From e1dfeb8f97f86f8dfe71ca3a6f44c45db6d5a44c Mon Sep 17 00:00:00 2001
From: Matteo Corti <matteo@corti.li>
Date: Sun, 4 Dec 2022 17:01:27 +0100
Subject: [PATCH] Fixed #433

---
 CITATION.cff        |  4 ++--
 NEWS.md             |  2 ++
 README.md           |  2 +-
 RELEASE_NOTES.md    |  2 +-
 VERSION             |  2 +-
 check_ssl_cert      | 11 +++++++----
 check_ssl_cert.1    |  4 ++--
 check_ssl_cert.spec |  5 ++++-
 test/unit_tests.sh  |  7 +++++++
 utils/help.txt      |  2 +-
 10 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/CITATION.cff b/CITATION.cff
index eb7cc81..644f29e 100644
--- a/CITATION.cff
+++ b/CITATION.cff
@@ -246,8 +246,8 @@ authors:
   given-names: "Дилян"
   website: https://github.com/dilyanpalauzov
 title: "check_ssl_cert"
-version: 2.56.0
-date-released: 2022-11-30
+version: 2.57.0
+date-released: 2022-12-04
 url: "https://github.com/matteocorti/check_ssl_cert"
 repository-code: "https://github.com/matteocorti/check_ssl_cert"
 keywords:
diff --git a/NEWS.md b/NEWS.md
index b6a624d..e0cc959 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,5 +1,7 @@
 # News
 
+* 2022-12-04 Version 2.57.0
+  * Support for DNS over TLS
 * 2022-11-30 Version 2.56.0
   * Adds the ```--path``` command line option
 * 2022-10-25 Version 2.55.0
diff --git a/README.md b/README.md
index e467770..ddde769 100644
--- a/README.md
+++ b/README.md
@@ -192,7 +192,7 @@ Options:
                                    defaults to 0 if critical or warning are
                                    integers, 2 otherwise
    -P,--protocol protocol          Use the specific protocol:
-                                   ftp, ftps, http, https (default),
+                                   dns, ftp, ftps, http, https (default),
                                    h2 (HTTP/2), imap, imaps, irc, ircs, ldap,
                                    ldaps, mysql, pop3, pop3s, postgres,
                                    sieve, smtp, smtps, tds, xmpp,
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 3b61925..e1ed669 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,3 +1,3 @@
 # Release notes
 
-New command line optioon ```--path```
+Support for DNS over TLS
diff --git a/VERSION b/VERSION
index 5f46e11..4b9cd6e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.56.0
+2.57.0
diff --git a/check_ssl_cert b/check_ssl_cert
index 42e7273..3f0b20e 100755
--- a/check_ssl_cert
+++ b/check_ssl_cert
@@ -31,7 +31,7 @@
 ################################################################################
 # Constants
 
-VERSION=2.56.0
+VERSION=2.57.0
 SHORTNAME="SSL_CERT"
 
 VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -401,7 +401,7 @@ usage() {
     echo "                                   defaults to 0 if critical or warning are"
     echo "                                   integers, 2 otherwise"
     echo "   -P,--protocol protocol          Use the specific protocol:"
-    echo "                                   ftp, ftps, http, https (default),"
+    echo "                                   dns, ftp, ftps, http, https (default),"
     echo "                                   h2 (HTTP/2), imap, imaps, irc, ircs, ldap,"
     echo "                                   ldaps, mysql, pop3, pop3s, postgres,"
     echo "                                   sieve, smtp, smtps, tds, xmpp,"
@@ -2492,11 +2492,11 @@ fetch_certificate() {
             exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -showcerts -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION}  ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}"
             RET=$?
             ;;
-        irc | ldap)
+        irc | ldap )
             exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -showcerts -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}"
             RET=$?
             ;;
-        ircs | ldaps)
+        ircs | ldaps | dns )
             exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -showcerts -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}"
             RET=$?
             ;;
@@ -3949,6 +3949,9 @@ main() {
             pop3)
                 PORT=110
                 ;;
+            dns)
+                PORT=853
+                ;;
             ftp | ftps)
                 PORT=21
                 ;;
diff --git a/check_ssl_cert.1 b/check_ssl_cert.1
index 668f74c..2d2235d 100644
--- a/check_ssl_cert.1
+++ b/check_ssl_cert.1
@@ -1,7 +1,7 @@
 .\" Process this file with
 .\" groff -man -Tascii check_ssl_cert.1
 .\"
-.TH "check_ssl_cert" 1 "November, 2022" "2.56.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "December, 2022" "2.57.0" "USER COMMANDS"
 .SH NAME
 check_ssl_cert \- checks the validity of X.509 certificates
 .SH SYNOPSIS
@@ -321,7 +321,7 @@ TCP port (default 443)
 Number of decimal places for durations: defaults to 0 if critical or warning are integers, 2 otherwise
 .TP
 .BR "-P,--protocol" " protocol"
-Use the specific protocol: ftp, ftps, http, https (default), h2 (HTTP/2), imap, imaps, irc, ircs, ldap, ldaps, mysql, pop3, pop3s, postgres, sieve, smtp, smtps, tds, xmpp, xmpp-server, ftp, imap, irc, ldap, pop3, postgres, sieve, smtp: switch to TLS using StartTLS.
+Use the specific protocol: dns, ftp, ftps, http, https (default), h2 (HTTP/2), imap, imaps, irc, ircs, ldap, ldaps, mysql, pop3, pop3s, postgres, sieve, smtp, smtps, tds, xmpp, xmpp-server, ftp, imap, irc, ldap, pop3, postgres, sieve, smtp: switch to TLS using StartTLS.
 .BR
 These protocols switch to TLS using StartTLS: ftp, imap, irc, ldap, mysql, pop3, smtp.
 .TP
diff --git a/check_ssl_cert.spec b/check_ssl_cert.spec
index 295a932..d3631ef 100644
--- a/check_ssl_cert.spec
+++ b/check_ssl_cert.spec
@@ -1,4 +1,4 @@
-%global version          2.56.0
+%global version          2.57.0
 %global release          0
 %global sourcename       check_ssl_cert
 %global packagename      nagios-plugins-check_ssl_cert
@@ -54,6 +54,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Sun Dec   4 2022 Matteo Corti <matteo@corti.li> - 2.57.0-0
+- Updated to 2.57.0
+
 * Wed Nov  30 2022 Matteo Corti <matteo@corti.li> - 2.56.0-0
 - Updated to 2.56.0
 
diff --git a/test/unit_tests.sh b/test/unit_tests.sh
index 00321ed..1a4b7cb 100755
--- a/test/unit_tests.sh
+++ b/test/unit_tests.sh
@@ -1927,6 +1927,13 @@ testJavaKeyStore2() {
     assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
 }
 
+testDNS() {
+    # shellcheck disable=SC2086
+    ${SCRIPT} ${TEST_DEBUG} --host 1.1.1.1 --protocol dns --ignore-exp
+    EXIT_CODE=$?
+    assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+}
+
 # the script will exit without executing main
 export SOURCE_ONLY='test'
 
diff --git a/utils/help.txt b/utils/help.txt
index b8b4c25..1a057ca 100644
--- a/utils/help.txt
+++ b/utils/help.txt
@@ -232,7 +232,7 @@
 -N,--host-cn;(enabled by default)
 -N,--host-cn;Match CN with the host name
 -P,--protocol protocol;Use the specific protocol:
--P,--protocol protocol;ftp, ftps, http, https (default),
+-P,--protocol protocol;dns, ftp, ftps, http, https (default),
 -P,--protocol protocol;ftp, imap, irc, ldap, pop3, postgres,
 -P,--protocol protocol;h2 (HTTP/2), imap, imaps, irc, ircs, ldap,
 -P,--protocol protocol;ldaps, mysql, pop3, pop3s, postgres,