On 30/01/13 14:07, Emmanuel Dreyfus wrote:
Hi
Please consider the attached patch that makes x509 xertificate validity
(notBeofre and notAfter) available in environement for the tls-verify
script.
I use it to monitor OpenVPN certificate expirations in Nagios. I can
share the Nagios bits with whoever is interested.
Thank you very much for your patch. Just a few comments. Gert already
covered the PolarSSL part. I think we should have PolarSSL support included
as well when pulling in new code which depends on this. Simply to avoid those
to implementation to divert too much.
Another thing is that we are exporting quite a large set of environment
variables already and we should probably rather reduce that footprint than
increasing it further. In addition, considering that the v3 plug-in API
already exports the complete certificate in a native format used by SSL
library, wouldn't it make more sense to rather put this functionality into a
plugin directly?
For a simple example, have a look at sample/sample-plugins/log/log_v3.c
--
kind regards,
David Sommerseth
