[Pkg-nagios-changes] [pkg-nagios-plugins-contrib] 01/01: check_ssl_cert: Updating to 1.36.1
Jan Wagner
waja at moszumanska.debian.org
Wed Dec 7 11:09:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
waja pushed a commit to branch master
in repository pkg-nagios-plugins-contrib.
commit 63564c710e5f7714c4e03e6e1cd6f0a3104d1797
Author: Jan Wagner <waja at cyconet.org>
Date: Wed Dec 7 11:41:59 2016 +0100
check_ssl_cert: Updating to 1.36.1
---
check_ssl_cert/check_ssl_cert-1.35.0/VERSION | 1 -
.../AUTHORS | 3 +-
.../COPYING | 0
.../COPYRIGHT | 0
.../ChangeLog | 8 ++++
.../INSTALL | 0
.../Makefile | 0
.../NEWS | 4 ++
.../README.md | 0
.../TODO | 0
check_ssl_cert/check_ssl_cert-1.36.1/VERSION | 1 +
.../check_ssl_cert | 54 +++++++++++++++++++---
.../check_ssl_cert.1 | 5 +-
.../check_ssl_cert.spec | 8 +++-
.../test/cabundle.crt | 0
.../test/cacert.crt | 0
.../test/unit_tests.sh | 0
check_ssl_cert/src | 2 +-
18 files changed, 74 insertions(+), 12 deletions(-)
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/VERSION b/check_ssl_cert/check_ssl_cert-1.35.0/VERSION
deleted file mode 100644
index 2aeaa11..0000000
--- a/check_ssl_cert/check_ssl_cert-1.35.0/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.35.0
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/AUTHORS b/check_ssl_cert/check_ssl_cert-1.36.1/AUTHORS
similarity index 96%
rename from check_ssl_cert/check_ssl_cert-1.35.0/AUTHORS
rename to check_ssl_cert/check_ssl_cert-1.36.1/AUTHORS
index f2e8474..d1e3aa7 100644
--- a/check_ssl_cert/check_ssl_cert-1.35.0/AUTHORS
+++ b/check_ssl_cert/check_ssl_cert-1.36.1/AUTHORS
@@ -51,4 +51,5 @@ Thanks:
* Many thanks to Ricardo (https://github.com/bb-Ricardo) and xert (https://github.com/xert) for the date timestamp patch
* Many thanks to xert for the SSLLabs patch
* Many thanks to Leynos (https://github.com/leynos) for the OCSP proxy patch
-* Many thanks to Philippe Kueck for the selection of the cipher authentication
\ No newline at end of file
+* Many thanks to Philippe Kueck for the selection of the cipher authentication
+* Many thanks to Jalonet (https://github.com/jalonet) for the file/PEM patch
\ No newline at end of file
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/COPYING b/check_ssl_cert/check_ssl_cert-1.36.1/COPYING
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/COPYING
rename to check_ssl_cert/check_ssl_cert-1.36.1/COPYING
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/COPYRIGHT b/check_ssl_cert/check_ssl_cert-1.36.1/COPYRIGHT
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/COPYRIGHT
rename to check_ssl_cert/check_ssl_cert-1.36.1/COPYRIGHT
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/ChangeLog b/check_ssl_cert/check_ssl_cert-1.36.1/ChangeLog
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.35.0/ChangeLog
rename to check_ssl_cert/check_ssl_cert-1.36.1/ChangeLog
index 5bfba0d..dc9bbe0 100644
--- a/check_ssl_cert/check_ssl_cert-1.35.0/ChangeLog
+++ b/check_ssl_cert/check_ssl_cert-1.36.1/ChangeLog
@@ -1,3 +1,11 @@
+2016-12-06 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: fixed a problem when specifying a CN beginnging with *
+
+2016-12-04 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert: fixed problem when file is returing PEM certificate on newer Linux distributions
+
2016-09-19 Matteo Corti <matteo at corti.li>
* check_ssl_cert: enabling proxy support in the OCSP check (thanks to Leynos)
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/INSTALL b/check_ssl_cert/check_ssl_cert-1.36.1/INSTALL
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/INSTALL
rename to check_ssl_cert/check_ssl_cert-1.36.1/INSTALL
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/Makefile b/check_ssl_cert/check_ssl_cert-1.36.1/Makefile
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/Makefile
rename to check_ssl_cert/check_ssl_cert-1.36.1/Makefile
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/NEWS b/check_ssl_cert/check_ssl_cert-1.36.1/NEWS
similarity index 95%
rename from check_ssl_cert/check_ssl_cert-1.35.0/NEWS
rename to check_ssl_cert/check_ssl_cert-1.36.1/NEWS
index bf6da2b..7bfcd62 100644
--- a/check_ssl_cert/check_ssl_cert-1.35.0/NEWS
+++ b/check_ssl_cert/check_ssl_cert-1.36.1/NEWS
@@ -1,3 +1,7 @@
+2016-12-06 Version 1.36.1: fixed a problem when specifying a CN beginning with *
+2016-12-04 Version 1.36.0: fixed problem when file is returing PEM certificate on newer
+ Linux distributions
+ added an option to specify the location of the file utility
2016-10-18 Version 1.35.0: added support for the selection of the cipher authentication
2016-09-19 Version 1.34.0: added proxy support for the OCSP checks (thanks to Leynos)
2016-08-04 Version 1.33.0: disabling OCSP checks when no issuer URI is found
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/README.md b/check_ssl_cert/check_ssl_cert-1.36.1/README.md
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/README.md
rename to check_ssl_cert/check_ssl_cert-1.36.1/README.md
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/TODO b/check_ssl_cert/check_ssl_cert-1.36.1/TODO
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/TODO
rename to check_ssl_cert/check_ssl_cert-1.36.1/TODO
diff --git a/check_ssl_cert/check_ssl_cert-1.36.1/VERSION b/check_ssl_cert/check_ssl_cert-1.36.1/VERSION
new file mode 100644
index 0000000..f107550
--- /dev/null
+++ b/check_ssl_cert/check_ssl_cert-1.36.1/VERSION
@@ -0,0 +1 @@
+1.36.1
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert b/check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert
rename to check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert
index df21607..775ac4c 100755
--- a/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert
+++ b/check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert
@@ -19,7 +19,7 @@
################################################################################
# Constants
-VERSION=1.35.0
+VERSION=1.36.1
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,serial,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -59,6 +59,7 @@ usage() {
echo " certificate"
echo " --ecdsa cipher selection: force ECDSA authentication"
echo " -f,--file file local file path (works with -H localhost only)"
+ echo " --file-bin path path of the file binary to be used"
echo " -h,--help,-? this help message"
echo " --ignore-exp ignore expiration date"
echo " --ignore-sig-alg do not check if the certificate was signed with SHA1"
@@ -289,18 +290,23 @@ convert_ssl_lab_grade() {
fetch_certificate() {
+ RET=0
+
# Check if a protocol was specified (if not HTTP switch to TLS)
if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" != "http" ] && [ "${PROTOCOL}" != "https" ] ; then
case "${PROTOCOL}" in
smtp)
exec_with_timeout "$TIMEOUT" "echo -e 'QUIT\r' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
+ RET=$?
;;
irc)
exec_with_timeout "$TIMEOUT" "echo -e 'QUIT\r' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
+ RET=$?
;;
pop3|imap|ftp|xmpp)
exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
+ RET=$?
;;
*)
unknown "Error: unsupported protocol ${PROTOCOL}"
@@ -311,6 +317,7 @@ fetch_certificate() {
if [ "${HOST}" = "localhost" ] ; then
exec_with_timeout "$TIMEOUT" "/bin/cat '${FILE}' 2> ${ERROR} 1> ${CERT}"
+ RET=$?
else
unknown "Error: option 'file' works with -H localhost only"
fi
@@ -318,6 +325,7 @@ fetch_certificate() {
else
exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
+ RET=$?
fi
@@ -328,7 +336,7 @@ fetch_certificate() {
cp "${ERROR}" "${HOST}.error"
fi
- if [ $? -ne 0 ] ; then
+ if [ "${RET}" -ne 0 ] ; then
if [ -n "${DEBUG}" ] ; then
sed 's/^/[DBG] SSL error: /' "${ERROR}"
@@ -380,6 +388,7 @@ main() {
# Default values
DEBUG=""
OPENSSL=""
+ FILE_BIN=""
IGNORE_SSL_LABS_CACHE=""
PORT="443"
TIMEOUT="15"
@@ -537,6 +546,14 @@ main() {
unknown "-f,--file requires an argument"
fi
;;
+ --file-bin)
+ if [ $# -gt 1 ]; then
+ FILE_BIN="$2"
+ shift 2
+ else
+ unknown "--file-bin requires an argument"
+ fi
+ ;;
-H|--host)
if [ $# -gt 1 ]; then
HOST="$2"
@@ -807,6 +824,12 @@ main() {
OPENSSL=$PROG
fi
+ # file
+ if [ -z "${FILE_BIN}" ] ; then
+ check_required_prog file
+ FILE_BIN=$PROG
+ fi
+
# Expect (optional)
EXPECT="$(which expect 2> /dev/null)"
test -x "${EXPECT}" || EXPECT=""
@@ -1174,23 +1197,40 @@ main() {
if echo "${CN}" | grep -q -i "^\*\." ; then
# Match the domain
+ if [ -n "${DEBUG}" ] ; then
+ echo "[DBG] the common name ${CN} begins with a '*'"
+ echo "[DBG] checking if the common name matches ^$(echo "${CN}" | cut -c 3-)\$"
+ fi
if echo "${COMMON_NAME}" | grep -q -i "^$(echo "${CN}" | cut -c 3-)\$" ; then
-
if [ -n "${DEBUG}" ] ; then
echo "[DBG] the common name ${COMMON_NAME} matches ^$( echo "${CN}" | cut -c 3- )\$"
fi
ok="true"
+
fi
# Or the literal with the wildcard
+ if [ -n "${DEBUG}" ] ; then
+ echo "[DBG] checking if the common name matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9\-]*/' )\$"
+ fi
if echo "${COMMON_NAME}" | grep -q -i "^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9\-]*/' )\$" ; then
-
if [ -n "${DEBUG}" ] ; then
echo "[DBG] the common name ${COMMON_NAME} matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9\-]*/' )\$"
fi
ok="true"
fi
+ # Or if both are exactly the same
+ if [ -n "${DEBUG}" ] ; then
+ echo "[DBG] checking if the common name matches ^${CN}\$"
+ fi
+ if echo "${COMMON_NAME}" | grep -q -i "^${CN}\$" ; then
+ if [ -n "${DEBUG}" ] ; then
+ echo "[DBG] the common name ${COMMON_NAME} matches ^${CN}\$"
+ fi
+ ok="true"
+ fi
+
else
if echo "${COMMON_NAME}" | grep -q -i "^${CN}$" ; then
@@ -1445,13 +1485,13 @@ main() {
curl --silent "${ISSUER_URI}" > "${ISSUER_CERT}"
if [ -n "${DEBUG}" ] ; then
- echo "[DBG] OCSP: issuer certificate type: $(file "${ISSUER_CERT}" | sed 's/.*://' )"
+ echo "[DBG] OCSP: issuer certificate type: $(${FILE_BIN} "${ISSUER_CERT}" | sed 's/.*://' )"
fi
# check the result
- if ! file "${ISSUER_CERT}" | grep -q ': ASCII' ; then
+ if ! "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': (ASCII|PEM)' ; then
- if file "${ISSUER_CERT}" | grep -q ': data' ; then
+ if "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': data' ; then
if [ -n "${DEBUG}" ] ; then
echo "[DBG] OCSP: converting issuer certificate from DER to PEM"
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.1 b/check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert.1
similarity index 96%
rename from check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.1
rename to check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert.1
index fec47f0..34433b2 100644
--- a/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.1
+++ b/check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert.1
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
-.TH "check_ssl_cert" 1 "July, 2016" "1.35.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "December, 2016" "1.36.1" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
@@ -45,6 +45,9 @@ pattern to match the email address contained in the certificate
.BR "-f,--file" " file"
local file path (works with -H localhost only)
.TP
+.BR " --file-bin" " path"
+path of the file binary to be used"
+.TP
.BR "-h,--help,-?"
this help message
.TP
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.spec b/check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert.spec
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.spec
rename to check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert.spec
index fd63cdc..c06780b 100644
--- a/check_ssl_cert/check_ssl_cert-1.35.0/check_ssl_cert.spec
+++ b/check_ssl_cert/check_ssl_cert-1.36.1/check_ssl_cert.spec
@@ -1,4 +1,4 @@
-%define version 1.35.0
+%define version 1.36.1
%define release 0
%define sourcename check_ssl_cert
%define packagename nagios-plugins-check_ssl_cert
@@ -45,6 +45,12 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/%{sourcename}.1*
%changelog
+* Tue Dec 06 2016 Matteo Corti <matteo at corti.li> - 1.36.1-0
+- Updated to 1.36.1
+
+* Sun Dec 04 2016 Matteo Corti <matteo at corti.li> - 1.36.0-0
+- Updated to 1.36.0
+
* Tue Oct 18 2016 Matteo Corti <matteo at corti.li> - 1.35.0-0
- Updated to 1.35.0
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/test/cabundle.crt b/check_ssl_cert/check_ssl_cert-1.36.1/test/cabundle.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/test/cabundle.crt
rename to check_ssl_cert/check_ssl_cert-1.36.1/test/cabundle.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/test/cacert.crt b/check_ssl_cert/check_ssl_cert-1.36.1/test/cacert.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/test/cacert.crt
rename to check_ssl_cert/check_ssl_cert-1.36.1/test/cacert.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.35.0/test/unit_tests.sh b/check_ssl_cert/check_ssl_cert-1.36.1/test/unit_tests.sh
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.35.0/test/unit_tests.sh
rename to check_ssl_cert/check_ssl_cert-1.36.1/test/unit_tests.sh
diff --git a/check_ssl_cert/src b/check_ssl_cert/src
index 15646d3..de85fd5 120000
--- a/check_ssl_cert/src
+++ b/check_ssl_cert/src
@@ -1 +1 @@
-check_ssl_cert-1.35.0/
\ No newline at end of file
+check_ssl_cert-1.36.1/
\ No newline at end of file
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins-contrib.git
More information about the Pkg-nagios-changes
mailing list