Skip to content

Commit 0b0b3e0

Browse files
drewandersonnzdrewandersonnz
authored
Merge pull request openshift#4015 from drewandersonnz/fix_ssl_cafile
add_ca_file and add_ca_path
2 parents ceb0eb0 + 6545fac commit 0b0b3e0

File tree

1 file changed

+13
-2
lines changed

1 file changed

+13
-2
lines changed

scripts/monitoring/cron-send-ssl-check.py

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ def parse_args():
5151
parser.add_argument('-v', '--verbose', action='store_true', default=None, help='Verbose?')
5252
parser.add_argument('-key', default="openshift.master.public.ssl.left", help='zabbix key')
5353
parser.add_argument('-l', '--list', nargs='+', help='domain that need to check', required=True)
54+
parser.add_argument('--add_ca_file', nargs='+', help='add CA certificate for validation', default=[], )
55+
parser.add_argument('--add_ca_path', nargs='+', help='add CA certificates from path for validation', default=[], )
5456
return parser.parse_args()
5557

5658
def send_metrics(day_left, zabbixkey, verbose):
@@ -65,7 +67,7 @@ def send_metrics(day_left, zabbixkey, verbose):
6567

6668

6769

68-
def get_ssl_certificate_expiry_days(domain_name):
70+
def get_ssl_certificate_expiry_days(domain_name, args=None, ):
6971
"""get the domain expired date"""
7072
ssl_port = 443
7173
#docker-registry.default.svc.cluster.local:5000
@@ -77,6 +79,15 @@ def get_ssl_certificate_expiry_days(domain_name):
7779
context.verify_mode = ssl.CERT_REQUIRED
7880
context.check_hostname = True
7981
context.load_default_certs()
82+
83+
for ca_file in args.add_ca_file:
84+
context.load_verify_locations(cafile=ca_file)
85+
logger.info("add_ca_file: " + ca_file)
86+
87+
for ca_path in args.add_ca_path:
88+
context.load_verify_locations(capath=ca_path)
89+
logger.info("add_ca_path: " + ca_path)
90+
8091
sock = context.wrap_socket(conn, server_hostname=domain_name)
8192
cert = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
8293
x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
@@ -108,7 +119,7 @@ def main():
108119
exception = None
109120
try:
110121
for url in urls:
111-
expire_day_left = get_ssl_certificate_expiry_days(url)
122+
expire_day_left = get_ssl_certificate_expiry_days(url, args=args, )
112123
if expire_day_small > expire_day_left:
113124
expire_day_small = expire_day_left
114125
#return the smallest day on this cluster

0 commit comments

Comments
 (0)