summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/sslutils.c160
1 files changed, 80 insertions, 80 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 12cd7341..5425bb2c 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -36,97 +36,97 @@ static SSL_CTX *c=NULL;
36static SSL *s=NULL; 36static SSL *s=NULL;
37static int initialized=0; 37static int initialized=0;
38 38
39int np_net_ssl_init (int sd) { 39int np_net_ssl_init(int sd) {
40 return np_net_ssl_init_with_hostname(sd, NULL); 40 return np_net_ssl_init_with_hostname(sd, NULL);
41} 41}
42 42
43int np_net_ssl_init_with_hostname (int sd, char *host_name) { 43int np_net_ssl_init_with_hostname(int sd, char *host_name) {
44 return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); 44 return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0);
45} 45}
46 46
47int np_net_ssl_init_with_hostname_and_version (int sd, char *host_name, int version) { 47int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
48 const SSL_METHOD *method = NULL; 48 const SSL_METHOD *method = NULL;
49 49
50 switch (version) { 50 switch (version) {
51 case 0: /* Deafult to auto negotiation */ 51 case 0: /* Deafult to auto negotiation */
52 method = SSLv23_client_method(); 52 method = SSLv23_client_method();
53 break; 53 break;
54 case 1: /* TLSv1 protocol */ 54 case 1: /* TLSv1 protocol */
55 method = TLSv1_client_method(); 55 method = TLSv1_client_method();
56 break; 56 break;
57 case 2: /* SSLv2 protocol */ 57 case 2: /* SSLv2 protocol */
58#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) 58#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
59 printf (("%s\n", _("CRITICAL - SSL Protocol Version 2 is not supported by your SSL library."))); 59 printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
60 return STATE_CRITICAL; 60 return STATE_CRITICAL;
61#else 61#else
62 method = SSLv2_client_method(); 62 method = SSLv2_client_method();
63#endif 63#endif
64 break; 64 break;
65 case 3: /* SSLv3 protocol */ 65 case 3: /* SSLv3 protocol */
66 method = SSLv3_client_method(); 66 method = SSLv3_client_method();
67 break; 67 break;
68 default: /* Unsupported */ 68 default: /* Unsupported */
69 printf ("%s\n", _("CRITICAL - Unsupported SSL Protocol Version.")); 69 printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
70 return STATE_CRITICAL; 70 return STATE_CRITICAL;
71 } 71 }
72 if (!initialized) { 72 if (!initialized) {
73 /* Initialize SSL context */ 73 /* Initialize SSL context */
74 SSLeay_add_ssl_algorithms (); 74 SSLeay_add_ssl_algorithms();
75 SSL_load_error_strings (); 75 SSL_load_error_strings();
76 OpenSSL_add_all_algorithms (); 76 OpenSSL_add_all_algorithms();
77 initialized = 1; 77 initialized = 1;
78 } 78 }
79 if ((c = SSL_CTX_new (method)) == NULL) { 79 if ((c = SSL_CTX_new(method)) == NULL) {
80 printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); 80 printf("%s\n", _("CRITICAL - Cannot create SSL context."));
81 return STATE_CRITICAL; 81 return STATE_CRITICAL;
82 } 82 }
83#ifdef SSL_OP_NO_TICKET 83#ifdef SSL_OP_NO_TICKET
84 SSL_CTX_set_options(c, SSL_OP_NO_TICKET); 84 SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
85#endif 85#endif
86 if ((s = SSL_new (c)) != NULL){ 86 if ((s = SSL_new(c)) != NULL) {
87#ifdef SSL_set_tlsext_host_name 87#ifdef SSL_set_tlsext_host_name
88 if (host_name != NULL) 88 if (host_name != NULL)
89 SSL_set_tlsext_host_name(s, host_name); 89 SSL_set_tlsext_host_name(s, host_name);
90#endif 90#endif
91 SSL_set_fd (s, sd); 91 SSL_set_fd(s, sd);
92 if (SSL_connect(s) == 1){ 92 if (SSL_connect(s) == 1) {
93 return OK; 93 return OK;
94 } else { 94 } else {
95 printf ("%s\n", _("CRITICAL - Cannot make SSL connection ")); 95 printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
96# ifdef USE_OPENSSL /* XXX look into ERR_error_string */ 96# ifdef USE_OPENSSL /* XXX look into ERR_error_string */
97 ERR_print_errors_fp (stdout); 97 ERR_print_errors_fp(stdout);
98# endif /* USE_OPENSSL */ 98# endif /* USE_OPENSSL */
99 }
100 } else {
101 printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
102 } 99 }
103 return STATE_CRITICAL; 100 } else {
101 printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
102 }
103 return STATE_CRITICAL;
104} 104}
105 105
106void np_net_ssl_cleanup (){ 106void np_net_ssl_cleanup() {
107 if(s){ 107 if (s) {
108#ifdef SSL_set_tlsext_host_name 108#ifdef SSL_set_tlsext_host_name
109 SSL_set_tlsext_host_name(s, NULL); 109 SSL_set_tlsext_host_name(s, NULL);
110#endif 110#endif
111 SSL_shutdown (s); 111 SSL_shutdown(s);
112 SSL_free (s); 112 SSL_free(s);
113 if(c) { 113 if (c) {
114 SSL_CTX_free (c); 114 SSL_CTX_free(c);
115 c=NULL; 115 c=NULL;
116 }
117 s=NULL;
118 } 116 }
117 s=NULL;
118 }
119} 119}
120 120
121int np_net_ssl_write(const void *buf, int num){ 121int np_net_ssl_write(const void *buf, int num) {
122 return SSL_write(s, buf, num); 122 return SSL_write(s, buf, num);
123} 123}
124 124
125int np_net_ssl_read(void *buf, int num){ 125int np_net_ssl_read(void *buf, int num) {
126 return SSL_read(s, buf, num); 126 return SSL_read(s, buf, num);
127} 127}
128 128
129int np_net_ssl_check_cert(int days_till_exp){ 129int np_net_ssl_check_cert(int days_till_exp) {
130# ifdef USE_OPENSSL 130# ifdef USE_OPENSSL
131 X509 *certificate=NULL; 131 X509 *certificate=NULL;
132 X509_NAME *subj=NULL; 132 X509_NAME *subj=NULL;
@@ -142,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){
142 char timestamp[17] = ""; 142 char timestamp[17] = "";
143 143
144 certificate=SSL_get_peer_certificate(s); 144 certificate=SSL_get_peer_certificate(s);
145 if(! certificate){ 145 if (!certificate) {
146 printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); 146 printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
147 return STATE_CRITICAL; 147 return STATE_CRITICAL;
148 } 148 }
149 149
150 /* Extract CN from certificate subject */ 150 /* Extract CN from certificate subject */
151 subj=X509_get_subject_name(certificate); 151 subj=X509_get_subject_name(certificate);
152 152
153 if(! subj){ 153 if (!subj) {
154 printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); 154 printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
155 return STATE_CRITICAL; 155 return STATE_CRITICAL;
156 } 156 }
157 cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn)); 157 cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn));
158 if ( cnlen == -1 ) 158 if (cnlen == -1)
159 strcpy(cn , _("Unknown CN")); 159 strcpy(cn, _("Unknown CN"));
160 160
161 /* Retrieve timestamp of certificate */ 161 /* Retrieve timestamp of certificate */
162 tm = X509_get_notAfter (certificate); 162 tm = X509_get_notAfter(certificate);
163 163
164 /* Generate tm structure to process timestamp */ 164 /* Generate tm structure to process timestamp */
165 if (tm->type == V_ASN1_UTCTIME) { 165 if (tm->type == V_ASN1_UTCTIME) {
166 if (tm->length < 10) { 166 if (tm->length < 10) {
167 printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); 167 printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
168 return STATE_CRITICAL; 168 return STATE_CRITICAL;
169 } else { 169 } else {
170 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); 170 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
@@ -174,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){
174 } 174 }
175 } else { 175 } else {
176 if (tm->length < 12) { 176 if (tm->length < 12) {
177 printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); 177 printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
178 return STATE_CRITICAL; 178 return STATE_CRITICAL;
179 } else { 179 } else {
180 stamp.tm_year = 180 stamp.tm_year =
@@ -203,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){
203 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); 203 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
204 204
205 if (days_left > 0 && days_left <= days_till_exp) { 205 if (days_left > 0 && days_left <= days_till_exp) {
206 printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); 206 printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);
207 status=STATE_WARNING; 207 status=STATE_WARNING;
208 } else if (time_left < 0) { 208 } else if (time_left < 0) {
209 printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); 209 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
210 status=STATE_CRITICAL; 210 status=STATE_CRITICAL;
211 } else if (days_left == 0) { 211 } else if (days_left == 0) {
212 printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); 212 printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);
213 status=STATE_WARNING; 213 status=STATE_WARNING;
214 } else { 214 } else {
215 printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); 215 printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
216 status=STATE_OK; 216 status=STATE_OK;
217 } 217 }
218 X509_free (certificate); 218 X509_free(certificate);
219 return status; 219 return status;
220# else /* ifndef USE_OPENSSL */ 220# else /* ifndef USE_OPENSSL */
221 printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); 221 printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
222 return STATE_WARNING; 222 return STATE_WARNING;
223# endif /* USE_OPENSSL */ 223# endif /* USE_OPENSSL */
224} 224}