From 4c77862ce3dacfad980977490d4dec76fdbdf3d8 Mon Sep 17 00:00:00 2001 From: "M. Sean Finney" Date: Sun, 23 Oct 2005 11:59:43 +0000 Subject: - compartmentalized ssl code into seperate sslutils.c - ssl-related cleanups in configure.in, and now openssl/gnutls options automatically disable each other. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c --- plugins/netutils.c | 127 ----------------------------------------------------- 1 file changed, 127 deletions(-) (limited to 'plugins/netutils.c') diff --git a/plugins/netutils.c b/plugins/netutils.c index 2678f911..db64ef09 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -234,133 +234,6 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) } } -#ifdef HAVE_SSL -static SSL_CTX *c=NULL; -static SSL *s=NULL; - -int np_net_ssl_init (int sd){ - SSL_METHOD *m=NULL; - /* Initialize SSL context */ - SSLeay_add_ssl_algorithms (); - m = SSLv23_client_method (); - SSL_load_error_strings (); - OpenSSL_add_all_algorithms(); - if ((c = SSL_CTX_new (m)) == NULL) { - printf (_("CRITICAL - Cannot create SSL context.\n")); - return STATE_CRITICAL; - } - if ((s = SSL_new (c)) != NULL){ - SSL_set_fd (s, sd); - if (SSL_connect(s) == 1){ - return OK; - } else { - printf (_("CRITICAL - Cannot make SSL connection ")); -#ifdef USE_OPENSSL /* XXX look into ERR_error_string */ - ERR_print_errors_fp (stdout); -#endif /* USE_OPENSSL */ - } - } else { - printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); - } - return STATE_CRITICAL; -} - -void np_net_ssl_cleanup (){ - if(s){ - SSL_shutdown (s); - SSL_free (s); - if(c) SSL_CTX_free (c); - } -} - -int np_net_ssl_write(const void *buf, int num){ - return SSL_write(s, buf, num); -} - -int np_net_ssl_read(void *buf, int num){ - return SSL_read(s, buf, num); -} - -int np_net_ssl_check_cert(int days_till_exp){ -# ifdef USE_OPENSSL - X509 *certificate=NULL; - ASN1_STRING *tm; - int offset; - struct tm stamp; - int days_left; - char timestamp[17] = ""; - - certificate=SSL_get_peer_certificate(s); - if(! certificate){ - printf (_("CRITICAL - Cannot retrieve server certificate.\n")); - return STATE_CRITICAL; - } - - /* Retrieve timestamp of certificate */ - tm = X509_get_notAfter (certificate); - - /* Generate tm structure to process timestamp */ - if (tm->type == V_ASN1_UTCTIME) { - if (tm->length < 10) { - printf (_("CRITICAL - Wrong time format in certificate.\n")); - return STATE_CRITICAL; - } else { - stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); - if (stamp.tm_year < 50) - stamp.tm_year += 100; - offset = 0; - } - } else { - if (tm->length < 12) { - printf (_("CRITICAL - Wrong time format in certificate.\n")); - return STATE_CRITICAL; - } else { - stamp.tm_year = - (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + - (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); - stamp.tm_year -= 1900; - offset = 2; - } - } - stamp.tm_mon = - (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; - stamp.tm_mday = - (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); - stamp.tm_hour = - (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); - stamp.tm_min = - (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); - stamp.tm_sec = 0; - stamp.tm_isdst = -1; - - days_left = (mktime (&stamp) - time (NULL)) / 86400; - snprintf - (timestamp, 17, "%02d/%02d/%04d %02d:%02d", - stamp.tm_mon + 1, - stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); - - if (days_left > 0 && days_left <= days_till_exp) { - printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); - return STATE_WARNING; - } else if (days_left < 0) { - printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); - return STATE_CRITICAL; - } else if (days_left == 0) { - printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); - return STATE_WARNING; - } - - printf (_("OK - Certificate will expire on %s.\n"), timestamp); - X509_free (certificate); - return STATE_OK; -# else /* ifndef USE_OPENSSL */ - printf (_("WARNING - Plugin does not support checking certificates.\n")); - return STATE_WARNING; -# endif /* USE_OPENSSL */ -} - -#endif /* HAVE_SSL */ - int send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) { -- cgit v1.2.3