On Fri, Oct 14, 2011 at 3:24 PM, Tobias Mueller <[email protected]> wrote: > Heya :-) > > Note that you can replace the following > On 14.10.2011 00:30, Owen Taylor wrote: >> process = subprocess.Popen(['openssl', 's_client', '-host', host, >> '-port', '443'], >> stdout=subprocess.PIPE, >> stdin=subprocess.PIPE, stderr=subprocess.PIPE) >> output, error = process.communicate("") >> if process.returncode != 0: >> print "Failed to download cert from", host >> print error >> return None >> >> cert_lines = [] >> >> i = output.split('\n').__iter__() >> >> for line in i: >> if re.match('-----BEGIN CERTIFICATE-----', line): >> cert_lines.append(line) >> break >> >> for line in i: >> cert_lines.append(line) >> if re.match('-----END CERTIFICATE-----', line): >> break >> >> cert = '\n'.join(cert_lines) > > With smth like: > import ssl > addr_port = (settings.SERVER_ADDRESS, > settings.SERVER_SSL_PORT) > cert = ssl.get_server_certificate(addr_port)
Honestly you shouldn't NIH so badly here. Forking openssl from python seems unnecessary. Just install the nagios plugins and use check_http. Have the script to check the certs loop over a list of domains and run check_http with the flags to check the cert expiry. Then just use the return code to fail or not. -- Jeff Schroeder Don't drink and derive, alcohol and analysis don't mix. http://www.digitalprognosis.com _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
