[pkg-nagios-changes] [Git][nagios-team/pkg-nagios-plugins-contrib][master] check_ssl_cert: Update to 1.145.0
Jan Wagner
gitlab at salsa.debian.org
Mon Mar 15 16:55:52 GMT 2021
Jan Wagner pushed to branch master at Debian Nagios Maintainer Group / pkg-nagios-plugins-contrib
Commits:
36768c5d by Jan Wagner at 2021-03-15T17:51:25+01:00
check_ssl_cert: Update to 1.145.0
- Bug fix in the OpenSSL version parsing
- - - - -
28 changed files:
- − check_ssl_cert/check_ssl_cert_1.144.0/VERSION
- check_ssl_cert/check_ssl_cert_1.144.0/AUTHORS → check_ssl_cert/check_ssl_cert_1.145.0/AUTHORS
- check_ssl_cert/check_ssl_cert_1.144.0/COPYING → check_ssl_cert/check_ssl_cert_1.145.0/COPYING
- check_ssl_cert/check_ssl_cert_1.144.0/COPYRIGHT → check_ssl_cert/check_ssl_cert_1.145.0/COPYRIGHT
- check_ssl_cert/check_ssl_cert_1.144.0/ChangeLog → check_ssl_cert/check_ssl_cert_1.145.0/ChangeLog
- check_ssl_cert/check_ssl_cert_1.144.0/INSTALL → check_ssl_cert/check_ssl_cert_1.145.0/INSTALL
- check_ssl_cert/check_ssl_cert_1.144.0/Makefile → check_ssl_cert/check_ssl_cert_1.145.0/Makefile
- check_ssl_cert/check_ssl_cert_1.144.0/NEWS → check_ssl_cert/check_ssl_cert_1.145.0/NEWS
- check_ssl_cert/check_ssl_cert_1.144.0/README.md → check_ssl_cert/check_ssl_cert_1.145.0/README.md
- check_ssl_cert/check_ssl_cert_1.144.0/TODO → check_ssl_cert/check_ssl_cert_1.145.0/TODO
- + check_ssl_cert/check_ssl_cert_1.145.0/VERSION
- check_ssl_cert/check_ssl_cert_1.144.0/check_ssl_cert → check_ssl_cert/check_ssl_cert_1.145.0/check_ssl_cert
- check_ssl_cert/check_ssl_cert_1.144.0/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert_1.145.0/check_ssl_cert.1
- check_ssl_cert/check_ssl_cert_1.144.0/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert_1.145.0/check_ssl_cert.spec
- check_ssl_cert/check_ssl_cert_1.144.0/test/._cert_with_subject_without_cn.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/._cert_with_subject_without_cn.crt
- check_ssl_cert/check_ssl_cert_1.144.0/test/._client.p12 → check_ssl_cert/check_ssl_cert_1.145.0/test/._client.p12
- check_ssl_cert/check_ssl_cert_1.144.0/test/._der.cer → check_ssl_cert/check_ssl_cert_1.145.0/test/._der.cer
- check_ssl_cert/check_ssl_cert_1.144.0/test/cabundle.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cabundle.crt
- check_ssl_cert/check_ssl_cert_1.144.0/test/cacert.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cacert.crt
- check_ssl_cert/check_ssl_cert_1.144.0/test/cert_with_empty_subject.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cert_with_empty_subject.crt
- check_ssl_cert/check_ssl_cert_1.144.0/test/cert_with_subject_without_cn.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cert_with_subject_without_cn.crt
- check_ssl_cert/check_ssl_cert_1.144.0/test/client.p12 → check_ssl_cert/check_ssl_cert_1.145.0/test/client.p12
- check_ssl_cert/check_ssl_cert_1.144.0/test/der.cer → check_ssl_cert/check_ssl_cert_1.145.0/test/der.cer
- check_ssl_cert/check_ssl_cert_1.144.0/test/localhost.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/localhost.crt
- check_ssl_cert/check_ssl_cert_1.144.0/test/no-sct.badssl.com.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/no-sct.badssl.com.crt
- check_ssl_cert/check_ssl_cert_1.144.0/test/unit_tests.sh → check_ssl_cert/check_ssl_cert_1.145.0/test/unit_tests.sh
- check_ssl_cert/control
- check_ssl_cert/src
Changes:
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/VERSION deleted
=====================================
@@ -1 +0,0 @@
-1.144.0
\ No newline at end of file
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/AUTHORS → check_ssl_cert/check_ssl_cert_1.145.0/AUTHORS
=====================================
@@ -108,4 +108,5 @@ Thanks:
* Many thanks to cbiedl (https://github.com/cbiedl) for the proxy patch
* Many thanks to Robin Schneider (https://github.com/ypid-geberit) for the --long-output all patch
* Many thanks to Robin Pronk (https://github.com/rfpronk) for the -u patch
-* Many thanks to tunnelpr0 (https://github.com/tunnelpr0) fot --inetproto patch
\ No newline at end of file
+* Many thanks to tunnelpr0 (https://github.com/tunnelpr0) fot --inetproto patch
+* Many thanks to Christoph Moench-Tegeder (https://github.com/moench-tegeder) for the OpenSSL version patch
\ No newline at end of file
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/COPYING → check_ssl_cert/check_ssl_cert_1.145.0/COPYING
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/COPYRIGHT → check_ssl_cert/check_ssl_cert_1.145.0/COPYRIGHT
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/ChangeLog → check_ssl_cert/check_ssl_cert_1.145.0/ChangeLog
=====================================
@@ -1,3 +1,7 @@
+2021-03-15 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert (openssl_version): works on systems which add a string to the OpenSSL version output (+ several fixes)
+
2021-03-14 Matteo Corti <matteo at corti.li>
* check_ssl_cert (openssl_version): added a function to compare OpenSSL versions. Getting rid of the man dependency
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/INSTALL → check_ssl_cert/check_ssl_cert_1.145.0/INSTALL
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/Makefile → check_ssl_cert/check_ssl_cert_1.145.0/Makefile
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/NEWS → check_ssl_cert/check_ssl_cert_1.145.0/NEWS
=====================================
@@ -1,3 +1,4 @@
+2021-03-15 Version 1.145-0: Fix in the parsing of OpenSSL version
2021-03-14 Version 1.144.0: Getting rid of the man dependency
2021-03-12 Version 1.143.0: Better handling of the timeout
Checks ciphers with nmap (--check-ciphers and --check-ciphers-warnings)
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/README.md → check_ssl_cert/check_ssl_cert_1.145.0/README.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/TODO → check_ssl_cert/check_ssl_cert_1.145.0/TODO
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.145.0/VERSION
=====================================
@@ -0,0 +1 @@
+1.145.0
\ No newline at end of file
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/check_ssl_cert → check_ssl_cert/check_ssl_cert_1.145.0/check_ssl_cert
=====================================
@@ -19,7 +19,7 @@
################################################################################
# Constants
-VERSION=1.144.0
+VERSION=1.145.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -335,11 +335,13 @@ openssl_version() {
# Required version
MIN_VERSION=$1
+ debuglog "openssl_version ${MIN_VERSION}"
+
IFS='.' read -r MIN_MAJOR1 MIN_MAJOR2 MIN_MINOR <<EOF
${MIN_VERSION}
EOF
-
- if echo "${MIN_MINOR}" | grep -q '[:alpha:]' ; then
+
+ if echo "${MIN_MINOR}" | grep -q '[[:alpha:]]' ; then
MIN_FIX=$( echo "${MIN_MINOR}" | sed 's/[[:digit:]][[:digit:]]*//' )
MIN_MINOR=$( echo "${MIN_MINOR}" | sed 's/[[:alpha:]][[:alpha:]]*//' )
fi
@@ -348,8 +350,13 @@ EOF
debuglog "Checking if OpenSSL version is at least ${MIN_VERSION} ( '${MIN_MAJOR1}' '${MIN_MAJOR2}' '${MIN_MINOR}' '${MIN_FIX}:${MIN_FIX_NUM}' )"
# current version
-
- OPENSSL_VERSION=$( ${OPENSSL} version | sed 's/^OpenSSL\ \([^ ]*\).*/\1/' )
+
+ # the OPENSSL_VERSION can be set externally to be able to test
+ if [ -z "${OPENSSL_VERSION}" ] ; then
+ OPENSSL_VERSION=$( ${OPENSSL} version )
+ fi
+ debuglog "openssl version: ${OPENSSL_VERSION}"
+ OPENSSL_VERSION=$( echo "${OPENSSL_VERSION}" | sed 's/^OpenSSL\ \([^ \-]*\).*/\1/' )
IFS='.' read -r MAJOR1 MAJOR2 MINOR <<EOF
${OPENSSL_VERSION}
@@ -383,7 +390,8 @@ EOF
RET=1
else
# check FIX
- RET=$( [ "${FIX_NUM}" -ge "${MIN_FIX_NUM}" ] )
+ [ "${FIX_NUM}" -ge "${MIN_FIX_NUM}" ]
+ RET=$?
fi
fi
fi
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert_1.145.0/check_ssl_cert.1
=====================================
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii check_ssl_cert.1
.\"
-.TH "check_ssl_cert" 1 "March, 2021" "1.144.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "March, 2021" "1.145.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert_1.145.0/check_ssl_cert.spec
=====================================
@@ -1,4 +1,4 @@
-%define version 1.144.0
+%define version 1.145.0
%define release 0
%define sourcename check_ssl_cert
%define packagename nagios-plugins-check_ssl_cert
@@ -45,6 +45,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/%{sourcename}.1*
%changelog
+* Mon Mar 15 2021 Matteo Corti <matteo at corti.li> - 1.145.0-0
+- Updated to 1.145.0
+
* Sun Mar 14 2021 Matteo Corti <matteo at corti.li> - 1.144.0-0
- Updated to 1.144.0
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/._cert_with_subject_without_cn.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/._cert_with_subject_without_cn.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/._client.p12 → check_ssl_cert/check_ssl_cert_1.145.0/test/._client.p12
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/._der.cer → check_ssl_cert/check_ssl_cert_1.145.0/test/._der.cer
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/cabundle.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cabundle.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/cacert.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cacert.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/cert_with_empty_subject.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cert_with_empty_subject.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/cert_with_subject_without_cn.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/cert_with_subject_without_cn.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/client.p12 → check_ssl_cert/check_ssl_cert_1.145.0/test/client.p12
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/der.cer → check_ssl_cert/check_ssl_cert_1.145.0/test/der.cer
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/localhost.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/localhost.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/no-sct.badssl.com.crt → check_ssl_cert/check_ssl_cert_1.145.0/test/no-sct.badssl.com.crt
=====================================
=====================================
check_ssl_cert/check_ssl_cert_1.144.0/test/unit_tests.sh → check_ssl_cert/check_ssl_cert_1.145.0/test/unit_tests.sh
=====================================
@@ -65,6 +65,56 @@ testHoursUntil42Hours() {
assertEquals "error computing the missing hours until now" 42 "${HOURS_UNTIL}"
}
+testOpenSSLVersion1() {
+ export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021'
+ export REQUIRED_VERSION='1.2.0a'
+ OPENSSL=$( command -v openssl ) # needed by openssl_version
+ openssl_version "${REQUIRED_VERSION}"
+ RET=$?
+ assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 1 "${RET}"
+ export OPENSSL_VERSION=
+}
+
+testOpenSSLVersion2() {
+ export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021'
+ export REQUIRED_VERSION='1.1.1j'
+ OPENSSL=$( command -v openssl ) # needed by openssl_version
+ openssl_version "${REQUIRED_VERSION}"
+ RET=$?
+ assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}"
+ export OPENSSL_VERSION=
+}
+
+testOpenSSLVersion3() {
+ export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021'
+ export REQUIRED_VERSION='1.0.0b'
+ OPENSSL=$( command -v openssl ) # needed by openssl_version
+ openssl_version "${REQUIRED_VERSION}"
+ RET=$?
+ assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}"
+ export OPENSSL_VERSION=
+}
+
+testOpenSSLVersion4() {
+ export OPENSSL_VERSION='OpenSSL 1.0.2k-fips 26 Jan 2017'
+ export REQUIRED_VERSION='1.0.0b'
+ OPENSSL=$( command -v openssl ) # needed by openssl_version
+ openssl_version "${REQUIRED_VERSION}"
+ RET=$?
+ assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}"
+ export OPENSSL_VERSION=
+}
+
+testOpenSSLVersion5() {
+ export OPENSSL_VERSION='OpenSSL 1.1.1h-freebsd 22 Sep 2020'
+ export REQUIRED_VERSION='1.0.0b'
+ OPENSSL=$( command -v openssl ) # needed by openssl_version
+ openssl_version "${REQUIRED_VERSION}"
+ RET=$?
+ assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}"
+ export OPENSSL_VERSION=
+}
+
testDependencies() {
check_required_prog openssl
# $PROG is defined in the script
@@ -72,6 +122,22 @@ testDependencies() {
assertNotNull 'openssl not found' "${PROG}"
}
+testSCT() {
+ OPENSSL=$( command -v openssl ) # needed by openssl_version
+ ${OPENSSL} version
+ if openssl_version '1.1.0' ; then
+ echo "OpenSSL >= 1.1.0: SCTs supported"
+ ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com
+ EXIT_CODE=$?
+ assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}"
+ else
+ echo "OpenSSL < 1.1.0: SCTs not supported"
+ ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com
+ EXIT_CODE=$?
+ assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+ fi
+}
+
testUsage() {
${SCRIPT} > /dev/null 2>&1
EXIT_CODE=$?
@@ -671,18 +737,6 @@ testCertificsteWithEmptySubject() {
assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
}
-testSCT() {
- if man verify | grep -F -q SCT ; then
- ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com
- EXIT_CODE=$?
- assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}"
- else
- ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com
- EXIT_CODE=$?
- assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
- fi
-}
-
testCiphersOK() {
if [ -z "${TRAVIS+x}" ] ; then
${SCRIPT} --rootcert-file cabundle.crt -H www.wikipedia.org --check-ciphers A --check-ciphers-warnings
=====================================
check_ssl_cert/control
=====================================
@@ -1,7 +1,7 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: curl, file, openssl
Suggests: expect
-Version: 1.144.0
+Version: 1.145.0
Homepage: https://github.com/matteocorti/check_ssl_cert
Watch: https://github.com/matteocorti/check_ssl_cert/releases check_ssl_cert-([0-9.]+)\.tar\.gz
Description: plugin to check the CA and validity of an
=====================================
check_ssl_cert/src
=====================================
@@ -1 +1 @@
-check_ssl_cert_1.144.0
\ No newline at end of file
+check_ssl_cert_1.145.0
\ No newline at end of file
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/-/commit/36768c5d5ccf5c85e994acfdb81dcbd9edf3cd94
--
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/-/commit/36768c5d5ccf5c85e994acfdb81dcbd9edf3cd94
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20210315/247977d7/attachment-0001.htm>
More information about the pkg-nagios-changes
mailing list