[Pkg-nagios-changes] [pkg-nagios-plugins-contrib] 01/02: check_ssl_cert: Updating to 1.58.0
Jan Wagner
waja at moszumanska.debian.org
Wed Dec 13 22:13:08 UTC 2017
This is an automated email from the git hooks/post-receive script.
waja pushed a commit to branch master
in repository pkg-nagios-plugins-contrib.
commit 169de3b4241ebb0a3336520e61808cba78f51356
Author: Jan Wagner <waja at cyconet.org>
Date: Wed Dec 13 22:39:08 2017 +0100
check_ssl_cert: Updating to 1.58.0
---
check_ssl_cert/check_ssl_cert-1.57.0/VERSION | 1 -
.../._check_ssl_cert | Bin 176 -> 176 bytes
.../AUTHORS | 3 +-
.../COPYING | 0
.../COPYRIGHT | 0
.../ChangeLog | 4 ++
.../INSTALL | 0
.../Makefile | 0
.../NEWS | 1 +
.../README.md | 1 +
.../TODO | 0
check_ssl_cert/check_ssl_cert-1.58.0/VERSION | 1 +
.../check_ssl_cert | 41 +++++++++++++--------
.../check_ssl_cert.1 | 2 +-
.../check_ssl_cert.spec | 5 ++-
.../test/cabundle.crt | 0
.../test/cacert.crt | 0
.../test/unit_tests.sh | 0
.../test/unit_tests.sh~ | 0
check_ssl_cert/control | 2 +-
check_ssl_cert/src | 2 +-
21 files changed, 42 insertions(+), 21 deletions(-)
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/VERSION b/check_ssl_cert/check_ssl_cert-1.57.0/VERSION
deleted file mode 100644
index f27a1d5..0000000
--- a/check_ssl_cert/check_ssl_cert-1.57.0/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.57.0
\ No newline at end of file
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/._check_ssl_cert b/check_ssl_cert/check_ssl_cert-1.58.0/._check_ssl_cert
similarity index 72%
rename from check_ssl_cert/check_ssl_cert-1.57.0/._check_ssl_cert
rename to check_ssl_cert/check_ssl_cert-1.58.0/._check_ssl_cert
index b7eb857..3d183b2 100755
Binary files a/check_ssl_cert/check_ssl_cert-1.57.0/._check_ssl_cert and b/check_ssl_cert/check_ssl_cert-1.58.0/._check_ssl_cert differ
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/AUTHORS b/check_ssl_cert/check_ssl_cert-1.58.0/AUTHORS
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.57.0/AUTHORS
rename to check_ssl_cert/check_ssl_cert-1.58.0/AUTHORS
index 36b66c2..7909d86 100644
--- a/check_ssl_cert/check_ssl_cert-1.57.0/AUTHORS
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/AUTHORS
@@ -64,4 +64,5 @@ Thanks:
* Many thanks to d7415 (https://github.com/d7415) for the -help patch
* Many thanks to Łukasz Wąsikowski (https://github.com/IdahoPL) for the curl and date display patches
* Many thanks to booboo-at-gluga-de (https://github.com/booboo-at-gluga-de) for the CRL patch
-* Many thanks to Georg (https://github.com/gbotti) for the fingerprint patch
\ No newline at end of file
+* Many thanks to Georg (https://github.com/gbotti) for the fingerprint patch
+* Many thanks to Wim van Ravesteijn (https://github.com/wimvr) for the DER encoded CRL files patch
\ No newline at end of file
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/COPYING b/check_ssl_cert/check_ssl_cert-1.58.0/COPYING
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/COPYING
rename to check_ssl_cert/check_ssl_cert-1.58.0/COPYING
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/COPYRIGHT b/check_ssl_cert/check_ssl_cert-1.58.0/COPYRIGHT
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/COPYRIGHT
rename to check_ssl_cert/check_ssl_cert-1.58.0/COPYRIGHT
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/ChangeLog b/check_ssl_cert/check_ssl_cert-1.58.0/ChangeLog
similarity index 99%
rename from check_ssl_cert/check_ssl_cert-1.57.0/ChangeLog
rename to check_ssl_cert/check_ssl_cert-1.58.0/ChangeLog
index b2b057f..6c91610 100644
--- a/check_ssl_cert/check_ssl_cert-1.57.0/ChangeLog
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/ChangeLog
@@ -1,3 +1,7 @@
+2017-11-29 Wim van Ravesteijn https://github.com/wimvr
+
+ * check_ssl_cert: Support for DER encoded CRL files
+
2017-11-28 Georg https://github.com/gbotti
* check_ssl_cert: added --fingerprint to check the SHA1 fingerprint of the certificate
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/INSTALL b/check_ssl_cert/check_ssl_cert-1.58.0/INSTALL
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/INSTALL
rename to check_ssl_cert/check_ssl_cert-1.58.0/INSTALL
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/Makefile b/check_ssl_cert/check_ssl_cert-1.58.0/Makefile
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/Makefile
rename to check_ssl_cert/check_ssl_cert-1.58.0/Makefile
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/NEWS b/check_ssl_cert/check_ssl_cert-1.58.0/NEWS
similarity index 99%
rename from check_ssl_cert/check_ssl_cert-1.57.0/NEWS
rename to check_ssl_cert/check_ssl_cert-1.58.0/NEWS
index def0781..48a77f0 100644
--- a/check_ssl_cert/check_ssl_cert-1.57.0/NEWS
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/NEWS
@@ -1,3 +1,4 @@
+2017-11-29 Version 1.58.0: Support for DER encoded CRL files
2017-11-28 Version 1.57.0: Added --fingerprint to check the SHA1 fingerprint of the certificate
2017-11-17 Version 1.56.0: Added support for -xmpphost if available
2017-11-16 Version 1.55.0: Fixed XMPP support and IPv6 addresses as host
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/README.md b/check_ssl_cert/check_ssl_cert-1.58.0/README.md
similarity index 98%
rename from check_ssl_cert/check_ssl_cert-1.57.0/README.md
rename to check_ssl_cert/check_ssl_cert-1.58.0/README.md
index b4c4325..45420ac 100644
--- a/check_ssl_cert/check_ssl_cert-1.57.0/README.md
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/README.md
@@ -38,6 +38,7 @@ Options:
but also a certificate revocation list (CRL) to check
the validity period
--file-bin path path of the file binary to be used
+ --fingerprint SHA1 pattern to match the SHA1-Fingerprint"
--force-perl-date force the usage of Perl for date computations
-h,--help,-? this help message
--ignore-exp ignore expiration date
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/TODO b/check_ssl_cert/check_ssl_cert-1.58.0/TODO
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/TODO
rename to check_ssl_cert/check_ssl_cert-1.58.0/TODO
diff --git a/check_ssl_cert/check_ssl_cert-1.58.0/VERSION b/check_ssl_cert/check_ssl_cert-1.58.0/VERSION
new file mode 100644
index 0000000..f269cd1
--- /dev/null
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/VERSION
@@ -0,0 +1 @@
+1.58.0
\ No newline at end of file
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert b/check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert
similarity index 97%
rename from check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert
rename to check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert
index 0bebb67..4a6d443 100755
--- a/check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert
@@ -19,7 +19,7 @@
################################################################################
# Constants
-VERSION=1.57.0
+VERSION=1.58.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,serial,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -1149,13 +1149,23 @@ main() {
if grep -q "BEGIN X509 CRL" "${CERT}" ; then
# we are dealing with a CRL file
OPENSSL_COMMAND="crl"
+ OPENSSL_PARAMS=""
OPENSSL_ENDDATE_OPTION="-nextupdate"
else
# look if we are dealing with a regular certificate file (x509)
if ! grep -q "CERTIFICATE" "${CERT}" ; then
if [ -n "${FILE}" ] ; then
- critical "'${FILE}' is not a valid certificate file"
+ if "${OPENSSL}" crl -in "${CERT}" -inform DER | grep -q "BEGIN X509 CRL" ; then
+ if [ -n "${VERBOSE}" ] ; then
+ echo "File is DER encoded CRL"
+ fi
+ OPENSSL_COMMAND="crl"
+ OPENSSL_PARAMS="-inform DER"
+ OPENSSL_ENDDATE_OPTION="-nextupdate"
+ else
+ critical "'${FILE}' is not a valid certificate file"
+ fi
else
# See
# http://stackoverflow.com/questions/1251999/sed-how-can-i-replace-a-newline-n
@@ -1173,12 +1183,13 @@ main() {
fi
critical "No certificate returned"
fi
-
+ else
+ # parameters for regular x509 certifcates
+ OPENSSL_COMMAND="x509"
+ OPENSSL_PARAMS=""
+ OPENSSL_ENDDATE_OPTION="-enddate"
fi
- # parameters for regular x509 certifcates
- OPENSSL_COMMAND="x509"
- OPENSSL_ENDDATE_OPTION="-enddate"
fi
if [ -n "${VERBOSE}" ] ; then
@@ -1187,7 +1198,7 @@ main() {
################################################################################
# Parse the X.509 certificate or crl
- DATE="$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" ${OPENSSL_ENDDATE_OPTION} -noout | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//")"
+ DATE="$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" ${OPENSSL_ENDDATE_OPTION} -noout | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//")"
if [ ${OPENSSL_COMMAND} = "crl" ]; then
CN=""
@@ -1206,17 +1217,17 @@ main() {
FINGERPRINT="$($OPENSSL x509 -in "${CERT}" -fingerprint -sha1 -noout | sed -e "s/^SHA1 Fingerprint=//")"
- OCSP_URI="$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" -ocsp_uri -noout)"
+ OCSP_URI="$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -ocsp_uri -noout)"
fi
# Handle properly openssl x509 -issuer -noout output format differences:
# OpenSSL 1.1.0: issuer=C = XY, ST = Alpha, L = Bravo, O = Charlie, CN = Charlie SSL CA
# OpenSSL 1.0.2: issuer= /C=XY/ST=Alpha/L=Bravo/O=Charlie/CN=Charlie SSL CA 3
- CA_O="$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" -issuer -noout | sed -e "s/^.*\\/O=//" -e "s/^.*, O = //" -e "s/\\/[A-Z][A-Z]*=.*\$//" -e "s/, [A-Z][A-Z]* =.*\$//")"
- CA_CN="$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" -issuer -noout | sed -e "s/^.*\\/CN=//" -e "s/^.*, CN = //" -e "s/\\/[A-Za-z][A-Za-z]*=.*\$//" -e "s/, [A-Z][A-Z]* =.*\$//")"
+ CA_O="$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -issuer -noout | sed -e "s/^.*\\/O=//" -e "s/^.*, O = //" -e "s/\\/[A-Z][A-Z]*=.*\$//" -e "s/, [A-Z][A-Z]* =.*\$//")"
+ CA_CN="$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -issuer -noout | sed -e "s/^.*\\/CN=//" -e "s/^.*, CN = //" -e "s/\\/[A-Za-z][A-Za-z]*=.*\$//" -e "s/, [A-Z][A-Z]* =.*\$//")"
# we just consider the first URI
- ISSUER_URI="$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" -text -noout | grep "CA Issuers" | head -n 1 | sed -e "s/^.*CA Issuers - URI://")"
+ ISSUER_URI="$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep "CA Issuers" | head -n 1 | sed -e "s/^.*CA Issuers - URI://")"
if [ -z "${ISSUER_URI}" ] ; then
if [ -n "${VERBOSE}" ] ; then
@@ -1230,7 +1241,7 @@ main() {
OCSP=""
fi
- SIGNATURE_ALGORITHM="$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" -text -noout | grep 'Signature Algorithm' | head -n 1)"
+ SIGNATURE_ALGORITHM="$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep 'Signature Algorithm' | head -n 1)"
if [ -n "${DEBUG}" ] ; then
echo "[DBG] ${SUBJECT}"
@@ -1285,7 +1296,7 @@ main() {
if ! echo "${VALID_ATTRIBUTES}" | grep -q ",${ATTR}," ; then
unknown "Invalid certificate attribute: ${ATTR}"
else
- value="$(${OPENSSL} ${OPENSSL_COMMAND} -in "${CERT}" -noout -nameopt utf8,oneline,-esc_msb -"${ATTR}" | sed -e "s/.*=//")"
+ value="$(${OPENSSL} ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -noout -nameopt utf8,oneline,-esc_msb -"${ATTR}" | sed -e "s/.*=//")"
LONG_OUTPUT="${LONG_OUTPUT}\\n${ATTR}: ${value}"
fi
@@ -1306,7 +1317,7 @@ main() {
# Compute for how many days the certificate will be valid
if [ -n "${DATETYPE}" ]; then
- CERT_END_DATE=$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" -noout ${OPENSSL_ENDDATE_OPTION} | sed -e "s/.*=//")
+ CERT_END_DATE=$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -noout ${OPENSSL_ENDDATE_OPTION} | sed -e "s/.*=//")
OLDLANG=$LANG
LANG=en_US
@@ -1358,7 +1369,7 @@ EOF
################################################################################
# Check the presence of a subjectAlternativeName (required for Chrome)
- SUBJECT_ALTERNATIVE_NAME=$($OPENSSL ${OPENSSL_COMMAND} -in "${CERT}" -text |
+ SUBJECT_ALTERNATIVE_NAME=$($OPENSSL ${OPENSSL_COMMAND} ${OPENSSL_PARAMS} -in "${CERT}" -text |
grep --after-context=1 "509v3 Subject Alternative Name:" |
tail -n 1 |
sed -e "s/DNS://g" |
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert.1 b/check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert.1
similarity index 98%
rename from check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert.1
rename to check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert.1
index 7145137..478d3a0 100644
--- a/check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert.1
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert.1
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
-.TH "check_ssl_cert" 1 "November, 2017" "1.57.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "November, 2017" "1.58.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert.spec b/check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert.spec
similarity index 98%
rename from check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert.spec
rename to check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert.spec
index fd0f042..aa2ae66 100644
--- a/check_ssl_cert/check_ssl_cert-1.57.0/check_ssl_cert.spec
+++ b/check_ssl_cert/check_ssl_cert-1.58.0/check_ssl_cert.spec
@@ -1,4 +1,4 @@
-%define version 1.57.0
+%define version 1.58.0
%define release 0
%define sourcename check_ssl_cert
%define packagename nagios-plugins-check_ssl_cert
@@ -45,6 +45,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/%{sourcename}.1*
%changelog
+* Wed Nov 29 2017 Matteo Corti <matteo at corti.li> - 1.58.0-0
+- Updated to 1.58.0
+
* Tue Nov 28 2017 Matteo Corti <matteo at corti.li> - 1.57.0-0
- Updated to 1.57.0
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/test/cabundle.crt b/check_ssl_cert/check_ssl_cert-1.58.0/test/cabundle.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/test/cabundle.crt
rename to check_ssl_cert/check_ssl_cert-1.58.0/test/cabundle.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/test/cacert.crt b/check_ssl_cert/check_ssl_cert-1.58.0/test/cacert.crt
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/test/cacert.crt
rename to check_ssl_cert/check_ssl_cert-1.58.0/test/cacert.crt
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/test/unit_tests.sh b/check_ssl_cert/check_ssl_cert-1.58.0/test/unit_tests.sh
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/test/unit_tests.sh
rename to check_ssl_cert/check_ssl_cert-1.58.0/test/unit_tests.sh
diff --git a/check_ssl_cert/check_ssl_cert-1.57.0/test/unit_tests.sh~ b/check_ssl_cert/check_ssl_cert-1.58.0/test/unit_tests.sh~
similarity index 100%
rename from check_ssl_cert/check_ssl_cert-1.57.0/test/unit_tests.sh~
rename to check_ssl_cert/check_ssl_cert-1.58.0/test/unit_tests.sh~
diff --git a/check_ssl_cert/control b/check_ssl_cert/control
index 34083ee..8c47141 100644
--- a/check_ssl_cert/control
+++ b/check_ssl_cert/control
@@ -1,7 +1,7 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: curl, file, openssl
Suggests: expect
-Version: 1.57.0
+Version: 1.58.0
Homepage: https://github.com/matteocorti/check_ssl_cert
Watch: https://github.com/matteocorti/check_ssl_cert/releases check_ssl_cert-([0-9.]+)\.tar\.gz
Description: plugin to check the CA and validity of an
diff --git a/check_ssl_cert/src b/check_ssl_cert/src
index 248d1f0..edd5e0d 120000
--- a/check_ssl_cert/src
+++ b/check_ssl_cert/src
@@ -1 +1 @@
-check_ssl_cert-1.57.0/
\ No newline at end of file
+check_ssl_cert-1.58.0/
\ No newline at end of file
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nagios-plugins-contrib.git
More information about the Pkg-nagios-changes
mailing list