Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
sslutils used to load only the first certificate when it was given a
client certificate file.
Added tests for check_http to connect to a http server that expects a
client certificate (simple and with chain).
Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
|
|
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
SSLv23_client_method() and friends return a pointer to a const-qualified
SSL_METHOD.
|
|
Change solution to display GMT time in the local display format with
the offset number of hours from GMT to be clear about what timezone
this is if the local display format does not include offset.
|
|
SSL certs are required to use times in GMT per
https://www.ietf.org/rfc/rfc5280.txt but the mktime() here assumes the
current timezone.
Fix the time_t conversion to be done assuming GMT with timegm() and
only do it once rather than twice.
Display the expiry date and time with ISO format years and give an
offset from GMT and a timezone to be very clear about exactly what time
is being displayed. Time given is correct and now in the machine’s
timezone.
|
|
* pr/1373:
check_http: Allow for requesting TLSv1.1/TLSv1.2
|
|
check_http's -S/--ssl option now allows for requesting the TLSv1.1 and
TLSv1.2 protocols. Apart from that, a '+' suffix can be appended in
oder to also accept newer protocols than the specified version.
Closes #1338, and closes #1354, and closes #1359.
|
|
if exactly one hour before the expire date, we would mixup
minutes and hours.
Signed-off-by: Sven Nierlein <sven@nierlein.de>
|
|
Fixed Output if the expiration time is below one hour and code cleanup
|
|
optimize output if certificate expires in less then 24h
thx to axel.schmalowsky@sixt.com for this patch
|
|
sshutils prints the expiry time of certificates in US format
this patch uses the strftime %c, I don't know how portable that is
Thanks to Neil Prockter.
Closes #1188
Closes #1161
Closes #977
Closes #976
Closes #975
Closes #840
Closes #382
|
|
GnuTLS doesn't provide a SSL_CTX_check_private_key() function.
Closes #1254.
|
|
This is an initial take at renaming the project to Monitoring Plugins.
It's not expected to be fully complete, and it is expected to break
things (The perl module for instance). More testing will be required
before this goes mainline.
|
|
The SSL_CTX_new(3) function expects a non-"const" SSL_METHOD value.
|
|
Simplify things by moving the definition of global variables into .c
files, where they belong.
|
|
We use OpenSSL (or GnuTLS) with blocking semantics, and we don't want
SSL_read(3) or SSL_write(3) calls to return SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE (see #3614716).
|
|
Make a very long function name at least a little bit shorter.
|
|
|
|
fixed typo in sslutils
|
|
expiration checks of check_tcp, check_http, check_smtp
|
|
Fix indentation and whitespace issues, and correct some capitalization
errors in error messages. The behaviour is unchanged.
|
|
GnuTLS doesn't support SSL version 2.
|
|
Recent versions/builds seem to disable that feature.
|
|
The check_http -S/--ssl option now takes an optional argument which
specifies the desired SSL/TLS protocol version (#3285367 - Jason Lunn).
|
|
Some versions of OpenSSL fail to negotiate the SSL connection with at
least some versions of Tomcat if stateless SSL session resumption
support (see RFC4507) is enabled:
| CRITICAL - Cannot make SSL connection
| 140099330348712:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1195:SSL alert number 10
The problem is reproducible with OpenSSL 1.0.0h, but not with OpenSSL
0.9.8o-4squeeze12 (as shipped with Debian 6.0.4). We work around it by
disabling the RFC4507 functionality when using OpenSSL versions which
support it.
Thanks to Dag Bakke for reporting the issue and for giving me access to
a server I could use to reproduce the problem.
|
|
This patch adds a check for the certificate cn (hostname) to normal
certificate checks. It returns CRITICAL if th cn is missing, otherwise it
prints it in the normal output.
Patch by Stéphane Urbanovski
|
|
|
|
Presbrey)
|
|
the expiration fix)
This reverts commit d41a33a434558189300113c28b26e2d3d681d390.
|
|
|
|
For contrib/, full tags have been imported from subversion
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2091 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1918 f882894a-f735-0410-b71e-b25c423dba1c
|
|
SSL connection).
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1726 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1725 f882894a-f735-0410-b71e-b25c423dba1c
|
|
freeing them in np_net_ssl_cleanup(). This fixes a check_http segfault
if an SSL site redirects to a non-SSL one (reported by Aravind Gottipati
via IRC).
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1724 f882894a-f735-0410-b71e-b25c423dba1c
|
|
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1434 f882894a-f735-0410-b71e-b25c423dba1c
|
|
unused variables and explicit casting issues, but there were a
couple gotchas in there too.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1267 f882894a-f735-0410-b71e-b25c423dba1c
|
|
- ssl-related cleanups in configure.in, and now openssl/gnutls options
automatically disable each other.
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c
|