diff -Naur certwatch-1.0/certwatch.c certwatch-1.0-mdv/certwatch.c
--- certwatch-1.0/certwatch.c 2007-05-14 22:27:44.000000000 +0200
+++ certwatch-1.0-mdv/certwatch.c 2007-05-15 09:48:47.000000000 +0200
@@ -42,7 +42,6 @@
#include <time.h>
static int warn_period = 30;
-static char *warn_address = "root";
/* Turn an ASN.1 UTCTIME object into a time_t. */
static time_t decode_utctime(const ASN1_UTCTIME *utc)
@@ -96,39 +95,9 @@
if (quiet) return 1;
- fprintf(out, "To: %s\n", warn_address);
- fprintf(out, "Subject: The certificate for %s %s\n", hostname, subj);
+ fprintf(out, "The certificate for %s %s\n", hostname, subj);
fputs("\n", out);
- fprintf(out,
- " ################# SSL Certificate Warning ################\n\n");
-
- fprintf(out,
- " Certificate for hostname '%s', in file:\n"
- " %s\n\n",
- hostname, filename);
-
- if (renew) {
- fputs(" The certificate needs to be renewed; this can be done\n"
- " using the 'genkey' program.\n\n"
- " Browsers will not be able to correctly connect to this\n"
- " web site using SSL until the certificate is renewed.\n",
- out);
- } else {
- char until[30] = "(unknown date)";
- ctime_r(&start, until);
- if (strlen(until) > 2) until[strlen(until)-1] = '\0';
- fprintf(out,
- " The certificate is not valid until %s.\n\n"
- " Browsers will not be able to correctly connect to this\n"
- " web site using SSL until the certificate becomes valid.\n",
- until);
- }
-
- fputs("\n"
- " ##########################################################\n"
- " Generated by certwatch(1)\n\n",
- out);
return 1;
}
@@ -191,7 +160,6 @@
static const struct option options[] = {
{ "quiet", no_argument, NULL, 'q' },
{ "period", required_argument, NULL, 'p' },
- { "address", required_argument, NULL, 'a' },
{ NULL }
};
@@ -207,9 +175,6 @@
case 'p':
warn_period = atoi(optarg);
break;
- case 'a':
- warn_address = strdup(optarg);
- break;
default:
exit(2);
}
diff -Naur certwatch-1.0/certwatch.cron certwatch-1.0-mdv/certwatch.cron
--- certwatch-1.0/certwatch.cron 2007-05-14 22:27:57.000000000 +0200
+++ certwatch-1.0-mdv/certwatch.cron 2007-05-14 22:31:05.000000000 +0200
@@ -1,33 +1,8 @@
-#!/bin/bash
-#
-# Issue warning e-mails if SSL certificates expire, using
-# certwatch(1). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
-# to disable. Pass additional options to certwatch in the
-# CERTWATCH_OPTS variable; see the man page for details.
-#
+#!/bin/sh
-[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
+CERTDIR=/etc/pki/tls/certs
+[ -r /etc/sysconfig/certwatch ] && . /etc/sysconfig/certwatch
-# Use configured httpd binary
-httpd=${HTTPD-/usr/sbin/httpd}
-
-# Sanity checks
-test -z "${NOCERTWATCH}" || exit 0
-test -x ${httpd} || exit 0
-test -x /usr/bin/certwatch || exit 0
-test -r /etc/httpd/conf/httpd.conf || exit 0
-test -x /usr/sbin/sendmail || exit 0
-test -x /etc/httpd/modules/mod_ssl.so || exit 0
-test -x /bin/sort || exit 0
-
-set -o pipefail # pick up exit code of httpd not sort
-
-certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
-RETVAL=$?
-test $RETVAL -eq 0 || exit 0
-
-for c in $certs; do
- # Check whether a warning message is needed, then issue one if so.
- /usr/bin/certwatch $CERTWATCH_OPTS -q "$c" &&
- /usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
+for cert in $CERTDIR/*.pem; do
+ /usr/bin/certwatch $CERTWATCH_OPTS $cert
done
diff -Naur certwatch-1.0/certwatch.xml certwatch-1.0-mdv/certwatch.xml
--- certwatch-1.0/certwatch.xml 2007-05-14 22:27:51.000000000 +0200
+++ certwatch-1.0-mdv/certwatch.xml 2007-05-14 22:39:15.000000000 +0200
@@ -30,12 +30,12 @@
<title>Description</title>
<para>The <command>certwatch</command> program is used to issue
- warning mail when an SSL certificate is about to expire.</para>
+ warnings when an SSL certificate is about to expire.</para>
<para>The program has two modes of operation: normal mode and
quiet mode. In normal mode, the certificate given by the
<replaceable>filename</replaceable> argument is examined, and a
- warning email is issued to standard output if the certificate is
+ warning is issued to standard output if the certificate is
outside its validity period, or approaching expiry. If the
certificate cannot be found, or any errors occur whilst parsing
the certificate, the certificate is ignored and no output is
@@ -69,15 +69,6 @@
day.</simpara></listitem>
</varlistentry>
- <varlistentry>
- <term><option>--address <replaceable>address</replaceable></option>,
- <option>-a <replaceable>address</replaceable></option></term>
-
- <listitem><simpara>Specify the address used in the To field of
- the warning e-mail issued if quiet mode is not enabled. The
- default is <literal>root</literal>.</simpara></listitem>
- </varlistentry>
-
</variablelist>
</refsect1>
@@ -109,12 +100,8 @@
<para>The <command>certwatch</command> program is run daily by
<command>crond</command> from the file
<filename>/etc/cron.daily/certwatch</filename> to warn about the
- imminent expiry of SSL certificates configured for use in the
- Apache HTTP server. This warning can be disabled by adding the
- line: <literal>NOCERTWATCH=yes</literal> to the file
- <filename>/etc/sysconfig/httpd</filename>. Options to pass to
- certwatch can be specified in that file in the
- <literal>CERTWATCH_OPTS</literal> environment variable.</para>
+ imminent expiry of SSL certificates found in system certificate
+ directory.</para>
</refsect1>
distrib
>
Mandriva
>
2010.2
>
i586
>
media
>
contrib-release-src
>
by-pkgid
>
4e8297c5eaef13d33d543bfb9420a2fd
>
files
>
1
