summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--plugins/sslutils.c13
-rwxr-xr-xplugins/tests/check_http.t6
2 files changed, 8 insertions, 11 deletions
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index afc24be..1d4ef94 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -30,10 +30,6 @@
30#include "common.h" 30#include "common.h"
31#include "netutils.h" 31#include "netutils.h"
32 32
33/* Max length of timestamps, ex: "03/05/2009 00:13 GMT". Calculate up to 6
34 * chars for the timezone (ex: "GMT-10") and one terminating \0 */
35#define TS_LENGTH 24
36
37#ifdef HAVE_SSL 33#ifdef HAVE_SSL
38static SSL_CTX *c=NULL; 34static SSL_CTX *c=NULL;
39static SSL *s=NULL; 35static SSL *s=NULL;
@@ -93,8 +89,9 @@ int np_net_ssl_check_cert(int days_till_exp){
93 ASN1_STRING *tm; 89 ASN1_STRING *tm;
94 int offset; 90 int offset;
95 struct tm stamp; 91 struct tm stamp;
92 float time_left;
96 int days_left; 93 int days_left;
97 char timestamp[TS_LENGTH] = ""; 94 char timestamp[17] = "";
98 95
99 certificate=SSL_get_peer_certificate(s); 96 certificate=SSL_get_peer_certificate(s);
100 if(! certificate){ 97 if(! certificate){
@@ -139,12 +136,12 @@ int np_net_ssl_check_cert(int days_till_exp){
139 stamp.tm_sec = 0; 136 stamp.tm_sec = 0;
140 stamp.tm_isdst = -1; 137 stamp.tm_isdst = -1;
141 138
142 float time_left = difftime(timegm(&stamp), time(NULL)); 139 time_left = difftime(timegm(&stamp), time(NULL));
143 days_left = time_left / 86400; 140 days_left = time_left / 86400;
144 snprintf 141 snprintf
145 (timestamp, TS_LENGTH, "%02d/%02d/%04d %02d:%02d %s", 142 (timestamp, 17, "%02d/%02d/%04d %02d:%02d",
146 stamp.tm_mon + 1, 143 stamp.tm_mon + 1,
147 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min, stamp.tm_zone); 144 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
148 145
149 if (days_left > 0 && days_left <= days_till_exp) { 146 if (days_left > 0 && days_left <= days_till_exp) {
150 printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); 147 printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 0a1b0bc..d7f4148 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -163,18 +163,18 @@ SKIP: {
163 163
164 $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); 164 $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
165 is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); 165 is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
166 is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41 GMT.', "output ok" ); 166 is( $result->output, 'OK - Certificate will expire on 03/03/2019 21:41.', "output ok" );
167 167
168 $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); 168 $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
169 is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); 169 is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
170 like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41 GMT\)./', "output ok" ); 170 like( $result->output, '/WARNING - Certificate expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" );
171 171
172 172
173 # Expired cert tests 173 # Expired cert tests
174 $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); 174 $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
175 is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); 175 is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
176 is( $result->output, 176 is( $result->output,
177 'CRITICAL - Certificate expired on 03/05/2009 00:13 GMT.', 177 'CRITICAL - Certificate expired on 03/05/2009 00:13.',
178 "output ok" ); 178 "output ok" );
179 179
180} 180}