Fix --ignore-incomplete-chain and add --fingerprint-alg to specify hash type for --fingerprint

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.

GNU General Public License v3.0

360 stars 132 forks source link

Fix --ignore-incomplete-chain and add --fingerprint-alg to specify hash type for --fingerprint #506

Closed agibson2 closed 4 months ago

agibson2 commented 4 months ago

Fixes # --ignore-incomplete-chain still giving an error when CA cert is not trusted.

Proposed Changes

Add the code to the extract_cert_attribute() to also detect untrusted certificate

matteocorti commented 4 months ago

Thanks for the fix. I will integrate the option to specify the algorithm but I have to check the idea about the incomplete chain: as far as I remember is to validate just the first certificate but to still throw an error if this is not valid. I'll take a look in the next days.

agibson2 commented 4 months ago

Thanks. Fork deleted.