Merge pull request #12 from sshmanko/master

Fix wildcard certificate match regex, add additional unit test
matteocorti · Mar 29, 2016 · c0fde6e · c0fde6e
2 parents b0e5738 + 04f48f1
commit c0fde6e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/check_ssl_cert b/check_ssl_cert
@@ -885,10 +885,10 @@ EOF
             fi
 
 	    # or the literal with the wildcard
-	    if echo "${COMMON_NAME}" | grep -q "^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[*]/' )\$" ; then
+	    if echo "${COMMON_NAME}" | grep -q "^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9\-]*/' )\$" ; then
 
 		if [ -n "${DEBUG}" ] ; then
-		    echo "[DBG] the common name ${COMMON_NAME} matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[*]/' )\$"
+		    echo "[DBG] the common name ${COMMON_NAME} matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9\-]*/' )\$"
 		fi
 
                 ok='true'

diff --git a/test/unit_tests.sh b/test/unit_tests.sh
@@ -58,6 +58,12 @@ testETHZWildCard() {
     assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
 }
 
+testETHZWildCardSub() {
+    ${SCRIPT} -H sherlock.sp.ethz.ch --cn sub.sp.ethz.ch --rootcert cabundle.crt
+    EXIT_CODE=$?
+    assertEquals "wrong exit code" ${NAGIOS_OK} "${EXIT_CODE}"
+}
+
 testAltNames() {
     ${SCRIPT} -H www.inf.ethz.ch --cn www.inf.ethz.ch --rootcert cabundle.crt --altnames
     EXIT_CODE=$?