with tempfile that removes on exit of script, but not when script dies or is killed - have to fix it
--- a/bin/check_tlsa-record Thu May 26 12:27:22 2016 +0200
+++ b/bin/check_tlsa-record Thu May 26 14:35:07 2016 +0200
@@ -133,6 +133,7 @@
my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
say $return;
+ exit 0;
}
sub get_domains {
--- a/lib/Nagios/Check/DNS/check_tlsa_record.pm Thu May 26 12:27:22 2016 +0200
+++ b/lib/Nagios/Check/DNS/check_tlsa_record.pm Thu May 26 14:35:07 2016 +0200
@@ -3,10 +3,18 @@
use feature qw(say switch);
#use if $^V >= v5.0.20 => (experimental => gw(smartmatch));
use experimental qw(smartmatch);
+use File::Temp;
package Nagios::Check::DNS::check_tlsa_record;
$Nagios::Check::DNS::check_tlsa_record::VERSION = '0.1';
+#@TODO use only fh of tempfile instead of filename
+my $tempfile = File::Temp->new(
+ TEMPLATE => '._tlsaXXXX',
+ DIR => '/tmp/',
+ SUFFIX => '.tmp'
+);
+
sub main
{
my $domain = shift;
@@ -31,18 +39,20 @@
{
my $domain = shift;
my $port = shift;
- my $same = '< /dev/null 2>/dev/null | openssl x509';
my $query;
my $cert;
- if ("$port" eq '25') {
- $query = "openssl s_client -starttls smtp -connect $domain:$port $same";
+ if ($port == 25) {
+ $query = "openssl s_client -starttls smtp -connect $domain:$port";
}
else {
- $query = "openssl s_client -connect $domain:$port $same";
+ $query = "openssl s_client -connect $domain:$port";
}
+ my $same = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile";
+ $query = "$query $same";
+
$cert = qx($query);
return $cert;
}
@@ -51,14 +61,15 @@
{
my $cert = shift;
my $hashit = shift || 'sha256';
- my $gentlsa = 'openssl x509 -pubkey | '
+ my $gentlsa = "openssl x509 -in $tempfile -pubkey | "
. 'openssl rsa -pubin -inform PEM -outform DER 2>/dev/null| '
. "openssl $hashit";
- my $cert_tlsa = "echo \"$cert\" | $gentlsa";
+ #my $cert_tlsa = "echo \"$cert\" | $gentlsa";
- my $tlsa_record = qx($cert_tlsa) or die "nothing found!\n";
+ #my $tlsa_record = qx($cert_tlsa) or die "nothing found!\n";
+ my $tlsa_record = qx($gentlsa) or die "nothing found!\n";
$tlsa_record =~ s/^.*= (.*$)/$1/gi;
$tlsa_record = uc($tlsa_record);
@@ -124,7 +135,6 @@
{
my $domain = shift;
my $port = shift;
- #my $dig_return = shift;
my $cert = get_cert($domain, $port);
my $dig_return = dig_tlsa($domain, $port);
my $dig_tlsa = get_dig_tlsa_record($dig_return);
@@ -132,9 +142,9 @@
if ("$dig_tlsa" ne "$cert_tlsa")
{
- return "crtical: TLSA Record for $domain is not valid";
+ return "crtical: TLSA Record for $domain:$port is not valid";
}
- return "OK: TLSA Record for $domain is valid";
+ return "OK: TLSA Record for $domain:$port is valid";
}
--- a/t/check_tlsa_record.t Thu May 26 12:27:22 2016 +0200
+++ b/t/check_tlsa_record.t Thu May 26 14:35:07 2016 +0200
@@ -8,6 +8,7 @@
require_ok('Nagios::Check::DNS::check_tlsa_record');
+#@TODO write tests
#my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
#say $return;