forked from matteocorti/check_ssl_cert
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
209 lines (209 loc) · 14.1 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
2020-12-22 Version 1.128.0: Added --no-proxy to ignore proxy settings
2020-12-21 Version 1.127.0: Better handling of certificates without CN in the subject
2020-12-16 Version 1.126.0: Corrected the handling of old nmap versions
2020-12-11 Version 1.125.0: Corrected the handling of the issuer URI
2020-11-31 Version 1.124.0: Bug fix when using a proxy
2020-11-30 Version 1.123.0: Enhancement: option to check the nth element
2020-08-07 Version 1.122.0: Bug fix, --skip-element and --custom-header
2020-07-24 Version 1.121.0: Bug fix release
2020-07-02 Version 1.120.0: MySQL support
2020-07-01 Version 1.119.0: Bug fix release
2020-06-12 Version 1.118.0: Bug fix release
2020-06-09 Version 1.117.0: Fixed a bug in the output (expiration date of chain elements)
2020-06-05 Version 1.116.0: Supports s_client -proxy option
2020-06-04 Version 1.115.0: Checks all the certificates in the chain
New option to check that the issuer does not match a given pattern
2020-05-27 Version 1.114.0: Added an option to specify a proxy
2020-05-19 Version 1.113.0: Fixed a bug with nmap and hosts with IPv6 addresses only
2020-04-07 Version 1.112.0: Timeout for OCSP queries and option to ignore timeout errors and PostgreSQL support
2020-03-09 Version 1.111.0: New option (--not-valid-longer-than) to check if a certificate is valid longer than the
specified number of days
2020-02-17 Version 1.110.0: Added support for xmpp-server in the STARTTLS negotiation
2020-01-07 Version 1.109.0: Option to force HTTP/2
2019-12-23 Version 1.108.0: Better error message in case of connection refused
2019-12-20 Version 1.107.0: Better error message in case of an invalid host
2019-11-21 Version 1.106.0: Optional checks for protocols that should not be supported
2019-11-04 Version 1.105.0: SMTP connections with -name only with OpenSSL versions supporting it
2019-11-04 Version 1.104.0: Fixed a bug in the SMTP connection
2019-10-31 Version 1.103.0: Fixed a bug with the interpretation of OpenSSL errors
2019-10-25 Version 1.102.0: Option to specify the dig binary and fix in the command line validation checks
2019-10-22 Version 1.101.0: Fixed a bug printing both a critical and a warning message when both condition match
2019-10-18 Version 1.100.0: Fixed a bug ignoring --dane without parameters
2019-10-16 Version 1.99.0: DNS-based Authentication of Named Entities (DANE) checks
2019-10-10 Version 1.98.0: Bug fix release: A wildcard certificate does not match the 'main' domain, ciphers and TLS 1.3
2019-10-09 Version 1.97.0: Validate OCSP stapling expiring date, option to disable TLS 1.3
2019-09-25 Version 1.96.0: Bug fixes
2019-09-24 Version 1.95.0: Bug fixes
2019-09-24 Version 1.94.0: Several bugs fixed
2019-09-24 Version 1.93.0: Fixed a bug in the processing of the SSL Labs options
2019-09-24 Version 1.92.0: Bug fix in the OCSP check
2019-09-23 Version 1.91.0: Various minor improvements and fixes
2019-09-19 Version 1.90.0: Bug fix, did not always print all the detected errors
2019-08-22 Version 1.89.0: Prints all the errors
2019-08-09 Version 1.88.0: Add an option to force IPv4 or IPv6
2019-08-08 Version 1.87.0: LDAPS support
2019-07-21 Version 1.86.0: Fixed a bug and enabled extended regex search
2019-06-02 Version 1.85.0: Improved the warnings when using the --file option
2019-03-28 Version 1.84.0: Added an option to specify the cURL user agent
2019-03-01 Version 1.83.0: Spelling corrections
2019-02-08 Version 1.82.0: Added a check on the readability of the certificate file
2019-02-01 Version 1.81.0: Added an option to specify a warning level with SSL Labs
2019-01-16 Version 1.80.1: Fixed a problem on systems not supporting echo -e
2018-12-24 Version 1.80.0: Better output in case of errors while using SNI
2018-12-10 Version 1.79.0: Differentiate between IMAP on port 143 and IMAPS on port 993
Fixed a vulnerability in the parsing of the certificate issuer
2018-11-07 Version 1.78.0: Bug fixes in IMAP and HTTP requests
2018-11-05 Version 1.77.0: CA file and directory support
2018-10-19 Version 1.76.0: Sends a correct HTTP request
2018-10-18 Version 1.75.0: Allow to specify a client certificate key
2018-10-15 Version 1.74.0: Fixed a bug generating a confusing error message on timeout
2018-09-10 Version 1.73.0: Fixed a bug in the cleanup of temporary files, fixed a bug with certificates without OCSP
Fixed tests with more reliable hosts
Allows to check against all the issuers in the CA chain
Fixed a bug with --long-output on Linux
Fixed the validation of --critical and --warning
2018-07-01 Version 1.72.0: Corrected a bug introduced in 1.71.0: remove temporary files
2018-07-01 Version 1.71.0: Corrected a bug introduced in 1.70.0: wrong exit codes
2018-06-28 Version 1.70.0: Improved the management of temporary files
2018-06-25 Version 1.69.0: Added an option to require OCSP stapling
2018-04-29 Version 1.68.0: Removed the SNI name check
2018-04-17 Version 1.67.0: Terse output, warning if the specified server name is not found in the certificate and --format option
2018-04-06 Version 1.66.0: UTF-8 output
2018-03-29 Version 1.65.0: Bug fix release
2018-03-28 Version 1.64.0: Remove cURL dependency
2018-03-17 Version 1.63.0: Support for TLS 1.3
2018-03-06 Version 1.62.0: Support for LibreSSL
2018-01-19 Version 1.61.0: Fixed a bug handling more than one OCSP host
2017-12-15 Version 1.60.0: Fixed a bug related to XMPP introduced in the last version
2017-12-14 Version 1.59.0: Added an option to specify the 'to' attribute of the XMPP stream element
2017-11-29 Version 1.58.0: Support for DER encoded CRL files
2017-11-28 Version 1.57.0: Added --fingerprint to check the SHA1 fingerprint of the certificate
2017-11-17 Version 1.56.0: Added support for -xmpphost if available
2017-11-16 Version 1.55.0: Fixed XMPP support and IPv6 addresses as host
2017-09-19 Version 1.54.0: With the -f command line option, you can also specify a certificate revocation list (CRL)
2017-09-10 Version 1.53.0: The timeout is applied to OCSP checks
2017-09-09 Version 1.52.0: The SAN requirement check is now optional
2017-07-28 Version 1.51.0: Use openssl s_client's -help option to test for SNI support
2017-07-24 Version 1.50.0: Fix in the Common Name parsing
2017-07-17 Version 1.49.0: Support for OpenSSL 1.1
2017-06-22 Version 1.48.0: Checks for missing subjectAlternativeName extension (https://support.google.com/chrome/a/answer/7391219?hl=en)
2017-06-15 Version 1.47.0: Fixed an issue with OCSP URI with protocols other than HTTP or HTTPS
2017-05-15 Version 1.46.0: Fixed a problem with the detection of OCSP URLs
2017-05-02 Version 1.45.0: Fixed bugs in the date computation and OCSP checks
2017-04-28 Version 1.44.0: Fixed a bug occurring when more than one issuer URI is present
2017-03-07 Version 1.43.0: Support for LDAP
2017-02-16 Version 1.42.0: Support for OpenSSL > 1.1.0
2017-02-10 Version 1.41.0: Added --sni to specify the server name
2017-02-08 Version 1.40.0: Changed the CN output when --altnames is used
2017-02-02 Version 1.39.0: Fixed a bug related to SNI
2017-02-02 Version 1.38.2: Fixed a bug in the command line argument parsing
2017-01-29 Version 1.38.1: Small corrections in the documentation
2017-01-28 Version 1.38.0: Added support for wildcards in alternative names and caching of the issuer certificate
2016-12-23 Version 1.37.0: Added a patch to specify multiple CNs
2016-12-13 Version 1.36.2: fixed a minor problem with --debug
2016-12-06 Version 1.36.1: fixed a problem when specifying a CN beginning with *
2016-12-04 Version 1.36.0: fixed problem when file is returning PEM certificate on newer
Linux distributions
added an option to specify the location of the file utility
2016-10-18 Version 1.35.0: added support for the selection of the cipher authentication
2016-09-19 Version 1.34.0: added proxy support for the OCSP checks (thanks to Leynos)
2016-08-04 Version 1.33.0: disabling OCSP checks when no issuer URI is found
2016-07-29 Version 1.32.0: added support for date with timestamp calculation and
fixed case sensitive comparison of CN
2016-07-12 Version 1.31.0 Fixed the parsing of the CN field
2016-06-30 Version 1.30.0 OCSP check is fixed and enabled by default
2016-06-15 Version 1.29.0 New option to clear the cached value at SSL Labs
IRC support
2016-06-01 Version 1.28.0 Increased control over which SSL/TLS versions to use
2016-03-29 Version 1.27.0 Fixes a bug in the OpenSSL error parsing
2016-03-29 Version 1.26.0 Fixes a bug in wildcard match
2016-03-21 Version 1.25.0 Fixes a bug on CN parsing on non-GNU systems
Handle wildcard certificates
2016-03-09 Version 1.24.0 Waits for SSL Labs Results
2016-03-07 Version 1.23.0 Supports SNI even when not checking CN and does not
issue a critical when SSL Labs is still checking a host
2016-03-03 Version 1.22.0 Initial support for SSL Labs checks
Support for UTF output (thanks to Konstantin Shalygin)
2016-03-01 Version 1.21.0 Fixed a bug which prevented the check on the expiration date
2016-02-26 Version 1.20.0 Added debugging output (-d or --debug)
Improved the handling of OpenSSL error messages
Does not stop the validation if the server requires a
client certificate
2016-02-25 Version 1.19.0 Added a check for certificates signed with SHA-1 or MD5
Added an option to disable the expiration date check
2015-10-31 Version 1.18.0 Added an option to check the certificate's serial number
(thanks to Milan Koudelka)
2015-10-20 Version 1.17.2 Fixed a bug with OCSP
2015-04-07 Version 1.17.1 Fixed the check on the openssl binary
2014-10-21 Version 1.17.0 Added an option to check revocation via OCSP
2014-06-06 Version 1.16.2 Fixed a problem with -servername when -n was not specified
2014-02-28 Version 1.16.1 Added a Make target for the RPM package
2013-12-23 Version 1.16.0 Added an option to force TLS version 1
2013-07-29 Version 1.15.0 Added an option to force a certain SSL version (thanks
to Max Winterstein)
2013-05-12 Version 1.14.6 Added XMPP and timeout support (thanks to Christian
Ruppert and Robin H. Johnson)
2013-03-02 Version 1.14.5 Fixed a bug occurring with TLS and multiple names in
the certificate
2012-12-07 Version 1.14.4 Fixed a bug causing -N to always compare the CN
with 'localhost'
2012-09-19 Version 1.14.3 Improved the error message in case of a failure in
the certificate download
2012-07-13 Version 1.14.2 Added the name since or to expiration in the plugin
output.
2012-07-11 Version 1.14.1 FIxed a bug with Perl date computation on some systems
2012-07-06 Version 1.14.0 The status now includes performance data in days until
expiration (requires perl with Date::Parse).
It is now possible to print additional information in
the plugins long output (multiline, Nagios 3 only)
2012-04-05 Version 1.13.0 The plugin will now try to fetch the certificate without
without TLS extensions in case of error
2012-04-04 Version 1.12.0 Fixed a bug in the chain verification (hard coded
error number)
2011-10-22 Version 1.11.0 --altname option
2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenicate
using a client certificate
2011-03-10 Version 1.9.1 Allows HTTP as protocol and fixes -N with wildcards
2011-01-24 Version 1.9.0 Added an option to specify the openssl executable
2010-12-16 Version 1.8.1 Fixed bugs with environment bleeding & shell globbing
2010-12-08 Version 1.8.0 Added support for TLS servername extension in
ClientHello
2010-10-28 Version 1.7.7 Fixed a bug in the signal specification introduced
in 1.7.6
2010-10-28 Version 1.7.6 Better temporary file clean up (thanks to Lawren
Quigley-Jones)
2010-10-14 Version 1.7.5 Applied a patch from Yannick Gravel fixing the test
order
2010-10-01 Version 1.7.4 Applied a patch from Lawren Quigley-Jones adding the
-A option
2010-09-15 Version 1.7.3 Fixed a bug in the option processing
2010-08-26 Version 1.7.2 Removes useless use of cat, better test for expect
utility
2010-08-26 Version 1.7.1 Replaces "-verify 6" which was erroneously removed in
the previous version
2010-08-26 Version 1.7.0 Overloaded --rootcert option to allow -CApath as well
as -CAfile
2010-07-21 Version 1.6.1 Added an option to specify where to temporarily
store the certificate
2010-07-09 Version 1.6.0 Added long command line options and substituted
-days with --critical and --warning
2010-07-07 Version 1.5.2 Added the -f option to check a local file
2010-07-01 Version 1.5.1 Fixed the plugin output
2010-03-11 Version 1.4.4 Fixed bug #64 (== bashism)
2010-03-09 Version 1.4.3 -N and -n options to compare the CN to an hostname
2009-12-02 Version 1.4.2 the -i ISSUER option now checks if the O= or the
CN= fields of the root certificate match
2009-11-30 Version 1.4.1 -r to specify the root cert to be used for
verification
2009-11-30 Version 1.4.0 certificate chain verification
2009-03-30 Version 1.3.0 -P option to check TLS certificates
(SMTP, FTP, POP3, ...)
2008-05-13 Version 1.2.2 include the CN in the messages (D. Wallis)
2008-02-25 Version 1.2.1 better error handling
2008-02-25 Version 1.2.0 general cleanup (POSIX compliance, removed
nmap dependency, ...) from Dan Wallis
2007-08-31 Version 1.1.0 - option to enforce a given email address
- option to enforce a given organization
- temporary files cleanup upon exit
2007-08-15 Bug fix: openssl did not close the connection cleanly
2007-08-10 First release (1.0)