[Nagiosplug-checkins] nagiosplug/plugins check_http.c,1.83,1.84 check_smtp.c,1.48,1.49 check_tcp.c,1.68,1.69 netutils.c,1.25,1.26 netutils.h,1.13,1.14

M. Sean Finney seanius at users.sourceforge.net
Wed Oct 19 13:23:28 CEST 2005


Update of /cvsroot/nagiosplug/nagiosplug/plugins
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16638

Modified Files:
	check_http.c check_smtp.c check_tcp.c netutils.c netutils.h 
Log Message:
all plugins now using centralized ssl functions in netutils.c

Index: check_tcp.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/check_tcp.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -d -r1.68 -r1.69
--- check_tcp.c	19 Oct 2005 12:59:55 -0000	1.68
+++ check_tcp.c	19 Oct 2005 20:22:00 -0000	1.69
@@ -32,10 +32,6 @@
 static int check_cert = FALSE;
 static int days_till_exp;
 static char *randbuff = "";
-static X509 *server_cert;
-# ifdef USE_OPENSSL
-static int check_certificate (X509 **);
-# endif /* USE_OPENSSL */
 # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
 # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
 #else
@@ -43,7 +39,6 @@
 # define my_send(buf, len) send(sd, buf, len, 0)
 #endif
 
-
 /* int my_recv(char *, size_t); */
 static int process_arguments (int, char **);
 void print_help (void);
@@ -217,34 +212,19 @@
 #ifdef HAVE_SSL
 	if (flags & FLAG_SSL){
 		result = np_net_ssl_init(sd);
-		if(result != STATE_OK) return result;
-		/* XXX does np_net_ssl take care of printing an error?
-			die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
-		*/
-	}
-#  ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
-	/*
-	if (flags & FLAG_SSL && check_cert == TRUE) {
-		if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
-			result = check_certificate (&server_cert);
-			X509_free(server_cert);
-		}
-		else {
-			printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
-			result = STATE_CRITICAL;
+		if (result == STATE_OK && check_cert == TRUE) {
+			result = np_net_ssl_check_cert(days_till_exp);
+			if(result != STATE_OK) {
+				printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
+			}
 		}
 	}
-	*/
-#  endif /* USE_OPENSSL */
-#endif
-
 	if(result != STATE_OK){
-#ifdef HAVE_SSL
 		np_net_ssl_cleanup();
-#endif
 		if(sd) close(sd);
 		return result;
 	}
+#endif /* HAVE_SSL */
 
 	if (server_send != NULL) {		/* Something to send? */
 		my_send(server_send, strlen(server_send));
@@ -567,86 +547,6 @@
 }
 
 
-/* SSL-specific functions */
-#ifdef HAVE_SSL
-#  ifdef USE_OPENSSL /* XXX */
-static int
-check_certificate (X509 ** certificate)
-{
-  ASN1_STRING *tm;
-  int offset;
-  struct tm stamp;
-  int days_left;
-
-
-  /* Retrieve timestamp of certificate */
-  tm = X509_get_notAfter (*certificate);
-
-  /* Generate tm structure to process timestamp */
-  if (tm->type == V_ASN1_UTCTIME) {
-    if (tm->length < 10) {
-      printf (_("CRITICAL - Wrong time format in certificate.\n"));
-      return STATE_CRITICAL;
-    }
-    else {
-      stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
-      if (stamp.tm_year < 50)
-	stamp.tm_year += 100;
-      offset = 0;
-    }
-  }
-  else {
-    if (tm->length < 12) {
-      printf (_("CRITICAL - Wrong time format in certificate.\n"));
-      return STATE_CRITICAL;
-    }
-    else {
-                        stamp.tm_year =
-			  (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
-			  (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
-                        stamp.tm_year -= 1900;
-                        offset = 2;
-    }
-  }
-        stamp.tm_mon =
-	  (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
-        stamp.tm_mday =
-	  (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
-        stamp.tm_hour =
-	  (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
-        stamp.tm_min =
-	  (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-        stamp.tm_sec = 0;
-        stamp.tm_isdst = -1;
-
-        days_left = (mktime (&stamp) - time (NULL)) / 86400;
-        snprintf
-	  (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
-	   stamp.tm_mon + 1,
-	   stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-
-        if (days_left > 0 && days_left <= days_till_exp) {
-	  printf (_("Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
-	  return STATE_WARNING;
-        }
-        if (days_left < 0) {
-	  printf (_("Certificate expired on %s.\n"), timestamp);
-	  return STATE_CRITICAL;
-        }
-
-        if (days_left == 0) {
-	  printf (_("Certificate expires today (%s).\n"), timestamp);
-	  return STATE_WARNING;
-        }
-
-        printf (_("Certificate will expire on %s.\n"), timestamp);
-
-        return STATE_OK;
-}
-#  endif /* USE_OPENSSL */
-#endif /* HAVE_SSL */
-
-
 void
 print_help (void)
 {

Index: netutils.h
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/netutils.h,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- netutils.h	19 Oct 2005 12:59:55 -0000	1.13
+++ netutils.h	19 Oct 2005 20:22:00 -0000	1.14
@@ -89,6 +89,7 @@
 void np_net_ssl_cleanup();
 int np_net_ssl_write(const void *buf, int num);
 int np_net_ssl_read(void *buf, int num);
+int np_net_ssl_check_cert(int days_till_exp);
 #endif /* HAVE_SSL */
 
 #endif /* _NETUTILS_H_ */

Index: check_smtp.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/check_smtp.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -d -r1.48 -r1.49
--- check_smtp.c	19 Oct 2005 12:59:55 -0000	1.48
+++ check_smtp.c	19 Oct 2005 20:22:00 -0000	1.49
@@ -27,35 +27,14 @@
 #include "netutils.h"
 #include "utils.h"
 
-#ifdef HAVE_SSL_H
-#  include <rsa.h>
-#  include <crypto.h>
-#  include <x509.h>
-#  include <pem.h>
-#  include <ssl.h>
-#  include <err.h>
-#else
-#  ifdef HAVE_OPENSSL_SSL_H
-#    include <openssl/rsa.h>
-#    include <openssl/crypto.h>
-#    include <openssl/x509.h>
-#    include <openssl/pem.h>
-#    include <openssl/ssl.h>
-#    include <openssl/err.h>
-#  endif
-#endif
-
 #ifdef HAVE_SSL
-
 int check_cert = FALSE;
 int days_till_exp;
-SSL_CTX *ctx;
-SSL *ssl;
-X509 *server_cert;
-int connect_STARTTLS (void);
-#  ifdef USE_OPENSSL
-int check_certificate (X509 **);
-#  endif
+#  define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+#  define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#else /* ifndef HAVE_SSL */
+#  define my_recv(buf, len) read(sd, buf, len)
+#  define my_send(buf, len) send(sd, buf, len, 0)
 #endif
 
 enum {
@@ -77,7 +56,6 @@
 int validate_arguments (void);
 void print_help (void);
 void print_usage (void);
-int myrecv(void);
 int my_close(void);
 
 #ifdef HAVE_REGEX_H
@@ -111,7 +89,7 @@
 int verbose = 0;
 int use_ssl = FALSE;
 short use_ehlo = FALSE;
-short ssl_established = TRUE;
+short ssl_established = 0;
 char *localhostname = NULL;
 int sd;
 char buffer[MAX_INPUT_BUFFER];
@@ -237,22 +215,20 @@
 		    send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
 		    return STATE_UNKNOWN;
 		  }
-		  if(connect_STARTTLS() != OK) {
+		  result = np_net_ssl_init(sd);
+		  if(result != STATE_OK) {
 		    printf (_("CRITICAL - Cannot create SSL context.\n"));
+		    np_net_ssl_cleanup();
+		    close(sd);
 		    return STATE_CRITICAL;
 		  } else {
-			ssl_established = TRUE;
+			ssl_established = 1;
 		  }
 #  ifdef USE_OPENSSL
 		  if ( check_cert ) {
-		    if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
-		      result = check_certificate (&server_cert);
-		      X509_free(server_cert);
-		    }
-		    else {
+		    result = np_net_ssl_check_cert(days_till_exp);
+		    if(result != STATE_OK){
 		      printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
-		      result = STATE_CRITICAL;
-			      
 		    }
 		    my_close();
 		    return result;
@@ -272,26 +248,16 @@
 		 * Use the -f option to provide a FROM address
 		 */
 		if (smtp_use_dummycmd) {
-#ifdef HAVE_SSL
-		  if (use_ssl)
-		    SSL_write(ssl, cmd_str, strlen(cmd_str));
-		  else
-#endif
-		  send(sd, cmd_str, strlen(cmd_str), 0);
-		  myrecv();
+		  my_send(cmd_str, strlen(cmd_str));
+		  my_recv(buffer, MAX_INPUT_BUFFER-1);
 		  if (verbose) 
 		    printf("%s", buffer);
 		}
 
 		while (n < ncommands) {
 			asprintf (&cmd_str, "%s%s", commands[n], "\r\n");
-#ifdef HAVE_SSL
-			if (use_ssl)
-			  SSL_write(ssl,cmd_str, strlen(cmd_str));
-			else
-#endif
-			send(sd, cmd_str, strlen(cmd_str), 0);
-			myrecv();
+			my_send(cmd_str, strlen(cmd_str));
+			my_recv(buffer, MAX_INPUT_BUFFER-1);
 			if (verbose) 
 				printf("%s", buffer);
 			strip (buffer);
@@ -328,12 +294,7 @@
 		}
 
 		/* tell the server we're done */
-#ifdef HAVE_SSL
-		if (use_ssl)
-		  SSL_write(ssl,SMTP_QUIT, strlen (SMTP_QUIT));
-		else
-#endif
-		send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
+		my_send (SMTP_QUIT, strlen (SMTP_QUIT));
 
 		/* finally close the connection */
 		close (sd);
@@ -626,150 +587,11 @@
                   [-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4|-6]\n", progname);
 }
 
-#ifdef HAVE_SSL
-int
-connect_STARTTLS (void)
-{
-  SSL_METHOD *meth;
-
-  /* Initialize SSL context */
-  SSLeay_add_ssl_algorithms ();
-  meth = SSLv23_client_method ();
-  SSL_load_error_strings ();
-  if ((ctx = SSL_CTX_new (meth)) == NULL)
-    {
-      printf(_("CRITICAL - Cannot create SSL context.\n"));
-      return STATE_CRITICAL;
-    }
-  /* do the SSL handshake */
-  if ((ssl = SSL_new (ctx)) != NULL)
-    {
-      SSL_set_fd (ssl, sd);
-      /* original version checked for -1
-	 I look for success instead (1) */
-      if (SSL_connect (ssl) == 1)
-	return OK;
-#  ifdef USE_OPENSSL
-      ERR_print_errors_fp (stderr);
-#  endif
-    }
-  else
-    {
-      printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
-    }
-  my_close();
-  
-  return STATE_CRITICAL;
-}
-
-#  ifdef USE_OPENSSL
-int
-check_certificate (X509 ** certificate)
-{
-  ASN1_STRING *tm;
-  int offset;
-  struct tm stamp;
-  int days_left;
-
-  /* Retrieve timestamp of certificate */
-  tm = X509_get_notAfter (*certificate);
-  
-  /* Generate tm structure to process timestamp */
-  if (tm->type == V_ASN1_UTCTIME) {
-    if (tm->length < 10) {
-      printf (_("CRITICAL - Wrong time format in certificate.\n"));
-      return STATE_CRITICAL;
-    }
-    else {
-      stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
-      if (stamp.tm_year < 50)
-	stamp.tm_year += 100;
-      offset = 0;
-    }
-  }
-  else {
-    if (tm->length < 12) {
-      printf (_("CRITICAL - Wrong time format in certificate.\n"));
-      return STATE_CRITICAL;
-    }
-    else {
-      stamp.tm_year =
-	(tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
-	(tm->data[2] - '0') * 10 + (tm->data[3] - '0');
-      stamp.tm_year -= 1900;
-      offset = 2;
-    }
-  }
-  stamp.tm_mon =
-    (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
-  stamp.tm_mday =
-    (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
-  stamp.tm_hour =
-    (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
-  stamp.tm_min =
-    (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-  stamp.tm_sec = 0;
-  stamp.tm_isdst = -1;
-  
-  days_left = (mktime (&stamp) - time (NULL)) / 86400;
-  snprintf
-    (timestamp, sizeof(timestamp), "%02d/%02d/%04d %02d:%02d",
-     stamp.tm_mon + 1,
-     stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-  
-  if (days_left > 0 && days_left <= days_till_exp) {
-    printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
-    return STATE_WARNING;
-  }
-  if (days_left < 0) {
-    printf ("Certificate expired on %s.\n", timestamp);
-    return STATE_CRITICAL;
-  }
-  
-  if (days_left == 0) {
-    printf ("Certificate expires today (%s).\n", timestamp);
-    return STATE_WARNING;
-  }
-  
-  printf ("Certificate will expire on %s.\n", timestamp);
-  
-  return STATE_OK;  
-}
-#  endif /* USE_OPENSSL */
-#endif
-
-int
-myrecv (void)
-{
-  int i;
-
-#ifdef HAVE_SSL
-  if (use_ssl) {
-    i = SSL_read (ssl, buffer, MAXBUF - 1);
-  }
-  else {
-#endif
-    i = read (sd, buffer, MAXBUF - 1);
-#ifdef HAVE_SSL
-  }
-#endif
-  return i;
-}
-
 int 
 my_close (void)
 {
 #ifdef HAVE_SSL
-  if (use_ssl == TRUE && ssl_established == TRUE) {
-    SSL_shutdown (ssl);
-    SSL_free (ssl);
-    SSL_CTX_free (ctx);
-    return 0;
-  }
-  else {
-#endif
-    return close(sd);
-#ifdef HAVE_SSL
-  }
+	np_net_ssl_cleanup();
 #endif
+	return close(sd);
 }

Index: check_http.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/check_http.c,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -d -r1.83 -r1.84
--- check_http.c	19 Oct 2005 13:05:41 -0000	1.83
+++ check_http.c	19 Oct 2005 20:22:00 -0000	1.84
@@ -37,38 +37,17 @@
 	HTTPS_PORT = 443
 };
 
-#ifdef HAVE_SSL_H
-#include <rsa.h>
-#include <crypto.h>
-#include <x509.h>
-#include <pem.h>
-#include <ssl.h>
-#include <err.h>
-#include <rand.h>
-#else
-# ifdef HAVE_OPENSSL_SSL_H
-# include <openssl/rsa.h>
-# include <openssl/crypto.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/ssl.h>
-# include <openssl/err.h>
-# include <openssl/rand.h>
-# endif
-#endif
-
 #ifdef HAVE_SSL
 int check_cert = FALSE;
 int days_till_exp;
 char *randbuff;
-SSL_CTX *ctx;
-SSL *ssl;
 X509 *server_cert;
-int connect_SSL (void);
-#  ifdef USE_OPENSSL
-int check_certificate (X509 **);
-#  endif
-#endif
+#  define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+#  define my_send(buf, len) ((use_ssl) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#else /* ifndef HAVE_SSL */
+#  define my_recv(buf, len) read(sd, buf, len)
+#  define my_send(buf, len) send(sd, buf, len, 0)
+#endif /* HAVE_SSL */
 int no_body = FALSE;
 int maximum_age = -1;
 
@@ -132,8 +111,6 @@
 int server_port_check(int ssl_flag);
 char *perfd_time (double microsec);
 char *perfd_size (int page_len);
-int my_recv (void);
-int my_close (void);
 void print_help (void);
 void print_usage (void);
 
@@ -168,29 +145,7 @@
 	(void) alarm (socket_timeout);
 	gettimeofday (&tv, NULL);
 
-#ifdef USE_OPENSSL
-	if (use_ssl && check_cert == TRUE) {
-		if (connect_SSL () != OK)
-			die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n"));
-		if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
-			result = check_certificate (&server_cert);
-			X509_free (server_cert);
-		}
-		else {
-			printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
-			result = STATE_CRITICAL;
-		}
-		SSL_shutdown (ssl);
-		SSL_free (ssl);
-		SSL_CTX_free (ctx);
-		close (sd);
-	}
-	else {
-		result = check_http ();
-	}
-#else
 	result = check_http ();
-#endif
 	return result;
 }
 
@@ -790,34 +745,27 @@
 	long microsec;
 	double elapsed_time;
 	int page_len = 0;
+	int result = STATE_UNKNOWN;
 #ifdef HAVE_SSL
 	int sslerr;
 #endif
 
 	/* try to connect to the host at the given port number */
+	if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
+		die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
 #ifdef HAVE_SSL
 	if (use_ssl == TRUE) {
-
-		if (connect_SSL () != OK) {
-			die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
-		}
-#  ifdef USE_OPENSSL
-		if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
-			X509_free (server_cert);
-		}
-		else {
-			printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
-			return STATE_CRITICAL;
+		np_net_ssl_init(sd);
+		if (check_cert == TRUE) {
+			result = np_net_ssl_check_cert(days_till_exp);
+			if(result != STATE_OK){
+				np_net_ssl_cleanup();
+				if(sd) close(sd);
+				return result;
+			}
 		}
-#  endif /* USE_OPENSSL */
 	}
-	else {
-#endif
-		if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
-			die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
-#ifdef HAVE_SSL
-	}
-#endif
+#endif /* HAVE_SSL */
 
 	asprintf (&buf, "%s %s HTTP/1.0\r\n%s\r\n", http_method, server_url, user_agent);
 
@@ -853,28 +801,12 @@
 		asprintf (&buf, "%s%s", buf, CRLF);
 	}
 
-	if (verbose)
-		printf ("%s\n", buf);
-
-#ifdef HAVE_SSL
-	if (use_ssl == TRUE) {
-		if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {
-#  ifdef USE_OPENSSL
-			ERR_print_errors_fp (stderr);
-#  endif
-			return STATE_CRITICAL;
-		}
-	}
-	else {
-#endif
-		send (sd, buf, strlen (buf), 0);
-#ifdef HAVE_SSL
-	}
-#endif
+	if (verbose) printf ("%s\n", buf);
+	my_send (buf, strlen (buf));
 
 	/* fetch the page */
 	full_page = strdup("");
-	while ((i = my_recv ()) > 0) {
+	while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
 		buffer[i] = '\0';
 		asprintf (&full_page, "%s%s", full_page, buffer);
 		pagesize += i;
@@ -887,6 +819,7 @@
 
 	if (i < 0 && errno != ECONNRESET) {
 #ifdef HAVE_SSL
+		/*
 		if (use_ssl) {
 			sslerr=SSL_get_error(ssl, i);
 			if ( sslerr == SSL_ERROR_SSL ) {
@@ -896,10 +829,13 @@
 			}
 		}
 		else {
+		*/
 #endif
 			die (STATE_CRITICAL, _("Error on receive\n"));
 #ifdef HAVE_SSL
+			/* XXX
 		}
+		*/
 #endif
 	}
 
@@ -908,7 +844,10 @@
 		die (STATE_CRITICAL, _("No data received %s\n"), timestamp);
 
 	/* close the connection */
-	my_close ();
+#ifdef HAVE_SSL
+	np_net_ssl_cleanup();
+#endif
+	if(sd) close(sd);
 
 	/* reset the alarm */
 	alarm (0);
@@ -1248,143 +1187,6 @@
 		return HTTP_PORT;
 }
 
-
-
-#ifdef HAVE_SSL
-int connect_SSL (void)
-{
-	SSL_METHOD *meth;
-
-	asprintf (&randbuff, "%s", "qwertyuiopasdfghjklqwertyuiopasdfghjkl");
-	RAND_seed (randbuff, (int)strlen(randbuff));
-	if (verbose)
-		printf(_("SSL seeding: %s\n"), (RAND_status()==1 ? _("OK") : _("Failed")) );
-
-	/* Initialize SSL context */
-	SSLeay_add_ssl_algorithms ();
-	meth = SSLv23_client_method ();
-	SSL_load_error_strings ();
-	if ((ctx = SSL_CTX_new (meth)) == NULL) {
-		printf (_("CRITICAL -  Cannot create SSL context.\n"));
-		return STATE_CRITICAL;
-	}
-
-	/* Initialize alarm signal handling */
-	signal (SIGALRM, socket_timeout_alarm_handler);
-
-	/* Set socket timeout */
-	alarm (socket_timeout);
-
-	/* Save start time */
-	gettimeofday (&tv, NULL);
-
-	/* Make TCP connection */
-	if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
-		/* Do the SSL handshake */
-		if ((ssl = SSL_new (ctx)) != NULL) {
-#ifdef USE_OPENSSL
-			SSL_set_cipher_list(ssl, "ALL");
-#endif
-			SSL_set_fd (ssl, sd);
-			if (SSL_connect (ssl) != -1)
-				return OK;
-#ifdef USE_OPENSSL
-			ERR_print_errors_fp (stderr);
-#endif
-		}
-		else {
-			printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
-		}
-		SSL_free (ssl);
-	}
-
-	SSL_CTX_free (ctx);
-	close (sd);
-
-	return STATE_CRITICAL;
-}
-#endif
-
-
-
-#ifdef USE_OPENSSL
-int
-check_certificate (X509 ** certificate)
-{
-	ASN1_STRING *tm;
-	int offset;
-	struct tm stamp;
-	int days_left;
-
-
-	/* Retrieve timestamp of certificate */
-	tm = X509_get_notAfter (*certificate);
-
-	/* Generate tm structure to process timestamp */
-	if (tm->type == V_ASN1_UTCTIME) {
-		if (tm->length < 10) {
-			printf (_("CRITICAL - Wrong time format in certificate.\n"));
-			return STATE_CRITICAL;
-		}
-		else {
-			stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
-			if (stamp.tm_year < 50)
-				stamp.tm_year += 100;
-			offset = 0;
-		}
-	}
-	else {
-		if (tm->length < 12) {
-			printf (_("CRITICAL - Wrong time format in certificate.\n"));
-			return STATE_CRITICAL;
-		}
-		else {
-			stamp.tm_year =
-				(tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
-				(tm->data[2] - '0') * 10 + (tm->data[3] - '0');
-			stamp.tm_year -= 1900;
-			offset = 2;
-		}
-	}
-	stamp.tm_mon =
-		(tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
-	stamp.tm_mday =
-		(tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
-	stamp.tm_hour =
-		(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
-	stamp.tm_min =
-		(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-	stamp.tm_sec = 0;
-	stamp.tm_isdst = -1;
-
-	days_left = (mktime (&stamp) - time (NULL)) / 86400;
-	snprintf
-		(timestamp, 17, "%02d/%02d/%04d %02d:%02d",
-		 stamp.tm_mon + 1,
-		 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-
-	if (days_left > 0 && days_left <= days_till_exp) {
-		printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
-		return STATE_WARNING;
-	}
-	if (days_left < 0) {
-		printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
-		return STATE_CRITICAL;
-	}
-
-	if (days_left == 0) {
-		printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
-		return STATE_WARNING;
-	}
-
-	printf (_("OK - Certificate will expire on %s.\n"), timestamp);
-
-	return STATE_OK;
-}
-#endif
-
-
-
 char *perfd_time (double elapsed_time)
 {
 	return fperfdata ("time", elapsed_time, "s",
@@ -1403,47 +1205,6 @@
 	          TRUE, 0, FALSE, 0);
 }
 
-
-
-int
-my_recv (void)
-{
-	int i;
-#ifdef HAVE_SSL
-	if (use_ssl) {
-		i = SSL_read (ssl, buffer, MAX_INPUT_BUFFER - 1);
-	}
-	else {
-		i = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-	}
-#else
-	i = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-#endif
-	return i;
-}
-
-
-
-int
-my_close (void)
-{
-#ifdef HAVE_SSL
-	if (use_ssl == TRUE) {
-		SSL_shutdown (ssl);
-		SSL_free (ssl);
-		SSL_CTX_free (ctx);
-		return 0;
-	}
-	else {
-#endif
-		return close (sd);
-#ifdef HAVE_SSL
-	}
-#endif
-}
-
-
-
 void
 print_help (void)
 {

Index: netutils.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/netutils.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- netutils.c	19 Oct 2005 12:59:55 -0000	1.25
+++ netutils.c	19 Oct 2005 20:22:00 -0000	1.26
@@ -281,6 +281,84 @@
 	return SSL_read(s, buf, num);
 }
 
+int np_net_ssl_check_cert(int days_till_exp){
+#  ifdef USE_OPENSSL
+	X509 *certificate=NULL;
+        ASN1_STRING *tm;
+	int offset;
+	struct tm stamp;
+	int days_left;
+	char timestamp[17] = "";
+
+	certificate=SSL_get_peer_certificate(s);
+	if(! certificate){
+		printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
+		return STATE_CRITICAL;
+	}
+
+	/* Retrieve timestamp of certificate */
+	tm = X509_get_notAfter (certificate);
+
+	/* Generate tm structure to process timestamp */
+	if (tm->type == V_ASN1_UTCTIME) {
+		if (tm->length < 10) {
+			printf (_("CRITICAL - Wrong time format in certificate.\n"));
+			return STATE_CRITICAL;
+		} else {
+			stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
+			if (stamp.tm_year < 50)
+				stamp.tm_year += 100;
+			offset = 0;
+		}
+	} else {
+		if (tm->length < 12) {
+			printf (_("CRITICAL - Wrong time format in certificate.\n"));
+			return STATE_CRITICAL;
+		} else {
+			stamp.tm_year =
+				(tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
+				(tm->data[2] - '0') * 10 + (tm->data[3] - '0');
+			stamp.tm_year -= 1900;
+			offset = 2;
+		}
+	}
+	stamp.tm_mon =
+		(tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
+	stamp.tm_mday =
+		(tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
+	stamp.tm_hour =
+		(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
+	stamp.tm_min =
+		(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
+	stamp.tm_sec = 0;
+	stamp.tm_isdst = -1;
+
+	days_left = (mktime (&stamp) - time (NULL)) / 86400;
+	snprintf
+		(timestamp, 17, "%02d/%02d/%04d %02d:%02d",
+		 stamp.tm_mon + 1,
+		 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
+
+	if (days_left > 0 && days_left <= days_till_exp) {
+		printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
+		return STATE_WARNING;
+	} else if (days_left < 0) {
+		printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
+		return STATE_CRITICAL;
+	} else if (days_left == 0) {
+		printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
+		return STATE_WARNING;
+	}
+
+	printf (_("OK - Certificate will expire on %s.\n"), timestamp);
+	X509_free (certificate);
+	return STATE_OK;
+#  else /* ifndef USE_OPENSSL */
+	printf (_("WARNING - Plugin does not support checking certificates.\n"));
+	return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
 #endif /* HAVE_SSL */
 
 int





More information about the Commits mailing list