diff options
Diffstat (limited to 'plugins/sslutils.c')
| -rw-r--r-- | plugins/sslutils.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 43b1a5a6..4f9c793c 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
| @@ -195,7 +195,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 195 | # ifdef USE_OPENSSL | 195 | # ifdef USE_OPENSSL |
| 196 | X509 *certificate=NULL; | 196 | X509 *certificate=NULL; |
| 197 | X509_NAME *subj=NULL; | 197 | X509_NAME *subj=NULL; |
| 198 | char timestamp[50] = ""; | ||
| 198 | char cn[MAX_CN_LENGTH]= ""; | 199 | char cn[MAX_CN_LENGTH]= ""; |
| 200 | |||
| 199 | int cnlen =-1; | 201 | int cnlen =-1; |
| 200 | int status=STATE_UNKNOWN; | 202 | int status=STATE_UNKNOWN; |
| 201 | 203 | ||
| @@ -204,7 +206,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 204 | struct tm stamp; | 206 | struct tm stamp; |
| 205 | float time_left; | 207 | float time_left; |
| 206 | int days_left; | 208 | int days_left; |
| 207 | char timestamp[50] = ""; | 209 | int time_remaining; |
| 208 | time_t tm_t; | 210 | time_t tm_t; |
| 209 | 211 | ||
| 210 | certificate=SSL_get_peer_certificate(s); | 212 | certificate=SSL_get_peer_certificate(s); |
| @@ -258,7 +260,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 258 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | 260 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); |
| 259 | stamp.tm_min = | 261 | stamp.tm_min = |
| 260 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | 262 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); |
| 261 | stamp.tm_sec = 0; | 263 | stamp.tm_sec = |
| 264 | (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); | ||
| 262 | stamp.tm_isdst = -1; | 265 | stamp.tm_isdst = -1; |
| 263 | 266 | ||
| 264 | time_left = difftime(timegm(&stamp), time(NULL)); | 267 | time_left = difftime(timegm(&stamp), time(NULL)); |
| @@ -269,21 +272,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 269 | if (days_left > 0 && days_left <= days_till_exp_warn) { | 272 | if (days_left > 0 && days_left <= days_till_exp_warn) { |
| 270 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); | 273 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); |
| 271 | if (days_left > days_till_exp_crit) | 274 | if (days_left > days_till_exp_crit) |
| 272 | return STATE_WARNING; | 275 | status = STATE_WARNING; |
| 273 | else | 276 | else |
| 274 | return STATE_CRITICAL; | 277 | status = STATE_CRITICAL; |
| 278 | } else if (days_left == 0 && time_left > 0) { | ||
| 279 | if (time_left >= 3600) | ||
| 280 | time_remaining = (int) time_left / 3600; | ||
| 281 | else | ||
| 282 | time_remaining = (int) time_left / 60; | ||
| 283 | |||
| 284 | printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), | ||
| 285 | (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, | ||
| 286 | time_left >= 3600 ? "hours" : "minutes", timestamp); | ||
| 287 | |||
| 288 | if ( days_left > days_till_exp_crit) | ||
| 289 | status = STATE_WARNING; | ||
| 290 | else | ||
| 291 | status = STATE_CRITICAL; | ||
| 275 | } else if (time_left < 0) { | 292 | } else if (time_left < 0) { |
| 276 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 293 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
| 277 | status=STATE_CRITICAL; | 294 | status=STATE_CRITICAL; |
| 278 | } else if (days_left == 0) { | 295 | } else if (days_left == 0) { |
| 279 | printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); | 296 | printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); |
| 280 | if (days_left > days_till_exp_crit) | 297 | if (days_left > days_till_exp_crit) |
| 281 | return STATE_WARNING; | 298 | status = STATE_WARNING; |
| 282 | else | 299 | else |
| 283 | return STATE_CRITICAL; | 300 | status = STATE_CRITICAL; |
| 284 | } else { | 301 | } else { |
| 285 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); | 302 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); |
| 286 | status=STATE_OK; | 303 | status = STATE_OK; |
| 287 | } | 304 | } |
| 288 | X509_free(certificate); | 305 | X509_free(certificate); |
| 289 | return status; | 306 | return status; |