tyler.durden
/
centreon-plugins
mirror of https://github.com/centreon/centreon-plugins.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#241 - Add SNI support (IO::Socket::SSL v1.56+ needed)

This commit is contained in:
Shini31 2016-01-13 15:52:07 +01:00
parent f1ad1d6c4f
commit ed72c12510
1 changed files with 62 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
apps/protocols/x509/mode/validity.pm
View File

@ -33,11 +33,12 @@ sub new {
my $self = $class->SUPER::new(package => __PACKAGE__, %options);
bless $self, $class;
$self->{version} = '1.3';
$self->{version} = '1.4';
$options{options}->add_options(arguments =>
{
"hostname:s" => { name => 'hostname' },
"port:s" => { name => 'port', default => 443 },
"port:s" => { name => 'port' },
"servername:s" => { name => 'servername' },
"validity-mode:s" => { name => 'validity_mode' },
"warning-date:s" => { name => 'warning' },
"critical-date:s" => { name => 'critical' },
@ -77,22 +78,14 @@ sub check_options {
sub run {
my ($self, %options) = @_;
#Global variables
my ($connection, $ctx, $ssl, $cert);
# Global variables
my ($cert, $client);
#Create Socket connection
$connection = IO::Socket::INET->new(PeerAddr => $self->{option_results}->{hostname},
eval { $client = IO::Socket::SSL->new(
PeerHost => $self->{option_results}->{hostname},
PeerPort => $self->{option_results}->{port},
Timeout => $self->{option_results}->{timeout},
);
if (!defined($connection)) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit();
} else {
#Create SSL context
eval { $ctx = Net::SSLeay::CTX_new() };
$self->{option_results}->{servername} ? ( SSL_hostname => $self->{option_results}->{servername} ):(),
) };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf ("%s", $!));
@ -101,38 +94,15 @@ sub run {
$self->{output}->exit()
}
#Create SSL connection
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
eval { $ssl = Net::SSLeay::new($ctx) };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
eval { Net::SSLeay::set_fd($ssl, fileno($connection)) };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
eval { Net::SSLeay::connect($ssl) };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
#Retrieve Certificat
$cert = Net::SSLeay::get_peer_certificate($ssl);
eval { $cert = $client->peer_certificate() };
if ($@) {
$self->{output}->output_add(severity => 'CRITICAL',
short_msg => sprintf("%s", $!));
$self->{output}->display();
$self->{output}->exit()
}
#Expiration Date
if ($self->{option_results}->{validity_mode} eq 'expiration') {
@ -163,6 +133,7 @@ sub run {
$self->{output}->output_add(severity => 'OK',
short_msg => sprintf("Subject Name [%s] is present in Certificate", join(', ', @subject_matched)));
}
#Issuer Name
} elsif ($self->{option_results}->{validity_mode} eq 'issuer') {
my $issuer_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert));
@ -177,7 +148,6 @@ sub run {
$self->{output}->display();
$self->{output}->exit();
}
}
1;
@ -186,7 +156,7 @@ __END__
=head1 MODE
Check X509's certificate validity
Check X509's certificate validity (for SMTPS, POPS, IMAPS, HTTPS)
=over 8
@ -194,9 +164,13 @@ Check X509's certificate validity
IP Addr/FQDN of the host
=item B<--servername>
Servername of the host for SNI support (only with IO::Socket::SSL >= 1.56) (eg: foo.bar.com)
=item B<--port>
Port used by Server (Default: '443')
Port used by Server
=item B<--validity-mode>