X-Git-Url: https://git.siccegge.de//index.cgi?p=dane-monitoring-plugins.git;a=blobdiff_plain;f=check_dane_smtp;h=3358c711b4215baade2045375d343d618a66312f;hp=8a40445a1b098f5d7e14a208b1cc4214580f1b74;hb=718dd189e81daf56e7fd0621e758037e074840b9;hpb=c7b2c9dfdb27024ac028723834741d8d78d5225f

diff --git a/check_dane_smtp b/check_dane_smtp
index 8a40445..3358c71 100755
--- a/check_dane_smtp
+++ b/check_dane_smtp
@@ -10,9 +10,10 @@ import logging
 
 from socket import socket, AF_INET6, AF_INET, create_connection
 from ssl import SSLContext, PROTOCOL_TLSv1_2, CERT_REQUIRED, cert_time_to_seconds, SSLError, CertificateError, create_default_context
-from unbound import ub_ctx, idn2dname, ub_strerror
+from unbound import ub_ctx, ub_strerror
 
 from check_dane.tlsa import verify_tlsa_record
+from check_dane.cert import verify_certificate, add_certificate_options
 
 def init_connection(sslcontext, args):
     host = args.Host
@@ -96,6 +97,8 @@ def main():
     group.add_argument("-4", "--4", action="store_true", help="check via IPv4 only")
     group.add_argument("--64", action="store_false", help="check via IPv4 and IPv6 (default)")
 
+    add_certificate_options(parser)
+
     args = parser.parse_args()
 
     if args.verbose:
@@ -117,7 +120,9 @@ def main():
         logging.error("Connection refused")
         return 2
 
-    retval = verify_tlsa_record(resolver, "_%d._tcp.%s" % (port, host), connection.getpeercert(binary_form=True))
+    retval = verify_certificate(connection.getpeercert(), args)
+    nretval = verify_tlsa_record(resolver, "_%d._tcp.%s" % (port, host), connection.getpeercert(binary_form=True))
+    retval = max(retval, nretval)
 
     close_connection(connection)
     return retval