Improved the error handling

Do not stop the validation if the server requires a client certificate
matteocorti · Feb 26, 2016 · 46c56c3 · 46c56c3
1 parent b575fa6
commit 46c56c3
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 13 deletions.
diff --git a/NEWS b/NEWS
@@ -1,4 +1,7 @@
 2016-02-26 Version 1.20.0 Added debugging output (-d or --debug)
+                          Improved the handling of OpenSSL error messages
+			  Does not stop the validation if the server requires a
+			  client certificate
 2016-02-25 Version 1.19.0 Added a check for certificates signed with SHA-1 or MD5
                           Added an option to disable the expiration date check
 2015-10-31 Version 1.18.0 Added an option to check the certificate's serial number

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.19.0
+1.20.0
diff --git a/check_ssl_cert b/check_ssl_cert
@@ -241,17 +241,29 @@ fetch_certificate() {
 
 	fi
 
-	# try to clean up the error message
-	# - remove the 'verify and depth' lines
-	# - take the 1st line (seems OK with the use cases I tested)
-
-	ERROR_MESSAGE=$(
-	    grep -v '^depth' "${ERROR}" |
-		grep -v '^verify' |
-		head -n 1
-		     )
+	# s_client could because the server requires a client certificate
+
+	if grep -q '^Acceptable client certificate CA names' "${CERT}" ; then
+	    
+	    if [ -n "${VERBOSE}" ] ; then
+		echo 'The server requires a client certificate'
+	    fi
+
+	else
 
-	critical "SSL error: ${ERROR_MESSAGE}"
+	    # try to clean up the error message
+	    # - remove the 'verify and depth' lines
+	    # - take the 1st line (seems OK with the use cases I tested)
+
+	    ERROR_MESSAGE=$(
+		grep -v '^depth' "${ERROR}" |
+		    grep -v '^verify' |
+		    head -n 1
+			 )
+
+	    critical "SSL error: ${ERROR_MESSAGE}"
+
+	fi
 
     fi
 

diff --git a/check_ssl_cert.spec b/check_ssl_cert.spec
@@ -1,4 +1,4 @@
-%define version          1.19.0
+%define version          1.20.0
 %define release          1
 %define sourcename       check_ssl_cert
 %define packagename      nagios-plugins-check_ssl_cert
@@ -17,7 +17,7 @@ Packager:  Matteo Corti <[email protected]>
 Group:     Applications/System
 BuildRoot: %{_tmppath}/%{packagename}-%{version}-%{release}-root-%(%{__id_u} -n)
 URL:       https://github.com/matteocorti/check_ssl_cert
-Source:    https://github.com/matteocorti/check_ssl_cert/releases/download/v1.19.0/check_ssl_cert-1.19.0.tar.gz
+Source:    https://github.com/matteocorti/check_ssl_cert/releases/download/v1.19.0/check_ssl_cert-1.20.0.tar.gz
 
 Requires:  nagios-plugins expect perl(Date::Parse)
 
@@ -45,6 +45,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/%{sourcename}.1*
 
 %changelog
+* Fri Feb 26 2016 Matteo Corti <[email protected]> - 1.20.0-0
+- Updated to 1.20.0
+
 * Thu Feb 25 2016 Matteo Corti <[email protected]> - 1.19.0-0
 - Updated to 1.19.0