diff options
Diffstat (limited to 'plugins/netutils.c')
-rw-r--r-- | plugins/netutils.c | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/plugins/netutils.c b/plugins/netutils.c index e3fbb3aa..2678f911 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c | |||
@@ -281,6 +281,84 @@ int np_net_ssl_read(void *buf, int num){ | |||
281 | return SSL_read(s, buf, num); | 281 | return SSL_read(s, buf, num); |
282 | } | 282 | } |
283 | 283 | ||
284 | int np_net_ssl_check_cert(int days_till_exp){ | ||
285 | # ifdef USE_OPENSSL | ||
286 | X509 *certificate=NULL; | ||
287 | ASN1_STRING *tm; | ||
288 | int offset; | ||
289 | struct tm stamp; | ||
290 | int days_left; | ||
291 | char timestamp[17] = ""; | ||
292 | |||
293 | certificate=SSL_get_peer_certificate(s); | ||
294 | if(! certificate){ | ||
295 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); | ||
296 | return STATE_CRITICAL; | ||
297 | } | ||
298 | |||
299 | /* Retrieve timestamp of certificate */ | ||
300 | tm = X509_get_notAfter (certificate); | ||
301 | |||
302 | /* Generate tm structure to process timestamp */ | ||
303 | if (tm->type == V_ASN1_UTCTIME) { | ||
304 | if (tm->length < 10) { | ||
305 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
306 | return STATE_CRITICAL; | ||
307 | } else { | ||
308 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | ||
309 | if (stamp.tm_year < 50) | ||
310 | stamp.tm_year += 100; | ||
311 | offset = 0; | ||
312 | } | ||
313 | } else { | ||
314 | if (tm->length < 12) { | ||
315 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
316 | return STATE_CRITICAL; | ||
317 | } else { | ||
318 | stamp.tm_year = | ||
319 | (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
320 | (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
321 | stamp.tm_year -= 1900; | ||
322 | offset = 2; | ||
323 | } | ||
324 | } | ||
325 | stamp.tm_mon = | ||
326 | (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | ||
327 | stamp.tm_mday = | ||
328 | (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | ||
329 | stamp.tm_hour = | ||
330 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
331 | stamp.tm_min = | ||
332 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
333 | stamp.tm_sec = 0; | ||
334 | stamp.tm_isdst = -1; | ||
335 | |||
336 | days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
337 | snprintf | ||
338 | (timestamp, 17, "%02d/%02d/%04d %02d:%02d", | ||
339 | stamp.tm_mon + 1, | ||
340 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
341 | |||
342 | if (days_left > 0 && days_left <= days_till_exp) { | ||
343 | printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
344 | return STATE_WARNING; | ||
345 | } else if (days_left < 0) { | ||
346 | printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); | ||
347 | return STATE_CRITICAL; | ||
348 | } else if (days_left == 0) { | ||
349 | printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); | ||
350 | return STATE_WARNING; | ||
351 | } | ||
352 | |||
353 | printf (_("OK - Certificate will expire on %s.\n"), timestamp); | ||
354 | X509_free (certificate); | ||
355 | return STATE_OK; | ||
356 | # else /* ifndef USE_OPENSSL */ | ||
357 | printf (_("WARNING - Plugin does not support checking certificates.\n")); | ||
358 | return STATE_WARNING; | ||
359 | # endif /* USE_OPENSSL */ | ||
360 | } | ||
361 | |||
284 | #endif /* HAVE_SSL */ | 362 | #endif /* HAVE_SSL */ |
285 | 363 | ||
286 | int | 364 | int |