[check_cert] Prise en charge du STARTTLS sur le port 25 pour ovh et titanic

utils/check_cert.py

@@ -24,6 +24,10 @@
 
 from M2Crypto import SSL
 from M2Crypto import X509
+import ssl
+import socket
+
+import time
 import datetime
 import sys
 
@@ -67,7 +71,7 @@ for arg in sys.argv[1:]:
 #
 if filename:
     cert = X509.load_cert(host)
-else:
+elif port != 25:
     conn = SSL.Connection(SSL.Context())
     try:
         conn.connect((host, port))
@@ -77,20 +81,34 @@ else:
 
     cert = conn.get_peer_cert()
     conn.close()
+    expire_date = cert.get_not_after().get_datetime()
+    subject = cert.get_subject.as_text()
+    try:
+        altname = "(alt: %s)" % cert.get_ext('subjectAltName').get_value()
+    except LookupError:
+        altname = ""
+else:    
+    smtp = socket.socket()
+    smtp.connect((host, port))
+    resp = smtp.recv(4096)
+    smtp.send("EHLO localhost\n")
+    resp = smtp.recv(4096)
+    smtp.send("STARTTLS\n")
+    resp = smtp.recv(4096)
+    smtp = ssl.wrap_socket(smtp, cert_reqs=ssl.CERT_REQUIRED, ca_certs="/etc/ssl/certs/ca-certificates.crt")
+    cert = smtp.getpeercert()
+    # DROOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOGUES
+    expire_date = datetime.datetime.fromtimestamp(time.mktime(time.strptime(cert['notAfter'], "%b %d %H:%M:%S %Y %Z")))
+    subject = cert["subject"][0][0][1].decode("UTF-8")
+    altname = ""
 
 #
 # Real computation (woah !)
 #
-expire_date = cert.get_not_after().get_datetime()
 now = datetime.datetime.now(expire_date.tzinfo)
-
 if now + delay > expire_date or verb:
-    subject = cert.get_subject().as_text()
     short_sub = subject
-    try:
+    subject += altname
-        subject += "(alt: %s)" % cert.get_ext('subjectAltName').get_value()
-    except LookupError:
-        pass
     msg = MIMEText(u"""Attention, le certificat suivant arrive bientôt à expiration :\n%s\n
 Temps avant expiration: %s""" % (subject,(expire_date - now)), _charset="utf-8")
     msg['From'] = mail_src