File: //usr/lib/python2.7/site-packages/lap/ssl_certificate.py
import socket
import datetime
def __run__(params):
try:
from OpenSSL import SSL
from OpenSSL import crypto as c
except ImportError:
return [2, "CRITICAL - Error: Please install python-openssl"]
method = params.get("method", "url")
if method == "file":
crtfile = params.get("file")
peer_cert = c.load_certificate(c.FILETYPE_PEM, file(crtfile).read())
elif method == "url":
ctx = SSL.Context(SSL.TLSv1_METHOD)
sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, socket.SOCK_STREAM))
sock.connect((params.get('host'), int(params.get('port'))))
sock.setblocking(1)
try:
sock.send("\x04")
sock.shutdown()
peer_cert=sock.get_peer_certificate()
sock.close()
except SSL.Error,e:
print e
cur_date = datetime.datetime.utcnow()
cert_nbefore = datetime.datetime.strptime(peer_cert.get_notBefore(),'%Y%m%d%H%M%SZ')
cert_nafter = datetime.datetime.strptime(peer_cert.get_notAfter(),'%Y%m%d%H%M%SZ')
expire_days = int((cert_nafter - cur_date).days)
if cert_nbefore > cur_date:
return [2, 'CRITICAL: cert for %s is not valid' % params.get('host')]
elif expire_days < 0:
return [2, 'CRITICAL: Expire critical - %s (expired)' % params.get('host')]
elif int(params.get('critical')) > expire_days:
return [2, 'CRITICAL: Expire critical - %s (%s days)' % (params.get('host'),expire_days)]
elif int(params.get('warning')) > expire_days:
return [1, 'WARNING: Expire warning - %s (%s days)' % (params.get('host'),expire_days)]
else:
return [0, 'OK: Expire OK - %s (%s days)' % (params.get('host'),expire_days)]