summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Guyot-Sionnest <dermoth@aei.ca>2009-03-17 03:39:12 -0400
committerThomas Guyot-Sionnest <dermoth@aei.ca>2009-03-18 03:34:25 -0400
commitd41a33a434558189300113c28b26e2d3d681d390 (patch)
tree2966359be8ecb1b7eb8da172e5655f5233d34f8d
parent9a05e9789017c03d192238c0337bc019838c52d4 (diff)
downloadmonitoring-plugins-d41a33a434558189300113c28b26e2d3d681d390.tar.gz
Add timezone support and fix checks around cert expiration
-rw-r--r--plugins/sslutils.c15
-rwxr-xr-xplugins/tests/check_http.t6
2 files changed, 13 insertions, 8 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index f5035e23..afc24be1 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -30,6 +30,10 @@
30#include "common.h" 30#include "common.h"
31#include "netutils.h" 31#include "netutils.h"
32 32
33/* Max length of timestamps, ex: "03/05/2009 00:13 GMT". Calculate up to 6
34 * chars for the timezone (ex: "GMT-10") and one terminating \0 */
35#define TS_LENGTH 24
36
33#ifdef HAVE_SSL 37#ifdef HAVE_SSL
34static SSL_CTX *c=NULL; 38static SSL_CTX *c=NULL;
35static SSL *s=NULL; 39static SSL *s=NULL;
@@ -90,7 +94,7 @@ int np_net_ssl_check_cert(int days_till_exp){
90 int offset; 94 int offset;
91 struct tm stamp; 95 struct tm stamp;
92 int days_left; 96 int days_left;
93 char timestamp[17] = ""; 97 char timestamp[TS_LENGTH] = "";
94 98
95 certificate=SSL_get_peer_certificate(s); 99 certificate=SSL_get_peer_certificate(s);
96 if(! certificate){ 100 if(! certificate){
@@ -135,16 +139,17 @@ int np_net_ssl_check_cert(int days_till_exp){
135 stamp.tm_sec = 0; 139 stamp.tm_sec = 0;
136 stamp.tm_isdst = -1; 140 stamp.tm_isdst = -1;
137 141
138 days_left = (mktime (&stamp) - time (NULL)) / 86400; 142 float time_left = difftime(timegm(&stamp), time(NULL));
143 days_left = time_left / 86400;
139 snprintf 144 snprintf
140 (timestamp, 17, "%02d/%02d/%04d %02d:%02d", 145 (timestamp, TS_LENGTH, "%02d/%02d/%04d %02d:%02d %s",
141 stamp.tm_mon + 1, 146 stamp.tm_mon + 1,
142 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); 147 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min, stamp.tm_zone);
143 148
144 if (days_left > 0 && days_left <= days_till_exp) { 149 if (days_left > 0 && days_left <= days_till_exp) {
145 printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); 150 printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
146 return STATE_WARNING; 151 return STATE_WARNING;
147 } else if (days_left < 0) { 152 } else if (time_left < 0) {
148 printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); 153 printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
149 return STATE_CRITICAL; 154 return STATE_CRITICAL;
150 } else if (days_left == 0) { 155 } else if (days_left == 0) {
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index d7f4148c..0a1b0bc8 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -163,18 +163,18 @@ SKIP: {
163 163
164 $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); 164 $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
165 is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); 165 is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
166 is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41.', "output ok" ); 166 is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41 GMT.', "output ok" );
167 167
168 $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); 168 $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
169 is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); 169 is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
170 like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" ); 170 like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41 GMT\)./', "output ok" );
171 171
172 172
173 # Expired cert tests 173 # Expired cert tests
174 $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); 174 $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
175 is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); 175 is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
176 is( $result->output, 176 is( $result->output,
177 'CRITICAL - Certificate expired on 03/05/2009 00:13.', 177 'CRITICAL - Certificate expired on 03/05/2009 00:13 GMT.',
178 "output ok" ); 178 "output ok" );
179 179
180} 180}