From 1e2387474a449452b78520b9ad96a8b4b5e99722 Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Wed, 17 Apr 2019 19:07:19 +0200 Subject: initial commit of source fetch --- .../check_ssl_cert/check_ssl_cert-1.83.0/ChangeLog | 593 +++++++++++++++++++++ 1 file changed, 593 insertions(+) create mode 100644 nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/ChangeLog (limited to 'nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/ChangeLog') diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/ChangeLog b/nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/ChangeLog new file mode 100644 index 0000000..11cab7b --- /dev/null +++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/ChangeLog @@ -0,0 +1,593 @@ +2019-02-27 Matteo Corti + + * test/unit_tests.sh (testMultipleAltNamesFailTwo): removed outdated tests + +2019-02-27 Matteo Corti + + * check_ssl_cert: better error message in case of wrong intermediate certificate + +2019-02-19 Matteo Corti + + * check_ssl_cert: Better error message in case of OCSP failure + +2019-02-08 Matteo Corti + + * check_ssl_cert: Check the readability of the certificate file + +2019-02-01 Matteo Corti + + * check_ssl_cert: applied patch for the SSLlabs warning + +2019-01-16 Matteo Corti + + * check_ssl_cert: replaced echo -e with printf + +2018-12-24 Matteo Corti + + * check_ssl_cert: Better output in case of errors while using SNI + +2018-12-19 Matteo Corti + + * check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S + * check_ssl_cert: Support for SNI and SSL Labs + +2018-12-11 Matteo Corti + + * check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993 + * check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer + +2018-11-07 Matteo Corti + + * check_ssl_cert: Fixed a problem with IMAP on port 993 + * check_ssl_cert: fixed a problem with newlines in the HTTP request + +2018-11-05 Matteo Corti + + * check_ssl_cert: CA file and directory support + +2018-10-19 Matteo Corti + + * check_ssl_cert: Fixed the HTTP request string + +2018-10-18 eimamagi + + * check_ssl_cert: Allow to specify a client certificate key + +2018-10-15 Matteo Corti + + * check_ssl_cert (exec_with_timeout): fixed the check on the the return value + +2018-08-10 Matteo Corti + + * check_ssl_cert: disabling OCSP checks if no OCSP host is found + +2018-07-20 Matteo Corti + + * check_ssl_cert: Applied a patch from Markus Frosch to fix the cleanup of temporary files + +2018-07-01 Matteo Corti + + * check_ssl_cert: do not trap on EXIT + * check_ssl_cert: remove temporary file when no signals are trapped + +2018-06-28 Matteo Corti + + * check_ssl_cert: fixed a bug in the deletion of temporary files when a signal is caught + +2018-06-25 Matteo Corti + + * check_ssl_cert: added a check to require OCSP stapling + +2018-04-29 Matteo Corti + + * check_ssl_cert: Remooved the SNI name check patch (see #78) + +2018-04-19 Matteo Corti + + * check_ssl_cert: Merged the SNI name check patch + +2018-04-17 Matteo Corti + + * check_ssl_cert: Merged the --terse patch, added performance data to the terse output and reordered the help + +2018-04-12 Matteo Corti + + * Makefile: Checks if the copyright year is correct. make test is now dependent on make dist + +2018-04-06 Matteo Corti + + * check_ssl_cert: Added UTF8 output + +2018-04-05 Matteo Corti + + * check_ssl_cert: Added debugging output for cURL + +2018-03-29 Matteo Corti + + * check_ssl_cert: Fixed a bug introduced in the last verstion + +2018-03-28 Matteo Corti + + * check_ssl_cert: Removed cURL dependency when not checking SSL Labs + +2018-03-17 Matteo Corti + + * check_ssl_cert: Added support for TLS 1.3 + +2018-03-06 Matteo Corti + + * check_ssl_cert: Fixed OCSP check with LibreSSL + * check_ssl_cert: Lists the number or default root certificates in debug mode + +2018-01-19 Matteo Corti + + * check_ssl_cert: Fixed a bug processing more than one OCSP host + +2017-12-15 Matteo Corti + + * check_ssl_cert: Fixed a bug in the specification of the xmpphost parameter + +2017-12-14 Matteo Corti + + * check_ssl_cert: Added an option to specify the 'to' attribute of the XMPP stream element + +2017-11-29 Wim van Ravesteijn https://github.com/wimvr + + * check_ssl_cert: Support for DER encoded CRL files + +2017-11-28 Georg https://github.com/gbotti + + * check_ssl_cert: added --fingerprint to check the SHA1 fingerprint of the certificate + +2017-11-17 Matteo Corti + + * check_ssl_cert (fetch_certificate): adding support for -xmpphost if available + +2017-11-16 Matteo Corti + + * check_ssl_cert (fetch_certificate): fixing XMPP support + +2017-11-16 + + * check_ssl_cert (fetch_certificate): adding support for IPv6 addresses + +2017-09-18 Bernd Stroessenreuther + + * check_ssl_cert: with -f option you now can also pass a certificate revocation list (CRL) to check its validity period + +2017-09-10 Matteo Corti + + * check_ssl_cert: OCSP check is now terminated by a timeout + +2017-09-09 Matteo Corti + + * check_ssl_cert: The SAN requirement is now optional + +2017-07-28 Matteo Corti + + * check_ssl_cert: Use openssl s_client's -help option to test for SNI support (thanks to d7415) + +2017-07-24 Matteo Corti + + * check_ssl_cert: Fix in the Common Name parsing + +2017-06-23 Matteo Corti + + * check_ssl_cert: Checks for missing subjectAlternativeName extension + +2017-06-15 Matteo Corti + + * check_ssl_cert: Do not try to check OCSP if the protocol is not HTTP or HTTPS + +2017-05-15 Matteo Corti + + * check_ssl_cert: Fixed a problem with the detection of OCSP URLs + +2017-05-02 Matteo Corti + + * check_ssl_cert: Added --location to curl to follow redirects + * check_ssl_cert: Fixed the indentation of EOF in the embedded Perl script + * check_ssl_cert: Added --force-date-perl to force the usage of Perl for date computations and a test to be sure no errors in Perl are left undetected + +2017-04-28 Matteo Corti + + * check_ssl_cert: Fixed a bug occurring when more than one issuNer URI is present + +2017-03-07 Matteo Corti + + * check_ssl_cert: Added LDAP support + +2017-03-01 Matteo Corti + + * check_ssl_cert: By errors it makes more sense to show the supplied host instead of the CN + +2017-02-16 Matteo Corti + + * check_ssl_cert: Support for newer OpenSSL versions (1.1) + +2017-02-10 Matteo Corti + + * check_ssl_cert: Added the --sni option + +2017-02-08 Matteo Corti + + * check_ssl_cert: Patch from Pavel Rochnyak: Changed the CN output when --altnames is used + +2017-02-02 Matteo Corti + + * check_ssl_cert: Fixed the command line argument parsing + * check_ssl_cert: Fixed -servername + +2017-01-29 Matteo Corti + + * check_ssl_cert: Added patches from Pavel Rochnyak for the issuer certificate cache patch + and the wildcard support in alternative names + +2016-12-23 Matteo Corti + + * check_ssl_cert: Added patch to specify multiple CNs (see https://github.com/matteocorti/check_ssl_cert/pull/35) + +2016-12-13 Matteo Corti + + * check_ssl_cert: fixed a minor problem with --debug + +2016-12-06 Matteo Corti + + * check_ssl_cert: fixed a problem when specifying a CN beginnging with * + +2016-12-04 Matteo Corti + + * check_ssl_cert: fixed problem when file is returing PEM certificate on newer Linux distributions + +2016-09-19 Matteo Corti + + * check_ssl_cert: enabling proxy support in the OCSP check (thanks to Leynos) + +2016-08-04 Matteo Corti + + * check_ssl_cert: disabling OCSP checks when no issuer URI is found + +2016-07-29 Matteo Corti + + * check_ssl_cert: fixed case insensitive comparison of CNs + +2016-07-29 https://github.com/bb-Ricardo + + * check_ssl_cert: calculate expiration primary with date + +2016-07-12 Matteo Corti + + * check_ssl_cert: fixed the parsing of the CN field + +2016-06-25 Matteo Corti + + * check_ssl_cert: fixed OSCP header on old OpenSSL versions + +2016-06-24 Matteo Corti + + * check_ssl_cert: OCSP is now default + + * check_ssl_certe: Fixed OCSP host + +2016-06-15 Matteo Corti + + * check_ssl_cert: Better curl error handling + +2016-06-10 Matteo Corti + + * check_ssl_cert: Added an option to clear the cached result at SSLLabs + +2016-06-01 juckerf (https://github.com/juckerf) + + * check_ssl_cert: Increase control over which SSL/TLS versions to use + +2016-05-17 Matteo Corti + + * check_ssl_cert: added more debugging info (-v is automatic if -d is spefied, system info and cert written to a file) + +2016-04-27 Matteo Corti + + * check_ssl_cert: Fixes a bug in the OpenSSL error parsing + +2016-04-05 Matteo Corti + + * check_ssl_cert: In case of an s_client error does not output the full (ugly) error. The error is shown in verbose mode + +2016-03-29 Sergei Shmanko + + * check_ssl_cert: Fix wildcard match regex, add additional unit tests + +2016-03-21 Matteo Corti + + * check_ssl_cert (exec_with_timeout): issues a critical status + when using the 'timout' utility + +2016-03-19 Matteo Corti + + * check_ssl_cert: fixed CN parsing on non-GNU systems + +2016-03-19 Sergei https://github.com/sshmanko + + * check_ssl_cert: handle wildcard certificates + +2016-03-10 Matteo Corti + + * check_ssl_cert (check_attr): Better handling of verification errors + +2016-03-09 Matteo Corti + + * check_ssl_cert (convert_ssl_lab_grade): accepts lowercase letters for SSL Labs grades + * check_ssl_cert (check_attr): waits for SSL Labs results + +2016-03-08 Matteo Corti + + * check_ssl_cert: Tries to extract an error message from SSL Labs + if no status is returned + +2016-03-07 Sam Richards + * check_ssl_cert: Support SNI even when we don't want to check cn + +2016-03-07 Matteo Corti + + * check_ssl_cert: DNS errors by SSL Labs are ignored (as they are just + a sign that the result is not cached) + +2016-03-03 Matteo Corti + + * check_ssl_cert: Initial support for SSL Labs checks + +2016-03-01 Matteo Corti + + * check_ssl_cert: Fixed a bug which prevented the check on the expiration + +2015-10-31 Matteo Corti + + * check_ssl_cert: added a patch to check the certificate's serial number + (thanks to Milan Koudelka) + +2015-10-20 Matteo Corti + + * check_ssl_cert: fixex a problem with OCSP paths w/o URLs + +2015-04-07 Matteo Corti + + * check_ssl_cert: corrected some typos (thanks to Jérémy Lecour) + * check_ssl_cert: removed check on the openssl binary name + +2014-10-21 Matteo Corti + + * check_ssl_cert: added a patch to check revocation via OCSP (thanks + to Ryan Nowakowski) + +2014-02-28 Matteo Corti + + * Makefile: added a target to build an rpm + +2013-12-23 Matteo Corti + + * check_ssl_cert: added the --tls1 option to force TLS 1 + +2013-10-09 Matteo Corti + + * check_ssl_cert: whole script reviewed with shellcheck + +2013-10-01 Matteo Corti + + * check_ssl_cert: fixes with shellcheck (quoting) + +2013-07-29 Matteo Corti + + * check_ssl_cert: Added an option to force a given SSL version + +2013-03-02 Matteo Corti + + * check_ssl_cert: Fixed a bug occuring with TLS and multiple names in + the certificate + +2012-12-07 Matteo Corti + + * check_ssl_cert: removed "test -a/-o" (test has an undefined + behavior with more than 4 elements) + + * check_ssl_cert: fixed #122 (-N was always comparing the CN with 'localhost') + +2012-11-16 Matteo Corti + + * simplified the sourcing of the script file for testing + +2012-10-11 Matteo Corti + + * added some unit tests with shUnit2 + +2012-09-19 Matteo Corti + + * check_ssl_cert: improved the "No certificate returned" error message + +2012-07-13 Matteo Corti + + * check_ssl_cert: added the number of days from or to expiration in the + plugin output + +2012-07-11 Matteo Corti + + * check_ssl_cert: fixed a bug with Perl date computation on some systems + +2012-07-06 Matteo Corti + + * check_ssl_cert: performance data in days + * check_ssl_cert: long output (certificate attributes) + +2012-04-05 Matteo Corti + + * check_ssl_cert: handle broken OpenSSL clients (-servername not working) + +2012-04-04 Matteo Corti + + * check_ssl_cert: removed an hard coded reference to the error number by the + SSL chain verification + +2011-10-22 Matteo Corti + + * check_ssl_cert: added a --altnames option to match the CN to alternative + names + +2011-09-01 Matteo Corti + + * check_ssl_cert: applied a patch from Sven Nierlein + (certificate authentication) + +2011-03-10 Matteo Corti + + * check_ssl_cert: allows http to specified as protocol + (thanks to Raphael Thoma) + * check_ssl_cert: fixes the -N check for certs with wildcards + (thanks to Raphael Thoma) + +2011-01-24 Matteo Corti + + * check_ssl_cert: added an option to specify the openssl executable + +2010-12-16 Dan Wallis + + * check_ssl_cert: Sets $VERBOSE to avoid using value supplied by Nagios + * check_ssl_cert: Quotes regular expression for grep to avoid shell globbing + +2010-12-09 Matteo Corti + + * check_ssl_cert.spec: standardized the RPM package name + + * check_ssl_cert: added support for the TLS servername extension + (thanks to Matthias Fuhrmeister) + +2010-11-02 Matteo Corti + + * INSTALL: specifies that expect is needed for timeouts + +2010-10-29 Matteo Corti + + * README: specifies that expect is needed for timeouts + +2010-10-28 Matteo Corti + + * check_ssl_cert: trap on more signals (thanks to Lawren Quigley-Jones) + +2010-10-14 Matteo Corti + + * check_ssl_cert: added a patch from Yannick Gravel putting the + chain verification at the end of the tests + +2010-10-01 Matteo Corti + + * check_ssl_cert: added a patch from Lawren Quigley-Jones which + implements a new command line argument (-A) to disable the + certificate chain check + +2010-09-15 Matteo Corti + + * check_ssl_cert: fixed option processing (bug #78) + +2010-08-26 Dan Wallis + + * check_ssl_cert: overloads --rootcert for use with directories as + well as files (-CApath versus -CAfile) + +2010-07-21 Matteo Corti + + * check_ssl_cert: added a patch from Marc Fournier to check the creation of the temporary files + * check_ssl_cert: added the --temp option to specify where to store the temporary files + +2010-07-10 Matteo Corti + + * check_ssl_cert: improved the error messages + * check_ssl_cert: checks for certificates without email addresses (if -e is specified) + +2010-07-09 Matteo Corti + + * check_ssl_cert: added a "long" version for all the command line options + * check_ssl_cert: added a critical and warning option for the certificate validity (in days) + * check_ssl_cert: the plugin always issues a critical warning if the certificate is expired + * check_ssl_cert: added a man page + +2010-07-07 Matteo Corti + + * check_ssl_cert: [Wolfgang Schricker patch] Add -f to check local files + +2010-07-01 Matteo Corti + + * check_ssl_cert: [Yannick Gravel patch] Restore displaying the CN in every messages: + a previous patch changed something and only + critical were adjusted. + * check_ssl_cert: [Yannick Gravel patch] Adjust what is displayed after the from in + the OK message to display the matched ISSUER + (CN or O). + +2010-06-08 Matteo Corti + + * check_ssl_cert: added the -s option to allow self signed certificates + +2010-03-11 Matteo Corti + + * check_ssl_cert: fixed the == bashism + +2010-03-08 Matteo Corti + + * check_ssl_cert: applied patch from Marcus Rejås with the -n and -N options + +2009-12-02 Matteo Corti + + * check_ssl_cert: check if the issuer matches the O= or the CN= field of the Root Cert + +2009-11-30 Matteo Corti + + * check_ssl_cert: cleaned up error messages if the CN is not yet known + * check_ssl_cert: added certificate chain verification + * check_ssl_cert: allow backslashes escaped in the error messages (e.g., for \n used by Nagios 3) + * check_ssl_cert: -r can be used to specify a root certificate to be used for the verification + +2009-03-31 Matteo Corti + + * check_ssl_cert: standard timeout of 15 seconds (can be set with the -t option) + +2009-03-30 Matteo Corti + + * check_ssl_cert: -P option to specify the protocol + +2008-05-13 Matteo Corti + + * check_ssl_cert: applied a patch from Dan Wallis to output the CN + in all the messages + +2008-02-28 Matteo Corti + + * check_ssl_cert: shortened the error message in case of no connection + (only the first line is reported) + +2008-02-25 Matteo Corti + + * check_ssl_cert: [Dan Wallis patch] removed nmap dependency + * check_ssl_cert: [Dan Wallis patch] mktemp for the temporaries + * check_ssl_cert: [Dan Wallis patch] using trap to cleanup temporaries + * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup + * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup + * check_ssl_cert: [Dan Wallis patch] better handling of missing + certificate and non resolvable host + * check_ssl_cert: [Dan Wallis patch] stricter check for "notAfter" in the + certificate analysis + +2007-09-04 Matteo Corti + + * check_ssl_cert: better error messages (both the actual and the + expected values are displayed) + +2007-08-31 Matteo Corti + + * check_ssl_cert: new options to enforce email and + organization. Temporary files are now removed before termination + +2007-08-15 Matteo Corti + + * check_ssl_cert: openssl s_client closes the connection cleanly + +2007-08-10 Matteo Corti + + * check_ssl_cert: initial release -- cgit v1.2.3