[pkg-nagios-changes] [Git][nagios-team/pkg-nagios-plugins-contrib][master] 3 commits: check_mongodb: Updating to latest version b33e763

Jan Wagner gitlab at salsa.debian.org
Tue Feb 5 20:38:49 GMT 2019


Jan Wagner pushed to branch master at Debian Nagios Maintainer Group / pkg-nagios-plugins-contrib


Commits:
71b0bfcf by Jan Wagner at 2019-02-05T19:27:14Z
check_mongodb: Updating to latest version b33e763

- - - - -
4fdfeb3c by Jan Wagner at 2019-02-05T19:42:09Z
check_ssl_cert: Update to 1.81.0

- - - - -
cf52b637 by Jan Wagner at 2019-02-05T19:52:26Z
check_varnish/control: Update to latest upstream commit, no code changes

- - - - -


26 changed files:

- check_mongodb/check_mongodb.py
- check_mongodb/control
- − check_ssl_cert/check_ssl_cert-1.80.1/VERSION
- check_ssl_cert/check_ssl_cert-1.80.1/._COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/._COPYRIGHT
- check_ssl_cert/check_ssl_cert-1.80.1/._Makefile → check_ssl_cert/check_ssl_cert-1.81.0/._Makefile
- check_ssl_cert/check_ssl_cert-1.80.1/._NEWS → check_ssl_cert/check_ssl_cert-1.81.0/._NEWS
- check_ssl_cert/check_ssl_cert-1.80.1/._check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/._check_ssl_cert
- check_ssl_cert/check_ssl_cert-1.80.1/AUTHORS → check_ssl_cert/check_ssl_cert-1.81.0/AUTHORS
- check_ssl_cert/check_ssl_cert-1.80.1/COPYING → check_ssl_cert/check_ssl_cert-1.81.0/COPYING
- check_ssl_cert/check_ssl_cert-1.80.1/COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/COPYRIGHT
- check_ssl_cert/check_ssl_cert-1.80.1/ChangeLog → check_ssl_cert/check_ssl_cert-1.81.0/ChangeLog
- check_ssl_cert/check_ssl_cert-1.80.1/INSTALL → check_ssl_cert/check_ssl_cert-1.81.0/INSTALL
- check_ssl_cert/check_ssl_cert-1.80.1/Makefile → check_ssl_cert/check_ssl_cert-1.81.0/Makefile
- check_ssl_cert/check_ssl_cert-1.80.1/NEWS → check_ssl_cert/check_ssl_cert-1.81.0/NEWS
- check_ssl_cert/check_ssl_cert-1.80.1/README.md → check_ssl_cert/check_ssl_cert-1.81.0/README.md
- check_ssl_cert/check_ssl_cert-1.80.1/TODO → check_ssl_cert/check_ssl_cert-1.81.0/TODO
- + check_ssl_cert/check_ssl_cert-1.81.0/VERSION
- check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert
- check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.1
- check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.spec
- check_ssl_cert/check_ssl_cert-1.80.1/test/cabundle.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cabundle.crt
- check_ssl_cert/check_ssl_cert-1.80.1/test/cacert.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cacert.crt
- check_ssl_cert/check_ssl_cert-1.80.1/test/unit_tests.sh → check_ssl_cert/check_ssl_cert-1.81.0/test/unit_tests.sh
- check_ssl_cert/control
- check_ssl_cert/src
- check_varnish/control


Changes:

=====================================
check_mongodb/check_mongodb.py
=====================================
@@ -155,6 +155,8 @@ def main(argv):
     p.add_option('--insecure', action='store_true', dest='insecure', default=False, help="Don't verify SSL/TLS certificates")
     p.add_option('--ssl-ca-cert-file', action='store', type='string', dest='ssl_ca_cert_file', default=None, help='Path to Certificate Authority file for SSL')
     p.add_option('-f', '--ssl-cert-file', action='store', type='string', dest='cert_file', default=None, help='Path to PEM encoded key and cert for client authentication')
+    p.add_option('-m','--auth-mechanism', action='store', type='choice', dest='auth_mechanism', default=None, help='Auth mechanism used for auth with mongodb',
+    choices=['MONGODB-X509','SCRAM-SHA-256','SCRAM-SHA-1'])
 
     options, arguments = p.parse_args()
     host = options.host
@@ -185,6 +187,7 @@ def main(argv):
     insecure = options.insecure
     ssl_ca_cert_file = options.ssl_ca_cert_file
     cert_file = options.cert_file
+    auth_mechanism = options.auth_mechanism
 
     if action == 'replica_primary' and replicaset is None:
         return "replicaset must be passed in when using replica_primary check"
@@ -282,7 +285,7 @@ def main(argv):
         return check_connect(host, port, warning, critical, perf_data, user, passwd, conn_time)
 
 
-def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, replica=None, authdb="admin", insecure=False, ssl_ca_cert_file=None, ssl_cert=None):
+def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, replica=None, authdb="admin", insecure=False, ssl_ca_cert_file=None, ssl_cert=None, auth_mechanism=None):
     from pymongo.errors import ConnectionFailure
     from pymongo.errors import PyMongoError
     import ssl as SSL
@@ -314,7 +317,11 @@ def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, repli
                 con = pymongo.Connection(host, port, slave_okay=True, network_timeout=10)
 
         # we must authenticate the connection, otherwise we won't be able to perform certain operations
-        if ssl_cert and ssl_ca_cert_file and user:
+        if ssl_cert and ssl_ca_cert_file and user and auth_mechanism == 'SCRAM-SHA-256':
+            con.the_database.authenticate(user, mechanism='SCRAM-SHA-256')
+        elif ssl_cert and ssl_ca_cert_file and user and auth_mechanism == 'SCRAM-SHA-1':
+            con.the_database.authenticate(user, mechanism='SCRAM-SHA-1')
+        elif ssl_cert and ssl_ca_cert_file and user and auth_mechanism == 'MONGODB-X509':
             con.the_database.authenticate(user, mechanism='MONGODB-X509')
 
         try:


=====================================
check_mongodb/control
=====================================
@@ -1,6 +1,6 @@
 Uploaders: Jan Wagner <waja at cyconet.org>
 Recommends: python-pymongo
-Version: 46d27ab
+Version: b33e763
 Homepage: https://github.com/mzupan/nagios-plugin-mongodb
 Watch: https://github.com/mzupan/nagios-plugin-mongodb <a class="commit-tease-sha"[^>]*>\s+([0-9a-f]+)\s+</a>
 Description: Plugin script to monitor your MongoDB server(s)


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/VERSION deleted
=====================================
@@ -1 +0,0 @@
-1.76.0


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/._COPYRIGHT
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._Makefile → check_ssl_cert/check_ssl_cert-1.81.0/._Makefile
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._NEWS → check_ssl_cert/check_ssl_cert-1.81.0/._NEWS
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/._check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/._check_ssl_cert
=====================================
Binary files a/check_ssl_cert/check_ssl_cert-1.80.1/._check_ssl_cert and b/check_ssl_cert/check_ssl_cert-1.81.0/._check_ssl_cert differ


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/AUTHORS → check_ssl_cert/check_ssl_cert-1.81.0/AUTHORS
=====================================
@@ -73,5 +73,10 @@ Thanks:
 * Many thanks to Vojtech Horky (https://github.com/vhotspur) for the --format patch
 * Many thanks to Markus Frosch (https://github.com/lazyfrosch) for the cleanup patch
 * Many thanks to Ricardo Bartels (https://github.com/bb-Ricardo) for the patches fixing unit tests, long output on Linux, extending the issuer checks to the whole chain
-* Many thanks to eimamagi (https://github.com/eimamagi) for the client key patch
-* Many thanks to Stefan Schlesinger for the HTTP_REQUEST patch
\ No newline at end of file
+* Many thanks to eimamagi (https://github.com/eimamagi) for the client key patch and for the CA file and directory support
+* Many thanks to Stefan Schlesinger for the HTTP_REQUEST patch
+* Many thanks to sokol-44 (https://github.com/sokol-44) for the HTTP request fix
+* Many thanks to Jonas Meurer (https://github.com/mejo-) for the IMAP / IMAPS fix
+* Many thanks to Mathieu Simon (https://github.com/matsimon) for the IMAPS and POP3S patch
+* Many thanks to Nico (https://github.com/nicox) for the SSLlabs patch
+* Many thanks to barakAtSoluto (https://github.com/barakAtSoluto) for the SSLlabs warning patch
\ No newline at end of file


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/COPYING → check_ssl_cert/check_ssl_cert-1.81.0/COPYING
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/COPYRIGHT → check_ssl_cert/check_ssl_cert-1.81.0/COPYRIGHT
=====================================
@@ -1,6 +1,6 @@
 
   Copyright (c) 2007-2013 ETH Zurich
-  Copyright (c) 2007-2018 Matteo Corti
+  Copyright (c) 2007-2019 Matteo Corti
 
 with the following individuals added to the list of Contributing Authors
 


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/ChangeLog → check_ssl_cert/check_ssl_cert-1.81.0/ChangeLog
=====================================
@@ -1,3 +1,34 @@
+2019-02-01  Matteo Corti  <matteo at corti.li>
+
+	* check_ssl_cert: applied patch for the SSLlabs warning
+
+2019-01-16  Matteo Corti  <matteo at corti.li>
+
+	* check_ssl_cert: replaced echo -e with printf
+
+2018-12-24  Matteo Corti  <corti at macmini.home>
+
+	* check_ssl_cert: Better output in case of errors while using SNI
+
+2018-12-19  Matteo Corti  <matteo at corti.li>
+
+	* check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S
+	* check_ssl_cert: Support for SNI and SSL Labs
+
+2018-12-11  Matteo Corti  <corti at macmini.home>
+
+	* check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993
+	* check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer
+
+2018-11-07  Matteo Corti  <matteo at corti.li>
+
+	* check_ssl_cert: Fixed a problem with IMAP on port 993
+	* check_ssl_cert: fixed a problem with newlines in the HTTP request
+
+2018-11-05  Matteo Corti  <matteo at corti.li>
+
+	* check_ssl_cert: CA file and directory support
+
 2018-10-19  Matteo Corti  <matteo at corti.li>
 
 	* check_ssl_cert: Fixed the HTTP request string


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/INSTALL → check_ssl_cert/check_ssl_cert-1.81.0/INSTALL
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/Makefile → check_ssl_cert/check_ssl_cert-1.81.0/Makefile
=====================================
@@ -4,7 +4,7 @@ DIST_DIR=$(PLUGIN)-$(VERSION)
 DIST_FILES=AUTHORS COPYING ChangeLog INSTALL Makefile NEWS README.md TODO VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 test
 YEAR=`date +"%Y"`
 
-dist: version_check copyright_check
+dist: version_check
 	rm -rf $(DIST_DIR) $(DIST_DIR).tar.gz
 	mkdir $(DIST_DIR)
 	cp -r $(DIST_FILES) $(DIST_DIR)
@@ -25,12 +25,6 @@ version_check:
 	grep -q "${VERSION}" NEWS
 	echo "Version check: OK"
 
-copyright_check:
-	grep -q "(c) Matteo Corti, 2007-$(YEAR)" README.md
-	grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti" COPYRIGHT
-	grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti <matteo at corti.li>" $(PLUGIN)
-	echo "Copyright year check: OK"
-
 clean:
 	rm -f *~
 	rm -rf rpmroot
@@ -38,9 +32,17 @@ clean:
 test: dist
 	( export SHUNIT2="$$(pwd)/shunit2/shunit2" && cd test && ./unit_tests.sh )
 
+copyright_check:
+	grep -q "(c) Matteo Corti, 2007-$(YEAR)" README.md
+	grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti" COPYRIGHT
+	grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti <matteo at corti.li>" $(PLUGIN)
+	echo "Copyright year check: OK"
+
 rpm: dist
 	mkdir -p rpmroot/SOURCES rpmroot/BUILD
 	cp $(DIST_DIR).tar.gz rpmroot/SOURCES
 	rpmbuild --define "_topdir `pwd`/rpmroot" -ba check_ssl_cert.spec
 
+
+
 .PHONY: install clean test rpm


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/NEWS → check_ssl_cert/check_ssl_cert-1.81.0/NEWS
=====================================
@@ -1,3 +1,10 @@
+2019-02-01 Version 1.81.0: Added an option to specify a warning level with SSL Labs
+2019-01-16 Version 1.80.1: Fixed a problem on systems not supporting echo -e
+2018-12-24 Version 1.80.0: Better output in case of errors while using SNI
+2018-12-10 Version 1.79.0: Differentiate between IMAP on port 143 and IMAPS on port 993
+                           Fixed a vulnerability in the parsing of the certificate issuer
+2018-11-07 Version 1.78.0: Bug fixes in IMAP and HTTP requests
+2018-11-05 Version 1.77.0: CA file and directory support
 2018-10-19 Version 1.76.0: Sends a correct HTTP request
 2018-10-18 Version 1.75.0: Allow to specify a client certificate key
 2018-10-15 Version 1.74.0: Fixed a bug generating a confusing error message on timeout


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/README.md → check_ssl_cert/check_ssl_cert-1.81.0/README.md
=====================================
@@ -1,8 +1,7 @@
 
  (c) Matteo Corti, ETH Zurich, 2007-2012
 
- (c) Matteo Corti, 2007-2018
-
+ (c) Matteo Corti, 2007-2019
   see AUTHORS for the complete list of contributors
 
 # check_ssl_cert
@@ -71,9 +70,9 @@ Options:
       --openssl path          path of the openssl binary to be used
    -p,--port port             TCP port
    -P,--protocol protocol     use the specific protocol
-                              {http|smtp|pop3|imap|ftp|xmpp|irc|ldap}
+                              {http|smtp|pop3|pop3s|imap|imaps|ftp|xmpp|irc|ldap}
                               http:                    default
-                              smtp,pop3,imap,ftp,ldap: switch to TLS
+                              smtp,pop3,imap,imaps,ftp,ldap: switch to TLS
    -s,--selfsigned            allows self-signed certificates
       --serial serialnum      pattern to match the serial number
       --sni name              sets the TLS SNI (Server Name Indication) extension
@@ -85,6 +84,8 @@ Options:
                               extension
    -r,--rootcert path         root certificate or directory to be used for
                               certificate validation
+      --rootcert-dir path     root directory to be used for certificate validation
+      --rootcert-file path    root certificate to be used for certificate validation
       --rsa                   cipher selection: force RSA authentication
       --temp dir              directory where to store the temporary files
       --terse                 terse output


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/TODO → check_ssl_cert/check_ssl_cert-1.81.0/TODO
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.81.0/VERSION
=====================================
@@ -0,0 +1 @@
+1.81.0


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert
=====================================
@@ -10,7 +10,7 @@
 # See  the INSTALL file for installation instructions
 #
 # Copyright (c) 2007-2012 ETH Zurich.
-# Copyright (c) 2007-2018 Matteo Corti <matteo at corti.li>
+# Copyright (c) 2007-2019 Matteo Corti <matteo at corti.li>
 #
 # This module is free software; you can redistribute it and/or modify it
 # under the terms of GNU general public license (gpl) version 3.
@@ -19,7 +19,7 @@
 ################################################################################
 # Constants
 
-VERSION=1.76.0
+VERSION=1.81.0
 SHORTNAME="SSL_CERT"
 
 VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,serial,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -49,94 +49,97 @@ usage() {
     echo "Usage: check_ssl_cert -H host [OPTIONS]"
     echo
     echo "Arguments:"
-    echo "   -H,--host host             server"
+    echo "   -H,--host host                  server"
     echo
     echo "Options:"
-    echo "   -A,--noauth                ignore authority warnings (expiration only)"
-    echo "      --altnames              matches the pattern specified in -n with alternate"
-    echo "                              names too"
-    echo "   -C,--clientcert path       use client certificate to authenticate"
-    echo "      --clientpass phrase     set passphrase for client certificate."
-    echo "   -c,--critical days         minimum number of days a certificate has to be valid"
-    echo "                              to issue a critical status"
-    echo "      --curl-bin path         path of the curl binary to be used"
-    echo "   -d,--debug                 produces debugging output"
-    echo "      --ecdsa                 cipher selection: force ECDSA authentication"
-    echo "   -e,--email address         pattern to match the email address contained in the"
-    echo "                              certificate"
-    echo "   -f,--file file             local file path (works with -H localhost only)"
-    echo "                              with -f you can not only pass a x509 certificate file"
-    echo "                              but also a certificate revocation list (CRL) to check"
-    echo "                              the validity period"
-    echo "      --file-bin path         path of the file binary to be used"
-    echo "      --fingerprint SHA1      pattern to match the SHA1-Fingerprint"
-    echo "      --force-perl-date       force the usage of Perl for date computations"
-    echo "      --format FORMAT         format output template on success, for example"
-    echo "                              \"%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'\""
-    echo "   -h,--help,-?               this help message"
-    echo "      --ignore-exp            ignore expiration date"
-    echo "      --ignore-ocsp           do not check revocation with OCSP"
-    echo "      --ignore-sig-alg        do not check if the certificate was signed with SHA1"
-    echo "                              or MD5"
-    echo "      --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)"
-    echo "   -i,--issuer issuer         pattern to match the issuer of the certificate"
-    echo "      --issuer-cert-cache dir directory where to store issuer certificates cache"
-    echo "   -K,--clientkey path        use client certificate key to authenticate"
-    echo "   -L,--check-ssl-labs grade  SSL Labs assessment"
-    echo "                              (please check https://www.ssllabs.com/about/terms.html)"
-    echo "      --long-output list      append the specified comma separated (no spaces) list"
-    echo "                              of attributes to the plugin output on additional lines"
-    echo "                              Valid attributes are:"
-    echo "                                enddate, startdate, subject, issuer, modulus,"
-    echo "                                serial, hash, email, ocsp_uri and fingerprint."
-    echo "                              'all' will include all the available attributes."
-    echo "   -n,--cn name               pattern to match the CN of the certificate (can be"
-    echo "                              specified multiple times)"
-    echo "      --no_ssl2               disable SSL version 2"
-    echo "      --no_ssl3               disable SSL version 3"
-    echo "      --no_tls1               disable TLS version 1"
-    echo "      --no_tls1_1             disable TLS version 1.1"
-    echo "      --no_tls1_2             disable TLS version 1.2"
-    echo "   -N,--host-cn               match CN with the host name"
-    echo "   -o,--org org               pattern to match the organization of the certificate"
-    echo "      --openssl path          path of the openssl binary to be used"
-    echo "   -p,--port port             TCP port"
-    echo "   -P,--protocol protocol     use the specific protocol"
-    echo "                              {http|smtp|pop3|imap|ftp|xmpp|irc|ldap}"
-    echo "                              http:                    default"
-    echo "                              smtp,pop3,imap,ftp,ldap: switch to TLS"
-    echo "   -s,--selfsigned            allows self-signed certificates"
-    echo "      --serial serialnum      pattern to match the serial number"
-    echo "      --sni name              sets the TLS SNI (Server Name Indication) extension"
-    echo "                              in the ClientHello message to 'name'"
-    echo "      --ssl2                  forces SSL version 2"
-    echo "      --ssl3                  forces SSL version 3"
-    echo "      --require-ocsp-stapling require OCSP stapling"
-    echo "      --require-san           require the presence of a Subject Alternative Name"
-    echo "                              extension"
-    echo "   -r,--rootcert path         root certificate or directory to be used for"
-    echo "                              certificate validation"
-    echo "      --rsa                   cipher selection: force RSA authentication"
-    echo "      --temp dir              directory where to store the temporary files"
-    echo "      --terse                 terse output"
-    echo "   -t,--timeout               seconds timeout after the specified time"
-    echo "                              (defaults to 15 seconds)"
-    echo "      --tls1                  force TLS version 1"
-    echo "      --tls1_1                force TLS version 1.1"
-    echo "      --tls1_2                force TLS version 1.2"
-    echo "      --tls1_3                force TLS version 1.3"
-    echo "   -v,--verbose               verbose output"
-    echo "   -V,--version               version"
-    echo "   -w,--warning days          minimum number of days a certificate has to be valid"
-    echo "                              to issue a warning status"
-    echo "      --xmpphost name         specifies the host for the 'to' attribute of the stream element"
+    echo "   -A,--noauth                     ignore authority warnings (expiration only)"
+    echo "      --altnames                   matches the pattern specified in -n with alternate"
+    echo "                                   names too"
+    echo "   -C,--clientcert path            use client certificate to authenticate"
+    echo "      --clientpass phrase          set passphrase for client certificate."
+    echo "   -c,--critical days              minimum number of days a certificate has to be valid"
+    echo "                                   to issue a critical status"
+    echo "      --curl-bin path              path of the curl binary to be used"
+    echo "   -d,--debug                      produces debugging output"
+    echo "      --ecdsa                      cipher selection: force ECDSA authentication"
+    echo "   -e,--email address              pattern to match the email address contained in the"
+    echo "                                   certificate"
+    echo "   -f,--file file                  local file path (works with -H localhost only)"
+    echo "                                   with -f you can not only pass a x509 certificate file"
+    echo "                                   but also a certificate revocation list (CRL) to check"
+    echo "                                   the validity period"
+    echo "      --file-bin path              path of the file binary to be used"
+    echo "      --fingerprint SHA1           pattern to match the SHA1-Fingerprint"
+    echo "      --force-perl-date            force the usage of Perl for date computations"
+    echo "      --format FORMAT              format output template on success, for example"
+    echo "                                   \"%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'\""
+    echo "   -h,--help,-?                    this help message"
+    echo "      --ignore-exp                 ignore expiration date"
+    echo "      --ignore-ocsp                do not check revocation with OCSP"
+    echo "      --ignore-sig-alg             do not check if the certificate was signed with SHA1"
+    echo "                                   or MD5"
+    echo "      --ignore-ssl-labs-cache      Forces a new check by SSL Labs (see -L)"
+    echo "   -i,--issuer issuer              pattern to match the issuer of the certificate"
+    echo "      --issuer-cert-cache dir      directory where to store issuer certificates cache"
+    echo "   -K,--clientkey path             use client certificate key to authenticate"
+    echo "   -L,--check-ssl-labs grade       SSL Labs assessment"
+    echo "                                   (please check https://www.ssllabs.com/about/terms.html)"
+    echo "      --check-ssl-labs-warn-grade  SSL-Labs grade on which to warn"
+    echo "      --long-output list           append the specified comma separated (no spaces) list"
+    echo "                                   of attributes to the plugin output on additional lines"
+    echo "                                   Valid attributes are:"
+    echo "                                     enddate, startdate, subject, issuer, modulus,"
+    echo "                                     serial, hash, email, ocsp_uri and fingerprint."
+    echo "                                   'all' will include all the available attributes."
+    echo "   -n,--cn name                    pattern to match the CN of the certificate (can be"
+    echo "                                   specified multiple times)"
+    echo "      --no_ssl2                    disable SSL version 2"
+    echo "      --no_ssl3                    disable SSL version 3"
+    echo "      --no_tls1                    disable TLS version 1"
+    echo "      --no_tls1_1                  disable TLS version 1.1"
+    echo "      --no_tls1_2                  disable TLS version 1.2"
+    echo "   -N,--host-cn                    match CN with the host name"
+    echo "   -o,--org org                    pattern to match the organization of the certificate"
+    echo "      --openssl path               path of the openssl binary to be used"
+    echo "   -p,--port port                  TCP port"
+    echo "   -P,--protocol protocol          use the specific protocol"
+    echo "                                   {http|smtp|pop3|pops3s|imap|imaps|ftp|xmpp|irc|ldap}"
+    echo "                                   http:                    default"
+    echo "                                   smtp,pop3,imap,ftp,ldap: switch to TLS"
+    echo "   -s,--selfsigned                 allows self-signed certificates"
+    echo "      --serial serialnum           pattern to match the serial number"
+    echo "      --sni name                   sets the TLS SNI (Server Name Indication) extension"
+    echo "                                   in the ClientHello message to 'name'"
+    echo "      --ssl2                       forces SSL version 2"
+    echo "      --ssl3                       forces SSL version 3"
+    echo "      --require-ocsp-stapling      require OCSP stapling"
+    echo "      --require-san                require the presence of a Subject Alternative Name"
+    echo "                                   extension"
+    echo "   -r,--rootcert path              root certificate or directory to be used for"
+    echo "                                   certificate validation"
+    echo "      --rootcert-dir path          root directory to be used for certificate validation"
+    echo "      --rootcert-file path         root certificate to be used for certificate validation"
+    echo "      --rsa                        cipher selection: force RSA authentication"
+    echo "      --temp dir                   directory where to store the temporary files"
+    echo "      --terse                      terse output"
+    echo "   -t,--timeout                    seconds timeout after the specified time"
+    echo "                                   (defaults to 15 seconds)"
+    echo "      --tls1                       force TLS version 1"
+    echo "      --tls1_1                     force TLS version 1.1"
+    echo "      --tls1_2                     force TLS version 1.2"
+    echo "      --tls1_3                     force TLS version 1.3"
+    echo "   -v,--verbose                    verbose output"
+    echo "   -V,--version                    version"
+    echo "   -w,--warning days               minimum number of days a certificate has to be valid"
+    echo "                                   to issue a warning status"
+    echo "      --xmpphost name              specifies the host for the 'to' attribute of the stream element"
     echo
     echo "Deprecated options:"
-    echo "      --days days             minimum number of days a certificate has to be valid"
-    echo "                              (see --critical and --warning)"
-    echo "      --ocsp                  check revocation via OCSP"
-    echo "   -S,--ssl version           force SSL version (2,3)"
-    echo "                              (see: --ssl2 or --ssl3)"
+    echo "      --days days                  minimum number of days a certificate has to be valid"
+    echo "                                   (see --critical and --warning)"
+    echo "      --ocsp                       check revocation via OCSP"
+    echo "   -S,--ssl version                force SSL version (2,3)"
+    echo "                                   (see: --ssl2 or --ssl3)"
     echo
     echo "Report bugs to https://github.com/matteocorti/check_ssl_cert/issues"
     echo
@@ -206,7 +209,11 @@ create_temporary_file() {
 #   $1 error message
 critical() {
     if [ -n "${HOST}" ] ; then
-        tmp=" ${HOST}"
+	if [ -n "${SNI}" ] ; then
+	    tmp=" ${SNI}"
+	else
+            tmp=" ${HOST}"
+	fi
     fi
     remove_temporary_files
     printf '%s CRITICAL%s: %s%s%s\n' "${SHORTNAME}" "${tmp}" "$1" "${PERFORMANCE_DATA}" "${LONG_OUTPUT}"
@@ -219,7 +226,11 @@ critical() {
 #   $1 warning message
 warning() {
     if [ -n "${HOST}" ] ; then
-        tmp=" ${HOST}"
+	if [ -n "${SNI}" ] ; then
+	    tmp=" ${SNI}"
+	else
+            tmp=" ${HOST}"
+	fi
     fi
     remove_temporary_files
     printf '%s WARN%s: %s%s%s\n' "${SHORTNAME}" "${tmp}" "$1" "${PERFORMANCE_DATA}" "${LONG_OUTPUT}"
@@ -232,7 +243,11 @@ warning() {
 #   $1 message
 unknown() {
     if [ -n "${HOST}" ] ; then
-        tmp=" ${HOST}"
+	if [ -n "${SNI}" ] ; then
+	    tmp=" ${SNI}"
+	else
+            tmp=" ${HOST}"
+	fi
     fi
     remove_temporary_files
     printf '%s UNKNOWN%s: %s\n' "${SHORTNAME}" "${tmp}" "$1"
@@ -426,6 +441,10 @@ fetch_certificate() {
                 exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
                 RET=$?
                 ;;
+            pop3s|imaps)
+                exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -connect $HOST:$PORT ${SERVERNAME} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
+                RET=$?
+                ;;
 	    xmpp)
                 exec_with_timeout "$TIMEOUT" "echo 'Q' | $OPENSSL s_client ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect $HOST:$XMPPPORT ${XMPPHOST} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} 2> ${ERROR} 1> ${CERT}"
                 RET=$?
@@ -749,12 +768,20 @@ main() {
                 ;;
             -L|--check-ssl-labs)
                 if [ $# -gt 1 ]; then
-                    SSL_LAB_ASSESSMENT="$2"
+                    SSL_LAB_CRIT_ASSESSMENT="$2"
                     shift 2
                 else
                     unknown "-L|--check-ssl-labs requires an argument"
                 fi
                 ;;
+            --check-ssl-labs-warn-grade)
+                if [ $# -gt 1 ]; then
+                    SSL_LAB_WARN_ASSESTMENT="$2"
+                    shift 2
+                else
+                    unknown "--check-ssl-labs-warn-grade requires an argument"
+                fi
+                ;;
             --serial)
                 if [ $# -gt 1 ]; then
                     SERIAL_LOCK="$2"
@@ -832,6 +859,22 @@ main() {
                     unknown "-r,--rootcert requires an argument"
                 fi
                 ;;
+            --rootcert-dir)
+                if [ $# -gt 1 ]; then
+                    ROOT_CA_DIR="$2"
+                    shift 2
+                else
+                    unknown "--rootcert-dir requires an argument"
+                fi
+                ;;
+            --rootcert-file)
+                if [ $# -gt 1 ]; then
+                    ROOT_CA_FILE="$2"
+                    shift 2
+                else
+                    unknown "--rootcert-file requires an argument"
+                fi
+                ;;
             -C|--clientcert)
                 if [ $# -gt 1 ]; then
                     CLIENT_CERT="$2"
@@ -975,6 +1018,32 @@ main() {
 
     fi
 
+    if [ -n "${ROOT_CA_DIR}" ] ; then
+
+        if [ ! -d "${ROOT_CA_DIR}" ] ; then
+            unknown "${ROOT_CA_DIR} is not a directory";
+        fi
+
+        if [ ! -r "${ROOT_CA_DIR}" ] ; then
+            unknown "Cannot read root directory ${ROOT_CA_DIR}"
+        fi
+
+        ROOT_CA_DIR="-CApath ${ROOT_CA_DIR}"
+    fi
+
+    if [ -n "${ROOT_CA_FILE}" ] ; then
+
+        if [ ! -r "${ROOT_CA_FILE}" ] ; then
+            unknown "Cannot read root certificate ${ROOT_CA_FILE}"
+        fi
+
+        ROOT_CA_FILE="-CAfile ${ROOT_CA_FILE}"
+    fi
+
+    if [ -n "${ROOT_CA_DIR}" ] || [ -n "${ROOT_CA_FILE}" ]; then
+        ROOT_CA="${ROOT_CA_DIR} ${ROOT_CA_FILE}"
+    fi
+
     if [ -n "${CLIENT_CERT}" ] ; then
 
         if [ ! -r "${CLIENT_CERT}" ] ; then
@@ -1039,9 +1108,17 @@ main() {
 
     fi
 
-    if [ -n "${SSL_LAB_ASSESSMENT}" ] ; then
-        convert_ssl_lab_grade "${SSL_LAB_ASSESSMENT}"
-        SSL_LAB_ASSESSMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
+    if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then
+        convert_ssl_lab_grade "${SSL_LAB_CRIT_ASSESSMENT}"
+        SSL_LAB_CRIT_ASSESSMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
+    fi
+
+    if [ -n "${SSL_LAB_WARN_ASSESTMENT}" ] ; then
+        convert_ssl_lab_grade "${SSL_LAB_WARN_ASSESTMENT}"
+        SSL_LAB_WARN_ASSESTMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
+        if ( $SSL_LAB_WARN_ASSESTMENT_NUMERIC < $SSL_LAB_CRIT_ASSESSMENT_NUMERIC ); then
+            unknown  "--check-ssl-labs-warn-grade must be greater than -L|--check-ssl-labs"
+        fi
     fi
 
     if [ -n "${DEBUG}" ] ; then
@@ -1065,9 +1142,9 @@ main() {
 
     # curl
     if [ -z "${CURL_BIN}" ] ; then
-	if [ -n "${SSL_LAB_ASSESSMENT}" ] || [ -n "${OCSP}" ] ; then
+	if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ] ; then
 	    if [ -n "${DEBUG}" ] ; then
-		echo "[DBG] cURL binary needed. SSL Labs = ${SSL_LAB_ASSESSMENT}, OCSP = ${OCSP}"
+		echo "[DBG] cURL binary needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}"
 		echo "[DBG] cURL binary not specified"
 	    fi
             check_required_prog curl
@@ -1077,7 +1154,7 @@ main() {
 	    fi
 	else
 	    if [ -n "${DEBUG}" ] ; then
-		echo "[DBG] cURL binary not needed. SSL Labs = ${SSL_LAB_ASSESSMENT}, OCSP = ${OCSP}"
+		echo "[DBG] cURL binary not needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}"
 	    fi
 	fi
     fi
@@ -1258,8 +1335,9 @@ main() {
     else
         HOST_HEADER="${HOST}"
     fi
+
     HTTP_REQUEST="HEAD / HTTP/1.1\\nHost: ${HOST_HEADER}\\nUser-Agent: check_ssl_cert/${VERSION}\\nConnection: close\\n\\n"
-    
+
     ################################################################################
     # Fetch the X.509 certificate
 
@@ -1432,14 +1510,22 @@ main() {
     ISSUERS=$(echo "$ISSUERS" | sed 's/\\n/\n/g' | sed -e "s/^.*\\/CN=//" -e "s/^.* CN = //" -e "s/^.*, O = //" -e "s/\\/[A-Za-z][A-Za-z]*=.*\$//" -e "s/, [A-Za-z][A-Za-z]* =.*\$//")
 
     # we just consider the first URI
-    # shellcheck disable=SC2086
-    ISSUER_URI="$($OPENSSL "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep "CA Issuers" | head -n 1 | sed -e "s/^.*CA Issuers - URI://")"
+    # TODO check SC2016
+    # shellcheck disable=SC2086,SC2016
+    ISSUER_URI="$($OPENSSL "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep "CA Issuers" | head -n 1 | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;$(){}<>`&')"
 
+    # TODO: should be checked
+    # shellcheck disable=SC2021
     if [ -z "${ISSUER_URI}" ] ; then
         if [ -n "${VERBOSE}" ] ; then
             echo "cannot find the CA Issuers in the certificate: disabling OCSP checks"
         fi
         OCSP=""
+    elif [ "${ISSUER_URI}" != "$(echo "${ISSUER_URI}" | tr -d '[[:space:]]')" ]; then
+        if [ -n "${VERBOSE}" ] ; then
+            echo "unable to fetch the CA issuer certificate (spaces in URI)"
+        fi
+        OCSP=""
     elif ! echo "${ISSUER_URI}" | grep -qi '^http' ; then
         if [ -n "${VERBOSE}" ] ; then
             echo "unable to fetch the CA issuer certificate (unsupported protocol)"
@@ -1454,7 +1540,7 @@ main() {
        	    echo "checking OCSP stapling"
 	fi
 
-	exec_with_timeout "$TIMEOUT" "echo '${HTTP_REQUEST}' | openssl s_client -connect ${HOST}:${PORT} ${SERVERNAME} -status 2> /dev/null | grep -A 17 'OCSP response:' > $OCSP_RESPONSE_TMP"
+	exec_with_timeout "$TIMEOUT" "printf '${HTTP_REQUEST}' | openssl s_client -connect ${HOST}:${PORT} ${SERVERNAME} -status 2> /dev/null | grep -A 17 'OCSP response:' > $OCSP_RESPONSE_TMP"
 
 	if [ -n "${DEBUG}" ] ; then
 	    sed 's/^/[DBG]\ /' "${OCSP_RESPONSE_TMP}"
@@ -1891,7 +1977,7 @@ EOF
 
     ################################################################################
     # Check SSL Labs
-    if [ -n "${SSL_LAB_ASSESSMENT}" ] ; then
+    if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then
 
         if [ -n "${VERBOSE}" ] ; then
             echo "Checking SSL Labs assessment"
@@ -1902,9 +1988,14 @@ EOF
             if [ -n "${DEBUG}" ] ; then
                 echo "[DBG] executing ${CURL_BIN} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST}${IGNORE_SSL_LABS_CACHE}\""
             fi
-
-            JSON="$(${CURL_BIN} --silent "https://api.ssllabs.com/api/v2/analyze?host=${HOST}${IGNORE_SSL_LABS_CACHE}")"
-            CURL_RETURN_CODE=$?
+	    
+	    if [ -n "${SNI}" ] ; then
+		JSON="$(${CURL_BIN} --silent "https://api.ssllabs.com/api/v2/analyze?host=${SNI}${IGNORE_SSL_LABS_CACHE}")"
+                CURL_RETURN_CODE=$?
+            else
+                JSON="$(${CURL_BIN} --silent "https://api.ssllabs.com/api/v2/analyze?host=${HOST}${IGNORE_SSL_LABS_CACHE}")"
+                CURL_RETURN_CODE=$?
+            fi
 
             if [ ${CURL_RETURN_CODE} -ne 0 ] ; then
 
@@ -1963,11 +2054,15 @@ EOF
                         convert_ssl_lab_grade "${SSL_LABS_HOST_GRADE}"
                         SSL_LABS_HOST_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}"
 
-                        add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_ASSESSMENT_NUMERIC}"
+                        add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}"
 
                         # Check the grade
-                        if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_ASSESSMENT_NUMERIC}" ] ; then
-                            critical "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_ASSESSMENT})"
+                        if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ] ; then
+                            critical "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_CRIT_ASSESSMENT})"
+                        elif [ -n "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then
+                            if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ] ; then
+                                warning "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_WARN_ASSESTMENT})"
+                            fi
                         fi
 
                         if [ -n "${DEBUG}" ] ; then


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.1
=====================================
@@ -1,7 +1,7 @@
 .\" Process this file with
 .\" groff -man -Tascii foo.1
 .\"
-.TH "check_ssl_cert" 1 "October, 2018" "1.76.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "February, 2019" "1.81.0" "USER COMMANDS"
 .SH NAME
 check_ssl_cert \- checks the validity of X.509 certificates
 .SH SYNOPSIS
@@ -87,6 +87,9 @@ use client certificate key to authenticate
 .BR "-L,--check-ssl-labs grade"
 SSL Labs assestment (please check https://www.ssllabs.com/about/terms.html)
 .TP
+.BR "   --check-ssl-warn-labs grade"
+SSL Labs grade on which to warn
+.TP
 .BR "   --long-output" " list"
 append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines.
 Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes.
@@ -148,6 +151,14 @@ require the presence of a Subject Alternative Name extension
 .BR "-r,--rootcert" " cert"
 root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
 .TP
+.BR "   --rootcert-dir" " dir"
+root directory to be used for certficate validation (passed to openssl's -CApath)
+overrides option -r,--rootcert
+.TP
+.BR "   --rootcert-file" " cert"
+root certificate to be used for certficate validation (passed to openssl's -CAfile)
+overrides option -r,--rootcert
+.TP
 .BR "   --rsa"
 cipher selection: force RSA authentication
 .TP


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert-1.81.0/check_ssl_cert.spec
=====================================
@@ -1,4 +1,4 @@
-%define version          1.76.0
+%define version          1.81.0
 %define release          0
 %define sourcename       check_ssl_cert
 %define packagename      nagios-plugins-check_ssl_cert
@@ -45,6 +45,24 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/%{sourcename}.1*
 
 %changelog
+* Fri Feb  2 2019 Matteo Corti <matteo at corti.li> - 1.81.0-0
+- Updated to 1.81.0
+
+* Wed Jan 16 2019 Matteo Corti <matteo at corti.li> - 1.80.1-0
+- Updated to 1.80.1
+
+* Mon Dec 24 2018 Matteo Corti <matteo at corti.li> - 1.80.0-0
+- Updated to 1.80.0
+
+* Tue Dec 11 2018 Matteo Corti <matteo at corti.li> - 1.79.0-0
+- Updated to 1.79.0
+
+* Thu Nov  7 2018 Matteo Corti <matteo at corti.li> - 1.78.0-0
+- Updated to 1.78.0
+
+* Thu Nov  5 2018 Matteo Corti <matteo at corti.li> - 1.77.0-0
+- Updated to 1.77.0
+
 * Thu Oct 19 2018 Matteo Corti <matteo at corti.li> - 1.76.0-0
 - Updated to 1.76.0
 


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/test/cabundle.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cabundle.crt
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/test/cacert.crt → check_ssl_cert/check_ssl_cert-1.81.0/test/cacert.crt
=====================================


=====================================
check_ssl_cert/check_ssl_cert-1.80.1/test/unit_tests.sh → check_ssl_cert/check_ssl_cert-1.81.0/test/unit_tests.sh
=====================================
@@ -176,7 +176,6 @@ testXMPPHost() {
     if [ -z "${TRAVIS+x}" ] ; then
 	out=$(${SCRIPT} -H prosody.xmpp.is --port 5222 --protocol xmpp --xmpphost xmpp.is)
 	EXIT_CODE=$?
-	echo "DEBUG TEST: code = $EXIT_CODE, out=${out}"
 	if echo "${out}" | grep -q "s_client' does not support '-xmpphost'" ; then
 	    assertEquals "wrong exit code" ${NAGIOS_UNKNOWN} "${EXIT_CODE}"
 	else
@@ -204,7 +203,7 @@ testTimeOut() {
 
 testIMAP() {
     if [ -z "${TRAVIS+x}" ] ; then
-	${SCRIPT} --rootcert cabundle.crt -H imap.gmail.com --port 993
+	${SCRIPT} --rootcert cabundle.crt -H imap.gmx.com --port 143 --timeout 30 --protocol imap
 	EXIT_CODE=$?
 	assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
     else
@@ -212,6 +211,27 @@ testIMAP() {
     fi	
 }
 
+testIMAPS() {
+    if [ -z "${TRAVIS+x}" ] ; then
+	${SCRIPT} --rootcert cabundle.crt -H imap.gmail.com --port 993 --timeout 30 --protocol imaps
+	EXIT_CODE=$?
+	assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+    else
+	echo "Skipping IMAP tests on Travis CI"
+    fi	
+}
+
+testPOP3S() {
+    if [ -z "${TRAVIS+x}" ] ; then
+	${SCRIPT} --rootcert cabundle.crt -H pop.gmail.com --port 993 --timeout 30 --protocol pop3s
+	EXIT_CODE=$?
+	assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+    else
+	echo "Skipping POP3S tests on Travis CI"
+    fi
+}
+
+
 testSMTP() {
     if [ -z "${TRAVIS+x}" ] ; then
 	${SCRIPT} --rootcert cabundle.crt -H smtp.gmail.com --protocol smtp --port 25 --timeout 60


=====================================
check_ssl_cert/control
=====================================
@@ -1,7 +1,7 @@
 Uploaders: Jan Wagner <waja at cyconet.org>
 Recommends: curl, file, openssl
 Suggests: expect
-Version: 1.80.1
+Version: 1.81.0
 Homepage: https://github.com/matteocorti/check_ssl_cert
 Watch: https://github.com/matteocorti/check_ssl_cert/releases check_ssl_cert-([0-9.]+)\.tar\.gz
 Description: plugin to check the CA and validity of an


=====================================
check_ssl_cert/src
=====================================
@@ -1 +1 @@
-check_ssl_cert-1.80.1
\ No newline at end of file
+check_ssl_cert-1.81.0/
\ No newline at end of file


=====================================
check_varnish/control
=====================================
@@ -1,6 +1,6 @@
 Uploaders: Bernd Zeimetz <bzed at debian.org>
 Build-Depends: libvarnishapi-dev [!hurd-i386 !m68k], pkg-config, automake-1.15
-Version: 258c486
+Version: 672523d
 Homepage: https://github.com/varnish/varnish-nagios
 Watch: https://github.com/varnish/varnish-nagios <a class="commit-tease-sha"[^>]*>\s+([0-9a-f]+)\s+</a>
 Description: plugin to monitor varnish instances



View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/compare/7bb2be212add228e25f704e8949bc174a3ec104c...cf52b637c79c4bb5bfa948759c7fd0777c3a913a

-- 
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/compare/7bb2be212add228e25f704e8949bc174a3ec104c...cf52b637c79c4bb5bfa948759c7fd0777c3a913a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20190205/8c55693b/attachment-0001.html>


More information about the pkg-nagios-changes mailing list