diff --git a/CITATION.cff b/CITATION.cff index bc3b09ac..f0c1d6c0 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -236,8 +236,8 @@ authors: given-names: "Дилян" website: https://github.com/dilyanpalauzov title: "check_ssl_cert" -version: 2.40.0 -date-released: 2022-08-24 +version: 2.41.0 +date-released: 2022-09-01 url: "https://github.com/matteocorti/check_ssl_cert" repository-code: "https://github.com/matteocorti/check_ssl_cert" keywords: diff --git a/ChangeLog b/ChangeLog index d429b495..99373bdb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2022-09-01 Matteo Corti + + * check_ssl_cert (main): follow redirects when checking HSTS + +2022-08-31 Matteo Corti + + * check_ssl_cert (fetch_certificate): parsing 'excessive message size' errors + 2022-08-25 Matteo Corti * check_ssl_cert (extract_cert_attribute): Parse UTF-8 attributes (e.g., Location, ...) diff --git a/NEWS.md b/NEWS.md index 5c433ca9..c663dddc 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,5 +1,7 @@ -* Fixed the parsing of UTF-8 certificate subjects - +* 2022-09-01 Version 2.41.0 + * Fixed the parsing of UTF-8 certificate subjects + * Better OpenSSL error handling + * Fixed the HSTS check * 2022-08-24 Version 2.40.0 * Fixed the parsing of the signature algorithm * 2022-08-24 Version 2.39.0 diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 5e0f2e88..0b4302b9 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1 +1,3 @@ -Fixed the parsing of the signature algorithm + * Fixed the parsing of UTF-8 certificate subjects + * Better OpenSSL error handling + * Fixed the HSTS check diff --git a/VERSION b/VERSION index 770060be..2d4c52ed 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.40.0 +2.41.0 diff --git a/check_ssl_cert b/check_ssl_cert index 42c71ba6..bfd75b88 100755 --- a/check_ssl_cert +++ b/check_ssl_cert @@ -28,7 +28,7 @@ ################################################################################ # Constants -VERSION=2.40.0 +VERSION=2.41.0 SHORTNAME="SSL_CERT" VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint," @@ -2500,6 +2500,10 @@ fetch_certificate() { prepend_critical_message 'Error decoding certificate' + elif ascii_grep 'excessive message size' "${ERROR}"; then + + prepend_critical_message 'Error fetching the certificate (excessive message size)' + elif ascii_grep 'gethostbyname failure' "${ERROR}"; then ERROR='Invalid host name' @@ -4754,7 +4758,11 @@ main() { debuglog "Checking HSTS" - exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent -D- --user-agent '${HTTP_USER_AGENT}' https://${HOST} | grep -i ^strict-transport-security:" + # -s (--silent) + # -D (--dump-header) + # -A (--user-agent) + # -L (--location): follow redirects + exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} -s -D- -A '${HTTP_USER_AGENT}' -L https://${HOST} | grep -i ^strict-transport-security:" RET=$? if [ "${RET}" -eq 1 ] ; then diff --git a/check_ssl_cert.1 b/check_ssl_cert.1 index cb844f34..58185ea1 100644 --- a/check_ssl_cert.1 +++ b/check_ssl_cert.1 @@ -1,7 +1,7 @@ .\" Process this file with .\" groff -man -Tascii check_ssl_cert.1 .\" -.TH "check_ssl_cert" 1 "August, 2022" "2.40.0" "USER COMMANDS" +.TH "check_ssl_cert" 1 "September, 2022" "2.41.0" "USER COMMANDS" .SH NAME check_ssl_cert \- checks the validity of X.509 certificates .SH SYNOPSIS diff --git a/check_ssl_cert.spec b/check_ssl_cert.spec index 69861169..c3f35d7e 100644 --- a/check_ssl_cert.spec +++ b/check_ssl_cert.spec @@ -1,4 +1,4 @@ -%global version 2.40.0 +%global version 2.41.0 %global release 0 %global sourcename check_ssl_cert %global packagename nagios-plugins-check_ssl_cert @@ -54,6 +54,9 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Thu Sep 1 2022 Matteo Corti - 2.41.0-0 +- Updated to 2.41.0 + * Wed Aug 24 2022 Matteo Corti - 2.40.0-0 - Updated to 2.40.0