- 2024-10-15 Version 2.85.0
- Removed
X-Frame-Options
from the list of the required HTTP headers (is now deprecated)
- Removed
- 2024-10-02 Version 2.84.5
- Fixed a in the command line options validation for
--url
and--user-agent
- Fixed a in the command line options validation for
- 2024-10-02 Version 2.84.4
- Fixed a problem on openSUSE
- 2024-09-27 Version 2.84.3
- Options specified in a configuration file can be overridden again
- 2024-09-27 Version 2.84.2
- Minor bug fix removing spurious debugging output
- 2024-09.26 Version 2.84.1
- Bug fixes in the handling of command line options
- 2024-09-24 Version 2.84.0
- Avoid the repeated specification of certain command line arguments
- Improved the documentation of
--issuer
and--email
- 2024-09-10 Version 2.83.1
- Fixes the output of missing arguments on Nagios
- 2024-08-15 Version 2.83.0
- Shows
--info
event in case of a problem
- Shows
- 2024-07-11, Version 2.82.0
- Better error handling in subroutines
- Fetch HTTP headers for --debug-headers even if no header check is enabled
- 2024-05-28 Version 2.81.1
- Fix in the Icinga2 configuration file
- 2024-03-27 Version 2.81.0
- Support for SNI with nmap
- Added the
--fingerprint-alg
option to specify which algorithm to be used with --fingerprint.
- 2024-02-28 Version 2.80.0
- Add support to ignore unclean TLS shutdowns
- 2024-01-14 Version 2.79.0
- SIPS support
- 2023-11-30 Version 2.78.0
- QUIC support
- OpenSSL 3.2.0 Support
- 2023-11-23 Version 2.77.0
- Added support for MQTTS
- 2023-10-30 Version 2.76.0
--info
output at the end- Added a check if
--file
is a directory - 2023-09-27 Version 2.75.0
- Fixed an issue with the timeout
- 2023-09-13 Version 2.74.0
- Fixed an issue in the
/etc/hosts
parsing
- Fixed an issue in the
- 2023-08-26 Version 2.73.0
- Fixed a bug with ocsp checks using a proxy and OpenSSL 1.X
- 2023-07-28 Version 2.72.0
- Fixed a bug if the host cannot be resolved and
--resolve
is specified
- Fixed a bug if the host cannot be resolved and
- 2023-07-19 Version 2.71.0
- Display the port number in the critical and warning output
- 2023-05-20 Version 2.70.0
- Added an option to skip the test to see if the host can be resolved
- Added an option to resolve an host using DNS over HTTP
- Added the Icigna2 configuration file
- 2023-05-12 Version 2.69.0
- Added an option to skip the test to see if the host can be resolved
- Added an option to resolve an host using DNS over HTTP
- 2023-04-28 Version 2.68.0
- Fixes the protocol used by nmap if the host is resolved with /etc/hosts
- Do not convert a CRL if already in the correct format
- Removed a PCRE grep expression (non-standard)
- 2023-04-24 Version 2.67.0
- Considers /etc/hosts for the existence checks
- 2023-04-21 Version 2.66.0
- Fixed a problem with decimal critical or warning values and expired certificates
- 2023-04-21 Version 2.65.0
- Fixed CRL output format parsing
- 2023-04-07 Version 2.64.0
- Fixed the resolution of hosts with IPv6 addresses only
- 2023-04-05 Version 2.63.0
- Command line option to ignore SSL Labs errors (
-ignore-ssl-labs-errors
) - Better checks for non-resolvable hosts
- Command line option to ignore SSL Labs errors (
- 2023-03-16 Version 2.62.0
- Fixed the output in case of timeout
- Fixed the ciphers with
--rsa
- 2023-03-09 Version 2.61.0
- Fixed the algorithms used by
--rsa
- Fixed the algorithms used by
- 2023-02-15 Version 2.60.0
- Hot fix for version 2.59 (bug fix for
--ignore-host-name
)
- Hot fix for version 2.59 (bug fix for
- 2023-02-15 Version 2.59.0
- Fixes
--ignore-host-cn
behaviour with--match
- Fixes
- 2023-01-16 Version 2.58.0
- Added the option
--security-level
- Added an option to ignore header problems with --all and --all-local (
--ignore-http-headers
)
- Added the option
- 2022-12-04 Version 2.57.0
- Support for DNS over TLS
- 2022-11-30 Version 2.56.0
- Adds the
--path
command line option
- Adds the
- 2022-10-25 Version 2.55.0
- Fixes for FreeBSD jails
- TDS checks now respect the timeout option
- 2022-10-20 Version 2.54.0
- Java KeyStore checks (thanks to claudioth)
- Bug fixes in the TDS checks
- 2022-10-19 Version 2.53.0
- Implemented a check for MS SQL (Tabular Data Stream, TDS)
- Fixed a bug in the date computations with Perl
- 2022-10-06 Version 2.52.0
- Removed spurious debugging output
- 2022-10-06 Version 2.51.0
- Fixed a bug in the chain checks
- 2022-10-06 Version 2.50.0
- Additional checks for the certificate chain (see
--check-chain
)
- Additional checks for the certificate chain (see
- 2022-09-27 Version 2.49.0
- The plugin is working without nmap (with some limitations)
- Fixed a bug in the processing of the --nmap-bin option
- 2022-09-24 Version 2.48.0
- Fixes the parsing of --require-no-http-header
- 2022-09-23 Version 2.47.0
- New options to check HTTP headers (see
--help
) - Options can now be specified in a configuration file (see README.md)
- Fixed a bug in the total certificate validity check if
--precision
is specified
- New options to check HTTP headers (see
- 2022-09-20 Version 2.46.0
- The maximum validity check is performed only for HTTPS, files or if the
--maximum-validity
option is specified.
- The maximum validity check is performed only for HTTPS, files or if the
- 2022-09-19 Version 2.45.0
- Checks the maximum certificate validity (397)
- 2022-09-13 Version 2.44.0
- Fixed a problem with grep 3.8
- Added
--grep-bin
to specify the grep binary to be used - Added
--debug-headers
to store the HTTP headers in the headers.txt file
- 2022-09-09 Version 2.43.0
- Rewrote the HTTP security header checks
- Fixed a bug when parsing certificates without purpose
- 2022-09-02 Version 2.42.0
- Disable nmap checks if a proxy is specified
- Added
--require-x-frame-options
to check for the X-Frame-Options header
- 2022-09-01 Version 2.41.0
- Fixed the parsing of UTF-8 certificate subjects
- Better OpenSSL error handling
- Fixed the HSTS check
- 2022-08-24 Version 2.40.0
- Fixed the parsing of the signature algorithm
- 2022-08-24 Version 2.39.0
nmap
is always required- added
%SIGALGO%
to the possible output formatting - added
--default-format
to display the default formatting output
- 2022-08-23 Version 2.38.0
- Fixed the handling of
--ignore-connection-problems
- Fixed the handling of
- 2022-08-17 Version 2.37.0
- New option
--require--hsts
to check for HTTP Strict Transport Security
- New option
- 2022-07-26 Version 2.36.0
- New option
--user-agent
to specify the user agent used by curl and by OpenSSL for HTTPS connections
- New option
- 2022-07-15 Version 2.35.0
- Better error handling
- Better handling of IPv6 addresses
- 2022-07-06 Version 2.34.0
- If x509 -ext is not supported no info on the certificate purpose is extracted
- 2022-07-01 Version 2.33.0
- Added DNSSEC checks
- 2022-06-17 Version 2.32.0
- Added checks for the certificate purpose
- 2022-06-11 Version 2.31.0
- Fixed a problem with Prometheus output
- 2022-06-01 Version 2.30.0<
- Fixed a bug in the prometheus output
- 2022-05-24 Version 2.29.0
- Support for DTLS
- Default ports for XMPP
- 2022-05-04 Version 2.28.0
- Fixed a bug in the connection check when specifying
--ignore-connection-problems
- Fixed a bug in the connection check when specifying
- 2022-04-28 Version 2.27.0
- Fixed a bug with the ciphers check with older nmap versions
- 2022-04-28 Version 2.26.0
- Fixed a bug with the ciphers check with older nmap versions
- Fixed a bug in the display of the expiration date
- 2022-04-13 Version 2.25.0
- Caching of the host names to be used with bash completion
- 2022-04-06 Version 2.24.0
- Fixes a problem with timeouts and SSL Labs
- 2022-03-24 Version 2.23.0
- Fixes a bug when the specified --match is an IP address
- An Unknown status is only returned for plugin-internal issues
- 2022-03-11 Version 2.22.0
- The protocol is shown in the output
- Processes files with .pkcs12 extension
- Display all the unmatched common names
- 2022-02-20 Version 2.21.0
- New option: --quiet
- The checked host and port are displayed in the output
- Better documnentation of the
--format
option - bash-completion now autocompletes hosts
- 2022-02-03 Version 2.20.0
- bash completion
- adding the reason of the timeout to the error message
- 2022-01-13 Version 2.19.0
--file
now accepts URIs (e.g., http://, https://, ftp://, file://, ...)- Added input validation for integers and floats
- 2022-01-12 Version 2.18.0
- Using floating point computations
- 2021-12-21 Version 2.17.0
- Fixed several issues when specifying a numeric IPv6 address
- Checking the whole chain with STARTTLS
- 2021-12-20 Version 2.16.0
- Remove the trailing . from FQDNs
- Fixed a problem with self signed certificates
- 2021-12-15 Version 2.15.0
- Error if HTTP/2 is requested but not offered by the server
- SSL 2.0 and SSL 3.0 disabled by --all and --all-local
- 2021-12-10 Version 2.14.0
- Added an option --info to print certificate information
- Fixed the IPv6 checks when ipconfig is not available
- Fixed a bug causing an unnecessary scan when checking for disallowed protocols
- 2021-11-24 Version 2.13.0
- Fixed a bug in the processing of error messages
- Handling of root certificates in DER format
- 2021-11-16 Version 2.12.0
- Improved verbose messages
- 2021-11-11 Version 2.11.0
- Several fixes in the documentation
- Works with OpenSSL 3.0.0
- Fixes a bug in the processing of certificate issuers containing commas
- 2021-10-22 Version 2.10.4
- Fixes the organization check
- 2021-10-21 Version 2.10.3
- Fixes --rsa on systems not supporting PSS
- Uses mktemp if available (the workaround is only used if not available for speed reasons)
- 2021-10-14 Version 2.10.2
- Improved the certificate chain check of local bundles
- 2021-10-12 Version 2.10.1
- Fixed the certificate chain check
- 2021-10-11 Version 2.10.0
- Checks the certificate chain integrity
- Does not accept certificates without SANs (use --allow-empty-san to ignore)
- Bug fix in the handling of errors while fetching certificates
- Allows a check on invalid FQDNs containing an underscore
- 2021-10-06 Version 2.9.1
- Accepts certificates without subject alternative names
- Added an option (--debug-time) to print the elapsed time in the debugging output
- 2021-10-01 Version 2.9.0
- The --skip-element option can now be specified multiple times and specifies to skip a single
- element of the certificate chain
- 2021-09-29 Version 2.8.0
- Adds a check for acceptable client certificate CAs (--require-client-cert [list])
- Supporting certificate expiration after 2038-01-19 on 32 bit systems
- Adds an option (--ignore-connection-problem) to set a custom state in case of connection failures
- Adds two options to selectively disable proxy setting for curl and s_client
- (--no-proxy-curl and --no-proxy-s_client)
- 2021-09-24 Version 2.7.0
- Critical and warning can now be floating point numbers
- 2021-09-21 Version 2.6.1
- Fixed the output of several messages
- Fixed the order of the critical messages
- Fixed a problem when checking a local CRL (no STC checks and automatic conversion from DER format)
- Fixed a problem with the tests with IPv6
- Fixed a problem when checking a local certificate (does not try to connect to localhost to check for renegotiation)
- 2021-09-17 Version 2.6.0
- Added the --prometheus command line option to generate output for Prometheus/OpenMetrics
- Automatically assume localhost if --file is specified
- 2021-09-16 Version 2.5.2
- Bug fix: fixed the output in case or multiple errors
- 2021-09-15 Version 2.5.1
- Bug fix: fixed the detection of server internal errors by OCSP checks
- 2021-09-15 Version 2.5.0
- Added the --ignore-ocsp-errors command line option
- Bug fix: fixed the behavior of the --element command line option
- 2021-08-31 Version 2.4.3
- Fixed the connection to the TLS renegotiation on FreeBSD
- Detects old BSD date without -f and computes the date with dconv
- 2021-08-27 Version 2.4.2
- Fixed the handling of IP addresses
- 2021-08-19 Version 2.4.1
- Fixed the handling of --file and --cn
- 2021-08-16 Version 2.4.0
- Support DANE TLSA 312
- 2021-08-13 Version 2.3.8
- Bug fix: fixed the parsing of the --cn command line option
- Bug fix: better validation of the host command line argument
- 2021-07-09 Version 2.3.7
- Bug fix: performance data is no more shown by critical and warning message when --no-perf is specified
- 2021-06-23 Version 2.3.6
- Bug fix: follows symbolic links
- 2021-06-22 Version 2.3.5
- Bug fix: correct parsing of file(1) ou
- 2021-06-18 Version 2.3.4
- Stop the SSL Labs checks after an error
- 2021-06-16 Version 2.3.3
- Speedup the offered ciphers check
- 2021-06-03 Version 2.3.2
- Bug fix: always uses the specifies OpenSSL binary and respects the specified IP version
- 2021-05-28 Version 2.3.1
- Compatibility fixes for LibreSSL on macOS
- Added sanity checks for file write operations
- 2021-05-21 Version 2.3.0
- Added the --debug-file option
- 2021-05-07 Version 2.2.0
- Bug fix: --debug does not store any information in $TMPDIR anymore
- To locally store the retrieved certificates in debug mode the option --debug-cert has to be specified
- 2021-05-06 Version 2.1.4
- Bug fix in the handling of Qualy's SSL Lab command line options
- 2021-05-05 Version 2.1.3
- Bug fix in the Qualy's SSL Lab check of non-reachable machines
- 2021-04-30 Version 2.1.2
- Add domain if FQDN is missing
- 2021-04-29 Version 2.1.1
- Correct handling of subdomains with underscores
- 2021-04-25 Version 2.1.0
- Added an option to hide performance data
- Fixed a bug in the critical and warning output when the CN is not available
- 2021-04-07 Version 2.0.1
- Fixed a bug in renegotiation checks with STARTTLS
- 2021-03-29 Version 2.0.0
- Fixed the documentation of various options
- The host name must now always match with the certificate
- Short options can be grouped (e.g., -vs -c 10 -w 15)
- Different verbosity levels can now be specified (-v can be used more than once)
- Added the --resolve option to specify a custom IP for the checked host
- 2021-03-25 Version 1.146.0
- Added --all to enable all the optional checks
- Fixed a bug in the processing of client certificate requirements
- Improved the error handling in case a TLS connection is not possible
- 2021-03-15 Version 1.145-0 Fix in the parsing of OpenSSL version
- 2021-03-14 Version 1.144.0
- Getting rid of the man dependency
- 2021-03-12 Version 1.143.0
- Better handling of the timeout
- Checks ciphers with nmap (--check-ciphers and --check-ciphers-warnings)
- Checks all the supplied OCSP URIs
- 2021-03-10 Version 1.142.0
- Improved the TLS renegotiation check
- Added --password to specify a password source for PCKS12 certificates
- 2021-03-09 Version 1.141.0
- Do not check SCTs if the certificate is self signed
- Fixed the processing of --inetproto
- Supports local PCKS #12 and DER formatted certificates
- 2021-02-25 Version 1.140.0
- Fixed a bug in the SCT check
- 2021-02-24 Version 1.139.0
- Fixed a bug in the TLS renegotiation check
- 2021-02-24 Version 1.138.0
- Checks for TLS renegotiation<
- 2021-02-18 Version 1.137.0
- Added the --url option to specify the URL for the HTTP request
- 2021-02-16 Version 1.136.0
- Fixed the signed certificate timestamps spelling (command line option)
- 2021-01-28 Version 1.135.0
- Checks for signed certificate timestamps (SCTs)
- 2021-01-27 Version 1.134.0
- Complete support for Alpine Linux and BusyBox
- 2021-01-26 Version 1.133.0
- Added the --date option to specify the date binary
- support for BusyBox date
- 2021-01-18 Version 1.132.0
- Time-outed sub-processes can now be interrupted
- Revocation via CRL can be checked with the --crl option
- Better error messages for DH with small keys and handshake failures
- 2021-01-15 Version 1.131.0
- OCSP check on all the chain elements
- 2021-01-14 Version 1.130.0
- Retries when SSL Labs has no available slot
- 2020-12-24 Version 1.129.0
- Bug fix in the proxy parameters handling
- 2020-12-22 Version 1.128.0
- Added --no-proxy to ignore proxy settings
- 2020-12-21 Version 1.127.0
- Better handling of certificates without CN in the subject
- 2020-12-16 Version 1.126.0
- Corrected the handling of old nmap versions
- 2020-12-11 Version 1.125.0
- Corrected the handling of the issuer URI
- 2020-11-31 Version 1.124.0
- Bug fix when using a proxy
- 2020-11-30 Version 1.123.0
- Enhancement: option to check the nth element
- 2020-08-07 Version 1.122.0
- Bug fix, --skip-element and --custom-header
- 2020-07-24 Version 1.121.0
- Bug fix release
- 2020-07-02 Version 1.120.0
- MySQL support
- 2020-07-01 Version 1.119.0
- Bug fix release
- 2020-06-12 Version 1.118.0
- Bug fix release
- 2020-06-09 Version 1.117.0
- Fixed a bug in the output (expiration date of chain elements)
- 2020-06-05 Version 1.116.0
- Supports s_client -proxy option
- 2020-06-04 Version 1.115.0
- Checks all the certificates in the chain
- New option to check that the issuer does not match a given pattern
- 2020-05-27 Version 1.114.0
- Added an option to specify a proxy
- 2020-05-19 Version 1.113.0
- Fixed a bug with nmap and hosts with IPv6 addresses only
- 2020-04-07 Version 1.112.0
- Timeout for OCSP queries and option to ignore timeout errors and PostgreSQL support
- 2020-03-09 Version 1.111.0
- New option (--not-valid-longer-than) to check if a certificate is valid longer than the
- specified number of days
- 2020-02-17 Version 1.110.0
- Added support for xmpp-server in the STARTTLS negotiation
- 2020-01-07 Version 1.109.0
- Option to force HTTP/2
- 2019-12-23 Version 1.108.0
- Better error message in case of connection refused
- 2019-12-20 Version 1.107.0
- Better error message in case of an invalid host
- 2019-11-21 Version 1.106.0
- Optional checks for protocols that should not be supported
- 2019-11-04 Version 1.105.0
- SMTP connections with -name only with OpenSSL versions supporting it
- 2019-11-04 Version 1.104.0
- Fixed a bug in the SMTP connection
- 2019-10-31 Version 1.103.0
- Fixed a bug with the interpretation of OpenSSL errors
- 2019-10-25 Version 1.102.0
- Option to specify the dig binary and fix in the command line validation checks
- 2019-10-22 Version 1.101.0
- Fixed a bug printing both a critical and a warning message when both condition match
- 2019-10-18 Version 1.100.0
- Fixed a bug ignoring --dane without parameters
- 2019-10-16 Version 1.99.0
- DNS-based Authentication of Named Entities (DANE) checks
- 2019-10-10 Version 1.98.0
- Bug fix release: A wildcard certificate does not match the 'main' domain, ciphers and TLS 1.3
- 2019-10-09 Version 1.97.0
- Validate OCSP stapling expiring date, option to disable TLS 1.3
- 2019-09-25 Version 1.96.0
- Bug fixes
- 2019-09-24 Version 1.95.0
- Bug fixes
- 2019-09-24 Version 1.94.0
- Several bugs fixed
- 2019-09-24 Version 1.93.0
- Fixed a bug in the processing of the SSL Labs options
- 2019-09-24 Version 1.92.0
- Bug fix in the OCSP check
- 2019-09-23 Version 1.91.0
- Various minor improvements and fixes
- 2019-09-19 Version 1.90.0
- Bug fix, did not always print all the detected errors
- 2019-08-22 Version 1.89.0
- Prints all the errors
- 2019-08-09 Version 1.88.0
- Add an option to force IPv4 or IPv6
- 2019-08-08 Version 1.87.0
- LDAPS support
- 2019-07-21 Version 1.86.0
- Fixed a bug and enabled extended regex search
- 2019-06-02 Version 1.85.0
- Improved the warnings when using the --file option
- 2019-03-28 Version 1.84.0
- Added an option to specify the curl user agent
- 2019-03-01 Version 1.83.0
- Spelling corrections
- 2019-02-08 Version 1.82.0
- Added a check on the readability of the certificate file
- 2019-02-01 Version 1.81.0
- Added an option to specify a warning level with SSL Labs
- 2019-01-16 Version 1.80.1
- Fixed a problem on systems not supporting echo -e
- 2018-12-24 Version 1.80.0
- Better output in case of errors while using SNI
- 2018-12-10 Version 1.79.0
- Differentiate between IMAP on port 143 and IMAPS on port 993
- Fixed a vulnerability in the parsing of the certificate issuer
- 2018-11-07 Version 1.78.0
- Bug fixes in IMAP and HTTP requests
- 2018-11-05 Version 1.77.0
- CA file and directory support
- 2018-10-19 Version 1.76.0
- Sends a correct HTTP request
- 2018-10-18 Version 1.75.0
- Allow to specify a client certificate key
- 2018-10-15 Version 1.74.0
- Fixed a bug generating a confusing error message on timeout
- 2018-09-10 Version 1.73.0
- Fixed a bug in the cleanup of temporary files, fixed a bug with certificates without OCSP
- Fixed tests with more reliable hosts
- Allows to check against all the issuers in the CA chain
- Fixed a bug with
--long-output
on Linux - Fixed the validation of
--critical
and--warning
- 2018-07-01 Version 1.72.0
- Corrected a bug introduced in 1.71.0 remove temporary files
- 2018-07-01 Version 1.71.0
- Corrected a bug introduced in 1.70.0 wrong exit codes
- 2018-06-28 Version 1.70.0
- Improved the management of temporary files
- 2018-06-25 Version 1.69.0
- Added an option to require OCSP stapling
- 2018-04-29 Version 1.68.0
- Removed the SNI name check
- 2018-04-17 Version 1.67.0
- Terse output, warning if the specified server name is not found in the certificate and --format option
- 2018-04-06 Version 1.66.0
- UTF-8 output
- 2018-03-29 Version 1.65.0
- Bug fix release
- 2018-03-28 Version 1.64.0
- Remove curl dependency
- 2018-03-17 Version 1.63.0
- Support for TLS 1.3
- 2018-03-06 Version 1.62.0
- Support for LibreSSL
- 2018-01-19 Version 1.61.0
- Fixed a bug handling more than one OCSP host
- 2017-12-15 Version 1.60.0
- Fixed a bug related to XMPP introduced in the last version
- 2017-12-14 Version 1.59.0
- Added an option to specify the 'to' attribute of the XMPP stream element
- 2017-11-29 Version 1.58.0
- Support for DER encoded CRL files
- 2017-11-28 Version 1.57.0
- Added --fingerprint to check the SHA1 fingerprint of the certificate
- 2017-11-17 Version 1.56.0
- Added support for -xmpphost if available
- 2017-11-16 Version 1.55.0
- Fixed XMPP support and IPv6 addresses as host
- 2017-09-19 Version 1.54.0
- With the -f command line option, you can also specify a certificate revocation list (CRL)
- 2017-09-10 Version 1.53.0
- The timeout is applied to OCSP checks
- 2017-09-09 Version 1.52.0
- The SAN requirement check is now optional
- 2017-07-28 Version 1.51.0
- Use openssl s_client's -help option to test for SNI support
- 2017-07-24 Version 1.50.0
- Fix in the Common Name parsing
- 2017-07-17 Version 1.49.0
- Support for OpenSSL 1.1
- 2017-06-22 Version 1.48.0
- Checks for missing subjectAlternativeName extension
- 2017-06-15 Version 1.47.0
- Fixed an issue with OCSP URI with protocols other than HTTP or HTTPS
- 2017-05-15 Version 1.46.0
- Fixed a problem with the detection of OCSP URLs
- 2017-05-02 Version 1.45.0
- Fixed bugs in the date computation and OCSP checks
- 2017-04-28 Version 1.44.0
- Fixed a bug occurring when more than one issuer URI is present
- 2017-03-07 Version 1.43.0
- Support for LDAP
- 2017-02-16 Version 1.42.0
- Support for OpenSSL > 1.1.0
- 2017-02-10 Version 1.41.0
- Added --sni to specify the server name
- 2017-02-08 Version 1.40.0
- Changed the CN output when --altnames is used
- 2017-02-02 Version 1.39.0
- Fixed a bug related to SNI
- 2017-02-02 Version 1.38.2
- Fixed a bug in the command line argument parsing
- 2017-01-29 Version 1.38.1
- Small corrections in the documentation
- 2017-01-28 Version 1.38.0
- Added support for wildcards in alternative names and caching of the issuer certificate
- 2016-12-23 Version 1.37.0
- Added a patch to specify multiple CNs
- 2016-12-13 Version 1.36.2
- fixed a minor problem with --debug
- 2016-12-06 Version 1.36.1
- fixed a problem when specifying a CN beginning with *
- 2016-12-04 Version 1.36.0
- fixed problem when file is returning PEM certificate on newer Linux distributions
- added an option to specify the location of the file utility
- 2016-10-18 Version 1.35.0
- added support for the selection of the cipher authentication
- 2016-09-19 Version 1.34.0
- added proxy support for the OCSP checks (thanks to Leynos)
- 2016-08-04 Version 1.33.0
- disabling OCSP checks when no issuer URI is found
- 2016-07-29 Version 1.32.0
- added support for date with timestamp calculation and fixed case sensitive comparison of CN
- 2016-07-12 Version 1.31.0
- Fixed the parsing of the CN field
- 2016-06-30 Version 1.30.0
- OCSP check is fixed and enabled by default
- 2016-06-15 Version 1.29.0
- New option to clear the cached value at SSL Labs IRC support
- 2016-06-01 Version 1.28.0
- Increased control over which SSL/TLS versions to use
- 2016-03-29 Version 1.27.0
- Fixes a bug in the OpenSSL error parsing
- 2016-03-29 Version 1.26.0
- Fixes a bug in wildcard match
- 2016-03-21 Version 1.25.0
- Fixes a bug on CN parsing on non-GNU systems
- Handle wildcard certificates
- 2016-03-09 Version 1.24.0
- Waits for SSL Labs Results
- 2016-03-07 Version 1.23.0
- Supports SNI even when not checking CN and does not issue a critical when SSL Labs is still checking a host
- 2016-03-03 Version 1.22.0
- Initial support for SSL Labs checks
- Support for UTF output (thanks to Konstantin Shalygin)
- 2016-03-01 Version 1.21.0
- Fixed a bug which prevented the check on the expiration date
- 2016-02-26 Version 1.20.0
- Added debugging output (-d or --debug)
- Improved the handling of OpenSSL error messages
- Does not stop the validation if the server requires aclient certificate
- 2016-02-25 Version 1.19.0
- Added a check for certificates signed with SHA-1 or MD5 Added an option to disable the expiration date check
- 2015-10-31 Version 1.18.0
- Added an option to check the certificate's serial number (thanks to Milan Koudelka)
- 2015-10-20 Version 1.17.2
- Fixed a bug with OCSP
- 2015-04-07 Version 1.17.1
- Fixed the check on the openssl binary
- 2014-10-21 Version 1.17.0
- Added an option to check revocation via OCSP
- 2014-06-06 Version 1.16.2
- Fixed a problem with -servername when -n was not specified
- 2014-02-28 Version 1.16.1
- Added a Make target for the RPM package
- 2013-12-23 Version 1.16.0
- Added an option to force TLS version 1
- 2013-07-29 Version 1.15.0
- Added an option to force a certain SSL version (thanks to Max Winterstein)
- 2013-05-12 Version 1.14.6
- Added XMPP and timeout support (thanks to Christian Ruppert and Robin H. Johnson)
- 2013-03-02 Version 1.14.5
- Fixed a bug occurring with TLS and multiple names int he certificate
- 2012-12-07 Version 1.14.4
- Fixed a bug causing
-N
to always compare the CN with 'localhost'
- Fixed a bug causing
- 2012-09-19 Version 1.14.3
- Improved the error message in case of a failure in the certificate download
- 2012-07-13 Version 1.14.2
- Added the name since or to expiration in the plugin output.
- 2012-07-11 Version 1.14.1
- Fixed a bug with Perl date computation on some systems
- 2012-07-06 Version 1.14.0
- The status now includes performance data in days until expiration (requires Perl with Date::Parse).
- It is now possible to print additional information in the plugins long output (multi-line, Nagios 3 only)
- 2012-04-05 Version 1.13.0
- The plugin will now try to fetch the certificate without without TLS extensions in case of error
- 2012-04-04 Version 1.12.0
- Fixed a bug in the chain verification (hard coded error number)
- 2011-10-22 Version 1.11.0
--altname
option
- 2011-09-01 Version 1.10.0
- Applied a patch from Sven Nierlein to authenticate using a client certificate
- 2011-03-10 Version 1.9.1
- Allows HTTP as protocol and fixes
-N
with wildcards
- Allows HTTP as protocol and fixes
- 2011-01-24 Version 1.9.0
- Added an option to specify the
openssl
executable
- Added an option to specify the
- 2010-12-16 Version 1.8.1
- Fixed bugs with environment bleeding & shell globbing
- 2010-12-08 Version 1.8.0
- Added support for TLS servername extension in
ClientHello
- Added support for TLS servername extension in
- 2010-10-28 Version 1.7.7
- Fixed a bug in the signal specification introduced 1.7.6
- 2010-10-28 Version 1.7.6
- Better temporary file clean up (thanks to Lawren Quigley-Jones)
- 2010-10-14 Version 1.7.5
- Applied a patch from Yannick Gravel fixing the test order
- 2010-10-01 Version 1.7.4
- Applied a patch from Lawren Quigley-Jones adding the
-A
option
- Applied a patch from Lawren Quigley-Jones adding the
- 2010-09-15 Version 1.7.3
- Fixed a bug in the option processing
- 2010-08-26 Version 1.7.2
- Removes useless use of
cat
, better test forexpect
utility
- Removes useless use of
- 2010-08-26 Version 1.7.1
- Replaces
-verify 6
which was erroneously removed in the previous version
- Replaces
- 2010-08-26 Version 1.7.0
- Overloaded
--rootcert
option to allow-CApath
as well as-CAfile
- Overloaded
- 2010-07-21 Version 1.6.1
- Added an option to specify where to temporarily store the certificate
- 2010-07-09 Version 1.6.0
- Added long command line options and substituted
-days
with--critical
and--warning
- Added long command line options and substituted
- 2010-07-07 Version 1.5.2
- Added the
-f
option to check a local file
- Added the
- 2010-07-01 Version 1.5.1
- Fixed the plugin output
- 2010-03-11 Version 1.4.4
- Fixed bug #64 (
==
bashism)
- Fixed bug #64 (
- 2010-03-09 Version 1.4.3
- -N and -n options to compare the CN to an hostname
- 2009-12-02 Version 1.4.2
- the
-i ISSUER
option now checks if theO=
or theCN=
fields of the root certificate match
- the
- 2009-11-30 Version 1.4.1
-r
to specify the root cert to be used for verification
- 2009-11-30 Version 1.4.0
- certificate chain verification
- 2009-03-30 Version 1.3.0
-P
option to check TLS certificates (SMTP, FTP, POP3, ...)
- 2008-05-13 Version 1.2.2
- include the CN in the messages (D. Wallis)
- 2008-02-25 Version 1.2.1
- better error handling
- 2008-02-25 Version 1.2.0
- general cleanup (POSIX compliance, removednmap dependency, ...) from Dan Wallis
- 2007-08-31 Version 1.1.0
- option to enforce a given email address
- option to enforce a given organization
- temporary files cleanup upon exit
- 2007-08-15 Version 1.0.1
- Bug fix: openssl did not close the connection cleanly
- 2007-08-10 Version 1.0.0
- First release (1.0)