/[nagios-plugins-perl]/trunk/plugins/check_mail_imap.pl
ViewVC logotype

Diff of /trunk/plugins/check_mail_imap.pl

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 213 by racvision, Wed Apr 17 08:44:39 2019 UTC revision 214 by xhumbert, Wed Apr 17 10:37:07 2019 UTC
# Line 1  Line 1 
1  #!/usr/bin/perl -w  #!/usr/bin/perl -w
2  #  #
3  # Copyright (c) 2011-2017 St├ęphane Urbanovski <stephane.urbanovski@ac-nancy-metz.fr>  # Copyright (c) 2011-2019 St├ęphane Urbanovski <stephane.urbanovski@ac-nancy-metz.fr>
4  #  #
5  # This program is free software; you can redistribute it and/or  # This program is free software; you can redistribute it and/or
6  # modify it under the terms of the GNU General Public License  # modify it under the terms of the GNU General Public License
# Line 578  sub checkSSL { Line 578  sub checkSSL {
578          if ( ref($socket) ne 'IO::Socket::SSL' ) {          if ( ref($socket) ne 'IO::Socket::SSL' ) {
579                  return _gt('No an IO::Socket::SSL socket ! ');                  return _gt('No an IO::Socket::SSL socket ! ');
580          }          }
581    
582            my $serverNameOk = 0;
583    
584          my $cn = $socket->peer_certificate('commonName');          my $cn = $socket->peer_certificate('commonName');
585          $cn =~ s/.*CN=(.*)$/$1/;          $cn =~ s/.*CN=(.*)$/$1/;
586          logD('SSL CN='.$cn);          logD('SSL CN='.$cn);
587    
588          if ($cn ne $server) {          if ($cn eq $server) {
589                  return _gt('SSL CN does not match server name : '.$cn);                  $serverNameOk++;
590            } else {
591                    my @altNames = $socket->peer_certificate('subjectAltNames');
592                    my $i = 0;
593                    do {
594                            if ( !defined($altNames[$i])) {
595                                    last;
596                            }
597                            my $altNameType = $altNames[$i++];
598                            my $altName = $altNames[$i++];
599    
600                            if ( $server eq $altName ) {
601                                    $serverNameOk++;
602                            }
603                            logD(sprintf('SSL subjectAltNames=%s (type=%s) : %d',$altName,$altNameType,$serverNameOk));
604    
605                    } while ($serverNameOk == 0);
606    
607          }          }
608          my $issuer = $socket->peer_certificate('authority');          my $issuer = $socket->peer_certificate('authority');
609          logD('SSL issuer='.$issuer);          logD('SSL issuer='.$issuer);
610    
611            if ( !$serverNameOk ) {
612                    return _gt(sprintf('Server name does not match CN (%s) or subjectAltNames !',$cn));
613            }
614    
615          return 'OK';          return 'OK';
616  }  }
617    

Legend:
Removed from v.213  
changed lines
  Added in v.214

  ViewVC Help
Powered by ViewVC 1.1.8