From: Emmanuel Lacour <elacour@home-dn.net>
Date: Thu, 8 Jun 2006 20:43:19 +0000 (+0000)
Subject: * Added error checking (suggested from Sven Mueller)
X-Git-Tag: 0.6.3
X-Git-Url: http://git.home-dn.net/?p=manu%2Fsslexpire.git;a=commitdiff_plain;h=a4beb5d4a822c16f3b0563e13bfa29df06de3c9d

* Added error checking (suggested from Sven Mueller)
* typo
* Added Changelog
---

diff --git a/sslexpire/Changelog b/sslexpire/Changelog
new file mode 100644
index 0000000..2fcf5cd
--- /dev/null
+++ b/sslexpire/Changelog
@@ -0,0 +1,26 @@
+2006-06-08 Emmanuel Lacour <elacour@home-dn.net>
+	
+	Release 0.6.3
+
+	* Added error checking (suggested from Sven Mueller)
+	* typo
+
+2006-05-17 Emmanuel Lacour <elacour@home-dn.net>
+	
+	Release 0.6.2
+	
+	* Removed debian directory from upstream
+	* Packaging cleanup
+
+2003-07-26 Emmanuel Lacour <elacour@home-dn.net>
+	
+	Release 0.6.1
+
+	Changes inspired from Mark D. Nagel:
+	* replaced call to date -d with use of str2time from Date::Parse
+	* merged the two openssl calls into one (for efficiency)
+	* created variables to point to the openssl and sendmail binaries
+	* replaced the use of 'mail' with 'sendmail -t' (mail command could
+	easily introduce security flaws)
+	* some typos
+
diff --git a/sslexpire/sslexpire b/sslexpire/sslexpire
index 610badf..0cd5060 100755
--- a/sslexpire/sslexpire
+++ b/sslexpire/sslexpire
@@ -33,8 +33,9 @@ use Date::Parse;
 Net::SSLeay::SSLeay_add_ssl_algorithms();
 Net::SSLeay::randomize();
 
-my $VERSION = '0.6.2';
+my $VERSION = '0.6.3';
 my $AUTHOR = 'Emmanuel Lacour, <elacour@home-dn.net>';
+
 # Default values
 my $opensslpath = "/usr/bin/openssl";
 my $sendmailpath = "/usr/lib/sendmail";
@@ -67,64 +68,67 @@ GetOptions (\%opts,
     'mail|m',
     'conf|c=s',
     'verbose|v',
-	'help',
-	'version|');
+    'help',
+    'version|');
 
+# Command line is used
 if (($opts{'host'}) && ($opts{'port'})) {
     push @{$hosts{$opts{'host'}}}, $opts{'port'};
-}
-
-$mailreport = 1 if ($opts{'mail'});
 
-if ($opts{'conf'}) {
-    $conf = $opts{'conf'};
-}
+} elsif (($opts{'host'}) || ($opts{'port'})) {
+	print STDERR "ERR: please provide HOST _and_ PORT or use a configuration file.\n";
+	&usage;
 
-if ($opts{'help'}) {
-    &usage;
-}
+# Configuration file is used
+} else {
 
-if ($opts{'version'}) {
-    print "sslexpire $VERSION\n";
-    print "Written by $AUTHOR\n";
-    exit;
-}
-
-# Parse config file
+    if ($opts{'conf'}) {
+        $conf = $opts{'conf'};
+    }
 
+    # Parse config file
 
-if (-f $conf) {
-    open (CONF,$conf);
-    
+    open (CONF,$conf) or die "Couldn't read configuration file $conf: $!\n";
     while (<CONF>) {
         # Skip comments
-        next if (/^[ 	]*#/);
+        next if (/^[ \t]*#/);
         # Alert param.
-        if (/^alert[ 	]*=/) { 
-            ($tmp,$alert) = split /=/, $_;
+        if (/^alert[ \t]*=/) { 
+    	($tmp,$alert) = split /=/, $_;
         # Mail param.
-        } elsif (/^mail[ 	]*=/) { 
-            ($tmp,$mail) = split /=/, $_;
-        # Use hosts from config file if noone are given by command line
+        } elsif (/^mail[ \t]*=/) { 
+    	($tmp,$mail) = split /=/, $_;
+        # Use hosts from config file if none are given by command line
         } elsif ((!$opts{'host'}) && (!$opts{'port'}) && (/:/)) {
-            ($tmp,$portlist) = split /:/, $_;
-            chomp ($tmp);
-            chomp ($portlist);
-            # There is multiple ports
-            if (/,/) {
-                @ports = split /,/, $portlist;
-                foreach (@ports) {
-                    push @{$hosts{$tmp}}, $_;
-                }
-            # There is only one port
-            } else {
-               push @{$hosts{$tmp}},$portlist;
-            }
+    	($tmp,$portlist) = split /:/, $_;
+    	chomp ($tmp);
+    	chomp ($portlist);
+    	# There is multiple ports
+    	if (/,/) {
+    	    @ports = split /,/, $portlist;
+    	    foreach (@ports) {
+    		push @{$hosts{$tmp}}, $_;
+    	    }
+    	# There is only one port
+    	} else {
+    	   push @{$hosts{$tmp}},$portlist;
+    	}
         }
-            
     }
-    
     close CONF;
+
+}
+
+$mailreport = 1 if ($opts{'mail'});
+
+if ($opts{'help'}) {
+    &usage;
+}
+
+if ($opts{'version'}) {
+    print "sslexpire $VERSION\n";
+    print "Written by $AUTHOR\n";
+    exit;
 }
 
 # Print program usage
@@ -166,7 +170,7 @@ sub getExpire {
         if ($l_x509) {
             my $l_string = Net::SSLeay::PEM_get_string_X509($l_x509);
             # Get the expiration date, using openssl
-	    ($l_expdate,$l_comment) = split(/\n/, `echo "$l_string" | $opensslpath x509 -enddate -subject -noout 2>&1`);
+            ($l_expdate,$l_comment) = split(/\n/, `echo "$l_string" | $opensslpath x509 -enddate -subject -noout 2>&1`);
             $l_expdate =~ s/.*=//;
             chomp($l_expdate);
         } else {
@@ -190,27 +194,27 @@ sub getExpire {
 # 
 #
 sub report {
-    # Convert date into epoch using date command
+    # Convert date into epoch
     my ($l_expdate,$l_comment,$l_host,$l_port) = @_;
     my $l_subject = "";
     
     if ($l_expdate ne "1") {
         # The current date
         my $l_today =  time;
-	my $l_epochdate = str2time($l_expdate);
-    
+        my $l_epochdate = str2time($l_expdate);
+
         # Calculate diff between expiration date and today
-	my $l_diff = ($l_epochdate - $l_today)/(3600*24);
+        my $l_diff = ($l_epochdate - $l_today)/(3600*24);
 
         # Report if needed
         if ($l_diff < $alert) {
             $l_subject = "Warning ssl certificate on $l_host:$l_port expires in $l_diff days:" if ($l_diff > 1);
             $l_subject = "Warning ssl certificate on $l_host:$l_port expires today:" if (($l_diff > 0) && ($l_diff < 1));
             $l_subject = "Warning ssl certificate on $l_host:$l_port expired:" if ($l_diff <= 0);
-	    my $l_mesg = "Expiration date: $l_expdate\n$l_comment\n";
+            my $l_mesg = "Expiration date: $l_expdate\n$l_comment\n";
             # Mail report
             if ($mailreport) {
-		sendmail($mail, $l_subject, $l_mesg);
+                sendmail($mail, $l_subject, $l_mesg);
             } else {
                 print "$l_subject\n";
                 print "$l_mesg\n";
@@ -218,11 +222,11 @@ sub report {
         }
     } else {
         $l_subject = "Unable to read certificate on $l_host:$l_port!";
-            if ($mailreport) {
-	    	sendmail($mail, $l_subject, "");
-            } else {
-                print "$l_subject\n";
-            }
+        if ($mailreport) {
+            sendmail($mail, $l_subject, "");
+        } else {
+            print "$l_subject\n";
+        }
     }
 }
 
@@ -235,7 +239,7 @@ sub sendmail {
     chomp ($to);
     chomp ($subj);
     chomp ($mesg);
-    open (MAIL,"| $sendmailpath -t") or die "Couldn't open $sendmailpath";
+    open (MAIL,"| $sendmailpath -t") or die "Couldn't open $sendmailpath: $!\n";
     print MAIL "To: $to\n";
     print MAIL "Subject: $subj\n";
     print MAIL "\n";
@@ -251,7 +255,10 @@ sub sendmail {
 
 
 # We haven't hosts to check...
-if (!%hosts) {&usage;};
+if (!%hosts) {
+    print STDERR "No host to check!\n";
+    &usage;
+};
 
 
 # Parse hosts
@@ -261,10 +268,10 @@ foreach $host (keys %hosts) {
         if ($opts{'verbose'}) {
             print "Checking\t$host:$port\n";
         }
-    
+
         # Get expiration date
         my ($expdate,$comment) = &getExpire($host,$port);
-    
+
         # Report
         &report("$expdate","$comment","$host","$port");
     }
@@ -320,7 +327,7 @@ Prints out command-line help.
 Prints out version information.
 
 =head1 FILES
-	
+
 /etc/sslexpire/sslexpire.conf
 
 =head1 AUTHOR