1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
diff -u -p nagios-plugins-1.4.15/plugins/sslutils.c.v0 nagios-plugins-1.4.15/plugins/sslutils.c
--- nagios-plugins-1.4.15/plugins/sslutils.c.v0 2011-12-19 17:42:22.000000000 +0100
+++ nagios-plugins-1.4.15/plugins/sslutils.c 2011-12-19 17:57:14.000000000 +0100
@@ -103,6 +103,7 @@ int np_net_ssl_check_cert(int days_till_
float time_left;
int days_left;
char timestamp[17] = "";
+ char subject[256];
certificate=SSL_get_peer_certificate(s);
if(! certificate){
@@ -113,10 +114,14 @@ int np_net_ssl_check_cert(int days_till_
/* Retrieve timestamp of certificate */
tm = X509_get_notAfter (certificate);
+ /* Retrieve subject name in certificate. */
+ *subject = '\0';
+ X509_NAME_get_text_by_NID(X509_get_subject_name(certificate), NID_commonName, subject, 256);
+
/* Generate tm structure to process timestamp */
if (tm->type == V_ASN1_UTCTIME) {
if (tm->length < 10) {
- printf ("%s\n", _("CRITICAL - Wrong time format in certificate."));
+ printf ("%s\n", _("CRITICAL - Wrong time format in certificate %s."), subject);
return STATE_CRITICAL;
} else {
stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
@@ -126,7 +131,7 @@ int np_net_ssl_check_cert(int days_till_
}
} else {
if (tm->length < 12) {
- printf ("%s\n", _("CRITICAL - Wrong time format in certificate."));
+ printf ("%s\n", _("CRITICAL - Wrong time format in certificate %s."), subject);
return STATE_CRITICAL;
} else {
stamp.tm_year =
@@ -149,23 +154,30 @@ int np_net_ssl_check_cert(int days_till_
time_left = difftime(timegm(&stamp), time(NULL));
days_left = time_left / 86400;
+#ifdef AMERICAN_DATE_FORMAT
snprintf
(timestamp, 17, "%02d/%02d/%04d %02d:%02d",
stamp.tm_mon + 1,
stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
+#else
+ snprintf
+ (timestamp, 17, "%04d-%02d-%02d %02d:%02d",
+ stamp.tm_year + 1900,
+ stamp.tm_mon + 1, stamp.tm_mday, stamp.tm_hour, stamp.tm_min);
+#endif
if (days_left > 0 && days_left <= days_till_exp) {
- printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
+ printf (_("WARNING - Certificate %s expires in %d day(s) (%s).\n"), subject, days_left, timestamp);
return STATE_WARNING;
} else if (time_left < 0) {
- printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
+ printf (_("CRITICAL - Certificate %s expired on %s.\n"), subject, timestamp);
return STATE_CRITICAL;
} else if (days_left == 0) {
- printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
+ printf (_("WARNING - Certificate %s expires today (%s).\n"), subject, timestamp);
return STATE_WARNING;
}
- printf (_("OK - Certificate will expire on %s.\n"), timestamp);
+ printf (_("OK - Certificate %s will expire on %s.\n"), subject, timestamp);
X509_free (certificate);
return STATE_OK;
# else /* ifndef USE_OPENSSL */
|
