diff options
| author | Sven Nierlein <sven@nierlein.de> | 2017-03-14 22:52:04 +0100 |
|---|---|---|
| committer | Sven Nierlein <sven@nierlein.de> | 2017-03-14 22:52:04 +0100 |
| commit | 1684deb8f7cc64270edcdff7c9bf40981bff20e3 (patch) | |
| tree | 96051b0ec70d5a01894c6790ce0d8d0bed013b94 /plugins/sslutils.c | |
| parent | afb41b29f7a444826a1f23535def3a57fb241375 (diff) | |
| download | monitoring-plugins-1684deb.tar.gz | |
check_curl: implement certificate checks
Signed-off-by: Sven Nierlein <sven@nierlein.de>
Diffstat (limited to 'plugins/sslutils.c')
| -rw-r--r-- | plugins/sslutils.c | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index e38947e3..14f6579d 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
| @@ -1,29 +1,29 @@ | |||
| 1 | /***************************************************************************** | 1 | /***************************************************************************** |
| 2 | * | 2 | * |
| 3 | * Monitoring Plugins SSL utilities | 3 | * Monitoring Plugins SSL utilities |
| 4 | * | 4 | * |
| 5 | * License: GPL | 5 | * License: GPL |
| 6 | * Copyright (c) 2005-2010 Monitoring Plugins Development Team | 6 | * Copyright (c) 2005-2010 Monitoring Plugins Development Team |
| 7 | * | 7 | * |
| 8 | * Description: | 8 | * Description: |
| 9 | * | 9 | * |
| 10 | * This file contains common functions for plugins that require SSL. | 10 | * This file contains common functions for plugins that require SSL. |
| 11 | * | 11 | * |
| 12 | * | 12 | * |
| 13 | * This program is free software: you can redistribute it and/or modify | 13 | * This program is free software: you can redistribute it and/or modify |
| 14 | * it under the terms of the GNU General Public License as published by | 14 | * it under the terms of the GNU General Public License as published by |
| 15 | * the Free Software Foundation, either version 3 of the License, or | 15 | * the Free Software Foundation, either version 3 of the License, or |
| 16 | * (at your option) any later version. | 16 | * (at your option) any later version. |
| 17 | * | 17 | * |
| 18 | * This program is distributed in the hope that it will be useful, | 18 | * This program is distributed in the hope that it will be useful, |
| 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 21 | * GNU General Public License for more details. | 21 | * GNU General Public License for more details. |
| 22 | * | 22 | * |
| 23 | * You should have received a copy of the GNU General Public License | 23 | * You should have received a copy of the GNU General Public License |
| 24 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | 24 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 25 | * | 25 | * |
| 26 | * | 26 | * |
| 27 | *****************************************************************************/ | 27 | *****************************************************************************/ |
| 28 | 28 | ||
| 29 | #define MAX_CN_LENGTH 256 | 29 | #define MAX_CN_LENGTH 256 |
| @@ -193,12 +193,22 @@ int np_net_ssl_read(void *buf, int num) { | |||
| 193 | 193 | ||
| 194 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | 194 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ |
| 195 | # ifdef USE_OPENSSL | 195 | # ifdef USE_OPENSSL |
| 196 | X509 *certificate=NULL; | 196 | X509 *certificate = NULL; |
| 197 | certificate=SSL_get_peer_certificate(s); | ||
| 198 | return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit)); | ||
| 199 | # else /* ifndef USE_OPENSSL */ | ||
| 200 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); | ||
| 201 | return STATE_WARNING; | ||
| 202 | # endif /* USE_OPENSSL */ | ||
| 203 | } | ||
| 204 | |||
| 205 | int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){ | ||
| 206 | # ifdef USE_OPENSSL | ||
| 197 | X509_NAME *subj=NULL; | 207 | X509_NAME *subj=NULL; |
| 198 | char timestamp[50] = ""; | 208 | char timestamp[50] = ""; |
| 199 | char cn[MAX_CN_LENGTH]= ""; | 209 | char cn[MAX_CN_LENGTH]= ""; |
| 200 | char *tz; | 210 | char *tz; |
| 201 | 211 | ||
| 202 | int cnlen =-1; | 212 | int cnlen =-1; |
| 203 | int status=STATE_UNKNOWN; | 213 | int status=STATE_UNKNOWN; |
| 204 | 214 | ||
| @@ -210,7 +220,6 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 210 | int time_remaining; | 220 | int time_remaining; |
| 211 | time_t tm_t; | 221 | time_t tm_t; |
| 212 | 222 | ||
| 213 | certificate=SSL_get_peer_certificate(s); | ||
| 214 | if (!certificate) { | 223 | if (!certificate) { |
| 215 | printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); | 224 | printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); |
| 216 | return STATE_CRITICAL; | 225 | return STATE_CRITICAL; |