![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5dd7b5d)
raw | patch | inline | side by side (parent: 5dd7b5d)
| author | M. Sean Finney <seanius@users.sourceforge.net> | |
| Wed, 19 Oct 2005 20:22:00 +0000 (20:22 +0000) | ||
| committer | M. Sean Finney <seanius@users.sourceforge.net> | |
| Wed, 19 Oct 2005 20:22:00 +0000 (20:22 +0000) |
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1257 f882894a-f735-0410-b71e-b25c423dba1c
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 294866b0d1d2d1e9efe39c361f35962d3ac9fb70..413d501d9b9e6b1cb532a62bd361b42f9d8367ba 100644 (file)
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
HTTPS_PORT = 443
};
-#ifdef HAVE_SSL_H
-#include <rsa.h>
-#include <crypto.h>
-#include <x509.h>
-#include <pem.h>
-#include <ssl.h>
-#include <err.h>
-#include <rand.h>
-#else
-# ifdef HAVE_OPENSSL_SSL_H
-# include <openssl/rsa.h>
-# include <openssl/crypto.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/ssl.h>
-# include <openssl/err.h>
-# include <openssl/rand.h>
-# endif
-#endif
-
#ifdef HAVE_SSL
int check_cert = FALSE;
int days_till_exp;
char *randbuff;
-SSL_CTX *ctx;
-SSL *ssl;
X509 *server_cert;
-int connect_SSL (void);
-# ifdef USE_OPENSSL
-int check_certificate (X509 **);
-# endif
-#endif
+# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+# define my_send(buf, len) ((use_ssl) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#else /* ifndef HAVE_SSL */
+# define my_recv(buf, len) read(sd, buf, len)
+# define my_send(buf, len) send(sd, buf, len, 0)
+#endif /* HAVE_SSL */
int no_body = FALSE;
int maximum_age = -1;
int server_port_check(int ssl_flag);
char *perfd_time (double microsec);
char *perfd_size (int page_len);
-int my_recv (void);
-int my_close (void);
void print_help (void);
void print_usage (void);
(void) alarm (socket_timeout);
gettimeofday (&tv, NULL);
-#ifdef USE_OPENSSL
- if (use_ssl && check_cert == TRUE) {
- if (connect_SSL () != OK)
- die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n"));
- if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
- result = check_certificate (&server_cert);
- X509_free (server_cert);
- }
- else {
- printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
- result = STATE_CRITICAL;
- }
- SSL_shutdown (ssl);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
- close (sd);
- }
- else {
- result = check_http ();
- }
-#else
result = check_http ();
-#endif
return result;
}
long microsec;
double elapsed_time;
int page_len = 0;
+ int result = STATE_UNKNOWN;
#ifdef HAVE_SSL
int sslerr;
#endif
/* try to connect to the host at the given port number */
+ if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
+ die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
-
- if (connect_SSL () != OK) {
- die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
- }
-# ifdef USE_OPENSSL
- if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
- X509_free (server_cert);
- }
- else {
- printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
- return STATE_CRITICAL;
+ np_net_ssl_init(sd);
+ if (check_cert == TRUE) {
+ result = np_net_ssl_check_cert(days_till_exp);
+ if(result != STATE_OK){
+ np_net_ssl_cleanup();
+ if(sd) close(sd);
+ return result;
+ }
}
-# endif /* USE_OPENSSL */
- }
- else {
-#endif
- if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
- die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
-#ifdef HAVE_SSL
}
-#endif
+#endif /* HAVE_SSL */
asprintf (&buf, "%s %s HTTP/1.0\r\n%s\r\n", http_method, server_url, user_agent);
asprintf (&buf, "%s%s", buf, CRLF);
}
- if (verbose)
- printf ("%s\n", buf);
-
-#ifdef HAVE_SSL
- if (use_ssl == TRUE) {
- if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {
-# ifdef USE_OPENSSL
- ERR_print_errors_fp (stderr);
-# endif
- return STATE_CRITICAL;
- }
- }
- else {
-#endif
- send (sd, buf, strlen (buf), 0);
-#ifdef HAVE_SSL
- }
-#endif
+ if (verbose) printf ("%s\n", buf);
+ my_send (buf, strlen (buf));
/* fetch the page */
full_page = strdup("");
- while ((i = my_recv ()) > 0) {
+ while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
buffer[i] = '\0';
asprintf (&full_page, "%s%s", full_page, buffer);
pagesize += i;
if (i < 0 && errno != ECONNRESET) {
#ifdef HAVE_SSL
+ /*
if (use_ssl) {
sslerr=SSL_get_error(ssl, i);
if ( sslerr == SSL_ERROR_SSL ) {
}
}
else {
+ */
#endif
die (STATE_CRITICAL, _("Error on receive\n"));
#ifdef HAVE_SSL
+ /* XXX
}
+ */
#endif
}
die (STATE_CRITICAL, _("No data received %s\n"), timestamp);
/* close the connection */
- my_close ();
+#ifdef HAVE_SSL
+ np_net_ssl_cleanup();
+#endif
+ if(sd) close(sd);
/* reset the alarm */
alarm (0);
return HTTP_PORT;
}
-
-
-#ifdef HAVE_SSL
-int connect_SSL (void)
-{
- SSL_METHOD *meth;
-
- asprintf (&randbuff, "%s", "qwertyuiopasdfghjklqwertyuiopasdfghjkl");
- RAND_seed (randbuff, (int)strlen(randbuff));
- if (verbose)
- printf(_("SSL seeding: %s\n"), (RAND_status()==1 ? _("OK") : _("Failed")) );
-
- /* Initialize SSL context */
- SSLeay_add_ssl_algorithms ();
- meth = SSLv23_client_method ();
- SSL_load_error_strings ();
- if ((ctx = SSL_CTX_new (meth)) == NULL) {
- printf (_("CRITICAL - Cannot create SSL context.\n"));
- return STATE_CRITICAL;
- }
-
- /* Initialize alarm signal handling */
- signal (SIGALRM, socket_timeout_alarm_handler);
-
- /* Set socket timeout */
- alarm (socket_timeout);
-
- /* Save start time */
- gettimeofday (&tv, NULL);
-
- /* Make TCP connection */
- if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
- /* Do the SSL handshake */
- if ((ssl = SSL_new (ctx)) != NULL) {
-#ifdef USE_OPENSSL
- SSL_set_cipher_list(ssl, "ALL");
-#endif
- SSL_set_fd (ssl, sd);
- if (SSL_connect (ssl) != -1)
- return OK;
-#ifdef USE_OPENSSL
- ERR_print_errors_fp (stderr);
-#endif
- }
- else {
- printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
- }
- SSL_free (ssl);
- }
-
- SSL_CTX_free (ctx);
- close (sd);
-
- return STATE_CRITICAL;
-}
-#endif
-
-
-
-#ifdef USE_OPENSSL
-int
-check_certificate (X509 ** certificate)
-{
- ASN1_STRING *tm;
- int offset;
- struct tm stamp;
- int days_left;
-
-
- /* Retrieve timestamp of certificate */
- tm = X509_get_notAfter (*certificate);
-
- /* Generate tm structure to process timestamp */
- if (tm->type == V_ASN1_UTCTIME) {
- if (tm->length < 10) {
- printf (_("CRITICAL - Wrong time format in certificate.\n"));
- return STATE_CRITICAL;
- }
- else {
- stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
- if (stamp.tm_year < 50)
- stamp.tm_year += 100;
- offset = 0;
- }
- }
- else {
- if (tm->length < 12) {
- printf (_("CRITICAL - Wrong time format in certificate.\n"));
- return STATE_CRITICAL;
- }
- else {
- stamp.tm_year =
- (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
- (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
- stamp.tm_year -= 1900;
- offset = 2;
- }
- }
- stamp.tm_mon =
- (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
- stamp.tm_mday =
- (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
- stamp.tm_hour =
- (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
- stamp.tm_min =
- (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
- stamp.tm_sec = 0;
- stamp.tm_isdst = -1;
-
- days_left = (mktime (&stamp) - time (NULL)) / 86400;
- snprintf
- (timestamp, 17, "%02d/%02d/%04d %02d:%02d",
- stamp.tm_mon + 1,
- stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-
- if (days_left > 0 && days_left <= days_till_exp) {
- printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
- return STATE_WARNING;
- }
- if (days_left < 0) {
- printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
- return STATE_CRITICAL;
- }
-
- if (days_left == 0) {
- printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
- return STATE_WARNING;
- }
-
- printf (_("OK - Certificate will expire on %s.\n"), timestamp);
-
- return STATE_OK;
-}
-#endif
-
-
-
char *perfd_time (double elapsed_time)
{
return fperfdata ("time", elapsed_time, "s",
TRUE, 0, FALSE, 0);
}
-
-
-int
-my_recv (void)
-{
- int i;
-#ifdef HAVE_SSL
- if (use_ssl) {
- i = SSL_read (ssl, buffer, MAX_INPUT_BUFFER - 1);
- }
- else {
- i = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
- }
-#else
- i = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-#endif
- return i;
-}
-
-
-
-int
-my_close (void)
-{
-#ifdef HAVE_SSL
- if (use_ssl == TRUE) {
- SSL_shutdown (ssl);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
- return 0;
- }
- else {
-#endif
- return close (sd);
-#ifdef HAVE_SSL
- }
-#endif
-}
-
-
-
void
print_help (void)
{
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 19e9aea881467733e55726a650baa7afae49b9b4..ad85c7f6d3a3b1be3944f5d2a412e268f9dfe60b 100644 (file)
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
#include "netutils.h"
#include "utils.h"
-#ifdef HAVE_SSL_H
-# include <rsa.h>
-# include <crypto.h>
-# include <x509.h>
-# include <pem.h>
-# include <ssl.h>
-# include <err.h>
-#else
-# ifdef HAVE_OPENSSL_SSL_H
-# include <openssl/rsa.h>
-# include <openssl/crypto.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/ssl.h>
-# include <openssl/err.h>
-# endif
-#endif
-
#ifdef HAVE_SSL
-
int check_cert = FALSE;
int days_till_exp;
-SSL_CTX *ctx;
-SSL *ssl;
-X509 *server_cert;
-int connect_STARTTLS (void);
-# ifdef USE_OPENSSL
-int check_certificate (X509 **);
-# endif
+# define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+# define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#else /* ifndef HAVE_SSL */
+# define my_recv(buf, len) read(sd, buf, len)
+# define my_send(buf, len) send(sd, buf, len, 0)
#endif
enum {
int validate_arguments (void);
void print_help (void);
void print_usage (void);
-int myrecv(void);
int my_close(void);
#ifdef HAVE_REGEX_H
int verbose = 0;
int use_ssl = FALSE;
short use_ehlo = FALSE;
-short ssl_established = TRUE;
+short ssl_established = 0;
char *localhostname = NULL;
int sd;
char buffer[MAX_INPUT_BUFFER];
send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
return STATE_UNKNOWN;
}
- if(connect_STARTTLS() != OK) {
+ result = np_net_ssl_init(sd);
+ if(result != STATE_OK) {
printf (_("CRITICAL - Cannot create SSL context.\n"));
+ np_net_ssl_cleanup();
+ close(sd);
return STATE_CRITICAL;
} else {
- ssl_established = TRUE;
+ ssl_established = 1;
}
# ifdef USE_OPENSSL
if ( check_cert ) {
- if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
- result = check_certificate (&server_cert);
- X509_free(server_cert);
- }
- else {
+ result = np_net_ssl_check_cert(days_till_exp);
+ if(result != STATE_OK){
printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
- result = STATE_CRITICAL;
-
}
my_close();
return result;
* Use the -f option to provide a FROM address
*/
if (smtp_use_dummycmd) {
-#ifdef HAVE_SSL
- if (use_ssl)
- SSL_write(ssl, cmd_str, strlen(cmd_str));
- else
-#endif
- send(sd, cmd_str, strlen(cmd_str), 0);
- myrecv();
+ my_send(cmd_str, strlen(cmd_str));
+ my_recv(buffer, MAX_INPUT_BUFFER-1);
if (verbose)
printf("%s", buffer);
}
while (n < ncommands) {
asprintf (&cmd_str, "%s%s", commands[n], "\r\n");
-#ifdef HAVE_SSL
- if (use_ssl)
- SSL_write(ssl,cmd_str, strlen(cmd_str));
- else
-#endif
- send(sd, cmd_str, strlen(cmd_str), 0);
- myrecv();
+ my_send(cmd_str, strlen(cmd_str));
+ my_recv(buffer, MAX_INPUT_BUFFER-1);
if (verbose)
printf("%s", buffer);
strip (buffer);
}
/* tell the server we're done */
-#ifdef HAVE_SSL
- if (use_ssl)
- SSL_write(ssl,SMTP_QUIT, strlen (SMTP_QUIT));
- else
-#endif
- send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
+ my_send (SMTP_QUIT, strlen (SMTP_QUIT));
/* finally close the connection */
close (sd);
[-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4|-6]\n", progname);
}
-#ifdef HAVE_SSL
-int
-connect_STARTTLS (void)
-{
- SSL_METHOD *meth;
-
- /* Initialize SSL context */
- SSLeay_add_ssl_algorithms ();
- meth = SSLv23_client_method ();
- SSL_load_error_strings ();
- if ((ctx = SSL_CTX_new (meth)) == NULL)
- {
- printf(_("CRITICAL - Cannot create SSL context.\n"));
- return STATE_CRITICAL;
- }
- /* do the SSL handshake */
- if ((ssl = SSL_new (ctx)) != NULL)
- {
- SSL_set_fd (ssl, sd);
- /* original version checked for -1
- I look for success instead (1) */
- if (SSL_connect (ssl) == 1)
- return OK;
-# ifdef USE_OPENSSL
- ERR_print_errors_fp (stderr);
-# endif
- }
- else
- {
- printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
- }
- my_close();
-
- return STATE_CRITICAL;
-}
-
-# ifdef USE_OPENSSL
-int
-check_certificate (X509 ** certificate)
-{
- ASN1_STRING *tm;
- int offset;
- struct tm stamp;
- int days_left;
-
- /* Retrieve timestamp of certificate */
- tm = X509_get_notAfter (*certificate);
-
- /* Generate tm structure to process timestamp */
- if (tm->type == V_ASN1_UTCTIME) {
- if (tm->length < 10) {
- printf (_("CRITICAL - Wrong time format in certificate.\n"));
- return STATE_CRITICAL;
- }
- else {
- stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
- if (stamp.tm_year < 50)
- stamp.tm_year += 100;
- offset = 0;
- }
- }
- else {
- if (tm->length < 12) {
- printf (_("CRITICAL - Wrong time format in certificate.\n"));
- return STATE_CRITICAL;
- }
- else {
- stamp.tm_year =
- (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
- (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
- stamp.tm_year -= 1900;
- offset = 2;
- }
- }
- stamp.tm_mon =
- (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
- stamp.tm_mday =
- (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
- stamp.tm_hour =
- (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
- stamp.tm_min =
- (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
- stamp.tm_sec = 0;
- stamp.tm_isdst = -1;
-
- days_left = (mktime (&stamp) - time (NULL)) / 86400;
- snprintf
- (timestamp, sizeof(timestamp), "%02d/%02d/%04d %02d:%02d",
- stamp.tm_mon + 1,
- stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-
- if (days_left > 0 && days_left <= days_till_exp) {
- printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
- return STATE_WARNING;
- }
- if (days_left < 0) {
- printf ("Certificate expired on %s.\n", timestamp);
- return STATE_CRITICAL;
- }
-
- if (days_left == 0) {
- printf ("Certificate expires today (%s).\n", timestamp);
- return STATE_WARNING;
- }
-
- printf ("Certificate will expire on %s.\n", timestamp);
-
- return STATE_OK;
-}
-# endif /* USE_OPENSSL */
-#endif
-
-int
-myrecv (void)
-{
- int i;
-
-#ifdef HAVE_SSL
- if (use_ssl) {
- i = SSL_read (ssl, buffer, MAXBUF - 1);
- }
- else {
-#endif
- i = read (sd, buffer, MAXBUF - 1);
-#ifdef HAVE_SSL
- }
-#endif
- return i;
-}
-
int
my_close (void)
{
#ifdef HAVE_SSL
- if (use_ssl == TRUE && ssl_established == TRUE) {
- SSL_shutdown (ssl);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
- return 0;
- }
- else {
-#endif
- return close(sd);
-#ifdef HAVE_SSL
- }
+ np_net_ssl_cleanup();
#endif
+ return close(sd);
}
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 3ffa4cd62019edaa43f81303e0e52858429a1373..1b6513ba5736fb73b7f4d11c15521c21203c5c1a 100644 (file)
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
static int check_cert = FALSE;
static int days_till_exp;
static char *randbuff = "";
-static X509 *server_cert;
-# ifdef USE_OPENSSL
-static int check_certificate (X509 **);
-# endif /* USE_OPENSSL */
# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
#else
# define my_send(buf, len) send(sd, buf, len, 0)
#endif
-
/* int my_recv(char *, size_t); */
static int process_arguments (int, char **);
void print_help (void);
#ifdef HAVE_SSL
if (flags & FLAG_SSL){
result = np_net_ssl_init(sd);
- if(result != STATE_OK) return result;
- /* XXX does np_net_ssl take care of printing an error?
- die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
- */
- }
-# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
- /*
- if (flags & FLAG_SSL && check_cert == TRUE) {
- if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
- result = check_certificate (&server_cert);
- X509_free(server_cert);
- }
- else {
- printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
- result = STATE_CRITICAL;
+ if (result == STATE_OK && check_cert == TRUE) {
+ result = np_net_ssl_check_cert(days_till_exp);
+ if(result != STATE_OK) {
+ printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
+ }
}
}
- */
-# endif /* USE_OPENSSL */
-#endif
-
if(result != STATE_OK){
-#ifdef HAVE_SSL
np_net_ssl_cleanup();
-#endif
if(sd) close(sd);
return result;
}
+#endif /* HAVE_SSL */
if (server_send != NULL) { /* Something to send? */
my_send(server_send, strlen(server_send));
}
-/* SSL-specific functions */
-#ifdef HAVE_SSL
-# ifdef USE_OPENSSL /* XXX */
-static int
-check_certificate (X509 ** certificate)
-{
- ASN1_STRING *tm;
- int offset;
- struct tm stamp;
- int days_left;
-
-
- /* Retrieve timestamp of certificate */
- tm = X509_get_notAfter (*certificate);
-
- /* Generate tm structure to process timestamp */
- if (tm->type == V_ASN1_UTCTIME) {
- if (tm->length < 10) {
- printf (_("CRITICAL - Wrong time format in certificate.\n"));
- return STATE_CRITICAL;
- }
- else {
- stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
- if (stamp.tm_year < 50)
- stamp.tm_year += 100;
- offset = 0;
- }
- }
- else {
- if (tm->length < 12) {
- printf (_("CRITICAL - Wrong time format in certificate.\n"));
- return STATE_CRITICAL;
- }
- else {
- stamp.tm_year =
- (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
- (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
- stamp.tm_year -= 1900;
- offset = 2;
- }
- }
- stamp.tm_mon =
- (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
- stamp.tm_mday =
- (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
- stamp.tm_hour =
- (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
- stamp.tm_min =
- (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
- stamp.tm_sec = 0;
- stamp.tm_isdst = -1;
-
- days_left = (mktime (&stamp) - time (NULL)) / 86400;
- snprintf
- (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
- stamp.tm_mon + 1,
- stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-
- if (days_left > 0 && days_left <= days_till_exp) {
- printf (_("Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
- return STATE_WARNING;
- }
- if (days_left < 0) {
- printf (_("Certificate expired on %s.\n"), timestamp);
- return STATE_CRITICAL;
- }
-
- if (days_left == 0) {
- printf (_("Certificate expires today (%s).\n"), timestamp);
- return STATE_WARNING;
- }
-
- printf (_("Certificate will expire on %s.\n"), timestamp);
-
- return STATE_OK;
-}
-# endif /* USE_OPENSSL */
-#endif /* HAVE_SSL */
-
-
void
print_help (void)
{
diff --git a/plugins/netutils.c b/plugins/netutils.c
index e3fbb3aa303db56d1f86d44d06d61ce9a0ead4cf..2678f9113feeb5a54ff9e0d26a2a92c0c858f0fc 100644 (file)
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
return SSL_read(s, buf, num);
}
+int np_net_ssl_check_cert(int days_till_exp){
+# ifdef USE_OPENSSL
+ X509 *certificate=NULL;
+ ASN1_STRING *tm;
+ int offset;
+ struct tm stamp;
+ int days_left;
+ char timestamp[17] = "";
+
+ certificate=SSL_get_peer_certificate(s);
+ if(! certificate){
+ printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
+ return STATE_CRITICAL;
+ }
+
+ /* Retrieve timestamp of certificate */
+ tm = X509_get_notAfter (certificate);
+
+ /* Generate tm structure to process timestamp */
+ if (tm->type == V_ASN1_UTCTIME) {
+ if (tm->length < 10) {
+ printf (_("CRITICAL - Wrong time format in certificate.\n"));
+ return STATE_CRITICAL;
+ } else {
+ stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
+ if (stamp.tm_year < 50)
+ stamp.tm_year += 100;
+ offset = 0;
+ }
+ } else {
+ if (tm->length < 12) {
+ printf (_("CRITICAL - Wrong time format in certificate.\n"));
+ return STATE_CRITICAL;
+ } else {
+ stamp.tm_year =
+ (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
+ (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
+ stamp.tm_year -= 1900;
+ offset = 2;
+ }
+ }
+ stamp.tm_mon =
+ (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
+ stamp.tm_mday =
+ (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
+ stamp.tm_hour =
+ (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
+ stamp.tm_min =
+ (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
+ stamp.tm_sec = 0;
+ stamp.tm_isdst = -1;
+
+ days_left = (mktime (&stamp) - time (NULL)) / 86400;
+ snprintf
+ (timestamp, 17, "%02d/%02d/%04d %02d:%02d",
+ stamp.tm_mon + 1,
+ stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
+
+ if (days_left > 0 && days_left <= days_till_exp) {
+ printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
+ return STATE_WARNING;
+ } else if (days_left < 0) {
+ printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
+ return STATE_CRITICAL;
+ } else if (days_left == 0) {
+ printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
+ return STATE_WARNING;
+ }
+
+ printf (_("OK - Certificate will expire on %s.\n"), timestamp);
+ X509_free (certificate);
+ return STATE_OK;
+# else /* ifndef USE_OPENSSL */
+ printf (_("WARNING - Plugin does not support checking certificates.\n"));
+ return STATE_WARNING;
+# endif /* USE_OPENSSL */
+}
+
#endif /* HAVE_SSL */
int
diff --git a/plugins/netutils.h b/plugins/netutils.h
index 85b5aa99f495004c75b4d45118f1e3e447d7bd7d..9b0557d3f9bd4259fcccc6fade2e03df4db3cda3 100644 (file)
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
void np_net_ssl_cleanup();
int np_net_ssl_write(const void *buf, int num);
int np_net_ssl_read(void *buf, int num);
+int np_net_ssl_check_cert(int days_till_exp);
#endif /* HAVE_SSL */
#endif /* _NETUTILS_H_ */