aboutsummaryrefslogtreecommitdiff
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
authorGravatar Andreas Baumann <mail@andreasbaumann.cc> 2019-11-07 08:20:17 +0000
committerGravatar Andreas Baumann <mail@andreasbaumann.cc> 2019-11-07 08:20:17 +0000
commitf7efee5f9c590ee0bea65d56697903cbf26d24c5 (patch)
tree974b9c4d0438ec77526961ceade8740ccbea81a6 /plugins/check_curl.c
parentede43c848d5ea8cb1d7fb23af1d638e6fff9aa41 (diff)
downloadmonitoring-plugins-f7efee5f9c590ee0bea65d56697903cbf26d24c5.tar.gz
check_curl: more tolerant CN= parsing when checking certificates (hit on Centos 8)
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 69b63446..796c55fc 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -2215,13 +2215,20 @@ net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_war
for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) {
- /* find first common name in subject, TODO: check alternative subjects for
+ /* find first common name in subject,
+ * TODO: check alternative subjects for
+ * TODO: have a decent parser here and not a hack
* multi-host certificate, check wildcards
*/
if (strncasecmp (slist->data, "Subject:", 8) == 0) {
+ int d = 3;
char* p = strstr (slist->data, "CN=");
+ if (p == NULL) {
+ d = 5;
+ p = strstr (slist->data, "CN = ");
+ }
if (p != NULL) {
- if (strncmp (host_name, p+3, strlen (host_name)) == 0) {
+ if (strncmp (host_name, p+d, strlen (host_name)) == 0) {
cname_found = 1;
}
}