check_curl: more tolerant CN= parsing when checking certificates (hit on Centos 8)

author: Andreas Baumann <mail@andreasbaumann.cc> 2019-11-07 08:20:17 (GMT)
committer: Andreas Baumann <mail@andreasbaumann.cc> 2019-11-07 08:20:17 (GMT)
commit: f7efee5f9c590ee0bea65d56697903cbf26d24c5 (patch)
tree: 974b9c4d0438ec77526961ceade8740ccbea81a6
parent: ede43c848d5ea8cb1d7fb23af1d638e6fff9aa41 (diff)
download: monitoring-plugins-f7efee5f9c590ee0bea65d56697903cbf26d24c5.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 69b6344..796c55f 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -2215,13 +2215,20 @@ net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_war
  for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
    for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) {
-      /* find first common name in subject, TODO: check alternative subjects for
+      /* find first common name in subject, 
+       * TODO: check alternative subjects for
+       * TODO: have a decent parser here and not a hack
       * multi-host certificate, check wildcards
       */
      if (strncasecmp (slist->data, "Subject:", 8) == 0) {
+        int d = 3;
        char* p = strstr (slist->data, "CN=");
+        if (p == NULL) {
+          d = 5;
+          p = strstr (slist->data, "CN = ");
+        }
        if (p != NULL) {
-          if (strncmp (host_name, p+3, strlen (host_name)) == 0) {
+          if (strncmp (host_name, p+d, strlen (host_name)) == 0) {
            cname_found = 1;
          }
        }
author	Andreas Baumann <mail@andreasbaumann.cc>	2019-11-07 08:20:17 (GMT)
committer	Andreas Baumann <mail@andreasbaumann.cc>	2019-11-07 08:20:17 (GMT)
commit	f7efee5f9c590ee0bea65d56697903cbf26d24c5 (patch)
tree	974b9c4d0438ec77526961ceade8740ccbea81a6
parent	ede43c848d5ea8cb1d7fb23af1d638e6fff9aa41 (diff)
download	monitoring-plugins-f7efee5f9c590ee0bea65d56697903cbf26d24c5.tar.gz