2 files changed, 54 insertions, 40 deletions
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index cb92421c..e806ad29 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -37,6 +37,7 @@
 #include "base64.h"
 #include "regex.h"
+#include <bits/getopt_ext.h>
 #include <ctype.h>
 #include <string.h>
 #include "check_smtp.d/config.h"
@@ -347,9 +348,19 @@ int main(int argc, char **argv) {
                switch (cert_check_result.errors) {
                case ALL_OK: {
-                        xasprintf(&sc_cert_check.output, "Certificate expiration. Remaining time %g days",
-                                          cert_check_result.remaining_seconds / 86400);
+                        if (cert_check_result.result_state != STATE_OK &&
-                        sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
+                                config.ignore_certificate_expiration) {
+                                xasprintf(&sc_cert_check.output,
+                                                  "Remaining certificate lifetime: %d days. Expiration will be ignored",
+                                                  (int)(cert_check_result.remaining_seconds / 86400));
+                                sc_cert_check = mp_set_subcheck_state(sc_cert_check, STATE_OK);
+                        } else {
+                                xasprintf(&sc_cert_check.output, "Remaining certificate lifetime: %d days",
+                                                  (int)(cert_check_result.remaining_seconds / 86400));
+                                sc_cert_check =
+                                        mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
+                        }
                } break;
                case NO_SERVER_CERTIFICATE_PRESENT: {
                        xasprintf(&sc_cert_check.output, "no server certificate present");
@@ -366,12 +377,6 @@ int main(int argc, char **argv) {
                };
                mp_add_subcheck_to_check(&overall, sc_cert_check);
-                if (config.check_cert) {
-                        smtp_quit(config, buffer, socket_descriptor, ssl_established);
-                        my_close(socket_descriptor);
-                        mp_exit(overall);
-                }
        }
 #       endif /* USE_OPENSSL */
@@ -584,37 +589,40 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
        enum {
                SNI_OPTION = CHAR_MAX + 1,
                output_format_index,
+                ignore_certificate_expiration_index,
        };
        int option = 0;
-        static struct option longopts[] = {{"hostname", required_argument, 0, 'H'},
+        static struct option longopts[] = {
-                                                                           {"expect", required_argument, 0, 'e'},
+                {"hostname", required_argument, 0, 'H'},
-                                                                           {"critical", required_argument, 0, 'c'},
+                {"expect", required_argument, 0, 'e'},
-                                                                           {"warning", required_argument, 0, 'w'},
+                {"critical", required_argument, 0, 'c'},
-                                                                           {"timeout", required_argument, 0, 't'},
+                {"warning", required_argument, 0, 'w'},
-                                                                           {"port", required_argument, 0, 'p'},
+                {"timeout", required_argument, 0, 't'},
-                                                                           {"from", required_argument, 0, 'f'},
+                {"port", required_argument, 0, 'p'},
-                                                                           {"fqdn", required_argument, 0, 'F'},
+                {"from", required_argument, 0, 'f'},
-                                                                           {"authtype", required_argument, 0, 'A'},
+                {"fqdn", required_argument, 0, 'F'},
-                                                                           {"authuser", required_argument, 0, 'U'},
+                {"authtype", required_argument, 0, 'A'},
-                                                                           {"authpass", required_argument, 0, 'P'},
+                {"authuser", required_argument, 0, 'U'},
-                                                                           {"command", required_argument, 0, 'C'},
+                {"authpass", required_argument, 0, 'P'},
-                                                                           {"response", required_argument, 0, 'R'},
+                {"command", required_argument, 0, 'C'},
-                                                                           {"verbose", no_argument, 0, 'v'},
+                {"response", required_argument, 0, 'R'},
-                                                                           {"version", no_argument, 0, 'V'},
+                {"verbose", no_argument, 0, 'v'},
-                                                                           {"use-ipv4", no_argument, 0, '4'},
+                {"version", no_argument, 0, 'V'},
-                                                                           {"use-ipv6", no_argument, 0, '6'},
+                {"use-ipv4", no_argument, 0, '4'},
-                                                                           {"help", no_argument, 0, 'h'},
+                {"use-ipv6", no_argument, 0, '6'},
-                                                                           {"lmtp", no_argument, 0, 'L'},
+                {"help", no_argument, 0, 'h'},
-                                                                           {"ssl", no_argument, 0, 's'},
+                {"lmtp", no_argument, 0, 'L'},
-                                                                           {"tls", no_argument, 0, 's'},
+                {"ssl", no_argument, 0, 's'},
-                                                                           {"starttls", no_argument, 0, 'S'},
+                {"tls", no_argument, 0, 's'},
-                                                                           {"sni", no_argument, 0, SNI_OPTION},
+                {"starttls", no_argument, 0, 'S'},
-                                                                           {"certificate", required_argument, 0, 'D'},
+                {"sni", no_argument, 0, SNI_OPTION},
-                                                                           {"ignore-quit-failure", no_argument, 0, 'q'},
+                {"certificate", required_argument, 0, 'D'},
-                                                                           {"proxy", no_argument, 0, 'r'},
+                {"ignore-quit-failure", no_argument, 0, 'q'},
-                                                                           {"output-format", required_argument, 0, output_format_index},
+                {"proxy", no_argument, 0, 'r'},
-                                                                           {0, 0, 0, 0}};
+                {"ignore-certificate-expiration", no_argument, 0, ignore_certificate_expiration_index},
+                {"output-format", required_argument, 0, output_format_index},
+                {0, 0, 0, 0}};
        check_smtp_config_wrapper result = {
                .config = check_smtp_config_init(),
@@ -766,7 +774,6 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
                                }
                                result.config.days_till_exp_warn = atoi(optarg);
                        }
-                        result.config.check_cert = true;
                        result.config.ignore_send_quit_failure = true;
 #else
                        usage(_("SSL support not available - install OpenSSL and recompile"));
@@ -827,6 +834,9 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
                        result.config.output_format = parser.output_format;
                        break;
                }
+                case ignore_certificate_expiration_index: {
+                        result.config.ignore_certificate_expiration = true;
+                }
                }
        }
@@ -1028,6 +1038,8 @@ void print_help(void) {
        printf("    %s\n", _("Send LHLO instead of HELO/EHLO"));
        printf(" %s\n", "-q, --ignore-quit-failure");
        printf("    %s\n", _("Ignore failure when sending QUIT command to server"));
+        printf(" %s\n", "--ignore-certificate-expiration");
+        printf("    %s\n", _("Ignore certificate expiration"));
        printf(UT_WARN_CRIT);
diff --git a/plugins/check_smtp.d/config.h b/plugins/check_smtp.d/config.h
index 11d7fe56..b0d42ed1 100644
--- a/plugins/check_smtp.d/config.h
+++ b/plugins/check_smtp.d/config.h
@@ -40,12 +40,13 @@ typedef struct {
        bool use_proxy_prefix;
 #ifdef HAVE_SSL
-        bool check_cert;
        int days_till_exp_warn;
        int days_till_exp_crit;
        bool use_ssl;
        bool use_starttls;
        bool use_sni;
+        bool ignore_certificate_expiration;
 #endif
        bool output_format_is_set;
@@ -80,12 +81,13 @@ check_smtp_config check_smtp_config_init() {
                .use_proxy_prefix = false,
 #ifdef HAVE_SSL
-                .check_cert = false,
                .days_till_exp_warn = 0,
                .days_till_exp_crit = 0,
                .use_ssl = false,
                .use_starttls = false,
                .use_sni = false,
+                .ignore_certificate_expiration = false,
 #endif
                .output_format_is_set = false,

diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index cb92421c..e806ad29 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c
@@ -37,6 +37,7 @@
37	#include "base64.h"	37	#include "base64.h"
38	#include "regex.h"	38	#include "regex.h"
39		39
		40	#include <bits/getopt_ext.h>
40	#include <ctype.h>	41	#include <ctype.h>
41	#include <string.h>	42	#include <string.h>
42	#include "check_smtp.d/config.h"	43	#include "check_smtp.d/config.h"
@@ -347,9 +348,19 @@ int main(int argc, char **argv) {
347		348
348	switch (cert_check_result.errors) {	349	switch (cert_check_result.errors) {
349	case ALL_OK: {	350	case ALL_OK: {
350	xasprintf(&sc_cert_check.output, "Certificate expiration. Remaining time %g days",	351
351	cert_check_result.remaining_seconds / 86400);	352	if (cert_check_result.result_state != STATE_OK &&
352	sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);	353	config.ignore_certificate_expiration) {
		354	xasprintf(&sc_cert_check.output,
		355	"Remaining certificate lifetime: %d days. Expiration will be ignored",
		356	(int)(cert_check_result.remaining_seconds / 86400));
		357	sc_cert_check = mp_set_subcheck_state(sc_cert_check, STATE_OK);
		358	} else {
		359	xasprintf(&sc_cert_check.output, "Remaining certificate lifetime: %d days",
		360	(int)(cert_check_result.remaining_seconds / 86400));
		361	sc_cert_check =
		362	mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
		363	}
353	} break;	364	} break;
354	case NO_SERVER_CERTIFICATE_PRESENT: {	365	case NO_SERVER_CERTIFICATE_PRESENT: {
355	xasprintf(&sc_cert_check.output, "no server certificate present");	366	xasprintf(&sc_cert_check.output, "no server certificate present");
@@ -366,12 +377,6 @@ int main(int argc, char **argv) {
366	};	377	};
367		378
368	mp_add_subcheck_to_check(&overall, sc_cert_check);	379	mp_add_subcheck_to_check(&overall, sc_cert_check);
369
370	if (config.check_cert) {
371	smtp_quit(config, buffer, socket_descriptor, ssl_established);
372	my_close(socket_descriptor);
373	mp_exit(overall);
374	}
375	}	380	}
376	# endif /* USE_OPENSSL */	381	# endif /* USE_OPENSSL */
377		382
@@ -584,37 +589,40 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
584	enum {	589	enum {
585	SNI_OPTION = CHAR_MAX + 1,	590	SNI_OPTION = CHAR_MAX + 1,
586	output_format_index,	591	output_format_index,
		592	ignore_certificate_expiration_index,
587	};	593	};
588		594
589	int option = 0;	595	int option = 0;
590	static struct option longopts[] = {{"hostname", required_argument, 0, 'H'},	596	static struct option longopts[] = {
591	{"expect", required_argument, 0, 'e'},	597	{"hostname", required_argument, 0, 'H'},
592	{"critical", required_argument, 0, 'c'},	598	{"expect", required_argument, 0, 'e'},
593	{"warning", required_argument, 0, 'w'},	599	{"critical", required_argument, 0, 'c'},
594	{"timeout", required_argument, 0, 't'},	600	{"warning", required_argument, 0, 'w'},
595	{"port", required_argument, 0, 'p'},	601	{"timeout", required_argument, 0, 't'},
596	{"from", required_argument, 0, 'f'},	602	{"port", required_argument, 0, 'p'},
597	{"fqdn", required_argument, 0, 'F'},	603	{"from", required_argument, 0, 'f'},
598	{"authtype", required_argument, 0, 'A'},	604	{"fqdn", required_argument, 0, 'F'},
599	{"authuser", required_argument, 0, 'U'},	605	{"authtype", required_argument, 0, 'A'},
600	{"authpass", required_argument, 0, 'P'},	606	{"authuser", required_argument, 0, 'U'},
601	{"command", required_argument, 0, 'C'},	607	{"authpass", required_argument, 0, 'P'},
602	{"response", required_argument, 0, 'R'},	608	{"command", required_argument, 0, 'C'},
603	{"verbose", no_argument, 0, 'v'},	609	{"response", required_argument, 0, 'R'},
604	{"version", no_argument, 0, 'V'},	610	{"verbose", no_argument, 0, 'v'},
605	{"use-ipv4", no_argument, 0, '4'},	611	{"version", no_argument, 0, 'V'},
606	{"use-ipv6", no_argument, 0, '6'},	612	{"use-ipv4", no_argument, 0, '4'},
607	{"help", no_argument, 0, 'h'},	613	{"use-ipv6", no_argument, 0, '6'},
608	{"lmtp", no_argument, 0, 'L'},	614	{"help", no_argument, 0, 'h'},
609	{"ssl", no_argument, 0, 's'},	615	{"lmtp", no_argument, 0, 'L'},
610	{"tls", no_argument, 0, 's'},	616	{"ssl", no_argument, 0, 's'},
611	{"starttls", no_argument, 0, 'S'},	617	{"tls", no_argument, 0, 's'},
612	{"sni", no_argument, 0, SNI_OPTION},	618	{"starttls", no_argument, 0, 'S'},
613	{"certificate", required_argument, 0, 'D'},	619	{"sni", no_argument, 0, SNI_OPTION},
614	{"ignore-quit-failure", no_argument, 0, 'q'},	620	{"certificate", required_argument, 0, 'D'},
615	{"proxy", no_argument, 0, 'r'},	621	{"ignore-quit-failure", no_argument, 0, 'q'},
616	{"output-format", required_argument, 0, output_format_index},	622	{"proxy", no_argument, 0, 'r'},
617	{0, 0, 0, 0}};	623	{"ignore-certificate-expiration", no_argument, 0, ignore_certificate_expiration_index},
		624	{"output-format", required_argument, 0, output_format_index},
		625	{0, 0, 0, 0}};
618		626
619	check_smtp_config_wrapper result = {	627	check_smtp_config_wrapper result = {
620	.config = check_smtp_config_init(),	628	.config = check_smtp_config_init(),
@@ -766,7 +774,6 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
766	}	774	}
767	result.config.days_till_exp_warn = atoi(optarg);	775	result.config.days_till_exp_warn = atoi(optarg);
768	}	776	}
769	result.config.check_cert = true;
770	result.config.ignore_send_quit_failure = true;	777	result.config.ignore_send_quit_failure = true;
771	#else	778	#else
772	usage(_("SSL support not available - install OpenSSL and recompile"));	779	usage(_("SSL support not available - install OpenSSL and recompile"));
@@ -827,6 +834,9 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
827	result.config.output_format = parser.output_format;	834	result.config.output_format = parser.output_format;
828	break;	835	break;
829	}	836	}
		837	case ignore_certificate_expiration_index: {
		838	result.config.ignore_certificate_expiration = true;
		839	}
830	}	840	}
831	}	841	}
832		842
@@ -1028,6 +1038,8 @@ void print_help(void) {
1028	printf(" %s\n", _("Send LHLO instead of HELO/EHLO"));	1038	printf(" %s\n", _("Send LHLO instead of HELO/EHLO"));
1029	printf(" %s\n", "-q, --ignore-quit-failure");	1039	printf(" %s\n", "-q, --ignore-quit-failure");
1030	printf(" %s\n", _("Ignore failure when sending QUIT command to server"));	1040	printf(" %s\n", _("Ignore failure when sending QUIT command to server"));
		1041	printf(" %s\n", "--ignore-certificate-expiration");
		1042	printf(" %s\n", _("Ignore certificate expiration"));
1031		1043
1032	printf(UT_WARN_CRIT);	1044	printf(UT_WARN_CRIT);
1033		1045


diff --git a/plugins/check_smtp.d/config.h b/plugins/check_smtp.d/config.h index 11d7fe56..b0d42ed1 100644 --- a/plugins/check_smtp.d/config.h +++ b/plugins/check_smtp.d/config.h
@@ -40,12 +40,13 @@ typedef struct {
40		40
41	bool use_proxy_prefix;	41	bool use_proxy_prefix;
42	#ifdef HAVE_SSL	42	#ifdef HAVE_SSL
43	bool check_cert;
44	int days_till_exp_warn;	43	int days_till_exp_warn;
45	int days_till_exp_crit;	44	int days_till_exp_crit;
46	bool use_ssl;	45	bool use_ssl;
47	bool use_starttls;	46	bool use_starttls;
48	bool use_sni;	47	bool use_sni;
		48
		49	bool ignore_certificate_expiration;
49	#endif	50	#endif
50		51
51	bool output_format_is_set;	52	bool output_format_is_set;
@@ -80,12 +81,13 @@ check_smtp_config check_smtp_config_init() {
80		81
81	.use_proxy_prefix = false,	82	.use_proxy_prefix = false,
82	#ifdef HAVE_SSL	83	#ifdef HAVE_SSL
83	.check_cert = false,
84	.days_till_exp_warn = 0,	84	.days_till_exp_warn = 0,
85	.days_till_exp_crit = 0,	85	.days_till_exp_crit = 0,
86	.use_ssl = false,	86	.use_ssl = false,
87	.use_starttls = false,	87	.use_starttls = false,
88	.use_sni = false,	88	.use_sni = false,
		89
		90	.ignore_certificate_expiration = false,
89	#endif	91	#endif
90		92
91	.output_format_is_set = false,	93	.output_format_is_set = false,