diff options
Diffstat (limited to 'plugins/sslutils.c')
| -rw-r--r-- | plugins/sslutils.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index d0ae474..c9882c6 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
| @@ -144,7 +144,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 144 | # ifdef USE_OPENSSL | 144 | # ifdef USE_OPENSSL |
| 145 | X509 *certificate=NULL; | 145 | X509 *certificate=NULL; |
| 146 | X509_NAME *subj=NULL; | 146 | X509_NAME *subj=NULL; |
| 147 | char timestamp[50] = ""; | ||
| 147 | char cn[MAX_CN_LENGTH]= ""; | 148 | char cn[MAX_CN_LENGTH]= ""; |
| 149 | |||
| 148 | int cnlen =-1; | 150 | int cnlen =-1; |
| 149 | int status=STATE_UNKNOWN; | 151 | int status=STATE_UNKNOWN; |
| 150 | 152 | ||
| @@ -153,7 +155,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 153 | struct tm stamp; | 155 | struct tm stamp; |
| 154 | float time_left; | 156 | float time_left; |
| 155 | int days_left; | 157 | int days_left; |
| 156 | char timestamp[50] = ""; | 158 | int time_remaining; |
| 157 | time_t tm_t; | 159 | time_t tm_t; |
| 158 | 160 | ||
| 159 | certificate=SSL_get_peer_certificate(s); | 161 | certificate=SSL_get_peer_certificate(s); |
| @@ -207,7 +209,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 207 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | 209 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); |
| 208 | stamp.tm_min = | 210 | stamp.tm_min = |
| 209 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | 211 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); |
| 210 | stamp.tm_sec = 0; | 212 | stamp.tm_sec = |
| 213 | (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); | ||
| 211 | stamp.tm_isdst = -1; | 214 | stamp.tm_isdst = -1; |
| 212 | 215 | ||
| 213 | time_left = difftime(timegm(&stamp), time(NULL)); | 216 | time_left = difftime(timegm(&stamp), time(NULL)); |
| @@ -218,21 +221,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | |||
| 218 | if (days_left > 0 && days_left <= days_till_exp_warn) { | 221 | if (days_left > 0 && days_left <= days_till_exp_warn) { |
| 219 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); | 222 | printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); |
| 220 | if (days_left > days_till_exp_crit) | 223 | if (days_left > days_till_exp_crit) |
| 221 | return STATE_WARNING; | 224 | status = STATE_WARNING; |
| 222 | else | 225 | else |
| 223 | return STATE_CRITICAL; | 226 | status = STATE_CRITICAL; |
| 227 | } else if (days_left == 0 && time_left > 0) { | ||
| 228 | if (time_left >= 3600) | ||
| 229 | time_remaining = (int) time_left / 3600; | ||
| 230 | else | ||
| 231 | time_remaining = (int) time_left / 60; | ||
| 232 | |||
| 233 | printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), | ||
| 234 | (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, | ||
| 235 | time_left >= 3600 ? "hours" : "minutes", timestamp); | ||
| 236 | |||
| 237 | if ( days_left > days_till_exp_crit) | ||
| 238 | status = STATE_WARNING; | ||
| 239 | else | ||
| 240 | status = STATE_CRITICAL; | ||
| 224 | } else if (time_left < 0) { | 241 | } else if (time_left < 0) { |
| 225 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 242 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
| 226 | status=STATE_CRITICAL; | 243 | status=STATE_CRITICAL; |
| 227 | } else if (days_left == 0) { | 244 | } else if (days_left == 0) { |
| 228 | printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); | 245 | printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); |
| 229 | if (days_left > days_till_exp_crit) | 246 | if (days_left > days_till_exp_crit) |
| 230 | return STATE_WARNING; | 247 | status = STATE_WARNING; |
| 231 | else | 248 | else |
| 232 | return STATE_CRITICAL; | 249 | status = STATE_CRITICAL; |
| 233 | } else { | 250 | } else { |
| 234 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); | 251 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); |
| 235 | status=STATE_OK; | 252 | status = STATE_OK; |
| 236 | } | 253 | } |
| 237 | X509_free(certificate); | 254 | X509_free(certificate); |
| 238 | return status; | 255 | return status; |