115 lines
3.4 KiB
Perl
Executable File
115 lines
3.4 KiB
Perl
Executable File
#!/usr/bin/perl
|
|
use strict;
|
|
my $VERSION = '0.1';
|
|
my $COPYRIGHT = 'Copyright (C) 2005-2011 Jonathan Buhacoff <jonathan@buhacoff.net>';
|
|
my $LICENSE = 'http://www.gnu.org/licenses/gpl.txt';
|
|
my %status = ( 'OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3 );
|
|
|
|
use Getopt::Long;
|
|
use Mail::IMAPClient;
|
|
use IO::Socket::SSL;
|
|
use Net::SSLeay;
|
|
|
|
# get options from command line
|
|
Getopt::Long::Configure("bundling");
|
|
my $verbose = 0;
|
|
my $help = "";
|
|
my $help_usage = "";
|
|
my $show_version = "";
|
|
my $imap_server = "";
|
|
my $default_imap_port = "143";
|
|
my $default_imap_ssl_port = "993";
|
|
my $imap_port = "";
|
|
my $timeout = 60;
|
|
my $ok;
|
|
$ok = Getopt::Long::GetOptions(
|
|
"V|version"=>\$show_version,
|
|
"v|verbose+"=>\$verbose,"h|help"=>\$help,"usage"=>\$help_usage,
|
|
# imap settings
|
|
"H|hostname=s"=>\$imap_server,"p|port=i"=>\$imap_port,
|
|
# time
|
|
"t|timeout=i"=>\$timeout
|
|
);
|
|
|
|
if( $show_version ) {
|
|
print "$VERSION\n";
|
|
exit $status{UNKNOWN};
|
|
}
|
|
|
|
if( $help ) {
|
|
exec "perldoc", $0 or print "Try `perldoc $0`\n";
|
|
exit $status{UNKNOWN};
|
|
}
|
|
|
|
if( $help_usage
|
|
||
|
|
( $imap_server eq "" )
|
|
) {
|
|
print "Usage: $0 -H host [-p port]\n";
|
|
exit $status{UNKNOWN};
|
|
}
|
|
|
|
my @certs = (); # we have to store the certs we get Net::SSLeay here so that we can output them in REVERSE order (server cert first, root cert last)
|
|
|
|
# connect to IMAP server
|
|
print "connecting to server $imap_server\n" if $verbose > 2;
|
|
my $imap;
|
|
eval {
|
|
local $SIG{ALRM} = sub { die "exceeded timeout $timeout seconds\n" }; # NB: \n required, see `perldoc -f alarm`
|
|
alarm $timeout;
|
|
|
|
$imap_port = $default_imap_ssl_port unless $imap_port;
|
|
my $socket = IO::Socket::SSL->new(
|
|
PeerAddr => "$imap_server:$imap_port",
|
|
SSL_verify_mode => 1,
|
|
SSL_ca_file => undef,
|
|
SSL_verifycn_scheme => 'imap',
|
|
SSL_verifycn_name => $imap_server,
|
|
SSL_verify_callback => \&ssl_printer
|
|
);
|
|
die IO::Socket::SSL::errstr() unless $socket;
|
|
$socket->autoflush(1);
|
|
$imap = Mail::IMAPClient->new(Socket=>$socket, Debug => 0 );
|
|
$imap->State(Mail::IMAPClient->Connected);
|
|
$imap->_read_line() if "$Mail::IMAPClient::VERSION" le "2.2.9"; # necessary to remove the server's "ready" line from the input buffer for old versions of Mail::IMAPClient. Using string comparison for the version check because the numeric didn't work on Darwin and for Mail::IMAPClient the next version is 2.3.0 and then 3.00 so string comparison works
|
|
# $imap->User($username);
|
|
# $imap->Password($password);
|
|
# $imap->login() or die "Cannot login: $@";
|
|
|
|
print join("\n",reverse(@certs));
|
|
alarm 0;
|
|
};
|
|
if( $@ ) {
|
|
chomp $@;
|
|
print "Could not connect to $imap_server port $imap_port: $@\n";
|
|
exit $status{CRITICAL};
|
|
}
|
|
unless( $imap ) {
|
|
print "Could not connect to $imap_server port $imap_port: $@\n";
|
|
exit $status{CRITICAL};
|
|
}
|
|
|
|
# deselect the mailbox
|
|
$imap->close();
|
|
|
|
# disconnect from IMAP server
|
|
print "disconnecting from server\n" if $verbose > 2;
|
|
$imap->logout();
|
|
|
|
|
|
exit $status{OK};
|
|
|
|
# see IO::Socket::SSL documentation for SSL_verify_callback:
|
|
sub ssl_printer {
|
|
my ($boolOpenSSLResult, $cmemCertificateStore, $strCertIssuerOwnerAttr, $strError, $cmemPeerCertificate) = @_;
|
|
warn "OpenSSL says certificate is " . ( $boolOpenSSLResult ? "valid" : "invalid" ) if $verbose > 0;
|
|
warn "Peer certificate: $strCertIssuerOwnerAttr" if $verbose > 0;
|
|
warn "Errors: $strError" if $verbose > 0;
|
|
#print Net::SSLeay::PEM_get_string_X509($cmemPeerCertificate);
|
|
push @certs, $strCertIssuerOwnerAttr . "\n" . Net::SSLeay::PEM_get_string_X509($cmemPeerCertificate);
|
|
}
|
|
|
|
package main;
|
|
1;
|
|
|