summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Baumann <mail@andreasbaumann.cc>2019-11-07 08:20:17 +0000
committerAndreas Baumann <mail@andreasbaumann.cc>2019-11-07 08:20:17 +0000
commitf7efee5f9c590ee0bea65d56697903cbf26d24c5 (patch)
tree974b9c4d0438ec77526961ceade8740ccbea81a6
parentede43c848d5ea8cb1d7fb23af1d638e6fff9aa41 (diff)
downloadmonitoring-plugins-f7efee5f9c590ee0bea65d56697903cbf26d24c5.tar.gz
check_curl: more tolerant CN= parsing when checking certificates (hit on Centos 8)
-rw-r--r--plugins/check_curl.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 69b63446..796c55fc 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -2215,13 +2215,20 @@ net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_war
2215 2215
2216 for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) { 2216 for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
2217 for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) { 2217 for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) {
2218 /* find first common name in subject, TODO: check alternative subjects for 2218 /* find first common name in subject,
2219 * TODO: check alternative subjects for
2220 * TODO: have a decent parser here and not a hack
2219 * multi-host certificate, check wildcards 2221 * multi-host certificate, check wildcards
2220 */ 2222 */
2221 if (strncasecmp (slist->data, "Subject:", 8) == 0) { 2223 if (strncasecmp (slist->data, "Subject:", 8) == 0) {
2224 int d = 3;
2222 char* p = strstr (slist->data, "CN="); 2225 char* p = strstr (slist->data, "CN=");
2226 if (p == NULL) {
2227 d = 5;
2228 p = strstr (slist->data, "CN = ");
2229 }
2223 if (p != NULL) { 2230 if (p != NULL) {
2224 if (strncmp (host_name, p+3, strlen (host_name)) == 0) { 2231 if (strncmp (host_name, p+d, strlen (host_name)) == 0) {
2225 cname_found = 1; 2232 cname_found = 1;
2226 } 2233 }
2227 } 2234 }