From d41a33a434558189300113c28b26e2d3d681d390 Mon Sep 17 00:00:00 2001 From: Thomas Guyot-Sionnest Date: Tue, 17 Mar 2009 03:39:12 -0400 Subject: Add timezone support and fix checks around cert expiration --- plugins/sslutils.c | 15 ++++++++++----- plugins/tests/check_http.t | 6 +++--- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/plugins/sslutils.c b/plugins/sslutils.c index f5035e23..afc24be1 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -30,6 +30,10 @@ #include "common.h" #include "netutils.h" +/* Max length of timestamps, ex: "03/05/2009 00:13 GMT". Calculate up to 6 + * chars for the timezone (ex: "GMT-10") and one terminating \0 */ +#define TS_LENGTH 24 + #ifdef HAVE_SSL static SSL_CTX *c=NULL; static SSL *s=NULL; @@ -90,7 +94,7 @@ int np_net_ssl_check_cert(int days_till_exp){ int offset; struct tm stamp; int days_left; - char timestamp[17] = ""; + char timestamp[TS_LENGTH] = ""; certificate=SSL_get_peer_certificate(s); if(! certificate){ @@ -135,16 +139,17 @@ int np_net_ssl_check_cert(int days_till_exp){ stamp.tm_sec = 0; stamp.tm_isdst = -1; - days_left = (mktime (&stamp) - time (NULL)) / 86400; + float time_left = difftime(timegm(&stamp), time(NULL)); + days_left = time_left / 86400; snprintf - (timestamp, 17, "%02d/%02d/%04d %02d:%02d", + (timestamp, TS_LENGTH, "%02d/%02d/%04d %02d:%02d %s", stamp.tm_mon + 1, - stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); + stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min, stamp.tm_zone); if (days_left > 0 && days_left <= days_till_exp) { printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); return STATE_WARNING; - } else if (days_left < 0) { + } else if (time_left < 0) { printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); return STATE_CRITICAL; } else if (days_left == 0) { diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index d7f4148c..0a1b0bc8 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -163,18 +163,18 @@ SKIP: { $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41.', "output ok" ); + is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41 GMT.', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41 GMT\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate expired on 03/05/2009 00:13.', + 'CRITICAL - Certificate expired on 03/05/2009 00:13 GMT.', "output ok" ); } -- cgit v1.2.3-74-g34f1