search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
368 stars 132 forks source link

Only lists first unmatched name check #355

Closed peternewman closed 2 years ago

peternewman commented 2 years ago

This is reasonably low priority, but a nice to have I think.

Is your feature request related to a problem? Please describe.

If I run: ./check_ssl_cert -H 127.0.0.1 -c 20 -w 30 -n foo -n foo.example.com --altnames --debug

But I'm actually checking bar.example.com, where the cert also has an altname of bar.example.com (as well as bar).

It only lists the first name check that fails in the command (i.e. fails early).

Describe the solution you'd like

It would be good if it listed all the issues, so I don't just go and re-issue the cert as foo, and then find I also need the FQDN in there too!

Describe alternatives you've considered

Look at the Nagios config before re-issuing the cert.

Additional context

Tested, including debug, with 2.21.0.

peternewman commented 2 years ago

Amazing thanks @matteocorti ! I didn't think that would be fixed quite so quickly or easily!