diff options
Diffstat (limited to 'plugins/check_tcp.c')
-rw-r--r-- | plugins/check_tcp.c | 112 |
1 files changed, 6 insertions, 106 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 3ffa4cd..1b6513b 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -32,10 +32,6 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
32 | static int check_cert = FALSE; | 32 | static int check_cert = FALSE; |
33 | static int days_till_exp; | 33 | static int days_till_exp; |
34 | static char *randbuff = ""; | 34 | static char *randbuff = ""; |
35 | static X509 *server_cert; | ||
36 | # ifdef USE_OPENSSL | ||
37 | static int check_certificate (X509 **); | ||
38 | # endif /* USE_OPENSSL */ | ||
39 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 35 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
40 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | 36 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) |
41 | #else | 37 | #else |
@@ -43,7 +39,6 @@ static int check_certificate (X509 **); | |||
43 | # define my_send(buf, len) send(sd, buf, len, 0) | 39 | # define my_send(buf, len) send(sd, buf, len, 0) |
44 | #endif | 40 | #endif |
45 | 41 | ||
46 | |||
47 | /* int my_recv(char *, size_t); */ | 42 | /* int my_recv(char *, size_t); */ |
48 | static int process_arguments (int, char **); | 43 | static int process_arguments (int, char **); |
49 | void print_help (void); | 44 | void print_help (void); |
@@ -217,34 +212,19 @@ main (int argc, char **argv) | |||
217 | #ifdef HAVE_SSL | 212 | #ifdef HAVE_SSL |
218 | if (flags & FLAG_SSL){ | 213 | if (flags & FLAG_SSL){ |
219 | result = np_net_ssl_init(sd); | 214 | result = np_net_ssl_init(sd); |
220 | if(result != STATE_OK) return result; | 215 | if (result == STATE_OK && check_cert == TRUE) { |
221 | /* XXX does np_net_ssl take care of printing an error? | 216 | result = np_net_ssl_check_cert(days_till_exp); |
222 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 217 | if(result != STATE_OK) { |
223 | */ | 218 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); |
224 | } | 219 | } |
225 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | ||
226 | /* | ||
227 | if (flags & FLAG_SSL && check_cert == TRUE) { | ||
228 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | ||
229 | result = check_certificate (&server_cert); | ||
230 | X509_free(server_cert); | ||
231 | } | ||
232 | else { | ||
233 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | ||
234 | result = STATE_CRITICAL; | ||
235 | } | 220 | } |
236 | } | 221 | } |
237 | */ | ||
238 | # endif /* USE_OPENSSL */ | ||
239 | #endif | ||
240 | |||
241 | if(result != STATE_OK){ | 222 | if(result != STATE_OK){ |
242 | #ifdef HAVE_SSL | ||
243 | np_net_ssl_cleanup(); | 223 | np_net_ssl_cleanup(); |
244 | #endif | ||
245 | if(sd) close(sd); | 224 | if(sd) close(sd); |
246 | return result; | 225 | return result; |
247 | } | 226 | } |
227 | #endif /* HAVE_SSL */ | ||
248 | 228 | ||
249 | if (server_send != NULL) { /* Something to send? */ | 229 | if (server_send != NULL) { /* Something to send? */ |
250 | my_send(server_send, strlen(server_send)); | 230 | my_send(server_send, strlen(server_send)); |
@@ -567,86 +547,6 @@ process_arguments (int argc, char **argv) | |||
567 | } | 547 | } |
568 | 548 | ||
569 | 549 | ||
570 | /* SSL-specific functions */ | ||
571 | #ifdef HAVE_SSL | ||
572 | # ifdef USE_OPENSSL /* XXX */ | ||
573 | static int | ||
574 | check_certificate (X509 ** certificate) | ||
575 | { | ||
576 | ASN1_STRING *tm; | ||
577 | int offset; | ||
578 | struct tm stamp; | ||
579 | int days_left; | ||
580 | |||
581 | |||
582 | /* Retrieve timestamp of certificate */ | ||
583 | tm = X509_get_notAfter (*certificate); | ||
584 | |||
585 | /* Generate tm structure to process timestamp */ | ||
586 | if (tm->type == V_ASN1_UTCTIME) { | ||
587 | if (tm->length < 10) { | ||
588 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
589 | return STATE_CRITICAL; | ||
590 | } | ||
591 | else { | ||
592 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | ||
593 | if (stamp.tm_year < 50) | ||
594 | stamp.tm_year += 100; | ||
595 | offset = 0; | ||
596 | } | ||
597 | } | ||
598 | else { | ||
599 | if (tm->length < 12) { | ||
600 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
601 | return STATE_CRITICAL; | ||
602 | } | ||
603 | else { | ||
604 | stamp.tm_year = | ||
605 | (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
606 | (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
607 | stamp.tm_year -= 1900; | ||
608 | offset = 2; | ||
609 | } | ||
610 | } | ||
611 | stamp.tm_mon = | ||
612 | (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | ||
613 | stamp.tm_mday = | ||
614 | (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | ||
615 | stamp.tm_hour = | ||
616 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
617 | stamp.tm_min = | ||
618 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
619 | stamp.tm_sec = 0; | ||
620 | stamp.tm_isdst = -1; | ||
621 | |||
622 | days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
623 | snprintf | ||
624 | (timestamp, 16, "%02d/%02d/%04d %02d:%02d", | ||
625 | stamp.tm_mon + 1, | ||
626 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
627 | |||
628 | if (days_left > 0 && days_left <= days_till_exp) { | ||
629 | printf (_("Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
630 | return STATE_WARNING; | ||
631 | } | ||
632 | if (days_left < 0) { | ||
633 | printf (_("Certificate expired on %s.\n"), timestamp); | ||
634 | return STATE_CRITICAL; | ||
635 | } | ||
636 | |||
637 | if (days_left == 0) { | ||
638 | printf (_("Certificate expires today (%s).\n"), timestamp); | ||
639 | return STATE_WARNING; | ||
640 | } | ||
641 | |||
642 | printf (_("Certificate will expire on %s.\n"), timestamp); | ||
643 | |||
644 | return STATE_OK; | ||
645 | } | ||
646 | # endif /* USE_OPENSSL */ | ||
647 | #endif /* HAVE_SSL */ | ||
648 | |||
649 | |||
650 | void | 550 | void |
651 | print_help (void) | 551 | print_help (void) |
652 | { | 552 | { |