Fixes #450

matteocorti · Apr 5, 2023 · 10b8575 · 10b8575
1 parent 5ef976f
commit 10b8575
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 9 deletions.
diff --git a/CITATION.cff b/CITATION.cff
@@ -248,8 +248,8 @@ authors:
   given-names: "Дилян"
   website: https://github.com/dilyanpalauzov
 title: "check_ssl_cert"
-version: 2.62.0
-date-released: 2023-03-16
+version: 2.63.0
+date-released: 2023-04-05
 url: "https://github.com/matteocorti/check_ssl_cert"
 repository-code: "https://github.com/matteocorti/check_ssl_cert"
 keywords:

diff --git a/NEWS.md b/NEWS.md
@@ -1,5 +1,7 @@
 # News
 
+* 2023-04-05 Version 2.63.0
+  * Command line option to ignore SSL Labs errors (```-ignore-ssl-labs-errors```)
   * Better checks for non-resolvable hosts
 * 2023-03-16 Version 2.62.0
   * Fixed the output in case of timeout

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # check\_ssl\_cert
 
- &copy; Matteo Corti, ETH Zurich, 2007-2012.  
+ &copy; Matteo Corti, ETH Zurich, 2007-2012.
  &copy; Matteo Corti, 2007-2023.
 
  see [AUTHORS.md](AUTHORS.md) for the complete list of contributors
@@ -141,6 +141,8 @@ Options:
       --ignore-sig-alg             Do not check if the certificate was signed
                                    with SHA1 or MD5
       --ignore-ssl-labs-cache      Force a new check by SSL Labs (see -L)
+      --ignore-ssl-labs-errors     Ignore errors if SSL Labs is not
+                                   accessible or times out
       --ignore-tls-renegotiation   Ignore the TLS renegotiation check
       --inetproto protocol         Force IP version 4 or 6
       --info                       Print certificate information

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -1,2 +1,2 @@
-Fixed the output in case of timeout
-Fixed the ciphers with ```--rsa```
+ * Command line option to ignore SSL Labs errors (```-ignore-ssl-labs-errors```)
+ * Better checks for non-resolvable hosts
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.62.0
+2.63.0
diff --git a/check_ssl_cert b/check_ssl_cert
@@ -31,7 +31,7 @@
 ################################################################################
 # Constants
 
-VERSION=2.62.0
+VERSION=2.63.0
 SHORTNAME="SSL_CERT"
 
 VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -343,6 +343,8 @@ usage() {
     echo "      --ignore-sig-alg             Do not check if the certificate was signed"
     echo "                                   with SHA1 or MD5"
     echo "      --ignore-ssl-labs-cache      Force a new check by SSL Labs (see -L)"
+    echo "      --ignore-ssl-labs-errors     Ignore errors if SSL Labs is not"
+    echo "                                   accessible or times out"
     echo "      --ignore-tls-renegotiation   Ignore the TLS renegotiation check"
     echo "      --inetproto protocol         Force IP version 4 or 6"
     echo "      --info                       Print certificate information"
@@ -3093,6 +3095,10 @@ parse_command_line_options() {
             IGNORE_SSL_LABS_CACHE="&startNew=on"
             shift
             ;;
+        --ignore-ssl-labs-errors)
+            IGNORE_SSL_LABS_ERRORS=1
+            shift
+            ;;
         --ignore-tls-renegotiation)
             IGNORE_TLS_RENEGOTIATION='1'
             shift
@@ -6328,6 +6334,10 @@ ${WARNING}"
 
             if [ "${CURL_RETURN_CODE}" -ne 0 ]; then
 
+                if [ -n "${IGNORE_SSL_LABS_ERRORS}" ] ; then
+                    break
+                fi
+
                 debuglog "curl returned ${CURL_RETURN_CODE}: ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}\""
 
                 critical "Error checking SSL Labs: curl returned ${CURL_RETURN_CODE}, see 'man curl' for details"
@@ -6353,6 +6363,11 @@ ${WARNING}"
 
                 case "${SSL_LABS_HOST_STATUS}" in
                 'ERROR')
+
+                    if [ -n "${IGNORE_SSL_LABS_ERRORS}" ] ; then
+                        break
+                    fi
+
                     SSL_LABS_STATUS_MESSAGE=$(sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/' "${JSON}")
                     prepend_critical_message "Error checking SSL Labs: ${SSL_LABS_STATUS_MESSAGE}"
                     break
@@ -6361,6 +6376,11 @@ ${WARNING}"
                     if ! "${GREP_BIN}" -F -q "grade" "${JSON}"; then
 
                         # Something went wrong
+
+                        if [ -n "${IGNORE_SSL_LABS_ERRORS}" ] ; then
+                            break
+                        fi
+
                         SSL_LABS_STATUS_MESSAGE=$(sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/' "${JSON}")
                         prepend_critical_message "SSL Labs error: ${SSL_LABS_STATUS_MESSAGE}"
                         break
@@ -6409,6 +6429,11 @@ ${WARNING}"
                     ;;
                 *)
                     # Try to extract a message
+
+                    if [ -n "${IGNORE_SSL_LABS_ERRORS}" ] ; then
+                        break
+                    fi
+
                     SSL_LABS_ERROR_MESSAGE=$(sed 's/.*"message":[ ]*"\([^"]*\)".*/\1/' "${JSON}")
 
                     if [ -z "${SSL_LABS_ERROR_MESSAGE}" ]; then

diff --git a/check_ssl_cert.1 b/check_ssl_cert.1
@@ -1,7 +1,7 @@
 .\" Process this file with
 .\" groff -man -Tascii check_ssl_cert.1
 .\"
-.TH "check_ssl_cert" 1 "March, 2023" "2.62.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "April, 2023" "2.63.0" "USER COMMANDS"
 .SH NAME
 check_ssl_cert \- checks the validity of X.509 certificates
 .SH SYNOPSIS
@@ -232,6 +232,9 @@ Do not check if the certificate was signed with SHA1 or MD5
 .BR "   --ignore-ssl-labs-cache"
 Force a new check by SSL Labs (see -L)
 .TP
+.BR "   --ignore-ssl-labs-errors"
+Ignore errors if SSL Labs is not accessible or times out
+.TP
 .BR "   --ignore-tls-renegotiation"
 Ignore the TLS renegotiation check
 .TP

diff --git a/check_ssl_cert.spec b/check_ssl_cert.spec
@@ -1,4 +1,4 @@
-%global version          2.62.0
+%global version          2.63.0
 %global release          0
 %global sourcename       check_ssl_cert
 %global packagename      nagios-plugins-check_ssl_cert
@@ -54,6 +54,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Wed Apr   5 2023 Matteo Corti <[email protected]> - 2.63.0-0
+- Updated to 2.63.0
+
 * Thu Mar  16 2023 Matteo Corti <[email protected]> - 2.62.0-0
 - Updated to 2.62.0
 

diff --git a/utils/help.txt b/utils/help.txt
@@ -91,6 +91,8 @@
 --ignore-sig-alg;Do not check if the certificate was signed
 --ignore-sig-alg;with SHA1 or MD5
 --ignore-ssl-labs-cache;Force a new check by SSL Labs (see -L)
+--ignore-ssl-labs-errors;Ignore errors if SSL Labs is not
+--ignore-ssl-labs-errors;accessible or times out
 --ignore-tls-renegotiation;Ignore the TLS renegotiation check
 --inetproto protocol;Force IP version 4 or 6
 --info;Print certificate information