summaryrefslogtreecommitdiffstats
path: root/web/attachments/273929-nagiosplug-sni-trunk.patch
blob: c6d2c3e7d96bb243d3cefadad83825441a1b17cb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

Index: plugins/netutils.h
===================================================================
--- plugins/netutils.h	(revision 1977)
+++ plugins/netutils.h	(working copy)
@@ -99,6 +99,7 @@
 int np_net_ssl_write(const void *buf, int num);
 int np_net_ssl_read(void *buf, int num);
 int np_net_ssl_check_cert(int days_till_exp);
+void np_net_ssl_set_host_name(const char *buf);
 #endif /* HAVE_SSL */
 
 #endif /* _NETUTILS_H_ */
Index: plugins/sslutils.c
===================================================================
--- plugins/sslutils.c	(revision 1977)
+++ plugins/sslutils.c	(working copy)
@@ -37,6 +37,7 @@
 static SSL_CTX *c=NULL;
 static SSL *s=NULL;
 static int initialized=0;
+const char *host_name=NULL;
 
 int np_net_ssl_init (int sd){
 		if (!initialized) {
@@ -51,6 +52,10 @@
 				return STATE_CRITICAL;
 		}
 		if ((s = SSL_new (c)) != NULL){
+#ifdef SSL_set_tlsext_host_name
+				if (host_name != NULL)
+					SSL_set_tlsext_host_name(s, host_name);
+#endif
 				SSL_set_fd (s, sd);
 				if (SSL_connect(s) == 1){
 						return OK;
@@ -68,6 +73,9 @@
 
 void np_net_ssl_cleanup (){
 		if(s){
+#ifdef SSL_set_tlsext_host_name
+				SSL_set_tlsext_host_name(s, NULL);
+#endif
 				SSL_shutdown (s);
 				SSL_free (s);
 				if(c) {
@@ -93,7 +101,7 @@
 	int offset;
 	struct tm stamp;
 	int days_left;
-	char timestamp[17] = "";
+	char timestamp[21] = "";
 
 	certificate=SSL_get_peer_certificate(s);
 	if(! certificate){
@@ -138,16 +146,17 @@
 	stamp.tm_sec = 0;
 	stamp.tm_isdst = -1;
 
-	days_left = (mktime (&stamp) - time (NULL)) / 86400;
+	float time_left = difftime(timegm(&stamp), time(NULL));
+	days_left = time_left / 86400;
 	snprintf
-		(timestamp, 17, "%02d/%02d/%04d %02d:%02d",
+		(timestamp, 21, "%02d/%02d/%04d %02d:%02d %s",
 		 stamp.tm_mon + 1,
-		 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
+		 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min, stamp.tm_zone);
 
 	if (days_left > 0 && days_left <= days_till_exp) {
 		printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp);
 		return STATE_WARNING;
-	} else if (days_left < 0) {
+	} else if (time_left < 0) {
 		printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp);
 		return STATE_CRITICAL;
 	} else if (days_left == 0) {
@@ -164,4 +173,8 @@
 #  endif /* USE_OPENSSL */
 }
 
+void np_net_ssl_set_host_name (const char *buf){
+	host_name = buf;
+}
+
 #endif /* HAVE_SSL */