up to 1.17.0

- added a patch to check revocation via OCSP
- added the --tls1 option to force TLS 1
- Added an option to force a given SSL version
- Fixed a bug occuring with TLS and multiple names in the certificate
- removed "test -a/-o" (test has an undefined behavior with more than 4 elements)
- fixed: -N was always comparing the CN with 'localhost')
- improved the "No certificate returned" error message
- handle broken OpenSSL clients (-servername not working)
- removed an hard coded reference to the error number by the SSL chain verification

diff --git a/ca_path.patch b/ca_path.patch
index 19e0cfccdbbd6f100820da7738dd54fde791a051..6e87966f0911663b20174aca9ef936af9e062dc2 100644 (file)
--- a/ca_path.patch
+++ b/ca_path.patch
@@ -1,10 +1,10 @@
---- ./check_ssl_cert~  2011-03-14 10:29:23.000000000 +0200
-+++ ./check_ssl_cert   2011-04-04 11:49:50.401306389 +0300
-@@ -182,6 +182,7 @@
- TIMEOUT=15
- VERBOSE=""
- OPENSSL=""
-+ROOT_CA=@cadir@
+--- check_ssl_cert-1.17.0/check_ssl_cert~      2014-11-29 18:01:44.000000000 +0200
++++ check_ssl_cert-1.17.0/check_ssl_cert       2015-04-01 13:45:25.039727047 +0300
+@@ -251,6 +251,7 @@
+     TIMEOUT=15
+     VERBOSE=""
+     OPENSSL=""
++    ROOT_CA=/etc/openssl/certs
  
- # set the default temp dir if not set
- if [ -z "${TMPDIR}" ] ; then
+     # set the default temp dir if not set
+     if [ -z "${TMPDIR}" ] ; then

diff --git a/nagios-plugin-check_ssl_cert.spec b/nagios-plugin-check_ssl_cert.spec
index bfb818aa23993c73d0cbf0707b745b1b150b9e4d..00b8a2392f7220da3d5ef35720106c4cb412b6cf 100644 (file)
--- a/nagios-plugin-check_ssl_cert.spec
+++ b/nagios-plugin-check_ssl_cert.spec
@@ -2,12 +2,12 @@
 Summary:       Nagios plugin to check the CA and validity of an X.509 certificate
 Summary(pl.UTF-8):     Wtyczka Nagiosa sprawdzająca CA i ważność certyfikatu X.509
 Name:          nagios-plugin-%{plugin}
-Version:       1.11.0
+Version:       1.17.0
 Release:       1
 License:       GPL v3
 Group:         Networking
 Source0:       https://trac.id.ethz.ch/projects/nagios_plugins/downloads/%{plugin}-%{version}.tar.gz
-# Source0-md5: 051548a08ee6372c687d200efe148c0f
+# Source0-md5: d667b8e5ac9fa7f529c854ce45a1f6a5
 Source1:       check_ssl_cert.cfg
 Patch0:                ca_path.patch
 URL:           https://trac.id.ethz.ch/projects/nagios_plugins/wiki/check_ssl_cert
@@ -15,6 +15,8 @@ BuildRequires:        rpm >= 4.4.9-56
 Requires:      expect
 Requires:      nagios-common
 Requires:      openssl-tools >= 0.9.8i-3
+Requires:      perl(Date::Parse)
+Requires:      perl-base
 Requires:      sed >= 4.0
 Requires:      which
 Suggests:      ca-certificates-update
@@ -23,7 +25,6 @@ BuildRoot:    %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define                _sysconfdir     /etc/nagios/plugins
 %define                plugindir       %{_prefix}/lib/nagios/plugins
-%define                openssldir      /etc/openssl/certs
 
 %description
 check_ssl_cert is a Nagios plugin to check X.509 certificates. It
@@ -40,7 +41,6 @@ jego poprawność.
 %prep
 %setup -q -n %{plugin}-%{version}
 %patch0 -p1
-%{__sed} -i -e 's,@cadir@,%{openssldir},' %{plugin}
 
 %install
 rm -rf $RPM_BUILD_ROOT