diff options
Diffstat (limited to 'web/attachments/273929-nagiosplug-sni-trunk.patch')
-rw-r--r-- | web/attachments/273929-nagiosplug-sni-trunk.patch | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/web/attachments/273929-nagiosplug-sni-trunk.patch b/web/attachments/273929-nagiosplug-sni-trunk.patch new file mode 100644 index 0000000..c6d2c3e --- /dev/null +++ b/web/attachments/273929-nagiosplug-sni-trunk.patch | |||
@@ -0,0 +1,85 @@ | |||
1 | Index: plugins/netutils.h | ||
2 | =================================================================== | ||
3 | --- plugins/netutils.h (revision 1977) | ||
4 | +++ plugins/netutils.h (working copy) | ||
5 | @@ -99,6 +99,7 @@ | ||
6 | int np_net_ssl_write(const void *buf, int num); | ||
7 | int np_net_ssl_read(void *buf, int num); | ||
8 | int np_net_ssl_check_cert(int days_till_exp); | ||
9 | +void np_net_ssl_set_host_name(const char *buf); | ||
10 | #endif /* HAVE_SSL */ | ||
11 | |||
12 | #endif /* _NETUTILS_H_ */ | ||
13 | Index: plugins/sslutils.c | ||
14 | =================================================================== | ||
15 | --- plugins/sslutils.c (revision 1977) | ||
16 | +++ plugins/sslutils.c (working copy) | ||
17 | @@ -37,6 +37,7 @@ | ||
18 | static SSL_CTX *c=NULL; | ||
19 | static SSL *s=NULL; | ||
20 | static int initialized=0; | ||
21 | +const char *host_name=NULL; | ||
22 | |||
23 | int np_net_ssl_init (int sd){ | ||
24 | if (!initialized) { | ||
25 | @@ -51,6 +52,10 @@ | ||
26 | return STATE_CRITICAL; | ||
27 | } | ||
28 | if ((s = SSL_new (c)) != NULL){ | ||
29 | +#ifdef SSL_set_tlsext_host_name | ||
30 | + if (host_name != NULL) | ||
31 | + SSL_set_tlsext_host_name(s, host_name); | ||
32 | +#endif | ||
33 | SSL_set_fd (s, sd); | ||
34 | if (SSL_connect(s) == 1){ | ||
35 | return OK; | ||
36 | @@ -68,6 +73,9 @@ | ||
37 | |||
38 | void np_net_ssl_cleanup (){ | ||
39 | if(s){ | ||
40 | +#ifdef SSL_set_tlsext_host_name | ||
41 | + SSL_set_tlsext_host_name(s, NULL); | ||
42 | +#endif | ||
43 | SSL_shutdown (s); | ||
44 | SSL_free (s); | ||
45 | if(c) { | ||
46 | @@ -93,7 +101,7 @@ | ||
47 | int offset; | ||
48 | struct tm stamp; | ||
49 | int days_left; | ||
50 | - char timestamp[17] = ""; | ||
51 | + char timestamp[21] = ""; | ||
52 | |||
53 | certificate=SSL_get_peer_certificate(s); | ||
54 | if(! certificate){ | ||
55 | @@ -138,16 +146,17 @@ | ||
56 | stamp.tm_sec = 0; | ||
57 | stamp.tm_isdst = -1; | ||
58 | |||
59 | - days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
60 | + float time_left = difftime(timegm(&stamp), time(NULL)); | ||
61 | + days_left = time_left / 86400; | ||
62 | snprintf | ||
63 | - (timestamp, 17, "%02d/%02d/%04d %02d:%02d", | ||
64 | + (timestamp, 21, "%02d/%02d/%04d %02d:%02d %s", | ||
65 | stamp.tm_mon + 1, | ||
66 | - stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
67 | + stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min, stamp.tm_zone); | ||
68 | |||
69 | if (days_left > 0 && days_left <= days_till_exp) { | ||
70 | printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
71 | return STATE_WARNING; | ||
72 | - } else if (days_left < 0) { | ||
73 | + } else if (time_left < 0) { | ||
74 | printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); | ||
75 | return STATE_CRITICAL; | ||
76 | } else if (days_left == 0) { | ||
77 | @@ -164,4 +173,8 @@ | ||
78 | # endif /* USE_OPENSSL */ | ||
79 | } | ||
80 | |||
81 | +void np_net_ssl_set_host_name (const char *buf){ | ||
82 | + host_name = buf; | ||
83 | +} | ||
84 | + | ||
85 | #endif /* HAVE_SSL */ | ||