summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcrypt-expiry-check.in29
1 files changed, 19 insertions, 10 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index e631140..d70bb32 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -202,13 +202,14 @@ usage()
>&2 echo " -e E-mail address E-mail address to send expiration notices"
>&2 echo " -f cert file File with a list of FQDNs and ports"
>&2 echo " -g E-mail address E-mail address to check expiry of gpg-key from"
+ >&2 echo " -G executbl:E-mail Use 'executbl' instead of 'gpg' for checking expiry of E-mail's key. Must accept --list-keys and --list-secret-keys as gpg does."
>&2 echo " -h Print this screen"
>&2 echo " -i Print the issuer of the certificate"
>&2 echo " -k password PKCS12 file password"
>&2 echo " -n Run as a Nagios plugin"
+ >&2 echo " -q Don't print anything on the console"
>&2 echo " -s commmon_name:port Server and Port to connect to (interactive mode)"
>&2 echo " -t type Specify the certificate type"
- >&2 echo " -q Don't print anything on the console"
>&2 echo " -v Specify a specific protocol version to use (tls, ssl2, ssl3)"
>&2 echo " -V Only print validation data"
>&2 echo " -x days Certificate expiration interval (eg. if cert_date < days)"
@@ -395,16 +396,16 @@ check_file_status() {
check_gpg_key_status() {
### Check to make sure gpg is available
- if [ ! -f ${GPG} ]
+ if [ ! -f "${1}" ]
then
- >&2 echo "ERROR: The gnupg binary does not exist in ${GPG}."
- >&2 echo "FIX: Please modify the \${GPG} variable in the program header or ommit testing of gpg-keys."
+ >&2 echo "ERROR: The gnupg binary does not exist in ${1}."
+ >&2 echo "FIX: Please modify the \${GPG} variable in the program header, provide alternative executable via -G or ommit testing of gpg-keys."
exit 1
fi
- GPG_ADDRESS="${1}"
- KEY_INFO="$(${GPG} --list-secret-keys ${GPG_ADDRESS} 2> /dev/null)"
- [ -z "${KEY_INFO}" ] && KEY_INFO="$(${GPG} --list-keys ${GPG_ADDRESS})"
+ GPG_ADDRESS="${2}"
+ KEY_INFO="$(${1} --list-secret-keys ${GPG_ADDRESS} 2> /dev/null)"
+ [ -z "${KEY_INFO}" ] && KEY_INFO="$(${1} --list-keys ${GPG_ADDRESS})"
KEY_DATE_STR="$(
echo "${KEY_INFO}" | \
@@ -449,7 +450,7 @@ check_gpg_key_status() {
#################################
### Start of main program
#################################
-while getopts abc:e:f:g:hik:nqs:t:x:v:VZ option
+while getopts abc:e:f:g:G:hik:nqs:t:x:v:VZ option
do
case "${option}"
in
@@ -470,6 +471,11 @@ do
;;
g)
CHECKADDRESSES[${#CHECKADDRESSES[@]}]=${OPTARG}
+ CHECKADDRESSBINARIES[${#CHECKADDRESSBINARIES[@]}]=${GPG}
+ ;;
+ G)
+ CHECKADDRESSES[${#CHECKADDRESSES[@]}]=${OPTARG#*:}
+ CHECKADDRESSBINARIES[${#CHECKADDRESSBINARIES[@]}]=$(which ${OPTARG%%:*})
;;
i)
ISSUER=true
@@ -606,7 +612,10 @@ do
check_file_status "${HOST}" "FILE" "${HOST}"
elif [ "${PORT}" = "GPG" ]
then
- check_gpg_key_status "${HOST}"
+ check_gpg_key_status "${GPG}" "${HOST}"
+ elif [[ "${PORT}" = "GPG:"* ]]
+ then
+ check_gpg_key_status "$(which ${PORT#*:})" "${HOST}"
else
check_server_status "${HOST}" "${PORT}"
fi
@@ -620,7 +629,7 @@ done
for (( i=0; i<${#CHECKADDRESSES[@]}; i++ ))
do
- check_gpg_key_status "${CHECKADDRESSES[${i}]}"
+ check_gpg_key_status "${CHECKADDRESSBINARIES[${i}]}" "${CHECKADDRESSES[${i}]}"
done
if ! ${QUIET}