diff options
author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-23 11:59:43 +0000 |
---|---|---|
committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-23 11:59:43 +0000 |
commit | 4c77862ce3dacfad980977490d4dec76fdbdf3d8 (patch) | |
tree | f7656bf1a65c9ff9e434cdbf4cfee6fc5e073b58 /plugins/sslutils.c | |
parent | cf66a717e9e8f55315d50b3b33a70b8a6f140981 (diff) | |
download | monitoring-plugins-4c77862ce3dacfad980977490d4dec76fdbdf3d8.tar.gz |
- compartmentalized ssl code into seperate sslutils.c
- ssl-related cleanups in configure.in, and now openssl/gnutls options
automatically disable each other.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/sslutils.c')
-rw-r--r-- | plugins/sslutils.c | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c new file mode 100644 index 00000000..d785fb75 --- /dev/null +++ b/plugins/sslutils.c | |||
@@ -0,0 +1,162 @@ | |||
1 | /**************************************************************************** | ||
2 | * | ||
3 | * Nagios plugins SSL utilities | ||
4 | * | ||
5 | * License: GPL | ||
6 | * Copyright (c) 2005 nagios-plugins team | ||
7 | * | ||
8 | * Last Modified: $Date$ | ||
9 | * | ||
10 | * Description: | ||
11 | * | ||
12 | * This file contains common functions for plugins that require SSL. | ||
13 | * | ||
14 | * License Information: | ||
15 | * | ||
16 | * This program is free software; you can redistribute it and/or modify | ||
17 | * it under the terms of the GNU General Public License as published by | ||
18 | * the Free Software Foundation; either version 2 of the License, or | ||
19 | * (at your option) any later version. | ||
20 | * | ||
21 | * This program is distributed in the hope that it will be useful, | ||
22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
24 | * GNU General Public License for more details. | ||
25 | * | ||
26 | * You should have received a copy of the GNU General Public License | ||
27 | * along with this program; if not, write to the Free Software | ||
28 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||
29 | * | ||
30 | * $Id$ | ||
31 | * | ||
32 | ****************************************************************************/ | ||
33 | |||
34 | #include "common.h" | ||
35 | #include "netutils.h" | ||
36 | |||
37 | #ifdef HAVE_SSL | ||
38 | static SSL_CTX *c=NULL; | ||
39 | static SSL *s=NULL; | ||
40 | |||
41 | int np_net_ssl_init (int sd){ | ||
42 | SSL_METHOD *m=NULL; | ||
43 | /* Initialize SSL context */ | ||
44 | SSLeay_add_ssl_algorithms (); | ||
45 | m = SSLv23_client_method (); | ||
46 | SSL_load_error_strings (); | ||
47 | OpenSSL_add_all_algorithms(); | ||
48 | if ((c = SSL_CTX_new (m)) == NULL) { | ||
49 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
50 | return STATE_CRITICAL; | ||
51 | } | ||
52 | if ((s = SSL_new (c)) != NULL){ | ||
53 | SSL_set_fd (s, sd); | ||
54 | if (SSL_connect(s) == 1){ | ||
55 | return OK; | ||
56 | } else { | ||
57 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
58 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | ||
59 | ERR_print_errors_fp (stdout); | ||
60 | # endif /* USE_OPENSSL */ | ||
61 | } | ||
62 | } else { | ||
63 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
64 | } | ||
65 | return STATE_CRITICAL; | ||
66 | } | ||
67 | |||
68 | void np_net_ssl_cleanup (){ | ||
69 | if(s){ | ||
70 | SSL_shutdown (s); | ||
71 | SSL_free (s); | ||
72 | if(c) SSL_CTX_free (c); | ||
73 | } | ||
74 | } | ||
75 | |||
76 | int np_net_ssl_write(const void *buf, int num){ | ||
77 | return SSL_write(s, buf, num); | ||
78 | } | ||
79 | |||
80 | int np_net_ssl_read(void *buf, int num){ | ||
81 | return SSL_read(s, buf, num); | ||
82 | } | ||
83 | |||
84 | int np_net_ssl_check_cert(int days_till_exp){ | ||
85 | # ifdef USE_OPENSSL | ||
86 | X509 *certificate=NULL; | ||
87 | ASN1_STRING *tm; | ||
88 | int offset; | ||
89 | struct tm stamp; | ||
90 | int days_left; | ||
91 | char timestamp[17] = ""; | ||
92 | |||
93 | certificate=SSL_get_peer_certificate(s); | ||
94 | if(! certificate){ | ||
95 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); | ||
96 | return STATE_CRITICAL; | ||
97 | } | ||
98 | |||
99 | /* Retrieve timestamp of certificate */ | ||
100 | tm = X509_get_notAfter (certificate); | ||
101 | |||
102 | /* Generate tm structure to process timestamp */ | ||
103 | if (tm->type == V_ASN1_UTCTIME) { | ||
104 | if (tm->length < 10) { | ||
105 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
106 | return STATE_CRITICAL; | ||
107 | } else { | ||
108 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | ||
109 | if (stamp.tm_year < 50) | ||
110 | stamp.tm_year += 100; | ||
111 | offset = 0; | ||
112 | } | ||
113 | } else { | ||
114 | if (tm->length < 12) { | ||
115 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
116 | return STATE_CRITICAL; | ||
117 | } else { | ||
118 | stamp.tm_year = | ||
119 | (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
120 | (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
121 | stamp.tm_year -= 1900; | ||
122 | offset = 2; | ||
123 | } | ||
124 | } | ||
125 | stamp.tm_mon = | ||
126 | (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | ||
127 | stamp.tm_mday = | ||
128 | (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | ||
129 | stamp.tm_hour = | ||
130 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
131 | stamp.tm_min = | ||
132 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
133 | stamp.tm_sec = 0; | ||
134 | stamp.tm_isdst = -1; | ||
135 | |||
136 | days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
137 | snprintf | ||
138 | (timestamp, 17, "%02d/%02d/%04d %02d:%02d", | ||
139 | stamp.tm_mon + 1, | ||
140 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
141 | |||
142 | if (days_left > 0 && days_left <= days_till_exp) { | ||
143 | printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
144 | return STATE_WARNING; | ||
145 | } else if (days_left < 0) { | ||
146 | printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); | ||
147 | return STATE_CRITICAL; | ||
148 | } else if (days_left == 0) { | ||
149 | printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); | ||
150 | return STATE_WARNING; | ||
151 | } | ||
152 | |||
153 | printf (_("OK - Certificate will expire on %s.\n"), timestamp); | ||
154 | X509_free (certificate); | ||
155 | return STATE_OK; | ||
156 | # else /* ifndef USE_OPENSSL */ | ||
157 | printf (_("WARNING - Plugin does not support checking certificates.\n")); | ||
158 | return STATE_WARNING; | ||
159 | # endif /* USE_OPENSSL */ | ||
160 | } | ||
161 | |||
162 | #endif /* HAVE_SSL */ | ||