Add xmpp check

diff --git a/tls-check b/tls-check
index 46100633dae58e9d5aa7cf5072ad945818267861..d8bdc9b2c18158281cde21b567029ff6d2a3a03c 100644 (file)
--- a/tls-check
+++ b/tls-check
@@ -3,7 +3,7 @@
 from __future__ import print_function
 from optparse import OptionParser
 from ssl import SSLContext, PROTOCOL_TLSv1_2, CERT_REQUIRED, cert_time_to_seconds, SSLError, CertificateError
-from socket import socket, AF_INET6
+from socket import socket, AF_INET6, create_connection
 from datetime import datetime, timedelta
 from smtplib import SMTP
 import yaml
@@ -23,7 +23,29 @@ class Verifier:
         if hasattr(self, 'remote_check_%s' % proto):
             getattr(self, 'remote_check_%s' % proto)(context, host, port, name)
 
-    def remote_check_smtp(self, context, host, port):
+    def remote_check_xmpp(self, context, host, port, name):
+        xmpp_open = ("<stream:stream xmlns='jabber:client' xmlns:stream='"
+                     "http://etherx.jabber.org/streams' xmlns:tls='http://www.ietf.org/rfc/"
+                     "rfc2595.txt' to='{0}' xml:lang='en' version='1.0'>" )
+        xmpp_starttls = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
+
+        connection = create_connection((host, port))
+        connection.sendall(xmpp_open.format(name).encode('utf-8'))
+        response = connection.recv(4096).decode('utf-8')
+
+        if not '</stream:features>' in response:
+            response = response + connection.recv(4096).decode('utf-8')
+
+        connection.sendall(xmpp_starttls.encode('utf-8'))
+        response = response + "\n\n" + connection.recv(4096).decode('utf-8')
+
+        connection = context.wrap_socket(connection, server_hostname=name)
+        connection.do_handshake()
+
+        cert = connection.getpeercert()
+        return self.check_cert(cert, host, port, name)
+
+    def remote_check_smtp(self, context, host, port, name):
         smtp = SMTP(host, port)
         try:
             smtp.starttls(context=context)