diff options
| author |  M. Sean Finney <seanius@users.sourceforge.net>
| 2005-10-19 20:22:00 +0000 |
|---|---|---|
| committer | M. Sean Finney <seanius@users.sourceforge.net>
| 2005-10-19 20:22:00 +0000 |
| commit | cf66a717e9e8f55315d50b3b33a70b8a6f140981 (patch) | |
| tree | 54dda3e4c83988c27cbc6f08a1d8da586032b4ac /plugins/netutils.c | |
| parent | 5dd7b5dff439ab19119efd24d7822ca19b3e5bf7 (diff) | |
| download | monitoring-plugins-cf66a717e9e8f55315d50b3b33a70b8a6f140981.tar.gz | |
all plugins now using centralized ssl functions in netutils.c
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1257 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/netutils.c')
| -rw-r--r-- | plugins/netutils.c | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/plugins/netutils.c b/plugins/netutils.c index e3fbb3aa..2678f911 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -281,6 +281,84 @@ int np_net_ssl_read(void *buf, int num){ return SSL_read(s, buf, num); } +int np_net_ssl_check_cert(int days_till_exp){ +# ifdef USE_OPENSSL + X509 *certificate=NULL; + ASN1_STRING *tm; + int offset; + struct tm stamp; + int days_left; + char timestamp[17] = ""; + + certificate=SSL_get_peer_certificate(s); + if(! certificate){ + printf (_("CRITICAL - Cannot retrieve server certificate.\n")); + return STATE_CRITICAL; + } + + /* Retrieve timestamp of certificate */ + tm = X509_get_notAfter (certificate); + + /* Generate tm structure to process timestamp */ + if (tm->type == V_ASN1_UTCTIME) { + if (tm->length < 10) { + printf (_("CRITICAL - Wrong time format in certificate.\n")); + return STATE_CRITICAL; + } else { + stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); + if (stamp.tm_year < 50) + stamp.tm_year += 100; + offset = 0; + } + } else { + if (tm->length < 12) { + printf (_("CRITICAL - Wrong time format in certificate.\n")); + return STATE_CRITICAL; + } else { + stamp.tm_year = + (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + + (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); + stamp.tm_year -= 1900; + offset = 2; + } + } + stamp.tm_mon = + (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; + stamp.tm_mday = + (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); + stamp.tm_hour = + (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); + stamp.tm_min = + (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); + stamp.tm_sec = 0; + stamp.tm_isdst = -1; + + days_left = (mktime (&stamp) - time (NULL)) / 86400; + snprintf + (timestamp, 17, "%02d/%02d/%04d %02d:%02d", + stamp.tm_mon + 1, + stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); + + if (days_left > 0 && days_left <= days_till_exp) { + printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); + return STATE_WARNING; + } else if (days_left < 0) { + printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); + return STATE_CRITICAL; + } else if (days_left == 0) { + printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); + return STATE_WARNING; + } + + printf (_("OK - Certificate will expire on %s.\n"), timestamp); + X509_free (certificate); + return STATE_OK; +# else /* ifndef USE_OPENSSL */ + printf (_("WARNING - Plugin does not support checking certificates.\n")); + return STATE_WARNING; +# endif /* USE_OPENSSL */ +} + #endif /* HAVE_SSL */ int |