[pkg-nagios-changes] [Git][nagios-team/nagios-plugins-contrib][master] check_ssl_cert: Update to 2.82.0
Jan Wagner (@waja)
gitlab at salsa.debian.org
Mon Jul 22 19:44:57 BST 2024
Jan Wagner pushed to branch master at Debian Nagios Maintainer Group / nagios-plugins-contrib
Commits:
ed21d22b by Jan Wagner at 2024-07-22T15:48:15+00:00
check_ssl_cert: Update to 2.82.0
- - - - -
19 changed files:
- − check_ssl_cert/check_ssl_cert_2.81.0/VERSION
- check_ssl_cert/check_ssl_cert_2.81.0/AUTHORS.md → check_ssl_cert/check_ssl_cert_2.82.0/AUTHORS.md
- check_ssl_cert/check_ssl_cert_2.81.0/CITATION.cff → check_ssl_cert/check_ssl_cert_2.82.0/CITATION.cff
- check_ssl_cert/check_ssl_cert_2.81.0/COPYING.md → check_ssl_cert/check_ssl_cert_2.82.0/COPYING.md
- check_ssl_cert/check_ssl_cert_2.81.0/COPYRIGHT.md → check_ssl_cert/check_ssl_cert_2.82.0/COPYRIGHT.md
- check_ssl_cert/check_ssl_cert_2.81.0/ChangeLog → check_ssl_cert/check_ssl_cert_2.82.0/ChangeLog
- check_ssl_cert/check_ssl_cert_2.81.0/GNUmakefile → check_ssl_cert/check_ssl_cert_2.82.0/GNUmakefile
- check_ssl_cert/check_ssl_cert_2.81.0/INSTALL.md → check_ssl_cert/check_ssl_cert_2.82.0/INSTALL.md
- check_ssl_cert/check_ssl_cert_2.81.0/Makefile → check_ssl_cert/check_ssl_cert_2.82.0/Makefile
- check_ssl_cert/check_ssl_cert_2.81.0/NEWS.md → check_ssl_cert/check_ssl_cert_2.82.0/NEWS.md
- check_ssl_cert/check_ssl_cert_2.81.0/README.md → check_ssl_cert/check_ssl_cert_2.82.0/README.md
- + check_ssl_cert/check_ssl_cert_2.82.0/VERSION
- check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert
- check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert.1
- check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert.completion → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert.completion
- check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert.spec
- check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert_icinga2.conf → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert_icinga2.conf
- check_ssl_cert/control
- check_ssl_cert/src
Changes:
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/VERSION deleted
=====================================
@@ -1 +0,0 @@
-2.81.0
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/AUTHORS.md → check_ssl_cert/check_ssl_cert_2.82.0/AUTHORS.md
=====================================
@@ -153,3 +153,4 @@ Maintainer: [Matteo Corti](https://github.com/matteocorti) <[matteo at corti.li](ma
* Many thanks to [vanElden](https://github.com/vanElden) for the support to ignore unclean TLS shutdowns
* Many thanks to [agibson2](https://github.com/agibson2) for the fingerprint patch
* Many thanks to [Adam Cécile](https://github.com/eLvErDe) for the nmap SNI patch
+* Many thanks to [alvar](https://github.com/oxzi) for the configuration patch
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/CITATION.cff → check_ssl_cert/check_ssl_cert_2.82.0/CITATION.cff
=====================================
@@ -213,6 +213,8 @@ authors:
website: https://github.com/aslafy-z
- name: agibson2
website: https://github.com/agibson2
+- name: alvar
+ website: https://github.com/oxzi
- name: barakAtSoluto
website: https://github.com/barakAtSoluto
- name: booboo-at-gluga-de
@@ -264,8 +266,8 @@ authors:
given-names: "Дилян"
website: https://github.com/dilyanpalauzov
title: "check_ssl_cert"
-version: 2.81.0
-date-released: 2024-03-27
+version: 2.82.0
+date-released: 2024-07-11,
url: "https://github.com/matteocorti/check_ssl_cert"
repository-code: "https://github.com/matteocorti/check_ssl_cert"
keywords:
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/COPYING.md → check_ssl_cert/check_ssl_cert_2.82.0/COPYING.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/COPYRIGHT.md → check_ssl_cert/check_ssl_cert_2.82.0/COPYRIGHT.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/ChangeLog → check_ssl_cert/check_ssl_cert_2.82.0/ChangeLog
=====================================
@@ -1,3 +1,11 @@
+2024-07-11 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert (main): fetch HTTP headers for --debug-headers even if no header check is enabled
+
+2024-04-01 Matteo Corti <matteo at corti.li>
+
+ * check_ssl_cert (hours_until): refactored without return value
+
2024-03-17 Matteo Corti <matteo at corti.li>
* check_ssl_cert (main): Included the patch from Adam Cécile for SNI support with nmap
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/GNUmakefile → check_ssl_cert/check_ssl_cert_2.82.0/GNUmakefile
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/INSTALL.md → check_ssl_cert/check_ssl_cert_2.82.0/INSTALL.md
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/Makefile → check_ssl_cert/check_ssl_cert_2.82.0/Makefile
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/NEWS.md → check_ssl_cert/check_ssl_cert_2.82.0/NEWS.md
=====================================
@@ -1,5 +1,10 @@
# News
+* 2024-07-11, Version 2.82.0
+ * Better error handling in subroutines
+ * Fetch HTTP headers for --debug-headers even if no header check is enabled
+* 2024-05-28 Version 2.81.1
+ * Fix in the Icinga2 configuration file
* 2024-03-27 Version 2.81.0
* Support for SNI with nmap
* Added the ```--fingerprint-alg``` option to specify which algorithm to be used with --fingerprint.
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/README.md → check_ssl_cert/check_ssl_cert_2.82.0/README.md
=====================================
@@ -1,6 +1,6 @@
# check\_ssl\_cert
- © Matteo Corti, ETH Zurich, 2007-2012.
+ © Matteo Corti, ETH Zurich, 2007-2012.
© Matteo Corti, 2007-2024.
see [AUTHORS.md](AUTHORS.md) for the complete list of contributors
=====================================
check_ssl_cert/check_ssl_cert_2.82.0/VERSION
=====================================
@@ -0,0 +1 @@
+2.82.0
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert
=====================================
@@ -26,7 +26,7 @@
################################################################################
# Constants
-VERSION=2.81.0
+VERSION=2.82.0
SHORTNAME="SSL_CERT"
VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -841,39 +841,40 @@ create_temporary_file() {
# Compute the number of hours until a given date
# Params
# $1 date
-# return HOURS_UNTIL
+# sets HOURS_UNTIL
hours_until() {
- DATE=$1
+ HU_DATE=$1
debuglog "Date computations: ${DATETYPE}"
# we check if we are on a 32 bit system and if the date is beyond the max date
# we simplify and consider a date invalid after 1.1.2038 instead of 19.1.2038
- # since date is not able to parse the date we do it manually with a little bit of heuristics ...
+ # since date is not able to parse the date we do it manually with a little bit of
+ # heuristics ...
LONG_BIT_TMP="$(getconf LONG_BIT 2> /dev/null)"
if [ -z "${LONG_BIT_TMP}" ] ; then
debuglog "Cannot detect system architecture: no LONGBIT"
else
if [ "${LONG_BIT_TMP}" -eq 32 ]; then
debuglog "32 bit system"
- CERT_YEAR=$(echo "${DATE}" | sed 's/.* \(2[0-9][0-9][0-9]\).*/\1/')
+ CERT_YEAR=$(echo "${HU_DATE}" | sed 's/.* \(2[0-9][0-9][0-9]\).*/\1/')
debuglog "Checking if the year ${CERT_YEAR} is beyond the max date for the system 2038-01-19"
if [ "${CERT_YEAR}" -gt 2038 ]; then
- verboselog "${DATE} is beyond the maximum date on a 32 bit system: we consider 2038-01-19"
- DATE='Jan 19 00:00:00 2038 GMT'
+ verboselog "${HU_DATE} is beyond the maximum date on a 32 bit system: we consider 2038-01-19"
+ HU_DATE='Jan 19 00:00:00 2038 GMT'
fi
fi
fi
- debuglog "Computing number of hours until '${DATE}' with ${DATETYPE}"
+ debuglog "Computing number of hours until '${HU_DATE}' with ${DATETYPE}"
case "${DATETYPE}" in
"BSD")
# new BSD date
- target_date=$(${DATEBIN} -jf "%b %d %T %Y %Z" "${DATE}" +%s)
+ target_date=$(${DATEBIN} -jf "%b %d %T %Y %Z" "${HU_DATE}" +%s)
now=$(${DATEBIN} +%s)
HOURS_UNTIL=$(compute "(${target_date}-${now})/3600")
@@ -889,9 +890,9 @@ hours_until() {
# e.g., macOS
debuglog "date -j format [[[mm]dd]HH]MM[[cc]yy][.ss]]"
- debuglog "executing: echo '${DATE}' | sed 's/ / /g' | ${DCONV_BIN} -f \"%m%d%H%M%Y.%S\" -i \"%b %d %H:%M:%S %Y %Z\""
+ debuglog "executing: echo '${HU_DATE}' | sed 's/ / /g' | ${DCONV_BIN} -f \"%m%d%H%M%Y.%S\" -i \"%b %d %H:%M:%S %Y %Z\""
- CONVERTED_DATE=$(echo "${DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%m%d%H%M%Y.%S" -i "%b %d %H:%M:%S %Y %Z")
+ CONVERTED_DATE=$(echo "${HU_DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%m%d%H%M%Y.%S" -i "%b %d %H:%M:%S %Y %Z")
debuglog "date converted with dconv: ${CONVERTED_DATE}"
target_date=$(${DATEBIN} -j "${CONVERTED_DATE}" +%s)
@@ -906,7 +907,7 @@ hours_until() {
debuglog "date -j format [[[[[[cc]yy]mm]dd]HH]MM[.SS]]"
- CONVERTED_DATE=$(echo "${DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%Y%m%d%H%M.%S" -i "%b %d %H:%M:%S %Y %Z")
+ CONVERTED_DATE=$(echo "${HU_DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%Y%m%d%H%M.%S" -i "%b %d %H:%M:%S %Y %Z")
debuglog "date converted with ${DCONV_BIN}: ${CONVERTED_DATE}"
target_date=$(${DATEBIN} -j +%s "${CONVERTED_DATE}")
@@ -920,21 +921,26 @@ hours_until() {
;;
"BUSYBOX")
- BUSYBOX_DATE=$(echo "${DATE}" | sed 's/[ ][^ ]*$//')
+ BUSYBOX_DATE=$(echo "${HU_DATE}" | sed 's/[ ][^ ]*$//')
debuglog "Computing number of hours until '${BUSYBOX_DATE}' (BusyBox compatible format)"
target_date=$(${DATEBIN} -d "${BUSYBOX_DATE}" +%s)
now=$(${DATEBIN} +%s)
HOURS_UNTIL=$(compute "(${target_date}-${now})/3600")
;;
"GNU")
- target_date=$(${DATEBIN} -d "${DATE}" +%s)
+ target_date=$(${DATEBIN} -d "${HU_DATE}" +%s)
now=$(${DATEBIN} +%s)
HOURS_UNTIL=$(compute "(${target_date}-${now})/3600")
;;
"PERL")
+
+ if ! perl -MDate::Parse -e '1;' > /dev/null 2>&1 ; then
+ unknown "Error computing the certificate validity with Perl: Date::Parse not installed"
+ fi
+
# Warning: some shell script formatting tools will indent the EOF! (should be at position 0)
if ! HOURS_UNTIL=$(
- perl - "${DATE}" <<-"EOF"
+ perl - "${HU_DATE}" <<-"EOF"
use strict;
use warnings;
use Date::Parse;
@@ -952,9 +958,7 @@ EOF
;;
esac
- debuglog "Hours until ${DATE}: ${HOURS_UNTIL}"
-
- echo "${HOURS_UNTIL}"
+ debuglog "Hours until ${HU_DATE}: ${HOURS_UNTIL}"
}
@@ -2311,7 +2315,9 @@ check_cert_end_date() {
ELEM_END_DATE="$(extract_cert_attribute 'enddate' "$1")"
debuglog "Validity date on cert element ${el_number} (${element_cn}) is ${ELEM_END_DATE}"
- HOURS_UNTIL=$(hours_until "${ELEM_END_DATE}")
+ hours_until "${ELEM_END_DATE}"
+
+ debuglog "HOURS_UNTIL=${HOURS_UNTIL}"
# TO DO: floating point
@@ -2636,6 +2642,8 @@ fetch_certificate() {
;;
mqtts)
+ # https://stackoverflow.com/questions/58936653/problem-using-mosquitto-broker-with-netcat
+
# we create a temporary file with the message content (because of quoting and special characters
create_temporary_file
MQTT_MESSAGE=${TEMPFILE}
@@ -4689,7 +4697,7 @@ main() {
fi
if grep -q '"Status":0' "${DNS_OVER_HTTP}" ; then
- debuglog "Reolved via HTTP"
+ debuglog "Resolved via HTTP"
else
critical "${SHORTNAME} CRITICAL: Cannot resolve ${HOST} over HTTP using ${RESOLVE_OVER_HTTP}"
fi
@@ -5817,6 +5825,12 @@ main() {
####################
# check HTTP headers
+ if [ -n "${REQUIRED_HTTP_HEADERS}" ] ||
+ [ -n "${UNREQUIRED_HTTP_HEADERS}" ] ||
+ [ -n "${DEBUG_HEADERS}" ] ; then
+ fetch_http_headers
+ fi
+
if [ -n "${REQUIRED_HTTP_HEADERS}" ]; then
debuglog "Checking required HTTP headers: ${REQUIRED_HTTP_HEADERS}"
for header in $(echo "${REQUIRED_HTTP_HEADERS}" | tr ',' '\n'); do
@@ -5956,6 +5970,7 @@ main() {
################################################################################
# Parse the X.509 certificate or crl
DATE="$(extract_cert_attribute 'enddate' "${CERT}")"
+ debuglog "Valid until ${DATE}"
info "Valid until" "${DATE}"
if [ "${OPENSSL_COMMAND}" != 'crl' ]; then
@@ -6144,7 +6159,8 @@ EOF
prepend_critical_message "OCSP stapling not enabled"
else
NEXT_UPDATE=$("${GREP_BIN}" -o 'Next Update: .*$' "${OCSP_RESPONSE_TMP}" | cut -b14-)
- OCSP_EXPIRES_IN_HOURS=$(hours_until "${NEXT_UPDATE}")
+ hours_until "${NEXT_UPDATE}"
+ OCSP_EXPIRES_IN_HOURS="${HOURS_UNTIL}"
verboselog "OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours"
if [ -n "${OCSP_CRITICAL}" ] && compare "${OCSP_CRITICAL}" '>=' "${OCSP_EXPIRES_IN_HOURS}"; then
prepend_critical_message "${OPENSSL_COMMAND} OCSP stapling will expire in ${OCSP_EXPIRES_IN_HOURS} hour(s) on ${NEXT_UPDATE}"
@@ -7012,12 +7028,21 @@ ${WARNING}"
[ -n "${MAXIMUM_VALIDITY}" ] ||
[ -n "${FILE}" ]; then
- HOURS_UNTIL_END_DATE=$(hours_until "${DATE}")
- HOURS_FROM_START_DATE=$(hours_until "${START_DATE}")
+ hours_until "${DATE}"
+ HOURS_UNTIL_END_DATE="${HOURS_UNTIL}"
+
+ debuglog "Total certificate validity: ${HOURS_UNTIL} hours until ${DATE}"
+
+ hours_until "${START_DATE}"
+ HOURS_FROM_START_DATE="${HOURS_UNTIL}"
+
+ debuglog "Total certificate validity: ${HOURS_UNTIL} hours until ${START_DATE}"
# no decimals even if --precision was specified
TOTAL_CERT_VALIDITY=$(compute "(${HOURS_UNTIL_END_DATE} - ${HOURS_FROM_START_DATE})/24" 0)
+ debuglog "Total certificate validity in days: ${TOTAL_CERT_VALIDITY}"
+
LIMIT=397
if [ -n "${MAXIMUM_VALIDITY}" ]; then
LIMIT="${MAXIMUM_VALIDITY}"
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert.1 → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert.1
=====================================
@@ -1,7 +1,7 @@
.\" Process this file with
.\" groff -man -Tascii check_ssl_cert.1
.\"
-.TH "check_ssl_cert" 1 "March, 2024" "2.81.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "July, 2024" "2.82.0" "USER COMMANDS"
.SH NAME
check_ssl_cert \- checks the validity of X.509 certificates
.SH SYNOPSIS
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert.completion → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert.completion
=====================================
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert.spec → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert.spec
=====================================
@@ -1,4 +1,4 @@
-%global version 2.81.0
+%global version 2.82.0
%global release 0
%global sourcename check_ssl_cert
%global packagename nagios-plugins-check_ssl_cert
@@ -54,6 +54,12 @@ rm -rf $RPM_BUILD_ROOT
%endif
%changelog
+* Thu Jul 11 2024 Matteo Corti <matteo at corti.li> - 2.82.0-0
+- Updated to 2.82.0
+
+* Tue May 28 2024 Matteo Corti <matteo at corti.li> - 2.81.1-0
+- Updated to 2.81.1
+
* Sun Mar 17 2024 Matteo Corti <matteo at corti.li> - 2.81.0-0
- Updated to 2.81.0
=====================================
check_ssl_cert/check_ssl_cert_2.81.0/check_ssl_cert_icinga2.conf → check_ssl_cert/check_ssl_cert_2.82.0/check_ssl_cert_icinga2.conf
=====================================
@@ -395,7 +395,7 @@ object CheckCommand "ssl_cert_extended" {
}
"--nmap-with-proxy" = {
- value = "$ssl_cert_extended_nmap_with_proxy"
+ value = "$ssl_cert_extended_nmap_with_proxy$"
description = "Allow nmap to be used with a proxy"
}
=====================================
check_ssl_cert/control
=====================================
@@ -1,7 +1,7 @@
Uploaders: Jan Wagner <waja at cyconet.org>
Recommends: bc, curl, file, openssl
Suggests: expect, iproute2, dnsutils
-Version: 2.81.0
+Version: 2.82.0
Homepage: https://github.com/matteocorti/check_ssl_cert
Watch: https://github.com/matteocorti/check_ssl_cert/releases >check_ssl_cert-([0-9.]+)<
Description: plugin to check the CA and validity of an
=====================================
check_ssl_cert/src
=====================================
@@ -1 +1 @@
-check_ssl_cert_2.81.0/
\ No newline at end of file
+check_ssl_cert_2.82.0/
\ No newline at end of file
View it on GitLab: https://salsa.debian.org/nagios-team/nagios-plugins-contrib/-/commit/ed21d22b31251afc52a50bc145ea98f5ccedcda5
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/nagios-team/nagios-plugins-contrib/-/commit/ed21d22b31251afc52a50bc145ea98f5ccedcda5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20240722/1268c6f0/attachment-0001.htm>
More information about the pkg-nagios-changes
mailing list