[packages/nagios-plugin-check_ssl_cert] - up to 1.121.0
arekm
arekm at pld-linux.org
Tue Jul 28 13:47:48 CEST 2020
commit 690cfb7a1c5210d9eefd5325e42cb3e9510cd6d9
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Tue Jul 28 13:47:41 2020 +0200
- up to 1.121.0
nagios-plugin-check_ssl_cert.spec | 8 +-
ocsp.patch | 152 --------------------------------------
2 files changed, 3 insertions(+), 157 deletions(-)
---
diff --git a/nagios-plugin-check_ssl_cert.spec b/nagios-plugin-check_ssl_cert.spec
index d05790d..8529f72 100644
--- a/nagios-plugin-check_ssl_cert.spec
+++ b/nagios-plugin-check_ssl_cert.spec
@@ -2,14 +2,13 @@
Summary: Nagios plugin to check the CA and validity of an X.509 certificate
Summary(pl.UTF-8): Wtyczka Nagiosa sprawdzająca CA i ważność certyfikatu X.509
Name: nagios-plugin-%{plugin}
-Version: 1.110.0
-Release: 2
+Version: 1.121.0
+Release: 1
License: GPL v3
Group: Networking
Source0: https://github.com/matteocorti/check_ssl_cert/releases/download/v%{version}/check_ssl_cert-%{version}.tar.gz
-# Source0-md5: bb0d3fd5a35a1bb97bfb5c1d63169591
+# Source0-md5: 659dae04a5770fd916f70547a9d9a3b6
Source1: check_ssl_cert.cfg
-Patch0: ocsp.patch
URL: https://github.com/matteocorti/check_ssl_cert/wiki
BuildRequires: rpm >= 4.4.9-56
Requires: expect
@@ -41,7 +40,6 @@ jego poprawność.
%prep
%setup -q -n %{plugin}-%{version}
-%patch0 -p1
%install
rm -rf $RPM_BUILD_ROOT
diff --git a/ocsp.patch b/ocsp.patch
deleted file mode 100644
index 93fab60..0000000
--- a/ocsp.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From 596c02d6b9c65fe81e42668f133bb73308f9cecd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm at maven.pl>
-Date: Tue, 31 Mar 2020 10:05:37 +0200
-Subject: [PATCH] Timeout for OCSP calls and option to ignore timeouts
-
-Call all openssl oscp commands with timeout.
-
-Add option --ignore-ocsp-timeout which will do OCSP check but
-do not fail if timeout occurs during such checks.
----
- check_ssl_cert | 50 +++++++++++++++++++++++++++++++-------------------
- 1 file changed, 31 insertions(+), 19 deletions(-)
-
-diff --git a/check_ssl_cert b/check_ssl_cert
-index 8dd5f07..59e1903 100755
---- a/check_ssl_cert
-+++ b/check_ssl_cert
-@@ -93,6 +93,7 @@ usage() {
- echo " related checks"
- echo " --ignore-exp ignore expiration date"
- echo " --ignore-ocsp do not check revocation with OCSP"
-+ echo " --ignore-ocsp-timeout ignore OCSP result when timeout occurs while checking"
- echo " --ignore-sig-alg do not check if the certificate was signed with SHA1"
- echo " or MD5"
- echo " --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)"
-@@ -898,6 +899,7 @@ main() {
- REQUIRE_SAN=""
- REQUIRE_OCSP_STAPLING=""
- OCSP="1" # enabled by default
-+ OCSP_IGNORE_TIMEOUT=""
- FORMAT=""
- HTTP_METHOD="HEAD"
- RSA=""
-@@ -1061,6 +1063,10 @@ main() {
- OCSP=""
- shift
- ;;
-+ --ignore-ocsp-timeout)
-+ OCSP_IGNORE_TIMEOUT=1
-+ shift
-+ ;;
- --terse)
- TERSE=1
- shift
-@@ -2877,19 +2883,19 @@ main() {
- if "${OPENSSL}" version | grep -q '^LibreSSL' || [ "$( ${OPENSSL} version | sed -e 's/OpenSSL \([0-9]\).*/\1/g' )" -gt 0 ] ; then
-
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] ${OPENSSL} ocsp supports the -header option"
-+ echo "[DBG] ${OPENSSL} ocsp -timeout ${TIMEOUT} supports the -header option"
- fi
-
- # the -header option was first accepting key and value separated by space. The newer versions are using key=value
- KEYVALUE=""
-- if ${OPENSSL} ocsp -help 2>&1 | grep header | grep -q 'key=value' ; then
-+ if ${OPENSSL} ocsp -timeout ${TIMEOUT} -help 2>&1 | grep header | grep -q 'key=value' ; then
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] ${OPENSSL} ocsp -header requires 'key=value'"
-+ echo "[DBG] ${OPENSSL} ocsp -timeout ${TIMEOUT} -header requires 'key=value'"
- fi
- KEYVALUE=1
- else
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] ${OPENSSL} ocsp -header requires 'key value'"
-+ echo "[DBG] ${OPENSSL} ocsp -timeout ${TIMEOUT} -header requires 'key value'"
- fi
- fi
-
-@@ -2903,28 +2909,28 @@ main() {
-
- if [ -n "${KEYVALUE}" ] ; then
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing ${OPENSSL} ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST=${OCSP_HOST}"
-+ echo "[DBG] executing ${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST=${OCSP_HOST}"
- fi
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1 )"
- else
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing ${OPENSSL} ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}"
-+ echo "[DBG] executing ${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -host ${HTTP_PROXY#*://} -path ${OCSP_URI} -header HOST ${OCSP_HOST}"
- fi
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
- fi
-
- else
-
- if [ -n "${KEYVALUE}" ] ; then
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing ${OPENSSL} ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}"
-+ echo "[DBG] executing ${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}"
- fi
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1 )"
- else
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing ${OPENSSL} ocsp -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}"
-+ echo "[DBG] executing ${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}"
- fi
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )"
- fi
-
- fi
-@@ -2933,7 +2939,13 @@ main() {
- echo "${OCSP_RESP}" | sed 's/^/[DBG] OCSP: response = /'
- fi
-
-- if echo "${OCSP_RESP}" | grep -qi "revoked" ; then
-+ if [ -n "${OCSP_IGNORE_TIMEOUT}" ] && echo "${OCSP_RESP}" | grep -qi "timeout on connect" ; then
-+
-+ if [ -n "${DEBUG}" ] ; then
-+ echo '[DBG] OCSP: Timeout on connect'
-+ fi
-+
-+ elif echo "${OCSP_RESP}" | grep -qi "revoked" ; then
-
- if [ -n "${DEBUG}" ] ; then
- echo '[DBG] OCSP: revoked'
-@@ -2950,25 +2962,25 @@ main() {
- if [ -n "${HTTP_PROXY:-}" ] ; then
-
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing ${OPENSSL} ocsp -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT}]\" -host \"${HTTP_PROXY#*://}\" -path \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1"
-+ echo "[DBG] executing ${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT}]\" -host \"${HTTP_PROXY#*://}\" -path \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1"
- fi
-
- if [ -n "${OCSP_HEADER}" ] ; then
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
- else
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" 2>&1 )"
- fi
-
- else
-
- if [ -n "${DEBUG}" ] ; then
-- echo "[DBG] executing ${OPENSSL} ocsp -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT}\" -url \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1"
-+ echo "[DBG] executing ${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT}\" -url \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1"
- fi
-
- if [ -n "${OCSP_HEADER}" ] ; then
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )"
- else
-- OCSP_RESP="$(${OPENSSL} ocsp -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" 2>&1 )"
-+ OCSP_RESP="$(${OPENSSL} ocsp -timeout ${TIMEOUT} -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT}" -url "${OCSP_URI}" 2>&1 )"
- fi
-
- fi
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/nagios-plugin-check_ssl_cert.git/commitdiff/690cfb7a1c5210d9eefd5325e42cb3e9510cd6d9
More information about the pld-cvs-commit
mailing list