Changes - j0ke.net Open Build Service

Changes of Revision 20

[-] [+]	Changed	check_ssl_cert.spec
@@ -1,4 +1,4 @@ -%define version 1.10.0 +%define version 1.11.0 %define release 1 %define name check_ssl_cert %define _nagdir %{_prefix}/lib/nagios @@ -42,7 +42,10 @@ %{_mandir}/man1/check_ssl_cert.1* %changelog -* Fri Sep 02 2011 Carsten Schoene <csqlinux-administrator.com> - 1.10.0-1 +* Sat Oct 22 2011 Carsten Schoene <cs@linux-administrator.com> - 1.11.0-1 +- update to release 1.11.0 + +* Fri Sep 02 2011 Carsten Schoene <cs@linux-administrator.com> - 1.10.0-1 - update to release 1.10.0 * Wed Mar 16 2011 Carsten Schoene <cs@linux-administrator.com> - 1.9.1-1
[-] [+]	Changed	check_ssl_cert-1.11.0.tar.bz2/ChangeLog ^
@@ -1,3 +1,8 @@ +2011-10-22 Matteo Corti <matteo.corti@id.ethz.ch> + + * check_ssl_cert: added a --altnames option to match the CN to alternative + names + 2011-09-01 Matteo Corti <matteo.corti@id.ethz.ch> * check_ssl_cert: applied a patch from Sven Nierlein
[-] [+]	Changed	check_ssl_cert-1.11.0.tar.bz2/NEWS ^
@@ -1,3 +1,4 @@ +2011-10-22 Version 1.11.0 --altname option 2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenicate using a client certificate 2011-03-10 Version 1.9.1 Allows HTTP as protocol and fixes -N with wildcards
[-] [+]	Changed	check_ssl_cert-1.11.0.tar.bz2/VERSION ^
@@ -1 +1 @@ -1.10.0 +1.11.0
[-] [+]	Changed	check_ssl_cert-1.11.0.tar.bz2/check_ssl_cert ^
@@ -19,15 +19,15 @@ # enable substitution with: # $ svn propset svn:keywords "Id Revision HeadURL Source Date" # -# $Id: check_ssl_cert 1229 2011-03-10 16:41:33Z corti $ -# $Revision: 1229 $ +# $Id: check_ssl_cert 1272 2011-10-22 09:41:59Z corti $ +# $Revision: 1272 $ # $HeadURL: https://svn.id.ethz.ch/nagios_plugins/check_ssl_cert/check_ssl_cert $ -# $Date: 2011-03-10 17:41:33 +0100 (Thu, 10 Mar 2011) $ +# $Date: 2011-10-22 11:41:59 +0200 (Sat, 22 Oct 2011) $ ################################################################################ # Constants -VERSION=1.10.0 +VERSION=1.11.0 SHORTNAME="SSL_CERT" ################################################################################ @@ -54,6 +54,7 @@ echo echo "Options:" echo " -A,--noauth ignore authority warnings (expiration only)" + echo " --altnames matches the pattern specified in -n with alternate names too" echo " -C,--clientcert path use client certificate to authenticate" echo " --clientpass phrase set passphrase for client certificate." echo " -c,--critical days minimum number of days a certificate has to be valid" @@ -63,7 +64,7 @@ echo " -f,--file file local file path (works with -H localhost only)" echo " -h,--help,-? this help message" echo " -i,--issuer issuer pattern to match the issuer of the certificate" - echo " -n,---cn name pattern to match the CN of the certificate" + echo " -n,--cn name pattern to match the CN of the certificate" echo " -N,--host-cn match CN with the host name" echo " -o,--org org pattern to match the organization of the certificate" echo " --openssl path path of the openssl binary to be used" @@ -204,6 +205,8 @@ -A\|--noauth) NOAUTH=1; shift ;; + --altnames) ALTNAMES=1; shift ;; + -h\|--help\|-\?) usage; exit 0 ;; -N\|--host-cn) COMMON_NAME="__HOST__"; shift ;; @@ -335,7 +338,7 @@ ################################################################################ # Set COMMON_NAME to hostname if -N was given as argument -if [ "$COMMON_NAME" = "__HOST__" ]; then +if [ "$COMMON_NAME" = "__HOST__" ] ; then COMMON_NAME=$(hostname) fi @@ -348,6 +351,10 @@ usage "No host specified" fi +if [ -n "${ALTNAMES}" -a -z "${COMMON_NAME}" ] ; then + unknown "--altnames requires a common name to match (--cn or --host-cn)" +fi + if [ -n "${ROOT_CA}" ] ; then if [ ! -r ${ROOT_CA} ] ; then unknown "Cannot read root certificate ${ROOT_CA}" @@ -530,9 +537,20 @@ ok='' case $COMMON_NAME in - $CN) ok='true';; + $CN) ok='true' ;; esac + # check alterante names + if [ -n "${ALTNAMES}" ] ; then + for alt_name in $( $OPENSSL x509 -in ${CERT} -text \| \ + grep --after-context=1 '509v3 Subject Alternative Name:' \| \ + tail -n 1 \| sed -e "s/DNS://g" \| sed -e "s/,//g" ) ; do + case $COMMON_NAME in + $alt_name) ok='true' ;; + esac + done + fi + if [ -z "$ok" ] ; then critical "invalid CN ('$CN' does not match '$COMMON_NAME')" fi @@ -651,6 +669,13 @@ ################################################################################ # If we get this far, assume all is well. :) + +# if --altnames was specified we show the specified CN instead of +# the certificate CN +if [ -n "${ALTNAMES}" -a -n "${COMMON_NAME}" ] ; then + CN=${COMMON_NAME} +fi + echo "${SHORTNAME} OK - X.509 ${SELFSIGNEDCERT}certificate for '$CN' from '$CA_ISSUER_MATCHED' valid until $DATE" exit 0
[-] [+]	Changed	check_ssl_cert-1.11.0.tar.bz2/check_ssl_cert.1 ^
@@ -1,7 +1,7 @@ .\" Process this file with .\" groff -man -Tascii foo.1 .\" -.TH "check_ssl_cert" 1 "January, 2011" "1.10.0" "USER COMMANDS" +.TH "check_ssl_cert" 1 "January, 2011" "1.11.0" "USER COMMANDS" .SH NAME check_ssl_cert \- checks the validity of X.509 certificates .SH SYNOPSIS @@ -21,6 +21,9 @@ .BR "-A,--noauth" ignore authority warnings (expiration only) .TP +.BR " --altnames" +matches the pattern specified in -n with alternate names too +.TP .BR "-C,--clientcert" " path" use client certificate to authenticate .TP
[-] [+]	Changed	check_ssl_cert-1.11.0.tar.bz2/check_ssl_cert.spec ^
@@ -6,7 +6,7 @@ # $Date: 2010-02-16 21:06:11 +0100 (Tue, 16 Feb 2010) $ ################################################################################ -%define version 1.10.0 +%define version 1.11.0 %define release 0 %define sourcename check_ssl_cert %define packagename nagios-plugins-check_ssl_cert @@ -53,6 +53,9 @@ %{_mandir}/man1/%{sourcename}.1* %changelog +* Sat Oct 22 2011 Matteo Corti <matteo.corti@id.ethz.ch> - 1.11.0-0 +- ipdated to 1.10.1 (--altnames option) + * Thu Sep 1 2011 Matteo Corti <matteo.corti@id.ethz.ch> - 1.10.0-0 - apllied patch from Sven Nierlein for client certificate authentication