summaryrefslogtreecommitdiffstats
path: root/plugins/check_smtp.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_smtp.c')
-rw-r--r--plugins/check_smtp.c119
1 files changed, 78 insertions, 41 deletions
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 44b735f9..83ad575c 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -58,7 +58,8 @@ typedef struct {
58} check_smtp_config_wrapper; 58} check_smtp_config_wrapper;
59static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/); 59static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
60 60
61int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) { 61int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor,
62 bool ssl_established) {
62#ifdef HAVE_SSL 63#ifdef HAVE_SSL
63 if ((config.use_starttls || config.use_ssl) && ssl_established) { 64 if ((config.use_starttls || config.use_ssl) && ssl_established) {
64 return np_net_ssl_read(buf, num); 65 return np_net_ssl_read(buf, num);
@@ -69,7 +70,8 @@ int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor,
69#endif 70#endif
70} 71}
71 72
72int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) { 73int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor,
74 bool ssl_established) {
73#ifdef HAVE_SSL 75#ifdef HAVE_SSL
74 if ((config.use_starttls || config.use_ssl) && ssl_established) { 76 if ((config.use_starttls || config.use_ssl) && ssl_established) {
75 77
@@ -83,10 +85,12 @@ int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor,
83 85
84static void print_help(void); 86static void print_help(void);
85void print_usage(void); 87void print_usage(void);
86static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER], int /*socket_descriptor*/, 88static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER],
87 bool /*ssl_established*/); 89 int /*socket_descriptor*/, bool /*ssl_established*/);
88static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/, int /*socket_descriptor*/, bool /*ssl_established*/); 90static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/,
89static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/, int /*socket_descriptor*/, bool /*ssl_established*/); 91 int /*socket_descriptor*/, bool /*ssl_established*/);
92static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/,
93 int /*socket_descriptor*/, bool /*ssl_established*/);
90static int my_close(int /*socket_descriptor*/); 94static int my_close(int /*socket_descriptor*/);
91 95
92static int verbose = 0; 96static int verbose = 0;
@@ -158,7 +162,8 @@ int main(int argc, char **argv) {
158 162
159 int socket_descriptor = 0; 163 int socket_descriptor = 0;
160 /* try to connect to the host at the given port number */ 164 /* try to connect to the host at the given port number */
161 mp_state_enum result = my_tcp_connect(config.server_address, config.server_port, &socket_descriptor); 165 mp_state_enum result =
166 my_tcp_connect(config.server_address, config.server_port, &socket_descriptor);
162 167
163 char *error_msg = ""; 168 char *error_msg = "";
164 char buffer[MAX_INPUT_BUFFER]; 169 char buffer[MAX_INPUT_BUFFER];
@@ -174,7 +179,8 @@ int main(int argc, char **argv) {
174 179
175#ifdef HAVE_SSL 180#ifdef HAVE_SSL
176 if (config.use_ssl) { 181 if (config.use_ssl) {
177 result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL)); 182 result = np_net_ssl_init_with_hostname(socket_descriptor,
183 (config.use_sni ? config.server_address : NULL));
178 if (result != STATE_OK) { 184 if (result != STATE_OK) {
179 printf(_("CRITICAL - Cannot create SSL context.\n")); 185 printf(_("CRITICAL - Cannot create SSL context.\n"));
180 close(socket_descriptor); 186 close(socket_descriptor);
@@ -223,14 +229,16 @@ int main(int argc, char **argv) {
223 /* send the STARTTLS command */ 229 /* send the STARTTLS command */
224 send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); 230 send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
225 231
226 recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established); /* wait for it */ 232 recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
233 ssl_established); /* wait for it */
227 if (!strstr(buffer, SMTP_EXPECT)) { 234 if (!strstr(buffer, SMTP_EXPECT)) {
228 printf(_("Server does not support STARTTLS\n")); 235 printf(_("Server does not support STARTTLS\n"));
229 smtp_quit(config, buffer, socket_descriptor, ssl_established); 236 smtp_quit(config, buffer, socket_descriptor, ssl_established);
230 exit(STATE_UNKNOWN); 237 exit(STATE_UNKNOWN);
231 } 238 }
232 239
233 result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL)); 240 result = np_net_ssl_init_with_hostname(socket_descriptor,
241 (config.use_sni ? config.server_address : NULL));
234 if (result != STATE_OK) { 242 if (result != STATE_OK) {
235 printf(_("CRITICAL - Cannot create SSL context.\n")); 243 printf(_("CRITICAL - Cannot create SSL context.\n"));
236 close(socket_descriptor); 244 close(socket_descriptor);
@@ -251,7 +259,8 @@ int main(int argc, char **argv) {
251 * reason, some MTAs will not allow an AUTH LOGIN command before 259 * reason, some MTAs will not allow an AUTH LOGIN command before
252 * we resent EHLO via TLS. 260 * we resent EHLO via TLS.
253 */ 261 */
254 if (my_send(config, helocmd, strlen(helocmd), socket_descriptor, ssl_established) <= 0) { 262 if (my_send(config, helocmd, strlen(helocmd), socket_descriptor, ssl_established) <=
263 0) {
255 printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS.")); 264 printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS."));
256 my_close(socket_descriptor); 265 my_close(socket_descriptor);
257 exit(STATE_UNKNOWN); 266 exit(STATE_UNKNOWN);
@@ -261,7 +270,8 @@ int main(int argc, char **argv) {
261 printf(_("sent %s"), helocmd); 270 printf(_("sent %s"), helocmd);
262 } 271 }
263 272
264 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) { 273 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <=
274 0) {
265 printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS.")); 275 printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS."));
266 my_close(socket_descriptor); 276 my_close(socket_descriptor);
267 exit(STATE_UNKNOWN); 277 exit(STATE_UNKNOWN);
@@ -273,7 +283,8 @@ int main(int argc, char **argv) {
273 283
274# ifdef USE_OPENSSL 284# ifdef USE_OPENSSL
275 if (config.check_cert) { 285 if (config.check_cert) {
276 result = np_net_ssl_check_cert(config.days_till_exp_warn, config.days_till_exp_crit); 286 result =
287 np_net_ssl_check_cert(config.days_till_exp_warn, config.days_till_exp_crit);
277 smtp_quit(config, buffer, socket_descriptor, ssl_established); 288 smtp_quit(config, buffer, socket_descriptor, ssl_established);
278 my_close(socket_descriptor); 289 my_close(socket_descriptor);
279 exit(result); 290 exit(result);
@@ -296,14 +307,17 @@ int main(int argc, char **argv) {
296 if (config.server_port == SMTP_PORT) { 307 if (config.server_port == SMTP_PORT) {
297 printf(_("Invalid SMTP response received from host: %s\n"), server_response); 308 printf(_("Invalid SMTP response received from host: %s\n"), server_response);
298 } else { 309 } else {
299 printf(_("Invalid SMTP response received from host on port %d: %s\n"), config.server_port, server_response); 310 printf(_("Invalid SMTP response received from host on port %d: %s\n"),
311 config.server_port, server_response);
300 } 312 }
301 exit(STATE_WARNING); 313 exit(STATE_WARNING);
302 } 314 }
303 315
304 if (config.send_mail_from) { 316 if (config.send_mail_from) {
305 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established); 317 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
306 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) { 318 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >=
319 1 &&
320 verbose) {
307 printf("%s", buffer); 321 printf("%s", buffer);
308 } 322 }
309 } 323 }
@@ -312,7 +326,9 @@ int main(int argc, char **argv) {
312 while (counter < config.ncommands) { 326 while (counter < config.ncommands) {
313 xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n"); 327 xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n");
314 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established); 328 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
315 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) { 329 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >=
330 1 &&
331 verbose) {
316 printf("%s", buffer); 332 printf("%s", buffer);
317 } 333 }
318 strip(buffer); 334 strip(buffer);
@@ -334,7 +350,8 @@ int main(int argc, char **argv) {
334 result = STATE_OK; 350 result = STATE_OK;
335 } else if (excode == REG_NOMATCH) { 351 } else if (excode == REG_NOMATCH) {
336 result = STATE_WARNING; 352 result = STATE_WARNING;
337 printf(_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text(result), buffer, config.commands[counter]); 353 printf(_("SMTP %s - Invalid response '%s' to command '%s'\n"),
354 state_text(result), buffer, config.commands[counter]);
338 } else { 355 } else {
339 regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER); 356 regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER);
340 printf(_("Execute Error: %s\n"), errbuf); 357 printf(_("Execute Error: %s\n"), errbuf);
@@ -361,12 +378,14 @@ int main(int argc, char **argv) {
361 } 378 }
362 379
363 /* send AUTH LOGIN */ 380 /* send AUTH LOGIN */
364 my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor, ssl_established); 381 my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor,
382 ssl_established);
365 if (verbose) { 383 if (verbose) {
366 printf(_("sent %s\n"), "AUTH LOGIN"); 384 printf(_("sent %s\n"), "AUTH LOGIN");
367 } 385 }
368 386
369 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) { 387 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
388 ssl_established)) <= 0) {
370 xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, ")); 389 xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, "));
371 result = STATE_WARNING; 390 result = STATE_WARNING;
372 break; 391 break;
@@ -389,7 +408,8 @@ int main(int argc, char **argv) {
389 printf(_("sent %s\n"), abuf); 408 printf(_("sent %s\n"), abuf);
390 } 409 }
391 410
392 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) { 411 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
412 ssl_established)) <= 0) {
393 result = STATE_CRITICAL; 413 result = STATE_CRITICAL;
394 xasprintf(&error_msg, _("recv() failed after sending authuser, ")); 414 xasprintf(&error_msg, _("recv() failed after sending authuser, "));
395 break; 415 break;
@@ -409,7 +429,8 @@ int main(int argc, char **argv) {
409 if (verbose) { 429 if (verbose) {
410 printf(_("sent %s\n"), abuf); 430 printf(_("sent %s\n"), abuf);
411 } 431 }
412 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) { 432 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
433 ssl_established)) <= 0) {
413 result = STATE_CRITICAL; 434 result = STATE_CRITICAL;
414 xasprintf(&error_msg, _("recv() failed after sending authpass, ")); 435 xasprintf(&error_msg, _("recv() failed after sending authpass, "));
415 break; 436 break;
@@ -451,10 +472,10 @@ int main(int argc, char **argv) {
451 } 472 }
452 } 473 }
453 474
454 printf(_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), state_text(result), error_msg, elapsed_time, verbose ? ", " : "", 475 printf(_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), state_text(result), error_msg,
455 verbose ? buffer : "", 476 elapsed_time, verbose ? ", " : "", verbose ? buffer : "",
456 fperfdata("time", elapsed_time, "s", config.check_warning_time, config.warning_time, config.check_critical_time, 477 fperfdata("time", elapsed_time, "s", config.check_warning_time, config.warning_time,
457 config.critical_time, true, 0, false, 0)); 478 config.check_critical_time, config.critical_time, true, 0, false, 0));
458 479
459 exit(result); 480 exit(result);
460} 481}
@@ -519,7 +540,8 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
519 bool implicit_tls = false; 540 bool implicit_tls = false;
520 int server_port_option = 0; 541 int server_port_option = 0;
521 while (true) { 542 while (true) {
522 int opt_index = getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option); 543 int opt_index =
544 getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option);
523 545
524 if (opt_index == -1 || opt_index == EOF) { 546 if (opt_index == -1 || opt_index == EOF) {
525 break; 547 break;
@@ -546,7 +568,8 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
546 break; 568 break;
547 case 'f': /* from argument */ 569 case 'f': /* from argument */
548 result.config.from_arg = optarg + strspn(optarg, "<"); 570 result.config.from_arg = optarg + strspn(optarg, "<");
549 result.config.from_arg = strndup(result.config.from_arg, strcspn(result.config.from_arg, ">")); 571 result.config.from_arg =
572 strndup(result.config.from_arg, strcspn(result.config.from_arg, ">"));
550 result.config.send_mail_from = true; 573 result.config.send_mail_from = true;
551 break; 574 break;
552 case 'A': 575 case 'A':
@@ -565,9 +588,11 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
565 case 'C': /* commands */ 588 case 'C': /* commands */
566 if (result.config.ncommands >= command_size) { 589 if (result.config.ncommands >= command_size) {
567 command_size += 8; 590 command_size += 8;
568 result.config.commands = realloc(result.config.commands, sizeof(char *) * command_size); 591 result.config.commands =
592 realloc(result.config.commands, sizeof(char *) * command_size);
569 if (result.config.commands == NULL) { 593 if (result.config.commands == NULL) {
570 die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.ncommands); 594 die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"),
595 result.config.ncommands);
571 } 596 }
572 } 597 }
573 result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255); 598 result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255);
@@ -577,9 +602,11 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
577 case 'R': /* server responses */ 602 case 'R': /* server responses */
578 if (result.config.nresponses >= response_size) { 603 if (result.config.nresponses >= response_size) {
579 response_size += 8; 604 response_size += 8;
580 result.config.responses = realloc(result.config.responses, sizeof(char *) * response_size); 605 result.config.responses =
606 realloc(result.config.responses, sizeof(char *) * response_size);
581 if (result.config.responses == NULL) { 607 if (result.config.responses == NULL) {
582 die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.nresponses); 608 die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"),
609 result.config.nresponses);
583 } 610 }
584 } 611 }
585 result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255); 612 result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255);
@@ -718,8 +745,10 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
718 return result; 745 return result;
719} 746}
720 747
721char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor, bool ssl_established) { 748char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor,
722 int sent_bytes = my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established); 749 bool ssl_established) {
750 int sent_bytes =
751 my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established);
723 if (sent_bytes < 0) { 752 if (sent_bytes < 0) {
724 if (config.ignore_send_quit_failure) { 753 if (config.ignore_send_quit_failure) {
725 if (verbose) { 754 if (verbose) {
@@ -759,7 +788,8 @@ char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int soc
759 * function which buffers the data, move that to netutils.c and change 788 * function which buffers the data, move that to netutils.c and change
760 * check_smtp and other plugins to use that. Also, remove (\r)\n. 789 * check_smtp and other plugins to use that. Also, remove (\r)\n.
761 */ 790 */
762int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor, bool ssl_established) { 791int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor,
792 bool ssl_established) {
763 int result; 793 int result;
764 int counter; 794 int counter;
765 795
@@ -789,13 +819,16 @@ int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_des
789 * 819 *
790 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n. 820 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n.
791 */ 821 */
792int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor, bool ssl_established) { 822int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor,
823 bool ssl_established) {
793 int result; 824 int result;
794 int counter; 825 int counter;
795 826
796 for (counter = 0; /* forever */; counter += result) { 827 for (counter = 0; /* forever */; counter += result) {
797 if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor, ssl_established)) > 3 && 828 if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor,
798 isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) && isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) { 829 ssl_established)) > 3 &&
830 isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) &&
831 isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) {
799 break; 832 break;
800 } 833 }
801 } 834 }
@@ -835,13 +868,15 @@ void print_help(void) {
835 printf(UT_IPv46); 868 printf(UT_IPv46);
836 869
837 printf(" %s\n", "-e, --expect=STRING"); 870 printf(" %s\n", "-e, --expect=STRING");
838 printf(_(" String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT); 871 printf(_(" String to expect in first line of server response (default: '%s')\n"),
872 SMTP_EXPECT);
839 printf(" %s\n", "-C, --command=STRING"); 873 printf(" %s\n", "-C, --command=STRING");
840 printf(" %s\n", _("SMTP command (may be used repeatedly)")); 874 printf(" %s\n", _("SMTP command (may be used repeatedly)"));
841 printf(" %s\n", "-R, --response=STRING"); 875 printf(" %s\n", "-R, --response=STRING");
842 printf(" %s\n", _("Expected response to command (may be used repeatedly)")); 876 printf(" %s\n", _("Expected response to command (may be used repeatedly)"));
843 printf(" %s\n", "-f, --from=STRING"); 877 printf(" %s\n", "-f, --from=STRING");
844 printf(" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")), printf(" %s\n", "-F, --fqdn=STRING"); 878 printf(" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
879 printf(" %s\n", "-F, --fqdn=STRING");
845 printf(" %s\n", _("FQDN used for HELO")); 880 printf(" %s\n", _("FQDN used for HELO"));
846 printf(" %s\n", "-r, --proxy"); 881 printf(" %s\n", "-r, --proxy");
847 printf(" %s\n", _("Use PROXY protocol prefix for the connection.")); 882 printf(" %s\n", _("Use PROXY protocol prefix for the connection."));
@@ -885,7 +920,9 @@ void print_help(void) {
885 920
886void print_usage(void) { 921void print_usage(void) {
887 printf("%s\n", _("Usage:")); 922 printf("%s\n", _("Usage:"));
888 printf("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname); 923 printf("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n",
924 progname);
889 printf("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); 925 printf("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
890 printf("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n"); 926 printf("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] "
927 "[-v] \n");
891} 928}