tyler.durden/centreon-plugins
1
0
Fork 0
mirror of https://github.com/centreon/centreon-plugins.git synced 2025-07-27 23:54:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

#241 - Add SNI support (IO::Socket::SSL v1.56+ needed)

Browse Source
This commit is contained in:
Shini31 2016-01-13 15:52:07 +01:00
parent f1ad1d6c4f
commit ed72c12510
1 changed files with 62 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
apps/protocols/x509/mode/validity.pm
View File

@ -33,11 +33,12 @@ sub new {
my $self = $class->SUPER::new(package => __PACKAGE__, %options); my $self = $class->SUPER::new(package => __PACKAGE__, %options);
bless $self, $class; bless $self, $class;
$self->{version} = '1.3'; $self->{version} = '1.4';
$options{options}->add_options(arguments => $options{options}->add_options(arguments =>
{ {
"hostname:s" => { name => 'hostname' }, "hostname:s" => { name => 'hostname' },
"port:s" => { name => 'port', default => 443 }, "port:s" => { name => 'port' },
"servername:s" => { name => 'servername' },
"validity-mode:s" => { name => 'validity_mode' }, "validity-mode:s" => { name => 'validity_mode' },
"warning-date:s" => { name => 'warning' }, "warning-date:s" => { name => 'warning' },
"critical-date:s" => { name => 'critical' }, "critical-date:s" => { name => 'critical' },
@ -77,22 +78,14 @@ sub check_options {
sub run { sub run {
my ($self, %options) = @_; my ($self, %options) = @_;
#Global variables # Global variables
my ($connection, $ctx, $ssl, $cert); my ($cert, $client);
#Create Socket connection eval { $client = IO::Socket::SSL->new(
$connection = IO::Socket::INET->new(PeerAddr => $self->{option_results}->{hostname}, PeerHost => $self->{option_results}->{hostname},
PeerPort => $self->{option_results}->{port}, PeerPort => $self->{option_results}->{port},
Timeout => $self->{option_results}->{timeout}, $self->{option_results}->{servername} ? ( SSL_hostname => $self->{option_results}->{servername} ):(),
); ) };
if (!defined($connection)) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit();
} else {
#Create SSL context
eval { $ctx = Net::SSLeay::CTX_new() };
if ($@) { if ($@) {
$self->{output}->output_add(severity => 'CRITICAL', $self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf ("%s", $!)); short_msg => sprintf ("%s", $!));
@ -101,38 +94,15 @@ sub run {
$self->{output}->exit() $self->{output}->exit()
} }
#Create SSL connection
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
eval { $ssl = Net::SSLeay::new($ctx) };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
eval { Net::SSLeay::set_fd($ssl, fileno($connection)) };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
eval { Net::SSLeay::connect($ssl) };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
#Retrieve Certificat #Retrieve Certificat
$cert = Net::SSLeay::get_peer_certificate($ssl); eval { $cert = $client->peer_certificate() };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
#Expiration Date #Expiration Date
if ($self->{option_results}->{validity_mode} eq 'expiration') { if ($self->{option_results}->{validity_mode} eq 'expiration') {
@ -163,6 +133,7 @@ sub run {
$self->{output}->output_add(severity => 'OK', $self->{output}->output_add(severity => 'OK',
short_msg => sprintf("Subject Name [%s] is present in Certificate", join(', ', @subject_matched))); short_msg => sprintf("Subject Name [%s] is present in Certificate", join(', ', @subject_matched)));
} }
#Issuer Name #Issuer Name
} elsif ($self->{option_results}->{validity_mode} eq 'issuer') { } elsif ($self->{option_results}->{validity_mode} eq 'issuer') {
my $issuer_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert)); my $issuer_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert));
@ -177,7 +148,6 @@ sub run {
$self->{output}->display(); $self->{output}->display();
$self->{output}->exit(); $self->{output}->exit();
}
} }
1; 1;
@ -186,7 +156,7 @@ __END__
=head1 MODE =head1 MODE
Check X509's certificate validity Check X509's certificate validity (for SMTPS, POPS, IMAPS, HTTPS)
=over 8 =over 8
@ -194,9 +164,13 @@ Check X509's certificate validity
IP Addr/FQDN of the host IP Addr/FQDN of the host
=item B<--servername>
Servername of the host for SNI support (only with IO::Socket::SSL >= 1.56) (eg: foo.bar.com)
=item B<--port> =item B<--port>
Port used by Server (Default: '443') Port used by Server
=item B<--validity-mode> =item B<--validity-mode>