[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSL cert testing to match common name with host/URL?

To: <hobbit (at) hswn.dk>
Subject: SSL cert testing to match common name with host/URL?
From: "Cleaver, Japheth" <jcleaver (at) soe.sony.com>
Date: Tue, 15 Jun 2010 11:55:24 -0700
Thread-index: AcsMuK4pE94OPMHnSTSETAkNDFc0Aw==
Thread-topic: SSL cert testing to match common name with host/URL?

I've been adding testing of https URLs into our system and noticed that while the expiration date checking is nice, Xymon doesn't seem to be checking testing the common name at all for validity (in the manner that a browser might).

I've been examining contest.c and bbtest-net.c/h looking for the best way of exposing this data back up to the status determination near line ~1800 of bbtest-net.c, but can't seem to properly add things to the testitem struct to get things passed properly.

E.g.:
contest.c:649:        item->certcommonname = strdup(X509_NAME_get_text_by_NID(X509_get_subject_name(peercert), NID_commonName, NULL, 0));


Has anyone tried to solve this problem before? Or, perchance, have a patch?


Regards,

Japheth Cleaver
jcleaver (at) soe.sony.com

Follow-Ups:
- Re: [hobbit] SSL cert testing to match common name with host/URL?
  - From: Buchan Milne
- Re: [hobbit] SSL cert testing to match common name with host/URL?
  - From: Ralph Mitchell

Prev by Date: hobbit alerts as ATT0000*.BIN attachments with no body.
Next by Date: temperature test and graphing
Previous by thread: hobbit alerts as ATT0000*.BIN attachments with no body.
Next by thread: Re: [hobbit] SSL cert testing to match common name with host/URL?
Index(es):
- Date
- Thread