[Nagiosplug-devel] Bug/Patch for check_http

Mayhew, Andrew amayhew at verisign.com
Mon May 5 16:42:03 CEST 2003

Previous message: [Nagiosplug-devel] [ nagiosplug-New Plugins-732590 ] check_mssql.sh
Next message: [Nagiosplug-devel] NSclient and Physicaldisk-bytes/sec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is an error in the math for determining if a SSL certificate has
expired.  It will only go critical until the certificate has been expired
for more than 24 hours, rather than as soon as it expires.  Additionally,
the snprintf line for generating the timestamp truncated the time by 1
character.

I've also changed the behavior of this check slightly.  Since it can take
more than 24 hours to generate a new certificate (depending on your CA), it
is not helpful to go critical only after you have expired.  So I've added a
statement that will set the state to critical if the certificate will expire
in (days_till_exp /2) days.  So for example:

check_http -C 10 --ssl -p 443 http://secureserver/ 

will warn when the certificate is between 5-10 days until expiration and
alert critical if the certificate will expire in less than 5 days.

The supplied patch is done against a CVS checkout done at 5 May 2003 at
around 2:30 PM PST.

--And Mayhew

--- ../../nagiosplug-cvs/plugins/check_http.c	Mon May  5 14:35:48 2003
+++ check_http.c	Mon May  5 16:26:04 2003
@@ -934,6 +934,8 @@
 	int offset;
 	struct tm stamp;
 	int days_left;
+	int half_days_till_exp = days_till_exp / 2;
+	int computed_time;
 
 
 	/* Retrieve timestamp of certificate */
@@ -977,23 +979,28 @@
 	stamp.tm_isdst = -1;
 
 	days_left = (mktime (&stamp) - time (NULL)) / 86400;
+	computed_time = mktime (&stamp) - time(NULL);
 	snprintf
-		(timestamp, 16, "%02d/%02d/%04d %02d:%02d",
+		(timestamp, 17, "%02d/%02d/%04d %02d:%02d",
 		 stamp.tm_mon + 1,
 		 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour,
stamp.tm_min);
 
+	if (days_left > 0 && days_left < half_days_till_exp) {
+		printf ("CRITICAL - Certificate expires in %d day(s)
(%s).\n", days_left, timestamp);
+		return STATE_CRITICAL;
+	}
 	if (days_left > 0 && days_left <= days_till_exp) {
 		printf ("WARNING - Certificate expires in %d day(s)
(%s).\n", days_left, timestamp);
 		return STATE_WARNING;
 	}
-	if (days_left < 0) {
+	if ((days_left < 0) || (computed_time <= 0)) {
 		printf ("CRITICAL - Certificate expired on %s.\n",
timestamp);
 		return STATE_CRITICAL;
 	}
 
 	if (days_left == 0) {
-		printf ("WARNING - Certificate expires today (%s).\n",
timestamp);
-		return STATE_WARNING;
+		printf ("CRITICAL - Certificate expires today (%s).\n",
timestamp);
+		return STATE_CRITICAL;
 	}
 
 	printf ("OK - Certificate will expire on %s.\n", timestamp);

Previous message: [Nagiosplug-devel] [ nagiosplug-New Plugins-732590 ] check_mssql.sh
Next message: [Nagiosplug-devel] NSclient and Physicaldisk-bytes/sec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list