Add support for configuration files

diff --git a/tls-check b/tls-check
index 2c3199ef7b3ba370c53a6d070096223b16f6ff95..92b1b83b129fea3f2f19394b8a15af0d60e43b11 100644 (file)
--- a/tls-check
+++ b/tls-check
@@ -6,6 +6,7 @@ from ssl import SSLContext, PROTOCOL_TLSv1_2, CERT_REQUIRED, cert_time_to_second
 from socket import socket, AF_INET6
 from datetime import datetime, timedelta
 from smtplib import SMTP
+import yaml
 
 VERBOSE=False
 
@@ -59,32 +60,53 @@ class Verifier:
 def main():
     global VERBOSE
     parser = OptionParser()
+    parser.add_option("--config", action="store", type="string", dest="config",
+                      help="configuration file to use")
     parser.add_option("-n", "--name",
-                      action="append", type="string", dest="hosts",
+                      action="append", type="string", dest="names",
                       help="hostname:port to check for expired certificates")
     parser.add_option("-w", "--warning-days",
-                      action="store", type=int, dest="warn", default=15,
+                      action="store", type=int, dest="warn",
                       help="minimum remaining validity in days before a warning is issued")
     parser.add_option("-c", "--critical-days",
-                      action="store", type=int, dest="crit", default=5,
+                      action="store", type=int, dest="crit",
                       help="minimum remaining validity in days before a warning is issued")
     parser.add_option("-v", action="store_true", dest="verbose", default=False)
     parser.add_option("-q", action="store_false", dest="verbose")
     parser.add_option("--ca", action="store", type="string", dest="ca",
-                      default="/etc/ssl/certs/ca-certificates.crt",
                       help="ca certificate bundle")
 
         
     opts, _args = parser.parse_args()
 
-    VERBOSE = opts.verbose
-    if not opts.hosts:
+    if opts.config:
+        configuration = yaml.load(open(opts.config))
+    else:
+        configuration = dict()
+
+    if opts.names:
+        configuration['names'] = opts.names
+    if opts.warn:
+        configuration['warn_days'] = opts.warn
+    if opts.warn:
+        configuration['crit_days'] = opts.crit
+    if opts.ca:
+        configuration['cacertificates'] = opts.ca
+    if opts.verbose:
+        configuration['verbose'] = opts.verbose
+
+    if 'verbose' in configuration:
+        VERBOSE = configuration['verbose']
+
+    if not 'names' in configuration:
         parser.error("needs at least one host")
 
-    verifier = Verifier(opts.ca, timedelta(opts.warn), timedelta(opts.crit))
-        
+    verifier = Verifier(configuration['cacertificates'] if 'cacertificates' in configuration else '/etc/ssl/certs/ca-certificates.crt',
+                        timedelta(configuration['warn_days'] if 'warn_days' in configuration else 15),
+                        timedelta(configuration['crit_days'] if 'crit_days' in configuration else 5))
+
     try:
-        hosts = [ (i[0], i[1], int(i[2])) for i in [ j.split(':', 2) for j in opts.hosts ] ]
+        hosts = [ (i[0], i[1], int(i[2])) for i in [ j.split(':', 2) for j in configuration['names'] ] ]
     except (ValueError, IndexError):
         parser.error("names need to be in PROTO:DNSNAME:PORT format")
         

diff --git a/tls-check.conf b/tls-check.conf
new file mode 100644 (file)
index 0000000..37b674a
--- /dev/null
+++ b/tls-check.conf
@@ -0,0 +1,6 @@
+cacertificates: /etc/ssl/certs/ca-certificates.crt
+warn_days: 15
+crit_days: 5
+verbose: False
+names:
+ - ssl:git.siccegge.de:443