Re: "Regression testing" for sysadmin problems
- From: Jeff Schroeder <jeffschroeder computer org>
- To: Tobias Mueller <muelli cryptobitch de>
- Cc: Owen Taylor <otaylor redhat com>, gnome-infrastructure gnome org
- Subject: Re: "Regression testing" for sysadmin problems
- Date: Fri, 14 Oct 2011 15:42:56 -0700
On Fri, Oct 14, 2011 at 3:24 PM, Tobias Mueller <muelli cryptobitch de> wrote:
> Heya :-)
>
> Note that you can replace the following
> On 14.10.2011 00:30, Owen Taylor wrote:
>> process = subprocess.Popen(['openssl', 's_client', '-host', host, '-port', '443'],
>> stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
>> output, error = process.communicate("")
>> if process.returncode != 0:
>> print "Failed to download cert from", host
>> print error
>> return None
>>
>> cert_lines = []
>>
>> i = output.split('\n').__iter__()
>>
>> for line in i:
>> if re.match('-----BEGIN CERTIFICATE-----', line):
>> cert_lines.append(line)
>> break
>>
>> for line in i:
>> cert_lines.append(line)
>> if re.match('-----END CERTIFICATE-----', line):
>> break
>>
>> cert = '\n'.join(cert_lines)
>
> With smth like:
> import ssl
> addr_port = (settings.SERVER_ADDRESS,
> settings.SERVER_SSL_PORT)
> cert = ssl.get_server_certificate(addr_port)
Honestly you shouldn't NIH so badly here. Forking openssl from python
seems unnecessary. Just install the nagios plugins and use check_http.
Have the script to check the certs loop over a list of domains and run
check_http with the flags to check the cert expiry. Then just use the
return code to fail or not.
--
Jeff Schroeder
Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
