forked from matteocorti/check_ssl_cert
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
124 lines (124 loc) · 8.01 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
2017-07-28 Version 1.51.0: Use openssl s_client's -help option to test for SNI support
2017-07-24 Version 1.50.0: Fix in the Common Name parsing
2017-07-17 Version 1.49.0: Support for OpenSSL 1.1
2017-06-22 Version 1.48.0: Checks for missing subjectAlternativeName extension (https://support.google.com/chrome/a/answer/7391219?hl=en)
2017-06-15 Version 1.47.0: Fixed an issue with OCSP URI with protocols other than HTTP or HTTPS
2017-05-15 Version 1.46.0: Fixed a problem with the detection of OCSP URLs
2017-05-02 Version 1.45.0: Fixed bugs in the date computation and OCSP checks
2017-04-28 Version 1.44.0: Fixed a bug occurring when more than one issuer URI is present
2017-03-07 Version 1.43.0: Support for LDAP
2017-02-16 Version 1.42.0: Support for OpenSSL > 1.1.0
2017-02-10 Version 1.41.0: Added --sni to specify the server name
2017-02-08 Version 1.40.0: Changed the CN output when --altnames is used
2017-02-02 Version 1.39.0: Fixed a bug related to SNI
2017-02-02 Version 1.38.2: Fixed a bug in the command line argument parsing
2017-01-29 Version 1.38.1: Small corrections in the documentation
2017-01-28 Version 1.38.0: Added support for wildcards in alternative names and caching of the issuer certificate
2016-12-23 Version 1.37.0: Added a patch to specify multiple CNs
2016-12-13 Version 1.36.2: fixed a minor problem with --debug
2016-12-06 Version 1.36.1: fixed a problem when specifying a CN beginning with *
2016-12-04 Version 1.36.0: fixed problem when file is returing PEM certificate on newer
Linux distributions
added an option to specify the location of the file utility
2016-10-18 Version 1.35.0: added support for the selection of the cipher authentication
2016-09-19 Version 1.34.0: added proxy support for the OCSP checks (thanks to Leynos)
2016-08-04 Version 1.33.0: disabling OCSP checks when no issuer URI is found
2016-07-29 Version 1.32.0: added support for date with timestamp calculation and
fixed case sensitive comparison of CN
2016-07-12 Version 1.31.0 Fixed the parsing of the CN field
2016-06-30 Version 1.30.0 OCSP check is fixed and enabled by default
2016-06-15 Version 1.29.0 New option to clear the cached value at SSL Labs
IRC support
2016-06-01 Version 1.28.0 Increased control over which SSL/TLS versions to use
2016-03-29 Version 1.27.0 Fixes a bug in the OpenSSL error parsing
2016-03-29 Version 1.26.0 Fixes a bug in wildcard match
2016-03-21 Version 1.25.0 Fixes a bug on CN parsing on non-GNU systems
Handle wildcard certificates
2016-03-09 Version 1.24.0 Waits for SSL Labs Results
2016-03-07 Version 1.23.0 Supports SNI even when not checking CN and does not
issue a critical when SSL Labs is still checking a host
2016-03-03 Version 1.22.0 Initial support for SSL Labs checks
Support for UTF output (thanks to Konstantin Shalygin)
2016-03-01 Version 1.21.0 Fixed a bug which prevented the check on the expiration date
2016-02-26 Version 1.20.0 Added debugging output (-d or --debug)
Improved the handling of OpenSSL error messages
Does not stop the validation if the server requires a
client certificate
2016-02-25 Version 1.19.0 Added a check for certificates signed with SHA-1 or MD5
Added an option to disable the expiration date check
2015-10-31 Version 1.18.0 Added an option to check the certificate's serial number
(thanks to Milan Koudelka)
2015-10-20 Version 1.17.2 Fixed a bug with OCSP
2015-04-07 Version 1.17.1 Fixed the check on the openssl binary
2014-10-21 Version 1.17.0 Added an option to check revocation via OCSP
2014-06-06 Version 1.16.2 Fixed a problem with -servername when -n was not specified
2014-02-28 Version 1.16.1 Added a Make target for the RPM package
2013-12-23 Version 1.16.0 Added an option to force TLS version 1
2013-07-29 Version 1.15.0 Added an option to force a certain SSL version (thanks
to Max Winterstein)
2013-05-12 Version 1.14.6 Added XMPP and timeout support (thanks to Christian
Ruppert and Robin H. Johnson)
2013-03-02 Version 1.14.5 Fixed a bug occuring with TLS and multiple names in
the certificate
2012-12-07 Version 1.14.4 Fixed a bug causing -N to always compare the CN
with 'localhost'
2012-09-19 Version 1.14.3 Improved the error message in case of a failure in
the certificate download
2012-07-13 Version 1.14.2 Added the name since or to expiration in the plugin
output.
2012-07-11 Version 1.14.1 FIxed a bug with Perl date computation on some systems
2012-07-06 Version 1.14.0 The status now includes performance data in days until
expiration (requires perl with Date::Parse).
It is now possible to print additional information in
the plugins long output (multiline, Nagios 3 only)
2012-04-05 Version 1.13.0 The plugin will now try to fetch the certificate without
without TLS extensions in case of error
2012-04-04 Version 1.12.0 Fixed a bug in the chain verification (hard coded
error number)
2011-10-22 Version 1.11.0 --altname option
2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenicate
using a client certificate
2011-03-10 Version 1.9.1 Allows HTTP as protocol and fixes -N with wildcards
2011-01-24 Version 1.9.0 Added an option to specify the openssl executable
2010-12-16 Version 1.8.1 Fixed bugs with environment bleeding & shell globbing
2010-12-08 Version 1.8.0 Added support for TLS servername extension in
ClientHello
2010-10-28 Version 1.7.7 Fixed a bug in the signal specification introduced
in 1.7.6
2010-10-28 Version 1.7.6 Better temporary file clean up (thanks to Lawren
Quigley-Jones)
2010-10-14 Version 1.7.5 Applied a patch from Yannick Gravel fixing the test
order
2010-10-01 Version 1.7.4 Applied a patch from Lawren Quigley-Jones adding the
-A option
2010-09-15 Version 1.7.3 Fixed a bug in the option processing
2010-08-26 Version 1.7.2 Removes useless use of cat, better test for expect
utility
2010-08-26 Version 1.7.1 Replaces "-verify 6" which was erroneously removed in
the previous version
2010-08-26 Version 1.7.0 Overloaded --rootcert option to allow -CApath as well
as -CAfile
2010-07-21 Version 1.6.1 Added an option to specify where to temporarily
store the certificate
2010-07-09 Version 1.6.0 Added long command line options and substituted
-days with --critical and --warning
2010-07-07 Version 1.5.2 Added the -f option to check a local file
2010-07-01 Version 1.5.1 Fixed the plugin output
2010-03-11 Version 1.4.4 Fixed bug #64 (== bashism)
2010-03-09 Version 1.4.3 -N and -n options to compare the CN to an hostname
2009-12-02 Version 1.4.2 the -i ISSUER option now checks if the O= or the
CN= fields of the root certificate match
2009-11-30 Version 1.4.1 -r to specify the root cert to be used for
verification
2009-11-30 Version 1.4.0 certificate chain verification
2009-03-30 Version 1.3.0 -P option to check TLS certificates
(SMTP, FTP, POP3, ...)
2008-05-13 Version 1.2.2 include the CN in the messages (D. Wallis)
2008-02-25 Version 1.2.1 better error handling
2008-02-25 Version 1.2.0 general cleanup (POSIX compliance, removed
nmap dependency, ...) from Dan Wallis
2007-08-31 Version 1.1.0 - option to enforce a given email address
- option to enforce a given organization
- temporary files cleanup upon exit
2007-08-15 Bug fix: openssl did not close the connection cleanly
2007-08-10 First release (1.0)