-def check_cert(host, port, ca, warn, crit):
- context = SSLContext(PROTOCOL_TLSv1_2)
- context.verify_mode = CERT_REQUIRED
- context.load_verify_locations(ca)
- connection = context.wrap_socket(socket(AF_INET6),
+class Verifier:
+ def __init__(self, cafile, warn, crit):
+ self.cafile = cafile
+ self.crit = crit
+ self.warn = warn
+
+ def check(self, proto, host, port):
+ context = SSLContext(PROTOCOL_TLSv1_2)
+ context.verify_mode = CERT_REQUIRED
+ context.load_verify_locations(self.cafile)
+ if hasattr(self, 'remote_check_%s' % proto):
+ getattr(self, 'remote_check_%s' % proto)(context, host, port)
+
+ def remote_check_smtp(self, context, host, port):
+ smtp = SMTP(host, port)
+ try:
+ smtp.starttls(context=context)
+ except SSLError:
+ print("CRIT (invalid certificate) %s:%d" % (host, port))
+ return 2
+
+ cert = smtp.sock.getpeercert()
+ return self.check_cert(cert, host, port)
+
+ def remote_check_ssl(self, context, host, port):
+ connection = context.wrap_socket(socket(AF_INET6),