[Pkg-nagios-changes] [pkg-nagios-plugins-contrib] 15/24: check_ssl_cert: Drop patch check_ssl_cert/bug-855253-fix
Jan Wagner
waja at moszumanska.debian.org
Wed Dec 13 22:07:35 UTC 2017
This is an automated email from the git hooks/post-receive script.
waja pushed a commit to branch master
in repository pkg-nagios-plugins-contrib.
commit ae676d3be570616b4d69a892a405508479142386
Author: Jan Wagner <waja at cyconet.org>
Date: Tue Nov 28 22:58:24 2017 +0100
check_ssl_cert: Drop patch check_ssl_cert/bug-855253-fix
---
debian/patches/check_ssl_cert/bug-855253-fix | 196 ---------------------------
debian/patches/series | 1 -
2 files changed, 197 deletions(-)
diff --git a/debian/patches/check_ssl_cert/bug-855253-fix b/debian/patches/check_ssl_cert/bug-855253-fix
deleted file mode 100644
index c0408f9..0000000
--- a/debian/patches/check_ssl_cert/bug-855253-fix
+++ /dev/null
@@ -1,196 +0,0 @@
---- a/check_ssl_cert/check_ssl_cert-1.37/check_ssl_cert
-+++ b/check_ssl_cert/check_ssl_cert-1.37/check_ssl_cert
-@@ -969,8 +969,12 @@
-
- if [ -n "${OCSP}" ] ; then
-
-- ISSUER_CERT="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )"
-- if [ -z "${ISSUER_CERT}" ] || [ ! -w "${ISSUER_CERT}" ] ; then
-+ ISSUER_CERT_TMP="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )"
-+ if [ -z "${ISSUER_CERT_TMP}" ] || [ ! -w "${ISSUER_CERT_TMP}" ] ; then
-+ unknown 'temporary file creation failure.'
-+ fi
-+ ISSUER_CERT_TMP2="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )"
-+ if [ -z "${ISSUER_CERT_TMP2}" ] || [ ! -w "${ISSUER_CERT_TMP2}" ] ; then
- unknown 'temporary file creation failure.'
- fi
-
-@@ -992,7 +996,7 @@
-
- # Cleanup before program termination
- # Using named signals to be POSIX compliant
-- trap 'rm -f $CERT $ERROR $ISSUER_CERT' EXIT HUP INT QUIT TERM
-+ trap 'rm -f $CERT $ERROR $ISSUER_CERT_TMP $ISSUER_CERT_TMP2' EXIT HUP INT QUIT TERM
-
- fetch_certificate
-
-@@ -1348,8 +1352,11 @@
- # Check the validity
- if [ -z "${NOEXP}" ] ; then
-
-+ if [ -n "${DEBUG}" ] ; then
-+ echo "[DBG] Checking expiration date"
-+ fi
- # We always check expired certificates
-- if ! $OPENSSL x509 -in "${CERT}" -noout -checkend 0 ; then
-+ if ! $OPENSSL x509 -in "${CERT}" -noout -checkend 0 > /dev/null ; then
- critical "certificate is expired (was valid until $DATE)"
- fi
-
-@@ -1359,7 +1366,7 @@
- echo "[DBG] executing: $OPENSSL x509 -in ${CERT} -noout -checkend $(( CRITICAL * 86400 ))"
- fi
-
-- if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( CRITICAL * 86400 )) ; then
-+ if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( CRITICAL * 86400 )) > /dev/null ; then
- critical "certificate will expire on $DATE"
- fi
-
-@@ -1371,7 +1378,7 @@
- echo "[DBG] executing: $OPENSSL x509 -in ${CERT} -noout -checkend $(( WARNING * 86400 ))"
- fi
-
-- if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( WARNING * 86400 )) ; then
-+ if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( WARNING * 86400 )) > /dev/null ; then
- warning "certificate will expire on $DATE"
- fi
-
-@@ -1504,34 +1511,36 @@
- if [ -n "${OCSP}" ]; then
-
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] OCSP: fetching issuer certificate ${ISSUER_URI} to ${ISSUER_CERT}"
-+ echo "[DBG] OCSP: fetching issuer certificate ${ISSUER_URI} to ${ISSUER_CERT_TMP}"
- fi
-
-- curl --silent "${ISSUER_URI}" > "${ISSUER_CERT}"
-+ curl --silent "${ISSUER_URI}" > "${ISSUER_CERT_TMP}"
-
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] OCSP: issuer certificate type: $(${FILE_BIN} "${ISSUER_CERT}" | sed 's/.*://' )"
-+ echo "[DBG] OCSP: issuer certificate type: $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )"
- fi
-
- # check the result
-- if ! "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': (ASCII|PEM)' ; then
-+ if ! "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -q ': (ASCII|PEM)' ; then
-
-- if "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': data' ; then
-+ if "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -q ': data' ; then
-
- if [ -n "${DEBUG}" ] ; then
- echo "[DBG] OCSP: converting issuer certificate from DER to PEM"
- fi
-
-- openssl x509 -inform DER -outform PEM -in "${ISSUER_CERT}" -out "${ISSUER_CERT}"
-+ cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}"
-+
-+ $OPENSSL x509 -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}"
-
-- else
-+ else
-
- unknown "Unable to fetch OCSP issuer certificate."
-
-- fi
-+ fi
-
-
-- fi
-+ fi
-
- if [ -n "${DEBUG}" ] ; then
-
-@@ -1543,7 +1552,7 @@
-
- echo "[DBG] OCSP: storing a copy of the retrieved issuer certificate to ${FILE_NAME}"
-
-- cp "${ISSUER_CERT}" "${FILE_NAME}"
-+ cp "${ISSUER_CERT_TMP}" "${FILE_NAME}"
- fi
-
- OCSP_HOST="$(echo "${OCSP_URI}" | sed -e "s at .*//\([^/]\+\)\(/.*\)\?\$@\1 at g" | sed 's/^http:\/\///' | sed 's/\/.*//' )"
-@@ -1563,33 +1572,54 @@
- echo "[DBG] openssl ocsp support the -header option"
- fi
-
-+ # the -header option was first accepting key and value separated by space. The newer versions are using key=value
-+ KEYVALUE=""
-+ if openssl ocsp -help 2>&1 | grep header | grep -q 'key=value' ; then
-+ if [ -n "${DEBUG}" ] ; then
-+ echo "[DBG] openssl ocsp -header requires 'key=value'"
-+ fi
-+ KEYVALUE=1
-+ else
-+ if [ -n "${DEBUG}" ] ; then
-+ echo "[DBG] openssl ocsp -header requires 'key value'"
-+ fi
-+ fi
-+
- # http_proxy is sometimes lower- and sometimes uppercase. Programs usually check both
- # shellcheck disable=SC2154
- if [ -n "${http_proxy}" ] ; then
- HTTP_PROXY="${http_proxy}"
- fi
-
-- if [ -n "${HTTP_PROXY:-}" ] ; then
-+ if [ -n "${HTTP_PROXY:-}" ] ; then
-+ if [ -n "${KEYVALUE}" ] ; then
-+ if [ -n "${DEBUG}" ] ; then
-+ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST=${OCSP_HOST}"
-+ fi
-+ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1 )"
-+ else
-+ if [ -n "${DEBUG}" ] ; then
-+ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}"
-+ fi
-+ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
-
-- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}"
-- fi
--
-- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 | grep -i "ssl_cert")"
--
-- else
--
-- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}"
-- fi
--
-- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 | grep -i "ssl_cert")"
-+ fi
-+ fi
-
--
-- fi
-+ if [ -n "${KEYVALUE}" ] ; then
-+ if [ -n "${DEBUG}" ] ; then
-+ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}"
-+ fi
-+ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1 )"
-+ else
-+ if [ -n "${DEBUG}" ] ; then
-+ echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}"
-+ fi
-+ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
-+ fi
-
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] OCSP: response = ${OCSP_RESP}"
-+ echo "${OCSP_RESP}" | sed 's/^/[DBG] OCSP: response = /'
- fi
-
- if echo "${OCSP_RESP}" | grep -qi "revoked" ; then
-@@ -1597,9 +1627,9 @@
- elif ! echo "${OCSP_RESP}" | grep -qi "good" ; then
-
- if [ -n "${HTTP_PROXY:-}" ] ; then
-- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-+ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
- else
-- OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-+ OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
- fi
- critical "${OCSP_RESP}"
-
diff --git a/debian/patches/series b/debian/patches/series
index 7499286..e0e8a18 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,4 +54,3 @@ check_varnish/fix_for_v5
check_raid/no_epn
check_raid/fix_mdadm_hotspare_failure_detection
percona-nagios-plugins/fix_bashism
-check_ssl_cert/bug-855253-fix
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins-contrib.git
More information about the Pkg-nagios-changes
mailing list