X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fsslutils.c;h=64f4d61c9179c9c5d93e5ff5e5bebe7a17ac7b98;hb=6b782ebfd4832c1fe621556bcf894162b8caa8aa;hp=8d2e93c7977644cf18f6e76d5f92fb94cfbb9dbe;hpb=f71de78952ff36860e1a4a423d3d3f03c4714488;p=nagiosplug.git diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 8d2e93c..64f4d61 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -1,35 +1,30 @@ -/**************************************************************************** -* +/***************************************************************************** +* * Nagios plugins SSL utilities -* +* * License: GPL -* Copyright (c) 2005 nagios-plugins team -* -* Last Modified: $Date$ -* +* Copyright (c) 2005-2007 Nagios Plugins Development Team +* * Description: -* +* * This file contains common functions for plugins that require SSL. +* * -* License Information: -* -* This program is free software; you can redistribute it and/or modify +* This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or +* the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -* -* $Id$ -* -****************************************************************************/ +* along with this program. If not, see . +* +* +*****************************************************************************/ #define LOCAL_TIMEOUT_ALARM_HANDLER #include "common.h" @@ -40,7 +35,11 @@ static SSL_CTX *c=NULL; static SSL *s=NULL; static int initialized=0; -int np_net_ssl_init (int sd){ +int np_net_ssl_init (int sd) { + return np_net_ssl_init_with_hostname(sd, NULL); +} + +int np_net_ssl_init_with_hostname (int sd, char *host_name) { if (!initialized) { /* Initialize SSL context */ SSLeay_add_ssl_algorithms (); @@ -53,6 +52,10 @@ int np_net_ssl_init (int sd){ return STATE_CRITICAL; } if ((s = SSL_new (c)) != NULL){ +#ifdef SSL_set_tlsext_host_name + if (host_name != NULL) + SSL_set_tlsext_host_name(s, host_name); +#endif SSL_set_fd (s, sd); if (SSL_connect(s) == 1){ return OK; @@ -70,6 +73,9 @@ int np_net_ssl_init (int sd){ void np_net_ssl_cleanup (){ if(s){ +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(s, NULL); +#endif SSL_shutdown (s); SSL_free (s); if(c) { @@ -91,9 +97,10 @@ int np_net_ssl_read(void *buf, int num){ int np_net_ssl_check_cert(int days_till_exp){ # ifdef USE_OPENSSL X509 *certificate=NULL; - ASN1_STRING *tm; + ASN1_STRING *tm; int offset; struct tm stamp; + float time_left; int days_left; char timestamp[17] = ""; @@ -140,7 +147,8 @@ int np_net_ssl_check_cert(int days_till_exp){ stamp.tm_sec = 0; stamp.tm_isdst = -1; - days_left = (mktime (&stamp) - time (NULL)) / 86400; + time_left = difftime(timegm(&stamp), time(NULL)); + days_left = time_left / 86400; snprintf (timestamp, 17, "%02d/%02d/%04d %02d:%02d", stamp.tm_mon + 1, @@ -149,7 +157,7 @@ int np_net_ssl_check_cert(int days_till_exp){ if (days_left > 0 && days_left <= days_till_exp) { printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); return STATE_WARNING; - } else if (days_left < 0) { + } else if (time_left < 0) { printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); return STATE_CRITICAL; } else if (days_left == 0) {