diff options
| author | Holger Weiss <holger@zedat.fu-berlin.de> | 2012-06-11 21:34:15 (GMT) |
|---|---|---|
| committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2012-06-11 21:34:15 (GMT) |
| commit | 4e9eedc8debe1388996bd5631f2df6e057854061 (patch) | |
| tree | 9672619ca4f76bca657cef5fb15f063325881a5e /plugins/sslutils.c | |
| parent | 3fd1bd97ca874aecd4ad046f642c894bd1347f88 (diff) | |
| download | monitoring-plugins-4e9eedc8debe1388996bd5631f2df6e057854061.tar.gz | |
Fix whitespace and capitalization issues
Fix indentation and whitespace issues, and correct some capitalization
errors in error messages. The behaviour is unchanged.
Diffstat (limited to 'plugins/sslutils.c')
| -rw-r--r-- | plugins/sslutils.c | 160 |
1 files changed, 80 insertions, 80 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 12cd734..5425bb2 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
| @@ -36,97 +36,97 @@ static SSL_CTX *c=NULL; | |||
| 36 | static SSL *s=NULL; | 36 | static SSL *s=NULL; |
| 37 | static int initialized=0; | 37 | static int initialized=0; |
| 38 | 38 | ||
| 39 | int np_net_ssl_init (int sd) { | 39 | int np_net_ssl_init(int sd) { |
| 40 | return np_net_ssl_init_with_hostname(sd, NULL); | 40 | return np_net_ssl_init_with_hostname(sd, NULL); |
| 41 | } | 41 | } |
| 42 | 42 | ||
| 43 | int np_net_ssl_init_with_hostname (int sd, char *host_name) { | 43 | int np_net_ssl_init_with_hostname(int sd, char *host_name) { |
| 44 | return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); | 44 | return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); |
| 45 | } | 45 | } |
| 46 | 46 | ||
| 47 | int np_net_ssl_init_with_hostname_and_version (int sd, char *host_name, int version) { | 47 | int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) { |
| 48 | const SSL_METHOD *method = NULL; | 48 | const SSL_METHOD *method = NULL; |
| 49 | 49 | ||
| 50 | switch (version) { | 50 | switch (version) { |
| 51 | case 0: /* Deafult to auto negotiation */ | 51 | case 0: /* Deafult to auto negotiation */ |
| 52 | method = SSLv23_client_method(); | 52 | method = SSLv23_client_method(); |
| 53 | break; | 53 | break; |
| 54 | case 1: /* TLSv1 protocol */ | 54 | case 1: /* TLSv1 protocol */ |
| 55 | method = TLSv1_client_method(); | 55 | method = TLSv1_client_method(); |
| 56 | break; | 56 | break; |
| 57 | case 2: /* SSLv2 protocol */ | 57 | case 2: /* SSLv2 protocol */ |
| 58 | #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) | 58 | #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) |
| 59 | printf (("%s\n", _("CRITICAL - SSL Protocol Version 2 is not supported by your SSL library."))); | 59 | printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); |
| 60 | return STATE_CRITICAL; | 60 | return STATE_CRITICAL; |
| 61 | #else | 61 | #else |
| 62 | method = SSLv2_client_method(); | 62 | method = SSLv2_client_method(); |
| 63 | #endif | 63 | #endif |
| 64 | break; | 64 | break; |
| 65 | case 3: /* SSLv3 protocol */ | 65 | case 3: /* SSLv3 protocol */ |
| 66 | method = SSLv3_client_method(); | 66 | method = SSLv3_client_method(); |
| 67 | break; | 67 | break; |
| 68 | default: /* Unsupported */ | 68 | default: /* Unsupported */ |
| 69 | printf ("%s\n", _("CRITICAL - Unsupported SSL Protocol Version.")); | 69 | printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); |
| 70 | return STATE_CRITICAL; | 70 | return STATE_CRITICAL; |
| 71 | } | 71 | } |
| 72 | if (!initialized) { | 72 | if (!initialized) { |
| 73 | /* Initialize SSL context */ | 73 | /* Initialize SSL context */ |
| 74 | SSLeay_add_ssl_algorithms (); | 74 | SSLeay_add_ssl_algorithms(); |
| 75 | SSL_load_error_strings (); | 75 | SSL_load_error_strings(); |
| 76 | OpenSSL_add_all_algorithms (); | 76 | OpenSSL_add_all_algorithms(); |
| 77 | initialized = 1; | 77 | initialized = 1; |
| 78 | } | 78 | } |
| 79 | if ((c = SSL_CTX_new (method)) == NULL) { | 79 | if ((c = SSL_CTX_new(method)) == NULL) { |
| 80 | printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); | 80 | printf("%s\n", _("CRITICAL - Cannot create SSL context.")); |
| 81 | return STATE_CRITICAL; | 81 | return STATE_CRITICAL; |
| 82 | } | 82 | } |
| 83 | #ifdef SSL_OP_NO_TICKET | 83 | #ifdef SSL_OP_NO_TICKET |
| 84 | SSL_CTX_set_options(c, SSL_OP_NO_TICKET); | 84 | SSL_CTX_set_options(c, SSL_OP_NO_TICKET); |
| 85 | #endif | 85 | #endif |
| 86 | if ((s = SSL_new (c)) != NULL){ | 86 | if ((s = SSL_new(c)) != NULL) { |
| 87 | #ifdef SSL_set_tlsext_host_name | 87 | #ifdef SSL_set_tlsext_host_name |
| 88 | if (host_name != NULL) | 88 | if (host_name != NULL) |
| 89 | SSL_set_tlsext_host_name(s, host_name); | 89 | SSL_set_tlsext_host_name(s, host_name); |
| 90 | #endif | 90 | #endif |
| 91 | SSL_set_fd (s, sd); | 91 | SSL_set_fd(s, sd); |
| 92 | if (SSL_connect(s) == 1){ | 92 | if (SSL_connect(s) == 1) { |
| 93 | return OK; | 93 | return OK; |
| 94 | } else { | 94 | } else { |
| 95 | printf ("%s\n", _("CRITICAL - Cannot make SSL connection ")); | 95 | printf("%s\n", _("CRITICAL - Cannot make SSL connection.")); |
| 96 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | 96 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ |
| 97 | ERR_print_errors_fp (stdout); | 97 | ERR_print_errors_fp(stdout); |
| 98 | # endif /* USE_OPENSSL */ | 98 | # endif /* USE_OPENSSL */ |
| 99 | } | ||
| 100 | } else { | ||
| 101 | printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); | ||
| 102 | } | 99 | } |
| 103 | return STATE_CRITICAL; | 100 | } else { |
| 101 | printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); | ||
| 102 | } | ||
| 103 | return STATE_CRITICAL; | ||
| 104 | } | 104 | } |
| 105 | 105 | ||
| 106 | void np_net_ssl_cleanup (){ | 106 | void np_net_ssl_cleanup() { |
| 107 | if(s){ | 107 | if (s) { |
| 108 | #ifdef SSL_set_tlsext_host_name | 108 | #ifdef SSL_set_tlsext_host_name |
| 109 | SSL_set_tlsext_host_name(s, NULL); | 109 | SSL_set_tlsext_host_name(s, NULL); |
| 110 | #endif | 110 | #endif |
| 111 | SSL_shutdown (s); | 111 | SSL_shutdown(s); |
| 112 | SSL_free (s); | 112 | SSL_free(s); |
| 113 | if(c) { | 113 | if (c) { |
| 114 | SSL_CTX_free (c); | 114 | SSL_CTX_free(c); |
| 115 | c=NULL; | 115 | c=NULL; |
| 116 | } | ||
| 117 | s=NULL; | ||
| 118 | } | 116 | } |
| 117 | s=NULL; | ||
| 118 | } | ||
| 119 | } | 119 | } |
| 120 | 120 | ||
| 121 | int np_net_ssl_write(const void *buf, int num){ | 121 | int np_net_ssl_write(const void *buf, int num) { |
| 122 | return SSL_write(s, buf, num); | 122 | return SSL_write(s, buf, num); |
| 123 | } | 123 | } |
| 124 | 124 | ||
| 125 | int np_net_ssl_read(void *buf, int num){ | 125 | int np_net_ssl_read(void *buf, int num) { |
| 126 | return SSL_read(s, buf, num); | 126 | return SSL_read(s, buf, num); |
| 127 | } | 127 | } |
| 128 | 128 | ||
| 129 | int np_net_ssl_check_cert(int days_till_exp){ | 129 | int np_net_ssl_check_cert(int days_till_exp) { |
| 130 | # ifdef USE_OPENSSL | 130 | # ifdef USE_OPENSSL |
| 131 | X509 *certificate=NULL; | 131 | X509 *certificate=NULL; |
| 132 | X509_NAME *subj=NULL; | 132 | X509_NAME *subj=NULL; |
| @@ -142,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
| 142 | char timestamp[17] = ""; | 142 | char timestamp[17] = ""; |
| 143 | 143 | ||
| 144 | certificate=SSL_get_peer_certificate(s); | 144 | certificate=SSL_get_peer_certificate(s); |
| 145 | if(! certificate){ | 145 | if (!certificate) { |
| 146 | printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); | 146 | printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); |
| 147 | return STATE_CRITICAL; | 147 | return STATE_CRITICAL; |
| 148 | } | 148 | } |
| 149 | 149 | ||
| 150 | /* Extract CN from certificate subject */ | 150 | /* Extract CN from certificate subject */ |
| 151 | subj=X509_get_subject_name(certificate); | 151 | subj=X509_get_subject_name(certificate); |
| 152 | 152 | ||
| 153 | if(! subj){ | 153 | if (!subj) { |
| 154 | printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); | 154 | printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); |
| 155 | return STATE_CRITICAL; | 155 | return STATE_CRITICAL; |
| 156 | } | 156 | } |
| 157 | cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn)); | 157 | cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn)); |
| 158 | if ( cnlen == -1 ) | 158 | if (cnlen == -1) |
| 159 | strcpy(cn , _("Unknown CN")); | 159 | strcpy(cn, _("Unknown CN")); |
| 160 | 160 | ||
| 161 | /* Retrieve timestamp of certificate */ | 161 | /* Retrieve timestamp of certificate */ |
| 162 | tm = X509_get_notAfter (certificate); | 162 | tm = X509_get_notAfter(certificate); |
| 163 | 163 | ||
| 164 | /* Generate tm structure to process timestamp */ | 164 | /* Generate tm structure to process timestamp */ |
| 165 | if (tm->type == V_ASN1_UTCTIME) { | 165 | if (tm->type == V_ASN1_UTCTIME) { |
| 166 | if (tm->length < 10) { | 166 | if (tm->length < 10) { |
| 167 | printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); | 167 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); |
| 168 | return STATE_CRITICAL; | 168 | return STATE_CRITICAL; |
| 169 | } else { | 169 | } else { |
| 170 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | 170 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); |
| @@ -174,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
| 174 | } | 174 | } |
| 175 | } else { | 175 | } else { |
| 176 | if (tm->length < 12) { | 176 | if (tm->length < 12) { |
| 177 | printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); | 177 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); |
| 178 | return STATE_CRITICAL; | 178 | return STATE_CRITICAL; |
| 179 | } else { | 179 | } else { |
| 180 | stamp.tm_year = | 180 | stamp.tm_year = |
| @@ -203,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
| 203 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | 203 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); |
| 204 | 204 | ||
| 205 | if (days_left > 0 && days_left <= days_till_exp) { | 205 | if (days_left > 0 && days_left <= days_till_exp) { |
| 206 | printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); | 206 | printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); |
| 207 | status=STATE_WARNING; | 207 | status=STATE_WARNING; |
| 208 | } else if (time_left < 0) { | 208 | } else if (time_left < 0) { |
| 209 | printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 209 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
| 210 | status=STATE_CRITICAL; | 210 | status=STATE_CRITICAL; |
| 211 | } else if (days_left == 0) { | 211 | } else if (days_left == 0) { |
| 212 | printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); | 212 | printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); |
| 213 | status=STATE_WARNING; | 213 | status=STATE_WARNING; |
| 214 | } else { | 214 | } else { |
| 215 | printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); | 215 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); |
| 216 | status=STATE_OK; | 216 | status=STATE_OK; |
| 217 | } | 217 | } |
| 218 | X509_free (certificate); | 218 | X509_free(certificate); |
| 219 | return status; | 219 | return status; |
| 220 | # else /* ifndef USE_OPENSSL */ | 220 | # else /* ifndef USE_OPENSSL */ |
| 221 | printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); | 221 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); |
| 222 | return STATE_WARNING; | 222 | return STATE_WARNING; |
| 223 | # endif /* USE_OPENSSL */ | 223 | # endif /* USE_OPENSSL */ |
| 224 | } | 224 | } |