Fix: certificate check does not function as expected (#36)

MSS970 · web-flow · commit 156815df15c1 · 2025-03-13T17:37:06.000-04:00
* Update poller_servcheck.php /* let PHP run just as long as it has to */ // modified by MSS on 2025-03-08 //ini_set('max_execution_time', '120'); * Update servcheck_process.php Fix a bug in the certificate check * Update servcheck_test.php Enhancement on the graph page * Update setup.php Add 30 days to check the certificate validity * Update functions.php Finetune the graph display. * Update tests.php Fix bugs related to CA certificate Fix typos * Update CHANGELOG.md Fix certificate check does not function as expected #35 * Update servcheck_process.php Revise the date format. * Update servcheck_process.php Finetuning the date format * Update CHANGELOG.md Fix certificate check does not function as expected #36 * Update CHANGELOG.md * issue#36: Fix certificate check does not function as expected * Update functions.php * issue#36: Fix certificate check does not function as expected * Update tests.php * issue#36: Fix certificate check does not function as expected * Update servcheck_process.php removing undesired commented lines. * Update poller_servcheck.php /* let PHP run just as long as it has to */ ini_set('max_execution_time', '270'); and removing sleep(2) after exec background * Update CHANGELOG.md issue#35: Fix certificate check does not function as expected * Update servcheck_process.php (isset($test['expiry_date']) ? $test['expiry_date'] : 'Invalid Expiry Date')
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 --- develop ---
 
+* issue#35: Fix certificate check does not function as expected
 * issue#2: Fix graph legend overlap
 * issue#31: Fix poller_servcheck.php does not run any test when it runs automatically from cacti poller
 * issue: Unable to save poller for service check
diff --git a/includes/functions.php b/includes/functions.php
@@ -212,6 +212,25 @@ function plugin_servcheck_graph ($id, $interval) {
 
 	$chart_data = json_encode($chart);
 
+// The below block can be used as part of the debuggin to display the data retrieved along with the graph.
+// Uncomment/Comment as required.
+/*
+print '<style>
+    .json-output {
+        max-width: 800px; 
+        overflow-wrap: break-word; 
+        word-wrap: break-word;
+        white-space: pre-wrap;
+        border: 1px solid #ccc;
+        padding: 10px;
+        background-color: #f9f9f9;
+    }
+</style>';
+print '<pre class="json-output">';
+var_dump($chart_data);
+print '</pre>';
+*/
+
 	$content  = '<div id="chart_' . $xid. '"></div>';
 	$content  .= '<div id="legend_container_' . $xid. '" style="display: flex; flex-direction: column; align-items: flex-start;">';
 	$content  .= '<div id="legend_' . $xid. '" style="margin-top: 10px;"></div>';
diff --git a/includes/tests.php b/includes/tests.php
@@ -22,7 +22,9 @@
  +-------------------------------------------------------------------------+
 */
 
-$user_agent = 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1';
+// $user_agent can be of user's choice e.g. Linux or Windows based
+$user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36';
+
 $ca_info = $config['base_path'] . '/plugins/servcheck/ca-bundle.crt';
 
 function curl_try ($test) {
@@ -112,8 +114,10 @@ function curl_try ($test) {
 	$process = curl_init($url);
 
 	if ($test['ca'] > 0) {
-		$ca_info = '/tmp/cert' . $test['ca'] . '.pem';
+		$ca_info = $config['base_path'] . '/plugins/servcheck/ca_cert_' . $test['ca'] . '.pem'; // The folder /plugins/servcheck does exist, hence the ca_cert_x.pem can be created here
 		plugin_servcheck_debug('Preparing own CA chain file ' . $ca_info , $test);
+		// CURLOPT_CAINFO is to updated based on the custom CA certificate
+		$options[CURLOPT_CAINFO] = $ca_info;
 
 		$cert = db_fetch_cell_prepared('SELECT cert FROM plugin_servcheck_ca WHERE id = ?',
 			array($test['ca']));
@@ -187,7 +191,6 @@ function curl_try ($test) {
 		$options[CURLOPT_CERTINFO] = true;
 	}
 
-
 	plugin_servcheck_debug('cURL options: ' . clean_up_lines(var_export($options, true)));
 
 	curl_setopt_array($process,$options);
@@ -370,7 +373,7 @@ function dns_try ($test) {
 /*
 there are 2 problems:
 - when to terminate the connection - curl can't easily set "disconnect on first received message".
-	I callcall back and if any data is returned, the connection is terminated (42).
+	I call back and if any data is returned, the connection is terminated (42).
 	If no data is returned, the test timeouts (28)
 - the data is not returned the same way as with other services, I have to capture it in a file
 */
@@ -552,9 +555,11 @@ function doh_try ($test) {
 
 	$process = curl_init($url);
 
-	if ($test['ca'] > 0) {
-		$ca_info = '/tmp/cert' . $test['ca'] . '.pem';
+	if ($test['ca'] > 0) { 
+		$ca_info = $config['base_path'] . '/plugins/servcheck/cert_' . $test['ca'] . '.pem'; // The folder /plugins/servcheck does exist, hence the ca_cert_x.pem can be created here
 		plugin_servcheck_debug('Preparing own CA chain file ' . $ca_info , $test);
+		// CURLOPT_CAINFO is to updated based on the custom CA certificate
+		$options[CURLOPT_CAINFO] = $ca_info;
 
 		$cert = db_fetch_cell_prepared('SELECT cert FROM plugin_servcheck_ca WHERE id = ?',
 			array($test['ca']));
diff --git a/poller_servcheck.php b/poller_servcheck.php
@@ -23,7 +23,7 @@
 */
 
 /* let PHP run just as long as it has to */
-ini_set('max_execution_time', '120');
+ini_set('max_execution_time', '270');
 
 $dir = dirname(__FILE__);
 chdir($dir);
@@ -125,7 +125,7 @@
 	$sql_condition,
 	array($poller_id));
 
-$max_processes = 12;
+$max_processes = 32;
 
 if (cacti_sizeof($tests)) {
 	foreach($tests as $test) {
@@ -140,10 +140,8 @@
 			$command_string = read_config_option('path_php_binary');
 			$extra_args     = '-q "' . $config['base_path'] . '/plugins/servcheck/servcheck_process.php" --id=' . $test['id'] . ($debug ? ' --debug':'');
 			exec_background($command_string, $extra_args);
-
-			sleep(2);
 		} else {
-			sleep(2);
+			sleep(1);
 
 			db_execute_prepared('DELETE FROM plugin_servcheck_processes
 				WHERE time < FROM_UNIXTIME(?)
diff --git a/servcheck_process.php b/servcheck_process.php
@@ -207,7 +207,9 @@
 		$parsed = date_parse_from_format('M j H:i:s Y e', $results['options']['certinfo'][0]['Expire date']);
 		$exp = mktime($parsed['hour'], $parsed['minute'], $parsed['second'], $parsed['month'], $parsed['day'], $parsed['year']);
 		$test['days'] = round(($exp - time()) / 86400);
-		$test['expiry_date'] = $parsed['day'] . '. ' . $parsed['month'] . '. ' . $parsed['year'];
+		$test['expiry_date'] = str_pad($parsed['day'], 2, '0', STR_PAD_LEFT) . '-' . 
+								date('M', mktime(0, 0, 0, $parsed['month'], 10)) . '-' . 
+								$parsed['year'];
 	}
 }
 
@@ -230,7 +232,7 @@
 }
 
 if ($last_log['result'] != $results['result'] || $last_log['result_search'] != $results['result_search'] ||
-	($test['certexpirenotify'] && $test_expiry_days > 0 && $test['days'] < $cert_expiry_days)) {
+	($test['certexpirenotify'] && $cert_expiry_days > 0 && $test['days'] < $cert_expiry_days)) {
 
 	plugin_servcheck_debug('Checking for trigger', $test);
 
@@ -270,7 +272,7 @@
 			array($test['id']));
 
 		if ($new_notify < time()) {
-			plugin_servcheck_debug('Certificate expired soon, will notify about expiration', $test);
+			plugin_servcheck_debug('Certificate will expire soon, will notify about expiration', $test);
 
 			$sendemail = true;
 			$new_notify_expire = true;
@@ -456,7 +458,7 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 			$message[0]['text'] .= 'Total Time: ' . $results['options']['total_time'] . PHP_EOL;
 
 			if ($test['certexpirenotify']) {
-				$message[0]['text'] .= 'Certificate expire in ' . $test['days'] . ' days (' . $test['expiry_date'] . ')' . PHP_EOL;
+				$message[0]['text'] .= 'Certificate expires in ' . $test['days'] . ' days (' . (isset($test['expiry_date']) ? $test['expiry_date'] : 'Invalid Expiry Date') . ')' . PHP_EOL;
 			}
 			if ($test['notes'] != '') {
 				$message[0]['text'] .= PHP_EOL . 'Notes: ' . $test['notes'] . PHP_EOL;
@@ -465,18 +467,18 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 
 		// search string notification
 		if ($last_log['result_search'] != $results['result_search']) {
-			$message[1]['subject'] = '[Cacti servcheck] Service ' . $test['display_name'] . ' - changed search string';
+			$message[1]['subject'] = '[Cacti servcheck] Service: ' . $test['display_name'] . ' search result is different than last check';
 
 			$message[1]['text'] = 'Hostname: ' . $test['hostname'] . PHP_EOL;
 
 			if (!is_null($test['path'])) {
 				$message[1]['text'] .= 'Path: ' . $test['path'] . PHP_EOL;
 			}
 
-			$message[1]['text'] .= 'Date: ' . date('F j, Y - h:i:s', $results['time']) . PHP_EOL;
+			$message[1]['text'] .= 'Date: ' . date('d-b-Y h:i:s p', $results['time']) . PHP_EOL;
 
 			if ($test['certexpirenotify']) {
-				$message[1]['text'] .= 'Certificate expire in ' . $test['days'] . ' days (' . $test['expiry_date'] . ')' . PHP_EOL;
+				$message[1]['text'] .= 'Certificate expires in ' . $test['days'] . ' days (' . (isset($test['expiry_date']) ? $test['expiry_date'] : 'Invalid Expiry Date') . ')' . PHP_EOL;
 			}
 
 			if (!is_null($test['http_code'])) {
@@ -493,18 +495,16 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 		}
 
 		if ($test['certexpirenotify'] && $cert_expiry_days > 0 && $test['days'] < $cert_expiry_days) {
-			$message[2]['subject'] = '[Cacti servcheck] Certificate will expired in less than ' . $cert_expiry_days . ' days: ' . $test['display_name'];
+			$message[2]['subject'] = '[Cacti servcheck] Certificate will expire in less than ' . $cert_expiry_days . ' days: ' . $test['display_name'];
 			$message[2]['text'] = 'Site ' . $test['display_name'] . PHP_EOL;
 
 			$message[2]['text'] .= 'Hostname: ' . $test['hostname'] . PHP_EOL;
 
 			if (!is_null($test['path'])) {
 				$message[2]['text'] .= 'Path: ' . $test['path'] . PHP_EOL;
 			}
-
-			$message[2]['text'] .= 'Certificate expiration date:' . $test['expiry_date'] . PHP_EOL;
-
-			$message[2]['text'] .= 'Date: '       . date('F j, Y - h:i:s', $results['time']) . PHP_EOL;
+			$message[2]['text'] .= 'Certificate expiry date:' . (isset($test['expiry_date']) ? $test['expiry_date'] : 'Invalid Expiry Date') . PHP_EOL;
+			$message[2]['text'] .= 'Date: '       . date('d-b-Y h:i:s p', $results['time']) . PHP_EOL;
 
 			if ($test['notes'] != '') {
 				$message[2]['text'] .= PHP_EOL . 'Notes: ' . $test['notes'] . PHP_EOL;
@@ -530,10 +530,10 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 			}
 
 			$message[0]['text'] .= '<tr><td>Status:</td><td>' . ($results['result'] == 'ok' ? 'Recovering' : 'Down') . '</td></tr>' . PHP_EOL;
-			$message[0]['text'] .= '<tr><td>Date:</td><td>' . date('F j, Y - h:i:s', $results['time']) . '</td></tr>' . PHP_EOL;
+			$message[0]['text'] .= '<tr><td>Date:</td><td>' . date('d-b-Y h:i:s p', $results['time']) . '</td></tr>' . PHP_EOL;
 
 			if ($test['certexpirenotify']) {
-				$message[0]['text'] .= '<tr><td>Certificate expire in: </td><td> ' . $test['days'] . ' days (' . $test['expiry_date'] . ')' . '</td></tr>' . PHP_EOL;
+				$message[0]['text'] .= '<tr><td>Certificate expires in: </td><td> ' . $test['days'] . ' days (' . (isset($test['expiry_date']) ? $test['expiry_date'] : 'Invalid Expiry Date') . ')' . '</td></tr>' . PHP_EOL;
 			}
 
 			if (isset($results['options']['http_code'])) {
@@ -567,7 +567,7 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 
 		// search string notification
 		if ($last_log['result_search'] != $results['result_search']) {
-			$message[1]['subject'] = '[Cacti servcheck] Service ' . $test['display_name'] . ' - changed search string';
+			$message[1]['subject'] = '[Cacti servcheck] Service ' . $test['display_name'] . ' search result is different than last check';
 
 			$message[1]['text']  = '<h3>' . $message[1]['subject'] . '</h3>' . PHP_EOL;
 			$message[1]['text'] .= '<hr>';
@@ -579,11 +579,10 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 			if (!is_null($test['path'])) {
 				$message[1]['text'] .= '<tr><td>Path:</td><td>' . $test['path'] . '</td></tr>' . PHP_EOL;
 			}
-
-			$message[1]['text'] .= '<tr><td>Date:</td><td>' . date('F j, Y - h:i:s', $results['time']) . '</td></tr>' . PHP_EOL;
+			$message[1]['text'] .= '<tr><td>Date:</td><td>' . date('d-b-Y h:i:s p', $results['time']) . '</td></tr>' . PHP_EOL;
 
 			if ($test['certexpirenotify']) {
-				$message[1]['text'] .= '<tr><td>Certificate expire in: </td><td> ' . $test['days'] . ' days' . '</td></tr>' . PHP_EOL;
+				$message[1]['text'] .= '<tr><td>Certificate expires in: </td><td> ' . $test['days'] . ' days (' . (isset($test['expiry_date']) ? $test['expiry_date'] : 'Invalid Expiry Date') . ')' . '</td></tr>' . PHP_EOL;
 			}
 
 			$message[1]['text'] .= '<tr><td>Previous search:</td><td>' . $last_log['result_search'] . '</td></tr>' . PHP_EOL;
@@ -595,8 +594,7 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 		}
 
 		if ($test['certexpirenotify'] && $cert_expiry_days > 0 && $test['days'] < $cert_expiry_days) {
-
-			$message[2]['subject'] = '[Cacti servcheck] Certificate will expired in less than ' . $cert_expiry_days . ' days: ' . $test['display_name'];
+			$message[2]['subject'] = '[Cacti servcheck] Certificate will expire in less than ' . $cert_expiry_days . ' days: ' . $test['display_name'];
 			$message[2]['text']  = '<h3>' . $message[2]['subject'] . '</h3>' . PHP_EOL;
 			$message[2]['text'] .= '<hr>';
 
@@ -607,9 +605,10 @@ function plugin_servcheck_send_notification($results, $test, $type, $last_log) {
 			if (!is_null($test['path'])) {
 				$message[2]['text'] .= '<tr><td>Path:</td><td>' . $test['path'] . '</td></tr>' . PHP_EOL;
 			}
-			$message[2]['text'] .= '<tr><td>Date:</td><td>' . date('F j, Y - h:i:s', $results['time']) . '</td></tr>' . PHP_EOL;
+			$message[2]['text'] .= '<tr><td>Date:</td><td>' . date('d-b-Y h:i:s p', $results['time']) . '</td></tr>' . PHP_EOL;
+
+			$message[2]['text'] .= '<tr><td>Certificate expires in: </td><td> ' . $test['days'] . ' days (' . (isset($test['expiry_date']) ? $test['expiry_date'] : 'Invalid Expiry Date') . ')' . '</td></tr>' . PHP_EOL;
 
-			$message[2]['text'] .= '<tr><td>Certificate expire in: </td><td> ' . $test['days'] . ' days (' . $test['expiry_date'] . ')' . '</td></tr>' . PHP_EOL;
 			$message[2]['text'] .= '</table>' . PHP_EOL;
 
 			if ($test['notes'] != '') {
diff --git a/servcheck_test.php b/servcheck_test.php
@@ -918,12 +918,12 @@ function servcheck_show_graph() {
 		WHERE id = ?',
 		array($id));
 
-	print '<br/><br/><b>' . html_escape($result['display_name']) . ':</b><br/>';
+	print '<b>' . html_escape($result['display_name']) . ':</b><br/>';
 
 	foreach ($graph_interval as $key => $value) {
-		print ($value) . ': ';
+		print '<b>' . ($value) . ':</b>';
 		plugin_servcheck_graph ($id, $key);
-		print '<br/><br/>';
+		print '<br/><hr style="width: 50%; margin-left: 0; margin-right: auto;"><br/>'; //print line below the graph.
 	}
 }
 
@@ -944,9 +944,10 @@ function servcheck_show_last_data() {
 		WHERE id = ?',
 		array($id));
 
-	print '<br/><br/><b>' . __('Last returned data of test', 'servcheck') . ' ' . html_escape($result['display_name']) . ':</b><br/>';
+	print '<b>' . __('Last returned data of test', 'servcheck') . ' ' . html_escape($result['display_name']) . ':</b><br/>';
 
-	print '<pre>' . html_escape($result['last_returned_data']) . '</pre>';
+	//print '<pre>' . html_escape($result['last_returned_data']) . '</pre>';
+	print '<style> pre {white-space: pre-wrap; word-wrap: break-word; overflow-wrap: break-word; max-width: 25%; width: 25%}</style><pre>' . html_escape($result['last_returned_data']) . '</pre>';
 }
 
 function list_tests() {
diff --git a/setup.php b/setup.php
@@ -357,6 +357,7 @@ function servcheck_config_settings() {
 				'3'  => __('3 days before', 'servcheck'),
 				'7'  => __('1 week before', 'servcheck'),
 				'21' => __('3 weeks before', 'servcheck'),
+				'30' => __('30 days before', 'servcheck'),
 			),
 			'default' => 7
 		),
