- compartmentalized ssl code into seperate sslutils.c

- ssl-related cleanups in configure.in, and now openssl/gnutls options automatically disable each other. git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1258 f882894a-f735-0410-b71e-b25c423dba1c
author: M. Sean Finney <seanius@users.sourceforge.net> 2005-10-23 11:59:43 (GMT)
committer: M. Sean Finney <seanius@users.sourceforge.net> 2005-10-23 11:59:43 (GMT)
commit: 4c77862ce3dacfad980977490d4dec76fdbdf3d8 (patch)
tree: f7656bf1a65c9ff9e434cdbf4cfee6fc5e073b58 /plugins/netutils.c
parent: cf66a717e9e8f55315d50b3b33a70b8a6f140981 (diff)
download: monitoring-plugins-4c77862ce3dacfad980977490d4dec76fdbdf3d8.tar.gz
1 files changed, 0 insertions, 127 deletions
diff --git a/plugins/netutils.c b/plugins/netutils.c
index 2678f91..db64ef0 100644
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -234,133 +234,6 @@ np_net_connect (const char *host_name, int port, int *sd, int proto)
        }
 }
-#ifdef HAVE_SSL
-static SSL_CTX *c=NULL;
-static SSL *s=NULL;
-int np_net_ssl_init (int sd){
-                SSL_METHOD *m=NULL;
-                /* Initialize SSL context */
-                SSLeay_add_ssl_algorithms ();
-                m = SSLv23_client_method ();
-                SSL_load_error_strings ();
-                OpenSSL_add_all_algorithms();
-                if ((c = SSL_CTX_new (m)) == NULL) {
-                                printf (_("CRITICAL - Cannot create SSL context.\n"));
-                                return STATE_CRITICAL;
-                }
-                if ((s = SSL_new (c)) != NULL){
-                                SSL_set_fd (s, sd);
-                                if (SSL_connect(s) == 1){
-                                                return OK;
-                                } else {
-                                                printf (_("CRITICAL - Cannot make SSL connection "));
-#ifdef USE_OPENSSL /* XXX look into ERR_error_string */
-                                                ERR_print_errors_fp (stdout);
-#endif /* USE_OPENSSL */
-                                }
-                } else {
-                                printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
-                }
-                return STATE_CRITICAL;
-}
-void np_net_ssl_cleanup (){
-                if(s){
-                                SSL_shutdown (s);
-                                SSL_free (s);
-                                if(c) SSL_CTX_free (c);
-                }
-}
-int np_net_ssl_write(const void *buf, int num){
-        return SSL_write(s, buf, num);
-}
-int np_net_ssl_read(void *buf, int num){
-        return SSL_read(s, buf, num);
-}
-int np_net_ssl_check_cert(int days_till_exp){
-#  ifdef USE_OPENSSL
-        X509 *certificate=NULL;
-        ASN1_STRING *tm;
-        int offset;
-        struct tm stamp;
-        int days_left;
-        char timestamp[17] = "";
-        certificate=SSL_get_peer_certificate(s);
-        if(! certificate){
-                printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
-                return STATE_CRITICAL;
-        }
-        /* Retrieve timestamp of certificate */
-        tm = X509_get_notAfter (certificate);
-        /* Generate tm structure to process timestamp */
-        if (tm->type == V_ASN1_UTCTIME) {
-                if (tm->length < 10) {
-                        printf (_("CRITICAL - Wrong time format in certificate.\n"));
-                        return STATE_CRITICAL;
-                } else {
-                        stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
-                        if (stamp.tm_year < 50)
-                                stamp.tm_year += 100;
-                        offset = 0;
-                }
-        } else {
-                if (tm->length < 12) {
-                        printf (_("CRITICAL - Wrong time format in certificate.\n"));
-                        return STATE_CRITICAL;
-                } else {
-                        stamp.tm_year =
-                                (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
-                                (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
-                        stamp.tm_year -= 1900;
-                        offset = 2;
-                }
-        }
-        stamp.tm_mon =
-                (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
-        stamp.tm_mday =
-                (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
-        stamp.tm_hour =
-                (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
-        stamp.tm_min =
-                (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-        stamp.tm_sec = 0;
-        stamp.tm_isdst = -1;
-        days_left = (mktime (&stamp) - time (NULL)) / 86400;
-        snprintf
-                (timestamp, 17, "%02d/%02d/%04d %02d:%02d",
-                 stamp.tm_mon + 1,
-                 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-        if (days_left > 0 && days_left <= days_till_exp) {
-                printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
-                return STATE_WARNING;
-        } else if (days_left < 0) {
-                printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
-                return STATE_CRITICAL;
-        } else if (days_left == 0) {
-                printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
-                return STATE_WARNING;
-        }
-        printf (_("OK - Certificate will expire on %s.\n"), timestamp);
-        X509_free (certificate);
-        return STATE_OK;
-#  else /* ifndef USE_OPENSSL */
-        printf (_("WARNING - Plugin does not support checking certificates.\n"));
-        return STATE_WARNING;
-#  endif /* USE_OPENSSL */
-}
-#endif /* HAVE_SSL */
 int
 send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size)
 {
author	M. Sean Finney <seanius@users.sourceforge.net>	2005-10-23 11:59:43 (GMT)
committer	M. Sean Finney <seanius@users.sourceforge.net>	2005-10-23 11:59:43 (GMT)
commit	4c77862ce3dacfad980977490d4dec76fdbdf3d8 (patch)
tree	f7656bf1a65c9ff9e434cdbf4cfee6fc5e073b58 /plugins/netutils.c
parent	cf66a717e9e8f55315d50b3b33a70b8a6f140981 (diff)
download	monitoring-plugins-4c77862ce3dacfad980977490d4dec76fdbdf3d8.tar.gz

diff --git a/plugins/netutils.c b/plugins/netutils.c index 2678f91..db64ef0 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c
@@ -234,133 +234,6 @@ np_net_connect (const char host_name, int port, int sd, int proto)
234	}	234	}
235	}	235	}
236		236
237	#ifdef HAVE_SSL
238	static SSL_CTX *c=NULL;
239	static SSL *s=NULL;
240
241	int np_net_ssl_init (int sd){
242	SSL_METHOD *m=NULL;
243	/* Initialize SSL context */
244	SSLeay_add_ssl_algorithms ();
245	m = SSLv23_client_method ();
246	SSL_load_error_strings ();
247	OpenSSL_add_all_algorithms();
248	if ((c = SSL_CTX_new (m)) == NULL) {
249	printf (_("CRITICAL - Cannot create SSL context.\n"));
250	return STATE_CRITICAL;
251	}
252	if ((s = SSL_new (c)) != NULL){
253	SSL_set_fd (s, sd);
254	if (SSL_connect(s) == 1){
255	return OK;
256	} else {
257	printf (_("CRITICAL - Cannot make SSL connection "));
258	#ifdef USE_OPENSSL /* XXX look into ERR_error_string */
259	ERR_print_errors_fp (stdout);
260	#endif /* USE_OPENSSL */
261	}
262	} else {
263	printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
264	}
265	return STATE_CRITICAL;
266	}
267
268	void np_net_ssl_cleanup (){
269	if(s){
270	SSL_shutdown (s);
271	SSL_free (s);
272	if(c) SSL_CTX_free (c);
273	}
274	}
275
276	int np_net_ssl_write(const void *buf, int num){
277	return SSL_write(s, buf, num);
278	}
279
280	int np_net_ssl_read(void *buf, int num){
281	return SSL_read(s, buf, num);
282	}
283
284	int np_net_ssl_check_cert(int days_till_exp){
285	# ifdef USE_OPENSSL
286	X509 *certificate=NULL;
287	ASN1_STRING *tm;
288	int offset;
289	struct tm stamp;
290	int days_left;
291	char timestamp[17] = "";
292
293	certificate=SSL_get_peer_certificate(s);
294	if(! certificate){
295	printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
296	return STATE_CRITICAL;
297	}
298
299	/* Retrieve timestamp of certificate */
300	tm = X509_get_notAfter (certificate);
301
302	/* Generate tm structure to process timestamp */
303	if (tm->type == V_ASN1_UTCTIME) {
304	if (tm->length < 10) {
305	printf (_("CRITICAL - Wrong time format in certificate.\n"));
306	return STATE_CRITICAL;
307	} else {
308	stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
309	if (stamp.tm_year < 50)
310	stamp.tm_year += 100;
311	offset = 0;
312	}
313	} else {
314	if (tm->length < 12) {
315	printf (_("CRITICAL - Wrong time format in certificate.\n"));
316	return STATE_CRITICAL;
317	} else {
318	stamp.tm_year =
319	(tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
320	(tm->data[2] - '0') * 10 + (tm->data[3] - '0');
321	stamp.tm_year -= 1900;
322	offset = 2;
323	}
324	}
325	stamp.tm_mon =
326	(tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
327	stamp.tm_mday =
328	(tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
329	stamp.tm_hour =
330	(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
331	stamp.tm_min =
332	(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
333	stamp.tm_sec = 0;
334	stamp.tm_isdst = -1;
335
336	days_left = (mktime (&stamp) - time (NULL)) / 86400;
337	snprintf
338	(timestamp, 17, "%02d/%02d/%04d %02d:%02d",
339	stamp.tm_mon + 1,
340	stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
341
342	if (days_left > 0 && days_left <= days_till_exp) {
343	printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
344	return STATE_WARNING;
345	} else if (days_left < 0) {
346	printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
347	return STATE_CRITICAL;
348	} else if (days_left == 0) {
349	printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
350	return STATE_WARNING;
351	}
352
353	printf (_("OK - Certificate will expire on %s.\n"), timestamp);
354	X509_free (certificate);
355	return STATE_OK;
356	# else /* ifndef USE_OPENSSL */
357	printf (_("WARNING - Plugin does not support checking certificates.\n"));
358	return STATE_WARNING;
359	# endif /* USE_OPENSSL */
360	}
361
362	#endif /* HAVE_SSL */
363
364	int	237	int
365	send_request (int sd, int proto, const char send_buffer, char recv_buffer, int recv_size)	238	send_request (int sd, int proto, const char send_buffer, char recv_buffer, int recv_size)
366	{	239	{