search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
368 stars 132 forks source link

Handle ipv6 address literals #344

Closed waja closed 2 years ago

waja commented 2 years ago

Using check_ssl_cert with an ipv6 address host does not work as expected:

| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H 2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni www.palfrader.org
| SSL_CERT UNKNOWN: Cannot resolve 2001:858:10f:100::19:1

| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H www.palfrader.org --resolve 2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni www.palfrader.org
| SSL_CERT CRITICAL www.palfrader.org: 2001:858:10f:100::19:1 is not a valid hostname

The attached patch makes it work. As a side effect, it does require giving a --cn if host is an ipv4 or ipv6 literal. If you disagree about that chnge, feel free to drop that part.

matteocorti commented 2 years ago

Thanks but HOST_ADDR_SCLIENT is never assigned ...

matteocorti commented 2 years ago

Thanks, in the meanwhile I fixed the issue

waja commented 2 years ago

There was a missing change, I commited the missing part

matteocorti commented 2 years ago

Already fixed in d89929f