search

matteocorti / check_ssl_cert

A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection.
GNU General Public License v3.0
371 stars 132 forks source link

[2.84.3] regression: --dane broken #521

Closed bratkartoffel closed 1 month ago

bratkartoffel commented 1 month ago

Describe the bug

--dane is broken

To Reproduce

$> ./check_ssl_cert -H orf.at
SSL_CERT OK - orf.at:443, https, x509 certificate '*.orf.at' (orf.at) from 'Entrust, Inc.' valid until Jun 30 08:09:15 2025 GMT (expires in 274 days)|days_chain_elem1=274;20;15;; days_chain_elem2=2259;20;15;; days_chain_elem3=2261;20;15;;

$> ./check_ssl_cert -H orf.at --dane
SSL_CERT UNKNOWN:  can be specified only once

$> ./check_ssl_cert -H orf.at --dane 211
SSL_CERT UNKNOWN:  can be specified only once

Expected behavior

Check should succeed with dane enabled. 2.83.1 is fine.

System (please complete the following information):

netchild commented 1 month ago

Workaround: comment-out the check_option"${DANE}" "--dane" line.