# HG changeset patch # User Heiko Schlittermann # Date 1462202329 -7200 # Node ID 1ce9659ddc4fcb5e6b182fd1de93facf4d3fecc5 # Parent ce1f16d8d881a1bc6d1ec7414a6f601ff001db65 Add smartmatch diff -r ce1f16d8d881 -r 1ce9659ddc4f check_tlsa_record.pl --- a/check_tlsa_record.pl Mon May 02 17:02:40 2016 +0200 +++ b/check_tlsa_record.pl Mon May 02 17:18:49 2016 +0200 @@ -6,7 +6,7 @@ # needs debian packet: libmonitoring-plugin-perl #TLSA Record generieren # openssl x509 -in .crt -outform DER | openssl sha256 -# neben sha256 gibt's noch sha1 sha224 sha256 sha384 sha512 +# neben sha256 gibt's noch sha1 sha224 sha256 sha384 sha512 # sowie md2 md5 rmd160 (wobei ich diese nicht in betracht ziehe) # ssl certifikat von einem remote server anfordern # openssl s_client -showcerts -connect ssl.schlittermann.de:443 < /dev/null @@ -18,9 +18,11 @@ use strict; use warnings; -use 5.010; -use Monitoring::Plugin; -use File::Basename; +use feature qw(switch); +use if $^V >= v5.020 => (experimental => qw(smartmatch)); +use experimental qw(smartmatch); +use Monitoring::Plugin; +use File::Basename; #devel use Data::Dumper; @@ -140,7 +142,7 @@ my $tlsa_match_type = substr($diganswer, 4, 1); my $hashit; - given ($tlsa_match_type) { + for ($tlsa_match_type) { when('0') { die 'certs will be compared directly'} when('1') {$hashit = 'sha256'} when('2') {$hashit = 'sha512'} @@ -163,7 +165,7 @@ $tlsa_record = uc($tlsa_record); if (defined $expiry) { - print check_cert_expiry(); + print check_cert_expiry(); } if ("$tlsa_record" eq "$dig") { @@ -193,10 +195,10 @@ #print "nunu,file ok",LF,"port: $+{port}",LF,"domain: $+{domain}",LF; $domain2check{$domain} = $port; - - + + #print check_tlsa(); } else { @@ -208,14 +210,14 @@ $domain = $key; $port = $domain2check{$key}; print $domain, ' ', $port,"\n"; - + if ( "$port" =~ /^\s*$/) { $port = '443'; } print $domain, ' ', $port,"\n"; check_tlsa($domain,$port); } - + } }