From f2cf0448f2b678c4641fbf81d1e145087793f43c Mon Sep 17 00:00:00 2001 From: Shini31 Date: Thu, 7 Jan 2016 15:15:21 +0100 Subject: [PATCH] add SNI support for subject name - #241 --- apps/protocols/x509/mode/validity.pm | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/apps/protocols/x509/mode/validity.pm b/apps/protocols/x509/mode/validity.pm index e04750d08..59436d06c 100644 --- a/apps/protocols/x509/mode/validity.pm +++ b/apps/protocols/x509/mode/validity.pm @@ -148,13 +148,21 @@ sub run { #Subject Name } elsif ($self->{option_results}->{validity_mode} eq 'subject') { - my $subject_name = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_subject_name($cert)); - if ($subject_name =~ /$self->{option_results}->{subjectname}/mi) { - $self->{output}->output_add(severity => 'OK', - short_msg => sprintf("Subject Name '%s' is present in Certificate: %s", $self->{option_results}->{subjectname}, $subject_name)); - } else { + my $subject_altname; + my @subject_name = Net::SSLeay::X509_get_subjectAltNames($cert); + foreach my $subject_name (@subject_name) { + if ($subject_name =~ /$self->{option_results}->{subjectname}/mi) { + $subject_altname = $subject_name; + next; + } + } + + if (!defined($subject_altname)) { $self->{output}->output_add(severity => 'CRITICAL', - short_msg => sprintf("Subject Name '%s' is not present in Certificate: %s", $self->{option_results}->{subjectname}, $subject_name)); + short_msg => sprintf("Subject Name '%s' is not present in Certificate", $self->{option_results}->{subjectname})); + } else { + $self->{output}->output_add(severity => 'OK', + short_msg => sprintf("Subject Name '%s' is present in Certificate", $self->{option_results}->{subjectname})); } $self->{output}->display(); @@ -210,7 +218,7 @@ Threshold critical in days (Days before expiration, eg: '30:' for 30 days before =item B<--subjectname> -Subject Name pattern +Subject Name pattern (SNI support) =item B<--issuername>