search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
368 stars 132 forks source link

Failing to connect with OpenSSL 3.0.0 (with -d) #336

Closed matteocorti closed 2 years ago

matteocorti commented 2 years ago

Describe the bug

The plugin fails to connect with OpenSSL 3.0.0 when debugging is enabled:

To Reproduce

$ ./check_ssl_cert -H www.google.com  -d
[...]
SSL_CERT CRITICAL www.google.com: SSL error: 8005CC0401000000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:309:|days_chain_elem1=61;20;15;; days_chain_elem2=2150;20;15;; days_chain_elem3=2270;20;15;;

Expected behavior

The same without -d

$ ./check_ssl_cert -H www.google.com  
SSL_CERT OK - x509 certificate 'www.google.com' from 'GTS CA 1C3' valid until Jan 10 10:15:55 2022 GMT (expires in 61 days)|days_chain_elem1=61;20;15;; days_chain_elem2=2150;20;15;; days_chain_elem3=2270;20;15;;

System (please complete the following information):