[tokkee]

tokkee.org

Code

projects / nagiosplug.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated link to sfsnapshotgit
[nagiosplug.git] / plugins / sslutils.c
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index afc24be1f1951c992de2976928eca8b4809547f0..64f4d61c9179c9c5d93e5ff5e5bebe7a17ac7b98 100644 (file)
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -30,16 +30,16 @@
 #include "common.h"
 #include "netutils.h"
 
-/* Max length of timestamps, ex: "03/05/2009 00:13 GMT". Calculate up to 6
- * chars for the timezone (ex: "GMT-10") and one terminating \0 */
-#define TS_LENGTH 24
-
 #ifdef HAVE_SSL
 static SSL_CTX *c=NULL;
 static SSL *s=NULL;
 static int initialized=0;
 
-int np_net_ssl_init (int sd){
+int np_net_ssl_init (int sd) {
+               return np_net_ssl_init_with_hostname(sd, NULL);
+}
+
+int np_net_ssl_init_with_hostname (int sd, char *host_name) {
                if (!initialized) {
                        /* Initialize SSL context */
                        SSLeay_add_ssl_algorithms ();
@@ -52,6 +52,10 @@ int np_net_ssl_init (int sd){
                                return STATE_CRITICAL;
                }
                if ((s = SSL_new (c)) != NULL){
+#ifdef SSL_set_tlsext_host_name
+                               if (host_name != NULL)
+                                       SSL_set_tlsext_host_name(s, host_name);
+#endif
                                SSL_set_fd (s, sd);
                                if (SSL_connect(s) == 1){
                                                return OK;
@@ -69,6 +73,9 @@ int np_net_ssl_init (int sd){
 
 void np_net_ssl_cleanup (){
                if(s){
+#ifdef SSL_set_tlsext_host_name
+                               SSL_set_tlsext_host_name(s, NULL);
+#endif
                                SSL_shutdown (s);
                                SSL_free (s);
                                if(c) {
@@ -90,11 +97,12 @@ int np_net_ssl_read(void *buf, int num){
 int np_net_ssl_check_cert(int days_till_exp){
 #  ifdef USE_OPENSSL
        X509 *certificate=NULL;
-        ASN1_STRING *tm;
+       ASN1_STRING *tm;
        int offset;
        struct tm stamp;
+       float time_left;
        int days_left;
-       char timestamp[TS_LENGTH] = "";
+       char timestamp[17] = "";
 
        certificate=SSL_get_peer_certificate(s);
        if(! certificate){
@@ -139,12 +147,12 @@ int np_net_ssl_check_cert(int days_till_exp){
        stamp.tm_sec = 0;
        stamp.tm_isdst = -1;
 
-       float time_left = difftime(timegm(&stamp), time(NULL));
+       time_left = difftime(timegm(&stamp), time(NULL));
        days_left = time_left / 86400;
        snprintf
-               (timestamp, TS_LENGTH, "%02d/%02d/%04d %02d:%02d %s",
+               (timestamp, 17, "%02d/%02d/%04d %02d:%02d",
                 stamp.tm_mon + 1,
-                stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min, stamp.tm_zone);
+                stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
 
        if (days_left > 0 && days_left <= days_till_exp) {
                printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
NagiosĀ® plugins