From beb609ffcf8c24c133f59829e0d3d82102661b82 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 27 May 2021 15:32:08 +0200 Subject: check_curl: - added verbose output in verify_callback - pin refcounting for certs (avoid subject extraction error when checking certs in is_openssl_callback mode) --- plugins/check_curl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 3e0a6f94..59e398b2 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -285,6 +285,18 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) * TODO: is the last certificate always the server certificate? */ cert = X509_STORE_CTX_get_current_cert(x509_ctx); + X509_up_ref(cert); + if (verbose>=2) { + puts("* SSL verify callback with certificate:"); + X509_NAME *subject, *issuer; + printf("* issuer:\n"); + issuer = X509_get_issuer_name( cert ); + X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE); + printf("* curl verify_callback:\n* subject:\n"); + subject = X509_get_subject_name( cert ); + X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE); + puts(""); + } return 1; } -- cgit v1.2.3-74-g34f1