0 files changed, 0 insertions, 0 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 12cd734..5425bb2 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -36,97 +36,97 @@ static SSL_CTX *c=NULL;
 static SSL *s=NULL;
 static int initialized=0;
-int np_net_ssl_init (int sd) {
+int np_net_ssl_init(int sd) {
-                return np_net_ssl_init_with_hostname(sd, NULL);
+        return np_net_ssl_init_with_hostname(sd, NULL);
 }
-int np_net_ssl_init_with_hostname (int sd, char *host_name) {
+int np_net_ssl_init_with_hostname(int sd, char *host_name) {
-                return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0);
+        return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0);
 }
-int np_net_ssl_init_with_hostname_and_version (int sd, char *host_name, int version) {
+int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
-                const SSL_METHOD *method = NULL;
+        const SSL_METHOD *method = NULL;
-                switch (version) {
+        switch (version) {
-                case 0: /* Deafult to auto negotiation */
+        case 0: /* Deafult to auto negotiation */
-                        method = SSLv23_client_method();
+                method = SSLv23_client_method();
-                        break;
+                break;
-                case 1: /* TLSv1 protocol */
+        case 1: /* TLSv1 protocol */
-                        method = TLSv1_client_method();
+                method = TLSv1_client_method();
-                        break;
+                break;
-                case 2: /* SSLv2 protocol */
+        case 2: /* SSLv2 protocol */
 #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
-                        printf (("%s\n", _("CRITICAL - SSL Protocol Version 2 is not supported by your SSL library.")));
+                printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
-                        return STATE_CRITICAL;
+                return STATE_CRITICAL;
 #else
-                        method = SSLv2_client_method();
+                method = SSLv2_client_method();
 #endif
-                        break;
+                break;
-                case 3: /* SSLv3 protocol */
+        case 3: /* SSLv3 protocol */
-                        method = SSLv3_client_method();
+                method = SSLv3_client_method();
-                        break;
+                break;
-                default: /* Unsupported */
+        default: /* Unsupported */
-                        printf ("%s\n", _("CRITICAL - Unsupported SSL Protocol Version."));
+                printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
-                        return STATE_CRITICAL;
+                return STATE_CRITICAL;
-                }
+        }
-                if (!initialized) {
+        if (!initialized) {
-                        /* Initialize SSL context */
+                /* Initialize SSL context */
-                        SSLeay_add_ssl_algorithms ();
+                SSLeay_add_ssl_algorithms();
-                        SSL_load_error_strings ();
+                SSL_load_error_strings();
-                        OpenSSL_add_all_algorithms ();
+                OpenSSL_add_all_algorithms();
-                        initialized = 1;
+                initialized = 1;
-                }
+        }
-                if ((c = SSL_CTX_new (method)) == NULL) {
+        if ((c = SSL_CTX_new(method)) == NULL) {
-                                printf ("%s\n", _("CRITICAL - Cannot create SSL context."));
+                printf("%s\n", _("CRITICAL - Cannot create SSL context."));
-                                return STATE_CRITICAL;
+                return STATE_CRITICAL;
-                }
+        }
 #ifdef SSL_OP_NO_TICKET
-                SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
+        SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
 #endif
-                if ((s = SSL_new (c)) != NULL){
+        if ((s = SSL_new(c)) != NULL) {
 #ifdef SSL_set_tlsext_host_name
-                                if (host_name != NULL)
+                if (host_name != NULL)
-                                        SSL_set_tlsext_host_name(s, host_name);
+                        SSL_set_tlsext_host_name(s, host_name);
 #endif
-                                SSL_set_fd (s, sd);
+                SSL_set_fd(s, sd);
-                                if (SSL_connect(s) == 1){
+                if (SSL_connect(s) == 1) {
-                                                return OK;
+                        return OK;
-                                } else {
+                } else {
-                                                printf ("%s\n", _("CRITICAL - Cannot make SSL connection "));
+                        printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
 #  ifdef USE_OPENSSL /* XXX look into ERR_error_string */
-                                                ERR_print_errors_fp (stdout);
+                        ERR_print_errors_fp(stdout);
 #  endif /* USE_OPENSSL */
-                                }
-                } else {
-                                printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
                }
-                return STATE_CRITICAL;
+        } else {
+                        printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
+        }
+        return STATE_CRITICAL;
 }
-void np_net_ssl_cleanup (){
+void np_net_ssl_cleanup() {
-                if(s){
+        if (s) {
 #ifdef SSL_set_tlsext_host_name
-                                SSL_set_tlsext_host_name(s, NULL);
+                SSL_set_tlsext_host_name(s, NULL);
 #endif
-                                SSL_shutdown (s);
+                SSL_shutdown(s);
-                                SSL_free (s);
+                SSL_free(s);
-                                if(c) {
+                if (c) {
-                                        SSL_CTX_free (c);
+                        SSL_CTX_free(c);
-                                        c=NULL;
+                        c=NULL;
-                                }
-                                s=NULL;
                }
+                s=NULL;
+        }
 }
-int np_net_ssl_write(const void *buf, int num){
+int np_net_ssl_write(const void *buf, int num) {
        return SSL_write(s, buf, num);
 }
-int np_net_ssl_read(void *buf, int num){
+int np_net_ssl_read(void *buf, int num) {
        return SSL_read(s, buf, num);
 }
-int np_net_ssl_check_cert(int days_till_exp){
+int np_net_ssl_check_cert(int days_till_exp) {
 #  ifdef USE_OPENSSL
        X509 *certificate=NULL;
        X509_NAME *subj=NULL;
@@ -142,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){
        char timestamp[17] = "";
        certificate=SSL_get_peer_certificate(s);
-        if(! certificate){
+        if (!certificate) {
-                printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
+                printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
                return STATE_CRITICAL;
        }
        /* Extract CN from certificate subject */
        subj=X509_get_subject_name(certificate);
-        if(! subj){
+        if (!subj) {
-                printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
+                printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
                return STATE_CRITICAL;
        }
-        cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn));
+        cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn));
-        if ( cnlen == -1 )
+        if (cnlen == -1)
-                strcpy(cn , _("Unknown CN"));
+                strcpy(cn, _("Unknown CN"));
        /* Retrieve timestamp of certificate */
-        tm = X509_get_notAfter (certificate);
+        tm = X509_get_notAfter(certificate);
        /* Generate tm structure to process timestamp */
        if (tm->type == V_ASN1_UTCTIME) {
                if (tm->length < 10) {
-                        printf ("%s\n", _("CRITICAL - Wrong time format in certificate."));
+                        printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
                        return STATE_CRITICAL;
                } else {
                        stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
@@ -174,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){
                }
        } else {
                if (tm->length < 12) {
-                        printf ("%s\n", _("CRITICAL - Wrong time format in certificate."));
+                        printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
                        return STATE_CRITICAL;
                } else {
                        stamp.tm_year =
@@ -203,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){
                 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
        if (days_left > 0 && days_left <= days_till_exp) {
-                printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);
+                printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);
                status=STATE_WARNING;
        } else if (time_left < 0) {
-                printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
+                printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
                status=STATE_CRITICAL;
        } else if (days_left == 0) {
-                printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);
+                printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);
                status=STATE_WARNING;
        } else {
-                printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
+                printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
                status=STATE_OK;
        }
-        X509_free (certificate);
+        X509_free(certificate);
        return status;
 #  else /* ifndef USE_OPENSSL */
-        printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
        return STATE_WARNING;
 #  endif /* USE_OPENSSL */
 }

diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 12cd734..5425bb2 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c
@@ -36,97 +36,97 @@ static SSL_CTX *c=NULL;
36	static SSL *s=NULL;	36	static SSL *s=NULL;
37	static int initialized=0;	37	static int initialized=0;
38		38
39	int np_net_ssl_init (int sd) {	39	int np_net_ssl_init(int sd) {
40	return np_net_ssl_init_with_hostname(sd, NULL);	40	return np_net_ssl_init_with_hostname(sd, NULL);
41	}	41	}
42		42
43	int np_net_ssl_init_with_hostname (int sd, char *host_name) {	43	int np_net_ssl_init_with_hostname(int sd, char *host_name) {
44	return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0);	44	return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0);
45	}	45	}
46		46
47	int np_net_ssl_init_with_hostname_and_version (int sd, char *host_name, int version) {	47	int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
48	const SSL_METHOD *method = NULL;	48	const SSL_METHOD *method = NULL;
49		49
50	switch (version) {	50	switch (version) {
51	case 0: /* Deafult to auto negotiation */	51	case 0: /* Deafult to auto negotiation */
52	method = SSLv23_client_method();	52	method = SSLv23_client_method();
53	break;	53	break;
54	case 1: /* TLSv1 protocol */	54	case 1: /* TLSv1 protocol */
55	method = TLSv1_client_method();	55	method = TLSv1_client_method();
56	break;	56	break;
57	case 2: /* SSLv2 protocol */	57	case 2: /* SSLv2 protocol */
58	#if defined(USE_GNUTLS) \|\| defined(OPENSSL_NO_SSL2)	58	#if defined(USE_GNUTLS) \|\| defined(OPENSSL_NO_SSL2)
59	printf (("%s\n", _("CRITICAL - SSL Protocol Version 2 is not supported by your SSL library.")));	59	printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
60	return STATE_CRITICAL;	60	return STATE_CRITICAL;
61	#else	61	#else
62	method = SSLv2_client_method();	62	method = SSLv2_client_method();
63	#endif	63	#endif
64	break;	64	break;
65	case 3: /* SSLv3 protocol */	65	case 3: /* SSLv3 protocol */
66	method = SSLv3_client_method();	66	method = SSLv3_client_method();
67	break;	67	break;
68	default: /* Unsupported */	68	default: /* Unsupported */
69	printf ("%s\n", _("CRITICAL - Unsupported SSL Protocol Version."));	69	printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
70	return STATE_CRITICAL;	70	return STATE_CRITICAL;
71	}	71	}
72	if (!initialized) {	72	if (!initialized) {
73	/* Initialize SSL context */	73	/* Initialize SSL context */
74	SSLeay_add_ssl_algorithms ();	74	SSLeay_add_ssl_algorithms();
75	SSL_load_error_strings ();	75	SSL_load_error_strings();
76	OpenSSL_add_all_algorithms ();	76	OpenSSL_add_all_algorithms();
77	initialized = 1;	77	initialized = 1;
78	}	78	}
79	if ((c = SSL_CTX_new (method)) == NULL) {	79	if ((c = SSL_CTX_new(method)) == NULL) {
80	printf ("%s\n", _("CRITICAL - Cannot create SSL context."));	80	printf("%s\n", _("CRITICAL - Cannot create SSL context."));
81	return STATE_CRITICAL;	81	return STATE_CRITICAL;
82	}	82	}
83	#ifdef SSL_OP_NO_TICKET	83	#ifdef SSL_OP_NO_TICKET
84	SSL_CTX_set_options(c, SSL_OP_NO_TICKET);	84	SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
85	#endif	85	#endif
86	if ((s = SSL_new (c)) != NULL){	86	if ((s = SSL_new(c)) != NULL) {
87	#ifdef SSL_set_tlsext_host_name	87	#ifdef SSL_set_tlsext_host_name
88	if (host_name != NULL)	88	if (host_name != NULL)
89	SSL_set_tlsext_host_name(s, host_name);	89	SSL_set_tlsext_host_name(s, host_name);
90	#endif	90	#endif
91	SSL_set_fd (s, sd);	91	SSL_set_fd(s, sd);
92	if (SSL_connect(s) == 1){	92	if (SSL_connect(s) == 1) {
93	return OK;	93	return OK;
94	} else {	94	} else {
95	printf ("%s\n", _("CRITICAL - Cannot make SSL connection "));	95	printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
96	# ifdef USE_OPENSSL /* XXX look into ERR_error_string */	96	# ifdef USE_OPENSSL /* XXX look into ERR_error_string */
97	ERR_print_errors_fp (stdout);	97	ERR_print_errors_fp(stdout);
98	# endif /* USE_OPENSSL */	98	# endif /* USE_OPENSSL */
99	}
100	} else {
101	printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
102	}	99	}
103	return STATE_CRITICAL;	100	} else {
		101	printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
		102	}
		103	return STATE_CRITICAL;
104	}	104	}
105		105
106	void np_net_ssl_cleanup (){	106	void np_net_ssl_cleanup() {
107	if(s){	107	if (s) {
108	#ifdef SSL_set_tlsext_host_name	108	#ifdef SSL_set_tlsext_host_name
109	SSL_set_tlsext_host_name(s, NULL);	109	SSL_set_tlsext_host_name(s, NULL);
110	#endif	110	#endif
111	SSL_shutdown (s);	111	SSL_shutdown(s);
112	SSL_free (s);	112	SSL_free(s);
113	if(c) {	113	if (c) {
114	SSL_CTX_free (c);	114	SSL_CTX_free(c);
115	c=NULL;	115	c=NULL;
116	}
117	s=NULL;
118	}	116	}
		117	s=NULL;
		118	}
119	}	119	}
120		120
121	int np_net_ssl_write(const void *buf, int num){	121	int np_net_ssl_write(const void *buf, int num) {
122	return SSL_write(s, buf, num);	122	return SSL_write(s, buf, num);
123	}	123	}
124		124
125	int np_net_ssl_read(void *buf, int num){	125	int np_net_ssl_read(void *buf, int num) {
126	return SSL_read(s, buf, num);	126	return SSL_read(s, buf, num);
127	}	127	}
128		128
129	int np_net_ssl_check_cert(int days_till_exp){	129	int np_net_ssl_check_cert(int days_till_exp) {
130	# ifdef USE_OPENSSL	130	# ifdef USE_OPENSSL
131	X509 *certificate=NULL;	131	X509 *certificate=NULL;
132	X509_NAME *subj=NULL;	132	X509_NAME *subj=NULL;
@@ -142,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){
142	char timestamp[17] = "";	142	char timestamp[17] = "";
143		143
144	certificate=SSL_get_peer_certificate(s);	144	certificate=SSL_get_peer_certificate(s);
145	if(! certificate){	145	if (!certificate) {
146	printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate."));	146	printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
147	return STATE_CRITICAL;	147	return STATE_CRITICAL;
148	}	148	}
149		149
150	/* Extract CN from certificate subject */	150	/* Extract CN from certificate subject */
151	subj=X509_get_subject_name(certificate);	151	subj=X509_get_subject_name(certificate);
152		152
153	if(! subj){	153	if (!subj) {
154	printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));	154	printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
155	return STATE_CRITICAL;	155	return STATE_CRITICAL;
156	}	156	}
157	cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn));	157	cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn));
158	if ( cnlen == -1 )	158	if (cnlen == -1)
159	strcpy(cn , _("Unknown CN"));	159	strcpy(cn, _("Unknown CN"));
160		160
161	/* Retrieve timestamp of certificate */	161	/* Retrieve timestamp of certificate */
162	tm = X509_get_notAfter (certificate);	162	tm = X509_get_notAfter(certificate);
163		163
164	/* Generate tm structure to process timestamp */	164	/* Generate tm structure to process timestamp */
165	if (tm->type == V_ASN1_UTCTIME) {	165	if (tm->type == V_ASN1_UTCTIME) {
166	if (tm->length < 10) {	166	if (tm->length < 10) {
167	printf ("%s\n", _("CRITICAL - Wrong time format in certificate."));	167	printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
168	return STATE_CRITICAL;	168	return STATE_CRITICAL;
169	} else {	169	} else {
170	stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');	170	stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
@@ -174,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){
174	}	174	}
175	} else {	175	} else {
176	if (tm->length < 12) {	176	if (tm->length < 12) {
177	printf ("%s\n", _("CRITICAL - Wrong time format in certificate."));	177	printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
178	return STATE_CRITICAL;	178	return STATE_CRITICAL;
179	} else {	179	} else {
180	stamp.tm_year =	180	stamp.tm_year =
@@ -203,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){
203	stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);	203	stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
204		204
205	if (days_left > 0 && days_left <= days_till_exp) {	205	if (days_left > 0 && days_left <= days_till_exp) {
206	printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);	206	printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);
207	status=STATE_WARNING;	207	status=STATE_WARNING;
208	} else if (time_left < 0) {	208	} else if (time_left < 0) {
209	printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);	209	printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
210	status=STATE_CRITICAL;	210	status=STATE_CRITICAL;
211	} else if (days_left == 0) {	211	} else if (days_left == 0) {
212	printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);	212	printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);
213	status=STATE_WARNING;	213	status=STATE_WARNING;
214	} else {	214	} else {
215	printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);	215	printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
216	status=STATE_OK;	216	status=STATE_OK;
217	}	217	}
218	X509_free (certificate);	218	X509_free(certificate);
219	return status;	219	return status;
220	# else /* ifndef USE_OPENSSL */	220	# else /* ifndef USE_OPENSSL */
221	printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));	221	printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
222	return STATE_WARNING;	222	return STATE_WARNING;
223	# endif /* USE_OPENSSL */	223	# endif /* USE_OPENSSL */
224	}	224	}