]> git.siccegge.de Git - tools.git/blobdiff - tls-check
projects / tools.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
rebuild actual zonefiles
[tools.git] / tls-check
diff --git a/tls-check b/tls-check
index 46100633dae58e9d5aa7cf5072ad945818267861..19a8dfc65d061f4c7e5d5e5dd6db4de564a8d906 100644 (file)
--- a/tls-check
+++ b/tls-check
@@ -3,7 +3,7 @@
 from __future__ import print_function
 from optparse import OptionParser
 from ssl import SSLContext, PROTOCOL_TLSv1_2, CERT_REQUIRED, cert_time_to_seconds, SSLError, CertificateError
-from socket import socket, AF_INET6
+from socket import socket, AF_INET6, create_connection
 from datetime import datetime, timedelta
 from smtplib import SMTP
 import yaml
@@ -23,7 +23,29 @@ class Verifier:
         if hasattr(self, 'remote_check_%s' % proto):
             getattr(self, 'remote_check_%s' % proto)(context, host, port, name)
 
-    def remote_check_smtp(self, context, host, port):
+    def remote_check_xmpp(self, context, host, port, name):
+        xmpp_open = ("<stream:stream xmlns='jabber:client' xmlns:stream='"
+                     "http://etherx.jabber.org/streams' xmlns:tls='http://www.ietf.org/rfc/"
+                     "rfc2595.txt' to='{0}' xml:lang='en' version='1.0'>" )
+        xmpp_starttls = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
+
+        connection = create_connection((host, port))
+        connection.sendall(xmpp_open.format(name).encode('utf-8'))
+        response = connection.recv(4096).decode('utf-8')
+
+        if not '</stream:features>' in response:
+            connection.recv(4096)
+
+        connection.sendall(xmpp_starttls.encode('utf-8'))
+        connection.recv(4096)
+
+        connection = context.wrap_socket(connection, server_hostname=name)
+        connection.do_handshake()
+
+        cert = connection.getpeercert()
+        return self.check_cert(cert, host, port, name)
+
+    def remote_check_smtp(self, context, host, port, name):
         smtp = SMTP(host, port)
         try:
             smtp.starttls(context=context)
@@ -49,12 +71,13 @@ class Verifier:
     def check_cert(self, data, host, port, name):
         expiretimestamp = cert_time_to_seconds(data['notAfter'])
         delta = datetime.utcfromtimestamp(expiretimestamp) - datetime.utcnow()
+        deltastr = str(delta).split(",")
 
         if delta < self.crit:
-            print("CRIT (expires in %s) %s:%d" % (delta, name, port))
+            print("CRIT (expires in %8s,%16s) %s:%d" % (deltastr[0], deltastr[1], name, port))
             return 2
         elif delta < self.warn:
-            print("WARN (expires in %s) %s:%d" % (delta, name, port))
+            print("WARN (expires in %8s,%16s) %s:%d" % (deltastr[0], deltastr[1], name, port))
             return 1
 
 def main():