diff -ru nagios-plugins-1.4.15/plugins/check_http.c nagios-plugins-1.4.15-modified/plugins/check_http.c
--- nagios-plugins-1.4.15/plugins/check_http.c 2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/check_http.c 2012-01-11 04:03:34.000000000 +0000
@@ -58,7 +58,7 @@
#ifdef HAVE_SSL
int check_cert = FALSE;
-int days_till_exp;
+int days_till_exp_warn, days_till_exp_crit;
char *randbuff;
X509 *server_cert;
# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
@@ -178,6 +178,7 @@
{
int c = 1;
char *p;
+ char *temp;
enum {
INVERT_REGEX = CHAR_MAX + 1,
@@ -292,13 +293,25 @@
break;
case 'C': /* Check SSL cert validity */
#ifdef HAVE_SSL
- if (!is_intnonneg (optarg))
- usage2 (_("Invalid certificate expiration period"), optarg);
+ if ((temp=strchr(optarg,','))!=NULL) {
+ *temp='\0';
+ if (!is_intnonneg (temp))
+ usage2 (_("Invalid certificate expiration period"), optarg);
+ days_till_exp_warn = atoi(optarg);
+ *temp=',';
+ temp++;
+ if (!is_intnonneg (temp))
+ usage2 (_("Invalid certificate expiration period"), temp);
+ days_till_exp_crit = atoi (temp);
+ }
else {
- days_till_exp = atoi (optarg);
- check_cert = TRUE;
+ days_till_exp_crit=0;
+ if (!is_intnonneg (optarg))
+ usage2 (_("Invalid certificate expiration period"), optarg);
+ days_till_exp_warn = atoi (optarg);
}
- /* Fall through to -S option */
+ check_cert = TRUE;
+ /* Fall through to -S option */
#endif
case 'S': /* use SSL */
#ifndef HAVE_SSL
@@ -809,7 +822,7 @@
if (use_ssl == TRUE) {
np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
if (check_cert == TRUE) {
- result = np_net_ssl_check_cert(days_till_exp);
+ result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
np_net_ssl_cleanup();
if (sd) close(sd);
return result;
@@ -1424,6 +1437,13 @@
printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
printf (" %s\n", _("the certificate is expired."));
+
+ printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
+ printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
+ printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+ printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+ printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+
#endif
printf (UT_SUPPORT);
@@ -1441,6 +1461,6 @@
printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
- printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
- printf (" [-j method]\n");
+ printf (" [-A string] [-k string] [-S] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+ printf (" [-T <content-type>] [-j method]\n");
}
diff -ru nagios-plugins-1.4.15/plugins/check_smtp.c nagios-plugins-1.4.15-modified/plugins/check_smtp.c
--- nagios-plugins-1.4.15/plugins/check_smtp.c 2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/check_smtp.c 2012-01-11 04:19:41.000000000 +0000
@@ -41,7 +41,7 @@
#ifdef HAVE_SSL
int check_cert = FALSE;
-int days_till_exp;
+int days_till_exp_warn, days_till_exp_crit;
# define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
# define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
#else /* ifndef HAVE_SSL */
@@ -271,7 +271,7 @@
# ifdef USE_OPENSSL
if ( check_cert ) {
- result = np_net_ssl_check_cert(days_till_exp);
+ result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
if(result != STATE_OK){
printf ("%s\n", _("CRITICAL - Cannot retrieve server certificate."));
}
@@ -453,6 +453,7 @@
process_arguments (int argc, char **argv)
{
int c;
+ char* temp;
int option = 0;
static struct option longopts[] = {
@@ -595,12 +596,26 @@
case 'D':
/* Check SSL cert validity */
#ifdef USE_OPENSSL
- if (!is_intnonneg (optarg))
- usage2 ("Invalid certificate expiration period",optarg);
- days_till_exp = atoi (optarg);
- check_cert = TRUE;
+ if ((temp=strchr(optarg,','))!=NULL) {
+ *temp='\0';
+ if (!is_intnonneg (temp))
+ usage2 ("Invalid certificate expiration period", optarg);
+ days_till_exp_warn = atoi(optarg);
+ *temp=',';
+ temp++;
+ if (!is_intnonneg (temp))
+ usage2 (_("Invalid certificate expiration period"), temp);
+ days_till_exp_crit = atoi (temp);
+ }
+ else {
+ days_till_exp_crit=0;
+ if (!is_intnonneg (optarg))
+ usage2 ("Invalid certificate expiration period", optarg);
+ days_till_exp_warn = atoi (optarg);
+ }
+ check_cert = TRUE;
#else
- usage (_("SSL support not available - install OpenSSL and recompile"));
+ usage (_("SSL support not available - install OpenSSL and recompile"));
#endif
break;
case '4':
@@ -785,7 +800,7 @@
printf (" %s\n", "-F, --fqdn=STRING");
printf (" %s\n", _("FQDN used for HELO"));
#ifdef HAVE_SSL
- printf (" %s\n", "-D, --certificate=INTEGER");
+ printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
printf (" %s\n", "-S, --starttls");
printf (" %s\n", _("Use STARTTLS for the connection."));
@@ -819,8 +834,8 @@
print_usage (void)
{
printf ("%s\n", _("Usage:"));
- printf ("%s -H host [-p port] [-e expect] [-C command] [-f from addr]", progname);
- printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout]\n");
- printf ("[-F fqdn] [-S] [-D days] [-v] [-4|-6]\n");
+ printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-f from addr]\n", progname);
+ printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-v]\n");
+ printf ("[-F fqdn] [-S] [-D <warn days to cert expiry>[<crit days to warn expire>]\n");
}
diff -ru nagios-plugins-1.4.15/plugins/check_tcp.c nagios-plugins-1.4.15-modified/plugins/check_tcp.c
--- nagios-plugins-1.4.15/plugins/check_tcp.c 2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/check_tcp.c 2012-01-11 04:20:15.000000000 +0000
@@ -39,7 +39,7 @@
#ifdef HAVE_SSL
static int check_cert = FALSE;
-static int days_till_exp;
+static int days_till_exp_warn, days_till_exp_crit;
# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
#else
@@ -235,8 +235,8 @@
if (flags & FLAG_SSL){
result = np_net_ssl_init(sd);
if (result == STATE_OK && check_cert == TRUE) {
- result = np_net_ssl_check_cert(days_till_exp);
- if(result != STATE_OK) {
+ result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+ if (result != STATE_OK) {
printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
}
}
@@ -383,6 +383,7 @@
{
int c;
int escape = 0;
+ char *temp;
int option = 0;
static struct option longopts[] = {
@@ -555,9 +556,22 @@
case 'D': /* Check SSL cert validity - days 'til certificate expiration */
#ifdef HAVE_SSL
# ifdef USE_OPENSSL /* XXX */
- if (!is_intnonneg (optarg))
+ if ((temp=strchr(optarg,','))!=NULL) {
+ *temp='\0';
+ if (!is_intnonneg (temp))
+ usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg);
+ *temp=',';
+ temp++;
+ if (!is_intnonneg (temp))
+ usage2 (_("Invalid certificate expiration period"), temp);
+ days_till_exp_crit = atoi (temp);
+ }
+ else {
+ days_till_exp_crit=0;
+ if (!is_intnonneg (optarg))
usage2 (_("Invalid certificate expiration period"), optarg);
- days_till_exp = atoi (optarg);
+ days_till_exp_warn = atoi (optarg);
+ }
check_cert = TRUE;
flags |= FLAG_SSL;
break;
@@ -629,8 +643,9 @@
printf (" %s\n", _("Seconds to wait between sending string and polling for response"));
#ifdef HAVE_SSL
- printf (" %s\n", "-D, --certificate=INTEGER");
+ printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
+ printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0)."));
printf (" %s\n", "-S, --ssl");
printf (" %s\n", _("Use SSL for the connection."));
#endif
@@ -652,6 +667,6 @@
printf ("%s -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]\n",progname);
printf ("[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]\n");
printf ("[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]\n");
- printf ("[-D <days to cert expiry>] [-S <use SSL>] [-E]\n");
+ printf ("[-D <warn days to cert expiry>[,<crit days to warn expire>]] [-S <use SSL>] [-E]\n");
}
Only in nagios-plugins-1.4.15-modified/plugins: .deps
Only in nagios-plugins-1.4.15-modified/plugins: Makefile
diff -ru nagios-plugins-1.4.15/plugins/netutils.h nagios-plugins-1.4.15-modified/plugins/netutils.h
--- nagios-plugins-1.4.15/plugins/netutils.h 2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/netutils.h 2012-01-11 03:52:18.000000000 +0000
@@ -103,7 +103,7 @@
void np_net_ssl_cleanup();
int np_net_ssl_write(const void *buf, int num);
int np_net_ssl_read(void *buf, int num);
-int np_net_ssl_check_cert(int days_till_exp);
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit);
#endif /* HAVE_SSL */
#endif /* _NETUTILS_H_ */
diff -ru nagios-plugins-1.4.15/plugins/sslutils.c nagios-plugins-1.4.15-modified/plugins/sslutils.c
--- nagios-plugins-1.4.15/plugins/sslutils.c 2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/sslutils.c 2012-01-11 03:51:39.000000000 +0000
@@ -94,7 +94,7 @@
return SSL_read(s, buf, num);
}
-int np_net_ssl_check_cert(int days_till_exp){
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
# ifdef USE_OPENSSL
X509 *certificate=NULL;
ASN1_STRING *tm;
@@ -154,15 +154,21 @@
stamp.tm_mon + 1,
stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
- if (days_left > 0 && days_left <= days_till_exp) {
- printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
- return STATE_WARNING;
+ if (days_left > 0 && days_left <= days_till_exp_warn) {
+ printf (_("%s - Certificate expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", days_left, timestamp);
+ if (days_left > days_till_exp_crit)
+ return STATE_WARNING;
+ else
+ return STATE_CRITICAL;
} else if (time_left < 0) {
printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
return STATE_CRITICAL;
} else if (days_left == 0) {
- printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
- return STATE_WARNING;
+ printf (_("%s - Certificate expires today (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", timestamp);
+ if (days_left > days_till_exp_crit)
+ return STATE_WARNING;
+ else
+ return STATE_CRITICAL;
}
printf (_("OK - Certificate will expire on %s.\n"), timestamp);