From 083952c426a250eaf6810b3b22e7555e4aeb3f2d Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Thu, 12 Jun 2014 00:02:26 +0200 Subject: Fix compilation with GnuTLS GnuTLS doesn't provide a SSL_CTX_check_private_key() function. Closes #1254. --- plugins/sslutils.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins/sslutils.c') diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 2732125d..687bffb7 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -86,10 +86,12 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int if (cert && privkey) { SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); +#ifdef USE_OPENSSL if (!SSL_CTX_check_private_key(c)) { printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n")); return STATE_CRITICAL; } +#endif } #ifdef SSL_OP_NO_TICKET SSL_CTX_set_options(c, SSL_OP_NO_TICKET); -- cgit v1.2.3-74-g34f1 From 3bf812beaee7035b1c08e49b55d7962056931d7b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 1 Oct 2013 09:26:41 +0200 Subject: sslutils: expire time in local timezone format sshutils prints the expiry time of certificates in US format this patch uses the strftime %c, I don't know how portable that is Thanks to Neil Prockter. Closes #1188 Closes #1161 Closes #977 Closes #976 Closes #975 Closes #840 Closes #382 --- THANKS.in | 1 + plugins/sslutils.c | 9 ++++----- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'plugins/sslutils.c') diff --git a/THANKS.in b/THANKS.in index 43ba182f..6738ae7f 100644 --- a/THANKS.in +++ b/THANKS.in @@ -324,3 +324,4 @@ Jean-Claude Computing Andy Brist Mikael Falkvidd Patric Wust +Neil Prockter diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 687bffb7..d0ae4741 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -153,7 +153,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ struct tm stamp; float time_left; int days_left; - char timestamp[17] = ""; + char timestamp[50] = ""; + time_t tm_t; certificate=SSL_get_peer_certificate(s); if (!certificate) { @@ -211,10 +212,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ time_left = difftime(timegm(&stamp), time(NULL)); days_left = time_left / 86400; - snprintf - (timestamp, 17, "%02d/%02d/%04d %02d:%02d", - stamp.tm_mon + 1, - stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); + tm_t = mktime (&stamp); + strftime(timestamp, 50, "%c", localtime(&tm_t)); if (days_left > 0 && days_left <= days_till_exp_warn) { printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); -- cgit v1.2.3-74-g34f1