Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#995372: check_ssl_cert: cannot handle ipv6 address literals
20 views
Skip to first unread message
Peter Palfrader
Sep 30, 2021, 9:50:03 AM9/30/21
to
Package: monitoring-plugins-contrib
Version: 35.20210512
Severity: normal
Tags: patch
Hi!
Using check_ssl_cert with an ipv6 address host does not work as
expected:
| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H 2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni www.palfrader.org
| SSL_CERT UNKNOWN: Cannot resolve 2001:858:10f:100::19:1
| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H www.palfrader.org --resolve 2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni www.palfrader.org
| SSL_CERT CRITICAL www.palfrader.org: 2001:858:10f:100::19:1 is not a valid hostname
The attached patch makes it work. As a side effect, it does require
giving a --cn if host is an ipv4 or ipv6 literal. If you disagree about
that chnge, feel free to drop that part.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
Version: 35.20210512
Severity: normal
Tags: patch
Hi!
Using check_ssl_cert with an ipv6 address host does not work as
expected:
| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H 2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni www.palfrader.org
| SSL_CERT UNKNOWN: Cannot resolve 2001:858:10f:100::19:1
| weasel@sarek:~/ssl$ ./check_ssl_cert.0 --ignore-ocsp -H www.palfrader.org --resolve 2001:858:10f:100::19:1 -p 443 --cn www.palfrader.org --sni www.palfrader.org
| SSL_CERT CRITICAL www.palfrader.org: 2001:858:10f:100::19:1 is not a valid hostname
The attached patch makes it work. As a side effect, it does require
giving a --cn if host is an ipv4 or ipv6 literal. If you disagree about
that chnge, feel free to drop that part.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
Sebastiaan Couwenberg
Sep 30, 2021, 10:00:03 AM9/30/21
to
Hi Peter,
Thanks for your patches. Would you consider cutting out the middleman
and submitting these upstream directly?
https://github.com/matteocorti/check_ssl_cert
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Thanks for your patches. Would you consider cutting out the middleman
and submitting these upstream directly?
https://github.com/matteocorti/check_ssl_cert
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
0 new messages