SSL cert testing to match common name with host/URL?

Cleaver, Japheth jcleaver at soe.sony.com
Tue Jun 15 20:55:24 CEST 2010


I've been adding testing of https URLs into our system and noticed that while the expiration date checking is nice, Xymon doesn't seem to be checking testing the common name at all for validity (in the manner that a browser might).

I've been examining contest.c and bbtest-net.c/h looking for the best way of exposing this data back up to the status determination near line ~1800 of bbtest-net.c, but can't seem to properly add things to the testitem struct to get things passed properly.

E.g.:
contest.c:649:        item->certcommonname = strdup(X509_NAME_get_text_by_NID(X509_get_subject_name(peercert), NID_commonName, NULL, 0));


Has anyone tried to solve this problem before? Or, perchance, have a patch?


Regards,

Japheth Cleaver
jcleaver at soe.sony.com


More information about the Xymon mailing list