]>
git.siccegge.de Git - dane-monitoring-plugins.git/blob - check_dane/https.py
c437e47f20e039569d4b720420e5e1aa7e8d90fe
3 from __future__
import print_function
9 from socket
import socket
11 from check_dane
.tlsa
import get_tlsa_records
, match_tlsa_records
12 from check_dane
.cert
import verify_certificate
, add_certificate_options
13 from check_dane
.abstract
import DaneChecker
16 from ssl
import SSLContext
, PROTOCOL_TLSv1_2
, CERT_REQUIRED
19 class HttpsDaneChecker(DaneChecker
):
20 def _init_connection(self
, family
, host
, port
):
21 connection
= self
._sslcontext
.wrap_socket(socket(family
),
23 connection
.connect((host
, port
))
24 connection
.send(b
"HEAD / HTTP/1.1\r\nHost: %s\r\n\r\n" % host
.encode())
25 answer
= connection
.recv(512)
36 def _close_connection(self
, connection
):
41 DaneChecker
.__init
__(self
)
44 def set_args(self
, args
):
45 DaneChecker
.set_args(self
, args
)
47 sslcontext
= SSLContext(PROTOCOL_TLSv1_2
)
48 sslcontext
.verify_mode
= CERT_REQUIRED
49 sslcontext
.load_verify_locations(args
.castore
)
51 self
._sslcontext
= sslcontext
54 def generate_menu(self
, argparser
):
55 DaneChecker
.generate_menu(self
, argparser
)
56 argparser
.add_argument("-p", "--port",
57 action
="store", type=int, default
=443,
64 logging
.basicConfig(format
='%(levelname)5s %(message)s')
65 checker
= HttpsDaneChecker()
66 parser
= argparse
.ArgumentParser()
68 parser
.add_argument("--verbose", action
="store_true")
69 parser
.add_argument("--quiet", action
="store_true")
71 checker
.generate_menu(parser
)
72 add_certificate_options(parser
)
74 args
= parser
.parse_args()
75 checker
.set_args(args
)
78 logging
.getLogger().setLevel(logging
.DEBUG
)
80 logging
.getLogger().setLevel(logging
.WARNING
)
82 logging
.getLogger().setLevel(logging
.INFO
)
84 return checker
.check()
86 if __name__
== '__main__':