upstream/monitoring-plugins
1
0
Fork 0
mirror of https://github.com/monitoring-plugins/monitoring-plugins.git synced 2026-06-11 09:40:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

check_curl: more tolerant CN= parsing when checking certificates (hit on Centos 8)

Browse source
This commit is contained in:
Andreas Baumann 2019-11-07 08:20:17 +00:00
parent ede43c848d
commit f7efee5f9c
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
plugins/check_curl.c
View file

@ -2215,13 +2215,20 @@ net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_war
for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) {
/* find first common name in subject, TODO: check alternative subjects for
/* find first common name in subject,
* TODO: check alternative subjects for
* TODO: have a decent parser here and not a hack
* multi-host certificate, check wildcards
*/
if (strncasecmp (slist->data, "Subject:", 8) == 0) {
int d = 3;
char* p = strstr (slist->data, "CN=");
if (p == NULL) {
d = 5;
p = strstr (slist->data, "CN = ");
}
if (p != NULL) {
if (strncmp (host_name, p+3, strlen (host_name)) == 0) {
if (strncmp (host_name, p+d, strlen (host_name)) == 0) {
cname_found = 1;
}
}