From f3917e15956e741e8b47bf98f95297b56391a4f5 Mon Sep 17 00:00:00 2001
From: Simon Tennant <simon@buddycloud.com>
Date: Thu, 3 Oct 2013 09:50:57 +0200
Subject: [PATCH] Support SNI in the certificate checking

plugin was checking the first vhost rather than the correct vhost's ssl certificate validity.
---
 plugins/ssl/ssl_ | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/ssl/ssl_ b/plugins/ssl/ssl_
index 2b7d1407..7f02b99d 100644
--- a/plugins/ssl/ssl_
+++ b/plugins/ssl/ssl_
@@ -46,7 +46,7 @@ case $1 in
         ;;
 esac
 
-cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -connect "${SITE}:443" 2>/dev/null);
+cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:443" 2>/dev/null);
 
 if [[ "${cert}" = *"-----BEGIN CERTIFICATE-----"* ]]; then
   echo "${cert}" | openssl x509 -noout -enddate | awk -F= 'BEGIN { split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", month, " "); for (i=1; i<=12; i++) mdigit[month[i]] = i; } /notAfter/ { split($0,a,"="); split(a[2],b," "); split(b[3],time,":"); datetime=b[4] " " mdigit[b[1]] " " b[2] " " time[1] " " time[2] " " time[3]; days=(mktime(datetime)-systime())/86400; print "expire.value " days; }'