diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2017-04-21 16:05:58 +0000 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2017-04-21 16:05:58 +0000 |
commit | e74128e66d3ce295d7603adc74a923fb481c14ae (patch) | |
tree | fdd23aeb4fec45e4576b89bca8b229db7fc2fb15 | |
parent | 65d1d2ca3c617240142736a6316504f8a7e13ca9 (diff) | |
download | monitoring-plugins-e74128e.tar.gz |
made non-OpenSSL version of certificate -C check work
-rw-r--r-- | plugins/check_curl.c | 117 |
1 files changed, 114 insertions, 3 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 878276e6..603c7be6 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
@@ -1752,26 +1752,137 @@ curlhelp_get_ssl_library_string (curlhelp_ssl_library ssl_library) | |||
1752 | } | 1752 | } |
1753 | 1753 | ||
1754 | #ifdef LIBCURL_FEATURE_SSL | 1754 | #ifdef LIBCURL_FEATURE_SSL |
1755 | time_t | ||
1756 | parse_cert_date (const char *s) | ||
1757 | { | ||
1758 | struct tm tm; | ||
1759 | time_t date; | ||
1760 | |||
1761 | if (!s) return -1; | ||
1762 | |||
1763 | strptime (s, "%Y-%m-%d %H:%M:%S GMT", &tm); | ||
1764 | date = mktime (&tm); | ||
1765 | |||
1766 | return date; | ||
1767 | } | ||
1768 | |||
1769 | /* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to | ||
1770 | * OpenSSL could be this function | ||
1771 | */ | ||
1755 | int | 1772 | int |
1756 | net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_warn, int days_till_exp_crit) | 1773 | net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_warn, int days_till_exp_crit) |
1757 | { | 1774 | { |
1758 | int i; | 1775 | int i; |
1759 | struct curl_slist *slist; | 1776 | struct curl_slist* slist; |
1777 | int cname_found = 0; | ||
1778 | char* start_date_str = NULL; | ||
1779 | char* end_date_str = NULL; | ||
1780 | time_t start_date; | ||
1781 | time_t end_date; | ||
1782 | char *tz; | ||
1783 | float time_left; | ||
1784 | int days_left; | ||
1785 | int time_remaining; | ||
1786 | char timestamp[50] = ""; | ||
1787 | int status = STATE_UNKNOWN; | ||
1760 | 1788 | ||
1761 | if (verbose >= 2) | 1789 | if (verbose >= 2) |
1762 | printf ("**** REQUEST CERTIFICATES ****\n"); | 1790 | printf ("**** REQUEST CERTIFICATES ****\n"); |
1763 | 1791 | ||
1764 | for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) { | 1792 | for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) { |
1765 | for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) { | 1793 | for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) { |
1794 | /* find first common name in subject, TODO: check alternative subjects for | ||
1795 | * multi-host certificate, check wildcards | ||
1796 | */ | ||
1797 | if (strncmp (slist->data, "Subject:", 8) == 0) { | ||
1798 | char* p = strstr (slist->data, "CN="); | ||
1799 | if (p != NULL) { | ||
1800 | if (strncmp (host_name, p+3, strlen (host_name)) == 0) { | ||
1801 | cname_found = 1; | ||
1802 | } | ||
1803 | } | ||
1804 | } else if (strncmp (slist->data, "Start Date:", 11) == 0) { | ||
1805 | start_date_str = &slist->data[11]; | ||
1806 | } else if (strncmp (slist->data, "Expire Date:", 12) == 0) { | ||
1807 | end_date_str = &slist->data[12]; | ||
1808 | } else if (strncmp (slist->data, "Cert:", 5) == 0) { | ||
1809 | goto HAVE_FIRST_CERT; | ||
1810 | } | ||
1766 | if (verbose >= 2) | 1811 | if (verbose >= 2) |
1767 | printf ("%d ** %s\n", i, slist->data); | 1812 | printf ("%d ** %s\n", i, slist->data); |
1768 | } | 1813 | } |
1769 | } | 1814 | } |
1815 | HAVE_FIRST_CERT: | ||
1770 | 1816 | ||
1771 | if (verbose >= 2) | 1817 | if (verbose >= 2) |
1772 | printf ("**** REQUEST CERTIFICATES ****\n"); | 1818 | printf ("**** REQUEST CERTIFICATES ****\n"); |
1819 | |||
1820 | if (!cname_found) { | ||
1821 | printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); | ||
1822 | return STATE_CRITICAL; | ||
1823 | } | ||
1824 | |||
1825 | start_date = parse_cert_date (start_date_str); | ||
1826 | if (start_date <= 0) { | ||
1827 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Start Date' in certificate: '%s'"), | ||
1828 | start_date_str); | ||
1829 | puts (msg); | ||
1830 | return STATE_WARNING; | ||
1831 | } | ||
1832 | |||
1833 | end_date = parse_cert_date (end_date_str); | ||
1834 | if (end_date <= 0) { | ||
1835 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Expire Date' in certificate: '%s'"), | ||
1836 | start_date_str); | ||
1837 | puts (msg); | ||
1838 | return STATE_WARNING; | ||
1839 | } | ||
1773 | 1840 | ||
1774 | printf("%s\n", _("WARNING - Plugin does not support checking certificates without OpenSSL.")); | 1841 | time_left = difftime (end_date, time(NULL)); |
1775 | return STATE_WARNING; | 1842 | days_left = time_left / 86400; |
1843 | tz = getenv("TZ"); | ||
1844 | setenv("TZ", "GMT", 1); | ||
1845 | tzset(); | ||
1846 | strftime(timestamp, 50, "%c %z", localtime(&end_date)); | ||
1847 | if (tz) | ||
1848 | setenv("TZ", tz, 1); | ||
1849 | else | ||
1850 | unsetenv("TZ"); | ||
1851 | tzset(); | ||
1852 | |||
1853 | if (days_left > 0 && days_left <= days_till_exp_warn) { | ||
1854 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, days_left, timestamp); | ||
1855 | if (days_left > days_till_exp_crit) | ||
1856 | status = STATE_WARNING; | ||
1857 | else | ||
1858 | status = STATE_CRITICAL; | ||
1859 | } else if (days_left == 0 && time_left > 0) { | ||
1860 | if (time_left >= 3600) | ||
1861 | time_remaining = (int) time_left / 3600; | ||
1862 | else | ||
1863 | time_remaining = (int) time_left / 60; | ||
1864 | |||
1865 | printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), | ||
1866 | (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", host_name, time_remaining, | ||
1867 | time_left >= 3600 ? "hours" : "minutes", timestamp); | ||
1868 | |||
1869 | if ( days_left > days_till_exp_crit) | ||
1870 | status = STATE_WARNING; | ||
1871 | else | ||
1872 | status = STATE_CRITICAL; | ||
1873 | } else if (time_left < 0) { | ||
1874 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), host_name, timestamp); | ||
1875 | status=STATE_CRITICAL; | ||
1876 | } else if (days_left == 0) { | ||
1877 | printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, timestamp); | ||
1878 | if (days_left > days_till_exp_crit) | ||
1879 | status = STATE_WARNING; | ||
1880 | else | ||
1881 | status = STATE_CRITICAL; | ||
1882 | } else { | ||
1883 | printf(_("OK - Certificate '%s' will expire on %s.\n"), host_name, timestamp); | ||
1884 | status = STATE_OK; | ||
1885 | } | ||
1886 | return status; | ||
1776 | } | 1887 | } |
1777 | #endif /* LIBCURL_FEATURE_SSL */ | 1888 | #endif /* LIBCURL_FEATURE_SSL */ |