search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
368 stars 132 forks source link

OpenSSL 3.0.0 support #335

Closed matteocorti closed 2 years ago

matteocorti commented 2 years ago

Describe the bug

Several tests are failing with OpenSSL 3.0.0

To Reproduce

Run the test suite with OpenSSL 3.0.0

An example of a failing check:

$ ./check_ssl_cert -H www.inf.ethz.ch --cn WWW.INF.ETHZ.CH --altnames -c 1 -w 2
SSL_CERT CRITICAL www.inf.ethz.ch: SSL error: 8045010501000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:ssl/statem/extensions.c:880:

Expected behavior

No error

System (please complete the following information):

matteocorti commented 2 years ago

TLS renegotiation has to be ignored for this site with OpenSSL 3.0.0