[Pkg-nagios-changes] [pkg-nagios-plugins-contrib] 05/16: check_ssl_cert: Updating to 1.35.0
Jan Wagner
waja at moszumanska.debian.org
Mon Dec 5 09:45:23 UTC 2016
This is an automated email from the git hooks/post-receive script.
waja pushed a commit to branch master
in repository pkg-nagios-plugins-contrib.
commit 60319ea086b1f6be2c5816c9af7794770a226683
Author: Jan Wagner <waja at cyconet.org>
Date: Sun Dec 4 17:15:30 2016 +0100
check_ssl_cert: Updating to 1.35.0
---
check_ssl_cert/check_ssl_cert-1.34.0/VERSION | 1 -
.../AUTHORS | 3 ++-
.../COPYING | 0
.../COPYRIGHT | 0
.../ChangeLog | 0
.../INSTALL | 0
.../Makefile | 0
.../NEWS | 1 +
.../README.md | 2 ++
.../TODO | 0
check_ssl_cert/check_ssl_cert-1.35.0/VERSION | 1 +
.../check_ssl_cert | 20 +++++++++++++++-----
.../check_ssl_cert.1 | 8 +++++++-
.../check_ssl_cert.spec | 7 +++++--
.../test/cabundle.crt | 0
.../test/cacert.crt | 0
.../test/unit_tests.sh | 6 ------
check_ssl_cert/control | 2 +-
check_ssl_cert/src | 2 +-
19 files changed, 35 insertions(+), 18 deletions(-)
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/VERSION b/check_ssl_cert/check_ssl_cert-1.34.0/VERSION
deleted file mode 100644
index 2b17ffd..0000000
--- a/check_ssl_cert/check_ssl_cert-1.34.0/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.34.0
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/AUTHORS b/check_ssl_cert/check_ssl_cert-1.35.0/AUTHORS
similarity index 96%
rename from check_ssl_cert/check_ssl_cert-1.34.0/AUTHORS
rename to check_ssl_cert/check_ssl_cert-1.35.0/AUTHORS
index 4cf8447..f2e8474 100644
--- a/check_ssl_cert/check_ssl_cert-1.34.0/AUTHORS
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/AUTHORS
@@ -50,4 +50,5 @@ Thanks:
* Many thanks to Philippe Kueck for the CN patch
* Many thanks to Ricardo (https://github.com/bb-Ricardo) and xert (https://github.com/xert) for the date timestamp patch
* Many thanks to xert for the SSLLabs patch
-* Many thanks to Leynos (https://github.com/leynos) for the OCSP proxy patch
\ No newline at end of file
+* Many thanks to Leynos (https://github.com/leynos) for the OCSP proxy patch
+* Many thanks to Philippe Kueck for the selection of the cipher authentication
\ No newline at end of file
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/COPYING b/check_ssl_cert/check_ssl_cert-1.35.0/COPYING
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/COPYING
rename to check_ssl_cert/check_ssl_cert-1.35.0/COPYING
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/COPYRIGHT b/check_ssl_cert/check_ssl_cert-1.35.0/COPYRIGHT
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/COPYRIGHT
rename to check_ssl_cert/check_ssl_cert-1.35.0/COPYRIGHT
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/ChangeLog b/check_ssl_cert/check_ssl_cert-1.35.0/ChangeLog
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/ChangeLog
rename to check_ssl_cert/check_ssl_cert-1.35.0/ChangeLog
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/INSTALL b/check_ssl_cert/check_ssl_cert-1.35.0/INSTALL
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/INSTALL
rename to check_ssl_cert/check_ssl_cert-1.35.0/INSTALL
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/Makefile b/check_ssl_cert/check_ssl_cert-1.35.0/Makefile
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/Makefile
rename to check_ssl_cert/check_ssl_cert-1.35.0/Makefile
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/NEWS b/check_ssl_cert/check_ssl_cert-1.35.0/NEWS
similarity index 98%
rename from check_ssl_cert/check_ssl_cert-1.34.0/NEWS
rename to check_ssl_cert/check_ssl_cert-1.35.0/NEWS
index 3fdadb9..bf6da2b 100644
--- a/check_ssl_cert/check_ssl_cert-1.34.0/NEWS
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/NEWS
@@ -1,3 +1,4 @@
+2016-10-18 Version 1.35.0: added support for the selection of the cipher authentication
2016-09-19 Version 1.34.0: added proxy support for the OCSP checks (thanks to Leynos)
2016-08-04 Version 1.33.0: disabling OCSP checks when no issuer URI is found
2016-07-29 Version 1.32.0: added support for date with timestamp calculation and
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/README.md b/check_ssl_cert/check_ssl_cert-1.35.0/README.md
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.34.0/README.md
rename to check_ssl_cert/check_ssl_cert-1.35.0/README.md
index c5f7851..491c90e 100644
--- a/check_ssl_cert/check_ssl_cert-1.34.0/README.md
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/README.md
@@ -31,6 +31,7 @@ Options:
-d,--debug produces debugging output
-e,--email address pattern to match the email address contained in the
certificate
+ --ecdsa cipher selection: force ECDSA authentication
-f,--file file local file path (works with -H localhost only)
-h,--help,-? this help message
--ignore-exp ignore expiration date
@@ -65,6 +66,7 @@ Options:
--ssl3 force SSL version 3
-r,--rootcert path root certificate or directory to be used for
certificate validation
+ --rsa cipher selection: force RSA authentication
-t,--timeout seconds timeout after the specified time
(defaults to 15 seconds)
--temp dir directory where to store the temporary files
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/TODO b/check_ssl_cert/check_ssl_cert-1.35.0/TODO
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/TODO
rename to check_ssl_cert/check_ssl_cert-1.35.0/TODO
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/VERSION b/check_ssl_cert/check_ssl_cert-1.35.0/VERSION
new file mode 100644
index 0000000..2aeaa11
--- /dev/null
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/VERSION
@@ -0,0 +1 @@
+1.35.0
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert b/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert
similarity index 98%
rename from check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert
rename to check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert
index 6693763..df21607 100755
--- a/check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert
@@ -19,7 +19,7 @@
################################################################################
# Constants
-VERSION=1.34.0
+VERSION=1.35.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,serial,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -57,6 +57,7 @@ usage() {
echo " -d,--debug produces debugging output"
echo " -e,--email address pattern to match the email address contained in the"
echo " certificate"
+ echo " --ecdsa cipher selection: force ECDSA authentication"
echo " -f,--file file local file path (works with -H localhost only)"
echo " -h,--help,-? this help message"
echo " --ignore-exp ignore expiration date"
@@ -92,6 +93,7 @@ usage() {
echo " --ssl3 force SSL version 3"
echo " -r,--rootcert path root certificate or directory to be used for"
echo " certificate validation"
+ echo " --rsa cipher selection: force RSA authentication"
echo " -t,--timeout seconds timeout after the specified time"
echo " (defaults to 15 seconds)"
echo " --temp dir directory where to store the temporary files"
@@ -292,13 +294,13 @@ fetch_certificate() {
case "${PROTOCOL}" in
smtp)
- exec_with_timeout "$TIMEOUT" "echo -e 'QUIT\r' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} 2> ${ERROR} 1> ${CERT}"
+ exec_with_timeout "$TIMEOUT" "echo -e 'QUIT\r' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
;;
irc)
- exec_with_timeout "$TIMEOUT" "echo -e 'QUIT\r' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} 2> ${ERROR} 1> ${CERT}"
+ exec_with_timeout "$TIMEOUT" "echo -e 'QUIT\r' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
;;
pop3|imap|ftp|xmpp)
- exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} 2> ${ERROR} 1> ${CERT}"
+ exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
;;
*)
unknown "Error: unsupported protocol ${PROTOCOL}"
@@ -315,7 +317,7 @@ fetch_certificate() {
else
- exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} 2> ${ERROR} 1> ${CERT}"
+ exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
fi
@@ -456,6 +458,14 @@ main() {
SELFSIGNED=1
shift
;;
+ --rsa)
+ SSL_AU="-cipher aRSA"
+ shift
+ ;;
+ --ecdsa)
+ SSL_AU="-cipher aECDSA"
+ shift
+ ;;
--ssl2)
SSL_VERSION="-ssl2"
shift
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert.1 b/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.1
similarity index 95%
rename from check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert.1
rename to check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.1
index 5d7fd57..fec47f0 100644
--- a/check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert.1
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.1
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
-.TH "check_ssl_cert" 1 "July, 2016" "1.34.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "July, 2016" "1.35.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
@@ -36,6 +36,9 @@ minimum number of days a certificate has to be valid to issue a critical status
.BR "-d,--debug"
produces debugging output
.TP
+.BR " --ecdsa"
+cipher selection: force ECDSA authentication
+.TP
.BR "-e,--email" " address"
pattern to match the email address contained in the certificate
.TP
@@ -115,6 +118,9 @@ force SSL version 3
.BR "-r,--rootcert" " cert"
root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
.TP
+.BR " --rsa"
+cipher selection: force RSA authentication
+.TP
.BR "-t,--timeout"
seconds timeout after the specified time (defaults to 15 seconds)
.TP
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert.spec b/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.spec
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert.spec
rename to check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.spec
index 3145adc..fd63cdc 100644
--- a/check_ssl_cert/check_ssl_cert-1.34.0/check_ssl_cert.spec
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.spec
@@ -1,4 +1,4 @@
-%define version 1.34.0
+%define version 1.35.0
%define release 0
%define sourcename check_ssl_cert
%define packagename nagios-plugins-check_ssl_cert
@@ -40,11 +40,14 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog NEWS README TODO COPYING VERSION COPYRIGHT
+%doc AUTHORS ChangeLog NEWS README.md TODO COPYING VERSION COPYRIGHT
%attr(0755, root, root) %{nagiospluginsdir}/check_ssl_cert
%{_mandir}/man1/%{sourcename}.1*
%changelog
+* Tue Oct 18 2016 Matteo Corti <matteo at corti.li> - 1.35.0-0
+- Updated to 1.35.0
+
* Mon Sep 19 2016 Matteo Corti <matteo at corti.li> - 1.34.0-0
- Updated to 1.34.0
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/test/cabundle.crt b/check_ssl_cert/check_ssl_cert-1.35.0/test/cabundle.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/test/cabundle.crt
rename to check_ssl_cert/check_ssl_cert-1.35.0/test/cabundle.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/test/cacert.crt b/check_ssl_cert/check_ssl_cert-1.35.0/test/cacert.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.34.0/test/cacert.crt
rename to check_ssl_cert/check_ssl_cert-1.35.0/test/cacert.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.34.0/test/unit_tests.sh b/check_ssl_cert/check_ssl_cert-1.35.0/test/unit_tests.sh
similarity index 95%
rename from check_ssl_cert/check_ssl_cert-1.34.0/test/unit_tests.sh
rename to check_ssl_cert/check_ssl_cert-1.35.0/test/unit_tests.sh
index 11d7ce0..885ef5a 100755
--- a/check_ssl_cert/check_ssl_cert-1.34.0/test/unit_tests.sh
+++ b/check_ssl_cert/check_ssl_cert-1.35.0/test/unit_tests.sh
@@ -33,12 +33,6 @@ testDependencies() {
assertNotNull 'openssl not found' "${PROG}"
}
-# FIXME use a series of certificates to test valid/invalid data
-testCertificate() {
- ${SCRIPT} --host localhost --file cacert.crt > /dev/null
- assertEquals "wrong exit code" ${NAGIOS_OK} "$?"
-}
-
testUsage() {
${SCRIPT} > /dev/null 2>&1
EXIT_CODE=$?
diff --git a/check_ssl_cert/control b/check_ssl_cert/control
index 5473e79..5510d8a 100644
--- a/check_ssl_cert/control
+++ b/check_ssl_cert/control
@@ -1,7 +1,7 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: openssl
Suggests: expect
-Version: 1.34.0
+Version: 1.35.0
Homepage: https://github.com/matteocorti/check_ssl_cert
Watch: https://github.com/matteocorti/check_ssl_cert/releases check_ssl_cert-([0-9.]+)\.tar\.gz
Description: plugin to check the CA and validity of an
diff --git a/check_ssl_cert/src b/check_ssl_cert/src
index f28c87c..15646d3 120000
--- a/check_ssl_cert/src
+++ b/check_ssl_cert/src
@@ -1 +1 @@
-check_ssl_cert-1.34.0
\ No newline at end of file
+check_ssl_cert-1.35.0/
\ No newline at end of file
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins-contrib.git
More information about the Pkg-nagios-changes
mailing list