[Pkg-nagios-changes] [pkg-nagios-plugins-contrib] 15/24: check_ssl_cert: Drop patch check_ssl_cert/bug-855253-fix

Jan Wagner waja at moszumanska.debian.org
Wed Dec 13 22:07:35 UTC 2017


This is an automated email from the git hooks/post-receive script.

waja pushed a commit to branch master
in repository pkg-nagios-plugins-contrib.

commit ae676d3be570616b4d69a892a405508479142386
Author: Jan Wagner <waja at cyconet.org>
Date:   Tue Nov 28 22:58:24 2017 +0100

    check_ssl_cert: Drop patch check_ssl_cert/bug-855253-fix
---
 debian/patches/check_ssl_cert/bug-855253-fix | 196 ---------------------------
 debian/patches/series                        |   1 -
 2 files changed, 197 deletions(-)

diff --git a/debian/patches/check_ssl_cert/bug-855253-fix b/debian/patches/check_ssl_cert/bug-855253-fix
deleted file mode 100644
index c0408f9..0000000
--- a/debian/patches/check_ssl_cert/bug-855253-fix
+++ /dev/null
@@ -1,196 +0,0 @@
---- a/check_ssl_cert/check_ssl_cert-1.37/check_ssl_cert
-+++ b/check_ssl_cert/check_ssl_cert-1.37/check_ssl_cert
-@@ -969,8 +969,12 @@
- 
-     if [ -n "${OCSP}" ] ; then
- 
--        ISSUER_CERT="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )"
--        if [ -z "${ISSUER_CERT}" ] || [ ! -w "${ISSUER_CERT}" ] ; then
-+        ISSUER_CERT_TMP="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )"
-+        if [ -z "${ISSUER_CERT_TMP}" ] || [ ! -w "${ISSUER_CERT_TMP}" ] ; then
-+            unknown 'temporary file creation failure.'
-+        fi
-+        ISSUER_CERT_TMP2="$( mktemp -t "${0##*/}XXXXXX" 2> /dev/null )"
-+        if [ -z "${ISSUER_CERT_TMP2}" ] || [ ! -w "${ISSUER_CERT_TMP2}" ] ; then
-             unknown 'temporary file creation failure.'
-         fi
- 
-@@ -992,7 +996,7 @@
- 
-     # Cleanup before program termination
-     # Using named signals to be POSIX compliant
--    trap 'rm -f $CERT $ERROR $ISSUER_CERT' EXIT HUP INT QUIT TERM
-+    trap 'rm -f $CERT $ERROR $ISSUER_CERT_TMP $ISSUER_CERT_TMP2' EXIT HUP INT QUIT TERM
- 
-     fetch_certificate
- 
-@@ -1348,8 +1352,11 @@
-     # Check the validity
-     if [ -z "${NOEXP}" ] ; then
- 
-+        if [ -n "${DEBUG}" ] ; then
-+            echo "[DBG] Checking expiration date"
-+        fi
-         # We always check expired certificates
--        if ! $OPENSSL x509 -in "${CERT}" -noout -checkend 0 ; then
-+        if ! $OPENSSL x509 -in "${CERT}" -noout -checkend 0 > /dev/null ; then
-             critical "certificate is expired (was valid until $DATE)"
-         fi
- 
-@@ -1359,7 +1366,7 @@
-                 echo "[DBG] executing: $OPENSSL x509 -in ${CERT} -noout -checkend $(( CRITICAL * 86400 ))"
-             fi
- 
--            if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( CRITICAL * 86400 )) ; then
-+            if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( CRITICAL * 86400 )) > /dev/null ; then
-                 critical "certificate will expire on $DATE"
-             fi
- 
-@@ -1371,7 +1378,7 @@
-                 echo "[DBG] executing: $OPENSSL x509 -in ${CERT} -noout -checkend $(( WARNING * 86400 ))"
-             fi
- 
--            if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( WARNING * 86400 )) ; then
-+            if ! $OPENSSL x509 -in "${CERT}" -noout -checkend $(( WARNING * 86400 )) > /dev/null ; then
-                 warning "certificate will expire on $DATE"
-             fi
- 
-@@ -1504,34 +1511,36 @@
-     if [ -n "${OCSP}" ]; then
- 
- 	if [ -n "${DEBUG}" ] ; then
--	    echo "[DBG] OCSP: fetching issuer certificate ${ISSUER_URI} to ${ISSUER_CERT}"
-+	    echo "[DBG] OCSP: fetching issuer certificate ${ISSUER_URI} to ${ISSUER_CERT_TMP}"
- 	fi
- 	
--        curl --silent "${ISSUER_URI}" > "${ISSUER_CERT}"
-+        curl --silent "${ISSUER_URI}" > "${ISSUER_CERT_TMP}"
- 
- 	if [ -n "${DEBUG}" ] ; then
--	    echo "[DBG] OCSP: issuer certificate type: $(${FILE_BIN} "${ISSUER_CERT}" | sed 's/.*://' )"
-+	    echo "[DBG] OCSP: issuer certificate type: $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )"
- 	fi
- 	
- 	# check the result
--	if ! "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': (ASCII|PEM)' ; then
-+	if ! "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -q ': (ASCII|PEM)' ; then
- 	
--            if "${FILE_BIN}" "${ISSUER_CERT}" | grep -q ': data' ; then
-+            if "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -q ': data' ; then
- 		
- 		if [ -n "${DEBUG}" ] ; then
- 		    echo "[DBG] OCSP: converting issuer certificate from DER to PEM"
- 		fi
- 		
--		openssl x509 -inform DER -outform PEM -in "${ISSUER_CERT}" -out "${ISSUER_CERT}"
-+    cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}"
-+
-+    $OPENSSL x509 -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}"
- 
--	    else
-+	else
- 
- 		unknown "Unable to fetch OCSP issuer certificate."
- 
--	    fi
-+	fi
- 		
- 		
--        fi
-+    fi
- 
- 	if [ -n "${DEBUG}" ] ; then
- 
-@@ -1543,7 +1552,7 @@
- 	    
- 	    echo "[DBG] OCSP: storing a copy of the retrieved issuer certificate to ${FILE_NAME}"
- 	    
--	    cp "${ISSUER_CERT}" "${FILE_NAME}"
-+	    cp "${ISSUER_CERT_TMP}" "${FILE_NAME}"
- 	fi
- 	
-         OCSP_HOST="$(echo "${OCSP_URI}" | sed -e "s at .*//\([^/]\+\)\(/.*\)\?\$@\1 at g" | sed 's/^http:\/\///' | sed 's/\/.*//' )"
-@@ -1563,33 +1572,54 @@
- 		echo "[DBG] openssl ocsp support the -header option"
- 	    fi
- 	    
-+      # the -header option was first accepting key and value separated by space. The newer versions are using key=value
-+      KEYVALUE=""
-+      if openssl ocsp -help 2>&1 | grep header | grep -q 'key=value' ; then
-+          if [ -n "${DEBUG}" ] ; then
-+              echo "[DBG] openssl ocsp -header requires 'key=value'"
-+          fi
-+          KEYVALUE=1
-+      else
-+          if [ -n "${DEBUG}" ] ; then
-+              echo "[DBG] openssl ocsp -header requires 'key value'"
-+          fi
-+      fi  
-+
- 	    # http_proxy is sometimes lower- and sometimes uppercase. Programs usually check both
- 	    # shellcheck disable=SC2154
- 	    if [ -n "${http_proxy}" ] ; then
- 		HTTP_PROXY="${http_proxy}"
- 	    fi
- 
--            if [ -n "${HTTP_PROXY:-}" ] ; then
-+      if [ -n "${HTTP_PROXY:-}" ] ; then
-+          if [ -n "${KEYVALUE}" ] ; then          
-+              if [ -n "${DEBUG}" ] ; then
-+                  echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST=${OCSP_HOST}"
-+              fi
-+              OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1 )"
-+          else
-+              if [ -n "${DEBUG}" ] ; then
-+                  echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}"
-+              fi
-+              OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
- 		
--		if [ -n "${DEBUG}" ] ; then
--		    echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}"
--		fi
--
--                OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 | grep -i "ssl_cert")"
--
--            else
--		
--		if [ -n "${DEBUG}" ] ; then
--		    echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT}  -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}"
--		fi
--
--                OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 | grep -i "ssl_cert")"
-+		      fi
-+      fi
- 
--
--            fi
-+      if [ -n "${KEYVALUE}" ] ; then
-+          if [ -n "${DEBUG}" ] ; then
-+              echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT}  -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}"
-+          fi
-+          OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1 )"
-+      else
-+          if [ -n "${DEBUG}" ] ; then
-+              echo "[DBG] executing $OPENSSL ocsp -no_nonce -issuer ${ISSUER_CERT_TMP} -cert ${CERT}  -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}"
-+          fi
-+              OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
-+      fi
- 	    
- 	    if [ -n "${DEBUG}" ] ; then
--		echo "[DBG] OCSP: response = ${OCSP_RESP}"	
-+		      echo "${OCSP_RESP}" | sed 's/^/[DBG] OCSP: response = /'
- 	    fi
- 	    
-             if echo "${OCSP_RESP}" | grep -qi "revoked" ; then
-@@ -1597,9 +1627,9 @@
-             elif ! echo "${OCSP_RESP}" | grep -qi "good" ; then	    
- 	    
-                 if [ -n "${HTTP_PROXY:-}" ] ; then
--                    OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-+                    OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-                 else
--                    OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-+                    OCSP_RESP="$($OPENSSL ocsp -no_nonce -issuer "${ISSUER_CERT_TMP}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-                 fi
- 		critical "${OCSP_RESP}"
- 	    
diff --git a/debian/patches/series b/debian/patches/series
index 7499286..e0e8a18 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -54,4 +54,3 @@ check_varnish/fix_for_v5
 check_raid/no_epn
 check_raid/fix_mdadm_hotspare_failure_detection
 percona-nagios-plugins/fix_bashism
-check_ssl_cert/bug-855253-fix

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins-contrib.git



More information about the Pkg-nagios-changes mailing list