Merge branch 'master' of github.com:matteocorti/check_ssl_cert

Author: matteocorti

.editorconfig

@@ -8,7 +8,6 @@ root = true
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
-insert_final_newline = true
 
 # 4 space indentation
 [*]

.github/workflows/publish.yml

@@ -16,8 +16,6 @@ jobs:
       fail-fast: false
       matrix:
         distro:
-          - 'centos:7'
-          - 'centos:8'
           - 'fedora:40'
           - 'fedora:39'
         include:
@@ -29,16 +27,6 @@ jobs:
             pre: >-
               dnf install -y hostname &&
               dnf install -y nmap ShellCheck curl sudo perl make bzip2 file openssl rpm-build openssh-clients bc bash-completion
-          - distro: 'centos:7'
-            pre: >-
-              yum install -y nmap curl sudo perl make bzip2 file openssl perl-ExtUtils-MakeMaker perl-Test-Simple rpm-build openssh-clients b bash-completionc &&
-              scversion="stable"; curl -Ls "https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.x86_64.tar.xz" | tar -xJv && cp "shellcheck-${scversion}/shellcheck" /usr/bin/
-          - distro: 'centos:8'
-            pre: >-
-              sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-* &&
-              sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Linux-* &&
-              dnf install -y nmap curl sudo perl make bzip2 file openssl rpm-build openssh-clients bc bash-completion &&
-              scversion="stable"; curl -Ls "https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.x86_64.tar.xz" | tar -xJv && cp "shellcheck-${scversion}/shellcheck" /usr/bin/
     steps:
       - name: Git clone repository
         uses: actions/checkout@v4

.github/workflows/unit_tests.yml

@@ -160,7 +160,6 @@ jobs:
       fail-fast: false
       matrix:
         distro:
-          - 'centos:7'
           - 'fedora:39'
           - 'fedora:40'
         include:
@@ -172,9 +171,6 @@ jobs:
             pre: >-
               dnf install -y hostname &&
               dnf install -y nmap ShellCheck curl sudo perl make bzip2 file openssl bind-utils rpm-build git bash-completion
-          - distro: 'centos:7'
-            pre: >-
-              yum install -y nmap curl sudo perl make bzip2 file openssl dig perl-ExtUtils-MakeMaker perl-Test-Simple rpm-build bash-completion
     steps:
 
       - name: Git clone repository
@@ -198,7 +194,6 @@ jobs:
       fail-fast: false
       matrix:
         distro:
-          - 'centos:7'
           - 'fedora:39'
           - 'fedora:40'
         include:
@@ -210,9 +205,6 @@ jobs:
             pre: >-
               dnf install -y hostname &&
               dnf install -y nmap ShellCheck curl sudo perl make bzip2 file openssl bind-utils rpm-build git
-          - distro: 'centos:7'
-            pre: >-
-              yum install -y nmap curl sudo perl make bzip2 file openssl dig perl-ExtUtils-MakeMaker perl-Test-Simple rpm-build
     steps:
 
       - name: Git clone repository

.github/workflows/unit_tests_with_proxy.yml

@@ -63,7 +63,6 @@ jobs:
       fail-fast: false
       matrix:
         distro:
-          - 'centos:7'
           - 'fedora:39'
           - 'fedora:40'
         include:
@@ -75,9 +74,6 @@ jobs:
             pre: >-
               dnf install -y hostname &&
               dnf install -y nmap ShellCheck curl sudo perl make bzip2 file openssl bind-utils rpm-build git bash-completion
-          - distro: 'centos:7'
-            pre: >-
-              yum install -y nmap curl sudo perl make bzip2 file openssl dig perl-ExtUtils-MakeMaker perl-Test-Simple rpm-build bash-completion
     steps:
 
       - name: Git clone repository
@@ -101,7 +97,6 @@ jobs:
       fail-fast: false
       matrix:
         distro:
-          - 'centos:7'
           - 'fedora:39'
           - 'fedora:40'
         include:
@@ -113,9 +108,6 @@ jobs:
             pre: >-
               dnf install -y hostname &&
               dnf install -y nmap ShellCheck curl sudo perl make bzip2 file openssl bind-utils rpm-build git
-          - distro: 'centos:7'
-            pre: >-
-              yum install -y nmap curl sudo perl make bzip2 file openssl dig perl-ExtUtils-MakeMaker perl-Test-Simple rpm-build
     steps:
 
       - name: Git clone repository

CITATION.cff

@@ -266,7 +266,7 @@ authors:
   given-names: "Дилян"
   website: https://github.com/dilyanpalauzov
 title: "check_ssl_cert"
-version: 2.82.0
+version: 2.83.0
 date-released: 2024-08-15
 url: "https://github.com/matteocorti/check_ssl_cert"
 repository-code: "https://github.com/matteocorti/check_ssl_cert"

ChangeLog

@@ -1,3 +1,7 @@
+2024-07-11  Matteo Corti  <[email protected]>
+
+        * check_ssl_cert (main): fetch HTTP headers for --debug-headers even if no header check is enabled
+
 2024-04-01  Matteo Corti  <[email protected]>
 
         * check_ssl_cert (hours_until): refactored without return value

NEWS.md

@@ -2,8 +2,11 @@
 
 * Better error handling in subroutines
 
-* 2024-08-15 Version 2.82.0
+* 2024-08-15 Version 2.83.0
   * Shows ```--info``` event in case of a problem
+* 2024-07-11, Version 2.82.0
+  * Better error handling in subroutines
+  * Fetch HTTP headers for --debug-headers even if no header check is enabled
 * 2024-05-28 Version 2.81.1
   * Fix in the Icinga2 configuration file
 * 2024-03-27 Version 2.81.0

VERSION

@@ -1 +1 @@
-2.82.0
+2.83.0

check_ssl_cert

@@ -26,7 +26,7 @@
 ################################################################################
 # Constants
 
-VERSION=2.82.0
+VERSION=2.83.0
 SHORTNAME="SSL_CERT"
 
 VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -5825,6 +5825,12 @@ main() {
     ####################
     # check HTTP headers
 
+    if [ -n "${REQUIRED_HTTP_HEADERS}" ] ||
+           [ -n "${UNREQUIRED_HTTP_HEADERS}" ] ||
+           [ -n "${DEBUG_HEADERS}" ] ; then
+        fetch_http_headers
+    fi
+
     if [ -n "${REQUIRED_HTTP_HEADERS}" ]; then
         debuglog "Checking required HTTP headers: ${REQUIRED_HTTP_HEADERS}"
         for header in $(echo "${REQUIRED_HTTP_HEADERS}" | tr ',' '\n'); do

check_ssl_cert.1

@@ -1,7 +1,7 @@
 .\" Process this file with
 .\" groff -man -Tascii check_ssl_cert.1
 .\"
-.TH "check_ssl_cert" 1 "August, 2024" "2.82.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "August, 2024" "2.83.0" "USER COMMANDS"
 .SH NAME
 check_ssl_cert \- checks the validity of X.509 certificates
 .SH SYNOPSIS

check_ssl_cert.spec

@@ -1,4 +1,4 @@
-%global version          2.82.0
+%global version          2.83.0
 %global release          0
 %global sourcename       check_ssl_cert
 %global packagename      nagios-plugins-check_ssl_cert
@@ -54,10 +54,13 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
-* Tue August 28 2024 Matteo Corti <[email protected]> - 2.82.0-0
+* Tue August 28 2024 Matteo Corti <[email protected]> - 2.83.0-0
+- Updated to 2.83.0
+
+* Thu Jul  11 2024 Matteo Corti <[email protected]> - 2.82.0-0
 - Updated to 2.82.0
 
-* Tue May 28 2024 Matteo Corti <[email protected]> - 2.81.1-0
+* Tue May  28 2024 Matteo Corti <[email protected]> - 2.81.1-0
 - Updated to 2.81.1
 
 * Sun Mar 17 2024 Matteo Corti <[email protected]> - 2.81.0-0

test/integration_tests.sh

@@ -354,20 +354,6 @@ testSignatureAlgorithms() {
         sed 's/^Signature algorithm *//')
     assertEquals "wrong signature algorithm" 'sha256WithRSAEncryption (8192 bit)' "${ALGORITHM}"
 
-    echo "  testing sha256WithRSAEncryption (256 bit)"
-    # shellcheck disable=SC2086
-    ALGORITHM=$(${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt --info --ignore-exp --host ecc256.badssl.com |
-        grep '^Signature algorithm' |
-        sed 's/^Signature algorithm *//')
-    assertEquals "wrong signature algorithm" 'sha256WithRSAEncryption (256 bit)' "${ALGORITHM}"
-
-    echo "  testing sha256WithRSAEncryption (384 bit)"
-    # shellcheck disable=SC2086
-    ALGORITHM=$(${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt --info --ignore-exp --host ecc384.badssl.com |
-        grep '^Signature algorithm' |
-        sed 's/^Signature algorithm *//')
-    assertEquals "wrong signature algorithm" 'sha256WithRSAEncryption (384 bit)' "${ALGORITHM}"
-
 }
 
 testFQDN() {
@@ -1051,13 +1037,13 @@ testNotExistingHosts() {
     if [ -n "${NSLOOKUP_BIN}" ] ; then
 
         # shellcheck disable=SC2086
-        OUTPUT=$( ${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt --host li )
+        OUTPUT=$( ${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt --host nonexistinghostordomain )
         EXIT_CODE=$?
         assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}"
         assertContains "wrong error message" "${OUTPUT}" "Cannot resolve"
 
         # shellcheck disable=SC2086
-        OUTPUT=$( ${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt --host li --do-not-resolve )
+        OUTPUT=$( ${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt --host nonexistinghostordomain --do-not-resolve )
         EXIT_CODE=$?
         assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}"
         assertContains "wrong error message" "${OUTPUT}" "Cannot connect"
@@ -1309,7 +1295,6 @@ testGithubComCRL() {
     create_temporary_test_file
     TEMPFILE_CRL=${TEMPFILE}
 
-    echo "${TEST_CRL_URI}"
     curl --silent "${TEST_CRL_URI}" --output "${TEMPFILE_CRL}"
 
     # shellcheck disable=SC2086
@@ -1593,6 +1578,12 @@ testXFrameOptionsFailed() {
     assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}"
 }
 
+testHTTPHeaders() {
+    # shellcheck disable=SC2086
+    ${SCRIPT} ${TEST_DEBUG} -H securityheaders.com --ignore-exp --debug-headers
+}
+
+
 testHTTPHeadersOK() {
     # shellcheck disable=SC2086
     ${SCRIPT} ${TEST_DEBUG} -H securityheaders.com --ignore-exp --require-security-headers