1 files changed, 6 insertions, 106 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 3ffa4cd6..1b6513ba 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -32,10 +32,6 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 static int check_cert = FALSE;
 static int days_till_exp;
 static char *randbuff = "";
-static X509 *server_cert;
-# ifdef USE_OPENSSL
-static int check_certificate (X509 **);
-# endif /* USE_OPENSSL */
 # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
 # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
 #else
@@ -43,7 +39,6 @@ static int check_certificate (X509 **);
 # define my_send(buf, len) send(sd, buf, len, 0)
 #endif
 /* int my_recv(char *, size_t); */
 static int process_arguments (int, char **);
 void print_help (void);
@@ -217,34 +212,19 @@ main (int argc, char **argv)
 #ifdef HAVE_SSL
        if (flags & FLAG_SSL){
                result = np_net_ssl_init(sd);
-                if(result != STATE_OK) return result;
+                if (result == STATE_OK && check_cert == TRUE) {
-                /* XXX does np_net_ssl take care of printing an error?
+                        result = np_net_ssl_check_cert(days_till_exp);
-                        die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
+                        if(result != STATE_OK) {
-                */
+                                printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
-        }
+                        }
-#  ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
-        /*
-        if (flags & FLAG_SSL && check_cert == TRUE) {
-                if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
-                        result = check_certificate (&server_cert);
-                        X509_free(server_cert);
-                }
-                else {
-                        printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
-                        result = STATE_CRITICAL;
                }
        }
-        */
-#  endif /* USE_OPENSSL */
-#endif
        if(result != STATE_OK){
-#ifdef HAVE_SSL
                np_net_ssl_cleanup();
-#endif
                if(sd) close(sd);
                return result;
        }
+#endif /* HAVE_SSL */
        if (server_send != NULL) {              /* Something to send? */
                my_send(server_send, strlen(server_send));
@@ -567,86 +547,6 @@ process_arguments (int argc, char **argv)
 }
-/* SSL-specific functions */
-#ifdef HAVE_SSL
-#  ifdef USE_OPENSSL /* XXX */
-static int
-check_certificate (X509 ** certificate)
-{
-  ASN1_STRING *tm;
-  int offset;
-  struct tm stamp;
-  int days_left;
-  /* Retrieve timestamp of certificate */
-  tm = X509_get_notAfter (*certificate);
-  /* Generate tm structure to process timestamp */
-  if (tm->type == V_ASN1_UTCTIME) {
-    if (tm->length < 10) {
-      printf (_("CRITICAL - Wrong time format in certificate.\n"));
-      return STATE_CRITICAL;
-    }
-    else {
-      stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
-      if (stamp.tm_year < 50)
-        stamp.tm_year += 100;
-      offset = 0;
-    }
-  }
-  else {
-    if (tm->length < 12) {
-      printf (_("CRITICAL - Wrong time format in certificate.\n"));
-      return STATE_CRITICAL;
-    }
-    else {
-                        stamp.tm_year =
-                          (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
-                          (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
-                        stamp.tm_year -= 1900;
-                        offset = 2;
-    }
-  }
-        stamp.tm_mon =
-          (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
-        stamp.tm_mday =
-          (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
-        stamp.tm_hour =
-          (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
-        stamp.tm_min =
-          (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-        stamp.tm_sec = 0;
-        stamp.tm_isdst = -1;
-        days_left = (mktime (&stamp) - time (NULL)) / 86400;
-        snprintf
-          (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
-           stamp.tm_mon + 1,
-           stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
-        if (days_left > 0 && days_left <= days_till_exp) {
-          printf (_("Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
-          return STATE_WARNING;
-        }
-        if (days_left < 0) {
-          printf (_("Certificate expired on %s.\n"), timestamp);
-          return STATE_CRITICAL;
-        }
-        if (days_left == 0) {
-          printf (_("Certificate expires today (%s).\n"), timestamp);
-          return STATE_WARNING;
-        }
-        printf (_("Certificate will expire on %s.\n"), timestamp);
-        return STATE_OK;
-}
-#  endif /* USE_OPENSSL */
-#endif /* HAVE_SSL */
 void
 print_help (void)
 {

diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 3ffa4cd6..1b6513ba 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c
@@ -32,10 +32,6 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
32	static int check_cert = FALSE;	32	static int check_cert = FALSE;
33	static int days_till_exp;	33	static int days_till_exp;
34	static char *randbuff = "";	34	static char *randbuff = "";
35	static X509 *server_cert;
36	# ifdef USE_OPENSSL
37	static int check_certificate (X509 **);
38	# endif /* USE_OPENSSL */
39	# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))	35	# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
40	# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))	36	# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
41	#else	37	#else
@@ -43,7 +39,6 @@ static int check_certificate (X509 **);
43	# define my_send(buf, len) send(sd, buf, len, 0)	39	# define my_send(buf, len) send(sd, buf, len, 0)
44	#endif	40	#endif
45		41
46
47	/* int my_recv(char , size_t); /	42	/* int my_recv(char , size_t); /
48	static int process_arguments (int, char **);	43	static int process_arguments (int, char **);
49	void print_help (void);	44	void print_help (void);
@@ -217,34 +212,19 @@ main (int argc, char **argv)
217	#ifdef HAVE_SSL	212	#ifdef HAVE_SSL
218	if (flags & FLAG_SSL){	213	if (flags & FLAG_SSL){
219	result = np_net_ssl_init(sd);	214	result = np_net_ssl_init(sd);
220	if(result != STATE_OK) return result;	215	if (result == STATE_OK && check_cert == TRUE) {
221	/* XXX does np_net_ssl take care of printing an error?	216	result = np_net_ssl_check_cert(days_till_exp);
222	die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));	217	if(result != STATE_OK) {
223	*/	218	printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
224	}	219	}
225	# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
226	/*
227	if (flags & FLAG_SSL && check_cert == TRUE) {
228	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
229	result = check_certificate (&server_cert);
230	X509_free(server_cert);
231	}
232	else {
233	printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
234	result = STATE_CRITICAL;
235	}	220	}
236	}	221	}
237	*/
238	# endif /* USE_OPENSSL */
239	#endif
240
241	if(result != STATE_OK){	222	if(result != STATE_OK){
242	#ifdef HAVE_SSL
243	np_net_ssl_cleanup();	223	np_net_ssl_cleanup();
244	#endif
245	if(sd) close(sd);	224	if(sd) close(sd);
246	return result;	225	return result;
247	}	226	}
		227	#endif /* HAVE_SSL */
248		228
249	if (server_send != NULL) { /* Something to send? */	229	if (server_send != NULL) { /* Something to send? */
250	my_send(server_send, strlen(server_send));	230	my_send(server_send, strlen(server_send));
@@ -567,86 +547,6 @@ process_arguments (int argc, char **argv)
567	}	547	}
568		548
569		549
570	/* SSL-specific functions */
571	#ifdef HAVE_SSL
572	# ifdef USE_OPENSSL /* XXX */
573	static int
574	check_certificate (X509 ** certificate)
575	{
576	ASN1_STRING *tm;
577	int offset;
578	struct tm stamp;
579	int days_left;
580
581
582	/* Retrieve timestamp of certificate */
583	tm = X509_get_notAfter (*certificate);
584
585	/* Generate tm structure to process timestamp */
586	if (tm->type == V_ASN1_UTCTIME) {
587	if (tm->length < 10) {
588	printf (_("CRITICAL - Wrong time format in certificate.\n"));
589	return STATE_CRITICAL;
590	}
591	else {
592	stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
593	if (stamp.tm_year < 50)
594	stamp.tm_year += 100;
595	offset = 0;
596	}
597	}
598	else {
599	if (tm->length < 12) {
600	printf (_("CRITICAL - Wrong time format in certificate.\n"));
601	return STATE_CRITICAL;
602	}
603	else {
604	stamp.tm_year =
605	(tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
606	(tm->data[2] - '0') * 10 + (tm->data[3] - '0');
607	stamp.tm_year -= 1900;
608	offset = 2;
609	}
610	}
611	stamp.tm_mon =
612	(tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
613	stamp.tm_mday =
614	(tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
615	stamp.tm_hour =
616	(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
617	stamp.tm_min =
618	(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
619	stamp.tm_sec = 0;
620	stamp.tm_isdst = -1;
621
622	days_left = (mktime (&stamp) - time (NULL)) / 86400;
623	snprintf
624	(timestamp, 16, "%02d/%02d/%04d %02d:%02d",
625	stamp.tm_mon + 1,
626	stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
627
628	if (days_left > 0 && days_left <= days_till_exp) {
629	printf (_("Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
630	return STATE_WARNING;
631	}
632	if (days_left < 0) {
633	printf (_("Certificate expired on %s.\n"), timestamp);
634	return STATE_CRITICAL;
635	}
636
637	if (days_left == 0) {
638	printf (_("Certificate expires today (%s).\n"), timestamp);
639	return STATE_WARNING;
640	}
641
642	printf (_("Certificate will expire on %s.\n"), timestamp);
643
644	return STATE_OK;
645	}
646	# endif /* USE_OPENSSL */
647	#endif /* HAVE_SSL */
648
649
650	void	550	void
651	print_help (void)	551	print_help (void)
652	{	552	{