Révision f3917e15
Support SNI in the certificate checking
plugin was checking the first vhost rather than the correct vhost's ssl certificate validity.
| plugins/ssl/ssl_ | ||
|---|---|---|
| 46 | 46 |
;; |
| 47 | 47 |
esac |
| 48 | 48 |
|
| 49 |
cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -connect "${SITE}:443" 2>/dev/null);
|
|
| 49 |
cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:443" 2>/dev/null);
|
|
| 50 | 50 |
|
| 51 | 51 |
if [[ "${cert}" = *"-----BEGIN CERTIFICATE-----"* ]]; then
|
| 52 | 52 |
echo "${cert}" | openssl x509 -noout -enddate | awk -F= 'BEGIN { split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", month, " "); for (i=1; i<=12; i++) mdigit[month[i]] = i; } /notAfter/ { split($0,a,"="); split(a[2],b," "); split(b[3],time,":"); datetime=b[4] " " mdigit[b[1]] " " b[2] " " time[1] " " time[2] " " time[3]; days=(mktime(datetime)-systime())/86400; print "expire.value " days; }'
|
Formats disponibles : Unified diff