From 1aa64e47e5eacdea702eba5d735a019d8476d312 Mon Sep 17 00:00:00 2001
From: Michael Howe <michael@michaelhowe.org>
Date: Fri, 17 Jun 2011 18:18:18 +0000
Subject: [PATCH] Fixed check_cert plugin to work with IPv6

---
 debian/changelog   |  6 ++++++
 plugins/check_cert | 21 ++++++++++++++-------
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 92f42e7..b279b73 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+nagios-plugins-local (0.3) unstable; urgency=low
+
+  * check_cert plugin now handles IPv6 
+
+ -- Michael Howe <michael@michaelhowe.org>  Fri, 17 Jun 2011 19:17:44 +0100
+
 nagios-plugins-local (0.2) unstable; urgency=low
 
   * Added check_ldaps_ip plugin
diff --git a/plugins/check_cert b/plugins/check_cert
index d555581..204cd03 100755
--- a/plugins/check_cert
+++ b/plugins/check_cert
@@ -95,7 +95,14 @@ my $certdata;
 my $host = $uri->opaque();
 $host =~ s/^\/+//;
 my $port = undef;
-if ($host =~ s/:(\d+)//) {
+if( $host =~ m/\[([0-9A-F:]+)\](?::(\d+))?/i ){
+    # It's an IPv6 host, with an optional port
+    $host = $1;
+    if( $2 ){
+        $port = $2;
+    }
+    # If we've only got one : assume it's a port
+} elsif ( $host !~ m{:.*:} and $host =~ s/:(\d+)$//) {
     $port = $1;
 }
 $host ||= 'localhost';
@@ -106,27 +113,27 @@ if ($scheme eq 'file') {
 } elsif ($scheme eq 'https') {
     $port ||= 443;
 
-    $certdata = s_client("", "-connect $host:$port");
+    $certdata = s_client("", "--port $port $host");
 
 } elsif ($scheme eq 'imaps') {
     $port ||= 993;
 
-    $certdata = s_client(". logout", "-connect $host:$port");
+    $certdata = s_client(". logout", "--port $port $host");
 
 } elsif ($scheme eq 'ldaps') {
     $port ||= 636;
 
-    $certdata = s_client("", "-connect $host:$port");
+    $certdata = s_client("", "--port $port $host");
 
 } elsif ($scheme eq 'smtp') {
     $port ||= 25;
 
-    $certdata = s_client("quit", "-starttls smtp -connect $host:$port");
+    $certdata = s_client("quit", "--starttls --port $port $host");
 
 } elsif ($scheme eq 'smtps') {
     $port ||= 465;
 
-    $certdata = s_client("quit", "-connect $host:$port");
+    $certdata = s_client("quit", "--port $port $host");
 
 } else {
     usage(message => "unsupported scheme ($scheme)");
@@ -194,7 +201,7 @@ exit($ERRORS{'OK'});
 sub s_client {
     my ($command, $arguments) = @_;
 
-    return(parse_certificate(scalar(`/bin/echo $command | /usr/bin/openssl s_client $arguments 2>/dev/null | /usr/bin/openssl x509 -text 2>/dev/null`)));
+    return(parse_certificate(scalar(`/bin/echo $command | /usr/bin/gnutls-cli --insecure --print-cert $arguments 2>/dev/null | /usr/bin/openssl x509 -text 2>/dev/null`)));
 }
 
 sub read_file {
-- 
2.39.5