2019-02-27 Matteo Corti <matteo@corti.li>
* test/unit_tests.sh (testMultipleAltNamesFailTwo): removed outdated tests
2019-02-27 Matteo Corti <matteo@corti.li>
* check_ssl_cert: better error message in case of wrong intermediate certificate
2019-02-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Better error message in case of OCSP failure
2019-02-08 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Check the readability of the certificate file
2019-02-01 Matteo Corti <matteo@corti.li>
* check_ssl_cert: applied patch for the SSLlabs warning
2019-01-16 Matteo Corti <matteo@corti.li>
* check_ssl_cert: replaced echo -e with printf
2018-12-24 Matteo Corti <corti@macmini.home>
* check_ssl_cert: Better output in case of errors while using SNI
2018-12-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S
* check_ssl_cert: Support for SNI and SSL Labs
2018-12-11 Matteo Corti <corti@macmini.home>
* check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993
* check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer
2018-11-07 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed a problem with IMAP on port 993
* check_ssl_cert: fixed a problem with newlines in the HTTP request
2018-11-05 Matteo Corti <matteo@corti.li>
* check_ssl_cert: CA file and directory support
2018-10-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed the HTTP request string
2018-10-18 eimamagi <https://github.com/eimamagi>
* check_ssl_cert: Allow to specify a client certificate key
2018-10-15 Matteo Corti <matteo@corti.li>
* check_ssl_cert (exec_with_timeout): fixed the check on the the return value
2018-08-10 Matteo Corti <matteo@corti.li>
* check_ssl_cert: disabling OCSP checks if no OCSP host is found
2018-07-20 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Applied a patch from Markus Frosch to fix the cleanup of temporary files
2018-07-01 Matteo Corti <matteo@corti.li>
* check_ssl_cert: do not trap on EXIT
* check_ssl_cert: remove temporary file when no signals are trapped
2018-06-28 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed a bug in the deletion of temporary files when a signal is caught
2018-06-25 Matteo Corti <matteo@corti.li>
* check_ssl_cert: added a check to require OCSP stapling
2018-04-29 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Remooved the SNI name check patch (see #78)
2018-04-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Merged the SNI name check patch
2018-04-17 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Merged the --terse patch, added performance data to the terse output and reordered the help
2018-04-12 Matteo Corti <matteo@corti.li>
* Makefile: Checks if the copyright year is correct. make test is now dependent on make dist
2018-04-06 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added UTF8 output
2018-04-05 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added debugging output for cURL
2018-03-29 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed a bug introduced in the last verstion
2018-03-28 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Removed cURL dependency when not checking SSL Labs
2018-03-17 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added support for TLS 1.3
2018-03-06 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed OCSP check with LibreSSL
* check_ssl_cert: Lists the number or default root certificates in debug mode
2018-01-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed a bug processing more than one OCSP host
2017-12-15 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed a bug in the specification of the xmpphost parameter
2017-12-14 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added an option to specify the 'to' attribute of the XMPP stream element
2017-11-29 Wim van Ravesteijn https://github.com/wimvr
* check_ssl_cert: Support for DER encoded CRL files
2017-11-28 Georg https://github.com/gbotti
* check_ssl_cert: added --fingerprint to check the SHA1 fingerprint of the certificate
2017-11-17 Matteo Corti <matteo@corti.li>
* check_ssl_cert (fetch_certificate): adding support for -xmpphost if available
2017-11-16 Matteo Corti <matteo@corti.li>
* check_ssl_cert (fetch_certificate): fixing XMPP support
2017-11-16 <corti@corti.li>
* check_ssl_cert (fetch_certificate): adding support for IPv6 addresses
2017-09-18 Bernd Stroessenreuther <booboo@gluga.de>
* check_ssl_cert: with -f option you now can also pass a certificate revocation list (CRL) to check its validity period
2017-09-10 Matteo Corti <corti@mac-mini-1.home>
* check_ssl_cert: OCSP check is now terminated by a timeout
2017-09-09 Matteo Corti <matteo@corti.li>
* check_ssl_cert: The SAN requirement is now optional
2017-07-28 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Use openssl s_client's -help option to test for SNI support (thanks to d7415)
2017-07-24 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fix in the Common Name parsing
2017-06-23 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Checks for missing subjectAlternativeName extension
2017-06-15 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Do not try to check OCSP if the protocol is not HTTP or HTTPS
2017-05-15 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed a problem with the detection of OCSP URLs
2017-05-02 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added --location to curl to follow redirects
* check_ssl_cert: Fixed the indentation of EOF in the embedded Perl script
* check_ssl_cert: Added --force-date-perl to force the usage of Perl for date computations and a test to be sure no errors in Perl are left undetected
2017-04-28 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed a bug occurring when more than one issuNer URI is present
2017-03-07 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added LDAP support
2017-03-01 Matteo Corti <matteo@corti.li>
* check_ssl_cert: By errors it makes more sense to show the supplied host instead of the CN
2017-02-16 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Support for newer OpenSSL versions (1.1)
2017-02-10 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added the --sni option
2017-02-08 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Patch from Pavel Rochnyak: Changed the CN output when --altnames is used
2017-02-02 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed the command line argument parsing
* check_ssl_cert: Fixed -servername
2017-01-29 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added patches from Pavel Rochnyak for the issuer certificate cache patch
and the wildcard support in alternative names
2016-12-23 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added patch to specify multiple CNs (see https://github.com/matteocorti/check_ssl_cert/pull/35)
2016-12-13 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed a minor problem with --debug
2016-12-06 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed a problem when specifying a CN beginnging with *
2016-12-04 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed problem when file is returing PEM certificate on newer Linux distributions
2016-09-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: enabling proxy support in the OCSP check (thanks to Leynos)
2016-08-04 Matteo Corti <matteo@corti.li>
* check_ssl_cert: disabling OCSP checks when no issuer URI is found
2016-07-29 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed case insensitive comparison of CNs
2016-07-29 https://github.com/bb-Ricardo
* check_ssl_cert: calculate expiration primary with date
2016-07-12 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed the parsing of the CN field
2016-06-25 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed OSCP header on old OpenSSL versions
2016-06-24 Matteo Corti <matteo@corti.li>
* check_ssl_cert: OCSP is now default
* check_ssl_certe: Fixed OCSP host
2016-06-15 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Better curl error handling
2016-06-10 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Added an option to clear the cached result at SSLLabs
2016-06-01 juckerf (https://github.com/juckerf)
* check_ssl_cert: Increase control over which SSL/TLS versions to use
2016-05-17 Matteo Corti <matteo@corti.li>
* check_ssl_cert: added more debugging info (-v is automatic if -d is spefied, system info and cert written to a file)
2016-04-27 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixes a bug in the OpenSSL error parsing
2016-04-05 Matteo Corti <matteo@corti.li>
* check_ssl_cert: In case of an s_client error does not output the full (ugly) error. The error is shown in verbose mode
2016-03-29 Sergei Shmanko
* check_ssl_cert: Fix wildcard match regex, add additional unit tests
2016-03-21 Matteo Corti <matteo@corti.li>
* check_ssl_cert (exec_with_timeout): issues a critical status
when using the 'timout' utility
2016-03-19 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixed CN parsing on non-GNU systems
2016-03-19 Sergei https://github.com/sshmanko
* check_ssl_cert: handle wildcard certificates
2016-03-10 Matteo Corti <matteo@corti.li>
* check_ssl_cert (check_attr): Better handling of verification errors
2016-03-09 Matteo Corti <matteo@corti.li>
* check_ssl_cert (convert_ssl_lab_grade): accepts lowercase letters for SSL Labs grades
* check_ssl_cert (check_attr): waits for SSL Labs results
2016-03-08 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Tries to extract an error message from SSL Labs
if no status is returned
2016-03-07 Sam Richards
* check_ssl_cert: Support SNI even when we don't want to check cn
2016-03-07 Matteo Corti <matteo@corti.li>
* check_ssl_cert: DNS errors by SSL Labs are ignored (as they are just
a sign that the result is not cached)
2016-03-03 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Initial support for SSL Labs checks
2016-03-01 Matteo Corti <matteo@corti.li>
* check_ssl_cert: Fixed a bug which prevented the check on the expiration
2015-10-31 Matteo Corti <matteo@corti.li>
* check_ssl_cert: added a patch to check the certificate's serial number
(thanks to Milan Koudelka)
2015-10-20 Matteo Corti <matteo@corti.li>
* check_ssl_cert: fixex a problem with OCSP paths w/o URLs
2015-04-07 Matteo Corti <matteo@corti.li>
* check_ssl_cert: corrected some typos (thanks to Jérémy Lecour)
* check_ssl_cert: removed check on the openssl binary name
2014-10-21 Matteo Corti <matteo@corti.li>
* check_ssl_cert: added a patch to check revocation via OCSP (thanks
to Ryan Nowakowski)
2014-02-28 Matteo Corti <matteo.corti@id.ethz.ch>
* Makefile: added a target to build an rpm
2013-12-23 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added the --tls1 option to force TLS 1
2013-10-09 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: whole script reviewed with shellcheck
2013-10-01 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: fixes with shellcheck (quoting)
2013-07-29 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: Added an option to force a given SSL version
2013-03-02 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: Fixed a bug occuring with TLS and multiple names in
the certificate
2012-12-07 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: removed "test -a/-o" (test has an undefined
behavior with more than 4 elements)
* check_ssl_cert: fixed #122 (-N was always comparing the CN with 'localhost')
2012-11-16 Matteo Corti <matteo.corti@id.ethz.ch>
* simplified the sourcing of the script file for testing
2012-10-11 Matteo Corti <matteo.corti@id.ethz.ch>
* added some unit tests with shUnit2
2012-09-19 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: improved the "No certificate returned" error message
2012-07-13 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added the number of days from or to expiration in the
plugin output
2012-07-11 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: fixed a bug with Perl date computation on some systems
2012-07-06 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: performance data in days
* check_ssl_cert: long output (certificate attributes)
2012-04-05 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: handle broken OpenSSL clients (-servername not working)
2012-04-04 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: removed an hard coded reference to the error number by the
SSL chain verification
2011-10-22 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added a --altnames option to match the CN to alternative
names
2011-09-01 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: applied a patch from Sven Nierlein
(certificate authentication)
2011-03-10 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: allows http to specified as protocol
(thanks to Raphael Thoma)
* check_ssl_cert: fixes the -N check for certs with wildcards
(thanks to Raphael Thoma)
2011-01-24 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added an option to specify the openssl executable
2010-12-16 Dan Wallis
* check_ssl_cert: Sets $VERBOSE to avoid using value supplied by Nagios
* check_ssl_cert: Quotes regular expression for grep to avoid shell globbing
2010-12-09 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert.spec: standardized the RPM package name
* check_ssl_cert: added support for the TLS servername extension
(thanks to Matthias Fuhrmeister)
2010-11-02 Matteo Corti <matteo.corti@id.ethz.ch>
* INSTALL: specifies that expect is needed for timeouts
2010-10-29 Matteo Corti <matteo.corti@id.ethz.ch>
* README: specifies that expect is needed for timeouts
2010-10-28 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: trap on more signals (thanks to Lawren Quigley-Jones)
2010-10-14 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added a patch from Yannick Gravel putting the
chain verification at the end of the tests
2010-10-01 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added a patch from Lawren Quigley-Jones which
implements a new command line argument (-A) to disable the
certificate chain check
2010-09-15 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: fixed option processing (bug #78)
2010-08-26 Dan Wallis
* check_ssl_cert: overloads --rootcert for use with directories as
well as files (-CApath versus -CAfile)
2010-07-21 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added a patch from Marc Fournier to check the creation of the temporary files
* check_ssl_cert: added the --temp option to specify where to store the temporary files
2010-07-10 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: improved the error messages
* check_ssl_cert: checks for certificates without email addresses (if -e is specified)
2010-07-09 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added a "long" version for all the command line options
* check_ssl_cert: added a critical and warning option for the certificate validity (in days)
* check_ssl_cert: the plugin always issues a critical warning if the certificate is expired
* check_ssl_cert: added a man page
2010-07-07 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: [Wolfgang Schricker patch] Add -f to check local files
2010-07-01 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: [Yannick Gravel patch] Restore displaying the CN in every messages:
a previous patch changed something and only
critical were adjusted.
* check_ssl_cert: [Yannick Gravel patch] Adjust what is displayed after the from in
the OK message to display the matched ISSUER
(CN or O).
2010-06-08 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: added the -s option to allow self signed certificates
2010-03-11 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: fixed the == bashism
2010-03-08 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: applied patch from Marcus Rejås with the -n and -N options
2009-12-02 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: check if the issuer matches the O= or the CN= field of the Root Cert
2009-11-30 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: cleaned up error messages if the CN is not yet known
* check_ssl_cert: added certificate chain verification
* check_ssl_cert: allow backslashes escaped in the error messages (e.g., for \n used by Nagios 3)
* check_ssl_cert: -r can be used to specify a root certificate to be used for the verification
2009-03-31 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: standard timeout of 15 seconds (can be set with the -t option)
2009-03-30 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: -P option to specify the protocol
2008-05-13 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: applied a patch from Dan Wallis to output the CN
in all the messages
2008-02-28 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: shortened the error message in case of no connection
(only the first line is reported)
2008-02-25 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: [Dan Wallis patch] removed nmap dependency
* check_ssl_cert: [Dan Wallis patch] mktemp for the temporaries
* check_ssl_cert: [Dan Wallis patch] using trap to cleanup temporaries
* check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup
* check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup
* check_ssl_cert: [Dan Wallis patch] better handling of missing
certificate and non resolvable host
* check_ssl_cert: [Dan Wallis patch] stricter check for "notAfter" in the
certificate analysis
2007-09-04 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: better error messages (both the actual and the
expected values are displayed)
2007-08-31 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: new options to enforce email and
organization. Temporary files are now removed before termination
2007-08-15 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: openssl s_client closes the connection cleanly
2007-08-10 Matteo Corti <matteo.corti@id.ethz.ch>
* check_ssl_cert: initial release