diff -ru nagios-plugins-1.4.15/plugins/check_http.c nagios-plugins-1.4.15-modified/plugins/check_http.c --- nagios-plugins-1.4.15/plugins/check_http.c 2010-07-27 20:47:16.000000000 +0000 +++ nagios-plugins-1.4.15-modified/plugins/check_http.c 2012-01-11 04:03:34.000000000 +0000 @@ -58,7 +58,7 @@ #ifdef HAVE_SSL int check_cert = FALSE; -int days_till_exp; +int days_till_exp_warn, days_till_exp_crit; char *randbuff; X509 *server_cert; # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) @@ -178,6 +178,7 @@ { int c = 1; char *p; + char *temp; enum { INVERT_REGEX = CHAR_MAX + 1, @@ -292,13 +293,25 @@ break; case 'C': /* Check SSL cert validity */ #ifdef HAVE_SSL - if (!is_intnonneg (optarg)) - usage2 (_("Invalid certificate expiration period"), optarg); + if ((temp=strchr(optarg,','))!=NULL) { + *temp='\0'; + if (!is_intnonneg (temp)) + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi(optarg); + *temp=','; + temp++; + if (!is_intnonneg (temp)) + usage2 (_("Invalid certificate expiration period"), temp); + days_till_exp_crit = atoi (temp); + } else { - days_till_exp = atoi (optarg); - check_cert = TRUE; + days_till_exp_crit=0; + if (!is_intnonneg (optarg)) + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi (optarg); } - /* Fall through to -S option */ + check_cert = TRUE; + /* Fall through to -S option */ #endif case 'S': /* use SSL */ #ifndef HAVE_SSL @@ -809,7 +822,7 @@ if (use_ssl == TRUE) { np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); if (check_cert == TRUE) { - result = np_net_ssl_check_cert(days_till_exp); + result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); np_net_ssl_cleanup(); if (sd) close(sd); return result; @@ -1424,6 +1437,13 @@ printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); printf (" %s\n", _("the certificate is expired.")); + + printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); + printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); + printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); + #endif printf (UT_SUPPORT); @@ -1441,6 +1461,6 @@ printf (" [-b proxy_auth] [-f ]\n"); printf (" [-e ] [-s string] [-l] [-r | -R ]\n"); printf (" [-P string] [-m :] [-4|-6] [-N] [-M ]\n"); - printf (" [-A string] [-k string] [-S] [--sni] [-C ] [-T ]\n"); - printf (" [-j method]\n"); + printf (" [-A string] [-k string] [-S] [--sni] [-C [,]]\n"); + printf (" [-T ] [-j method]\n"); } diff -ru nagios-plugins-1.4.15/plugins/check_smtp.c nagios-plugins-1.4.15-modified/plugins/check_smtp.c --- nagios-plugins-1.4.15/plugins/check_smtp.c 2010-07-27 20:47:16.000000000 +0000 +++ nagios-plugins-1.4.15-modified/plugins/check_smtp.c 2012-01-11 04:19:41.000000000 +0000 @@ -41,7 +41,7 @@ #ifdef HAVE_SSL int check_cert = FALSE; -int days_till_exp; +int days_till_exp_warn, days_till_exp_crit; # define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) # define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) #else /* ifndef HAVE_SSL */ @@ -271,7 +271,7 @@ # ifdef USE_OPENSSL if ( check_cert ) { - result = np_net_ssl_check_cert(days_till_exp); + result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); if(result != STATE_OK){ printf ("%s\n", _("CRITICAL - Cannot retrieve server certificate.")); } @@ -453,6 +453,7 @@ process_arguments (int argc, char **argv) { int c; + char* temp; int option = 0; static struct option longopts[] = { @@ -595,12 +596,26 @@ case 'D': /* Check SSL cert validity */ #ifdef USE_OPENSSL - if (!is_intnonneg (optarg)) - usage2 ("Invalid certificate expiration period",optarg); - days_till_exp = atoi (optarg); - check_cert = TRUE; + if ((temp=strchr(optarg,','))!=NULL) { + *temp='\0'; + if (!is_intnonneg (temp)) + usage2 ("Invalid certificate expiration period", optarg); + days_till_exp_warn = atoi(optarg); + *temp=','; + temp++; + if (!is_intnonneg (temp)) + usage2 (_("Invalid certificate expiration period"), temp); + days_till_exp_crit = atoi (temp); + } + else { + days_till_exp_crit=0; + if (!is_intnonneg (optarg)) + usage2 ("Invalid certificate expiration period", optarg); + days_till_exp_warn = atoi (optarg); + } + check_cert = TRUE; #else - usage (_("SSL support not available - install OpenSSL and recompile")); + usage (_("SSL support not available - install OpenSSL and recompile")); #endif break; case '4': @@ -785,7 +800,7 @@ printf (" %s\n", "-F, --fqdn=STRING"); printf (" %s\n", _("FQDN used for HELO")); #ifdef HAVE_SSL - printf (" %s\n", "-D, --certificate=INTEGER"); + printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); printf (" %s\n", "-S, --starttls"); printf (" %s\n", _("Use STARTTLS for the connection.")); @@ -819,8 +834,8 @@ print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s -H host [-p port] [-e expect] [-C command] [-f from addr]", progname); - printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout]\n"); - printf ("[-F fqdn] [-S] [-D days] [-v] [-4|-6]\n"); + printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-f from addr]\n", progname); + printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-v]\n"); + printf ("[-F fqdn] [-S] [-D []\n"); } diff -ru nagios-plugins-1.4.15/plugins/check_tcp.c nagios-plugins-1.4.15-modified/plugins/check_tcp.c --- nagios-plugins-1.4.15/plugins/check_tcp.c 2010-07-27 20:47:16.000000000 +0000 +++ nagios-plugins-1.4.15-modified/plugins/check_tcp.c 2012-01-11 04:20:15.000000000 +0000 @@ -39,7 +39,7 @@ #ifdef HAVE_SSL static int check_cert = FALSE; -static int days_till_exp; +static int days_till_exp_warn, days_till_exp_crit; # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) #else @@ -235,8 +235,8 @@ if (flags & FLAG_SSL){ result = np_net_ssl_init(sd); if (result == STATE_OK && check_cert == TRUE) { - result = np_net_ssl_check_cert(days_till_exp); - if(result != STATE_OK) { + result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); + if (result != STATE_OK) { printf(_("CRITICAL - Cannot retrieve server certificate.\n")); } } @@ -383,6 +383,7 @@ { int c; int escape = 0; + char *temp; int option = 0; static struct option longopts[] = { @@ -555,9 +556,22 @@ case 'D': /* Check SSL cert validity - days 'til certificate expiration */ #ifdef HAVE_SSL # ifdef USE_OPENSSL /* XXX */ - if (!is_intnonneg (optarg)) + if ((temp=strchr(optarg,','))!=NULL) { + *temp='\0'; + if (!is_intnonneg (temp)) + usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg); + *temp=','; + temp++; + if (!is_intnonneg (temp)) + usage2 (_("Invalid certificate expiration period"), temp); + days_till_exp_crit = atoi (temp); + } + else { + days_till_exp_crit=0; + if (!is_intnonneg (optarg)) usage2 (_("Invalid certificate expiration period"), optarg); - days_till_exp = atoi (optarg); + days_till_exp_warn = atoi (optarg); + } check_cert = TRUE; flags |= FLAG_SSL; break; @@ -629,8 +643,9 @@ printf (" %s\n", _("Seconds to wait between sending string and polling for response")); #ifdef HAVE_SSL - printf (" %s\n", "-D, --certificate=INTEGER"); + printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); + printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0).")); printf (" %s\n", "-S, --ssl"); printf (" %s\n", _("Use SSL for the connection.")); #endif @@ -652,6 +667,6 @@ printf ("%s -H host -p port [-w ] [-c ] [-s ]\n",progname); printf ("[-e ] [-q ][-m ] [-d ]\n"); printf ("[-t ] [-r ] [-M ] [-v] [-4|-6] [-j]\n"); - printf ("[-D ] [-S ] [-E]\n"); + printf ("[-D [,]] [-S ] [-E]\n"); } Only in nagios-plugins-1.4.15-modified/plugins: .deps Only in nagios-plugins-1.4.15-modified/plugins: Makefile diff -ru nagios-plugins-1.4.15/plugins/netutils.h nagios-plugins-1.4.15-modified/plugins/netutils.h --- nagios-plugins-1.4.15/plugins/netutils.h 2010-07-27 20:47:16.000000000 +0000 +++ nagios-plugins-1.4.15-modified/plugins/netutils.h 2012-01-11 03:52:18.000000000 +0000 @@ -103,7 +103,7 @@ void np_net_ssl_cleanup(); int np_net_ssl_write(const void *buf, int num); int np_net_ssl_read(void *buf, int num); -int np_net_ssl_check_cert(int days_till_exp); +int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit); #endif /* HAVE_SSL */ #endif /* _NETUTILS_H_ */ diff -ru nagios-plugins-1.4.15/plugins/sslutils.c nagios-plugins-1.4.15-modified/plugins/sslutils.c --- nagios-plugins-1.4.15/plugins/sslutils.c 2010-07-27 20:47:16.000000000 +0000 +++ nagios-plugins-1.4.15-modified/plugins/sslutils.c 2012-01-11 03:51:39.000000000 +0000 @@ -94,7 +94,7 @@ return SSL_read(s, buf, num); } -int np_net_ssl_check_cert(int days_till_exp){ +int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ # ifdef USE_OPENSSL X509 *certificate=NULL; ASN1_STRING *tm; @@ -154,15 +154,21 @@ stamp.tm_mon + 1, stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); - if (days_left > 0 && days_left <= days_till_exp) { - printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); - return STATE_WARNING; + if (days_left > 0 && days_left <= days_till_exp_warn) { + printf (_("%s - Certificate expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", days_left, timestamp); + if (days_left > days_till_exp_crit) + return STATE_WARNING; + else + return STATE_CRITICAL; } else if (time_left < 0) { printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); return STATE_CRITICAL; } else if (days_left == 0) { - printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); - return STATE_WARNING; + printf (_("%s - Certificate expires today (%s).\n"), (days_left>days_till_exp_crit)?"CRITICAL":"WARNING", timestamp); + if (days_left > days_till_exp_crit) + return STATE_WARNING; + else + return STATE_CRITICAL; } printf (_("OK - Certificate will expire on %s.\n"), timestamp);