grep: character class syntax is [[:space:]], not [:space:]

Hi Matteo,

I integrated 1.144 into our packaging. Unfortunately there seems to be a problem with the actual grep expression:

https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib/-/jobs/1512304#L2271

$ ./check_ssl_cert -H www.debian.org
grep: character class syntax is [[:space:]], not [:space:]
./check_ssl_cert: 399: return: Illegal number:
$ grep -V
grep (GNU grep) 2.27
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Mike Haertel and others, see <http://git.sv.gnu.org/cgit/grep.git/tree/AUTHORS>.
$ cat /etc/debian_version
9.13

Additional context/output\

$ ./check_ssl_cert -H www.debian.org -d -v
[DBG] Command line arguments: -H www.debian.org -d -v
[DBG] -c specified: 15
[DBG] ROOT_CA =
[DBG] file version: file-5.30
[DBG] magic file from /etc/magic:/usr/share/misc/magic
[DBG] cURL binary needed. SSL Labs = , OCSP = 1, CURL =
[DBG] cURL binary not specified
[DBG] cURL available: /usr/bin/curl
[DBG] curl 7.52.1 (i686-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2u zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
[DBG] Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
[DBG] Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
[DBG] nmap binary not needed. No disallowed protocols
expect not available
timeout available (/usr/bin/timeout)
[DBG] perl available: /usr/bin/perl
[DBG] date available: /bin/date
[DBG] checking date version
found GNU date with timestamp support: enabling date computations
[DBG] check_ssl_cert version: 1.144.0
[DBG] OpenSSL binary: /usr/bin/openssl
[DBG] OpenSSL info:
[DBG]OpenSSL 1.1.0l  10 Sep 2019
[DBG]built on: reproducible build, date unspecified
[DBG]platform: debian-i386
[DBG]options:  bn(64,32) rc4(8x,mmx) des(long) blowfish(ptr)
[DBG]compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/i386-linux-gnu/engines-1.1\""
[DBG]OPENSSLDIR: "/usr/lib/ssl"
[DBG]ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1"
[DBG] OpenSSL configuration directory: /usr/lib/ssl
[DBG] 0 root certificates installed by default
[DBG]  System info: Linux packaging.dev.uncompleted.org 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u2 (2017-06-26) x86_64 GNU/Linux
[DBG] Date computation: GNU
[DBG] '/usr/bin/openssl s_client' supports '-servername': using -servername www.debian.org
[DBG] '/usr/bin/openssl s_client' supports '-name': using packaging.dev.uncompleted.org
[DBG] '/usr/bin/openssl s_client' supports '-xmpphost': using -xmpphost www.debian.org
[DBG] temporary file /tmp/1CZ6HG created
[DBG] temporary file /tmp/IrFtrF created
[DBG] temporary file /tmp/qjRIxX created
[DBG] temporary file /tmp/8lGWvs created
[DBG] temporary file /tmp/eQ048p created
[DBG] temporary file /tmp/Cm7zJq created
[DBG] temporary file /tmp/UyF4vq created
downloading certificate to /tmp
[DBG] www.debian.org is not an IP address
[DBG] executing with timeout (120s): printf 'HEAD / HTTP/1.1
[DBG] Host: www.debian.org
[DBG] User-Agent: check_ssl_cert/1.144.0
[DBG] Connection: close
[DBG]
[DBG] ' | /usr/bin/openssl s_client    -crlf -ign_eof  -connect www.debian.org:443 -servername www.debian.org   -showcerts -verify 6       2> /tmp/IrFtrF 1> /tmp/1CZ6HG
[DBG] /usr/bin/timeout 120 /bin/sh -c "printf 'HEAD / HTTP/1.1
[DBG] Host: www.debian.org
[DBG] User-Agent: check_ssl_cert/1.144.0
[DBG] Connection: close
[DBG]
[DBG] ' | /usr/bin/openssl s_client    -crlf -ign_eof  -connect www.debian.org:443 -servername www.debian.org   -showcerts -verify 6       2> /tmp/IrFtrF 1> /tmp/1CZ6HG"
[DBG] storing a copy of the retrieved certificate in www.debian.org.crt
[DBG] Return value of the command = 0
[DBG] storing a copy of the retrieved certificate in /tmp/www.debian.org-443.crt
[DBG] storing a copy of the OpenSSL errors in /tmp/www.debian.org-443.error
Checking TLS renegotiation
[DBG] executing with timeout (120s): printf 'R
[DBG] ' | openssl s_client -connect www.debian.org:443 2>&1 | grep -F -q err
[DBG] /usr/bin/timeout 120 /bin/sh -c "printf 'R
[DBG] ' | openssl s_client -connect www.debian.org:443 2>&1 | grep -F -q err"
parsing the x509 certificate file
[DBG] Skipping 0 element of the chain
[DBG] ISSUERS =
[DBG] issuer=C = US, O = Let's Encrypt, CN = R3
[DBG] issuer=O = Digital Signature Trust Co., CN = DST Root CA X3
[DBG] ISSUERS =
[DBG] O = Let's Encrypt
[DBG] CN = R3
[DBG] O = Digital Signature Trust Co.
[DBG] CN = DST Root CA X3
[DBG] subject=CN = www.debian.org
[DBG] CN         = www.debian.org
[DBG] CA         = O = Let's Encrypt
[DBG] CA         = CN = R3
[DBG] CA         = O = Digital Signature Trust Co.
[DBG] CA         = CN = DST Root CA X3
[DBG] SERIAL     = 04C86FA1EB72A9671601C89687B4942BE8F9
[DBG] FINGERPRINT= 5F:DC:67:6A:27:F8:FD:26:18:01:AC:62:C5:95:2B:25:A8:2A:08:96
[DBG] OCSP_URI   = http://r3.o.lencr.org
[DBG] ISSUER_URI = http://r3.i.lencr.org/
[DBG]     Signature Algorithm: sha256WithRSAEncryption
[DBG] subjectAlternativeName = www.debian.org
[DBG] Checking expiration date
[DBG] Number of certificates in CA chain: 2
[DBG] Skipping 0 element of the chain
[DBG] ------------------------------------------------------------------------------
[DBG] Checking expiration date of element 1
[DBG] Validity date on cert element 1 is May 29 00:39:45 2021 GMT
[DBG] Date computations: GNU
[DBG] Computing number of hours until 'May 29 00:39:45 2021 GMT'
[DBG] Hours until May 29 00:39:45 2021 GMT: 1787
[DBG] executing: /usr/bin/openssl x509 -noout -checkend 0 on cert element 1
[DBG] executing: /usr/bin/openssl x509 -noout -checkend 1296000 on cert element 1
[DBG] executing: /usr/bin/openssl x509 -noout -checkend 1728000 on cert element 1
[DBG] ------------------------------------------------------------------------------
[DBG] Checking OCSP status of element 1
[DBG] temporary file /tmp/RKR9iG created
[DBG] Storing the chain element in /tmp/RKR9iG
[DBG] Checking revokation via OCSP
[DBG] Issuer hash: 8d33f237
[DBG] Chain element issuer URIs: http://r3.i.lencr.org/
[DBG] checking issuer URIs: http://r3.i.lencr.org/
[DBG] OCSP: fetching issuer certificate http://r3.i.lencr.org/ to /tmp/Cm7zJq
[DBG] executing with timeout (119s): /usr/bin/curl    --silent --location \"http://r3.i.lencr.org/\" > /tmp/Cm7zJq
[DBG] /usr/bin/timeout 119 /bin/sh -c "/usr/bin/curl    --silent --location \"http://r3.i.lencr.org/\" > /tmp/Cm7zJq"
[DBG] OCSP: issuer certificate type (1):  data
[DBG] OCSP: issuer certificate type (2):  data
[DBG] OCSP: converting issuer certificate from DER to PEM
[DBG] OCSP: issuer certificate type (3):  PEM certificate
[DBG] OCSP: storing a copy of the retrieved issuer certificate to /tmp/r3.i.lencr.org
[DBG] OSCP: URIs = http://r3.o.lencr.org
[DBG] OSCP: URI = http://r3.o.lencr.org
[DBG] OCSP: host = r3.o.lencr.org
[DBG] openssl ocsp supports the -header option
[DBG] /usr/bin/openssl ocsp -header requires 'key=value'
[DBG] executing /usr/bin/openssl ocsp -timeout "119" -no_nonce -issuer /tmp/Cm7zJq -cert /tmp/RKR9iG  -url http://r3.o.lencr.org  -header HOST=r3.o.lencr.org
[DBG] OCSP: response = Response verify OK
[DBG] OCSP: response = /tmp/RKR9iG: good
[DBG] OCSP: response =  This Update: Mar 15 01:00:00 2021 GMT
[DBG] OCSP: response =  Next Update: Mar 22 01:00:00 2021 GMT
[DBG] ------------------------------------------------------------------------------
[DBG] Checking expiration date of element 2
[DBG] Validity date on cert element 2 is Sep 29 19:21:40 2021 GMT
[DBG] Date computations: GNU
[DBG] Computing number of hours until 'Sep 29 19:21:40 2021 GMT'
[DBG] Hours until Sep 29 19:21:40 2021 GMT: 4758
[DBG] executing: /usr/bin/openssl x509 -noout -checkend 0 on cert element 2
[DBG] executing: /usr/bin/openssl x509 -noout -checkend 1296000 on cert element 2
[DBG] executing: /usr/bin/openssl x509 -noout -checkend 1728000 on cert element 2
[DBG] ------------------------------------------------------------------------------
[DBG] Checking OCSP status of element 2
[DBG] temporary file /tmp/RGJcd9 created
[DBG] Storing the chain element in /tmp/RGJcd9
[DBG] Checking revokation via OCSP
[DBG] Issuer hash: 2e5ac55d
[DBG] Chain element issuer URIs: http://apps.identrust.com/roots/dstrootcax3.p7c
[DBG] checking issuer URIs: http://apps.identrust.com/roots/dstrootcax3.p7c
[DBG] OCSP: fetching issuer certificate http://apps.identrust.com/roots/dstrootcax3.p7c to /tmp/Cm7zJq
[DBG] executing with timeout (119s): /usr/bin/curl    --silent --location \"http://apps.identrust.com/roots/dstrootcax3.p7c\" > /tmp/Cm7zJq
[DBG] /usr/bin/timeout 119 /bin/sh -c "/usr/bin/curl    --silent --location \"http://apps.identrust.com/roots/dstrootcax3.p7c\" > /tmp/Cm7zJq"
[DBG] OCSP: issuer certificate type (1):  data
[DBG] OCSP: converting issuer certificate from PKCS #7 to PEM
[DBG] OCSP: issuer certificate type (2):  ASCII text
[DBG] OCSP: issuer certificate type (3):  ASCII text
[DBG] OCSP: storing a copy of the retrieved issuer certificate to /tmp/dstrootcax3.p7c
[DBG] OSCP: URIs =
grep: character class syntax is [[:space:]], not [:space:]
[DBG] Checking if OpenSSL version is at least 1.1.0 ( '1' '1' '0' ':0' )
[DBG] Current version 1.1.0l ( '1' '1' '0' 'l:108' )
./check_ssl_cert: 392: [: Illegal number:
[DBG]   false
./check_ssl_cert: 399: return: Illegal number:

Sorry for pushing you into this grep hell. :(

Many thanks, Jan.

matteocorti / check_ssl_cert

grep: character class syntax is [[:space:]], not [:space:] #263