diff options
| author | Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> | 2024-10-31 14:32:03 +0100 |
|---|---|---|
| committer | Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> | 2024-10-31 14:32:03 +0100 |
| commit | 8c937fbfac89e632d86dcde9c6b8e5f7d6790902 (patch) | |
| tree | c527c2a0494dff8988f4f9cc59a91bd6c4c0fbdc | |
| parent | e353337d08b7cc778f01ef94301af73539e8266c (diff) | |
| download | monitoring-plugins-8c937fbfac89e632d86dcde9c6b8e5f7d6790902.tar.gz | |
sslutils.c: clang-format
| -rw-r--r-- | plugins/sslutils.c | 228 |
1 files changed, 106 insertions, 122 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 6bc0ba81..b8cbc7ce 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
| @@ -1,46 +1,42 @@ | |||
| 1 | /***************************************************************************** | 1 | /***************************************************************************** |
| 2 | * | 2 | * |
| 3 | * Monitoring Plugins SSL utilities | 3 | * Monitoring Plugins SSL utilities |
| 4 | * | 4 | * |
| 5 | * License: GPL | 5 | * License: GPL |
| 6 | * Copyright (c) 2005-2010 Monitoring Plugins Development Team | 6 | * Copyright (c) 2005-2010 Monitoring Plugins Development Team |
| 7 | * | 7 | * |
| 8 | * Description: | 8 | * Description: |
| 9 | * | 9 | * |
| 10 | * This file contains common functions for plugins that require SSL. | 10 | * This file contains common functions for plugins that require SSL. |
| 11 | * | 11 | * |
| 12 | * | 12 | * |
| 13 | * This program is free software: you can redistribute it and/or modify | 13 | * This program is free software: you can redistribute it and/or modify |
| 14 | * it under the terms of the GNU General Public License as published by | 14 | * it under the terms of the GNU General Public License as published by |
| 15 | * the Free Software Foundation, either version 3 of the License, or | 15 | * the Free Software Foundation, either version 3 of the License, or |
| 16 | * (at your option) any later version. | 16 | * (at your option) any later version. |
| 17 | * | 17 | * |
| 18 | * This program is distributed in the hope that it will be useful, | 18 | * This program is distributed in the hope that it will be useful, |
| 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 21 | * GNU General Public License for more details. | 21 | * GNU General Public License for more details. |
| 22 | * | 22 | * |
| 23 | * You should have received a copy of the GNU General Public License | 23 | * You should have received a copy of the GNU General Public License |
| 24 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | 24 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 25 | * | 25 | * |
| 26 | * | 26 | * |
| 27 | *****************************************************************************/ | 27 | *****************************************************************************/ |
| 28 | 28 | ||
| 29 | #define MAX_CN_LENGTH 256 | 29 | #define MAX_CN_LENGTH 256 |
| 30 | #include "common.h" | 30 | #include "common.h" |
| 31 | #include "netutils.h" | 31 | #include "netutils.h" |
| 32 | 32 | ||
| 33 | #ifdef HAVE_SSL | 33 | #ifdef HAVE_SSL |
| 34 | static SSL_CTX *ctx=NULL; | 34 | static SSL_CTX *ctx = NULL; |
| 35 | static SSL *s=NULL; | 35 | static SSL *s = NULL; |
| 36 | 36 | ||
| 37 | int np_net_ssl_init(int sd) { | 37 | int np_net_ssl_init(int sd) { return np_net_ssl_init_with_hostname(sd, NULL); } |
| 38 | return np_net_ssl_init_with_hostname(sd, NULL); | ||
| 39 | } | ||
| 40 | 38 | ||
| 41 | int np_net_ssl_init_with_hostname(int sd, char *host_name) { | 39 | int np_net_ssl_init_with_hostname(int sd, char *host_name) { return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); } |
| 42 | return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); | ||
| 43 | } | ||
| 44 | 40 | ||
| 45 | int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) { | 41 | int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) { |
| 46 | return np_net_ssl_init_with_hostname_version_and_cert(sd, host_name, version, NULL, NULL); | 42 | return np_net_ssl_init_with_hostname_version_and_cert(sd, host_name, version, NULL, NULL); |
| @@ -59,145 +55,141 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int | |||
| 59 | printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library.")); | 55 | printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library.")); |
| 60 | return STATE_UNKNOWN; | 56 | return STATE_UNKNOWN; |
| 61 | case MP_SSLv3: /* SSLv3 protocol */ | 57 | case MP_SSLv3: /* SSLv3 protocol */ |
| 62 | #if defined(OPENSSL_NO_SSL3) | 58 | # if defined(OPENSSL_NO_SSL3) |
| 63 | printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library.")); | 59 | printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library.")); |
| 64 | return STATE_UNKNOWN; | 60 | return STATE_UNKNOWN; |
| 65 | #else | 61 | # else |
| 66 | SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); | 62 | SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); |
| 67 | SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION); | 63 | SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION); |
| 68 | break; | 64 | break; |
| 69 | #endif | 65 | # endif |
| 70 | case MP_TLSv1: /* TLSv1 protocol */ | 66 | case MP_TLSv1: /* TLSv1 protocol */ |
| 71 | #if defined(OPENSSL_NO_TLS1) | 67 | # if defined(OPENSSL_NO_TLS1) |
| 72 | printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library.")); | 68 | printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library.")); |
| 73 | return STATE_UNKNOWN; | 69 | return STATE_UNKNOWN; |
| 74 | #else | 70 | # else |
| 75 | SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); | 71 | SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); |
| 76 | SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION); | 72 | SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION); |
| 77 | break; | 73 | break; |
| 78 | #endif | 74 | # endif |
| 79 | case MP_TLSv1_1: /* TLSv1.1 protocol */ | 75 | case MP_TLSv1_1: /* TLSv1.1 protocol */ |
| 80 | #if !defined(SSL_OP_NO_TLSv1_1) | 76 | # if !defined(SSL_OP_NO_TLSv1_1) |
| 81 | printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.")); | 77 | printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.")); |
| 82 | return STATE_UNKNOWN; | 78 | return STATE_UNKNOWN; |
| 83 | #else | 79 | # else |
| 84 | SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); | 80 | SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); |
| 85 | SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION); | 81 | SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION); |
| 86 | break; | 82 | break; |
| 87 | #endif | 83 | # endif |
| 88 | case MP_TLSv1_2: /* TLSv1.2 protocol */ | 84 | case MP_TLSv1_2: /* TLSv1.2 protocol */ |
| 89 | #if !defined(SSL_OP_NO_TLSv1_2) | 85 | # if !defined(SSL_OP_NO_TLSv1_2) |
| 90 | printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.")); | 86 | printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.")); |
| 91 | return STATE_UNKNOWN; | 87 | return STATE_UNKNOWN; |
| 92 | #else | 88 | # else |
| 93 | SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); | 89 | SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); |
| 94 | SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); | 90 | SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); |
| 95 | break; | 91 | break; |
| 96 | #endif | 92 | # endif |
| 97 | case MP_TLSv1_2_OR_NEWER: | 93 | case MP_TLSv1_2_OR_NEWER: |
| 98 | #if !defined(SSL_OP_NO_TLSv1_1) | 94 | # if !defined(SSL_OP_NO_TLSv1_1) |
| 99 | printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library.")); | 95 | printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library.")); |
| 100 | return STATE_UNKNOWN; | 96 | return STATE_UNKNOWN; |
| 101 | #else | 97 | # else |
| 102 | SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); | 98 | SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION); |
| 103 | break; | 99 | break; |
| 104 | #endif | 100 | # endif |
| 105 | case MP_TLSv1_1_OR_NEWER: | 101 | case MP_TLSv1_1_OR_NEWER: |
| 106 | #if !defined(SSL_OP_NO_TLSv1) | 102 | # if !defined(SSL_OP_NO_TLSv1) |
| 107 | printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library.")); | 103 | printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library.")); |
| 108 | return STATE_UNKNOWN; | 104 | return STATE_UNKNOWN; |
| 109 | #else | 105 | # else |
| 110 | SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); | 106 | SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); |
| 111 | break; | 107 | break; |
| 112 | #endif | 108 | # endif |
| 113 | case MP_TLSv1_OR_NEWER: | 109 | case MP_TLSv1_OR_NEWER: |
| 114 | #if defined(SSL_OP_NO_SSLv3) | 110 | # if defined(SSL_OP_NO_SSLv3) |
| 115 | SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); | 111 | SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); |
| 116 | break; | 112 | break; |
| 117 | #endif | 113 | # endif |
| 118 | case MP_SSLv3_OR_NEWER: | 114 | case MP_SSLv3_OR_NEWER: |
| 119 | #if defined(SSL_OP_NO_SSLv2) | 115 | # if defined(SSL_OP_NO_SSLv2) |
| 120 | SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); | 116 | SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); |
| 121 | break; | 117 | break; |
| 122 | #endif | 118 | # endif |
| 123 | } | 119 | } |
| 124 | 120 | ||
| 125 | if (cert && privkey) { | 121 | if (cert && privkey) { |
| 126 | #ifdef USE_OPENSSL | 122 | # ifdef USE_OPENSSL |
| 127 | if (!SSL_CTX_use_certificate_chain_file(ctx, cert)) { | 123 | if (!SSL_CTX_use_certificate_chain_file(ctx, cert)) { |
| 128 | #elif USE_GNUTLS | 124 | # elif USE_GNUTLS |
| 129 | if (!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) { | 125 | if (!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) { |
| 130 | #else | 126 | # else |
| 131 | #error Unported for unknown SSL library | 127 | # error Unported for unknown SSL library |
| 132 | #endif | 128 | # endif |
| 133 | printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n")); | 129 | printf("%s\n", _("CRITICAL - Unable to open certificate chain file!\n")); |
| 134 | return STATE_CRITICAL; | 130 | return STATE_CRITICAL; |
| 135 | } | 131 | } |
| 136 | SSL_CTX_use_PrivateKey_file(ctx, privkey, SSL_FILETYPE_PEM); | 132 | SSL_CTX_use_PrivateKey_file(ctx, privkey, SSL_FILETYPE_PEM); |
| 137 | #ifdef USE_OPENSSL | 133 | # ifdef USE_OPENSSL |
| 138 | if (!SSL_CTX_check_private_key(ctx)) { | 134 | if (!SSL_CTX_check_private_key(ctx)) { |
| 139 | printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n")); | 135 | printf("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n")); |
| 140 | return STATE_CRITICAL; | 136 | return STATE_CRITICAL; |
| 141 | } | 137 | } |
| 142 | #endif | 138 | # endif |
| 143 | } | 139 | } |
| 144 | #ifdef SSL_OP_NO_TICKET | 140 | # ifdef SSL_OP_NO_TICKET |
| 145 | options |= SSL_OP_NO_TICKET; | 141 | options |= SSL_OP_NO_TICKET; |
| 146 | #endif | 142 | # endif |
| 147 | SSL_CTX_set_options(ctx, options); | 143 | SSL_CTX_set_options(ctx, options); |
| 148 | SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); | 144 | SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); |
| 149 | if ((s = SSL_new(ctx)) != NULL) { | 145 | if ((s = SSL_new(ctx)) != NULL) { |
| 150 | #ifdef SSL_set_tlsext_host_name | 146 | # ifdef SSL_set_tlsext_host_name |
| 151 | if (host_name != NULL) | 147 | if (host_name != NULL) |
| 152 | SSL_set_tlsext_host_name(s, host_name); | 148 | SSL_set_tlsext_host_name(s, host_name); |
| 153 | #endif | 149 | # endif |
| 154 | SSL_set_fd(s, sd); | 150 | SSL_set_fd(s, sd); |
| 155 | if (SSL_connect(s) == 1) { | 151 | if (SSL_connect(s) == 1) { |
| 156 | return OK; | 152 | return OK; |
| 157 | } else { | 153 | } else { |
| 158 | printf("%s\n", _("CRITICAL - Cannot make SSL connection.")); | 154 | printf("%s\n", _("CRITICAL - Cannot make SSL connection.")); |
| 159 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | 155 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ |
| 160 | ERR_print_errors_fp(stdout); | 156 | ERR_print_errors_fp(stdout); |
| 161 | # endif /* USE_OPENSSL */ | 157 | # endif /* USE_OPENSSL */ |
| 162 | } | 158 | } |
| 163 | } else { | 159 | } else { |
| 164 | printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); | 160 | printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); |
| 165 | } | 161 | } |
| 166 | return STATE_CRITICAL; | 162 | return STATE_CRITICAL; |
| 167 | } | 163 | } |
| 168 | 164 | ||
| 169 | void np_net_ssl_cleanup() { | 165 | void np_net_ssl_cleanup() { |
| 170 | if (s) { | 166 | if (s) { |
| 171 | #ifdef SSL_set_tlsext_host_name | 167 | # ifdef SSL_set_tlsext_host_name |
| 172 | SSL_set_tlsext_host_name(s, NULL); | 168 | SSL_set_tlsext_host_name(s, NULL); |
| 173 | #endif | 169 | # endif |
| 174 | SSL_shutdown(s); | 170 | SSL_shutdown(s); |
| 175 | SSL_free(s); | 171 | SSL_free(s); |
| 176 | if (ctx) { | 172 | if (ctx) { |
| 177 | SSL_CTX_free(ctx); | 173 | SSL_CTX_free(ctx); |
| 178 | ctx=NULL; | 174 | ctx = NULL; |
| 179 | } | 175 | } |
| 180 | s=NULL; | 176 | s = NULL; |
| 181 | } | 177 | } |
| 182 | } | 178 | } |
| 183 | 179 | ||
| 184 | int np_net_ssl_write(const void *buf, int num) { | 180 | int np_net_ssl_write(const void *buf, int num) { return SSL_write(s, buf, num); } |
| 185 | return SSL_write(s, buf, num); | ||
| 186 | } | ||
| 187 | 181 | ||
| 188 | int np_net_ssl_read(void *buf, int num) { | 182 | int np_net_ssl_read(void *buf, int num) { return SSL_read(s, buf, num); } |
| 189 | return SSL_read(s, buf, num); | ||
| 190 | } | ||
| 191 | 183 | ||
| 192 | int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){ | 184 | int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit) { |
| 193 | # ifdef USE_OPENSSL | 185 | # ifdef USE_OPENSSL |
| 194 | X509_NAME *subj=NULL; | 186 | X509_NAME *subj = NULL; |
| 195 | char timestamp[50] = ""; | 187 | char timestamp[50] = ""; |
| 196 | char cn[MAX_CN_LENGTH]= ""; | 188 | char cn[MAX_CN_LENGTH] = ""; |
| 197 | char *tz; | 189 | char *tz; |
| 198 | 190 | ||
| 199 | int cnlen =-1; | 191 | int cnlen = -1; |
| 200 | int status=STATE_UNKNOWN; | 192 | int status = STATE_UNKNOWN; |
| 201 | 193 | ||
| 202 | ASN1_STRING *tm; | 194 | ASN1_STRING *tm; |
| 203 | int offset; | 195 | int offset; |
| @@ -208,15 +200,15 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int | |||
| 208 | time_t tm_t; | 200 | time_t tm_t; |
| 209 | 201 | ||
| 210 | if (!certificate) { | 202 | if (!certificate) { |
| 211 | printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); | 203 | printf("%s\n", _("CRITICAL - Cannot retrieve server certificate.")); |
| 212 | return STATE_CRITICAL; | 204 | return STATE_CRITICAL; |
| 213 | } | 205 | } |
| 214 | 206 | ||
| 215 | /* Extract CN from certificate subject */ | 207 | /* Extract CN from certificate subject */ |
| 216 | subj=X509_get_subject_name(certificate); | 208 | subj = X509_get_subject_name(certificate); |
| 217 | 209 | ||
| 218 | if (!subj) { | 210 | if (!subj) { |
| 219 | printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); | 211 | printf("%s\n", _("CRITICAL - Cannot retrieve certificate subject.")); |
| 220 | return STATE_CRITICAL; | 212 | return STATE_CRITICAL; |
| 221 | } | 213 | } |
| 222 | cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn)); | 214 | cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn)); |
| @@ -242,23 +234,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int | |||
| 242 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); | 234 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); |
| 243 | return STATE_CRITICAL; | 235 | return STATE_CRITICAL; |
| 244 | } else { | 236 | } else { |
| 245 | stamp.tm_year = | 237 | stamp.tm_year = (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); |
| 246 | (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
| 247 | (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
| 248 | stamp.tm_year -= 1900; | 238 | stamp.tm_year -= 1900; |
| 249 | offset = 2; | 239 | offset = 2; |
| 250 | } | 240 | } |
| 251 | } | 241 | } |
| 252 | stamp.tm_mon = | 242 | stamp.tm_mon = (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; |
| 253 | (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | 243 | stamp.tm_mday = (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); |
| 254 | stamp.tm_mday = | 244 | stamp.tm_hour = (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); |
| 255 | (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | 245 | stamp.tm_min = (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); |
| 256 | stamp.tm_hour = | 246 | stamp.tm_sec = (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); |
| 257 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
| 258 | stamp.tm_min = | ||
| 259 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
| 260 | stamp.tm_sec = | ||
| 261 | (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); | ||
| 262 | stamp.tm_isdst = -1; | 247 | stamp.tm_isdst = -1; |
| 263 | 248 | ||
| 264 | tm_t = timegm(&stamp); | 249 | tm_t = timegm(&stamp); |
| @@ -275,30 +260,30 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int | |||
| 275 | tzset(); | 260 | tzset(); |
| 276 | 261 | ||
| 277 | if (days_left > 0 && days_left <= days_till_exp_warn) { | 262 | if (days_left > 0 && days_left <= days_till_exp_warn) { |
| 278 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); | 263 | printf(_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left > days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, |
| 264 | days_left, timestamp); | ||
| 279 | if (days_left > days_till_exp_crit) | 265 | if (days_left > days_till_exp_crit) |
| 280 | status = STATE_WARNING; | 266 | status = STATE_WARNING; |
| 281 | else | 267 | else |
| 282 | status = STATE_CRITICAL; | 268 | status = STATE_CRITICAL; |
| 283 | } else if (days_left == 0 && time_left > 0) { | 269 | } else if (days_left == 0 && time_left > 0) { |
| 284 | if (time_left >= 3600) | 270 | if (time_left >= 3600) |
| 285 | time_remaining = (int) time_left / 3600; | 271 | time_remaining = (int)time_left / 3600; |
| 286 | else | 272 | else |
| 287 | time_remaining = (int) time_left / 60; | 273 | time_remaining = (int)time_left / 60; |
| 288 | 274 | ||
| 289 | printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), | 275 | printf(_("%s - Certificate '%s' expires in %u %s (%s)\n"), (days_left > days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, |
| 290 | (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, | 276 | time_remaining, time_left >= 3600 ? "hours" : "minutes", timestamp); |
| 291 | time_left >= 3600 ? "hours" : "minutes", timestamp); | ||
| 292 | 277 | ||
| 293 | if ( days_left > days_till_exp_crit) | 278 | if (days_left > days_till_exp_crit) |
| 294 | status = STATE_WARNING; | 279 | status = STATE_WARNING; |
| 295 | else | 280 | else |
| 296 | status = STATE_CRITICAL; | 281 | status = STATE_CRITICAL; |
| 297 | } else if (time_left < 0) { | 282 | } else if (time_left < 0) { |
| 298 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 283 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
| 299 | status=STATE_CRITICAL; | 284 | status = STATE_CRITICAL; |
| 300 | } else if (days_left == 0) { | 285 | } else if (days_left == 0) { |
| 301 | printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); | 286 | printf(_("%s - Certificate '%s' just expired (%s).\n"), (days_left > days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, timestamp); |
| 302 | if (days_left > days_till_exp_crit) | 287 | if (days_left > days_till_exp_crit) |
| 303 | status = STATE_WARNING; | 288 | status = STATE_WARNING; |
| 304 | else | 289 | else |
| @@ -309,22 +294,21 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int | |||
| 309 | } | 294 | } |
| 310 | X509_free(certificate); | 295 | X509_free(certificate); |
| 311 | return status; | 296 | return status; |
| 312 | # else /* ifndef USE_OPENSSL */ | 297 | # else /* ifndef USE_OPENSSL */ |
| 313 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); | 298 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); |
| 314 | return STATE_WARNING; | 299 | return STATE_WARNING; |
| 315 | # endif /* USE_OPENSSL */ | 300 | # endif /* USE_OPENSSL */ |
| 316 | } | 301 | } |
| 317 | 302 | ||
| 318 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | 303 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit) { |
| 319 | # ifdef USE_OPENSSL | 304 | # ifdef USE_OPENSSL |
| 320 | X509 *certificate = NULL; | 305 | X509 *certificate = NULL; |
| 321 | certificate=SSL_get_peer_certificate(s); | 306 | certificate = SSL_get_peer_certificate(s); |
| 322 | return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit)); | 307 | return (np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit)); |
| 323 | # else /* ifndef USE_OPENSSL */ | 308 | # else /* ifndef USE_OPENSSL */ |
| 324 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); | 309 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); |
| 325 | return STATE_WARNING; | 310 | return STATE_WARNING; |
| 326 | # endif /* USE_OPENSSL */ | 311 | # endif /* USE_OPENSSL */ |
| 327 | } | 312 | } |
| 328 | 313 | ||
| 329 | |||
| 330 | #endif /* HAVE_SSL */ | 314 | #endif /* HAVE_SSL */ |