diff options
author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-23 11:59:43 +0000 |
---|---|---|
committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-23 11:59:43 +0000 |
commit | 4c77862ce3dacfad980977490d4dec76fdbdf3d8 (patch) | |
tree | f7656bf1a65c9ff9e434cdbf4cfee6fc5e073b58 /plugins/netutils.c | |
parent | cf66a717e9e8f55315d50b3b33a70b8a6f140981 (diff) | |
download | monitoring-plugins-4c77862ce3dacfad980977490d4dec76fdbdf3d8.tar.gz |
- compartmentalized ssl code into seperate sslutils.c
- ssl-related cleanups in configure.in, and now openssl/gnutls options
automatically disable each other.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/netutils.c')
-rw-r--r-- | plugins/netutils.c | 127 |
1 files changed, 0 insertions, 127 deletions
diff --git a/plugins/netutils.c b/plugins/netutils.c index 2678f911..db64ef09 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c | |||
@@ -234,133 +234,6 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) | |||
234 | } | 234 | } |
235 | } | 235 | } |
236 | 236 | ||
237 | #ifdef HAVE_SSL | ||
238 | static SSL_CTX *c=NULL; | ||
239 | static SSL *s=NULL; | ||
240 | |||
241 | int np_net_ssl_init (int sd){ | ||
242 | SSL_METHOD *m=NULL; | ||
243 | /* Initialize SSL context */ | ||
244 | SSLeay_add_ssl_algorithms (); | ||
245 | m = SSLv23_client_method (); | ||
246 | SSL_load_error_strings (); | ||
247 | OpenSSL_add_all_algorithms(); | ||
248 | if ((c = SSL_CTX_new (m)) == NULL) { | ||
249 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
250 | return STATE_CRITICAL; | ||
251 | } | ||
252 | if ((s = SSL_new (c)) != NULL){ | ||
253 | SSL_set_fd (s, sd); | ||
254 | if (SSL_connect(s) == 1){ | ||
255 | return OK; | ||
256 | } else { | ||
257 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
258 | #ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | ||
259 | ERR_print_errors_fp (stdout); | ||
260 | #endif /* USE_OPENSSL */ | ||
261 | } | ||
262 | } else { | ||
263 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
264 | } | ||
265 | return STATE_CRITICAL; | ||
266 | } | ||
267 | |||
268 | void np_net_ssl_cleanup (){ | ||
269 | if(s){ | ||
270 | SSL_shutdown (s); | ||
271 | SSL_free (s); | ||
272 | if(c) SSL_CTX_free (c); | ||
273 | } | ||
274 | } | ||
275 | |||
276 | int np_net_ssl_write(const void *buf, int num){ | ||
277 | return SSL_write(s, buf, num); | ||
278 | } | ||
279 | |||
280 | int np_net_ssl_read(void *buf, int num){ | ||
281 | return SSL_read(s, buf, num); | ||
282 | } | ||
283 | |||
284 | int np_net_ssl_check_cert(int days_till_exp){ | ||
285 | # ifdef USE_OPENSSL | ||
286 | X509 *certificate=NULL; | ||
287 | ASN1_STRING *tm; | ||
288 | int offset; | ||
289 | struct tm stamp; | ||
290 | int days_left; | ||
291 | char timestamp[17] = ""; | ||
292 | |||
293 | certificate=SSL_get_peer_certificate(s); | ||
294 | if(! certificate){ | ||
295 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); | ||
296 | return STATE_CRITICAL; | ||
297 | } | ||
298 | |||
299 | /* Retrieve timestamp of certificate */ | ||
300 | tm = X509_get_notAfter (certificate); | ||
301 | |||
302 | /* Generate tm structure to process timestamp */ | ||
303 | if (tm->type == V_ASN1_UTCTIME) { | ||
304 | if (tm->length < 10) { | ||
305 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
306 | return STATE_CRITICAL; | ||
307 | } else { | ||
308 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | ||
309 | if (stamp.tm_year < 50) | ||
310 | stamp.tm_year += 100; | ||
311 | offset = 0; | ||
312 | } | ||
313 | } else { | ||
314 | if (tm->length < 12) { | ||
315 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
316 | return STATE_CRITICAL; | ||
317 | } else { | ||
318 | stamp.tm_year = | ||
319 | (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
320 | (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
321 | stamp.tm_year -= 1900; | ||
322 | offset = 2; | ||
323 | } | ||
324 | } | ||
325 | stamp.tm_mon = | ||
326 | (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | ||
327 | stamp.tm_mday = | ||
328 | (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | ||
329 | stamp.tm_hour = | ||
330 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
331 | stamp.tm_min = | ||
332 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
333 | stamp.tm_sec = 0; | ||
334 | stamp.tm_isdst = -1; | ||
335 | |||
336 | days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
337 | snprintf | ||
338 | (timestamp, 17, "%02d/%02d/%04d %02d:%02d", | ||
339 | stamp.tm_mon + 1, | ||
340 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
341 | |||
342 | if (days_left > 0 && days_left <= days_till_exp) { | ||
343 | printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
344 | return STATE_WARNING; | ||
345 | } else if (days_left < 0) { | ||
346 | printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); | ||
347 | return STATE_CRITICAL; | ||
348 | } else if (days_left == 0) { | ||
349 | printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); | ||
350 | return STATE_WARNING; | ||
351 | } | ||
352 | |||
353 | printf (_("OK - Certificate will expire on %s.\n"), timestamp); | ||
354 | X509_free (certificate); | ||
355 | return STATE_OK; | ||
356 | # else /* ifndef USE_OPENSSL */ | ||
357 | printf (_("WARNING - Plugin does not support checking certificates.\n")); | ||
358 | return STATE_WARNING; | ||
359 | # endif /* USE_OPENSSL */ | ||
360 | } | ||
361 | |||
362 | #endif /* HAVE_SSL */ | ||
363 | |||
364 | int | 237 | int |
365 | send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) | 238 | send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) |
366 | { | 239 | { |