1 files changed, 293 insertions, 0 deletions
diff --git a/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch b/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch
new file mode 100644
index 0000000..a3935e8
--- /dev/null
+++ b/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch
@@ -0,0 +1,293 @@
+diff -ru nagios-plugins-1.4.15/plugins/check_http.c nagios-plugins-1.4.15-modified/plugins/check_http.c
+--- nagios-plugins-1.4.15/plugins/check_http.c  2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/check_http.c 2012-01-11 04:03:34.000000000 +0000
+@@ -58,7 +58,7 @@
+ 
+ #ifdef HAVE_SSL
+ int check_cert = FALSE;
+-int days_till_exp;
+int days_till_exp_warn, days_till_exp_crit;
+ char *randbuff;
+ X509 *server_cert;
+ #  define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+@@ -178,6 +178,7 @@
+ {
+   int c = 1;
+   char *p;
+  char *temp;
+ 
+   enum {
+     INVERT_REGEX = CHAR_MAX + 1,
+@@ -292,13 +293,25 @@
+       break;
+     case 'C': /* Check SSL cert validity */
+ #ifdef HAVE_SSL
+-      if (!is_intnonneg (optarg))
+-        usage2 (_("Invalid certificate expiration period"), optarg);
+      if ((temp=strchr(optarg,','))!=NULL) {
+       *temp='\0';
+       if (!is_intnonneg (temp))
+         usage2 (_("Invalid certificate expiration period"), optarg);
+       days_till_exp_warn = atoi(optarg);
+       *temp=',';
+       temp++;
+       if (!is_intnonneg (temp))
+         usage2 (_("Invalid certificate expiration period"), temp);
+       days_till_exp_crit = atoi (temp);
+      }
+       else {
+-        days_till_exp = atoi (optarg);
+-        check_cert = TRUE;
+       days_till_exp_crit=0;
+        if (!is_intnonneg (optarg))
+          usage2 (_("Invalid certificate expiration period"), optarg);
+        days_till_exp_warn = atoi (optarg);
+       }
+-     /* Fall through to -S option */
+      check_cert = TRUE;
+      /* Fall through to -S option */
+ #endif
+     case 'S': /* use SSL */
+ #ifndef HAVE_SSL
+@@ -809,7 +822,7 @@
+   if (use_ssl == TRUE) {
+     np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
+     if (check_cert == TRUE) {
+-      result = np_net_ssl_check_cert(days_till_exp);
+      result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+       np_net_ssl_cleanup();
+       if (sd) close(sd);
+       return result;
+@@ -1424,6 +1437,13 @@
+   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+   printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
+   printf (" %s\n", _("the certificate is expired."));
+
+  printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
+  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
+  printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+  printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+  printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+
+ #endif
+ 
+   printf (UT_SUPPORT);
+@@ -1441,6 +1461,6 @@
+   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+   printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+-  printf ("       [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+-  printf ("       [-j method]\n");
+  printf ("       [-A string] [-k string] [-S] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+  printf ("       [-T <content-type>] [-j method]\n");
+ }
+diff -ru nagios-plugins-1.4.15/plugins/check_smtp.c nagios-plugins-1.4.15-modified/plugins/check_smtp.c
+--- nagios-plugins-1.4.15/plugins/check_smtp.c  2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/check_smtp.c 2012-01-11 04:19:41.000000000 +0000
+@@ -41,7 +41,7 @@
+ 
+ #ifdef HAVE_SSL
+ int check_cert = FALSE;
+-int days_till_exp;
+int days_till_exp_warn, days_till_exp_crit;
+ #  define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+ #  define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+ #else /* ifndef HAVE_SSL */
+@@ -271,7 +271,7 @@
+ 
+ #  ifdef USE_OPENSSL
+                  if ( check_cert ) {
+-                   result = np_net_ssl_check_cert(days_till_exp);
+                   result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+                    if(result != STATE_OK){
+                      printf ("%s\n", _("CRITICAL - Cannot retrieve server certificate."));
+                    }
+@@ -453,6 +453,7 @@
+ process_arguments (int argc, char **argv)
+ {
+        int c;
+       char* temp;
+ 
+        int option = 0;
+        static struct option longopts[] = {
+@@ -595,12 +596,26 @@
+                case 'D':
+                /* Check SSL cert validity */
+ #ifdef USE_OPENSSL
+-                       if (!is_intnonneg (optarg))
+-                               usage2 ("Invalid certificate expiration period",optarg);
+-                               days_till_exp = atoi (optarg);
+-                               check_cert = TRUE;
+                        if ((temp=strchr(optarg,','))!=NULL) {
+                            *temp='\0';
+                            if (!is_intnonneg (temp))
+                               usage2 ("Invalid certificate expiration period", optarg);
+                            days_till_exp_warn = atoi(optarg);
+                            *temp=',';
+                            temp++;
+                            if (!is_intnonneg (temp))
+                                usage2 (_("Invalid certificate expiration period"), temp);
+                            days_till_exp_crit = atoi (temp);
+                        }
+                        else {
+                            days_till_exp_crit=0;
+                            if (!is_intnonneg (optarg))
+                                usage2 ("Invalid certificate expiration period", optarg);
+                            days_till_exp_warn = atoi (optarg);
+                        }
+                       check_cert = TRUE;
+ #else
+-                               usage (_("SSL support not available - install OpenSSL and recompile"));
+                       usage (_("SSL support not available - install OpenSSL and recompile"));
+ #endif
+                        break;
+                case '4':
+@@ -785,7 +800,7 @@
+   printf (" %s\n", "-F, --fqdn=STRING");
+   printf ("    %s\n", _("FQDN used for HELO"));
+ #ifdef HAVE_SSL
+-  printf (" %s\n", "-D, --certificate=INTEGER");
+  printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
+   printf ("    %s\n", _("Minimum number of days a certificate has to be valid."));
+   printf (" %s\n", "-S, --starttls");
+   printf ("    %s\n", _("Use STARTTLS for the connection."));
+@@ -819,8 +834,8 @@
+ print_usage (void)
+ {
+   printf ("%s\n", _("Usage:"));
+-  printf ("%s -H host [-p port] [-e expect] [-C command] [-f from addr]", progname);
+-  printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout]\n");
+-  printf ("[-F fqdn] [-S] [-D days] [-v] [-4|-6]\n");
+  printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-f from addr]\n", progname);
+  printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-v]\n");
+  printf ("[-F fqdn] [-S] [-D <warn days to cert expiry>[<crit days to warn expire>]\n");
+ }
+ 
+diff -ru nagios-plugins-1.4.15/plugins/check_tcp.c nagios-plugins-1.4.15-modified/plugins/check_tcp.c
+--- nagios-plugins-1.4.15/plugins/check_tcp.c   2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/check_tcp.c  2012-01-11 04:20:15.000000000 +0000
+@@ -39,7 +39,7 @@
+ 
+ #ifdef HAVE_SSL
+ static int check_cert = FALSE;
+-static int days_till_exp;
+static int days_till_exp_warn, days_till_exp_crit;
+ # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+ # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+ #else
+@@ -235,8 +235,8 @@
+        if (flags & FLAG_SSL){
+                result = np_net_ssl_init(sd);
+                if (result == STATE_OK && check_cert == TRUE) {
+-                       result = np_net_ssl_check_cert(days_till_exp);
+-                       if(result != STATE_OK) {
+                       result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+                       if (result != STATE_OK) {
+                                printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
+                        }
+                }
+@@ -383,6 +383,7 @@
+ {
+        int c;
+        int escape = 0;
+       char *temp;
+ 
+        int option = 0;
+        static struct option longopts[] = {
+@@ -555,9 +556,22 @@
+                case 'D': /* Check SSL cert validity - days 'til certificate expiration */
+ #ifdef HAVE_SSL
+ #  ifdef USE_OPENSSL /* XXX */
+-                       if (!is_intnonneg (optarg))
+                       if ((temp=strchr(optarg,','))!=NULL) {
+                           *temp='\0';
+                           if (!is_intnonneg (temp))
+                               usage2 (_("Invalid certificate expiration period"), optarg);                             days_till_exp_warn = atoi(optarg);
+                           *temp=',';
+                           temp++;
+                           if (!is_intnonneg (temp))
+                               usage2 (_("Invalid certificate expiration period"), temp);
+                           days_till_exp_crit = atoi (temp);
+                       }
+                       else {
+                           days_till_exp_crit=0;
+                           if (!is_intnonneg (optarg))
+                                usage2 (_("Invalid certificate expiration period"), optarg);
+-                       days_till_exp = atoi (optarg);
+                           days_till_exp_warn = atoi (optarg);
+                       }
+                        check_cert = TRUE;
+                        flags |= FLAG_SSL;
+                        break;
+@@ -629,8 +643,9 @@
+   printf ("    %s\n", _("Seconds to wait between sending string and polling for response"));
+ 
+ #ifdef HAVE_SSL
+-       printf (" %s\n", "-D, --certificate=INTEGER");
+       printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
+   printf ("    %s\n", _("Minimum number of days a certificate has to be valid."));
+  printf ("    %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0)."));
+   printf (" %s\n", "-S, --ssl");
+   printf ("    %s\n", _("Use SSL for the connection."));
+ #endif
+@@ -652,6 +667,6 @@
+   printf ("%s -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]\n",progname);
+   printf ("[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]\n");
+   printf ("[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4|-6] [-j]\n");
+-  printf ("[-D <days to cert expiry>] [-S <use SSL>] [-E]\n");
+  printf ("[-D <warn days to cert expiry>[,<crit days to warn expire>]] [-S <use SSL>] [-E]\n");
+ }
+ 
+Only in nagios-plugins-1.4.15-modified/plugins: .deps
+Only in nagios-plugins-1.4.15-modified/plugins: Makefile
+diff -ru nagios-plugins-1.4.15/plugins/netutils.h nagios-plugins-1.4.15-modified/plugins/netutils.h
+--- nagios-plugins-1.4.15/plugins/netutils.h    2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/netutils.h   2012-01-11 03:52:18.000000000 +0000
+@@ -103,7 +103,7 @@
+ void np_net_ssl_cleanup();
+ int np_net_ssl_write(const void *buf, int num);
+ int np_net_ssl_read(void *buf, int num);
+-int np_net_ssl_check_cert(int days_till_exp);
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit);
+ #endif /* HAVE_SSL */
+ 
+ #endif /* _NETUTILS_H_ */
+diff -ru nagios-plugins-1.4.15/plugins/sslutils.c nagios-plugins-1.4.15-modified/plugins/sslutils.c
+--- nagios-plugins-1.4.15/plugins/sslutils.c    2010-07-27 20:47:16.000000000 +0000
+++ nagios-plugins-1.4.15-modified/plugins/sslutils.c   2012-01-11 03:51:39.000000000 +0000
+@@ -94,7 +94,7 @@
+        return SSL_read(s, buf, num);
+ }
+ 
+-int np_net_ssl_check_cert(int days_till_exp){
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+ #  ifdef USE_OPENSSL
+        X509 *certificate=NULL;
+        ASN1_STRING *tm;
+@@ -154,15 +154,21 @@
+                 stamp.tm_mon + 1,
+                 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
+ 
+-       if (days_left > 0 && days_left <= days_till_exp) {
+-               printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
+-               return STATE_WARNING;
+       if (days_left > 0 && days_left <= days_till_exp_warn) {
+               printf (_("%s - Certificate expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", days_left, timestamp);
+               if (days_left > days_till_exp_crit)
+                   return STATE_WARNING;
+               else
+                   return STATE_CRITICAL;
+        } else if (time_left < 0) {
+                printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
+                return STATE_CRITICAL;
+        } else if (days_left == 0) {
+-               printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
+-               return STATE_WARNING;
+               printf (_("%s - Certificate expires today (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", timestamp);
+                if (days_left > days_till_exp_crit)
+                    return STATE_WARNING;
+                else
+                    return STATE_CRITICAL;
+        }
+ 
+        printf (_("OK - Certificate will expire on %s.\n"), timestamp);

diff --git a/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch b/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch new file mode 100644 index 0000000..a3935e8 --- /dev/null +++ b/web/attachments/432992-nagios-plugins-1.4.15-certexpire_warncrit.patch
@@ -0,0 +1,293 @@
	1	diff -ru nagios-plugins-1.4.15/plugins/check_http.c nagios-plugins-1.4.15-modified/plugins/check_http.c
	2	--- nagios-plugins-1.4.15/plugins/check_http.c 2010-07-27 20:47:16.000000000 +0000
	3	+++ nagios-plugins-1.4.15-modified/plugins/check_http.c 2012-01-11 04:03:34.000000000 +0000
	4	@@ -58,7 +58,7 @@
	5
	6	#ifdef HAVE_SSL
	7	int check_cert = FALSE;
	8	-int days_till_exp;
	9	+int days_till_exp_warn, days_till_exp_crit;
	10	char *randbuff;
	11	X509 *server_cert;
	12	# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
	13	@@ -178,6 +178,7 @@
	14	{
	15	int c = 1;
	16	char *p;
	17	+ char *temp;
	18
	19	enum {
	20	INVERT_REGEX = CHAR_MAX + 1,
	21	@@ -292,13 +293,25 @@
	22	break;
	23	case 'C': /* Check SSL cert validity */
	24	#ifdef HAVE_SSL
	25	- if (!is_intnonneg (optarg))
	26	- usage2 (_("Invalid certificate expiration period"), optarg);
	27	+ if ((temp=strchr(optarg,','))!=NULL) {
	28	+ *temp='\0';
	29	+ if (!is_intnonneg (temp))
	30	+ usage2 (_("Invalid certificate expiration period"), optarg);
	31	+ days_till_exp_warn = atoi(optarg);
	32	+ *temp=',';
	33	+ temp++;
	34	+ if (!is_intnonneg (temp))
	35	+ usage2 (_("Invalid certificate expiration period"), temp);
	36	+ days_till_exp_crit = atoi (temp);
	37	+ }
	38	else {
	39	- days_till_exp = atoi (optarg);
	40	- check_cert = TRUE;
	41	+ days_till_exp_crit=0;
	42	+ if (!is_intnonneg (optarg))
	43	+ usage2 (_("Invalid certificate expiration period"), optarg);
	44	+ days_till_exp_warn = atoi (optarg);
	45	}
	46	- /* Fall through to -S option */
	47	+ check_cert = TRUE;
	48	+ /* Fall through to -S option */
	49	#endif
	50	case 'S': /* use SSL */
	51	#ifndef HAVE_SSL
	52	@@ -809,7 +822,7 @@
	53	if (use_ssl == TRUE) {
	54	np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
	55	if (check_cert == TRUE) {
	56	- result = np_net_ssl_check_cert(days_till_exp);
	57	+ result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
	58	np_net_ssl_cleanup();
	59	if (sd) close(sd);
	60	return result;
	61	@@ -1424,6 +1437,13 @@
	62	printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
	63	printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
	64	printf (" %s\n", _("the certificate is expired."));
	65	+
	66	+ printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
	67	+ printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
	68	+ printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
	69	+ printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
	70	+ printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
	71	+
	72	#endif
	73
	74	printf (UT_SUPPORT);
	75	@@ -1441,6 +1461,6 @@
	76	printf (" [-b proxy_auth] [-f <ok\|warning\|critcal\|follow\|sticky\|stickyport>]\n");
	77	printf (" [-e <expect>] [-s string] [-l] [-r <regex> \| -R <case-insensitive regex>]\n");
	78	printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4\|-6] [-N] [-M <age>]\n");
	79	- printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
	80	- printf (" [-j method]\n");
	81	+ printf (" [-A string] [-k string] [-S] [--sni] [-C <warn_age>[,<crit_age>]]\n");
	82	+ printf (" [-T <content-type>] [-j method]\n");
	83	}
	84	diff -ru nagios-plugins-1.4.15/plugins/check_smtp.c nagios-plugins-1.4.15-modified/plugins/check_smtp.c
	85	--- nagios-plugins-1.4.15/plugins/check_smtp.c 2010-07-27 20:47:16.000000000 +0000
	86	+++ nagios-plugins-1.4.15-modified/plugins/check_smtp.c 2012-01-11 04:19:41.000000000 +0000
	87	@@ -41,7 +41,7 @@
	88
	89	#ifdef HAVE_SSL
	90	int check_cert = FALSE;
	91	-int days_till_exp;
	92	+int days_till_exp_warn, days_till_exp_crit;
	93	# define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
	94	# define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
	95	#else /* ifndef HAVE_SSL */
	96	@@ -271,7 +271,7 @@
	97
	98	# ifdef USE_OPENSSL
	99	if ( check_cert ) {
	100	- result = np_net_ssl_check_cert(days_till_exp);
	101	+ result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
	102	if(result != STATE_OK){
	103	printf ("%s\n", _("CRITICAL - Cannot retrieve server certificate."));
	104	}
	105	@@ -453,6 +453,7 @@
	106	process_arguments (int argc, char **argv)
	107	{
	108	int c;
	109	+ char* temp;
	110
	111	int option = 0;
	112	static struct option longopts[] = {
	113	@@ -595,12 +596,26 @@
	114	case 'D':
	115	/* Check SSL cert validity */
	116	#ifdef USE_OPENSSL
	117	- if (!is_intnonneg (optarg))
	118	- usage2 ("Invalid certificate expiration period",optarg);
	119	- days_till_exp = atoi (optarg);
	120	- check_cert = TRUE;
	121	+ if ((temp=strchr(optarg,','))!=NULL) {
	122	+ *temp='\0';
	123	+ if (!is_intnonneg (temp))
	124	+ usage2 ("Invalid certificate expiration period", optarg);
	125	+ days_till_exp_warn = atoi(optarg);
	126	+ *temp=',';
	127	+ temp++;
	128	+ if (!is_intnonneg (temp))
	129	+ usage2 (_("Invalid certificate expiration period"), temp);
	130	+ days_till_exp_crit = atoi (temp);
	131	+ }
	132	+ else {
	133	+ days_till_exp_crit=0;
	134	+ if (!is_intnonneg (optarg))
	135	+ usage2 ("Invalid certificate expiration period", optarg);
	136	+ days_till_exp_warn = atoi (optarg);
	137	+ }
	138	+ check_cert = TRUE;
	139	#else
	140	- usage (_("SSL support not available - install OpenSSL and recompile"));
	141	+ usage (_("SSL support not available - install OpenSSL and recompile"));
	142	#endif
	143	break;
	144	case '4':
	145	@@ -785,7 +800,7 @@
	146	printf (" %s\n", "-F, --fqdn=STRING");
	147	printf (" %s\n", _("FQDN used for HELO"));
	148	#ifdef HAVE_SSL
	149	- printf (" %s\n", "-D, --certificate=INTEGER");
	150	+ printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
	151	printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
	152	printf (" %s\n", "-S, --starttls");
	153	printf (" %s\n", _("Use STARTTLS for the connection."));
	154	@@ -819,8 +834,8 @@
	155	print_usage (void)
	156	{
	157	printf ("%s\n", _("Usage:"));
	158	- printf ("%s -H host [-p port] [-e expect] [-C command] [-f from addr]", progname);
	159	- printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout]\n");
	160	- printf ("[-F fqdn] [-S] [-D days] [-v] [-4\|-6]\n");
	161	+ printf ("%s -H host [-p port] [-4\|-6] [-e expect] [-C command] [-f from addr]\n", progname);
	162	+ printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-v]\n");
	163	+ printf ("[-F fqdn] [-S] [-D <warn days to cert expiry>[<crit days to warn expire>]\n");
	164	}
	165
	166	diff -ru nagios-plugins-1.4.15/plugins/check_tcp.c nagios-plugins-1.4.15-modified/plugins/check_tcp.c
	167	--- nagios-plugins-1.4.15/plugins/check_tcp.c 2010-07-27 20:47:16.000000000 +0000
	168	+++ nagios-plugins-1.4.15-modified/plugins/check_tcp.c 2012-01-11 04:20:15.000000000 +0000
	169	@@ -39,7 +39,7 @@
	170
	171	#ifdef HAVE_SSL
	172	static int check_cert = FALSE;
	173	-static int days_till_exp;
	174	+static int days_till_exp_warn, days_till_exp_crit;
	175	# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
	176	# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
	177	#else
	178	@@ -235,8 +235,8 @@
	179	if (flags & FLAG_SSL){
	180	result = np_net_ssl_init(sd);
	181	if (result == STATE_OK && check_cert == TRUE) {
	182	- result = np_net_ssl_check_cert(days_till_exp);
	183	- if(result != STATE_OK) {
	184	+ result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
	185	+ if (result != STATE_OK) {
	186	printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
	187	}
	188	}
	189	@@ -383,6 +383,7 @@
	190	{
	191	int c;
	192	int escape = 0;
	193	+ char *temp;
	194
	195	int option = 0;
	196	static struct option longopts[] = {
	197	@@ -555,9 +556,22 @@
	198	case 'D': /* Check SSL cert validity - days 'til certificate expiration */
	199	#ifdef HAVE_SSL
	200	# ifdef USE_OPENSSL /* XXX */
	201	- if (!is_intnonneg (optarg))
	202	+ if ((temp=strchr(optarg,','))!=NULL) {
	203	+ *temp='\0';
	204	+ if (!is_intnonneg (temp))
	205	+ usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg);
	206	+ *temp=',';
	207	+ temp++;
	208	+ if (!is_intnonneg (temp))
	209	+ usage2 (_("Invalid certificate expiration period"), temp);
	210	+ days_till_exp_crit = atoi (temp);
	211	+ }
	212	+ else {
	213	+ days_till_exp_crit=0;
	214	+ if (!is_intnonneg (optarg))
	215	usage2 (_("Invalid certificate expiration period"), optarg);
	216	- days_till_exp = atoi (optarg);
	217	+ days_till_exp_warn = atoi (optarg);
	218	+ }
	219	check_cert = TRUE;
	220	flags \|= FLAG_SSL;
	221	break;
	222	@@ -629,8 +643,9 @@
	223	printf (" %s\n", _("Seconds to wait between sending string and polling for response"));
	224
	225	#ifdef HAVE_SSL
	226	- printf (" %s\n", "-D, --certificate=INTEGER");
	227	+ printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
	228	printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
	229	+ printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0)."));
	230	printf (" %s\n", "-S, --ssl");
	231	printf (" %s\n", _("Use SSL for the connection."));
	232	#endif
	233	@@ -652,6 +667,6 @@
	234	printf ("%s -H host -p port [-w <warning time>] [-c <critical time>] [-s <send string>]\n",progname);
	235	printf ("[-e <expect string>] [-q <quit string>][-m <maximum bytes>] [-d <delay>]\n");
	236	printf ("[-t <timeout seconds>] [-r <refuse state>] [-M <mismatch state>] [-v] [-4\|-6] [-j]\n");
	237	- printf ("[-D <days to cert expiry>] [-S <use SSL>] [-E]\n");
	238	+ printf ("[-D <warn days to cert expiry>[,<crit days to warn expire>]] [-S <use SSL>] [-E]\n");
	239	}
	240
	241	Only in nagios-plugins-1.4.15-modified/plugins: .deps
	242	Only in nagios-plugins-1.4.15-modified/plugins: Makefile
	243	diff -ru nagios-plugins-1.4.15/plugins/netutils.h nagios-plugins-1.4.15-modified/plugins/netutils.h
	244	--- nagios-plugins-1.4.15/plugins/netutils.h 2010-07-27 20:47:16.000000000 +0000
	245	+++ nagios-plugins-1.4.15-modified/plugins/netutils.h 2012-01-11 03:52:18.000000000 +0000
	246	@@ -103,7 +103,7 @@
	247	void np_net_ssl_cleanup();
	248	int np_net_ssl_write(const void *buf, int num);
	249	int np_net_ssl_read(void *buf, int num);
	250	-int np_net_ssl_check_cert(int days_till_exp);
	251	+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit);
	252	#endif /* HAVE_SSL */
	253
	254	#endif /* _NETUTILS_H_ */
	255	diff -ru nagios-plugins-1.4.15/plugins/sslutils.c nagios-plugins-1.4.15-modified/plugins/sslutils.c
	256	--- nagios-plugins-1.4.15/plugins/sslutils.c 2010-07-27 20:47:16.000000000 +0000
	257	+++ nagios-plugins-1.4.15-modified/plugins/sslutils.c 2012-01-11 03:51:39.000000000 +0000
	258	@@ -94,7 +94,7 @@
	259	return SSL_read(s, buf, num);
	260	}
	261
	262	-int np_net_ssl_check_cert(int days_till_exp){
	263	+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
	264	# ifdef USE_OPENSSL
	265	X509 *certificate=NULL;
	266	ASN1_STRING *tm;
	267	@@ -154,15 +154,21 @@
	268	stamp.tm_mon + 1,
	269	stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
	270
	271	- if (days_left > 0 && days_left <= days_till_exp) {
	272	- printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
	273	- return STATE_WARNING;
	274	+ if (days_left > 0 && days_left <= days_till_exp_warn) {
	275	+ printf (_("%s - Certificate expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", days_left, timestamp);
	276	+ if (days_left > days_till_exp_crit)
	277	+ return STATE_WARNING;
	278	+ else
	279	+ return STATE_CRITICAL;
	280	} else if (time_left < 0) {
	281	printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
	282	return STATE_CRITICAL;
	283	} else if (days_left == 0) {
	284	- printf (_("WARNING - Certificate expires today (%s).\n"), timestamp);
	285	- return STATE_WARNING;
	286	+ printf (_("%s - Certificate expires today (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", timestamp);
	287	+ if (days_left > days_till_exp_crit)
	288	+ return STATE_WARNING;
	289	+ else
	290	+ return STATE_CRITICAL;
	291	}
	292
	293	printf (_("OK - Certificate will expire on %s.\n"), timestamp);