summaryrefslogtreecommitdiffstats
path: root/plugins/check_tcp.c
diff options
context:
space:
mode:
authorM. Sean Finney <seanius@users.sourceforge.net>2005-10-19 20:22:00 +0000
committerM. Sean Finney <seanius@users.sourceforge.net>2005-10-19 20:22:00 +0000
commitcf66a717e9e8f55315d50b3b33a70b8a6f140981 (patch)
tree54dda3e4c83988c27cbc6f08a1d8da586032b4ac /plugins/check_tcp.c
parent5dd7b5dff439ab19119efd24d7822ca19b3e5bf7 (diff)
downloadmonitoring-plugins-cf66a717e9e8f55315d50b3b33a70b8a6f140981.tar.gz
all plugins now using centralized ssl functions in netutils.c
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1257 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/check_tcp.c')
-rw-r--r--plugins/check_tcp.c112
1 files changed, 6 insertions, 106 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 3ffa4cd6..1b6513ba 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -32,10 +32,6 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
32static int check_cert = FALSE; 32static int check_cert = FALSE;
33static int days_till_exp; 33static int days_till_exp;
34static char *randbuff = ""; 34static char *randbuff = "";
35static X509 *server_cert;
36# ifdef USE_OPENSSL
37static int check_certificate (X509 **);
38# endif /* USE_OPENSSL */
39# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) 35# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
40# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) 36# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
41#else 37#else
@@ -43,7 +39,6 @@ static int check_certificate (X509 **);
43# define my_send(buf, len) send(sd, buf, len, 0) 39# define my_send(buf, len) send(sd, buf, len, 0)
44#endif 40#endif
45 41
46
47/* int my_recv(char *, size_t); */ 42/* int my_recv(char *, size_t); */
48static int process_arguments (int, char **); 43static int process_arguments (int, char **);
49void print_help (void); 44void print_help (void);
@@ -217,34 +212,19 @@ main (int argc, char **argv)
217#ifdef HAVE_SSL 212#ifdef HAVE_SSL
218 if (flags & FLAG_SSL){ 213 if (flags & FLAG_SSL){
219 result = np_net_ssl_init(sd); 214 result = np_net_ssl_init(sd);
220 if(result != STATE_OK) return result; 215 if (result == STATE_OK && check_cert == TRUE) {
221 /* XXX does np_net_ssl take care of printing an error? 216 result = np_net_ssl_check_cert(days_till_exp);
222 die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); 217 if(result != STATE_OK) {
223 */ 218 printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
224 } 219 }
225# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
226 /*
227 if (flags & FLAG_SSL && check_cert == TRUE) {
228 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
229 result = check_certificate (&server_cert);
230 X509_free(server_cert);
231 }
232 else {
233 printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
234 result = STATE_CRITICAL;
235 } 220 }
236 } 221 }
237 */
238# endif /* USE_OPENSSL */
239#endif
240
241 if(result != STATE_OK){ 222 if(result != STATE_OK){
242#ifdef HAVE_SSL
243 np_net_ssl_cleanup(); 223 np_net_ssl_cleanup();
244#endif
245 if(sd) close(sd); 224 if(sd) close(sd);
246 return result; 225 return result;
247 } 226 }
227#endif /* HAVE_SSL */
248 228
249 if (server_send != NULL) { /* Something to send? */ 229 if (server_send != NULL) { /* Something to send? */
250 my_send(server_send, strlen(server_send)); 230 my_send(server_send, strlen(server_send));
@@ -567,86 +547,6 @@ process_arguments (int argc, char **argv)
567} 547}
568 548
569 549
570/* SSL-specific functions */
571#ifdef HAVE_SSL
572# ifdef USE_OPENSSL /* XXX */
573static int
574check_certificate (X509 ** certificate)
575{
576 ASN1_STRING *tm;
577 int offset;
578 struct tm stamp;
579 int days_left;
580
581
582 /* Retrieve timestamp of certificate */
583 tm = X509_get_notAfter (*certificate);
584
585 /* Generate tm structure to process timestamp */
586 if (tm->type == V_ASN1_UTCTIME) {
587 if (tm->length < 10) {
588 printf (_("CRITICAL - Wrong time format in certificate.\n"));
589 return STATE_CRITICAL;
590 }
591 else {
592 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
593 if (stamp.tm_year < 50)
594 stamp.tm_year += 100;
595 offset = 0;
596 }
597 }
598 else {
599 if (tm->length < 12) {
600 printf (_("CRITICAL - Wrong time format in certificate.\n"));
601 return STATE_CRITICAL;
602 }
603 else {
604 stamp.tm_year =
605 (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
606 (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
607 stamp.tm_year -= 1900;
608 offset = 2;
609 }
610 }
611 stamp.tm_mon =
612 (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
613 stamp.tm_mday =
614 (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
615 stamp.tm_hour =
616 (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
617 stamp.tm_min =
618 (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
619 stamp.tm_sec = 0;
620 stamp.tm_isdst = -1;
621
622 days_left = (mktime (&stamp) - time (NULL)) / 86400;
623 snprintf
624 (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
625 stamp.tm_mon + 1,
626 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
627
628 if (days_left > 0 && days_left <= days_till_exp) {
629 printf (_("Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
630 return STATE_WARNING;
631 }
632 if (days_left < 0) {
633 printf (_("Certificate expired on %s.\n"), timestamp);
634 return STATE_CRITICAL;
635 }
636
637 if (days_left == 0) {
638 printf (_("Certificate expires today (%s).\n"), timestamp);
639 return STATE_WARNING;
640 }
641
642 printf (_("Certificate will expire on %s.\n"), timestamp);
643
644 return STATE_OK;
645}
646# endif /* USE_OPENSSL */
647#endif /* HAVE_SSL */
648
649
650void 550void
651print_help (void) 551print_help (void)
652{ 552{