_server/trapper/trapper.c @@ -37,6 +37,7 @@ #include "daemon.h" #include "../../libs/zbxcrypto/tls.h" +#include extern unsigned char process_type, program_type; extern int server_num, process_num; @@ -677,8 +678,10 @@ ZBX_THREAD_ENTRY(trapper_thread, args) #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) zbx_tls_init_child(); +#ifndef OPENSSL_NO_PSK find_psk_in_cache = DCget_psk_by_identity; #endif +#endif zbx_setproctitle("%s #%d [connecting to the database]", get_process_type_string(process_type), process_num); DBconnect(ZBX_DB_CONNECT_NORMAL);