Module: monitoring-plugins
Branch: feature_check_curl
Commit: e74128e66d3ce295d7603adc74a923fb481c14ae
Author: Andreas Baumann <m...@andreasbaumann.cc>
Date: Fri Apr 21 16:05:58 2017 +0000
URL:
https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=e74128e
made non-OpenSSL version of certificate -C check work
---
plugins/check_curl.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 114 insertions(+), 3 deletions(-)
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 878276e..603c7be 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -1752,26 +1752,137 @@ curlhelp_get_ssl_library_string (curlhelp_ssl_library
ssl_library)
}
#ifdef LIBCURL_FEATURE_SSL
+time_t
+parse_cert_date (const char *s)
+{
+ struct tm tm;
+ time_t date;
+
+ if (!s) return -1;
+
+ strptime (s, "%Y-%m-%d %H:%M:%S GMT", &tm);
+ date = mktime (&tm);
+
+ return date;
+}
+
+/* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to
+ * OpenSSL could be this function
+ */
int
net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int
days_till_exp_warn, int days_till_exp_crit)
{
int i;
- struct curl_slist *slist;
+ struct curl_slist* slist;
+ int cname_found = 0;
+ char* start_date_str = NULL;
+ char* end_date_str = NULL;
+ time_t start_date;
+ time_t end_date;
+ char *tz;
+ float time_left;
+ int days_left;
+ int time_remaining;
+ char timestamp[50] = "";
+ int status = STATE_UNKNOWN;
if (verbose >= 2)
printf ("**** REQUEST CERTIFICATES ****\n");
for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist =
slist->next) {
+ /* find first common name in subject, TODO: check alternative subjects
for
+ * multi-host certificate, check wildcards
+ */
+ if (strncmp (slist->data, "Subject:", 8) == 0) {
+ char* p = strstr (slist->data, "CN=");
+ if (p != NULL) {
+ if (strncmp (host_name, p+3, strlen (host_name)) == 0) {
+ cname_found = 1;
+ }
+ }
+ } else if (strncmp (slist->data, "Start Date:", 11) == 0) {
+ start_date_str = &slist->data[11];
+ } else if (strncmp (slist->data, "Expire Date:", 12) == 0) {
+ end_date_str = &slist->data[12];
+ } else if (strncmp (slist->data, "Cert:", 5) == 0) {
+ goto HAVE_FIRST_CERT;
+ }
if (verbose >= 2)
printf ("%d ** %s\n", i, slist->data);
}
}
+HAVE_FIRST_CERT:
if (verbose >= 2)
printf ("**** REQUEST CERTIFICATES ****\n");
+
+ if (!cname_found) {
+ printf("%s\n",_("CRITICAL - Cannot retrieve certificate
subject."));
+ return STATE_CRITICAL;
+ }
+
+ start_date = parse_cert_date (start_date_str);
+ if (start_date <= 0) {
+ snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Start Date'
in certificate: '%s'"),
+ start_date_str);
+ puts (msg);
+ return STATE_WARNING;
+ }
+
+ end_date = parse_cert_date (end_date_str);
+ if (end_date <= 0) {
+ snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Expire Date'
in certificate: '%s'"),
+ start_date_str);
+ puts (msg);
+ return STATE_WARNING;
+ }
- printf("%s\n", _("WARNING - Plugin does not support checking
certificates without OpenSSL."));
- return STATE_WARNING;
+ time_left = difftime (end_date, time(NULL));
+ days_left = time_left / 86400;
+ tz = getenv("TZ");
+ setenv("TZ", "GMT", 1);
+ tzset();
+ strftime(timestamp, 50, "%c %z", localtime(&end_date));
+ if (tz)
+ setenv("TZ", tz, 1);
+ else
+ unsetenv("TZ");
+ tzset();
+
+ if (days_left > 0 && days_left <= days_till_exp_warn) {
+ printf (_("%s - Certificate '%s' expires in %d day(s)
(%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name,
days_left, timestamp);
+ if (days_left > days_till_exp_crit)
+ status = STATE_WARNING;
+ else
+ status = STATE_CRITICAL;
+ } else if (days_left == 0 && time_left > 0) {
+ if (time_left >= 3600)
+ time_remaining = (int) time_left / 3600;
+ else
+ time_remaining = (int) time_left / 60;
+
+ printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+ (days_left>days_till_exp_crit) ? "WARNING" :
"CRITICAL", host_name, time_remaining,
+ time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+ if ( days_left > days_till_exp_crit)
+ status = STATE_WARNING;
+ else
+ status = STATE_CRITICAL;
+ } else if (time_left < 0) {
+ printf(_("CRITICAL - Certificate '%s' expired on %s.\n"),
host_name, timestamp);
+ status=STATE_CRITICAL;
+ } else if (days_left == 0) {
+ printf (_("%s - Certificate '%s' just expired (%s).\n"),
(days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, timestamp);
+ if (days_left > days_till_exp_crit)
+ status = STATE_WARNING;
+ else
+ status = STATE_CRITICAL;
+ } else {
+ printf(_("OK - Certificate '%s' will expire on %s.\n"),
host_name, timestamp);
+ status = STATE_OK;
+ }
+ return status;
}
#endif /* LIBCURL_FEATURE_SSL */
