Fixes #451

CITATION.cff

@@ -248,8 +248,8 @@ authors:
   given-names: "Дилян"
   website: https://github.com/dilyanpalauzov
 title: "check_ssl_cert"
-version: 2.63.0
-date-released: 2023-04-05
+version: 2.64.0
+date-released: 2023-04-07
 url: "https://github.com/matteocorti/check_ssl_cert"
 repository-code: "https://github.com/matteocorti/check_ssl_cert"
 keywords:

ChangeLog

@@ -1,3 +1,7 @@
+2023-04-07  Matteo Corti  <[email protected]>
+
+        * check_ssl_cert (main): Fixed the resolution of hosts with IPv6 addresses only
+
 2023-04-05  Matteo Corti  <[email protected]>
 
         * check_ssl_cert (main): Better (earlier) check for non-existing hosts

NEWS.md

@@ -1,5 +1,7 @@
 # News
 
+* 2023-04-07 Version 2.64.0
+  * Fixed the resolution of hosts with IPv6 addresses only
 * 2023-04-05 Version 2.63.0
   * Command line option to ignore SSL Labs errors (```-ignore-ssl-labs-errors```)
   * Better checks for non-resolvable hosts

RELEASE_NOTES.md

@@ -1,2 +1 @@
- * Command line option to ignore SSL Labs errors (```-ignore-ssl-labs-errors```)
- * Better checks for non-resolvable hosts
+Fixed the resolution of hosts with IPv6 addresses only

VERSION

@@ -1 +1 @@
-2.63.0
+2.64.0

check_ssl_cert

@@ -31,7 +31,7 @@
 ################################################################################
 # Constants
 
-VERSION=2.63.0
+VERSION=2.64.0
 SHORTNAME="SSL_CERT"
 
 VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -4212,7 +4212,7 @@ main() {
                 critical "${SHORTNAME} CRITICAL: Cannot resolve ${HOST} (no AAAA record)"
             fi
         else
-            if ! host "${HOST}" | grep -q 'has address' ; then
+            if ! host "${HOST}" | grep -q 'has .*address' ; then
                 critical "${SHORTNAME} CRITICAL: Cannot resolve ${HOST}"
             fi
         fi

check_ssl_cert.1

@@ -1,7 +1,7 @@
 .\" Process this file with
 .\" groff -man -Tascii check_ssl_cert.1
 .\"
-.TH "check_ssl_cert" 1 "April, 2023" "2.63.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "April, 2023" "2.64.0" "USER COMMANDS"
 .SH NAME
 check_ssl_cert \- checks the validity of X.509 certificates
 .SH SYNOPSIS

check_ssl_cert.spec

@@ -1,4 +1,4 @@
-%global version          2.63.0
+%global version          2.64.0
 %global release          0
 %global sourcename       check_ssl_cert
 %global packagename      nagios-plugins-check_ssl_cert
@@ -54,6 +54,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Fri Apr   7 2023 Matteo Corti <[email protected]> - 2.64.0-0
+- Updated to 2.64.0
+
 * Wed Apr   5 2023 Matteo Corti <[email protected]> - 2.63.0-0
 - Updated to 2.63.0
 

test/integration_tests.sh

@@ -881,6 +881,42 @@ testIPv6() {
     fi
 }
 
+testIPv6Only() {
+    if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -6; then
+
+        IPV6=
+        if command -v ifconfig >/dev/null && ifconfig -a | grep -q -F inet6; then
+            IPV6=1
+        elif command -v ip >/dev/null && ip addr | grep -q -F inet6; then
+            IPV6=1
+        fi
+
+        if [ -n "${IPV6}" ]; then
+
+            echo "IPv6 is configured"
+
+            if ping6 -c 3 ipv6.corti.li >/dev/null 2>&1; then
+
+                echo "IPv6 is working"
+
+                # shellcheck disable=SC2086
+                ${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt -H ipv6.corti.li --ignore-host-cn --ignore-exp
+                EXIT_CODE=$?
+                assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+
+            else
+                echo "IPv6 is configured but not working: skipping test"
+            fi
+
+        else
+            echo "Skipping forcing IPv6: not IPv6 configured locally"
+        fi
+
+    else
+        echo "Skipping forcing IPv6: no OpenSSL support"
+    fi
+}
+
 testIPv6Numeric() {
     if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -6; then