[Pkg-nagios-changes] [pkg-nagios-plugins-contrib] 05/13: check_ssl_cert: Updating to 1.17.0
Jan Wagner
waja at moszumanska.debian.org
Fri Mar 6 09:57:09 UTC 2015
This is an automated email from the git hooks/post-receive script.
waja pushed a commit to branch master
in repository pkg-nagios-plugins-contrib.
commit 5862270d08ec17fc78d1db65af614f2cf32fb152
Author: Jan Wagner <waja at cyconet.org>
Date: Wed Mar 4 16:30:38 2015 +0100
check_ssl_cert: Updating to 1.17.0
---
check_ssl_cert/check_ssl_cert-1.16.1/VERSION | 1 -
.../AUTHORS | 5 ++-
.../COPYING | 0
.../COPYRIGHT | 0
.../ChangeLog | 5 +++
.../INSTALL | 0
.../Makefile | 0
.../NEWS | 2 +
.../README | 3 +-
.../TODO | 1 +
check_ssl_cert/check_ssl_cert-1.17.0/VERSION | 1 +
.../check_ssl_cert | 44 ++++++++++++++++++----
.../check_ssl_cert.1 | 5 ++-
.../check_ssl_cert.spec | 14 ++++++-
.../test/cabundle.crt | 0
.../test/cacert.crt | 0
.../test/unit_tests.sh | 0
check_ssl_cert/control | 2 +-
check_ssl_cert/src | 2 +-
debian/control | 2 +-
20 files changed, 70 insertions(+), 17 deletions(-)
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/VERSION b/check_ssl_cert/check_ssl_cert-1.16.1/VERSION
deleted file mode 100644
index 41c11ff..0000000
--- a/check_ssl_cert/check_ssl_cert-1.16.1/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.16.1
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/AUTHORS b/check_ssl_cert/check_ssl_cert-1.17.0/AUTHORS
similarity index 89%
rename from check_ssl_cert/check_ssl_cert-1.16.1/AUTHORS
rename to check_ssl_cert/check_ssl_cert-1.17.0/AUTHORS
index 2c9a0a2..5d17e28 100644
--- a/check_ssl_cert/check_ssl_cert-1.16.1/AUTHORS
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/AUTHORS
@@ -1,4 +1,4 @@
-Matteo Corti <matteo.corti at id.ethz.ch>
+Matteo Corti <matteo at corti.li>
Thanks:
@@ -33,6 +33,9 @@ Thanks:
* Many thanks to Robin H. Johnson for the 'timeout' patch
* Many thanks to Max Winterstein for the SSL version patch
* Many thanks to Colin Smith for the RPM build Makefile patch
+* Many thanks to Andreas Dijkman for the RPM dependencies patch
+* Many thanks to Lawren Quigley-Jones for the common name patch
+* Many thanks to Ryan Nowakowski for the OCSP patch
# File version information:
# $Id: AUTHORS 1103 2009-12-07 07:49:19Z corti $
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/COPYING b/check_ssl_cert/check_ssl_cert-1.17.0/COPYING
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.16.1/COPYING
rename to check_ssl_cert/check_ssl_cert-1.17.0/COPYING
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/COPYRIGHT b/check_ssl_cert/check_ssl_cert-1.17.0/COPYRIGHT
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.16.1/COPYRIGHT
rename to check_ssl_cert/check_ssl_cert-1.17.0/COPYRIGHT
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/ChangeLog b/check_ssl_cert/check_ssl_cert-1.17.0/ChangeLog
similarity index 98%
rename from check_ssl_cert/check_ssl_cert-1.16.1/ChangeLog
rename to check_ssl_cert/check_ssl_cert-1.17.0/ChangeLog
index 4cd8b08..e3f7d92 100644
--- a/check_ssl_cert/check_ssl_cert-1.16.1/ChangeLog
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-21 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: added a patch to check revocation via OCSP (thanks
+ to Ryan Nowakowski)
+
2014-02-28 Matteo Corti <matteo.corti at id.ethz.ch>
* Makefile: added a target to build an rpm
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/INSTALL b/check_ssl_cert/check_ssl_cert-1.17.0/INSTALL
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.16.1/INSTALL
rename to check_ssl_cert/check_ssl_cert-1.17.0/INSTALL
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/Makefile b/check_ssl_cert/check_ssl_cert-1.17.0/Makefile
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.16.1/Makefile
rename to check_ssl_cert/check_ssl_cert-1.17.0/Makefile
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/NEWS b/check_ssl_cert/check_ssl_cert-1.17.0/NEWS
similarity index 96%
rename from check_ssl_cert/check_ssl_cert-1.16.1/NEWS
rename to check_ssl_cert/check_ssl_cert-1.17.0/NEWS
index e9ae445..799d587 100644
--- a/check_ssl_cert/check_ssl_cert-1.16.1/NEWS
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/NEWS
@@ -1,3 +1,5 @@
+2014-10-21 Version 1.17.0 Added an option to check revocation via OCSP
+2014-06-06 Version 1.16.2 Fixed a problem with -servername when -n was not specified
2014-02-28 Version 1.16.1 Added a Make target for the RPM package
2013-12-23 Version 1.16.0 Added an option to force TLS version 1
2013-07-29 Version 1.15.0 Added an option to force a certain SSL version (thanks
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/README b/check_ssl_cert/check_ssl_cert-1.17.0/README
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.16.1/README
rename to check_ssl_cert/check_ssl_cert-1.17.0/README
index b2c254b..2a47ccd 100644
--- a/check_ssl_cert/check_ssl_cert-1.16.1/README
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/README
@@ -31,6 +31,7 @@ Options:
-i,--issuer issuer pattern to match the issuer of the certificate
-n,---cn name pattern to match the CN of the certificate
-N,--host-cn match CN with the host name
+ --ocsp check revocation via OCSP
-o,--org org pattern to match the organization of the certificate
--openssl path path of the openssl binary to be used
-p,--port port TCP port
@@ -96,7 +97,7 @@ $ sudo security find-certificate -a \
Bugs:
=====
-Report bugs to: Matteo Corti <matteo.corti at id.ethz.ch>
+Report bugs to: Matteo Corti <matteo at corti.li>
# File version information:
# $Id: AUTHORS 1103 2009-12-07 07:49:19Z corti $
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/TODO b/check_ssl_cert/check_ssl_cert-1.17.0/TODO
similarity index 82%
rename from check_ssl_cert/check_ssl_cert-1.16.1/TODO
rename to check_ssl_cert/check_ssl_cert-1.17.0/TODO
index a4e6cd2..0a7746c 100644
--- a/check_ssl_cert/check_ssl_cert-1.16.1/TODO
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/TODO
@@ -1,5 +1,6 @@
* Nagios performance data (e.g., missing days)
* IPv6 support (e.g., through gnutls-cli)
+* test for https://revoked.grc.com (should give a critical status)
# File version information:
# $Id: AUTHORS 1103 2009-12-07 07:49:19Z corti $
diff --git a/check_ssl_cert/check_ssl_cert-1.17.0/VERSION b/check_ssl_cert/check_ssl_cert-1.17.0/VERSION
new file mode 100644
index 0000000..092afa1
--- /dev/null
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/VERSION
@@ -0,0 +1 @@
+1.17.0
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert b/check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert
similarity index 95%
rename from check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert
rename to check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert
index 8f71b63..2ff0135 100755
--- a/check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert
@@ -19,15 +19,15 @@
# enable substitution with:
# $ svn propset svn:keywords "Id Revision HeadURL Source Date"
#
-# $Id: check_ssl_cert 1353 2014-02-28 10:32:11Z corti $
-# $Revision: 1353 $
+# $Id: check_ssl_cert 1384 2014-11-29 15:08:58Z corti $
+# $Revision: 1384 $
# $HeadURL: https://svn.id.ethz.ch/nagios_plugins/check_ssl_cert/check_ssl_cert $
-# $Date: 2014-02-28 11:32:11 +0100 (Fri, 28 Feb 2014) $
+# $Date: 2014-11-29 16:08:58 +0100 (Sat, 29 Nov 2014) $
################################################################################
# Constants
-VERSION=1.16.1
+VERSION=1.17.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -75,6 +75,7 @@ usage() {
echo " -i,--issuer issuer pattern to match the issuer of the certificate"
echo " -n,--cn name pattern to match the CN of the certificate"
echo " -N,--host-cn match CN with the host name"
+ echo " --ocsp check revocation via OCSP"
echo " -o,--org org pattern to match the organization of the certificate"
echo " --openssl path path of the openssl binary to be used"
echo " -p,--port port TCP port"
@@ -98,7 +99,7 @@ usage() {
echo " -d,--days days minimum number of days a certificate has to be valid"
echo " (see --critical and --warning)"
echo
- echo "Report bugs to: Matteo Corti <matteo.corti at id.ethz.ch>"
+ echo "Report bugs to: Matteo Corti <matteo at corti.li>"
echo
exit 3
@@ -279,6 +280,8 @@ main() {
-s|--selfsigned) SELFSIGNED=1; shift ;;
--tls1) SSL_VERSION="-tls1"; shift ;;
+
+ --ocsp) OCSP=1; shift ;;
-v|--verbose) VERBOSE=1; shift ;;
@@ -552,8 +555,6 @@ main() {
if [ -n "${COMMON_NAME}" ] ; then
SERVERNAME="-servername ${COMMON_NAME}"
- else
- SERVERNAME="-servername ${HOST}"
fi
else
@@ -577,6 +578,13 @@ main() {
unknown 'temporary file creation failure.'
fi
+ if [ -n "${OCSP}" ] ; then
+ ISSUER_CERT=$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )
+ if [ -z "${ISSUER_CERT}" ] || [ ! -w "${ISSUER_CERT}" ] ; then
+ unknown 'temporary file creation failure.'
+ fi
+ fi
+
if [ -n "${VERBOSE}" ] ; then
echo "downloading certificate to ${TMPDIR}"
fi
@@ -593,7 +601,7 @@ main() {
# cleanup before program termination
# using named signals to be POSIX compliant
- trap 'rm -f $CERT $ERROR' EXIT HUP INT QUIT TERM
+ trap 'rm -f $CERT $ERROR $ISSUER_CERT' EXIT HUP INT QUIT TERM
fetch_certificate
@@ -653,6 +661,9 @@ main() {
CA_O=$($OPENSSL x509 -in "${CERT}" -issuer -noout | sed -e "s/^.*\/O=//" -e "s/\/[A-Z][A-Z]*=.*\$//")
CA_CN=$($OPENSSL x509 -in "${CERT}" -issuer -noout | sed -e "s/^.*\/CN=//" -e "s/\/[A-Za-z][A-Za-z]*=.*\$//")
+ OCSP_URI=$($OPENSSL x509 -in "${CERT}" -ocsp_uri -noout)
+
+ ISSUER_URI=$($OPENSSL x509 -in "${CERT}" -text -noout | grep "CA Issuers" | sed -e "s/^.*CA Issuers - URI://")
################################################################################
# Generate the long output
@@ -800,6 +811,23 @@ EOF
fi
################################################################################
+ # check revocation via OCSP
+
+ if [ -n "${OCSP}" ]; then
+
+ curl --silent "${ISSUER_URI}" > "${ISSUER_CERT}"
+
+ if file "${ISSUER_CERT}" | grep -q ': data' ; then
+ openssl x509 -inform DER -outform PEM -in "${ISSUER_CERT}" -out "${ISSUER_CERT}"
+ fi
+
+ if "$OPENSSL" ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" 2>&1 | grep -qi "revoked" ; then
+ critical "certificate is revoked"
+ fi
+
+ fi
+
+ ################################################################################
# check the organization
if [ -n "$ORGANIZATION" ] ; then
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert.1 b/check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert.1
similarity index 96%
rename from check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert.1
rename to check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert.1
index 76bf047..01b997b 100644
--- a/check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert.1
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert.1
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
-.TH "check_ssl_cert" 1 "May, 2013" "1.16.1" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "October, 2014" "1.17.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
@@ -55,6 +55,9 @@ pattern to match the CN of the certificate
.BR "-N,--host-cn"
match CN with the host name
.TP
+.BR "--ocsp"
+check revocation via OCSP
+.TP
.BR "-o,--org" " org"
pattern to match the organization of the certificate
.TP
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert.spec b/check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert.spec
similarity index 93%
rename from check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert.spec
rename to check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert.spec
index 521fd30..bed6bcd 100644
--- a/check_ssl_cert/check_ssl_cert-1.16.1/check_ssl_cert.spec
+++ b/check_ssl_cert/check_ssl_cert-1.17.0/check_ssl_cert.spec
@@ -6,7 +6,7 @@
# $Date: 2010-02-16 21:06:11 +0100 (Tue, 16 Feb 2010) $
################################################################################
-%define version 1.16.1
+%define version 1.17.0
%define release 0
%define sourcename check_ssl_cert
%define packagename nagios-plugins-check_ssl_cert
@@ -27,7 +27,7 @@ BuildRoot: %{_tmppath}/%{packagename}-%{version}-%{release}-root-%(%{__id_u} -n)
URL: https://trac.id.ethz.ch/projects/nagios_plugins/wiki/check_ssl_cert
Source: https://trac.id.ethz.ch/projects/nagios_plugins/downloads/%{sourcename}-%{version}.tar.gz
-Requires: nagios-plugins
+Requires: nagios-plugins expect perl(Date::Parse)
%description
Checks an X.509 certificate:
@@ -53,6 +53,16 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/%{sourcename}.1*
%changelog
+* Tue Oct 21 2014 Matteo Corti <matteo at corti.li> - 1.17.0-0
+- Updated to 1.17.0
+
+* Fri Jun 6 2014 Matteo Corti <matteo.corti at id.ethz.ch> - 1.16.2-0
+- updated to 1.16.2
+
+* Thu May 22 2014 Andreas Dijkman <andreas.dijkman at cygnis.nl> - 1.16.1-1
+- Added noarch as buildarch
+- Added expect and perl(Date::Parse) dependency
+
* Fri Feb 28 2014 Matteo Corti <matteo.corti at id.ethz.ch> - 1.16.1-0
- Updated to 1.16.1 (rpm make target)
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/test/cabundle.crt b/check_ssl_cert/check_ssl_cert-1.17.0/test/cabundle.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.16.1/test/cabundle.crt
rename to check_ssl_cert/check_ssl_cert-1.17.0/test/cabundle.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/test/cacert.crt b/check_ssl_cert/check_ssl_cert-1.17.0/test/cacert.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.16.1/test/cacert.crt
rename to check_ssl_cert/check_ssl_cert-1.17.0/test/cacert.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.16.1/test/unit_tests.sh b/check_ssl_cert/check_ssl_cert-1.17.0/test/unit_tests.sh
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.16.1/test/unit_tests.sh
rename to check_ssl_cert/check_ssl_cert-1.17.0/test/unit_tests.sh
diff --git a/check_ssl_cert/control b/check_ssl_cert/control
index 72d8e4b..a6bf34d 100644
--- a/check_ssl_cert/control
+++ b/check_ssl_cert/control
@@ -1,7 +1,7 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: openssl
Suggests: expect
-Version: 1.16.1
+Version: 1.17.0
Homepage: https://trac.id.ethz.ch/projects/nagios_plugins/wiki/check_ssl_cert
Watch: https://trac.id.ethz.ch/projects/nagios_plugins/wiki/check_ssl_cert check_ssl_cert-([0-9.]+)\.tar\.gz
Description: plugin to check the CA and validity of an
diff --git a/check_ssl_cert/src b/check_ssl_cert/src
index 81440a0..8a17da8 120000
--- a/check_ssl_cert/src
+++ b/check_ssl_cert/src
@@ -1 +1 @@
-check_ssl_cert-1.16.1/
\ No newline at end of file
+check_ssl_cert-1.17.0/
\ No newline at end of file
diff --git a/debian/control b/debian/control
index 7a2b6c5..ea33e84 100644
--- a/debian/control
+++ b/debian/control
@@ -161,7 +161,7 @@ Description: Plugins for nagios compatible monitoring systems
HOST-RESOURCES-MIB::hrSystemDate.0 used here returns 8 or 11 byte octets.
SNMP translation needs to be switched off and to be converted the
received SNMP data into readable strings.
- * check_ssl_cert (1.16.1): plugin to check the CA and validity of an
+ * check_ssl_cert (1.17.0): plugin to check the CA and validity of an
X.509 certificate
* check_uptime (0.521): check_uptime returns uptime of a system
in text (readable) format as well as in minutes for performance graphing.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins-contrib.git
More information about the Pkg-nagios-changes
mailing list