summaryrefslogtreecommitdiffstats
path: root/plugins/sslutils.c
diff options
context:
space:
mode:
authorThomas Guyot-Sionnest <dermoth@aei.ca>2011-02-04 00:54:52 -0500
committerThomas Guyot-Sionnest <dermoth@aei.ca>2011-02-04 00:54:52 -0500
commit4611e41bc50d15275b316c6f21b688997a9c78c4 (patch)
tree1de69d9b99ef3986d5680fd9b8a581ce150dd93e /plugins/sslutils.c
parent1a5a83bb82c35d888229fe9f815fbc663c0f4d3c (diff)
downloadmonitoring-plugins-4611e41bc50d15275b316c6f21b688997a9c78c4.tar.gz
check_http: check for and print the certificate cn
This patch adds a check for the certificate cn (hostname) to normal certificate checks. It returns CRITICAL if th cn is missing, otherwise it prints it in the normal output. Patch by Stéphane Urbanovski
Diffstat (limited to 'plugins/sslutils.c')
-rw-r--r--plugins/sslutils.c38
1 files changed, 28 insertions, 10 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 64f4d61c..0bc61ed3 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -3,7 +3,7 @@
3* Nagios plugins SSL utilities 3* Nagios plugins SSL utilities
4* 4*
5* License: GPL 5* License: GPL
6* Copyright (c) 2005-2007 Nagios Plugins Development Team 6* Copyright (c) 2005-2010 Nagios Plugins Development Team
7* 7*
8* Description: 8* Description:
9* 9*
@@ -26,6 +26,7 @@
26* 26*
27*****************************************************************************/ 27*****************************************************************************/
28 28
29#define MAX_CN_LENGTH 256
29#define LOCAL_TIMEOUT_ALARM_HANDLER 30#define LOCAL_TIMEOUT_ALARM_HANDLER
30#include "common.h" 31#include "common.h"
31#include "netutils.h" 32#include "netutils.h"
@@ -97,6 +98,11 @@ int np_net_ssl_read(void *buf, int num){
97int np_net_ssl_check_cert(int days_till_exp){ 98int np_net_ssl_check_cert(int days_till_exp){
98# ifdef USE_OPENSSL 99# ifdef USE_OPENSSL
99 X509 *certificate=NULL; 100 X509 *certificate=NULL;
101 X509_NAME *subj=NULL;
102 char cn[MAX_CN_LENGTH]= "";
103 int cnlen =-1;
104 int status=STATE_UNKNOWN;
105
100 ASN1_STRING *tm; 106 ASN1_STRING *tm;
101 int offset; 107 int offset;
102 struct tm stamp; 108 struct tm stamp;
@@ -110,6 +116,17 @@ int np_net_ssl_check_cert(int days_till_exp){
110 return STATE_CRITICAL; 116 return STATE_CRITICAL;
111 } 117 }
112 118
119 /* Extract CN from certificate subject */
120 subj=X509_get_subject_name(certificate);
121
122 if(! subj){
123 printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
124 return STATE_CRITICAL;
125 }
126 cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn));
127 if ( cnlen == -1 )
128 strcpy(cn , _("Unknown CN"));
129
113 /* Retrieve timestamp of certificate */ 130 /* Retrieve timestamp of certificate */
114 tm = X509_get_notAfter (certificate); 131 tm = X509_get_notAfter (certificate);
115 132
@@ -155,19 +172,20 @@ int np_net_ssl_check_cert(int days_till_exp){
155 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); 172 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
156 173
157 if (days_left > 0 && days_left <= days_till_exp) { 174 if (days_left > 0 && days_left <= days_till_exp) {
158 printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); 175 printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);
159 return STATE_WARNING; 176 status=STATE_WARNING;
160 } else if (time_left < 0) { 177 } else if (time_left < 0) {
161 printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); 178 printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
162 return STATE_CRITICAL; 179 status=STATE_CRITICAL;
163 } else if (days_left == 0) { 180 } else if (days_left == 0) {
164 printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); 181 printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);
165 return STATE_WARNING; 182 status=STATE_WARNING;
183 } else {
184 printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
185 status=STATE_OK;
166 } 186 }
167
168 printf (_("OK - Certificate will expire on %s.\n"), timestamp);
169 X509_free (certificate); 187 X509_free (certificate);
170 return STATE_OK; 188 return status;
171# else /* ifndef USE_OPENSSL */ 189# else /* ifndef USE_OPENSSL */
172 printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); 190 printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));
173 return STATE_WARNING; 191 return STATE_WARNING;