2019-02-08 Version 1.82.0: Added a check on the readability of the certificate file 2019-02-01 Version 1.81.0: Added an option to specify a warning level with SSL Labs 2019-01-16 Version 1.80.1: Fixed a problem on systems not supporting echo -e 2018-12-24 Version 1.80.0: Better output in case of errors while using SNI 2018-12-10 Version 1.79.0: Differentiate between IMAP on port 143 and IMAPS on port 993 Fixed a vulnerability in the parsing of the certificate issuer 2018-11-07 Version 1.78.0: Bug fixes in IMAP and HTTP requests 2018-11-05 Version 1.77.0: CA file and directory support 2018-10-19 Version 1.76.0: Sends a correct HTTP request 2018-10-18 Version 1.75.0: Allow to specify a client certificate key 2018-10-15 Version 1.74.0: Fixed a bug generating a confusing error message on timeout 2018-09-10 Version 1.73.0: Fixed a bug in the cleanup of temporary files, fixed a bug with certificates without OCSP Fixed tests with more reliable hosts Allows to check against all the issuers in the CA chain Fixed a bug with --long-output on Linux Fixed the validation of --critical and --warning 2018-07-01 Version 1.72.0: Corrected a bug introduced in 1.71.0: remove temporary files 2018-07-01 Version 1.71.0: Corrected a bug introduced in 1.70.0: wrong exit codes 2018-06-28 Version 1.70.0: Improved the management of temporary files 2018-06-25 Version 1.69.0: Added an option to require OCSP stapling 2018-04-29 Version 1.68.0: Removed the SNI name check 2018-04-17 Version 1.67.0: Terse output, warning if the specified server name is not found in the certificate and --format option 2018-04-06 Version 1.66.0: UTF-8 output 2018-03-29 Version 1.65.0: Bug fix release 2018-03-28 Version 1.64.0: Remove cURL dependency 2018-03-17 Version 1.63.0: Support for TLS 1.3 2018-03-06 Version 1.62.0: Support for LibreSSL 2018-01-19 Version 1.61.0: Fixed a bug handling more than one OCSP host 2017-12-15 Version 1.60.0: Fixed a bug related to XMPP introduced in the last version 2017-12-14 Version 1.59.0: Added an option to specify the 'to' attribute of the XMPP stream element 2017-11-29 Version 1.58.0: Support for DER encoded CRL files 2017-11-28 Version 1.57.0: Added --fingerprint to check the SHA1 fingerprint of the certificate 2017-11-17 Version 1.56.0: Added support for -xmpphost if available 2017-11-16 Version 1.55.0: Fixed XMPP support and IPv6 addresses as host 2017-09-19 Version 1.54.0: With the -f command line option, you can also specify a certificate revocation list (CRL) 2017-09-10 Version 1.53.0: The timeout is applied to OCSP checks 2017-09-09 Version 1.52.0: The SAN requirement check is now optional 2017-07-28 Version 1.51.0: Use openssl s_client's -help option to test for SNI support 2017-07-24 Version 1.50.0: Fix in the Common Name parsing 2017-07-17 Version 1.49.0: Support for OpenSSL 1.1 2017-06-22 Version 1.48.0: Checks for missing subjectAlternativeName extension (https://support.google.com/chrome/a/answer/7391219?hl=en) 2017-06-15 Version 1.47.0: Fixed an issue with OCSP URI with protocols other than HTTP or HTTPS 2017-05-15 Version 1.46.0: Fixed a problem with the detection of OCSP URLs 2017-05-02 Version 1.45.0: Fixed bugs in the date computation and OCSP checks 2017-04-28 Version 1.44.0: Fixed a bug occurring when more than one issuer URI is present 2017-03-07 Version 1.43.0: Support for LDAP 2017-02-16 Version 1.42.0: Support for OpenSSL > 1.1.0 2017-02-10 Version 1.41.0: Added --sni to specify the server name 2017-02-08 Version 1.40.0: Changed the CN output when --altnames is used 2017-02-02 Version 1.39.0: Fixed a bug related to SNI 2017-02-02 Version 1.38.2: Fixed a bug in the command line argument parsing 2017-01-29 Version 1.38.1: Small corrections in the documentation 2017-01-28 Version 1.38.0: Added support for wildcards in alternative names and caching of the issuer certificate 2016-12-23 Version 1.37.0: Added a patch to specify multiple CNs 2016-12-13 Version 1.36.2: fixed a minor problem with --debug 2016-12-06 Version 1.36.1: fixed a problem when specifying a CN beginning with * 2016-12-04 Version 1.36.0: fixed problem when file is returing PEM certificate on newer Linux distributions added an option to specify the location of the file utility 2016-10-18 Version 1.35.0: added support for the selection of the cipher authentication 2016-09-19 Version 1.34.0: added proxy support for the OCSP checks (thanks to Leynos) 2016-08-04 Version 1.33.0: disabling OCSP checks when no issuer URI is found 2016-07-29 Version 1.32.0: added support for date with timestamp calculation and fixed case sensitive comparison of CN 2016-07-12 Version 1.31.0 Fixed the parsing of the CN field 2016-06-30 Version 1.30.0 OCSP check is fixed and enabled by default 2016-06-15 Version 1.29.0 New option to clear the cached value at SSL Labs IRC support 2016-06-01 Version 1.28.0 Increased control over which SSL/TLS versions to use 2016-03-29 Version 1.27.0 Fixes a bug in the OpenSSL error parsing 2016-03-29 Version 1.26.0 Fixes a bug in wildcard match 2016-03-21 Version 1.25.0 Fixes a bug on CN parsing on non-GNU systems Handle wildcard certificates 2016-03-09 Version 1.24.0 Waits for SSL Labs Results 2016-03-07 Version 1.23.0 Supports SNI even when not checking CN and does not issue a critical when SSL Labs is still checking a host 2016-03-03 Version 1.22.0 Initial support for SSL Labs checks Support for UTF output (thanks to Konstantin Shalygin) 2016-03-01 Version 1.21.0 Fixed a bug which prevented the check on the expiration date 2016-02-26 Version 1.20.0 Added debugging output (-d or --debug) Improved the handling of OpenSSL error messages Does not stop the validation if the server requires a client certificate 2016-02-25 Version 1.19.0 Added a check for certificates signed with SHA-1 or MD5 Added an option to disable the expiration date check 2015-10-31 Version 1.18.0 Added an option to check the certificate's serial number (thanks to Milan Koudelka) 2015-10-20 Version 1.17.2 Fixed a bug with OCSP 2015-04-07 Version 1.17.1 Fixed the check on the openssl binary 2014-10-21 Version 1.17.0 Added an option to check revocation via OCSP 2014-06-06 Version 1.16.2 Fixed a problem with -servername when -n was not specified 2014-02-28 Version 1.16.1 Added a Make target for the RPM package 2013-12-23 Version 1.16.0 Added an option to force TLS version 1 2013-07-29 Version 1.15.0 Added an option to force a certain SSL version (thanks to Max Winterstein) 2013-05-12 Version 1.14.6 Added XMPP and timeout support (thanks to Christian Ruppert and Robin H. Johnson) 2013-03-02 Version 1.14.5 Fixed a bug occuring with TLS and multiple names in the certificate 2012-12-07 Version 1.14.4 Fixed a bug causing -N to always compare the CN with 'localhost' 2012-09-19 Version 1.14.3 Improved the error message in case of a failure in the certificate download 2012-07-13 Version 1.14.2 Added the name since or to expiration in the plugin output. 2012-07-11 Version 1.14.1 FIxed a bug with Perl date computation on some systems 2012-07-06 Version 1.14.0 The status now includes performance data in days until expiration (requires perl with Date::Parse). It is now possible to print additional information in the plugins long output (multiline, Nagios 3 only) 2012-04-05 Version 1.13.0 The plugin will now try to fetch the certificate without without TLS extensions in case of error 2012-04-04 Version 1.12.0 Fixed a bug in the chain verification (hard coded error number) 2011-10-22 Version 1.11.0 --altname option 2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenicate using a client certificate 2011-03-10 Version 1.9.1 Allows HTTP as protocol and fixes -N with wildcards 2011-01-24 Version 1.9.0 Added an option to specify the openssl executable 2010-12-16 Version 1.8.1 Fixed bugs with environment bleeding & shell globbing 2010-12-08 Version 1.8.0 Added support for TLS servername extension in ClientHello 2010-10-28 Version 1.7.7 Fixed a bug in the signal specification introduced in 1.7.6 2010-10-28 Version 1.7.6 Better temporary file clean up (thanks to Lawren Quigley-Jones) 2010-10-14 Version 1.7.5 Applied a patch from Yannick Gravel fixing the test order 2010-10-01 Version 1.7.4 Applied a patch from Lawren Quigley-Jones adding the -A option 2010-09-15 Version 1.7.3 Fixed a bug in the option processing 2010-08-26 Version 1.7.2 Removes useless use of cat, better test for expect utility 2010-08-26 Version 1.7.1 Replaces "-verify 6" which was erroneously removed in the previous version 2010-08-26 Version 1.7.0 Overloaded --rootcert option to allow -CApath as well as -CAfile 2010-07-21 Version 1.6.1 Added an option to specify where to temporarily store the certificate 2010-07-09 Version 1.6.0 Added long command line options and substituted -days with --critical and --warning 2010-07-07 Version 1.5.2 Added the -f option to check a local file 2010-07-01 Version 1.5.1 Fixed the plugin output 2010-03-11 Version 1.4.4 Fixed bug #64 (== bashism) 2010-03-09 Version 1.4.3 -N and -n options to compare the CN to an hostname 2009-12-02 Version 1.4.2 the -i ISSUER option now checks if the O= or the CN= fields of the root certificate match 2009-11-30 Version 1.4.1 -r to specify the root cert to be used for verification 2009-11-30 Version 1.4.0 certificate chain verification 2009-03-30 Version 1.3.0 -P option to check TLS certificates (SMTP, FTP, POP3, ...) 2008-05-13 Version 1.2.2 include the CN in the messages (D. Wallis) 2008-02-25 Version 1.2.1 better error handling 2008-02-25 Version 1.2.0 general cleanup (POSIX compliance, removed nmap dependency, ...) from Dan Wallis 2007-08-31 Version 1.1.0 - option to enforce a given email address - option to enforce a given organization - temporary files cleanup upon exit 2007-08-15 Bug fix: openssl did not close the connection cleanly 2007-08-10 First release (1.0)