search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
360 stars 132 forks source link

Gets tripped up if passed a directory named key.pkcs12 #473

Closed peternewman closed 9 months ago

peternewman commented 9 months ago

Describe the bug

If you are daft enough to have a directory (rather than a file) called key.pkcs12 it trips up the check. I don't know why it happened, I also haven't yet validated whether it would work correctly if the folder had a file with the same name inside it.

Sorry I've only tried it on 2.22.0 for now...

To Reproduce

Fails/throws a less clear error:

mkdir key.pkcs12
check_ssl_cert -f key.pkcs12
SSL_CERT UNKNOWN key.pkcs12: Error converting key.pkcs12: 139767932146112:error:0200B015:system library:fread:Is a directory:../crypto/bio/bss_file.c:152:

Throws a different error (admittedly not as clear as it could be potentially):

mkdir foodir
check_ssl_cert -f foodir
/bin/cat: foodir: Is a directory
unable to load CRL
140258245657024:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../crypto/asn1/asn1_lib.c:101:
Invalid command ''; type "help" for a list.
Invalid command ''; type "help" for a list.
unable to load certificate
140473507004864:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140517028315584:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140508979888576:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
Invalid command ''; type "help" for a list.
Invalid command ''; type "help" for a list.
Invalid command ''; type "help" for a list.
Invalid command ''; type "help" for a list.
unable to load certificate
140260636840384:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
unable to load certificate
139930951221696:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
SSL_CERT CRITICAL foodir: SSL error: unable to load certificate

Expected behavior

Behave the same when passed an empty folder, regardless of the name of it...

System (please complete the following information):

Additional context/output

N/A

matteocorti commented 9 months ago

Thanks for the report!