diff options
Diffstat (limited to 'plugins/sslutils.c')
-rw-r--r-- | plugins/sslutils.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 14f6579..666a012 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
@@ -134,7 +134,16 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int | |||
134 | return STATE_CRITICAL; | 134 | return STATE_CRITICAL; |
135 | } | 135 | } |
136 | if (cert && privkey) { | 136 | if (cert && privkey) { |
137 | SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM); | 137 | #ifdef USE_OPENSSL |
138 | if (!SSL_CTX_use_certificate_chain_file(c, cert)) { | ||
139 | #elif USE_GNUTLS | ||
140 | if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) { | ||
141 | #else | ||
142 | #error Unported for unknown SSL library | ||
143 | #endif | ||
144 | printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n")); | ||
145 | return STATE_CRITICAL; | ||
146 | } | ||
138 | SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); | 147 | SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); |
139 | #ifdef USE_OPENSSL | 148 | #ifdef USE_OPENSSL |
140 | if (!SSL_CTX_check_private_key(c)) { | 149 | if (!SSL_CTX_check_private_key(c)) { |
@@ -191,17 +200,6 @@ int np_net_ssl_read(void *buf, int num) { | |||
191 | return SSL_read(s, buf, num); | 200 | return SSL_read(s, buf, num); |
192 | } | 201 | } |
193 | 202 | ||
194 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | ||
195 | # ifdef USE_OPENSSL | ||
196 | X509 *certificate = NULL; | ||
197 | certificate=SSL_get_peer_certificate(s); | ||
198 | return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit)); | ||
199 | # else /* ifndef USE_OPENSSL */ | ||
200 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); | ||
201 | return STATE_WARNING; | ||
202 | # endif /* USE_OPENSSL */ | ||
203 | } | ||
204 | |||
205 | int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){ | 203 | int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){ |
206 | # ifdef USE_OPENSSL | 204 | # ifdef USE_OPENSSL |
207 | X509_NAME *subj=NULL; | 205 | X509_NAME *subj=NULL; |
@@ -328,4 +326,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int | |||
328 | # endif /* USE_OPENSSL */ | 326 | # endif /* USE_OPENSSL */ |
329 | } | 327 | } |
330 | 328 | ||
329 | int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ | ||
330 | # ifdef USE_OPENSSL | ||
331 | X509 *certificate = NULL; | ||
332 | certificate=SSL_get_peer_certificate(s); | ||
333 | return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit)); | ||
334 | # else /* ifndef USE_OPENSSL */ | ||
335 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); | ||
336 | return STATE_WARNING; | ||
337 | # endif /* USE_OPENSSL */ | ||
338 | } | ||
339 | |||
340 | |||
331 | #endif /* HAVE_SSL */ | 341 | #endif /* HAVE_SSL */ |