diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_haproxy/control nagios-plugins-contrib-37.20211217ubuntu1/check_haproxy/control --- nagios-plugins-contrib-35.20210511ubuntu2/check_haproxy/control 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_haproxy/control 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,4 @@ -Homepage: http://cvs.orion.education.fr/viewvc/viewvc.cgi/nagios-plugins-perl/trunk/plugins/check_haproxy.pl?view=log -Watch: http://cvs.orion.education.fr/viewvc/viewvc.cgi/nagios-plugins-perl/trunk/plugins/check_haproxy.pl?view=log +Homepage: https://github.com/polymorf/check_haproxy/blob/master/check_haproxy.pl Recommends: liblocale-gettext-perl, liblwp-useragent-determined-perl, libmonitoring-plugin-perl | libnagios-plugin-perl Version: rev135 Uploaders: Jan Wagner diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_haproxy_stats/check_haproxy_stats.pl nagios-plugins-contrib-37.20211217ubuntu1/check_haproxy_stats/check_haproxy_stats.pl --- nagios-plugins-contrib-35.20210511ubuntu2/check_haproxy_stats/check_haproxy_stats.pl 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_haproxy_stats/check_haproxy_stats.pl 2021-12-17 14:47:25.000000000 +0000 @@ -1,31 +1,46 @@ -#!/usr/bin/env perl +#!/usr/bin/env perl # vim: se et ts=4: # # Copyright (C) 2012, Giacomo Montagner -# -# This program is free software; you can redistribute it and/or modify it -# under the same terms as Perl 5.10.1. +# 2015, Yann Fertat, Romain Dessort, Jeff Palmer, +# Christophe Drevet-Droguet +# +# This program is free software; you can redistribute it and/or modify it +# under the same terms as Perl 5.10.1. # For more details, see http://dev.perl.org/licenses/artistic.html -# +# # This program is distributed in the hope that it will be # useful, but without any warranty; without even the implied # warranty of merchantability or fitness for a particular purpose. # -our $VERSION = "1.0.1"; +our $VERSION = "1.1.3"; + +open(STDERR, ">&STDOUT"); # CHANGELOG: # 1.0.0 - first release # 1.0.1 - fixed empty message if all proxies are OK -# +# 1.0.2 - add perfdata +# 1.0.3 - redirect stderr to stdout +# 1.0.4 - fix undef vars +# 1.0.5 - fix thresholds +# 1.1.0 - support for HTTP interface +# 1.1.1 - drop perl 5.10 requirement +# 1.1.2 - add support for ignoring DRAIN state +# 1.1.3 - add support ignoring hosts matching a regex use strict; use warnings; -use 5.010.001; use File::Basename qw/basename/; use IO::Socket::UNIX; use Getopt::Long; +my $lwp = eval { + require LWP::Simple; + LWP::Simple->import; + 1; +}; sub usage { my $me = basename $0; @@ -52,28 +67,50 @@ -h, --help Print this message. + -m, --ignore-maint + Assume servers in MAINT state to be ok. + + -i, --ignore-regex + Ignore servers that match the given regex. + + -n, --ignore-drain + Assume servers in DRAIN state to be ok. + -p, --proxy Check only named proxies, not every one. Use comma to separate proxies in list. + -P, --no-proxy + Do not check named proxies. Use comma to separate proxies in list. + -s, --sock, --socket Use named UNIX socket instead of default (/var/run/haproxy.sock) + -U, --url + Use HTTP URL instead of socket. The LWP::Simple perl module is used if + available. Otherwise, it falls back to using the external command `curl`. + + -u, --user, --username + Username for the HTTP URL + + -x, --pass, --password + Password for the HTTP URL + -w, --warning Set warning threshold for sessions number to the specified percentage (see -c) CHECKS AND OUTPUT - $me checks every proxy (or the named ones, if -p was given) - for status. It returns an error if any of the checked FRONTENDs is not OPEN, + $me checks every proxy (or the named ones, if -p was given) + for status. It returns an error if any of the checked FRONTENDs is not OPEN, any of the checked BACKENDs is not UP, or any of the checkes servers is not UP; - $me reports any problem it found. + $me reports any problem it found. EXAMPLES $me -s /var/spool/haproxy/sock Use /var/spool/haproxy/sock to communicate with haproxy. $me -p proxy1,proxy2 -w 60 -c 80 - Check only proxies named "proxy1" and "proxy2", and set sessions number + Check only proxies named "proxy1" and "proxy2", and set sessions number thresholds to 60% and 80%. AUTHOR @@ -83,12 +120,12 @@ Please report any bug to bugs\@entirelyunlike.net COPYRIGHT - Copyright (C) 2012 Giacomo Montagner . + Copyright (C) 2012 Giacomo Montagner . $me is distributed under GPL and the Artistic License 2.0 SEE ALSO Check out online haproxy documentation at - + EOU } @@ -115,19 +152,33 @@ my $swarn = 80.0; my $scrit = 90.0; my $sock = "/var/run/haproxy.sock"; +my $url; +my $user = ''; +my $pass = ''; my $dump; +my $ignore_maint; +my $ignore_drain; +my $ignore_regex; my $proxy; +my $no_proxy; my $help; # Read command line Getopt::Long::Configure ("bundling"); GetOptions ( - "c|critical=i" => \$scrit, - "d|dump" => \$dump, - "h|help" => \$help, - "p|proxy=s" => \$proxy, - "s|sock|socket=s" => \$sock, - "w|warning=i" => \$swarn, + "c|critical=i" => \$scrit, + "d|dump" => \$dump, + "h|help" => \$help, + "m|ignore-maint" => \$ignore_maint, + "n|ignore-drain" => \$ignore_drain, + "p|proxy=s" => \$proxy, + "i|ignore-regex=s" => \$ignore_regex, + "P|no-proxy=s" => \$no_proxy, + "s|sock|socket=s" => \$sock, + "U|url=s" => \$url, + "u|user|username=s" => \$user, + "x|pass|password=s" => \$pass, + "w|warning=i" => \$swarn, ); # Want help? @@ -136,28 +187,53 @@ exit 3; } -# Connect to haproxy socket and get stats -my $haproxy = new IO::Socket::UNIX ( - Peer => $sock, - Type => SOCK_STREAM, -); -die "Unable to connect to haproxy socket: $@" unless $haproxy; -print $haproxy "show stat\n" or die "Print to socket failed: $!"; +my $haproxy; +if ($url and $lwp) { + my $geturl = $url; + if ($user ne '') { + $url =~ /^([^:]*:\/\/)(.*)/; + $geturl = $1.$user.':'.$pass.'@'.$2; + } + $geturl .= ';csv'; + $haproxy = get($geturl); +} elsif ($url) { + my $haproxyio; + my $getcmd = "curl --insecure -s --fail " + . "--user '$user:$pass' '".$url.";csv'"; + open $haproxyio, "-|", $getcmd; + while (<$haproxyio>) { + $haproxy .= $_; + } + close($haproxyio); +} else { + # Connect to haproxy socket and get stats + my $haproxyio = new IO::Socket::UNIX ( + Peer => $sock, + Type => SOCK_STREAM, + ); + die "Unable to connect to haproxy socket: $sock\n$@" unless $haproxyio; + print $haproxyio "show stat\n" or die "Print to socket failed: $!"; + $haproxy = ''; + while (<$haproxyio>) { + $haproxy .= $_; + } + close($haproxyio); +} # Dump stats and exit if requested if ($dump) { - while (<$haproxy>) { - print; - } + print($haproxy); exit 0; } # Get labels from first output line and map them to their position in the line -my $labels = <$haproxy>; +my @hastats = ( split /\n/, $haproxy ); +my $labels = $hastats[0]; +die "Unable to retrieve haproxy stats" unless $labels; chomp($labels); -$labels =~ s/^# // or die "Data format not supported."; +$labels =~ s/^# // or die "Data format not supported."; my @labels = split /,/, $labels; -{ +{ no strict "refs"; my $idx = 0; map { $$_ = $idx++ } @labels; @@ -167,32 +243,46 @@ our $pxname; our $svname; our $status; +our $slim; +our $scur; my @proxies = split ',', $proxy if $proxy; +my @no_proxies = split ',', $no_proxy if $no_proxy; my $exitcode = 0; my $msg; my $checked = 0; -while (<$haproxy>) { +my $perfdata = ""; + +# Remove excluded proxies from the list if both -p and -P options are +# specified. +my %hash; +@hash{@no_proxies} = undef; +@proxies = grep{ not exists $hash{$_} } @proxies; + +foreach (@hastats) { chomp; + next if /^#/; next if /^[[:space:]]*$/; my @data = split /,/, $_; if (@proxies) { next unless grep {$data[$pxname] eq $_} @proxies; }; + if (@no_proxies) { next if grep {$data[$pxname] eq $_} @no_proxies; }; - # Is session limit enforced? - our $slim; + # Is session limit enforced? if ($data[$slim]) { + $perfdata .= sprintf "%s-%s=%u;%u;%u;0;%u;", $data[$pxname], $data[$svname], $data[$scur], $swarn * $data[$slim] / 100, $scrit * $data[$slim] / 100, $data[$slim]; + # Check current session # against limit - our $scur; my $sratio = $data[$scur]/$data[$slim]; - if ($sratio >= $scrit || $sratio >= $swarn) { - $exitcode = $sratio >= $scrit ? 2 : + if ($sratio >= $scrit / 100 || $sratio >= $swarn / 100) { + $exitcode = $sratio >= $scrit / 100 ? 2 : $exitcode < 2 ? 1 : $exitcode; - $msg .= sprintf "%s:%s sessions: %.2f%%; ", $data[$pxname], $data[$svname], $sratio; + $msg .= sprintf "%s:%s sessions: %.2f%%; ", $data[$pxname], $data[$svname], $sratio * 100; } } # Check of BACKENDS if ($data[$svname] eq 'BACKEND') { + next if ($ignore_regex && $data[$pxname] =~ ".*${ignore_regex}.*"); if ($data[$status] ne 'UP') { $msg .= sprintf "BACKEND: %s is %s; ", $data[$pxname], $data[$status]; $exitcode = 2; @@ -206,7 +296,11 @@ # Check of servers } else { if ($data[$status] ne 'UP') { + next if ($ignore_maint && $data[$status] eq 'MAINT'); + next if ($ignore_drain && $data[$status] eq 'DRAIN'); + next if ($ignore_regex && $data[$svname] =~ ".*${ignore_regex}.*"); next if $data[$status] eq 'no check'; # Ignore server if no check is configured to be run + next if $data[$svname] eq 'sock-1'; $exitcode = 2; our $check_status; $msg .= sprintf "server: %s:%s is %s", $data[$pxname], $data[$svname], $data[$status]; @@ -220,6 +314,6 @@ unless ($msg) { $msg = @proxies ? sprintf("checked proxies: %s", join ', ', sort @proxies) : "checked $checked proxies."; } -say "Check haproxy $status_names[$exitcode] - $msg"; +print "Check haproxy $status_names[$exitcode] - $msg|$perfdata\n"; exit $exitcode; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_haproxy_stats/control nagios-plugins-contrib-37.20211217ubuntu1/check_haproxy_stats/control --- nagios-plugins-contrib-35.20210511ubuntu2/check_haproxy_stats/control 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_haproxy_stats/control 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,6 @@ -Homepage: http://exchange.nagios.org/directory/Plugins/Clustering-and-High-2DAvailability/check_haproxy_stats-2Epl/details -Watch: http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=4089&cf_id=24 VERSION = "([0-9.]+)" -Version: 1.0.1 +Homepage: https://github.com/skyscrapers/monitoring-plugins/blob/master/check_haproxy_stats.pl +Watch: https://raw.githubusercontent.com/skyscrapers/monitoring-plugins/master/check_haproxy_stats.pl VERSION = "([0-9.]+)" +Version: 1.1.3 Uploaders: Bernd Zeimetz Description: check haproxy via admin socket Different from check_haproxy this plugin is able to check diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_memory/check_memory nagios-plugins-contrib-37.20211217ubuntu1/check_memory/check_memory --- nagios-plugins-contrib-35.20210511ubuntu2/check_memory/check_memory 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_memory/check_memory 1970-01-01 00:00:00.000000000 +0000 @@ -1,154 +0,0 @@ -#!/usr/bin/perl -# -# check_memory - Check free(1) data against given tresholds -# -# Copyright (C) 2007 Thomas Guyot-Sionnest -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# - - -use strict; -use warnings; -use vars qw($PROGNAME $VERSION $FREECMD $UNIT); -use Nagios::Plugin; - -$PROGNAME = "check_memory"; -$VERSION = '1.0.1'; -$FREECMD = '/usr/bin/free'; -$UNIT = 'M'; - -my $np = Nagios::Plugin->new( - usage => "Usage: %s [ -w ] [ -c ]\n" - . ' [ -u ]', - version => $VERSION, - plugin => $PROGNAME, - blurb => 'Check free(1) data against given tresholds', - timeout => 30, -); - -$np->add_arg( - spec => 'warning|w=s', - help => "-w, --warning=THRESHOLD[%]\n" - . " Warning threshold (in bytes or percent) for free memory. See\n" - . " http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT\n" - . " for the threshold format. Alternatively this can be defined as a percentage\n" - . ' of minimum free memory (warning and critical must be in the same format).', - required => 0, -); - -$np->add_arg( - spec => 'critical|c=s', - help => "-c, --critical=THRESHOLD[%]\n" - . " Critical threshold (in bytes or percent) for free memory. See\n" - . " http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT\n" - . " for the threshold format. Alternatively this can be defined as a percentage\n" - . ' of minimum free memory (warning and critical must be in the same format).', - required => 0, -); - -$np->add_arg( - spec => 'unit|u=s', - help => "-u, --unit=UNIT\n" - . " Unit to use for human-redeable output. Can be 'b', 'K' 'M' or 'G' for\n" - . " bytes, KiB, MiB or GiB respectively (default: '$UNIT').", - default => $UNIT, - required => 0, -); - -$np->getopts; - -# Assign, then check args - -my $multiple; -my $unit = $np->opts->unit; -if ($unit eq 'M') { - $multiple = 1024 * 1024; -} elsif ( $unit eq 'K') { - $multiple = 1024; -} elsif ( $unit eq 'b') { - $multiple = 1; -} elsif ( $unit eq 'G') { - $multiple = 1024 * 1024 * 1024; -} else { - $np->nagios_exit('UNKNOWN', "Unit must be one of 'b', 'K', 'M' or 'G', case-sensitive."); -} -my $verbose = $np->opts->verbose; - -# Would better fit later but doing it here validates thresholds -my $warning = $np->opts->warning; -my $critical = $np->opts->critical; -$np->set_thresholds( - warning => ((defined($warning) && $warning !~ /^\d+%$/) ? $warning : undef), - critical => ((defined($critical) && $critical !~ /^\d+%$/) ? $critical : undef), -); - -# Better safe than sorry -alarm $np->opts->timeout; - -# We always get bytes, then calculate units ourselves -warn("Running: '$FREECMD -b'\n") if ($verbose); -open(RESULT, "$FREECMD -b |") - or $np->nagios_exit('CRITICAL', "Could not run $FREECMD"); - -warn("Output from $FREECMD:\n") if ($verbose > 1); -my ($used, $free); -while () { - warn(" $_") if ($verbose > 1); - next unless (m#^\-/\+\ buffers/cache:\s*(\d+)\s+(\d+)#); - $used = $1; - $free = $2; -} - -close(RESULT); -alarm(0); - -$np->nagios_exit('CRITICAL', "Unable to interpret $FREECMD output") if (!defined($free)); - -my $total = $used + $free; -if (defined($warning) && $warning =~ /^\d+%$/) { - if ($warning) { - $warning =~ s/%//; - $warning = $total / 100 * $warning; - $warning .= ':'; - } - warn("Calculated threshold (from percentage): warn=>$warning\n") if ($verbose); -} - -if (defined($critical) && $critical =~ /^\d+%$/) { - if ($critical) { - $critical =~ s/%//; - $critical = $total / 100 * $critical; - $critical .= ':'; - } - warn("Calculated threshold (from percentage): crit=>$critical\n") if ($verbose); -} - -$np->set_thresholds( - warning => $warning, - critical => $critical, -); - -$np->add_perfdata( - label => "free", - value => $free, - uom => 'b', - threshold => $np->threshold, -); - -my $freeprint = int($free/$multiple); - -$np->nagios_exit($np->check_threshold($free), "$freeprint$unit free"); - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_memory/control nagios-plugins-contrib-37.20211217ubuntu1/check_memory/control --- nagios-plugins-contrib-35.20210511ubuntu2/check_memory/control 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_memory/control 1970-01-01 00:00:00.000000000 +0000 @@ -1,9 +0,0 @@ -Homepage: https://github.com/dermoth/misc-code/blob/master/nagios/plugins/check_memory -Watch: https://raw.github.com/dermoth/misc-code/master/nagios/plugins/check_memory VERSION = '([0-9.]+)'; -Uploaders: Bernd Zeimetz -Description: plugin to check for free memory - This plugin excludes the system cache and buffer, because - on some system with very stable memory usage it is perfectly - normal for system cache to fill in all available memory. -Recommends: libmonitoring-plugin-perl | libnagios-plugin-perl (>= 0.31) -Version: 1.0.1 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_memory/copyright nagios-plugins-contrib-37.20211217ubuntu1/check_memory/copyright --- nagios-plugins-contrib-35.20210511ubuntu2/check_memory/copyright 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_memory/copyright 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -Copyright (C) 2007 Thomas Guyot-Sionnest - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, -MA 02110-1301 USA. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_memory/Makefile nagios-plugins-contrib-37.20211217ubuntu1/check_memory/Makefile --- nagios-plugins-contrib-35.20210511ubuntu2/check_memory/Makefile 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_memory/Makefile 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -include ../common.mk diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/AUTHORS nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/AUTHORS --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/AUTHORS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/AUTHORS 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -Matteo Corti - -Thanks: - -* Many thanks to Elan Ruusamäe for the improved parallel support and several fixes -* Many thanks to Victor V Kudlak fot the parallel support -* Many thanks to Jan Kantert for the whitelisting support -* Many thanks to Nick Nicholas for IPv6 support -* Many thanks to Michael Orlitzky for the test.sh usage patch -* Many thanks to Celevra https://github.com/celevra for the Debian/Ubuntu documentation update -* Many thanks to Claudio Kuenzler https://github.com/Napsty for the append patch and several improvements -* Many thanks to Oliver Rahner https://github.com/oliverrahner for the --url patch -* Many thanks to Nikolas Obser https://github.com/nikolasobser for the symlink patch -* Many thanks to waja (https://github.com/waja) for the dnsbl.inps.de patch diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/Changes nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/Changes --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/Changes 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/Changes 1970-01-01 00:00:00.000000000 +0000 @@ -1,154 +0,0 @@ -2020-11-30 Matteo Corti - - * check_rbl: Removes unnecessary dot in IPv6 addresses - -2020-05-26 Matteo Corti - - * check_rbl: Removed old Nagios CPAN modules - -2019-12-03 Matteo Corti - - * Version 1.5.2 - * removing rbl.suresupport.com from the documentation and default configuration - -2019-11-25 Matteo Corti - - * Version 1.5.1 - * removing rbl.megarbl.net from the documentation and default configuration - -2019-06-03 Matteo Corti - - * check_rbl: applied patch with the --url option - -2019-06-02 Matteo Corti - - * Version 1.4.5 - * removing spamcannibal.org from the documentation and default configuration (fixed) - -2019-02-28 Matteo Corti - - * Version 1.4.4 - * check_rbl: applied --append patch - -2018-05-30 Matteo Corti - - * Version 1.4.3 - * check_rbl.ini: Removed bl.spamcannibal.org - -2018-05-27 Matteo Corti - - * Version 1.4.2 - * check_rbl.ini: Removed dnsbl.cyberlogic.net - -2017-07-17 Matteo Corti - - * Version 1.4.1 - * check_rbl: Perl 5.26 support ('.' missing from @INC) - -2017-04-18 Matteo Corti - - * Version 1.4.0 - * check_rbl: IPv6 support - -2016-06-06 Matteo Corti - - * Version 1.3.8 - * Makefile.PL: Requiring Data::Validate::Domain 0.12 to support FQDN ending with a dot - -2015-12-30 Matteo Corti - - * Makefile.PL: allowing Nagios::Plugin for older distributions - -2015-12-22 Matteo Corti - - * check_rbl: added missing dependencies from INSTALL - -2015-02-01 Matteo Corti - - * Version 1.3.7 - * check_rbl: switching to Monitoring::Plugin - (as Nagios::Plugin is deprecated) - -2014-12-05 Matteo Corti - - * Version 1.3.6 - * example.pl: removed unnecessary dependency on Data::Dumper - -2014-09-20 Matteo Corti - - * Version 1.3.5 - * check_rbl: fixed the default critical and warning range - -2014-09-19 Matteo Corti - - * Version 1.3.4 - * check_rbl: removed wrong test on the DNS servers - * check_rbl: fixed the threshold range - -2014-08-09 Matteo Corti - - * Version 1.3.3 - * More argument validation - -2014-01-30 Matteo Corti - - * Version 1.3.2 - * Documentation and dependencies update - -2013-09-26 Matteo Corti - - * Version 1.3.1 - * check_rbl: disabled embedded Perl - -2012-08-31 Matteo Corti - - * check_rbl: fixed a possible variable name conflict - -2012-01-25 Matteo Corti - - * Added a note on public DNS resolvers (as Google) by being banned - from Spamhaus - -2011-07-11 Matteo Corti - - * Version 1.3.0 - * check_rbl: applied patch from Jan Kantert to support whitelists - * added support for unit tests - -2011-03-22 Matteo Corti - - * Version 1.2.2 - * check_rbl: specified the dependency on Nagios::Plugin > 0.31 - (earlier versions caused parameter parsing errors, - thanks to Elan Ruusamäe) - -2010-07-05 Matteo Corti - - * Version 1.2.1 - * check_rbl: fixed a problem with operator precedence that made some - checks fail - -2010-04-07 Matteo Corti - - * Version 1.2.0 - * check_rbl: applied patch to report the hostname being checked - and increase the verbosity (#66) - * check_rbl.ini: sample configuration file - * check_rbl: removed unnecessary dependencies - * check_rbl: applied the patch from #69 (improved parallelism) - -2009-10-27 Matteo Corti - - * check_rbl: applied patch to parallelize the checks - -2009-01-22 Matteo Corti - - * check_rbl: command line argument to set the numer of tries in DNS queries - -2009-01-06 Matteo Corti - - * check_rbl: execution time in the performace data - -2008-12-29 Matteo Corti - - * check_rbl: Initial release diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_distribution.sh nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_distribution.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_distribution.sh 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_distribution.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -#!/bin/sh - -PERL_FILES="check_rbl t/*.t" -FILES="${PERL_FILES} AUTHORS COPYING COPYRIGHT Changes INSTALL Makefile.PL NEWS README.md TODO check_distribution.sh" - -echo "Perl::Critic" -echo "============" -echo -perlcritic -1 ${PERL_FILES} -echo - -echo "Formatting errors: tabs" -echo "=======================" -echo -grep --line-number '\t' ${FILES} -echo - -echo "Formatting errors: blanks at the end of line" -echo "============================================" -echo -grep --line-number '[[:blank:]]$' ${FILES} -echo - -YEAR=$( date +"%Y" ) -echo "Copyright (${YEAR})" -echo "=========" -echo -echo '### README.md' -grep "(c) Matteo Corti, 2009-${YEAR}" README.md -echo '### COPYRIGHT' -grep "Copyright (c) 2009-${YEAR} Matteo Corti" COPYRIGHT -echo '### check_rbl' -grep "Copyright (c) 2009-${YEAR} Matteo Corti " check_rbl -echo diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl 1970-01-01 00:00:00.000000000 +0000 @@ -1,647 +0,0 @@ -#!perl - -# nagios: -epn - -package main; - -# check_rbl is a Nagios plugin to check if an SMTP server is black- or -# white- listed -# -# See the INSTALL file for installation instructions -# -# Copyright (c) 2009-2021 Matteo Corti -# Copyright (c) 2009 ETH Zurich. -# Copyright (c) 2010 Elan Ruusamae . -# -# This module is free software; you can redistribute it and/or modify it -# under the terms of GNU general public license (gpl) version 3. -# See the LICENSE file for details. - -use strict; -use warnings; - -our $VERSION = '1.5.7'; - -use Data::Validate::Domain qw(is_hostname); -use Data::Validate::IP qw(is_ipv4 is_ipv6); -use IO::Select; -use Net::DNS; -use Net::IP qw(ip_expand_address); -use Readonly; -use English qw(-no_match_vars); - -use Monitoring::Plugin; -use Monitoring::Plugin::Threshold; -use Monitoring::Plugin::Getopt; - -Readonly our $DEFAULT_TIMEOUT => 15; -Readonly our $DEFAULT_RETRIES => 4; -Readonly our $DEFAULT_WORKERS => 20; -Readonly our $DEFAULT_QUERY_TIMEOUT => 15; -Readonly our $DEFAULT_APPEND_STRING => q{}; - -# IMPORTANT: Nagios plugins could be executed using embedded perl in this case -# the main routine would be executed as a subroutine and all the -# declared subroutines would therefore be inner subroutines -# This will cause all the global lexical variables not to stay shared -# in the subroutines! -# -# All variables are therefore declared as package variables... -# - -## no critic (ProhibitPackageVars) -our ( @listed, @timeouts, $options, $plugin, $threshold, $timeouts_string, ); - -############################################################################## -# Usage : debug("some message string") -# Purpose : write a message if the debugging option was specified -# Returns : n/a -# Arguments : message : message string -# Throws : n/a -# Comments : n/a -# See also : n/a -sub debug { - - # arguments - my $message = shift; - - if ( !defined $message ) { - $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, - q{Internal error: not enough parameters for 'debug'} ); - } - - if ( $options && $options->debug() ) { - ## no critic (RequireCheckedSyscall) - print "[DBG] $message\n"; - } - - return; - -} - -############################################################################## -# Usage : verbose("some message string", $optional_verbosity_level); -# Purpose : write a message if the verbosity level is high enough -# Returns : n/a -# Arguments : message : message string -# level : options verbosity level -# Throws : n/a -# Comments : n/a -# See also : n/a -sub verbose { - - # arguments - my $message = shift; - my $level = shift; - - if ( !defined $message ) { - $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, - q{Internal error: not enough parameters for 'verbose'} ); - } - - if ( !defined $level ) { - $level = 0; - } - - if ( $level < $options->verbose ) { - if ( !print $message ) { - $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, - 'Error: cannot write to STDOUT' ); - } - } - - return; - -} - -# the script is declared as a package so that it can be unit tested -# but it should not be used as a module -if ( !caller ) { - run(); -} - -############################################################################## -# Usage : my $res = init_dns_resolver( $retries ) -# Purpose : Initializes a new DNS resolver -# Arguments : retries : number of retries -# Returns : The newly created resolver -# See also : Perl Net::DNS -sub init_dns_resolver { - - my $retries = shift; - - my $res = Net::DNS::Resolver->new(); - if ( $res->can('force_v4') ) { - $res->force_v4(1); - } - - if ($retries) { - $res->retry($retries); - } - - return $res; -} - -############################################################################## -# Usage : mdns(\@addresses, $callback) -# Purpose : Perform multiple DNS lookups in parallel -# Returns : n/a -# See also : Perl Net::DNS module mresolv in examples -# -# Resolves all IPs in C<@addresses> in parallel. -# If answer is found C<$callback> is called with arguments as: $name, $host. -# -# Author: Elan Ruusamae , (c) 1999-2010 - -## no critic (ProhibitExcessComplexity) -sub mdns { - - my ( $data, $callback ) = @_; - - # number of requests to have outstanding at any time - my $workers = $options ? $options->workers() : 1; - - # timeout per query (seconds) - my $timeout = $options ? $options->get('query-timeout') : $DEFAULT_TIMEOUT; - my $res = init_dns_resolver( $options ? $options->retry() : 0 ); - - my $sel = IO::Select->new(); - my $eof = 0; - - my @addrs = @{$data}; - - my %addrs; - while (1) { - - #---------------------------------------------------------------------- - # Read names until we've filled our quota of outstanding requests. - #---------------------------------------------------------------------- - - while ( !$eof && $sel->count() < $workers ) { - - my $name = shift @addrs; - - if ( !defined $name ) { - debug('reading...EOF.'); - $eof = 1; - last; - } - - debug("reading...$name"); - - my $sock = $res->bgsend($name); - - if ( !defined $sock ) { - verbose 'DNS query error: ' . $res->errorstring; - verbose "Skipping $name"; - } - else { - - # we store in a hash the query we made, as parsing it back from - # response gives different ip for ips with multiple hosts - $addrs{$sock} = $name; - $sel->add($sock); - debug( "name = $name, outstanding = " . $sel->count() ); - - } - - } - - #---------------------------------------------------------------------- - # Wait for any replies. Remove any replies from the outstanding pool. - #---------------------------------------------------------------------- - - my @ready; - my $timed_out = 1; - - debug('waiting for replies'); - - @ready = $sel->can_read($timeout); - - while (@ready) { - - $timed_out = 0; - - debug( 'replies received: ' . scalar @ready ); - - foreach my $sock (@ready) { - - debug('handling a reply'); - - my $addr = $addrs{$sock}; - delete $addrs{$sock}; - $sel->remove($sock); - - my $ans = $res->bgread($sock); - - my $host; - - if ($ans) { - - foreach my $rr ( $ans->answer ) { - - debug('Processing answer'); - - ## no critic(ProhibitDeepNests) - if ( !( $rr->type eq 'A' ) ) { - next; - } - - $host = $rr->address; - - debug("host = $host"); - - # take just the first answer - last; - } - } - else { - - debug( 'no answer: ' . $res->errorstring() ); - - } - - if ( defined $host ) { - - debug("callback( $addr, $host )"); - - } - else { - - debug("callback( $addr, )"); - - } - - &{$callback}( $addr, $host ); - } - - @ready = $sel->can_read(0); - - } - - #---------------------------------------------------------------------- - # If we timed out waiting for replies, remove all entries from the - # outstanding pool. - #---------------------------------------------------------------------- - - if ($timed_out) { - - debug('timeout: clearing the outstanding pool.'); - - foreach my $sock ( $sel->handles() ) { - my $addr = $addrs{$sock}; - delete $addrs{$sock}; - $sel->remove($sock); - - # callback for hosts that timed out - &{$callback}( $addr, q{} ); - } - } - - debug( 'outstanding = ' . $sel->count() . ", eof = $eof" ); - - #---------------------------------------------------------------------- - # We're done if there are no outstanding queries and we've read EOF. - #---------------------------------------------------------------------- - - last if ( $sel->count() == 0 ) && $eof; - } - - return; - -} - -############################################################################## -# Usage : validate( $hostname ); -# Purpose : check if an IP address or host name is valid -# Returns : the IP address corresponding to $hostname -# Arguments : n/a -# Throws : an UNKNOWN error if the argument is not valid -# Comments : n/a -# See also : n/a -sub validate { - - my $hostname = shift; - my $ip = $hostname; - - debug("validate($hostname, $ip)"); - - if ( !is_ipv4($hostname) && !is_ipv6($hostname) ) { - - if ( is_hostname($hostname) ) { - - mdns( - [$hostname], - sub { - my ( $addr, $host ) = @_; - $ip = $host; - } - ); - - if ( !$ip ) { - $plugin->nagios_exit( - Monitoring::Plugin->UNKNOWN, - 'Cannot resolve ' . $hostname - ); - } - - } - - if ( !$ip ) { - $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, - 'Cannot resolve ' . $hostname ); - } - - } - - if ( is_ipv6($ip) ) { - ## no critic (ProhibitMagicNumbers) - $ip = Net::IP::ip_expand_address( $ip, 6 ); - } - - return $ip; - -} - -############################################################################## -# Usage : run(); -# Purpose : main method -# Returns : n/a -# Arguments : n/a -# Throws : n/a -# Comments : n/a -# See also : n/a - -## no critic (ProhibitExcessComplexity) -sub run { - - ################################################################################ - # Initialization - - $plugin = Monitoring::Plugin->new( shortname => 'CHECK_RBL' ); - - my $time = time; - - ######################## - # Command line arguments - - $options = Monitoring::Plugin::Getopt->new( - usage => 'Usage: %s [OPTIONS]', - version => $VERSION, - url => 'http://matteocorti.github.io/check_rbl/', - blurb => 'Check SMTP black- or white- listing status', - ); - - $options->arg( - spec => 'critical|c=i', - help => 'Number of blacklisting servers for a critical warning', - required => 0, - default => 1, - ); - - $options->arg( - spec => 'warning|w=i', - help => 'Number of blacklisting servers for a warning', - required => 0, - default => 1, - ); - - $options->arg( - spec => 'debug|d', - help => 'Prints debugging information', - required => 0, - default => 0, - ); - - $options->arg( - spec => 'server|s=s@', - help => 'RBL server', - required => 1, - ); - - $options->arg( - spec => 'host|H=s', - help => -'SMTP server to check. If hostname is given, it will be resolved to its IP first.', - required => 0, - ); - - $options->arg( - spec => 'url|U=s', - help => 'URL to check. Will be ignored if host is set.', - required => 0, - ); - - $options->arg( - spec => 'retry|r=i', - help => 'Number of times to try a DNS query (default is 4) ', - required => 0, - default => $DEFAULT_RETRIES, - ); - - $options->arg( - spec => 'workers=i', - help => 'Number of parallel checks', - required => 0, - default => $DEFAULT_WORKERS, - ); - - $options->arg( - spec => 'whitelistings|wl', - help => 'Check whitelistings instead of blacklistings', - required => 0, - default => 0, - ); - - $options->arg( - spec => 'query-timeout=i', - help => 'Timeout of the RBL queries', - required => 0, - default => $DEFAULT_QUERY_TIMEOUT, - ); - - $options->arg( - spec => 'append|a=s', - help => 'Append string at the end of the plugin output', - required => 0, - default => $DEFAULT_APPEND_STRING, - ); - - $options->getopts(); - - ############### - # Sanity checks - - if ( $options->critical < $options->warning ) { - $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, - 'critical has to be greater or equal warning' ); - } - - if ( ( !defined $options->host || $options->host eq q{} ) - && ( !defined $options->url || $options->url eq q{} ) ) - { - $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, - 'host or url has to be set' ); - } - - my $check_prefix; - my $check_object; - if ( defined $options->host and $options->host ne q{} ) { - - # if checking for host - # validate ip and resolve hostname if applicable - my $ip = validate( $options->host ); - - # reverse ip order - my $local_ip = $ip; - - if ( is_ipv6($local_ip) ) { - - debug("$local_ip is an IPv6 address"); - - $local_ip = reverse $local_ip; - $local_ip =~ s/://gmxs; - - debug(" $local_ip"); - - } - else { - $local_ip =~ -s/(\d{1,3}) [.] (\d{1,3}) [.] (\d{1,3}) [.] (\d{1,3})/$4.$3.$2.$1/mxs; - } - - $check_prefix = $local_ip; - $check_object = $options->host; - } - else { - # if checking for url, just set the prefix to the url name - $check_prefix = $options->url; - $check_object = $options->url; - } - - my @servers = @{ $options->server }; - - verbose 'Using ' . $options->timeout . " as global script timeout\n"; - alarm $options->timeout; - - ################ - # Set the limits - - # see https://nagios-plugins.org/doc/guidelines.html#THRESHOLDFORMAT - $threshold = Monitoring::Plugin::Threshold->set_thresholds( - warning => $options->warning - 1, - critical => $options->critical - 1, - ); - - ################################################################################ - - my $nservers = scalar @servers; - - verbose 'Checking ' . $check_prefix . " on $nservers server(s)\n"; - - # build address lists - my @addrs; - foreach my $server (@servers) { - my $local_ip = $check_prefix . q{.} . $server; - push @addrs, $local_ip; - } - - mdns( - \@addrs, - sub { - my ( $addr, $host ) = @_; - - if ( defined $host ) { - - debug("callback( $addr, $host )"); - - } - else { - - debug("callback( $addr, )"); - - } - - # extract RBL we checked - $addr =~ s/^(?:[a-f\d][.]){32}//mxs; - $addr =~ s/^(?:\d+[.]){4}//mxs; - if ( defined $host ) { - if ( $host eq q{} ) { - push @timeouts, $addr; - } - else { - verbose "listed in $addr as $host\n"; - if ( !$options->get('whitelistings') ) { - push @listed, $addr . ' (' . $host . ')'; - } - } - } - else { - verbose "not listed in $addr\n"; - if ( $options->get('whitelistings') ) { - push @listed, $addr; - } - } - } - ); - - my $total = scalar @listed; - - my $status; - my $appendstring = $options->append; - if ( $options->get('whitelistings') ) { - - $status = - $check_object - . " NOT WHITELISTED on $total " - . ( ( $total == 1 ) ? 'server' : 'servers' ) - . " of $nservers"; - } - else { - $status = - $check_object - . " BLACKLISTED on $total " - . ( ( $total == 1 ) ? 'server' : 'servers' ) - . " of $nservers"; - - } - - # append timeout info, but do not account these in status - if (@timeouts) { - $timeouts_string = scalar @timeouts; - $status = - " ($timeouts_string server" - . ( ( $timeouts_string > 1 ) ? 's' : q{} ) - . ' timed out: ' - . join( ', ', @timeouts ) . ')'; - } - - if ( $total > 0 ) { - $status .= " (@listed)"; - } - - $plugin->add_perfdata( - label => 'servers', - value => $total, - uom => q{}, - threshold => $threshold, - ); - - $plugin->add_perfdata( - label => 'time', - value => time - $time, - uom => q{s}, - ); - - # append string defined in append argument to status output - if ( $appendstring ne q{} ) { - $status .= " $appendstring"; - } - - $plugin->nagios_exit( $threshold->get_status($total), $status ); - - return; - -} - -1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl.ini nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl.ini --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl.ini 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl.ini 1970-01-01 00:00:00.000000000 +0000 @@ -1,98 +0,0 @@ -[rbl] -server=cbl.abuseat.org -server=bl.deadbeef.com -server=spamtrap.drbl.drand.net -server=spamsources.fabel.dk -server=0spam.fusionzero.com -server=mail-abuse.blacklist.jippg.org -server=korea.services.net -server=spamguard.leadmon.net -server=ix.dnsbl.manitu.net -server=relays.nether.net -server=psbl.surriel.com -server=dyna.spamrats.com -server=noptr.spamrats.com -server=spam.spamrats.com -server=dnsbl.sorbs.net -server=spam.dnsbl.sorbs.net -server=bl.spamcop.net -server=pbl.spamhaus.org -server=sbl.spamhaus.org -server=xbl.spamhaus.org -server=ubl.unsubscore.com -server=dnsbl-1.uceprotect.net -server=dnsbl-2.uceprotect.net -server=dnsbl-3.uceprotect.net -server=db.wpbl.info -server=access.redhawk.org -server=blacklist.sci.kun.nl -server=dnsbl.kempt.net -server=forbidden.icm.edu.pl -server=hil.habeas.com -server=rbl.schulte.org -server=sbl-xbl.spamhaus.org -server=bl.technovision.dk -server=b.barracudacentral.org -server=dnsbl.antispam.or.id -server=drone.abuse.ch -server=dsn.rfc-ignorant.org -server=dul.dnsbl.sorbs.net -server=http.dnsbl.sorbs.net -server=l1.spews.dnsbl.sorbs.net -server=l2.spews.dnsbl.sorbs.net -server=misc.dnsbl.sorbs.net -server=postmaster.rfc-ignorant.org -server=rbl.spamlab.com -server=relays.bl.kunden.de -server=smtp.dnsbl.sorbs.net -server=socks.dnsbl.sorbs.net -server=spam.abuse.ch -server=spamrbl.imp.ch -server=tr.countries.nerd.dk -server=unsure.nether.net -server=virbl.bit.nl -server=web.dnsbl.sorbs.net -server=whois.rfc-ignorant.org -server=wormrbl.imp.ch -server=zen.spamhaus.org -server=zombie.dnsbl.sorbs.net -server=blackholes.five-ten-sg.com -server=blacklist.woody.ch -server=bogons.cymru.com -server=combined.abuse.ch -server=duinv.aupads.org -server=ohps.dnsbl.net.au -server=omrs.dnsbl.net.au -server=orvedb.aupads.org -server=osps.dnsbl.net.au -server=osrs.dnsbl.net.au -server=owfs.dnsbl.net.au -server=owps.dnsbl.net.au -server=probes.dnsbl.net.au -server=proxy.bl.gweep.ca -server=proxy.block.transip.nl -server=rbl.inter.net -server=rdts.dnsbl.net.au -server=relays.bl.gweep.ca -server=residential.block.transip.nl -server=ricn.dnsbl.net.au -server=rmst.dnsbl.net.au -server=spamlist.or.kr -server=t3direct.dnsbl.net.au -server=ubl.lashback.com -server=all.s5h.net -server=dnsbl.anticaptcha.net -server=dnsbl.dronebl.org -server=dnsbl.spfbl.net -server=ips.backscatterer.org -server=singular.ttk.pte.hu -server=spam.dnsbl.anonmails.de -server=spambot.bls.digibase.ca -server=z.mailspike.net - -; these are rather slow -;server=bl.csma.biz -;server=sbl.csma.biz -;server=cdl.anti-spam.org.cn -;server=virus.rbl.jp -;server=short.rbl.jp diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl.pod nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl.pod --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl.pod 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl.pod 1970-01-01 00:00:00.000000000 +0000 @@ -1,145 +0,0 @@ -=pod - -=head1 NAME - -C - a Nagios plugin to check if an SMTP server is blacklisted - -=head1 DESCRIPTION - -check_rbl is a Nagios plugin to check if an SMTP server is blacklisted - -=head1 VERSION - -Version 1.5.0 - -=head1 SYNOPSIS - -check_rbl [--help] [--verbose] [--version] [--timeout t] - -H hostname --server servername - [--critical n] [--warning n] [--workers n] - -=head1 REQUIRED ARGUMENTS - - -s, --server=STRING RBL server (may be repeated) - -=head1 OPTIONS - - -H, --host=STRING SMTP server to check - -U, --url=STRING URL to check. Will be ignored if host is set. - -?, --usage Print usage information - -h, --help Print detailed help screen - -V, --version Print version information - -a, --append=STRING Append string at the end of the plugin output - --extra-opts=[
[@]] Section and/or config_file from which to load extra options (may repeat) - -c, --critical=INTEGER Number of blacklisting servers for a critical warning - -w, --warning=INTEGER Number of blacklisting servers for a warning - -d, --debug Prints debugging information - -r, --retry=INTEGER Number of times to try a DNS query (default is 4) - --workers=INTEGER Number of parallel checks - --whitelistings, --wl Check whitelistings instead of blacklistings - --query-timeout=INTEGER Timeout of the RBL queries - -t, --timeout=INTEGER Seconds before plugin times out (default: 15) - -v, --verbose Show details for command-line debugging (can repeat up to 3 times) - -=head1 EXAMPLE - - check_rbl -t 30 -H matteocorti.ch -s zen.spamhaus.org -s bl.spamcop.net - -=head1 DIAGNOSTICS - -You can specify multiple --verbose options to increase the program -verbosity. --debug can be used to display the process and internals of -the querying mechanism. - -=head1 EXIT STATUS - -0 if OK, 1 in case of a warning, 2 in case of a critical status and 3 -in case of an unknown problem - -=head1 DEPENDENCIES - -check_updates depends on - -=over 4 - -=item * Data::Validate::Domain - -=item * Data::Validate::IP - -=item * Getopt::Long - -=item * IO::Select - -=item * Monitoring::Plugin - -=item * Monitoring::Plugin::Threshold - -=item * Net::DNS - -=item * Readonly - -=back - -=head1 CONFIGURATION - -=head1 INCOMPATIBILITIES - -None reported. - -=head1 SEE ALSO - -Nagios documentation - -=head1 BUGS AND LIMITATIONS - -No bugs have been reported. - -Please report any bugs or feature requests through the -web interface at https://github.com/matteocorti/check_rbl/issues - -=head1 AUTHOR - -Matteo Corti - -=head1 LICENSE AND COPYRIGHT - -Copyright (c) 2010, Elan Ruusamae - -Copyright (c) 2008-2017, Matteo Corti - -This module is free software; you can redistribute it and/or modify it -under the terms of GNU general public license (gpl) version 3. -See the LICENSE file for details. - -=head1 DISCLAIMER OF WARRANTY - -BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT -WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER -PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, -EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION. - -IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE -TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - -=head1 ACKNOWLEDGMENTS - -=encoding iso-8859-1 - -Elan Ruusamäe for the improved parallel support and several fixes - -Victor V Kudlak for parallel support - -Jan Kantert for whitelistings support diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl.spec nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl.spec --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/check_rbl.spec 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/check_rbl.spec 1970-01-01 00:00:00.000000000 +0000 @@ -1,137 +0,0 @@ -%define version 1.5.7 -%define release 0 -%define sourcename check_rbl -%define packagename nagios-plugins-check-rbl -%define nagiospluginsdir %{_libdir}/nagios/plugins - -# No binaries in this package -%define debug_package %{nil} - -Summary: check_rbl is a Nagios plugin to check if an SMTP server is blacklisted -Name: %{packagename} -Obsoletes: check_rbl -Version: %{version} -Release: %{release}%{?dist} -License: GPLv3+ -Packager: Matteo Corti -Group: Applications/System -BuildRoot: %{_tmppath}/%{packagename}-%{version}-%{release}-root-%(%{__id_u} -n) -URL: https://github.com/matteocorti/check_rbl -Source: https://github.com/matteocorti/check_rbl/releases/download/v%{version}/check_rbl-%{version}.tar.gz - -# Fedora build requirement (not needed for EPEL{4,5}) -BuildRequires: perl(ExtUtils::MakeMaker) - -Requires: nagios-plugins - -%description -check_rbl is a Nagios plugin to check if an SMTP server is blacklisted - -%prep -%setup -q -n %{sourcename}-%{version} - -%build -%{__perl} Makefile.PL INSTALLDIRS=vendor \ - INSTALLSCRIPT=%{nagiospluginsdir} \ - INSTALLVENDORSCRIPT=%{nagiospluginsdir} -make %{?_smp_mflags} - -%install -rm -rf %{buildroot} -make pure_install PERL_INSTALL_ROOT=%{buildroot} -find %{buildroot} -type f -name .packlist -exec rm -f {} \; -find %{buildroot} -type f -name "*.pod" -exec rm -f {} \; -find %{buildroot} -depth -type d -exec rmdir {} 2>/dev/null \; -%{_fixperms} %{buildroot}/* - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root,-) -%doc AUTHORS Changes NEWS README.md TODO COPYING COPYRIGHT -%{nagiospluginsdir}/%{sourcename} -%{_mandir}/man1/%{sourcename}.1* - -%changelog -* Sun Jan 3 2021 Matteo Corti - 1.5.7-0 -- Update to 1.5.7 - -* Mon Nov 30 2020 Matteo Corti - 1.5.6-0 -- Update to 1.5.6 - -* Tue May 26 2020 Matteo Corti - 1.5.4-0 -- Update to 1.5.4 - -* Tue Dec 24 2019 Matteo Corti - 1.5.3-0 -- Update to 1.5.3 - -* Tue Dec 03 2019 Matteo Corti - 1.5.2-0 -- Update to 1.5.2 - -* Mon Jun 03 2019 Matteo Corti - 1.5.0-0 -- Update to 1.5.0 - -* Sun Jun 02 2019 Matteo Corti - 1.4.5-0 -- Update to 1.4.5 - -* Thu Feb 28 2019 Matteo Corti - 1.4.4-0 -- Update to 1.4.4 - -* Wed May 30 2018 Matteo Corti - 1.4.3-0 -- Update to 1.4.3 - -* Sun May 27 2018 Matteo Corti - 1.4.2-0 -- Update to 1.4.2 - -* Mon Jul 17 2017 Matteo Corti - 1.4.1-0 -- Update to 1.4.1 - -* Tue Apr 18 2017 Matteo Corti - 1.4.0-0 -- Update to 1.4.0 - -* Wed Dec 30 2015 Matteo Corti - 1.3.8-0 -- Update to 1.3.8 - -* Sun Feb 1 2015 Matteo Corti - 1.3.7-0 -- Update to 1.3.7 (using Monitoring::Plugins) - -* Fri Dec 5 2014 Matteo Corti - 1.3.6-0 -- Updated to 1.3.6 (removed dependency on Data::Dumper) - -* Sat Sep 20 2014 Matteo Corti - 1.3.5-0 -- Updated to 1.3.5 - -* Fri Sep 19 2014 Matteo Corti - 1.3.4-0 -- Updated to 1.3.4 - -* Sat Aug 9 2014 Matteo Corti - 1.3.3-0 -- updated to 1.3.3 - -* Thu Jan 30 2014 Matteo Corti - 1.3.2-0 -- Dependencies and documentation update - -* Mon Jul 11 2011 Matteo Corti - 1.3.0-0 -- Updated to 1.3.0 (whitelistings support) - -* Tue Mar 22 2011 Matteo Corti - 1.2.2-0 -- Updated to 1.2.2 (bug fix) and renamed the package - -* Mon Jul 5 2010 Matteo Corti - 1.2.1-0 -- Updated to 1.2.1 (bug fix) - -* Thu Apr 8 2010 Matteo Corti - 1.2.0-0 -- Updated to 1.2.0 and imprved the SPEC file - -* Tue Oct 27 2009 Matteo Corti - 1.1.0-0 -- Updated to 1.1.0 (parallel checks) - -* Thu Jan 22 2009 Matteo Corti - 1.0.2-0 -- --retry command line argument - -* Tue Jan 6 2009 Matteo Corti - 1.0.1-0 -- Execution time in the performance data - -* Mon Dec 29 2008 Matteo Corti - 1.0.0-0 -- Initial release - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/COPYING nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/COPYING --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/COPYING 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/COPYING 1970-01-01 00:00:00.000000000 +0000 @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/COPYRIGHT nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/COPYRIGHT --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/COPYRIGHT 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/COPYRIGHT 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -Copyright (c) 2009-2021 Matteo Corti -Copyright (c) 2010 Elan Ruusamae -Copyright (c) 2009 ETH Zurich - -with the following individuals added to the list of Contributing Authors - - Victor V Kudlak - Jan Kantert - Nick Nicholas - Michael Orlitzky - Celevra https://github.com/celevra - Claudio Kuenzler - Oliver Rahner - Nikolas Obser - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 3 of the License, or (at -your option) any later version. - -This program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/INSTALL nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/INSTALL --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/INSTALL 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/INSTALL 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ -Build and install check_rbl - -Dependences -=========== - -check_rbl depends on several Perl modules: - - * Data::Validate::Domain - * Data::Validate::IP - * IO::Select - * Monitoring::Plugin - * Monitoring::Plugin::Getopt - * Monitoring::Plugin::Threshold - * Net::DNS - * Net::IP - * Readonly - -Perl modules can be found on the "Comprehensive Perl Archive Network" -(CPAN). The "How to install CPAN modules" guide summarizes how these -can be installed - - http://www.cpan.org/modules/INSTALL.html - -On many systems Perl modules are also available as installation -packages (refer to your system documentation on how to install them). - -The 'perl Makefile.PL' command (see below) will list the missing -packages the you will need to install. - -Install to /usr/lib/nagios/plugins/contrib -========================================== - -In the source directory run: - - perl Makefile.PL - make - make install - -Install to a custom directory (CUSTOM_DIR) -========================================= - -In the source directory run: - - perl Makefile.PL INSTALLSITESCRIPT=CUSTOM_DIR - make - make install - -You can override the INSTALLSCRIPT, INSTALLNBIN or INSTALLSITESCRIPT -variable depending on your perl installation. - -The man page is installed to /usr/share/man/man1/check_rbl.1 -you can customize the path by setting INSTALLMAN1DIR as follows - - perl Makefile.PL INSTALLSCRIPT=CUSTOM_DIR INSTALLMAN1DIR=CUSTOM_MAN_DIR - make - make install - -Manual installation -=================== - -Substitute #!perl at the beginning of the script with the location of -your Perl interpreter and copy it to the desired location - -Generate the man page with pod2man - - pod2man check_rbl.pod > CUSTOM_MAN_FILE - -Please report any bugs or feature requests through the -web interface at https://github.com/matteocorti/check_rbl/issues - -Dependencies on Debian -====================== - -apt-get install libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl libreadonly-perl libmonitoring-plugin-perl - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/Makefile.PL nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/Makefile.PL --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/Makefile.PL 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/Makefile.PL 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -# Load the Module::Install bundled in ./inc/ -use lib '.'; # added since from Perl 5.26 '.' is no more in @INC -use inc::Module::Install; - -############################################################################## -# Define metadata (we read it from the binary) - -name 'check_rbl'; -version_from 'check_rbl'; - -############################################################################## -# Specific dependencies - -my %prereqs = ( - 'Data::Validate::Domain' => 0.12, - 'Data::Validate::IP' => 0, - 'English' => 0, - 'Net::DNS' => 0, - 'Net::IP' => 0, - 'Readonly' => 0, - 'IO::Select' => 0, - 'Monitoring::Plugin' => 0, - 'Monitoring::Plugin::Threshold' => 0, - 'Monitoring::Plugin::Getopt' => 0, -); - -# Net::DNS 1.03 is broken -my $ver = eval { require Net::DNS; $Net::DNS::VERSION }; -if (!$ver || $ver eq '1.03') { - warn 'Net::DNS is broken please downgrade until fixed. See https://rt.cpan.org/Ticket/Display.html?id=108745'; - $prereqs{'Net::DNS'} = '1.04'; -} - -install_script 'check_rbl'; - -auto_install; - -tests 't/*.t'; - -WriteMakefile( - PREREQ_PM => \%prereqs, - INSTALLSCRIPT => '/usr/lib/nagios/plugins/contrib', - INSTALLSITESCRIPT => '/usr/lib/nagios/plugins/contrib', - MAN1PODS => { 'check_rbl.pod' =>'blib/man1/check_rbl.1', }, - MAN3PODS => { }, -); - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/MANIFEST nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/MANIFEST --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/MANIFEST 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/MANIFEST 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -.travis.yml -AUTHORS -Changes -check_rbl -check_rbl.ini -check_rbl.pod -check_rbl.spec -COPYING -COPYRIGHT -inc/Module/AutoInstall.pm -inc/Module/Install.pm -inc/Module/Install/AutoInstall.pm -inc/Module/Install/Base.pm -inc/Module/Install/Include.pm -inc/Module/Install/Makefile.pm -inc/Module/Install/MakeMaker.pm -inc/Module/Install/Metadata.pm -inc/Module/Install/Scripts.pm -INSTALL -Makefile.PL -MANIFEST This list of files -MANIFEST.SKIP -META.yml -MYMETA.json -MYMETA.yml -NEWS -README.md -t/00_modules.t -t/01_validation.t -test.sh -TODO -VERSION diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/MANIFEST.SKIP nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/MANIFEST.SKIP --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/MANIFEST.SKIP 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/MANIFEST.SKIP 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -\.DS_Store$ -^_build -^Build$ -^blib -~$ -\.bak$ -\.sw.$ -\.svn -\.git -\.tdy$ -^cover_db -^Makefile$ -^Makefile.old$ -^pm_to_blib$ -^.# -^# -^check_rbl- -notes.txt diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/NEWS nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/NEWS --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/NEWS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/NEWS 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ -2021-01-03: 1.5.7 - removed emailbasura.org from the documentation and default configuration -2020-11-30: 1.5.6 - bug fix with IPv6 addresses -2020-09-30: 1.5.5 - removed dynip.rothen.com from the documentation and default configuration -2020-05-26: 1.5.4 - removed dnsbl.inps.de from the documentation and default configuration -2019-12-24: 1.5.3 - fixes in the RPM spec file -2019-12-03: 1.5.2 - removed rbl.suresupport.com from the documentation and default configuration -2019-11-25: 1.5.1 - removed megarbl.net from the documentation and default configuration -2019-06-03: 1.5.0 - added the --url option -2019-06-02: 1.4.5 - removing spamcannibal.org from the documentation and default configuration (fixed) -2019-02-28: 1.4.4 - added the --append option -2018-05-30: 1.4.3 - removing spamcannibal.org from the documentation and default configuration -2018-05-25: 1.4.2 - removing dnsbl.cyberlogic.net from the documentation and default configuration -2017-07-17: 1.4.1 - Perl 5.26 support -2017-04-18: 1.4.0 - IPv6 support -2016-06-07: 1.3.8 - allowing Nagios::Plugins for older distributions -2015-02-01: 1.3.7 - now depends on Monitoring::Plugins (Nagios::Plugins - is deprecated) -2014-12-05: 1.3.6 - removed dependency on Data::Dumper -2014-09-21: 1.3.5 - fixed the default critical and warning range -2014-09-20: 1.3.4 - parameter validation fix -2014-08-09: 1.3.3 - parameter validation -2014-01-30: 1.3.2 - documentation and dependecies update -2013-09-26: 1.3.1 - disabled embedded Perl -2011-07-11: 1.3.0 - whitelistings support -2011-03-22: 1.2.2 - bug fix release (dependencies fixed) -2010-07-05: 1.2.1 - bug fix release (see Changes) -2010-04-08: 1.2.0 - improved parallel checks and several fixes -2009-10-27: 1.1.0 - parallel checks -2009- : 1.0.2 - --retry command line argument to specify DNS retries -2009-01-06: 1.0.1 - Execution time in the performance data -2008-12-29: 1.0.0 - Initial release diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/README.md nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/README.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/README.md 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/README.md 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ - - (c) Matteo Corti, ETH Zurich, 2009-2012 - - (c) Matteo Corti, 2009-2021 - - see AUTHORS for the complete list of contributors - -# check_rbl - -A Nagios plugin to check if an SMTP server is blacklisted - -## Note - -Some blacklister as Spamhaus ban DNS queries from public DNS -resolvers as Google resulting in no host being listed. If you are -experiencing problems with the plugin just try the DNS query with a -tool as nslookup to check your DNS configuration. - -## Known bugs and problems - -Needs ```Data::Validate::Domain``` 0.12 to handle fully qualified host names with an ending dot (e.g., "example.org.") - -## Example - -``` -check_rbl -H example.org -t 60 -c 1 -w 1 -s cbl.abuseat.org -s bl.deadbeef.com -s spamtrap.drbl.drand.net -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s relays.nether.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s ubl.unsubscore.com -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s blacklist.sci.kun.nl -s dnsbl.kempt.net -s forbidden.icm.edu.pl -s hil.habeas.com -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s bl.technovision.dk -s b.barracudacentral.org -s dnsbl.antispam.or.id -s drone.abuse.ch -s dsn.rfc-ignorant.org -s dul.dnsbl.sorbs.net -s http.dnsbl.sorbs.net -s l1.spews.dnsbl.sorbs.net -s l2.spews.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s postmaster.rfc-ignorant.org -s rbl.spamlab.com -s relays.bl.kunden.de -s smtp.dnsbl.sorbs.net -s socks.dnsbl.sorbs.net -s spam.abuse.ch -s spamrbl.imp.ch -s tr.countries.nerd.dk -s unsure.nether.net -s virbl.bit.nl -s web.dnsbl.sorbs.net -s whois.rfc-ignorant.org -s wormrbl.imp.ch -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s blackholes.five-ten-sg.com -s blacklist.woody.ch -s bogons.cymru.com -s combined.abuse.ch -s duinv.aupads.org -s ohps.dnsbl.net.au -s omrs.dnsbl.net.au -s orvedb.aupads.org -s osps.dnsbl.net.au -s osrs.dnsbl.net.au -s owfs.dnsbl.net.au -s owps.dnsbl.net.au -s probes.dnsbl.net.au -s proxy.bl.gweep.ca -s proxy.block.transip.nl -s rbl.inter.net -s rdts.dnsbl.net.au -s relays.bl.gweep.ca -s residential.block.transip.nl -s ricn.dnsbl.net.au -s rmst.dnsbl.net.au -s spamlist.or.kr -s t3direct.dnsbl.net.au -s ubl.lashback.com -s all.s5h.net -s dnsbl.anticaptcha.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s spambot.bls.digibase.ca -s z.mailspike.net -``` - -## Bugs -Please report any bugs or feature requests through the -web interface at https://github.com/matteocorti/check_rbl/issues diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/t/00_modules.t nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/t/00_modules.t --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/t/00_modules.t 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/t/00_modules.t 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -#!perl - -use 5.00800; - -use strict; -use warnings; - -use Test::More tests => 33; - -our $VERSION = '1.5.4'; - -use_ok('Monitoring::Plugin'); -can_ok( 'Monitoring::Plugin', 'new' ); -can_ok( 'Monitoring::Plugin', 'nagios_exit' ); -can_ok( 'Monitoring::Plugin', 'add_perfdata' ); -can_ok( 'Monitoring::Plugin', 'perfdata' ); - -use_ok( 'Monitoring::Plugin' . '::Getopt' ); -can_ok( 'Monitoring::Plugin' . '::Getopt', 'new' ); -can_ok( 'Monitoring::Plugin' . '::Getopt', 'arg' ); -can_ok( 'Monitoring::Plugin' . '::Getopt', 'getopts' ); -can_ok( 'Monitoring::Plugin' . '::Getopt', 'get' ); - -use_ok( 'Monitoring::Plugin' . '::Threshold' ); -can_ok( 'Monitoring::Plugin' . '::Threshold', 'new' ); -can_ok( 'Monitoring::Plugin' . '::Threshold', 'set_thresholds' ); - -use_ok('IO::Select'); -can_ok( 'IO::Select', 'new' ); -can_ok( 'IO::Select', 'count' ); -can_ok( 'IO::Select', 'can_read' ); -can_ok( 'IO::Select', 'remove' ); -can_ok( 'IO::Select', 'handles' ); - -use_ok('Net::DNS::Resolver'); -can_ok( 'Net::DNS::Resolver', 'new' ); -can_ok( 'Net::DNS::Resolver', 'can' ); -can_ok( 'Net::DNS::Resolver', 'bgsend' ); -can_ok( 'Net::DNS::Resolver', 'bgread' ); - -use_ok('English'); -use_ok('Readonly'); - -use_ok('Net::IP'); -can_ok( 'Net::IP', 'ip_expand_address' ); - -use_ok('Data::Validate::Domain'); -can_ok( 'Data::Validate::Domain', 'is_hostname' ); - -use_ok('Data::Validate::IP'); -can_ok( 'Data::Validate::IP', 'is_ipv4' ); -can_ok( 'Data::Validate::IP', 'is_ipv6' ); - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/t/01_validation.t nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/t/01_validation.t --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/t/01_validation.t 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/t/01_validation.t 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -#!perl - -use 5.00800; - -use strict; -use warnings; - -use File::Spec; -use Test::More tests => 1; - -our $VERSION = '1.4.0'; - -my $check_rbl = File::Spec->catfile(qw(blib script check_rbl)); - -require_ok($check_rbl); - -1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/test.sh nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/test.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/test.sh 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/test.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -#!/bin/sh - -# Our one non-success exit code. -EXIT_BAD_ARGS=1 - -if [ $# -lt 1 ]; then - echo "Usage: $0 " - echo '' - echo ' the IP to check against a bunch of blacklists.' - echo '' - exit $EXIT_BAD_ARGS -else - IP_ADDR="${1}" -fi - - - -perl ./check_rbl -H "$IP_ADDR" \ - -t 60 \ - -c 1 \ - -w 1 \ - -v \ - -s cbl.abuseat.org -s bl.deadbeef.com -s spamtrap.drbl.drand.net -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s relays.nether.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s ubl.unsubscore.com -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s blacklist.sci.kun.nl -s dnsbl.kempt.net -s forbidden.icm.edu.pl -s hil.habeas.com -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s bl.technovision.dk -s b.barracudacentral.org -s dnsbl.antispam.or.id -s drone.abuse.ch -s dsn.rfc-ignorant.org -s dul.dnsbl.sorbs.net -s http.dnsbl.sorbs.net -s l1.spews.dnsbl.sorbs.net -s l2.spews.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s postmaster.rfc-ignorant.org -s rbl.spamlab.com -s relays.bl.kunden.de -s smtp.dnsbl.sorbs.net -s socks.dnsbl.sorbs.net -s spam.abuse.ch -s spamrbl.imp.ch -s tr.countries.nerd.dk -s unsure.nether.net -s virbl.bit.nl -s web.dnsbl.sorbs.net -s whois.rfc-ignorant.org -s wormrbl.imp.ch -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s blackholes.five-ten-sg.com -s blacklist.woody.ch -s bogons.cymru.com -s combined.abuse.ch -s duinv.aupads.org -s ohps.dnsbl.net.au -s omrs.dnsbl.net.au -s orvedb.aupads.org -s osps.dnsbl.net.au -s osrs.dnsbl.net.au -s owfs.dnsbl.net.au -s owps.dnsbl.net.au -s probes.dnsbl.net.au -s proxy.bl.gweep.ca -s proxy.block.transip.nl -s rbl.inter.net -s rdts.dnsbl.net.au -s relays.bl.gweep.ca -s residential.block.transip.nl -s ricn.dnsbl.net.au -s rmst.dnsbl.net.au -s spamlist.or.kr -s t3direct.dnsbl.net.au -s ubl.lashback.com -s all.s5h.net -s dnsbl.anticaptcha.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s spambot.bls.digibase.ca -s z.mailspike.net diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/TODO nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/TODO --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/TODO 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/TODO 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -* refactor mdns to reduce code complexity -* unit tests diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/.travis.yml nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/.travis.yml --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/.travis.yml 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/.travis.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -language: perl -perl: - - '5.26' - - '5.24' - - '5.22' - - '5.20' - - '5.18' - - '5.16' - - '5.14' - - '5.12' - - '5.10' diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/VERSION nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/VERSION --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.5.7/VERSION 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.5.7/VERSION 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -1.5.7 \ No newline at end of file diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/AUTHORS nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/AUTHORS --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/AUTHORS 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/AUTHORS 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,14 @@ +Matteo Corti + +Thanks: + +* Many thanks to Elan Ruusamäe for the improved parallel support and several fixes +* Many thanks to Victor V Kudlak for the parallel support +* Many thanks to Jan Kantert for the whitelisting support +* Many thanks to Nick Nicholas for IPv6 support +* Many thanks to Michael Orlitzky for the test.sh usage patch +* Many thanks to Celevra https://github.com/celevra for the Debian/Ubuntu documentation update +* Many thanks to Claudio Kuenzler https://github.com/Napsty for the append patch and several improvements +* Many thanks to Oliver Rahner https://github.com/oliverrahner for the --url patch +* Many thanks to Nikolas Obser https://github.com/nikolasobser for the symlink patch +* Many thanks to waja (https://github.com/waja) for the dnsbl.inps.de patch diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/Changes nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/Changes --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/Changes 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/Changes 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,167 @@ +2021-12-16 Matteo Corti + + * check_rbl (run): Remove the dot at the end of FQDN + +2021-06-01 Matteo Corti + + * check_rbl (run): Fixed a bug in the resolution of IPv6 addresses + +2021-05-27 Matteo Corti + + * check_rbl (run): Adds the host name to the status if the input is an IP address. + * check_rbl (run): Fixes the output in case of timeout + +2020-11-30 Matteo Corti + + * check_rbl: Removes unnecessary dot in IPv6 addresses + +2020-05-26 Matteo Corti + + * check_rbl: Removed old Nagios CPAN modules + +2019-12-03 Matteo Corti + + * Version 1.5.2 + * removing rbl.suresupport.com from the documentation and default configuration + +2019-11-25 Matteo Corti + + * Version 1.5.1 + * removing rbl.megarbl.net from the documentation and default configuration + +2019-06-03 Matteo Corti + + * check_rbl: applied patch with the --url option + +2019-06-02 Matteo Corti + + * Version 1.4.5 + * removing spamcannibal.org from the documentation and default configuration (fixed) + +2019-02-28 Matteo Corti + + * Version 1.4.4 + * check_rbl: applied --append patch + +2018-05-30 Matteo Corti + + * Version 1.4.3 + * check_rbl.ini: Removed bl.spamcannibal.org + +2018-05-27 Matteo Corti + + * Version 1.4.2 + * check_rbl.ini: Removed dnsbl.cyberlogic.net + +2017-07-17 Matteo Corti + + * Version 1.4.1 + * check_rbl: Perl 5.26 support ('.' missing from @INC) + +2017-04-18 Matteo Corti + + * Version 1.4.0 + * check_rbl: IPv6 support + +2016-06-06 Matteo Corti + + * Version 1.3.8 + * Makefile.PL: Requiring Data::Validate::Domain 0.12 to support FQDN ending with a dot + +2015-12-30 Matteo Corti + + * Makefile.PL: allowing Nagios::Plugin for older distributions + +2015-12-22 Matteo Corti + + * check_rbl: added missing dependencies from INSTALL + +2015-02-01 Matteo Corti + + * Version 1.3.7 + * check_rbl: switching to Monitoring::Plugin + (as Nagios::Plugin is deprecated) + +2014-12-05 Matteo Corti + + * Version 1.3.6 + * example.pl: removed unnecessary dependency on Data::Dumper + +2014-09-20 Matteo Corti + + * Version 1.3.5 + * check_rbl: fixed the default critical and warning range + +2014-09-19 Matteo Corti + + * Version 1.3.4 + * check_rbl: removed wrong test on the DNS servers + * check_rbl: fixed the threshold range + +2014-08-09 Matteo Corti + + * Version 1.3.3 + * More argument validation + +2014-01-30 Matteo Corti + + * Version 1.3.2 + * Documentation and dependencies update + +2013-09-26 Matteo Corti + + * Version 1.3.1 + * check_rbl: disabled embedded Perl + +2012-08-31 Matteo Corti + + * check_rbl: fixed a possible variable name conflict + +2012-01-25 Matteo Corti + + * Added a note on public DNS resolvers (as Google) by being banned + from Spamhaus + +2011-07-11 Matteo Corti + + * Version 1.3.0 + * check_rbl: applied patch from Jan Kantert to support whitelists + * added support for unit tests + +2011-03-22 Matteo Corti + + * Version 1.2.2 + * check_rbl: specified the dependency on Nagios::Plugin > 0.31 + (earlier versions caused parameter parsing errors, + thanks to Elan Ruusamäe) + +2010-07-05 Matteo Corti + + * Version 1.2.1 + * check_rbl: fixed a problem with operator precedence that made some + checks fail + +2010-04-07 Matteo Corti + + * Version 1.2.0 + * check_rbl: applied patch to report the hostname being checked + and increase the verbosity (#66) + * check_rbl.ini: sample configuration file + * check_rbl: removed unnecessary dependencies + * check_rbl: applied the patch from #69 (improved parallelism) + +2009-10-27 Matteo Corti + + * check_rbl: applied patch to parallelize the checks + +2009-01-22 Matteo Corti + + * check_rbl: command line argument to set the number of tries in DNS queries + +2009-01-06 Matteo Corti + + * check_rbl: execution time in the performance data + +2008-12-29 Matteo Corti + + * check_rbl: Initial release diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,685 @@ +#!perl + +# nagios: -epn + +package main; + +# check_rbl is a Nagios plugin to check if an SMTP server is black- or +# white- listed +# +# See the INSTALL file for installation instructions +# +# Copyright (c) 2009-2021 Matteo Corti +# Copyright (c) 2009 ETH Zurich. +# Copyright (c) 2010 Elan Ruusamae . +# +# This module is free software; you can redistribute it and/or modify it +# under the terms of GNU general public license (gpl) version 3. +# See the LICENSE file for details. + +use strict; +use warnings; + +our $VERSION = '1.6.3'; + +use Data::Validate::Domain qw(is_hostname); +use Data::Validate::IP qw(is_ipv4 is_ipv6); +use IO::Select; +use Net::DNS; +use Net::IP qw(ip_expand_address); +use Readonly; +use English qw(-no_match_vars); +use Socket qw( NI_NUMERICSERV SOCK_RAW getaddrinfo getnameinfo); + +use Monitoring::Plugin; +use Monitoring::Plugin::Threshold; +use Monitoring::Plugin::Getopt; + +Readonly our $DEFAULT_TIMEOUT => 15; +Readonly our $DEFAULT_RETRIES => 4; +Readonly our $DEFAULT_WORKERS => 20; +Readonly our $DEFAULT_QUERY_TIMEOUT => 15; +Readonly our $DEFAULT_APPEND_STRING => q{}; + +# IMPORTANT: Nagios plugins could be executed using embedded perl in this case +# the main routine would be executed as a subroutine and all the +# declared subroutines would therefore be inner subroutines +# This will cause all the global lexical variables not to stay shared +# in the subroutines! +# +# All variables are therefore declared as package variables... +# + +## no critic (ProhibitPackageVars) +our ( @listed, @timeouts, $options, $plugin, $threshold, $timeouts_string, ); + +############################################################################## +# Usage : debug("some message string") +# Purpose : write a message if the debugging option was specified +# Returns : n/a +# Arguments : message : message string +# Throws : n/a +# Comments : n/a +# See also : n/a +sub debug { + + # arguments + my $message = shift; + + if ( !defined $message ) { + $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, + q{Internal error: not enough parameters for 'debug'} ); + } + + if ( $options && $options->debug() ) { + ## no critic (RequireCheckedSyscall) + print "[DBG] $message\n"; + } + + return; + +} + +############################################################################## +# Usage : verbose("some message string", $optional_verbosity_level); +# Purpose : write a message if the verbosity level is high enough +# Returns : n/a +# Arguments : message : message string +# level : options verbosity level +# Throws : n/a +# Comments : n/a +# See also : n/a +sub verbose { + + # arguments + my $message = shift; + my $level = shift; + + if ( !defined $message ) { + $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, + q{Internal error: not enough parameters for 'verbose'} ); + } + + if ( !defined $level ) { + $level = 0; + } + + if ( $level < $options->verbose ) { + if ( !print $message ) { + $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, + 'Error: cannot write to STDOUT' ); + } + } + + return; + +} + +# the script is declared as a package so that it can be unit tested +# but it should not be used as a module +if ( !caller ) { + run(); +} + +############################################################################## +# Usage : my $res = init_dns_resolver( $retries ) +# Purpose : Initializes a new DNS resolver +# Arguments : retries : number of retries +# Returns : The newly created resolver +# See also : Perl Net::DNS +sub init_dns_resolver { + + my $retries = shift; + + my $res = Net::DNS::Resolver->new(); + if ( $res->can('force_v4') ) { + $res->force_v4(1); + } + + if ($retries) { + $res->retry($retries); + } + + return $res; +} + +############################################################################## +# Usage : mdns(\@addresses, $callback) +# Purpose : Perform multiple DNS lookups in parallel +# Returns : n/a +# See also : Perl Net::DNS module mresolv in examples +# +# Resolves all IPs in C<@addresses> in parallel. +# If answer is found C<$callback> is called with arguments as: $name, $host. +# +# Author: Elan Ruusamae , (c) 1999-2010 + +## no critic (ProhibitExcessComplexity) +sub mdns { + + my ( $data, $callback ) = @_; + + # number of requests to have outstanding at any time + my $workers = $options ? $options->workers() : 1; + + # timeout per query (seconds) + my $timeout = $options ? $options->get('query-timeout') : $DEFAULT_TIMEOUT; + my $res = init_dns_resolver( $options ? $options->retry() : 0 ); + + my $sel = IO::Select->new(); + my $eof = 0; + + my @addrs = @{$data}; + + my %addrs; + while (1) { + + #---------------------------------------------------------------------- + # Read names until we've filled our quota of outstanding requests. + #---------------------------------------------------------------------- + + while ( !$eof && $sel->count() < $workers ) { + + my $name = shift @addrs; + + if ( !defined $name ) { + debug('reading...EOF.'); + $eof = 1; + last; + } + + debug("reading...$name"); + + my $sock = $res->bgsend($name); + + if ( !defined $sock ) { + verbose 'DNS query error: ' . $res->errorstring; + verbose "Skipping $name"; + } + else { + + # we store in a hash the query we made, as parsing it back from + # response gives different ip for ips with multiple hosts + $addrs{$sock} = $name; + $sel->add($sock); + debug( "name = $name, outstanding = " . $sel->count() ); + + } + + } + + #---------------------------------------------------------------------- + # Wait for any replies. Remove any replies from the outstanding pool. + #---------------------------------------------------------------------- + + my @ready; + my $timed_out = 1; + + debug('waiting for replies'); + + @ready = $sel->can_read($timeout); + + while (@ready) { + + $timed_out = 0; + + debug( 'replies received: ' . scalar @ready ); + + foreach my $sock (@ready) { + + debug('handling a reply'); + + my $addr = $addrs{$sock}; + delete $addrs{$sock}; + $sel->remove($sock); + + my $ans = $res->bgread($sock); + + my $host; + + if ($ans) { + + foreach my $rr ( $ans->answer ) { + + debug('Processing answer'); + + ## no critic(ProhibitDeepNests) + if ( !( $rr->type eq 'A' ) ) { + next; + } + + $host = $rr->address; + + debug("host = $host"); + + # take just the first answer + last; + } + } + else { + + debug( 'no answer: ' . $res->errorstring() ); + + } + + if ( defined $host ) { + + debug("callback( $addr, $host )"); + + } + else { + + debug("callback( $addr, )"); + + } + + &{$callback}( $addr, $host ); + } + + @ready = $sel->can_read(0); + + } + + #---------------------------------------------------------------------- + # If we timed out waiting for replies, remove all entries from the + # outstanding pool. + #---------------------------------------------------------------------- + + if ($timed_out) { + + debug('timeout: clearing the outstanding pool.'); + + foreach my $sock ( $sel->handles() ) { + my $addr = $addrs{$sock}; + delete $addrs{$sock}; + $sel->remove($sock); + + # callback for hosts that timed out + &{$callback}( $addr, q{} ); + } + } + + debug( 'outstanding = ' . $sel->count() . ", eof = $eof" ); + + #---------------------------------------------------------------------- + # We're done if there are no outstanding queries and we've read EOF. + #---------------------------------------------------------------------- + + last if ( $sel->count() == 0 ) && $eof; + } + + return; + +} + +############################################################################## +# Usage : validate( $hostname ); +# Purpose : check if an IP address or host name is valid +# Returns : the IP address corresponding to $hostname +# Arguments : n/a +# Throws : an UNKNOWN error if the argument is not valid +# Comments : n/a +# See also : n/a +sub validate { + + my $hostname = shift; + my $ip = $hostname; + + debug("validate($hostname, $ip)"); + + if ( !is_ipv4($hostname) && !is_ipv6($hostname) ) { + + if ( is_hostname($hostname) ) { + + mdns( + [$hostname], + sub { + my ( $addr, $host ) = @_; + $ip = $host; + } + ); + + if ( !$ip ) { + $plugin->nagios_exit( + Monitoring::Plugin->UNKNOWN, + 'Cannot resolve ' . $hostname + ); + } + + } + + if ( !$ip ) { + $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, + 'Cannot resolve ' . $hostname ); + } + + } + + if ( is_ipv6($ip) ) { + ## no critic (ProhibitMagicNumbers) + $ip = Net::IP::ip_expand_address( $ip, 6 ); + } + + return $ip; + +} + +############################################################################## +# Usage : run(); +# Purpose : main method +# Returns : n/a +# Arguments : n/a +# Throws : n/a +# Comments : n/a +# See also : n/a + +## no critic (ProhibitExcessComplexity) +sub run { + + ################################################################################ + # Initialization + + $plugin = Monitoring::Plugin->new( shortname => 'CHECK_RBL' ); + + my $time = time; + + ######################## + # Command line arguments + + $options = Monitoring::Plugin::Getopt->new( + usage => 'Usage: %s [OPTIONS]', + version => $VERSION, + url => 'http://matteocorti.github.io/check_rbl/', + blurb => 'Check SMTP black- or white- listing status', + ); + + $options->arg( + spec => 'critical|c=i', + help => 'Number of blacklisting servers for a critical warning', + required => 0, + default => 1, + ); + + $options->arg( + spec => 'warning|w=i', + help => 'Number of blacklisting servers for a warning', + required => 0, + default => 1, + ); + + $options->arg( + spec => 'debug|d', + help => 'Prints debugging information', + required => 0, + default => 0, + ); + + $options->arg( + spec => 'server|s=s@', + help => 'RBL server', + required => 1, + ); + + $options->arg( + spec => 'host|H=s', + help => +'SMTP server to check. If hostname is given, it will be resolved to its IP first.', + required => 0, + ); + + $options->arg( + spec => 'url|U=s', + help => 'URL to check. Will be ignored if host is set.', + required => 0, + ); + + $options->arg( + spec => 'retry|r=i', + help => 'Number of times to try a DNS query (default is 4) ', + required => 0, + default => $DEFAULT_RETRIES, + ); + + $options->arg( + spec => 'workers=i', + help => 'Number of parallel checks', + required => 0, + default => $DEFAULT_WORKERS, + ); + + $options->arg( + spec => 'whitelistings|wl', + help => 'Check whitelistings instead of blacklistings', + required => 0, + default => 0, + ); + + $options->arg( + spec => 'query-timeout=i', + help => 'Timeout of the RBL queries', + required => 0, + default => $DEFAULT_QUERY_TIMEOUT, + ); + + $options->arg( + spec => 'append|a=s', + help => 'Append string at the end of the plugin output', + required => 0, + default => $DEFAULT_APPEND_STRING, + ); + + $options->getopts(); + + ############### + # Sanity checks + + if ( $options->critical < $options->warning ) { + $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, + 'critical has to be greater or equal warning' ); + } + + if ( ( !defined $options->host || $options->host eq q{} ) + && ( !defined $options->url || $options->url eq q{} ) ) + { + $plugin->nagios_exit( Monitoring::Plugin->UNKNOWN, + 'host or url has to be set' ); + } + + # if present remove the trailing dot from the FQDN + # see https://serverfault.com/questions/803033/should-i-append-a-dot-at-the-end-of-my-dns-urls + my $host = $options->host; + if ( defined $host ) { + $host =~ s/[.]$//mxs; + } + + my $check_prefix; + my $check_object; + if ( defined $options->host and $options->host ne q{} ) { + + # if checking for host + # validate ip and resolve hostname if applicable + my $ip = validate($host); + + # reverse ip order + my $local_ip = $ip; + + if ( is_ipv6($local_ip) ) { + + debug("$local_ip is an IPv6 address"); + + $local_ip = reverse $local_ip; + $local_ip =~ s/://gmxs; + + $local_ip = join q{.}, split //ms, $local_ip; + + debug(" $local_ip"); + + } + else { + $local_ip =~ +s/(\d{1,3}) [.] (\d{1,3}) [.] (\d{1,3}) [.] (\d{1,3})/$4.$3.$2.$1/mxs; + } + + $check_prefix = $local_ip; + $check_object = $host; + } + else { + # if checking for url, just set the prefix to the url name + $check_prefix = $options->url; + $check_object = $options->url; + } + + my @servers = @{ $options->server }; + + verbose 'Using ' . $options->timeout . " as global script timeout\n"; + alarm $options->timeout; + + ################ + # Set the limits + + # see https://nagios-plugins.org/doc/guidelines.html#THRESHOLDFORMAT + $threshold = Monitoring::Plugin::Threshold->set_thresholds( + warning => $options->warning - 1, + critical => $options->critical - 1, + ); + + ################################################################################ + + my $nservers = scalar @servers; + + verbose 'Checking ' . $check_prefix . " on $nservers server(s)\n"; + + # build address lists + my @addrs; + foreach my $server (@servers) { + my $local_ip = $check_prefix . q{.} . $server; + push @addrs, $local_ip; + } + + mdns( + \@addrs, + sub { + my ( $addr, $mdns_host ) = @_; + + if ( defined $mdns_host ) { + + debug("callback( $addr, $mdns_host )"); + + } + else { + + debug("callback( $addr, )"); + + } + + # extract RBL we checked + $addr =~ s/^(?:[a-f\d][.]){32}//mxs; + $addr =~ s/^(?:\d+[.]){4}//mxs; + + if ( defined $mdns_host ) { + if ( $mdns_host eq q{} ) { + push @timeouts, $addr; + } + else { + verbose "listed in $addr as $mdns_host\n"; + if ( !$options->get('whitelistings') ) { + push @listed, $addr . ' (' . $mdns_host . ')'; + } + } + } + else { + verbose "not listed in $addr\n"; + if ( $options->get('whitelistings') ) { + push @listed, $addr; + } + } + } + ); + + my $total = scalar @listed; + + if ( is_ipv4($check_object) || is_ipv6($check_object) ) { + +# if the input is an IP address we try to do a reverse DNS lookup to display the FQDN +# we ignore errors since in case of failure we can just skip the information + + my $err; + my @res; + my $fqdn; + + ( $err, @res ) = + getaddrinfo( $check_object, q{}, { socktype => SOCK_RAW } ); + + if ( !$err ) { + + while ( my $ai = shift @res ) { + ( $err, $fqdn ) = getnameinfo( $ai->{addr}, NI_NUMERICSERV ); + if ( !$err ) { + $check_object = "$check_object ($fqdn)"; + last; + } + } + + } + + } + + my $status; + my $appendstring = $options->append; + + if ( $options->get('whitelistings') ) { + + $status = + $check_object + . " NOT WHITELISTED on $total " + . ( ( $total == 1 ) ? 'server' : 'servers' ) + . " of $nservers"; + } + else { + $status = + $check_object + . " BLACKLISTED on $total " + . ( ( $total == 1 ) ? 'server' : 'servers' ) + . " of $nservers"; + + } + + if ( $total > 0 ) { + $status .= " (@listed)"; + } + + # append timeout info, but do not account these in status + if (@timeouts) { + $timeouts_string = scalar @timeouts; + $status .= + " ($timeouts_string server" + . ( ( $timeouts_string > 1 ) ? 's' : q{} ) + . ' timed out: ' + . join( ', ', @timeouts ) . ')'; + } + + $plugin->add_perfdata( + label => 'servers', + value => $total, + uom => q{}, + threshold => $threshold, + ); + + $plugin->add_perfdata( + label => 'time', + value => time - $time, + uom => q{s}, + ); + + # append string defined in append argument to status output + if ( $appendstring ne q{} ) { + $status .= " $appendstring"; + } + + $plugin->nagios_exit( $threshold->get_status($total), $status ); + + return; + +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl.ini nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl.ini --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl.ini 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl.ini 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,97 @@ +[rbl] +server=cbl.abuseat.org +server=bl.deadbeef.com +server=spamtrap.drbl.drand.net +server=spamsources.fabel.dk +server=0spam.fusionzero.com +server=mail-abuse.blacklist.jippg.org +server=korea.services.net +server=spamguard.leadmon.net +server=ix.dnsbl.manitu.net +server=relays.nether.net +server=psbl.surriel.com +server=dyna.spamrats.com +server=noptr.spamrats.com +server=spam.spamrats.com +server=dnsbl.sorbs.net +server=spam.dnsbl.sorbs.net +server=bl.spamcop.net +server=pbl.spamhaus.org +server=sbl.spamhaus.org +server=xbl.spamhaus.org +server=ubl.unsubscore.com +server=dnsbl-1.uceprotect.net +server=dnsbl-2.uceprotect.net +server=dnsbl-3.uceprotect.net +server=db.wpbl.info +server=access.redhawk.org +server=blacklist.sci.kun.nl +server=dnsbl.kempt.net +server=forbidden.icm.edu.pl +server=hil.habeas.com +server=rbl.schulte.org +server=sbl-xbl.spamhaus.org +server=bl.technovision.dk +server=b.barracudacentral.org +server=dnsbl.antispam.or.id +server=drone.abuse.ch +server=dsn.rfc-ignorant.org +server=dul.dnsbl.sorbs.net +server=http.dnsbl.sorbs.net +server=l1.spews.dnsbl.sorbs.net +server=l2.spews.dnsbl.sorbs.net +server=misc.dnsbl.sorbs.net +server=postmaster.rfc-ignorant.org +server=rbl.spamlab.com +server=relays.bl.kunden.de +server=smtp.dnsbl.sorbs.net +server=socks.dnsbl.sorbs.net +server=spam.abuse.ch +server=spamrbl.imp.ch +server=tr.countries.nerd.dk +server=unsure.nether.net +server=virbl.bit.nl +server=web.dnsbl.sorbs.net +server=whois.rfc-ignorant.org +server=wormrbl.imp.ch +server=zen.spamhaus.org +server=zombie.dnsbl.sorbs.net +server=blackholes.five-ten-sg.com +server=blacklist.woody.ch +server=bogons.cymru.com +server=combined.abuse.ch +server=duinv.aupads.org +server=ohps.dnsbl.net.au +server=omrs.dnsbl.net.au +server=orvedb.aupads.org +server=osps.dnsbl.net.au +server=osrs.dnsbl.net.au +server=owfs.dnsbl.net.au +server=owps.dnsbl.net.au +server=probes.dnsbl.net.au +server=proxy.bl.gweep.ca +server=proxy.block.transip.nl +server=rbl.inter.net +server=rdts.dnsbl.net.au +server=relays.bl.gweep.ca +server=residential.block.transip.nl +server=ricn.dnsbl.net.au +server=rmst.dnsbl.net.au +server=spamlist.or.kr +server=t3direct.dnsbl.net.au +server=ubl.lashback.com +server=all.s5h.net +server=dnsbl.dronebl.org +server=dnsbl.spfbl.net +server=ips.backscatterer.org +server=singular.ttk.pte.hu +server=spam.dnsbl.anonmails.de +server=spambot.bls.digibase.ca +server=z.mailspike.net + +; these are rather slow +;server=bl.csma.biz +;server=sbl.csma.biz +;server=cdl.anti-spam.org.cn +;server=virus.rbl.jp +;server=short.rbl.jp diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl.pod nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl.pod --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl.pod 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl.pod 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,145 @@ +=pod + +=head1 NAME + +C - a Nagios plugin to check if an SMTP server is blacklisted + +=head1 DESCRIPTION + +check_rbl is a Nagios plugin to check if an SMTP server is blacklisted + +=head1 VERSION + +Version 1.6.0 + +=head1 SYNOPSIS + +check_rbl [--help] [--verbose] [--version] [--timeout t] + -H hostname --server servername + [--critical n] [--warning n] [--workers n] + +=head1 REQUIRED ARGUMENTS + + -s, --server=STRING RBL server (may be repeated) + +=head1 OPTIONS + + -H, --host=STRING SMTP server to check + -U, --url=STRING URL to check. Will be ignored if host is set. + -?, --usage Print usage information + -h, --help Print detailed help screen + -V, --version Print version information + -a, --append=STRING Append string at the end of the plugin output + --extra-opts=[
[@]] Section and/or config_file from which to load extra options (may repeat) + -c, --critical=INTEGER Number of blacklisting servers for a critical warning + -w, --warning=INTEGER Number of blacklisting servers for a warning + -d, --debug Prints debugging information + -r, --retry=INTEGER Number of times to try a DNS query (default is 4) + --workers=INTEGER Number of parallel checks + --whitelistings, --wl Check whitelistings instead of blacklistings + --query-timeout=INTEGER Timeout of the RBL queries + -t, --timeout=INTEGER Seconds before plugin times out (default: 15) + -v, --verbose Show details for command-line debugging (can repeat up to 3 times) + +=head1 EXAMPLE + + check_rbl -t 30 -H matteocorti.ch -s zen.spamhaus.org -s bl.spamcop.net + +=head1 DIAGNOSTICS + +You can specify multiple --verbose options to increase the program +verbosity. --debug can be used to display the process and internals of +the querying mechanism. + +=head1 EXIT STATUS + +0 if OK, 1 in case of a warning, 2 in case of a critical status and 3 +in case of an unknown problem + +=head1 DEPENDENCIES + +check_updates depends on + +=over 4 + +=item * Data::Validate::Domain + +=item * Data::Validate::IP + +=item * Getopt::Long + +=item * IO::Select + +=item * Monitoring::Plugin + +=item * Monitoring::Plugin::Threshold + +=item * Net::DNS + +=item * Readonly + +=back + +=head1 CONFIGURATION + +=head1 INCOMPATIBILITIES + +None reported. + +=head1 SEE ALSO + +Nagios documentation + +=head1 BUGS AND LIMITATIONS + +No bugs have been reported. + +Please report any bugs or feature requests through the +web interface at https://github.com/matteocorti/check_rbl/issues + +=head1 AUTHOR + +Matteo Corti + +=head1 LICENSE AND COPYRIGHT + +Copyright (c) 2010, Elan Ruusamae + +Copyright (c) 2008-2017, Matteo Corti + +This module is free software; you can redistribute it and/or modify it +under the terms of GNU general public license (gpl) version 3. +See the LICENSE file for details. + +=head1 DISCLAIMER OF WARRANTY + +BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT +WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER +PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, +EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE +TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + +=head1 ACKNOWLEDGMENTS + +=encoding iso-8859-1 + +Elan Ruusamäe for the improved parallel support and several fixes + +Victor V Kudlak for parallel support + +Jan Kantert for whitelistings support diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl.spec nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl.spec --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/check_rbl.spec 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/check_rbl.spec 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,149 @@ +%define version 1.6.3 +%define release 0 +%define sourcename check_rbl +%define packagename nagios-plugins-check-rbl +%define nagiospluginsdir %{_libdir}/nagios/plugins + +# No binaries in this package +%define debug_package %{nil} + +Summary: check_rbl is a Nagios plugin to check if an SMTP server is blacklisted +Name: %{packagename} +Obsoletes: check_rbl +Version: %{version} +Release: %{release}%{?dist} +License: GPLv3+ +Packager: Matteo Corti +Group: Applications/System +BuildRoot: %{_tmppath}/%{packagename}-%{version}-%{release}-root-%(%{__id_u} -n) +URL: https://github.com/matteocorti/check_rbl +Source: https://github.com/matteocorti/check_rbl/releases/download/v%{version}/check_rbl-%{version}.tar.gz + +# Fedora build requirement (not needed for EPEL{4,5}) +BuildRequires: perl(ExtUtils::MakeMaker) + +Requires: nagios-plugins + +%description +check_rbl is a Nagios plugin to check if an SMTP server is blacklisted + +%prep +%setup -q -n %{sourcename}-%{version} + +%build +%{__perl} Makefile.PL INSTALLDIRS=vendor \ + INSTALLSCRIPT=%{nagiospluginsdir} \ + INSTALLVENDORSCRIPT=%{nagiospluginsdir} +make %{?_smp_mflags} + +%install +rm -rf %{buildroot} +make pure_install PERL_INSTALL_ROOT=%{buildroot} +find %{buildroot} -type f -name .packlist -exec rm -f {} \; +find %{buildroot} -type f -name "*.pod" -exec rm -f {} \; +find %{buildroot} -depth -type d -exec rmdir {} 2>/dev/null \; +%{_fixperms} %{buildroot}/* + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc AUTHORS Changes NEWS README.md TODO COPYING COPYRIGHT +%{nagiospluginsdir}/%{sourcename} +%{_mandir}/man1/%{sourcename}.1* + +%changelog +* Thu Dec 16 2021 Matteo Corti - 1.6.3-0 +- Update to 1.6.3 + +* Tue Jun 1 2021 Matteo Corti - 1.6.2-0 +- Update to 1.6.2 +w +* Thu May 27 2021 Matteo Corti - 1.6.1-0 +- Update to 1.6.1 + +* Thu May 27 2021 Matteo Corti - 1.6.0-0 +- Update to 1.6.0 + +* Sun Jan 3 2021 Matteo Corti - 1.5.7-0 +- Update to 1.5.7 + +* Mon Nov 30 2020 Matteo Corti - 1.5.6-0 +- Update to 1.5.6 + +* Tue May 26 2020 Matteo Corti - 1.5.4-0 +- Update to 1.5.4 + +* Tue Dec 24 2019 Matteo Corti - 1.5.3-0 +- Update to 1.5.3 + +* Tue Dec 03 2019 Matteo Corti - 1.5.2-0 +- Update to 1.5.2 + +* Mon Jun 03 2019 Matteo Corti - 1.5.0-0 +- Update to 1.5.0 + +* Sun Jun 02 2019 Matteo Corti - 1.4.5-0 +- Update to 1.4.5 + +* Thu Feb 28 2019 Matteo Corti - 1.4.4-0 +- Update to 1.4.4 + +* Wed May 30 2018 Matteo Corti - 1.4.3-0 +- Update to 1.4.3 + +* Sun May 27 2018 Matteo Corti - 1.4.2-0 +- Update to 1.4.2 + +* Mon Jul 17 2017 Matteo Corti - 1.4.1-0 +- Update to 1.4.1 + +* Tue Apr 18 2017 Matteo Corti - 1.4.0-0 +- Update to 1.4.0 + +* Wed Dec 30 2015 Matteo Corti - 1.3.8-0 +- Update to 1.3.8 + +* Sun Feb 1 2015 Matteo Corti - 1.3.7-0 +- Update to 1.3.7 (using Monitoring::Plugins) + +* Fri Dec 5 2014 Matteo Corti - 1.3.6-0 +- Updated to 1.3.6 (removed dependency on Data::Dumper) + +* Sat Sep 20 2014 Matteo Corti - 1.3.5-0 +- Updated to 1.3.5 + +* Fri Sep 19 2014 Matteo Corti - 1.3.4-0 +- Updated to 1.3.4 + +* Sat Aug 9 2014 Matteo Corti - 1.3.3-0 +- updated to 1.3.3 + +* Thu Jan 30 2014 Matteo Corti - 1.3.2-0 +- Dependencies and documentation update + +* Mon Jul 11 2011 Matteo Corti - 1.3.0-0 +- Updated to 1.3.0 (whitelistings support) + +* Tue Mar 22 2011 Matteo Corti - 1.2.2-0 +- Updated to 1.2.2 (bug fix) and renamed the package + +* Mon Jul 5 2010 Matteo Corti - 1.2.1-0 +- Updated to 1.2.1 (bug fix) + +* Thu Apr 8 2010 Matteo Corti - 1.2.0-0 +- Updated to 1.2.0 and improved the SPEC file + +* Tue Oct 27 2009 Matteo Corti - 1.1.0-0 +- Updated to 1.1.0 (parallel checks) + +* Thu Jan 22 2009 Matteo Corti - 1.0.2-0 +- --retry command line argument + +* Tue Jan 6 2009 Matteo Corti - 1.0.1-0 +- Execution time in the performance data + +* Mon Dec 29 2008 Matteo Corti - 1.0.0-0 +- Initial release + diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/COPYING nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/COPYING --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/COPYING 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/COPYING 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/COPYRIGHT nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/COPYRIGHT --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/COPYRIGHT 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/COPYRIGHT 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,28 @@ +Copyright (c) 2009-2021 Matteo Corti +Copyright (c) 2010 Elan Ruusamae +Copyright (c) 2009 ETH Zurich + +with the following individuals added to the list of Contributing Authors + + Victor V Kudlak + Jan Kantert + Nick Nicholas + Michael Orlitzky + Celevra https://github.com/celevra + Claudio Kuenzler + Oliver Rahner + Nikolas Obser + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 3 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/AutoInstall.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/AutoInstall.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/AutoInstall.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/AutoInstall.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,934 @@ +#line 1 +package Module::AutoInstall; + +use strict; +use Cwd (); +use File::Spec (); +use ExtUtils::MakeMaker (); + +use vars qw{$VERSION}; +BEGIN { + $VERSION = '1.19'; +} + +# special map on pre-defined feature sets +my %FeatureMap = ( + '' => 'Core Features', # XXX: deprecated + '-core' => 'Core Features', +); + +# various lexical flags +my ( @Missing, @Existing, %DisabledTests, $UnderCPAN, $InstallDepsTarget, $HasCPANPLUS ); +my ( + $Config, $CheckOnly, $SkipInstall, $AcceptDefault, $TestOnly, $AllDeps, + $UpgradeDeps +); +my ( $PostambleActions, $PostambleActionsNoTest, $PostambleActionsUpgradeDeps, + $PostambleActionsUpgradeDepsNoTest, $PostambleActionsListDeps, + $PostambleActionsListAllDeps, $PostambleUsed, $NoTest); + +# See if it's a testing or non-interactive session +_accept_default( $ENV{AUTOMATED_TESTING} or ! -t STDIN ); +_init(); + +sub _accept_default { + $AcceptDefault = shift; +} + +sub _installdeps_target { + $InstallDepsTarget = shift; +} + +sub missing_modules { + return @Missing; +} + +sub do_install { + __PACKAGE__->install( + [ + $Config + ? ( UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) + : () + ], + @Missing, + ); +} + +# initialize various flags, and/or perform install +sub _init { + foreach my $arg ( + @ARGV, + split( + /[\s\t]+/, + $ENV{PERL_AUTOINSTALL} || $ENV{PERL_EXTUTILS_AUTOINSTALL} || '' + ) + ) + { + if ( $arg =~ /^--config=(.*)$/ ) { + $Config = [ split( ',', $1 ) ]; + } + elsif ( $arg =~ /^--installdeps=(.*)$/ ) { + __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); + exit 0; + } + elsif ( $arg =~ /^--upgradedeps=(.*)$/ ) { + $UpgradeDeps = 1; + __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); + exit 0; + } + elsif ( $arg =~ /^--default(?:deps)?$/ ) { + $AcceptDefault = 1; + } + elsif ( $arg =~ /^--check(?:deps)?$/ ) { + $CheckOnly = 1; + } + elsif ( $arg =~ /^--skip(?:deps)?$/ ) { + $SkipInstall = 1; + } + elsif ( $arg =~ /^--test(?:only)?$/ ) { + $TestOnly = 1; + } + elsif ( $arg =~ /^--all(?:deps)?$/ ) { + $AllDeps = 1; + } + } +} + +# overrides MakeMaker's prompt() to automatically accept the default choice +sub _prompt { + goto &ExtUtils::MakeMaker::prompt unless $AcceptDefault; + + my ( $prompt, $default ) = @_; + my $y = ( $default =~ /^[Yy]/ ); + + print $prompt, ' [', ( $y ? 'Y' : 'y' ), '/', ( $y ? 'n' : 'N' ), '] '; + print "$default\n"; + return $default; +} + +# the workhorse +sub import { + my $class = shift; + my @args = @_ or return; + my $core_all; + + print "*** $class version " . $class->VERSION . "\n"; + print "*** Checking for Perl dependencies...\n"; + + my $cwd = Cwd::getcwd(); + + $Config = []; + + my $maxlen = length( + ( + sort { length($b) <=> length($a) } + grep { /^[^\-]/ } + map { + ref($_) + ? ( ( ref($_) eq 'HASH' ) ? keys(%$_) : @{$_} ) + : '' + } + map { +{@args}->{$_} } + grep { /^[^\-]/ or /^-core$/i } keys %{ +{@args} } + )[0] + ); + + # We want to know if we're under CPAN early to avoid prompting, but + # if we aren't going to try and install anything anyway then skip the + # check entirely since we don't want to have to load (and configure) + # an old CPAN just for a cosmetic message + + $UnderCPAN = _check_lock(1) unless $SkipInstall || $InstallDepsTarget; + + while ( my ( $feature, $modules ) = splice( @args, 0, 2 ) ) { + my ( @required, @tests, @skiptests ); + my $default = 1; + my $conflict = 0; + + if ( $feature =~ m/^-(\w+)$/ ) { + my $option = lc($1); + + # check for a newer version of myself + _update_to( $modules, @_ ) and return if $option eq 'version'; + + # sets CPAN configuration options + $Config = $modules if $option eq 'config'; + + # promote every features to core status + $core_all = ( $modules =~ /^all$/i ) and next + if $option eq 'core'; + + next unless $option eq 'core'; + } + + print "[" . ( $FeatureMap{ lc($feature) } || $feature ) . "]\n"; + + $modules = [ %{$modules} ] if UNIVERSAL::isa( $modules, 'HASH' ); + + unshift @$modules, -default => &{ shift(@$modules) } + if ( ref( $modules->[0] ) eq 'CODE' ); # XXX: bugward compatibility + + while ( my ( $mod, $arg ) = splice( @$modules, 0, 2 ) ) { + if ( $mod =~ m/^-(\w+)$/ ) { + my $option = lc($1); + + $default = $arg if ( $option eq 'default' ); + $conflict = $arg if ( $option eq 'conflict' ); + @tests = @{$arg} if ( $option eq 'tests' ); + @skiptests = @{$arg} if ( $option eq 'skiptests' ); + + next; + } + + printf( "- %-${maxlen}s ...", $mod ); + + if ( $arg and $arg =~ /^\D/ ) { + unshift @$modules, $arg; + $arg = 0; + } + + # XXX: check for conflicts and uninstalls(!) them. + my $cur = _version_of($mod); + if (_version_cmp ($cur, $arg) >= 0) + { + print "loaded. ($cur" . ( $arg ? " >= $arg" : '' ) . ")\n"; + push @Existing, $mod => $arg; + $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; + } + else { + if (not defined $cur) # indeed missing + { + print "missing." . ( $arg ? " (would need $arg)" : '' ) . "\n"; + } + else + { + # no need to check $arg as _version_cmp ($cur, undef) would satisfy >= above + print "too old. ($cur < $arg)\n"; + } + + push @required, $mod => $arg; + } + } + + next unless @required; + + my $mandatory = ( $feature eq '-core' or $core_all ); + + if ( + !$SkipInstall + and ( + $CheckOnly + or ($mandatory and $UnderCPAN) + or $AllDeps + or $InstallDepsTarget + or _prompt( + qq{==> Auto-install the } + . ( @required / 2 ) + . ( $mandatory ? ' mandatory' : ' optional' ) + . qq{ module(s) from CPAN?}, + $default ? 'y' : 'n', + ) =~ /^[Yy]/ + ) + ) + { + push( @Missing, @required ); + $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; + } + + elsif ( !$SkipInstall + and $default + and $mandatory + and + _prompt( qq{==> The module(s) are mandatory! Really skip?}, 'n', ) + =~ /^[Nn]/ ) + { + push( @Missing, @required ); + $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; + } + + else { + $DisabledTests{$_} = 1 for map { glob($_) } @tests; + } + } + + if ( @Missing and not( $CheckOnly or $UnderCPAN) ) { + require Config; + my $make = $Config::Config{make}; + if ($InstallDepsTarget) { + print +"*** To install dependencies type '$make installdeps' or '$make installdeps_notest'.\n"; + } + else { + print +"*** Dependencies will be installed the next time you type '$make'.\n"; + } + + # make an educated guess of whether we'll need root permission. + print " (You may need to do that as the 'root' user.)\n" + if eval '$>'; + } + print "*** $class configuration finished.\n"; + + chdir $cwd; + + # import to main:: + no strict 'refs'; + *{'main::WriteMakefile'} = \&Write if caller(0) eq 'main'; + + return (@Existing, @Missing); +} + +sub _running_under { + my $thing = shift; + print <<"END_MESSAGE"; +*** Since we're running under ${thing}, I'll just let it take care + of the dependency's installation later. +END_MESSAGE + return 1; +} + +# Check to see if we are currently running under CPAN.pm and/or CPANPLUS; +# if we are, then we simply let it taking care of our dependencies +sub _check_lock { + return unless @Missing or @_; + + if ($ENV{PERL5_CPANM_IS_RUNNING}) { + return _running_under('cpanminus'); + } + + my $cpan_env = $ENV{PERL5_CPAN_IS_RUNNING}; + + if ($ENV{PERL5_CPANPLUS_IS_RUNNING}) { + return _running_under($cpan_env ? 'CPAN' : 'CPANPLUS'); + } + + require CPAN; + + if ($CPAN::VERSION > '1.89') { + if ($cpan_env) { + return _running_under('CPAN'); + } + return; # CPAN.pm new enough, don't need to check further + } + + # last ditch attempt, this -will- configure CPAN, very sorry + + _load_cpan(1); # force initialize even though it's already loaded + + # Find the CPAN lock-file + my $lock = MM->catfile( $CPAN::Config->{cpan_home}, ".lock" ); + return unless -f $lock; + + # Check the lock + local *LOCK; + return unless open(LOCK, $lock); + + if ( + ( $^O eq 'MSWin32' ? _under_cpan() : == getppid() ) + and ( $CPAN::Config->{prerequisites_policy} || '' ) ne 'ignore' + ) { + print <<'END_MESSAGE'; + +*** Since we're running under CPAN, I'll just let it take care + of the dependency's installation later. +END_MESSAGE + return 1; + } + + close LOCK; + return; +} + +sub install { + my $class = shift; + + my $i; # used below to strip leading '-' from config keys + my @config = ( map { s/^-// if ++$i; $_ } @{ +shift } ); + + my ( @modules, @installed, @modules_to_upgrade ); + while (my ($pkg, $ver) = splice(@_, 0, 2)) { + + # grep out those already installed + if (_version_cmp(_version_of($pkg), $ver) >= 0) { + push @installed, $pkg; + if ($UpgradeDeps) { + push @modules_to_upgrade, $pkg, $ver; + } + } + else { + push @modules, $pkg, $ver; + } + } + + if ($UpgradeDeps) { + push @modules, @modules_to_upgrade; + @installed = (); + @modules_to_upgrade = (); + } + + return @installed unless @modules; # nothing to do + return @installed if _check_lock(); # defer to the CPAN shell + + print "*** Installing dependencies...\n"; + + return unless _connected_to('cpan.org'); + + my %args = @config; + my %failed; + local *FAILED; + if ( $args{do_once} and open( FAILED, '.#autoinstall.failed' ) ) { + while () { chomp; $failed{$_}++ } + close FAILED; + + my @newmod; + while ( my ( $k, $v ) = splice( @modules, 0, 2 ) ) { + push @newmod, ( $k => $v ) unless $failed{$k}; + } + @modules = @newmod; + } + + if ( _has_cpanplus() and not $ENV{PERL_AUTOINSTALL_PREFER_CPAN} ) { + _install_cpanplus( \@modules, \@config ); + } else { + _install_cpan( \@modules, \@config ); + } + + print "*** $class installation finished.\n"; + + # see if we have successfully installed them + while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { + if ( _version_cmp( _version_of($pkg), $ver ) >= 0 ) { + push @installed, $pkg; + } + elsif ( $args{do_once} and open( FAILED, '>> .#autoinstall.failed' ) ) { + print FAILED "$pkg\n"; + } + } + + close FAILED if $args{do_once}; + + return @installed; +} + +sub _install_cpanplus { + my @modules = @{ +shift }; + my @config = _cpanplus_config( @{ +shift } ); + my $installed = 0; + + require CPANPLUS::Backend; + my $cp = CPANPLUS::Backend->new; + my $conf = $cp->configure_object; + + return unless $conf->can('conf') # 0.05x+ with "sudo" support + or _can_write($conf->_get_build('base')); # 0.04x + + # if we're root, set UNINST=1 to avoid trouble unless user asked for it. + my $makeflags = $conf->get_conf('makeflags') || ''; + if ( UNIVERSAL::isa( $makeflags, 'HASH' ) ) { + # 0.03+ uses a hashref here + $makeflags->{UNINST} = 1 unless exists $makeflags->{UNINST}; + + } else { + # 0.02 and below uses a scalar + $makeflags = join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) + if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); + + } + $conf->set_conf( makeflags => $makeflags ); + $conf->set_conf( prereqs => 1 ); + + + + while ( my ( $key, $val ) = splice( @config, 0, 2 ) ) { + $conf->set_conf( $key, $val ); + } + + my $modtree = $cp->module_tree; + while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { + print "*** Installing $pkg...\n"; + + MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; + + my $success; + my $obj = $modtree->{$pkg}; + + if ( $obj and _version_cmp( $obj->{version}, $ver ) >= 0 ) { + my $pathname = $pkg; + $pathname =~ s/::/\\W/; + + foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { + delete $INC{$inc}; + } + + my $rv = $cp->install( modules => [ $obj->{module} ] ); + + if ( $rv and ( $rv->{ $obj->{module} } or $rv->{ok} ) ) { + print "*** $pkg successfully installed.\n"; + $success = 1; + } else { + print "*** $pkg installation cancelled.\n"; + $success = 0; + } + + $installed += $success; + } else { + print << "."; +*** Could not find a version $ver or above for $pkg; skipping. +. + } + + MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; + } + + return $installed; +} + +sub _cpanplus_config { + my @config = (); + while ( @_ ) { + my ($key, $value) = (shift(), shift()); + if ( $key eq 'prerequisites_policy' ) { + if ( $value eq 'follow' ) { + $value = CPANPLUS::Internals::Constants::PREREQ_INSTALL(); + } elsif ( $value eq 'ask' ) { + $value = CPANPLUS::Internals::Constants::PREREQ_ASK(); + } elsif ( $value eq 'ignore' ) { + $value = CPANPLUS::Internals::Constants::PREREQ_IGNORE(); + } else { + die "*** Cannot convert option $key = '$value' to CPANPLUS version.\n"; + } + push @config, 'prereqs', $value; + } elsif ( $key eq 'force' ) { + push @config, $key, $value; + } elsif ( $key eq 'notest' ) { + push @config, 'skiptest', $value; + } else { + die "*** Cannot convert option $key to CPANPLUS version.\n"; + } + } + return @config; +} + +sub _install_cpan { + my @modules = @{ +shift }; + my @config = @{ +shift }; + my $installed = 0; + my %args; + + _load_cpan(); + require Config; + + if (CPAN->VERSION < 1.80) { + # no "sudo" support, probe for writableness + return unless _can_write( MM->catfile( $CPAN::Config->{cpan_home}, 'sources' ) ) + and _can_write( $Config::Config{sitelib} ); + } + + # if we're root, set UNINST=1 to avoid trouble unless user asked for it. + my $makeflags = $CPAN::Config->{make_install_arg} || ''; + $CPAN::Config->{make_install_arg} = + join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) + if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); + + # don't show start-up info + $CPAN::Config->{inhibit_startup_message} = 1; + + # set additional options + while ( my ( $opt, $arg ) = splice( @config, 0, 2 ) ) { + ( $args{$opt} = $arg, next ) + if $opt =~ /^(?:force|notest)$/; # pseudo-option + $CPAN::Config->{$opt} = $opt eq 'urllist' ? [$arg] : $arg; + } + + if ($args{notest} && (not CPAN::Shell->can('notest'))) { + die "Your version of CPAN is too old to support the 'notest' pragma"; + } + + local $CPAN::Config->{prerequisites_policy} = 'follow'; + + while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { + MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; + + print "*** Installing $pkg...\n"; + + my $obj = CPAN::Shell->expand( Module => $pkg ); + my $success = 0; + + if ( $obj and _version_cmp( $obj->cpan_version, $ver ) >= 0 ) { + my $pathname = $pkg; + $pathname =~ s/::/\\W/; + + foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { + delete $INC{$inc}; + } + + my $rv = do { + if ($args{force}) { + CPAN::Shell->force( install => $pkg ) + } elsif ($args{notest}) { + CPAN::Shell->notest( install => $pkg ) + } else { + CPAN::Shell->install($pkg) + } + }; + + $rv ||= eval { + $CPAN::META->instance( 'CPAN::Distribution', $obj->cpan_file, ) + ->{install} + if $CPAN::META; + }; + + if ( $rv eq 'YES' ) { + print "*** $pkg successfully installed.\n"; + $success = 1; + } + else { + print "*** $pkg installation failed.\n"; + $success = 0; + } + + $installed += $success; + } + else { + print << "."; +*** Could not find a version $ver or above for $pkg; skipping. +. + } + + MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; + } + + return $installed; +} + +sub _has_cpanplus { + return ( + $HasCPANPLUS = ( + $INC{'CPANPLUS/Config.pm'} + or _load('CPANPLUS::Shell::Default') + ) + ); +} + +# make guesses on whether we're under the CPAN installation directory +sub _under_cpan { + require Cwd; + require File::Spec; + + my $cwd = File::Spec->canonpath( Cwd::getcwd() ); + my $cpan = File::Spec->canonpath( $CPAN::Config->{cpan_home} ); + + return ( index( $cwd, $cpan ) > -1 ); +} + +sub _update_to { + my $class = __PACKAGE__; + my $ver = shift; + + return + if _version_cmp( _version_of($class), $ver ) >= 0; # no need to upgrade + + if ( + _prompt( "==> A newer version of $class ($ver) is required. Install?", + 'y' ) =~ /^[Nn]/ + ) + { + die "*** Please install $class $ver manually.\n"; + } + + print << "."; +*** Trying to fetch it from CPAN... +. + + # install ourselves + _load($class) and return $class->import(@_) + if $class->install( [], $class, $ver ); + + print << '.'; exit 1; + +*** Cannot bootstrap myself. :-( Installation terminated. +. +} + +# check if we're connected to some host, using inet_aton +sub _connected_to { + my $site = shift; + + return ( + ( _load('Socket') and Socket::inet_aton($site) ) or _prompt( + qq( +*** Your host cannot resolve the domain name '$site', which + probably means the Internet connections are unavailable. +==> Should we try to install the required module(s) anyway?), 'n' + ) =~ /^[Yy]/ + ); +} + +# check if a directory is writable; may create it on demand +sub _can_write { + my $path = shift; + mkdir( $path, 0755 ) unless -e $path; + + return 1 if -w $path; + + print << "."; +*** You are not allowed to write to the directory '$path'; + the installation may fail due to insufficient permissions. +. + + if ( + eval '$>' and lc(`sudo -V`) =~ /version/ and _prompt( + qq( +==> Should we try to re-execute the autoinstall process with 'sudo'?), + ((-t STDIN) ? 'y' : 'n') + ) =~ /^[Yy]/ + ) + { + + # try to bootstrap ourselves from sudo + print << "."; +*** Trying to re-execute the autoinstall process with 'sudo'... +. + my $missing = join( ',', @Missing ); + my $config = join( ',', + UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) + if $Config; + + return + unless system( 'sudo', $^X, $0, "--config=$config", + "--installdeps=$missing" ); + + print << "."; +*** The 'sudo' command exited with error! Resuming... +. + } + + return _prompt( + qq( +==> Should we try to install the required module(s) anyway?), 'n' + ) =~ /^[Yy]/; +} + +# load a module and return the version it reports +sub _load { + my $mod = pop; # method/function doesn't matter + my $file = $mod; + $file =~ s|::|/|g; + $file .= '.pm'; + local $@; + return eval { require $file; $mod->VERSION } || ( $@ ? undef: 0 ); +} + +# report version without loading a module +sub _version_of { + my $mod = pop; # method/function doesn't matter + my $file = $mod; + $file =~ s|::|/|g; + $file .= '.pm'; + foreach my $dir ( @INC ) { + next if ref $dir; + my $path = File::Spec->catfile($dir, $file); + next unless -e $path; + require ExtUtils::MM_Unix; + return ExtUtils::MM_Unix->parse_version($path); + } + return undef; +} + +# Load CPAN.pm and it's configuration +sub _load_cpan { + return if $CPAN::VERSION and $CPAN::Config and not @_; + require CPAN; + + # CPAN-1.82+ adds CPAN::Config::AUTOLOAD to redirect to + # CPAN::HandleConfig->load. CPAN reports that the redirection + # is deprecated in a warning printed at the user. + + # CPAN-1.81 expects CPAN::HandleConfig->load, does not have + # $CPAN::HandleConfig::VERSION but cannot handle + # CPAN::Config->load + + # Which "versions expect CPAN::Config->load? + + if ( $CPAN::HandleConfig::VERSION + || CPAN::HandleConfig->can('load') + ) { + # Newer versions of CPAN have a HandleConfig module + CPAN::HandleConfig->load; + } else { + # Older versions had the load method in Config directly + CPAN::Config->load; + } +} + +# compare two versions, either use Sort::Versions or plain comparison +# return values same as <=> +sub _version_cmp { + my ( $cur, $min ) = @_; + return -1 unless defined $cur; # if 0 keep comparing + return 1 unless $min; + + $cur =~ s/\s+$//; + + # check for version numbers that are not in decimal format + if ( ref($cur) or ref($min) or $cur =~ /v|\..*\./ or $min =~ /v|\..*\./ ) { + if ( ( $version::VERSION or defined( _load('version') )) and + version->can('new') + ) { + + # use version.pm if it is installed. + return version->new($cur) <=> version->new($min); + } + elsif ( $Sort::Versions::VERSION or defined( _load('Sort::Versions') ) ) + { + + # use Sort::Versions as the sorting algorithm for a.b.c versions + return Sort::Versions::versioncmp( $cur, $min ); + } + + warn "Cannot reliably compare non-decimal formatted versions.\n" + . "Please install version.pm or Sort::Versions.\n"; + } + + # plain comparison + local $^W = 0; # shuts off 'not numeric' bugs + return $cur <=> $min; +} + +# nothing; this usage is deprecated. +sub main::PREREQ_PM { return {}; } + +sub _make_args { + my %args = @_; + + $args{PREREQ_PM} = { %{ $args{PREREQ_PM} || {} }, @Existing, @Missing } + if $UnderCPAN or $TestOnly; + + if ( $args{EXE_FILES} and -e 'MANIFEST' ) { + require ExtUtils::Manifest; + my $manifest = ExtUtils::Manifest::maniread('MANIFEST'); + + $args{EXE_FILES} = + [ grep { exists $manifest->{$_} } @{ $args{EXE_FILES} } ]; + } + + $args{test}{TESTS} ||= 't/*.t'; + $args{test}{TESTS} = join( ' ', + grep { !exists( $DisabledTests{$_} ) } + map { glob($_) } split( /\s+/, $args{test}{TESTS} ) ); + + my $missing = join( ',', @Missing ); + my $config = + join( ',', UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) + if $Config; + + $PostambleActions = ( + ($missing and not $UnderCPAN) + ? "\$(PERL) $0 --config=$config --installdeps=$missing" + : "\$(NOECHO) \$(NOOP)" + ); + + my $deps_list = join( ',', @Missing, @Existing ); + + $PostambleActionsUpgradeDeps = + "\$(PERL) $0 --config=$config --upgradedeps=$deps_list"; + + my $config_notest = + join( ',', (UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config}), + 'notest', 1 ) + if $Config; + + $PostambleActionsNoTest = ( + ($missing and not $UnderCPAN) + ? "\$(PERL) $0 --config=$config_notest --installdeps=$missing" + : "\$(NOECHO) \$(NOOP)" + ); + + $PostambleActionsUpgradeDepsNoTest = + "\$(PERL) $0 --config=$config_notest --upgradedeps=$deps_list"; + + $PostambleActionsListDeps = + '@$(PERL) -le "print for @ARGV" ' + . join(' ', map $Missing[$_], grep $_ % 2 == 0, 0..$#Missing); + + my @all = (@Missing, @Existing); + + $PostambleActionsListAllDeps = + '@$(PERL) -le "print for @ARGV" ' + . join(' ', map $all[$_], grep $_ % 2 == 0, 0..$#all); + + return %args; +} + +# a wrapper to ExtUtils::MakeMaker::WriteMakefile +sub Write { + require Carp; + Carp::croak "WriteMakefile: Need even number of args" if @_ % 2; + + if ($CheckOnly) { + print << "."; +*** Makefile not written in check-only mode. +. + return; + } + + my %args = _make_args(@_); + + no strict 'refs'; + + $PostambleUsed = 0; + local *MY::postamble = \&postamble unless defined &MY::postamble; + ExtUtils::MakeMaker::WriteMakefile(%args); + + print << "." unless $PostambleUsed; +*** WARNING: Makefile written with customized MY::postamble() without + including contents from Module::AutoInstall::postamble() -- + auto installation features disabled. Please contact the author. +. + + return 1; +} + +sub postamble { + $PostambleUsed = 1; + my $fragment; + + $fragment .= <<"AUTO_INSTALL" if !$InstallDepsTarget; + +config :: installdeps +\t\$(NOECHO) \$(NOOP) +AUTO_INSTALL + + $fragment .= <<"END_MAKE"; + +checkdeps :: +\t\$(PERL) $0 --checkdeps + +installdeps :: +\t$PostambleActions + +installdeps_notest :: +\t$PostambleActionsNoTest + +upgradedeps :: +\t$PostambleActionsUpgradeDeps + +upgradedeps_notest :: +\t$PostambleActionsUpgradeDepsNoTest + +listdeps :: +\t$PostambleActionsListDeps + +listalldeps :: +\t$PostambleActionsListAllDeps + +END_MAKE + + return $fragment; +} + +1; + +__END__ + +#line 1197 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/AutoInstall.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/AutoInstall.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/AutoInstall.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/AutoInstall.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,93 @@ +#line 1 +package Module::Install::AutoInstall; + +use strict; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub AutoInstall { $_[0] } + +sub run { + my $self = shift; + $self->auto_install_now(@_); +} + +sub write { + my $self = shift; + $self->auto_install(@_); +} + +sub auto_install { + my $self = shift; + return if $self->{done}++; + + # Flatten array of arrays into a single array + my @core = map @$_, map @$_, grep ref, + $self->build_requires, $self->requires; + + my @config = @_; + + # We'll need Module::AutoInstall + $self->include('Module::AutoInstall'); + require Module::AutoInstall; + + my @features_require = Module::AutoInstall->import( + (@config ? (-config => \@config) : ()), + (@core ? (-core => \@core) : ()), + $self->features, + ); + + my %seen; + my @requires = map @$_, map @$_, grep ref, $self->requires; + while (my ($mod, $ver) = splice(@requires, 0, 2)) { + $seen{$mod}{$ver}++; + } + my @build_requires = map @$_, map @$_, grep ref, $self->build_requires; + while (my ($mod, $ver) = splice(@build_requires, 0, 2)) { + $seen{$mod}{$ver}++; + } + my @configure_requires = map @$_, map @$_, grep ref, $self->configure_requires; + while (my ($mod, $ver) = splice(@configure_requires, 0, 2)) { + $seen{$mod}{$ver}++; + } + + my @deduped; + while (my ($mod, $ver) = splice(@features_require, 0, 2)) { + push @deduped, $mod => $ver unless $seen{$mod}{$ver}++; + } + + $self->requires(@deduped); + + $self->makemaker_args( Module::AutoInstall::_make_args() ); + + my $class = ref($self); + $self->postamble( + "# --- $class section:\n" . + Module::AutoInstall::postamble() + ); +} + +sub installdeps_target { + my ($self, @args) = @_; + + $self->include('Module::AutoInstall'); + require Module::AutoInstall; + + Module::AutoInstall::_installdeps_target(1); + + $self->auto_install(@args); +} + +sub auto_install_now { + my $self = shift; + $self->auto_install(@_); + Module::AutoInstall::do_install(); +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Base.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Base.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Base.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Base.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,83 @@ +#line 1 +package Module::Install::Base; + +use strict 'vars'; +use vars qw{$VERSION}; +BEGIN { + $VERSION = '1.19'; +} + +# Suspend handler for "redefined" warnings +BEGIN { + my $w = $SIG{__WARN__}; + $SIG{__WARN__} = sub { $w }; +} + +#line 42 + +sub new { + my $class = shift; + unless ( defined &{"${class}::call"} ) { + *{"${class}::call"} = sub { shift->_top->call(@_) }; + } + unless ( defined &{"${class}::load"} ) { + *{"${class}::load"} = sub { shift->_top->load(@_) }; + } + bless { @_ }, $class; +} + +#line 61 + +sub AUTOLOAD { + local $@; + my $func = eval { shift->_top->autoload } or return; + goto &$func; +} + +#line 75 + +sub _top { + $_[0]->{_top}; +} + +#line 90 + +sub admin { + $_[0]->_top->{admin} + or + Module::Install::Base::FakeAdmin->new; +} + +#line 106 + +sub is_admin { + ! $_[0]->admin->isa('Module::Install::Base::FakeAdmin'); +} + +sub DESTROY {} + +package Module::Install::Base::FakeAdmin; + +use vars qw{$VERSION}; +BEGIN { + $VERSION = $Module::Install::Base::VERSION; +} + +my $fake; + +sub new { + $fake ||= bless(\@_, $_[0]); +} + +sub AUTOLOAD {} + +sub DESTROY {} + +# Restore warning handler +BEGIN { + $SIG{__WARN__} = $SIG{__WARN__}->(); +} + +1; + +#line 159 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Include.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Include.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Include.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Include.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,34 @@ +#line 1 +package Module::Install::Include; + +use strict; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub include { + shift()->admin->include(@_); +} + +sub include_deps { + shift()->admin->include_deps(@_); +} + +sub auto_include { + shift()->admin->auto_include(@_); +} + +sub auto_include_deps { + shift()->admin->auto_include_deps(@_); +} + +sub auto_include_dependent_dists { + shift()->admin->auto_include_dependent_dists(@_); +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Makefile.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Makefile.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Makefile.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Makefile.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,418 @@ +#line 1 +package Module::Install::Makefile; + +use strict 'vars'; +use ExtUtils::MakeMaker (); +use Module::Install::Base (); +use Fcntl qw/:flock :seek/; + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub Makefile { $_[0] } + +my %seen = (); + +sub prompt { + shift; + + # Infinite loop protection + my @c = caller(); + if ( ++$seen{"$c[1]|$c[2]|$_[0]"} > 3 ) { + die "Caught an potential prompt infinite loop ($c[1]|$c[2]|$_[0])"; + } + + # In automated testing or non-interactive session, always use defaults + if ( ($ENV{AUTOMATED_TESTING} or -! -t STDIN) and ! $ENV{PERL_MM_USE_DEFAULT} ) { + local $ENV{PERL_MM_USE_DEFAULT} = 1; + goto &ExtUtils::MakeMaker::prompt; + } else { + goto &ExtUtils::MakeMaker::prompt; + } +} + +# Store a cleaned up version of the MakeMaker version, +# since we need to behave differently in a variety of +# ways based on the MM version. +my $makemaker = eval $ExtUtils::MakeMaker::VERSION; + +# If we are passed a param, do a "newer than" comparison. +# Otherwise, just return the MakeMaker version. +sub makemaker { + ( @_ < 2 or $makemaker >= eval($_[1]) ) ? $makemaker : 0 +} + +# Ripped from ExtUtils::MakeMaker 6.56, and slightly modified +# as we only need to know here whether the attribute is an array +# or a hash or something else (which may or may not be appendable). +my %makemaker_argtype = ( + C => 'ARRAY', + CONFIG => 'ARRAY', +# CONFIGURE => 'CODE', # ignore + DIR => 'ARRAY', + DL_FUNCS => 'HASH', + DL_VARS => 'ARRAY', + EXCLUDE_EXT => 'ARRAY', + EXE_FILES => 'ARRAY', + FUNCLIST => 'ARRAY', + H => 'ARRAY', + IMPORTS => 'HASH', + INCLUDE_EXT => 'ARRAY', + LIBS => 'ARRAY', # ignore '' + MAN1PODS => 'HASH', + MAN3PODS => 'HASH', + META_ADD => 'HASH', + META_MERGE => 'HASH', + PL_FILES => 'HASH', + PM => 'HASH', + PMLIBDIRS => 'ARRAY', + PMLIBPARENTDIRS => 'ARRAY', + PREREQ_PM => 'HASH', + CONFIGURE_REQUIRES => 'HASH', + SKIP => 'ARRAY', + TYPEMAPS => 'ARRAY', + XS => 'HASH', +# VERSION => ['version',''], # ignore +# _KEEP_AFTER_FLUSH => '', + + clean => 'HASH', + depend => 'HASH', + dist => 'HASH', + dynamic_lib=> 'HASH', + linkext => 'HASH', + macro => 'HASH', + postamble => 'HASH', + realclean => 'HASH', + test => 'HASH', + tool_autosplit => 'HASH', + + # special cases where you can use makemaker_append + CCFLAGS => 'APPENDABLE', + DEFINE => 'APPENDABLE', + INC => 'APPENDABLE', + LDDLFLAGS => 'APPENDABLE', + LDFROM => 'APPENDABLE', +); + +sub makemaker_args { + my ($self, %new_args) = @_; + my $args = ( $self->{makemaker_args} ||= {} ); + foreach my $key (keys %new_args) { + if ($makemaker_argtype{$key}) { + if ($makemaker_argtype{$key} eq 'ARRAY') { + $args->{$key} = [] unless defined $args->{$key}; + unless (ref $args->{$key} eq 'ARRAY') { + $args->{$key} = [$args->{$key}] + } + push @{$args->{$key}}, + ref $new_args{$key} eq 'ARRAY' + ? @{$new_args{$key}} + : $new_args{$key}; + } + elsif ($makemaker_argtype{$key} eq 'HASH') { + $args->{$key} = {} unless defined $args->{$key}; + foreach my $skey (keys %{ $new_args{$key} }) { + $args->{$key}{$skey} = $new_args{$key}{$skey}; + } + } + elsif ($makemaker_argtype{$key} eq 'APPENDABLE') { + $self->makemaker_append($key => $new_args{$key}); + } + } + else { + if (defined $args->{$key}) { + warn qq{MakeMaker attribute "$key" is overriden; use "makemaker_append" to append values\n}; + } + $args->{$key} = $new_args{$key}; + } + } + return $args; +} + +# For mm args that take multiple space-separated args, +# append an argument to the current list. +sub makemaker_append { + my $self = shift; + my $name = shift; + my $args = $self->makemaker_args; + $args->{$name} = defined $args->{$name} + ? join( ' ', $args->{$name}, @_ ) + : join( ' ', @_ ); +} + +sub build_subdirs { + my $self = shift; + my $subdirs = $self->makemaker_args->{DIR} ||= []; + for my $subdir (@_) { + push @$subdirs, $subdir; + } +} + +sub clean_files { + my $self = shift; + my $clean = $self->makemaker_args->{clean} ||= {}; + %$clean = ( + %$clean, + FILES => join ' ', grep { length $_ } ($clean->{FILES} || (), @_), + ); +} + +sub realclean_files { + my $self = shift; + my $realclean = $self->makemaker_args->{realclean} ||= {}; + %$realclean = ( + %$realclean, + FILES => join ' ', grep { length $_ } ($realclean->{FILES} || (), @_), + ); +} + +sub libs { + my $self = shift; + my $libs = ref $_[0] ? shift : [ shift ]; + $self->makemaker_args( LIBS => $libs ); +} + +sub inc { + my $self = shift; + $self->makemaker_args( INC => shift ); +} + +sub _wanted_t { +} + +sub tests_recursive { + my $self = shift; + my $dir = shift || 't'; + unless ( -d $dir ) { + die "tests_recursive dir '$dir' does not exist"; + } + my %tests = map { $_ => 1 } split / /, ($self->tests || ''); + require File::Find; + File::Find::find( + sub { /\.t$/ and -f $_ and $tests{"$File::Find::dir/*.t"} = 1 }, + $dir + ); + $self->tests( join ' ', sort keys %tests ); +} + +sub write { + my $self = shift; + die "&Makefile->write() takes no arguments\n" if @_; + + # Check the current Perl version + my $perl_version = $self->perl_version; + if ( $perl_version ) { + eval "use $perl_version; 1" + or die "ERROR: perl: Version $] is installed, " + . "but we need version >= $perl_version"; + } + + # Make sure we have a new enough MakeMaker + require ExtUtils::MakeMaker; + + if ( $perl_version and $self->_cmp($perl_version, '5.006') >= 0 ) { + # This previous attempted to inherit the version of + # ExtUtils::MakeMaker in use by the module author, but this + # was found to be untenable as some authors build releases + # using future dev versions of EU:MM that nobody else has. + # Instead, #toolchain suggests we use 6.59 which is the most + # stable version on CPAN at time of writing and is, to quote + # ribasushi, "not terminally fucked, > and tested enough". + # TODO: We will now need to maintain this over time to push + # the version up as new versions are released. + $self->build_requires( 'ExtUtils::MakeMaker' => 6.59 ); + $self->configure_requires( 'ExtUtils::MakeMaker' => 6.59 ); + } else { + # Allow legacy-compatibility with 5.005 by depending on the + # most recent EU:MM that supported 5.005. + $self->build_requires( 'ExtUtils::MakeMaker' => 6.36 ); + $self->configure_requires( 'ExtUtils::MakeMaker' => 6.36 ); + } + + # Generate the MakeMaker params + my $args = $self->makemaker_args; + $args->{DISTNAME} = $self->name; + $args->{NAME} = $self->module_name || $self->name; + $args->{NAME} =~ s/-/::/g; + $args->{VERSION} = $self->version or die <<'EOT'; +ERROR: Can't determine distribution version. Please specify it +explicitly via 'version' in Makefile.PL, or set a valid $VERSION +in a module, and provide its file path via 'version_from' (or +'all_from' if you prefer) in Makefile.PL. +EOT + + if ( $self->tests ) { + my @tests = split ' ', $self->tests; + my %seen; + $args->{test} = { + TESTS => (join ' ', grep {!$seen{$_}++} @tests), + }; + } elsif ( $Module::Install::ExtraTests::use_extratests ) { + # Module::Install::ExtraTests doesn't set $self->tests and does its own tests via harness. + # So, just ignore our xt tests here. + } elsif ( -d 'xt' and ($Module::Install::AUTHOR or $ENV{RELEASE_TESTING}) ) { + $args->{test} = { + TESTS => join( ' ', map { "$_/*.t" } grep { -d $_ } qw{ t xt } ), + }; + } + if ( $] >= 5.005 ) { + $args->{ABSTRACT} = $self->abstract; + $args->{AUTHOR} = join ', ', @{$self->author || []}; + } + if ( $self->makemaker(6.10) ) { + $args->{NO_META} = 1; + #$args->{NO_MYMETA} = 1; + } + if ( $self->makemaker(6.17) and $self->sign ) { + $args->{SIGN} = 1; + } + unless ( $self->is_admin ) { + delete $args->{SIGN}; + } + if ( $self->makemaker(6.31) and $self->license ) { + $args->{LICENSE} = $self->license; + } + + my $prereq = ($args->{PREREQ_PM} ||= {}); + %$prereq = ( %$prereq, + map { @$_ } # flatten [module => version] + map { @$_ } + grep $_, + ($self->requires) + ); + + # Remove any reference to perl, PREREQ_PM doesn't support it + delete $args->{PREREQ_PM}->{perl}; + + # Merge both kinds of requires into BUILD_REQUIRES + my $build_prereq = ($args->{BUILD_REQUIRES} ||= {}); + %$build_prereq = ( %$build_prereq, + map { @$_ } # flatten [module => version] + map { @$_ } + grep $_, + ($self->configure_requires, $self->build_requires) + ); + + # Remove any reference to perl, BUILD_REQUIRES doesn't support it + delete $args->{BUILD_REQUIRES}->{perl}; + + # Delete bundled dists from prereq_pm, add it to Makefile DIR + my $subdirs = ($args->{DIR} || []); + if ($self->bundles) { + my %processed; + foreach my $bundle (@{ $self->bundles }) { + my ($mod_name, $dist_dir) = @$bundle; + delete $prereq->{$mod_name}; + $dist_dir = File::Basename::basename($dist_dir); # dir for building this module + if (not exists $processed{$dist_dir}) { + if (-d $dist_dir) { + # List as sub-directory to be processed by make + push @$subdirs, $dist_dir; + } + # Else do nothing: the module is already present on the system + $processed{$dist_dir} = undef; + } + } + } + + unless ( $self->makemaker('6.55_03') ) { + %$prereq = (%$prereq,%$build_prereq); + delete $args->{BUILD_REQUIRES}; + } + + if ( my $perl_version = $self->perl_version ) { + eval "use $perl_version; 1" + or die "ERROR: perl: Version $] is installed, " + . "but we need version >= $perl_version"; + + if ( $self->makemaker(6.48) ) { + $args->{MIN_PERL_VERSION} = $perl_version; + } + } + + if ($self->installdirs) { + warn qq{old INSTALLDIRS (probably set by makemaker_args) is overriden by installdirs\n} if $args->{INSTALLDIRS}; + $args->{INSTALLDIRS} = $self->installdirs; + } + + my %args = map { + ( $_ => $args->{$_} ) } grep {defined($args->{$_} ) + } keys %$args; + + my $user_preop = delete $args{dist}->{PREOP}; + if ( my $preop = $self->admin->preop($user_preop) ) { + foreach my $key ( keys %$preop ) { + $args{dist}->{$key} = $preop->{$key}; + } + } + + my $mm = ExtUtils::MakeMaker::WriteMakefile(%args); + $self->fix_up_makefile($mm->{FIRST_MAKEFILE} || 'Makefile'); +} + +sub fix_up_makefile { + my $self = shift; + my $makefile_name = shift; + my $top_class = ref($self->_top) || ''; + my $top_version = $self->_top->VERSION || ''; + + my $preamble = $self->preamble + ? "# Preamble by $top_class $top_version\n" + . $self->preamble + : ''; + my $postamble = "# Postamble by $top_class $top_version\n" + . ($self->postamble || ''); + + local *MAKEFILE; + open MAKEFILE, "+< $makefile_name" or die "fix_up_makefile: Couldn't open $makefile_name: $!"; + eval { flock MAKEFILE, LOCK_EX }; + my $makefile = do { local $/; }; + + $makefile =~ s/\b(test_harness\(\$\(TEST_VERBOSE\), )/$1'inc', /; + $makefile =~ s/( -I\$\(INST_ARCHLIB\))/ -Iinc$1/g; + $makefile =~ s/( "-I\$\(INST_LIB\)")/ "-Iinc"$1/g; + $makefile =~ s/^(FULLPERL = .*)/$1 "-Iinc"/m; + $makefile =~ s/^(PERL = .*)/$1 "-Iinc"/m; + + # Module::Install will never be used to build the Core Perl + # Sometimes PERL_LIB and PERL_ARCHLIB get written anyway, which breaks + # PREFIX/PERL5LIB, and thus, install_share. Blank them if they exist + $makefile =~ s/^PERL_LIB = .+/PERL_LIB =/m; + #$makefile =~ s/^PERL_ARCHLIB = .+/PERL_ARCHLIB =/m; + + # Perl 5.005 mentions PERL_LIB explicitly, so we have to remove that as well. + $makefile =~ s/(\"?)-I\$\(PERL_LIB\)\1//g; + + # XXX - This is currently unused; not sure if it breaks other MM-users + # $makefile =~ s/^pm_to_blib\s+:\s+/pm_to_blib :: /mg; + + seek MAKEFILE, 0, SEEK_SET; + truncate MAKEFILE, 0; + print MAKEFILE "$preamble$makefile$postamble" or die $!; + close MAKEFILE or die $!; + + 1; +} + +sub preamble { + my ($self, $text) = @_; + $self->{preamble} = $text . $self->{preamble} if defined $text; + $self->{preamble}; +} + +sub postamble { + my ($self, $text) = @_; + $self->{postamble} ||= $self->admin->postamble; + $self->{postamble} .= $text if defined $text; + $self->{postamble} +} + +1; + +__END__ + +#line 544 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/MakeMaker.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/MakeMaker.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/MakeMaker.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/MakeMaker.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,56 @@ +#line 1 +package Module::Install::MakeMaker; + +use strict; +use ExtUtils::MakeMaker (); +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +my $makefile = undef; + +sub WriteMakefile { + my ($self, %args) = @_; + $makefile = $self->load('Makefile'); + + # mapping between MakeMaker and META.yml keys + $args{MODULE_NAME} = $args{NAME}; + unless ( $args{NAME} = $args{DISTNAME} or ! $args{MODULE_NAME} ) { + $args{NAME} = $args{MODULE_NAME}; + $args{NAME} =~ s/::/-/g; + } + + foreach my $key ( qw{name module_name version version_from abstract author installdirs} ) { + my $value = delete($args{uc($key)}) or next; + $self->$key($value); + } + + if (my $prereq = delete($args{PREREQ_PM})) { + while (my($k,$v) = each %$prereq) { + $self->requires($k,$v); + } + } + + if (my $prereq = delete($args{BUILD_REQUIRES})) { + while (my($k,$v) = each %$prereq) { + $self->build_requires($k,$v); + } + } + + # put the remaining args to makemaker_args + $self->makemaker_args(%args); +} + +END { + if ( $makefile ) { + $makefile->write; + $makefile->Meta->write; + } +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Metadata.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Metadata.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Metadata.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Metadata.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,722 @@ +#line 1 +package Module::Install::Metadata; + +use strict 'vars'; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +my @boolean_keys = qw{ + sign +}; + +my @scalar_keys = qw{ + name + module_name + abstract + version + distribution_type + tests + installdirs +}; + +my @tuple_keys = qw{ + configure_requires + build_requires + requires + recommends + bundles + resources +}; + +my @resource_keys = qw{ + homepage + bugtracker + repository +}; + +my @array_keys = qw{ + keywords + author +}; + +*authors = \&author; + +sub Meta { shift } +sub Meta_BooleanKeys { @boolean_keys } +sub Meta_ScalarKeys { @scalar_keys } +sub Meta_TupleKeys { @tuple_keys } +sub Meta_ResourceKeys { @resource_keys } +sub Meta_ArrayKeys { @array_keys } + +foreach my $key ( @boolean_keys ) { + *$key = sub { + my $self = shift; + if ( defined wantarray and not @_ ) { + return $self->{values}->{$key}; + } + $self->{values}->{$key} = ( @_ ? $_[0] : 1 ); + return $self; + }; +} + +foreach my $key ( @scalar_keys ) { + *$key = sub { + my $self = shift; + return $self->{values}->{$key} if defined wantarray and !@_; + $self->{values}->{$key} = shift; + return $self; + }; +} + +foreach my $key ( @array_keys ) { + *$key = sub { + my $self = shift; + return $self->{values}->{$key} if defined wantarray and !@_; + $self->{values}->{$key} ||= []; + push @{$self->{values}->{$key}}, @_; + return $self; + }; +} + +foreach my $key ( @resource_keys ) { + *$key = sub { + my $self = shift; + unless ( @_ ) { + return () unless $self->{values}->{resources}; + return map { $_->[1] } + grep { $_->[0] eq $key } + @{ $self->{values}->{resources} }; + } + return $self->{values}->{resources}->{$key} unless @_; + my $uri = shift or die( + "Did not provide a value to $key()" + ); + $self->resources( $key => $uri ); + return 1; + }; +} + +foreach my $key ( grep { $_ ne "resources" } @tuple_keys) { + *$key = sub { + my $self = shift; + return $self->{values}->{$key} unless @_; + my @added; + while ( @_ ) { + my $module = shift or last; + my $version = shift || 0; + push @added, [ $module, $version ]; + } + push @{ $self->{values}->{$key} }, @added; + return map {@$_} @added; + }; +} + +# Resource handling +my %lc_resource = map { $_ => 1 } qw{ + homepage + license + bugtracker + repository +}; + +sub resources { + my $self = shift; + while ( @_ ) { + my $name = shift or last; + my $value = shift or next; + if ( $name eq lc $name and ! $lc_resource{$name} ) { + die("Unsupported reserved lowercase resource '$name'"); + } + $self->{values}->{resources} ||= []; + push @{ $self->{values}->{resources} }, [ $name, $value ]; + } + $self->{values}->{resources}; +} + +# Aliases for build_requires that will have alternative +# meanings in some future version of META.yml. +sub test_requires { shift->build_requires(@_) } +sub install_requires { shift->build_requires(@_) } + +# Aliases for installdirs options +sub install_as_core { $_[0]->installdirs('perl') } +sub install_as_cpan { $_[0]->installdirs('site') } +sub install_as_site { $_[0]->installdirs('site') } +sub install_as_vendor { $_[0]->installdirs('vendor') } + +sub dynamic_config { + my $self = shift; + my $value = @_ ? shift : 1; + if ( $self->{values}->{dynamic_config} ) { + # Once dynamic we never change to static, for safety + return 0; + } + $self->{values}->{dynamic_config} = $value ? 1 : 0; + return 1; +} + +# Convenience command +sub static_config { + shift->dynamic_config(0); +} + +sub perl_version { + my $self = shift; + return $self->{values}->{perl_version} unless @_; + my $version = shift or die( + "Did not provide a value to perl_version()" + ); + + # Normalize the version + $version = $self->_perl_version($version); + + # We don't support the really old versions + unless ( $version >= 5.005 ) { + die "Module::Install only supports 5.005 or newer (use ExtUtils::MakeMaker)\n"; + } + + $self->{values}->{perl_version} = $version; +} + +sub all_from { + my ( $self, $file ) = @_; + + unless ( defined($file) ) { + my $name = $self->name or die( + "all_from called with no args without setting name() first" + ); + $file = join('/', 'lib', split(/-/, $name)) . '.pm'; + $file =~ s{.*/}{} unless -e $file; + unless ( -e $file ) { + die("all_from cannot find $file from $name"); + } + } + unless ( -f $file ) { + die("The path '$file' does not exist, or is not a file"); + } + + $self->{values}{all_from} = $file; + + # Some methods pull from POD instead of code. + # If there is a matching .pod, use that instead + my $pod = $file; + $pod =~ s/\.pm$/.pod/i; + $pod = $file unless -e $pod; + + # Pull the different values + $self->name_from($file) unless $self->name; + $self->version_from($file) unless $self->version; + $self->perl_version_from($file) unless $self->perl_version; + $self->author_from($pod) unless @{$self->author || []}; + $self->license_from($pod) unless $self->license; + $self->abstract_from($pod) unless $self->abstract; + + return 1; +} + +sub provides { + my $self = shift; + my $provides = ( $self->{values}->{provides} ||= {} ); + %$provides = (%$provides, @_) if @_; + return $provides; +} + +sub auto_provides { + my $self = shift; + return $self unless $self->is_admin; + unless (-e 'MANIFEST') { + warn "Cannot deduce auto_provides without a MANIFEST, skipping\n"; + return $self; + } + # Avoid spurious warnings as we are not checking manifest here. + local $SIG{__WARN__} = sub {1}; + require ExtUtils::Manifest; + local *ExtUtils::Manifest::manicheck = sub { return }; + + require Module::Build; + my $build = Module::Build->new( + dist_name => $self->name, + dist_version => $self->version, + license => $self->license, + ); + $self->provides( %{ $build->find_dist_packages || {} } ); +} + +sub feature { + my $self = shift; + my $name = shift; + my $features = ( $self->{values}->{features} ||= [] ); + my $mods; + + if ( @_ == 1 and ref( $_[0] ) ) { + # The user used ->feature like ->features by passing in the second + # argument as a reference. Accomodate for that. + $mods = $_[0]; + } else { + $mods = \@_; + } + + my $count = 0; + push @$features, ( + $name => [ + map { + ref($_) ? ( ref($_) eq 'HASH' ) ? %$_ : @$_ : $_ + } @$mods + ] + ); + + return @$features; +} + +sub features { + my $self = shift; + while ( my ( $name, $mods ) = splice( @_, 0, 2 ) ) { + $self->feature( $name, @$mods ); + } + return $self->{values}->{features} + ? @{ $self->{values}->{features} } + : (); +} + +sub no_index { + my $self = shift; + my $type = shift; + push @{ $self->{values}->{no_index}->{$type} }, @_ if $type; + return $self->{values}->{no_index}; +} + +sub read { + my $self = shift; + $self->include_deps( 'YAML::Tiny', 0 ); + + require YAML::Tiny; + my $data = YAML::Tiny::LoadFile('META.yml'); + + # Call methods explicitly in case user has already set some values. + while ( my ( $key, $value ) = each %$data ) { + next unless $self->can($key); + if ( ref $value eq 'HASH' ) { + while ( my ( $module, $version ) = each %$value ) { + $self->can($key)->($self, $module => $version ); + } + } else { + $self->can($key)->($self, $value); + } + } + return $self; +} + +sub write { + my $self = shift; + return $self unless $self->is_admin; + $self->admin->write_meta; + return $self; +} + +sub version_from { + require ExtUtils::MM_Unix; + my ( $self, $file ) = @_; + $self->version( ExtUtils::MM_Unix->parse_version($file) ); + + # for version integrity check + $self->makemaker_args( VERSION_FROM => $file ); +} + +sub abstract_from { + require ExtUtils::MM_Unix; + my ( $self, $file ) = @_; + $self->abstract( + bless( + { DISTNAME => $self->name }, + 'ExtUtils::MM_Unix' + )->parse_abstract($file) + ); +} + +# Add both distribution and module name +sub name_from { + my ($self, $file) = @_; + if ( + Module::Install::_read($file) =~ m/ + ^ \s* + package \s* + ([\w:]+) + [\s|;]* + /ixms + ) { + my ($name, $module_name) = ($1, $1); + $name =~ s{::}{-}g; + $self->name($name); + unless ( $self->module_name ) { + $self->module_name($module_name); + } + } else { + die("Cannot determine name from $file\n"); + } +} + +sub _extract_perl_version { + if ( + $_[0] =~ m/ + ^\s* + (?:use|require) \s* + v? + ([\d_\.]+) + \s* ; + /ixms + ) { + my $perl_version = $1; + $perl_version =~ s{_}{}g; + return $perl_version; + } else { + return; + } +} + +sub perl_version_from { + my $self = shift; + my $perl_version=_extract_perl_version(Module::Install::_read($_[0])); + if ($perl_version) { + $self->perl_version($perl_version); + } else { + warn "Cannot determine perl version info from $_[0]\n"; + return; + } +} + +sub author_from { + my $self = shift; + my $content = Module::Install::_read($_[0]); + if ($content =~ m/ + =head \d \s+ (?:authors?)\b \s* + ([^\n]*) + | + =head \d \s+ (?:licen[cs]e|licensing|copyright|legal)\b \s* + .*? copyright .*? \d\d\d[\d.]+ \s* (?:\bby\b)? \s* + ([^\n]*) + /ixms) { + my $author = $1 || $2; + + # XXX: ugly but should work anyway... + if (eval "require Pod::Escapes; 1") { + # Pod::Escapes has a mapping table. + # It's in core of perl >= 5.9.3, and should be installed + # as one of the Pod::Simple's prereqs, which is a prereq + # of Pod::Text 3.x (see also below). + $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } + { + defined $2 + ? chr($2) + : defined $Pod::Escapes::Name2character_number{$1} + ? chr($Pod::Escapes::Name2character_number{$1}) + : do { + warn "Unknown escape: E<$1>"; + "E<$1>"; + }; + }gex; + } + elsif (eval "require Pod::Text; 1" && $Pod::Text::VERSION < 3) { + # Pod::Text < 3.0 has yet another mapping table, + # though the table name of 2.x and 1.x are different. + # (1.x is in core of Perl < 5.6, 2.x is in core of + # Perl < 5.9.3) + my $mapping = ($Pod::Text::VERSION < 2) + ? \%Pod::Text::HTML_Escapes + : \%Pod::Text::ESCAPES; + $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } + { + defined $2 + ? chr($2) + : defined $mapping->{$1} + ? $mapping->{$1} + : do { + warn "Unknown escape: E<$1>"; + "E<$1>"; + }; + }gex; + } + else { + $author =~ s{E}{<}g; + $author =~ s{E}{>}g; + } + $self->author($author); + } else { + warn "Cannot determine author info from $_[0]\n"; + } +} + +#Stolen from M::B +my %license_urls = ( + perl => 'http://dev.perl.org/licenses/', + apache => 'http://apache.org/licenses/LICENSE-2.0', + apache_1_1 => 'http://apache.org/licenses/LICENSE-1.1', + artistic => 'http://opensource.org/licenses/artistic-license.php', + artistic_2 => 'http://opensource.org/licenses/artistic-license-2.0.php', + lgpl => 'http://opensource.org/licenses/lgpl-license.php', + lgpl2 => 'http://opensource.org/licenses/lgpl-2.1.php', + lgpl3 => 'http://opensource.org/licenses/lgpl-3.0.html', + bsd => 'http://opensource.org/licenses/bsd-license.php', + gpl => 'http://opensource.org/licenses/gpl-license.php', + gpl2 => 'http://opensource.org/licenses/gpl-2.0.php', + gpl3 => 'http://opensource.org/licenses/gpl-3.0.html', + mit => 'http://opensource.org/licenses/mit-license.php', + mozilla => 'http://opensource.org/licenses/mozilla1.1.php', + open_source => undef, + unrestricted => undef, + restrictive => undef, + unknown => undef, +); + +sub license { + my $self = shift; + return $self->{values}->{license} unless @_; + my $license = shift or die( + 'Did not provide a value to license()' + ); + $license = __extract_license($license) || lc $license; + $self->{values}->{license} = $license; + + # Automatically fill in license URLs + if ( $license_urls{$license} ) { + $self->resources( license => $license_urls{$license} ); + } + + return 1; +} + +sub _extract_license { + my $pod = shift; + my $matched; + return __extract_license( + ($matched) = $pod =~ m/ + (=head \d \s+ L(?i:ICEN[CS]E|ICENSING)\b.*?) + (=head \d.*|=cut.*|)\z + /xms + ) || __extract_license( + ($matched) = $pod =~ m/ + (=head \d \s+ (?:C(?i:OPYRIGHTS?)|L(?i:EGAL))\b.*?) + (=head \d.*|=cut.*|)\z + /xms + ); +} + +sub __extract_license { + my $license_text = shift or return; + my @phrases = ( + '(?:under )?the same (?:terms|license) as (?:perl|the perl (?:\d )?programming language)' => 'perl', 1, + '(?:under )?the terms of (?:perl|the perl programming language) itself' => 'perl', 1, + 'Artistic and GPL' => 'perl', 1, + 'GNU general public license' => 'gpl', 1, + 'GNU public license' => 'gpl', 1, + 'GNU lesser general public license' => 'lgpl', 1, + 'GNU lesser public license' => 'lgpl', 1, + 'GNU library general public license' => 'lgpl', 1, + 'GNU library public license' => 'lgpl', 1, + 'GNU Free Documentation license' => 'unrestricted', 1, + 'GNU Affero General Public License' => 'open_source', 1, + '(?:Free)?BSD license' => 'bsd', 1, + 'Artistic license 2\.0' => 'artistic_2', 1, + 'Artistic license' => 'artistic', 1, + 'Apache (?:Software )?license' => 'apache', 1, + 'GPL' => 'gpl', 1, + 'LGPL' => 'lgpl', 1, + 'BSD' => 'bsd', 1, + 'Artistic' => 'artistic', 1, + 'MIT' => 'mit', 1, + 'Mozilla Public License' => 'mozilla', 1, + 'Q Public License' => 'open_source', 1, + 'OpenSSL License' => 'unrestricted', 1, + 'SSLeay License' => 'unrestricted', 1, + 'zlib License' => 'open_source', 1, + 'proprietary' => 'proprietary', 0, + ); + while ( my ($pattern, $license, $osi) = splice(@phrases, 0, 3) ) { + $pattern =~ s#\s+#\\s+#gs; + if ( $license_text =~ /\b$pattern\b/i ) { + return $license; + } + } + return ''; +} + +sub license_from { + my $self = shift; + if (my $license=_extract_license(Module::Install::_read($_[0]))) { + $self->license($license); + } else { + warn "Cannot determine license info from $_[0]\n"; + return 'unknown'; + } +} + +sub _extract_bugtracker { + my @links = $_[0] =~ m#L<( + https?\Q://rt.cpan.org/\E[^>]+| + https?\Q://github.com/\E[\w_]+/[\w_]+/issues| + https?\Q://code.google.com/p/\E[\w_\-]+/issues/list + )>#gx; + my %links; + @links{@links}=(); + @links=keys %links; + return @links; +} + +sub bugtracker_from { + my $self = shift; + my $content = Module::Install::_read($_[0]); + my @links = _extract_bugtracker($content); + unless ( @links ) { + warn "Cannot determine bugtracker info from $_[0]\n"; + return 0; + } + if ( @links > 1 ) { + warn "Found more than one bugtracker link in $_[0]\n"; + return 0; + } + + # Set the bugtracker + bugtracker( $links[0] ); + return 1; +} + +sub requires_from { + my $self = shift; + my $content = Module::Install::_readperl($_[0]); + my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+(v?[\d\.]+)/mg; + while ( @requires ) { + my $module = shift @requires; + my $version = shift @requires; + $self->requires( $module => $version ); + } +} + +sub test_requires_from { + my $self = shift; + my $content = Module::Install::_readperl($_[0]); + my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+([\d\.]+)/mg; + while ( @requires ) { + my $module = shift @requires; + my $version = shift @requires; + $self->test_requires( $module => $version ); + } +} + +# Convert triple-part versions (eg, 5.6.1 or 5.8.9) to +# numbers (eg, 5.006001 or 5.008009). +# Also, convert double-part versions (eg, 5.8) +sub _perl_version { + my $v = $_[-1]; + $v =~ s/^([1-9])\.([1-9]\d?\d?)$/sprintf("%d.%03d",$1,$2)/e; + $v =~ s/^([1-9])\.([1-9]\d?\d?)\.(0|[1-9]\d?\d?)$/sprintf("%d.%03d%03d",$1,$2,$3 || 0)/e; + $v =~ s/(\.\d\d\d)000$/$1/; + $v =~ s/_.+$//; + if ( ref($v) ) { + # Numify + $v = $v + 0; + } + return $v; +} + +sub add_metadata { + my $self = shift; + my %hash = @_; + for my $key (keys %hash) { + warn "add_metadata: $key is not prefixed with 'x_'.\n" . + "Use appopriate function to add non-private metadata.\n" unless $key =~ /^x_/; + $self->{values}->{$key} = $hash{$key}; + } +} + + +###################################################################### +# MYMETA Support + +sub WriteMyMeta { + die "WriteMyMeta has been deprecated"; +} + +sub write_mymeta_yaml { + my $self = shift; + + # We need YAML::Tiny to write the MYMETA.yml file + unless ( eval { require YAML::Tiny; 1; } ) { + return 1; + } + + # Generate the data + my $meta = $self->_write_mymeta_data or return 1; + + # Save as the MYMETA.yml file + print "Writing MYMETA.yml\n"; + YAML::Tiny::DumpFile('MYMETA.yml', $meta); +} + +sub write_mymeta_json { + my $self = shift; + + # We need JSON to write the MYMETA.json file + unless ( eval { require JSON; 1; } ) { + return 1; + } + + # Generate the data + my $meta = $self->_write_mymeta_data or return 1; + + # Save as the MYMETA.yml file + print "Writing MYMETA.json\n"; + Module::Install::_write( + 'MYMETA.json', + JSON->new->pretty(1)->canonical->encode($meta), + ); +} + +sub _write_mymeta_data { + my $self = shift; + + # If there's no existing META.yml there is nothing we can do + return undef unless -f 'META.yml'; + + # We need Parse::CPAN::Meta to load the file + unless ( eval { require Parse::CPAN::Meta; 1; } ) { + return undef; + } + + # Merge the perl version into the dependencies + my $val = $self->Meta->{values}; + my $perl = delete $val->{perl_version}; + if ( $perl ) { + $val->{requires} ||= []; + my $requires = $val->{requires}; + + # Canonize to three-dot version after Perl 5.6 + if ( $perl >= 5.006 ) { + $perl =~ s{^(\d+)\.(\d\d\d)(\d*)}{join('.', $1, int($2||0), int($3||0))}e + } + unshift @$requires, [ perl => $perl ]; + } + + # Load the advisory META.yml file + my @yaml = Parse::CPAN::Meta::LoadFile('META.yml'); + my $meta = $yaml[0]; + + # Overwrite the non-configure dependency hashes + delete $meta->{requires}; + delete $meta->{build_requires}; + delete $meta->{recommends}; + if ( exists $val->{requires} ) { + $meta->{requires} = { map { @$_ } @{ $val->{requires} } }; + } + if ( exists $val->{build_requires} ) { + $meta->{build_requires} = { map { @$_ } @{ $val->{build_requires} } }; + } + + return $meta; +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Scripts.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Scripts.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install/Scripts.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install/Scripts.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,29 @@ +#line 1 +package Module::Install::Scripts; + +use strict 'vars'; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub install_script { + my $self = shift; + my $args = $self->makemaker_args; + my $exe = $args->{EXE_FILES} ||= []; + foreach ( @_ ) { + if ( -f $_ ) { + push @$exe, $_; + } elsif ( -d 'script' and -f "script/$_" ) { + push @$exe, "script/$_"; + } else { + die("Cannot find script '$_'"); + } + } +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/inc/Module/Install.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/inc/Module/Install.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,451 @@ +#line 1 +package Module::Install; + +# For any maintainers: +# The load order for Module::Install is a bit magic. +# It goes something like this... +# +# IF ( host has Module::Install installed, creating author mode ) { +# 1. Makefile.PL calls "use inc::Module::Install" +# 2. $INC{inc/Module/Install.pm} set to installed version of inc::Module::Install +# 3. The installed version of inc::Module::Install loads +# 4. inc::Module::Install calls "require Module::Install" +# 5. The ./inc/ version of Module::Install loads +# } ELSE { +# 1. Makefile.PL calls "use inc::Module::Install" +# 2. $INC{inc/Module/Install.pm} set to ./inc/ version of Module::Install +# 3. The ./inc/ version of Module::Install loads +# } + +use 5.006; +use strict 'vars'; +use Cwd (); +use File::Find (); +use File::Path (); + +use vars qw{$VERSION $MAIN}; +BEGIN { + # All Module::Install core packages now require synchronised versions. + # This will be used to ensure we don't accidentally load old or + # different versions of modules. + # This is not enforced yet, but will be some time in the next few + # releases once we can make sure it won't clash with custom + # Module::Install extensions. + $VERSION = '1.19'; + + # Storage for the pseudo-singleton + $MAIN = undef; + + *inc::Module::Install::VERSION = *VERSION; + @inc::Module::Install::ISA = __PACKAGE__; + +} + +sub import { + my $class = shift; + my $self = $class->new(@_); + my $who = $self->_caller; + + #------------------------------------------------------------- + # all of the following checks should be included in import(), + # to allow "eval 'require Module::Install; 1' to test + # installation of Module::Install. (RT #51267) + #------------------------------------------------------------- + + # Whether or not inc::Module::Install is actually loaded, the + # $INC{inc/Module/Install.pm} is what will still get set as long as + # the caller loaded module this in the documented manner. + # If not set, the caller may NOT have loaded the bundled version, and thus + # they may not have a MI version that works with the Makefile.PL. This would + # result in false errors or unexpected behaviour. And we don't want that. + my $file = join( '/', 'inc', split /::/, __PACKAGE__ ) . '.pm'; + unless ( $INC{$file} ) { die <<"END_DIE" } + +Please invoke ${\__PACKAGE__} with: + + use inc::${\__PACKAGE__}; + +not: + + use ${\__PACKAGE__}; + +END_DIE + + # This reportedly fixes a rare Win32 UTC file time issue, but + # as this is a non-cross-platform XS module not in the core, + # we shouldn't really depend on it. See RT #24194 for detail. + # (Also, this module only supports Perl 5.6 and above). + eval "use Win32::UTCFileTime" if $^O eq 'MSWin32' && $] >= 5.006; + + # If the script that is loading Module::Install is from the future, + # then make will detect this and cause it to re-run over and over + # again. This is bad. Rather than taking action to touch it (which + # is unreliable on some platforms and requires write permissions) + # for now we should catch this and refuse to run. + if ( -f $0 ) { + my $s = (stat($0))[9]; + + # If the modification time is only slightly in the future, + # sleep briefly to remove the problem. + my $a = $s - time; + if ( $a > 0 and $a < 5 ) { sleep 5 } + + # Too far in the future, throw an error. + my $t = time; + if ( $s > $t ) { die <<"END_DIE" } + +Your installer $0 has a modification time in the future ($s > $t). + +This is known to create infinite loops in make. + +Please correct this, then run $0 again. + +END_DIE + } + + + # Build.PL was formerly supported, but no longer is due to excessive + # difficulty in implementing every single feature twice. + if ( $0 =~ /Build.PL$/i ) { die <<"END_DIE" } + +Module::Install no longer supports Build.PL. + +It was impossible to maintain duel backends, and has been deprecated. + +Please remove all Build.PL files and only use the Makefile.PL installer. + +END_DIE + + #------------------------------------------------------------- + + # To save some more typing in Module::Install installers, every... + # use inc::Module::Install + # ...also acts as an implicit use strict. + $^H |= strict::bits(qw(refs subs vars)); + + #------------------------------------------------------------- + + unless ( -f $self->{file} ) { + foreach my $key (keys %INC) { + delete $INC{$key} if $key =~ /Module\/Install/; + } + + local $^W; + require "$self->{path}/$self->{dispatch}.pm"; + File::Path::mkpath("$self->{prefix}/$self->{author}"); + $self->{admin} = "$self->{name}::$self->{dispatch}"->new( _top => $self ); + $self->{admin}->init; + @_ = ($class, _self => $self); + goto &{"$self->{name}::import"}; + } + + local $^W; + *{"${who}::AUTOLOAD"} = $self->autoload; + $self->preload; + + # Unregister loader and worker packages so subdirs can use them again + delete $INC{'inc/Module/Install.pm'}; + delete $INC{'Module/Install.pm'}; + + # Save to the singleton + $MAIN = $self; + + return 1; +} + +sub autoload { + my $self = shift; + my $who = $self->_caller; + my $cwd = Cwd::getcwd(); + my $sym = "${who}::AUTOLOAD"; + $sym->{$cwd} = sub { + my $pwd = Cwd::getcwd(); + if ( my $code = $sym->{$pwd} ) { + # Delegate back to parent dirs + goto &$code unless $cwd eq $pwd; + } + unless ($$sym =~ s/([^:]+)$//) { + # XXX: it looks like we can't retrieve the missing function + # via $$sym (usually $main::AUTOLOAD) in this case. + # I'm still wondering if we should slurp Makefile.PL to + # get some context or not ... + my ($package, $file, $line) = caller; + die <<"EOT"; +Unknown function is found at $file line $line. +Execution of $file aborted due to runtime errors. + +If you're a contributor to a project, you may need to install +some Module::Install extensions from CPAN (or other repository). +If you're a user of a module, please contact the author. +EOT + } + my $method = $1; + if ( uc($method) eq $method ) { + # Do nothing + return; + } elsif ( $method =~ /^_/ and $self->can($method) ) { + # Dispatch to the root M:I class + return $self->$method(@_); + } + + # Dispatch to the appropriate plugin + unshift @_, ( $self, $1 ); + goto &{$self->can('call')}; + }; +} + +sub preload { + my $self = shift; + unless ( $self->{extensions} ) { + $self->load_extensions( + "$self->{prefix}/$self->{path}", $self + ); + } + + my @exts = @{$self->{extensions}}; + unless ( @exts ) { + @exts = $self->{admin}->load_all_extensions; + } + + my %seen; + foreach my $obj ( @exts ) { + while (my ($method, $glob) = each %{ref($obj) . '::'}) { + next unless $obj->can($method); + next if $method =~ /^_/; + next if $method eq uc($method); + $seen{$method}++; + } + } + + my $who = $self->_caller; + foreach my $name ( sort keys %seen ) { + local $^W; + *{"${who}::$name"} = sub { + ${"${who}::AUTOLOAD"} = "${who}::$name"; + goto &{"${who}::AUTOLOAD"}; + }; + } +} + +sub new { + my ($class, %args) = @_; + + delete $INC{'FindBin.pm'}; + { + # to suppress the redefine warning + local $SIG{__WARN__} = sub {}; + require FindBin; + } + + # ignore the prefix on extension modules built from top level. + my $base_path = Cwd::abs_path($FindBin::Bin); + unless ( Cwd::abs_path(Cwd::getcwd()) eq $base_path ) { + delete $args{prefix}; + } + return $args{_self} if $args{_self}; + + $base_path = VMS::Filespec::unixify($base_path) if $^O eq 'VMS'; + + $args{dispatch} ||= 'Admin'; + $args{prefix} ||= 'inc'; + $args{author} ||= ($^O eq 'VMS' ? '_author' : '.author'); + $args{bundle} ||= 'inc/BUNDLES'; + $args{base} ||= $base_path; + $class =~ s/^\Q$args{prefix}\E:://; + $args{name} ||= $class; + $args{version} ||= $class->VERSION; + unless ( $args{path} ) { + $args{path} = $args{name}; + $args{path} =~ s!::!/!g; + } + $args{file} ||= "$args{base}/$args{prefix}/$args{path}.pm"; + $args{wrote} = 0; + + bless( \%args, $class ); +} + +sub call { + my ($self, $method) = @_; + my $obj = $self->load($method) or return; + splice(@_, 0, 2, $obj); + goto &{$obj->can($method)}; +} + +sub load { + my ($self, $method) = @_; + + $self->load_extensions( + "$self->{prefix}/$self->{path}", $self + ) unless $self->{extensions}; + + foreach my $obj (@{$self->{extensions}}) { + return $obj if $obj->can($method); + } + + my $admin = $self->{admin} or die <<"END_DIE"; +The '$method' method does not exist in the '$self->{prefix}' path! +Please remove the '$self->{prefix}' directory and run $0 again to load it. +END_DIE + + my $obj = $admin->load($method, 1); + push @{$self->{extensions}}, $obj; + + $obj; +} + +sub load_extensions { + my ($self, $path, $top) = @_; + + my $should_reload = 0; + unless ( grep { ! ref $_ and lc $_ eq lc $self->{prefix} } @INC ) { + unshift @INC, $self->{prefix}; + $should_reload = 1; + } + + foreach my $rv ( $self->find_extensions($path) ) { + my ($file, $pkg) = @{$rv}; + next if $self->{pathnames}{$pkg}; + + local $@; + my $new = eval { local $^W; require $file; $pkg->can('new') }; + unless ( $new ) { + warn $@ if $@; + next; + } + $self->{pathnames}{$pkg} = + $should_reload ? delete $INC{$file} : $INC{$file}; + push @{$self->{extensions}}, &{$new}($pkg, _top => $top ); + } + + $self->{extensions} ||= []; +} + +sub find_extensions { + my ($self, $path) = @_; + + my @found; + File::Find::find( {no_chdir => 1, wanted => sub { + my $file = $File::Find::name; + return unless $file =~ m!^\Q$path\E/(.+)\.pm\Z!is; + my $subpath = $1; + return if lc($subpath) eq lc($self->{dispatch}); + + $file = "$self->{path}/$subpath.pm"; + my $pkg = "$self->{name}::$subpath"; + $pkg =~ s!/!::!g; + + # If we have a mixed-case package name, assume case has been preserved + # correctly. Otherwise, root through the file to locate the case-preserved + # version of the package name. + if ( $subpath eq lc($subpath) || $subpath eq uc($subpath) ) { + my $content = Module::Install::_read($File::Find::name); + my $in_pod = 0; + foreach ( split /\n/, $content ) { + $in_pod = 1 if /^=\w/; + $in_pod = 0 if /^=cut/; + next if ($in_pod || /^=cut/); # skip pod text + next if /^\s*#/; # and comments + if ( m/^\s*package\s+($pkg)\s*;/i ) { + $pkg = $1; + last; + } + } + } + + push @found, [ $file, $pkg ]; + }}, $path ) if -d $path; + + @found; +} + + + + + +##################################################################### +# Common Utility Functions + +sub _caller { + my $depth = 0; + my $call = caller($depth); + while ( $call eq __PACKAGE__ ) { + $depth++; + $call = caller($depth); + } + return $call; +} + +sub _read { + local *FH; + open( FH, '<', $_[0] ) or die "open($_[0]): $!"; + binmode FH; + my $string = do { local $/; }; + close FH or die "close($_[0]): $!"; + return $string; +} + +sub _readperl { + my $string = Module::Install::_read($_[0]); + $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; + $string =~ s/(\n)\n*__(?:DATA|END)__\b.*\z/$1/s; + $string =~ s/\n\n=\w+.+?\n\n=cut\b.+?\n+/\n\n/sg; + return $string; +} + +sub _readpod { + my $string = Module::Install::_read($_[0]); + $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; + return $string if $_[0] =~ /\.pod\z/; + $string =~ s/(^|\n=cut\b.+?\n+)[^=\s].+?\n(\n=\w+|\z)/$1$2/sg; + $string =~ s/\n*=pod\b[^\n]*\n+/\n\n/sg; + $string =~ s/\n*=cut\b[^\n]*\n+/\n\n/sg; + $string =~ s/^\n+//s; + return $string; +} + +sub _write { + local *FH; + open( FH, '>', $_[0] ) or die "open($_[0]): $!"; + binmode FH; + foreach ( 1 .. $#_ ) { + print FH $_[$_] or die "print($_[0]): $!"; + } + close FH or die "close($_[0]): $!"; +} + +# _version is for processing module versions (eg, 1.03_05) not +# Perl versions (eg, 5.8.1). +sub _version { + my $s = shift || 0; + my $d =()= $s =~ /(\.)/g; + if ( $d >= 2 ) { + # Normalise multipart versions + $s =~ s/(\.)(\d{1,3})/sprintf("$1%03d",$2)/eg; + } + $s =~ s/^(\d+)\.?//; + my $l = $1 || 0; + my @v = map { + $_ . '0' x (3 - length $_) + } $s =~ /(\d{1,3})\D?/g; + $l = $l . '.' . join '', @v if @v; + return $l + 0; +} + +sub _cmp { + _version($_[1]) <=> _version($_[2]); +} + +# Cloned from Params::Util::_CLASS +sub _CLASS { + ( + defined $_[0] + and + ! ref $_[0] + and + $_[0] =~ m/^[^\W\d]\w*(?:::\w+)*\z/s + ) ? $_[0] : undef; +} + +1; + +# Copyright 2008 - 2012 Adam Kennedy. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/INSTALL nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/INSTALL --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/INSTALL 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/INSTALL 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,76 @@ +Build and install check_rbl + +Dependencies +=========== + +check_rbl depends on several Perl modules: + + * Data::Validate::Domain + * Data::Validate::IP + * IO::Select + * Monitoring::Plugin + * Monitoring::Plugin::Getopt + * Monitoring::Plugin::Threshold + * Net::DNS + * Net::IP + * Readonly + * Socket + +Perl modules can be found on the "Comprehensive Perl Archive Network" +(CPAN). The "How to install CPAN modules" guide summarizes how these +can be installed + + http://www.cpan.org/modules/INSTALL.html + +On many systems Perl modules are also available as installation +packages (refer to your system documentation on how to install them). + +The 'perl Makefile.PL' command (see below) will list the missing +packages the you will need to install. + +Install to /usr/lib/nagios/plugins/contrib +========================================== + +In the source directory run: + + perl Makefile.PL + make + make install + +Install to a custom directory (CUSTOM_DIR) +========================================= + +In the source directory run: + + perl Makefile.PL INSTALLSITESCRIPT=CUSTOM_DIR + make + make install + +You can override the INSTALLSCRIPT, INSTALLNBIN or INSTALLSITESCRIPT +variable depending on your perl installation. + +The man page is installed to /usr/share/man/man1/check_rbl.1 +you can customize the path by setting INSTALLMAN1DIR as follows + + perl Makefile.PL INSTALLSCRIPT=CUSTOM_DIR INSTALLMAN1DIR=CUSTOM_MAN_DIR + make + make install + +Manual installation +=================== + +Substitute #!perl at the beginning of the script with the location of +your Perl interpreter and copy it to the desired location + +Generate the man page with pod2man + + pod2man check_rbl.pod > CUSTOM_MAN_FILE + +Please report any bugs or feature requests through the +web interface at https://github.com/matteocorti/check_rbl/issues + +Dependencies on Debian +====================== + +apt-get install libdata-validate-ip-perl libdata-validate-domain-perl libnet-dns-perl libreadonly-perl libmonitoring-plugin-perl + diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/Makefile.PL nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/Makefile.PL --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/Makefile.PL 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/Makefile.PL 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,51 @@ +# Load the Module::Install bundled in ./inc/ +use lib '.'; # added since from Perl 5.26 '.' is no more in @INC +use inc::Module::Install; + +############################################################################## +# Define metadata (we read it from the binary) + +name 'check_rbl'; +version_from 'check_rbl'; + +############################################################################## +# Specific dependencies + +my %prereqs = ( + 'Data::Validate::Domain' => 0.12, + 'Data::Validate::IP' => 0, + 'English' => 0, + 'Net::DNS' => 0, + 'Net::IP' => 0, + 'Readonly' => 0, + 'Socket' => 0, + 'IO::Select' => 0, + 'Monitoring::Plugin' => 0, + 'Monitoring::Plugin::Threshold' => 0, + 'Monitoring::Plugin::Getopt' => 0, +); + +# Net::DNS 1.03 is broken +my $ver = eval { require Net::DNS; $Net::DNS::VERSION }; +if (!$ver || $ver eq '1.03') { + warn 'Net::DNS is broken please downgrade until fixed. See https://rt.cpan.org/Ticket/Display.html?id=108745'; + $prereqs{'Net::DNS'} = '1.04'; +} + +# https://metacpan.org/pod/release/DAGOLDEN/CPAN-Meta-2.142690/lib/CPAN/Meta/Spec.pm#license +license 'gpl_3'; + +install_script 'check_rbl'; + +auto_install; + +tests 't/*.t'; + +WriteMakefile( + PREREQ_PM => \%prereqs, + INSTALLSCRIPT => '/usr/lib/nagios/plugins/contrib', + INSTALLSITESCRIPT => '/usr/lib/nagios/plugins/contrib', + MAN1PODS => { 'check_rbl.pod' =>'blib/man1/check_rbl.1', }, + MAN3PODS => { }, +); + diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MANIFEST nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MANIFEST --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MANIFEST 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MANIFEST 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,32 @@ +.travis.yml +AUTHORS +Changes +check_rbl +check_rbl.ini +check_rbl.pod +check_rbl.spec +COPYING +COPYRIGHT +inc/Module/AutoInstall.pm +inc/Module/Install.pm +inc/Module/Install/AutoInstall.pm +inc/Module/Install/Base.pm +inc/Module/Install/Include.pm +inc/Module/Install/Makefile.pm +inc/Module/Install/MakeMaker.pm +inc/Module/Install/Metadata.pm +inc/Module/Install/Scripts.pm +INSTALL +Makefile.PL +MANIFEST This list of files +MANIFEST.SKIP +META.yml +MYMETA.json +MYMETA.yml +NEWS +README.md +t/00_modules.t +t/01_validation.t +test.sh +TODO +VERSION diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MANIFEST.SKIP nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MANIFEST.SKIP --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MANIFEST.SKIP 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MANIFEST.SKIP 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,18 @@ +\.DS_Store$ +^_build +^Build$ +^blib +~$ +\.bak$ +\.sw.$ +\.svn +\.git +\.tdy$ +^cover_db +^Makefile$ +^Makefile.old$ +^pm_to_blib$ +^.# +^# +^check_rbl- +notes.txt diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/META.yml nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/META.yml --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/META.yml 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/META.yml 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,30 @@ +--- +build_requires: + ExtUtils::MakeMaker: 6.36 +configure_requires: + ExtUtils::MakeMaker: 6.36 +distribution_type: module +dynamic_config: 1 +generated_by: 'Module::Install version 1.19' +license: gpl_3 +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: 1.4 +name: check_rbl +no_index: + directory: + - inc + - t +requires: + Data::Validate::Domain: 0.12 + Data::Validate::IP: 0 + English: 0 + IO::Select: 0 + Monitoring::Plugin: 0 + Monitoring::Plugin::Getopt: 0 + Monitoring::Plugin::Threshold: 0 + Net::DNS: 0 + Net::IP: 0 + Readonly: 0 + Socket: 0 +version: 1.6.2 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MYMETA.json nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MYMETA.json --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MYMETA.json 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MYMETA.json 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,52 @@ +{ + "abstract" : "unknown", + "author" : [ + "unknown" + ], + "dynamic_config" : 0, + "generated_by" : "Module::Install version 1.19, CPAN::Meta::Converter version 2.150010", + "license" : [ + "gpl_3" + ], + "meta-spec" : { + "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", + "version" : 2 + }, + "name" : "check_rbl", + "no_index" : { + "directory" : [ + "inc", + "t" + ] + }, + "prereqs" : { + "build" : { + "requires" : { + "ExtUtils::MakeMaker" : "6.36" + } + }, + "configure" : { + "requires" : { + "ExtUtils::MakeMaker" : "0" + } + }, + "runtime" : { + "requires" : { + "Data::Validate::Domain" : "0.12", + "Data::Validate::IP" : "0", + "English" : "0", + "IO::Select" : "0", + "Monitoring::Plugin" : "0", + "Monitoring::Plugin::Getopt" : "0", + "Monitoring::Plugin::Threshold" : "0", + "Net::DNS" : "0", + "Net::IP" : "0", + "Readonly" : "0", + "Socket" : "0" + } + } + }, + "release_status" : "stable", + "version" : "1.6.2", + "x_serialization_backend" : "JSON::PP version 4.06" +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MYMETA.yml nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MYMETA.yml --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/MYMETA.yml 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/MYMETA.yml 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,33 @@ +--- +abstract: unknown +author: + - unknown +build_requires: + ExtUtils::MakeMaker: '6.36' +configure_requires: + ExtUtils::MakeMaker: '0' +dynamic_config: 0 +generated_by: 'Module::Install version 1.19, CPAN::Meta::Converter version 2.150010' +license: gpl +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: '1.4' +name: check_rbl +no_index: + directory: + - inc + - t +requires: + Data::Validate::Domain: '0.12' + Data::Validate::IP: '0' + English: '0' + IO::Select: '0' + Monitoring::Plugin: '0' + Monitoring::Plugin::Getopt: '0' + Monitoring::Plugin::Threshold: '0' + Net::DNS: '0' + Net::IP: '0' + Readonly: '0' + Socket: '0' +version: 1.6.2 +x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/NEWS nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/NEWS --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/NEWS 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/NEWS 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,35 @@ +2021-12-16: 1.6.3 - accepts FQDN as host names +2021-06-01: 1.6.2 - fixed a bug with IPv6 +2021-05-27: 1.6.1 - fixes the FQDN with IPv6 and fixes the output in case of timeouts +2021-05-27: 1.6.0 - show the FQDN if the host is specified with an IP address +2021-01-03: 1.5.7 - removed emailbasura.org from the documentation and default configuration +2020-11-30: 1.5.6 - bug fix with IPv6 addresses +2020-09-30: 1.5.5 - removed dynip.rothen.com from the documentation and default configuration +2020-05-26: 1.5.4 - removed dnsbl.inps.de from the documentation and default configuration +2019-12-24: 1.5.3 - fixes in the RPM spec file +2019-12-03: 1.5.2 - removed rbl.suresupport.com from the documentation and default configuration +2019-11-25: 1.5.1 - removed megarbl.net from the documentation and default configuration +2019-06-03: 1.5.0 - added the --url option +2019-06-02: 1.4.5 - removing spamcannibal.org from the documentation and default configuration (fixed) +2019-02-28: 1.4.4 - added the --append option +2018-05-30: 1.4.3 - removing spamcannibal.org from the documentation and default configuration +2018-05-25: 1.4.2 - removing dnsbl.cyberlogic.net from the documentation and default configuration +2017-07-17: 1.4.1 - Perl 5.26 support +2017-04-18: 1.4.0 - IPv6 support +2016-06-07: 1.3.8 - allowing Nagios::Plugins for older distributions +2015-02-01: 1.3.7 - now depends on Monitoring::Plugins (Nagios::Plugins + is deprecated) +2014-12-05: 1.3.6 - removed dependency on Data::Dumper +2014-09-21: 1.3.5 - fixed the default critical and warning range +2014-09-20: 1.3.4 - parameter validation fix +2014-08-09: 1.3.3 - parameter validation +2014-01-30: 1.3.2 - documentation and dependencies update +2013-09-26: 1.3.1 - disabled embedded Perl +2011-07-11: 1.3.0 - whitelisting support +2011-03-22: 1.2.2 - bug fix release (dependencies fixed) +2010-07-05: 1.2.1 - bug fix release (see Changes) +2010-04-08: 1.2.0 - improved parallel checks and several fixes +2009-10-27: 1.1.0 - parallel checks +2009- : 1.0.2 - --retry command line argument to specify DNS retries +2009-01-06: 1.0.1 - Execution time in the performance data +2008-12-29: 1.0.0 - Initial release diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/README.md nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/README.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/README.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/README.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,31 @@ + + © Matteo Corti, ETH Zurich, 2009-2012 + + © Matteo Corti, 2009-2021 + + see AUTHORS for the complete list of contributors + +# check\_rbl + +A Nagios plugin to check if an SMTP server is blacklisted + +## Note + +Some blacklister as Spamhaus ban DNS queries from public DNS +resolvers as Google resulting in no host being listed. If you are +experiencing problems with the plugin just try the DNS query with a +tool as nslookup to check your DNS configuration. + +## Known bugs and problems + +Needs ```Data::Validate::Domain``` 0.12 to handle fully qualified host names with an ending dot (e.g., "example.org.") + +## Example + +``` +check_rbl -H example.org -t 60 -c 1 -w 1 -s cbl.abuseat.org -s bl.deadbeef.com -s spamtrap.drbl.drand.net -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s relays.nether.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s ubl.unsubscore.com -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s blacklist.sci.kun.nl -s dnsbl.kempt.net -s forbidden.icm.edu.pl -s hil.habeas.com -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s bl.technovision.dk -s b.barracudacentral.org -s dnsbl.antispam.or.id -s drone.abuse.ch -s dsn.rfc-ignorant.org -s dul.dnsbl.sorbs.net -s http.dnsbl.sorbs.net -s l1.spews.dnsbl.sorbs.net -s l2.spews.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s postmaster.rfc-ignorant.org -s rbl.spamlab.com -s relays.bl.kunden.de -s smtp.dnsbl.sorbs.net -s socks.dnsbl.sorbs.net -s spam.abuse.ch -s spamrbl.imp.ch -s tr.countries.nerd.dk -s unsure.nether.net -s virbl.bit.nl -s web.dnsbl.sorbs.net -s whois.rfc-ignorant.org -s wormrbl.imp.ch -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s blackholes.five-ten-sg.com -s blacklist.woody.ch -s bogons.cymru.com -s combined.abuse.ch -s duinv.aupads.org -s ohps.dnsbl.net.au -s omrs.dnsbl.net.au -s orvedb.aupads.org -s osps.dnsbl.net.au -s osrs.dnsbl.net.au -s owfs.dnsbl.net.au -s owps.dnsbl.net.au -s probes.dnsbl.net.au -s proxy.bl.gweep.ca -s proxy.block.transip.nl -s rbl.inter.net -s rdts.dnsbl.net.au -s relays.bl.gweep.ca -s residential.block.transip.nl -s ricn.dnsbl.net.au -s rmst.dnsbl.net.au -s spamlist.or.kr -s t3direct.dnsbl.net.au -s ubl.lashback.com -s all.s5h.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s spambot.bls.digibase.ca -s z.mailspike.net +``` + +## Bugs +Please report any bugs or feature requests through the +web interface at [https://github.com/matteocorti/check_rbl/issues](https://github.com/matteocorti/check_rbl/issues) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/t/00_modules.t nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/t/00_modules.t --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/t/00_modules.t 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/t/00_modules.t 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,53 @@ +#!perl + +use 5.00800; + +use strict; +use warnings; + +use Test::More tests => 33; + +our $VERSION = '1.5.4'; + +use_ok('Monitoring::Plugin'); +can_ok( 'Monitoring::Plugin', 'new' ); +can_ok( 'Monitoring::Plugin', 'nagios_exit' ); +can_ok( 'Monitoring::Plugin', 'add_perfdata' ); +can_ok( 'Monitoring::Plugin', 'perfdata' ); + +use_ok( 'Monitoring::Plugin' . '::Getopt' ); +can_ok( 'Monitoring::Plugin' . '::Getopt', 'new' ); +can_ok( 'Monitoring::Plugin' . '::Getopt', 'arg' ); +can_ok( 'Monitoring::Plugin' . '::Getopt', 'getopts' ); +can_ok( 'Monitoring::Plugin' . '::Getopt', 'get' ); + +use_ok( 'Monitoring::Plugin' . '::Threshold' ); +can_ok( 'Monitoring::Plugin' . '::Threshold', 'new' ); +can_ok( 'Monitoring::Plugin' . '::Threshold', 'set_thresholds' ); + +use_ok('IO::Select'); +can_ok( 'IO::Select', 'new' ); +can_ok( 'IO::Select', 'count' ); +can_ok( 'IO::Select', 'can_read' ); +can_ok( 'IO::Select', 'remove' ); +can_ok( 'IO::Select', 'handles' ); + +use_ok('Net::DNS::Resolver'); +can_ok( 'Net::DNS::Resolver', 'new' ); +can_ok( 'Net::DNS::Resolver', 'can' ); +can_ok( 'Net::DNS::Resolver', 'bgsend' ); +can_ok( 'Net::DNS::Resolver', 'bgread' ); + +use_ok('English'); +use_ok('Readonly'); + +use_ok('Net::IP'); +can_ok( 'Net::IP', 'ip_expand_address' ); + +use_ok('Data::Validate::Domain'); +can_ok( 'Data::Validate::Domain', 'is_hostname' ); + +use_ok('Data::Validate::IP'); +can_ok( 'Data::Validate::IP', 'is_ipv4' ); +can_ok( 'Data::Validate::IP', 'is_ipv6' ); + diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/t/01_validation.t nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/t/01_validation.t --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/t/01_validation.t 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/t/01_validation.t 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,17 @@ +#!perl + +use 5.00800; + +use strict; +use warnings; + +use File::Spec; +use Test::More tests => 1; + +our $VERSION = '1.4.0'; + +my $check_rbl = File::Spec->catfile(qw(blib script check_rbl)); + +require_ok($check_rbl); + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/test.sh nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/test.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/test.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/test.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,21 @@ +#!/bin/sh + +# Our one non-success exit code. +EXIT_BAD_ARGS=1 + +if [ $# -lt 1 ]; then + echo "Usage: $0 " + echo '' + echo ' the IP to check against a bunch of blacklists.' + echo '' + exit "${EXIT_BAD_ARGS}" +else + IP_ADDR="${1}" +fi + +perl ./check_rbl -H "${IP_ADDR}" \ + -t 60 \ + -c 1 \ + -w 1 \ + -v \ + -s cbl.abuseat.org -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s dnsbl.kempt.net -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s dul.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s smtp.dnsbl.sorbs.net -s web.dnsbl.sorbs.net -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s z.mailspike.net diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/TODO nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/TODO --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/TODO 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/TODO 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,2 @@ +* refactor mdns to reduce code complexity +* unit tests diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/VERSION nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/VERSION --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/check_rbl-1.6.3/VERSION 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/check_rbl-1.6.3/VERSION 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +1.5.7 \ No newline at end of file diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/control nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/control --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/control 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/control 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,6 @@ Uploaders: Bernd Zeimetz Recommends: libmonitoring-plugin-perl | libnagios-plugin-perl (>= 0.31), libreadonly-perl, libnet-dns-perl, libdata-validate-domain-perl, libdata-validate-ip-perl -Version: 1.5.7 +Version: 1.6.3 Homepage: https://github.com/matteocorti/check_rbl Watch: https://github.com/matteocorti/check_rbl/releases check_rbl-([0-9.]+)\.tar\.gz Description: plugin to check if a server is blacklisted diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/AUTHORS nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/AUTHORS --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/AUTHORS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/AUTHORS 2021-12-17 14:47:25.000000000 +0000 @@ -3,7 +3,7 @@ Thanks: * Many thanks to Elan Ruusamäe for the improved parallel support and several fixes -* Many thanks to Victor V Kudlak fot the parallel support +* Many thanks to Victor V Kudlak for the parallel support * Many thanks to Jan Kantert for the whitelisting support * Many thanks to Nick Nicholas for IPv6 support * Many thanks to Michael Orlitzky for the test.sh usage patch diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/Changes nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/Changes --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/Changes 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/Changes 2021-12-17 14:47:25.000000000 +0000 @@ -1,3 +1,16 @@ +2021-12-16 Matteo Corti + + * check_rbl (run): Remove the dot at the end of FQDN + +2021-06-01 Matteo Corti + + * check_rbl (run): Fixed a bug in the resolution of IPv6 addresses + +2021-05-27 Matteo Corti + + * check_rbl (run): Adds the host name to the status if the input is an IP address. + * check_rbl (run): Fixes the output in case of timeout + 2020-11-30 Matteo Corti * check_rbl: Removes unnecessary dot in IPv6 addresses @@ -143,11 +156,11 @@ 2009-01-22 Matteo Corti - * check_rbl: command line argument to set the numer of tries in DNS queries + * check_rbl: command line argument to set the number of tries in DNS queries 2009-01-06 Matteo Corti - * check_rbl: execution time in the performace data + * check_rbl: execution time in the performance data 2008-12-29 Matteo Corti diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_distribution.sh nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_distribution.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_distribution.sh 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_distribution.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -#!/bin/sh - -PERL_FILES="check_rbl t/*.t" -FILES="${PERL_FILES} AUTHORS COPYING COPYRIGHT Changes INSTALL Makefile.PL NEWS README.md TODO check_distribution.sh" - -echo "Perl::Critic" -echo "============" -echo -perlcritic -1 ${PERL_FILES} -echo - -echo "Formatting errors: tabs" -echo "=======================" -echo -grep --line-number '\t' ${FILES} -echo - -echo "Formatting errors: blanks at the end of line" -echo "============================================" -echo -grep --line-number '[[:blank:]]$' ${FILES} -echo - -YEAR=$( date +"%Y" ) -echo "Copyright (${YEAR})" -echo "=========" -echo -echo '### README.md' -grep "(c) Matteo Corti, 2009-${YEAR}" README.md -echo '### COPYRIGHT' -grep "Copyright (c) 2009-${YEAR} Matteo Corti" COPYRIGHT -echo '### check_rbl' -grep "Copyright (c) 2009-${YEAR} Matteo Corti " check_rbl -echo diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl 2021-12-17 14:47:25.000000000 +0000 @@ -20,7 +20,7 @@ use strict; use warnings; -our $VERSION = '1.5.7'; +our $VERSION = '1.6.3'; use Data::Validate::Domain qw(is_hostname); use Data::Validate::IP qw(is_ipv4 is_ipv6); @@ -29,6 +29,7 @@ use Net::IP qw(ip_expand_address); use Readonly; use English qw(-no_match_vars); +use Socket qw( NI_NUMERICSERV SOCK_RAW getaddrinfo getnameinfo); use Monitoring::Plugin; use Monitoring::Plugin::Threshold; @@ -484,13 +485,20 @@ 'host or url has to be set' ); } + # if present remove the trailing dot from the FQDN + # see https://serverfault.com/questions/803033/should-i-append-a-dot-at-the-end-of-my-dns-urls + my $host = $options->host; + if ( defined $host ) { + $host =~ s/[.]$//mxs; + } + my $check_prefix; my $check_object; if ( defined $options->host and $options->host ne q{} ) { # if checking for host # validate ip and resolve hostname if applicable - my $ip = validate( $options->host ); + my $ip = validate($host); # reverse ip order my $local_ip = $ip; @@ -502,6 +510,8 @@ $local_ip = reverse $local_ip; $local_ip =~ s/://gmxs; + $local_ip = join q{.}, split //ms, $local_ip; + debug(" $local_ip"); } @@ -511,7 +521,7 @@ } $check_prefix = $local_ip; - $check_object = $options->host; + $check_object = $host; } else { # if checking for url, just set the prefix to the url name @@ -549,11 +559,11 @@ mdns( \@addrs, sub { - my ( $addr, $host ) = @_; + my ( $addr, $mdns_host ) = @_; - if ( defined $host ) { + if ( defined $mdns_host ) { - debug("callback( $addr, $host )"); + debug("callback( $addr, $mdns_host )"); } else { @@ -565,14 +575,15 @@ # extract RBL we checked $addr =~ s/^(?:[a-f\d][.]){32}//mxs; $addr =~ s/^(?:\d+[.]){4}//mxs; - if ( defined $host ) { - if ( $host eq q{} ) { + + if ( defined $mdns_host ) { + if ( $mdns_host eq q{} ) { push @timeouts, $addr; } else { - verbose "listed in $addr as $host\n"; + verbose "listed in $addr as $mdns_host\n"; if ( !$options->get('whitelistings') ) { - push @listed, $addr . ' (' . $host . ')'; + push @listed, $addr . ' (' . $mdns_host . ')'; } } } @@ -587,8 +598,35 @@ my $total = scalar @listed; + if ( is_ipv4($check_object) || is_ipv6($check_object) ) { + +# if the input is an IP address we try to do a reverse DNS lookup to display the FQDN +# we ignore errors since in case of failure we can just skip the information + + my $err; + my @res; + my $fqdn; + + ( $err, @res ) = + getaddrinfo( $check_object, q{}, { socktype => SOCK_RAW } ); + + if ( !$err ) { + + while ( my $ai = shift @res ) { + ( $err, $fqdn ) = getnameinfo( $ai->{addr}, NI_NUMERICSERV ); + if ( !$err ) { + $check_object = "$check_object ($fqdn)"; + last; + } + } + + } + + } + my $status; my $appendstring = $options->append; + if ( $options->get('whitelistings') ) { $status = @@ -606,20 +644,20 @@ } + if ( $total > 0 ) { + $status .= " (@listed)"; + } + # append timeout info, but do not account these in status if (@timeouts) { $timeouts_string = scalar @timeouts; - $status = + $status .= " ($timeouts_string server" . ( ( $timeouts_string > 1 ) ? 's' : q{} ) . ' timed out: ' . join( ', ', @timeouts ) . ')'; } - if ( $total > 0 ) { - $status .= " (@listed)"; - } - $plugin->add_perfdata( label => 'servers', value => $total, diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl.ini nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl.ini --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl.ini 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl.ini 2021-12-17 14:47:25.000000000 +0000 @@ -81,7 +81,6 @@ server=t3direct.dnsbl.net.au server=ubl.lashback.com server=all.s5h.net -server=dnsbl.anticaptcha.net server=dnsbl.dronebl.org server=dnsbl.spfbl.net server=ips.backscatterer.org diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl.pod nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl.pod --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl.pod 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl.pod 2021-12-17 14:47:25.000000000 +0000 @@ -10,7 +10,7 @@ =head1 VERSION -Version 1.5.0 +Version 1.6.0 =head1 SYNOPSIS diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl.spec nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl.spec --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/check_rbl.spec 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/check_rbl.spec 2021-12-17 14:47:25.000000000 +0000 @@ -1,4 +1,4 @@ -%define version 1.5.7 +%define version 1.6.3 %define release 0 %define sourcename check_rbl %define packagename nagios-plugins-check-rbl @@ -54,6 +54,18 @@ %{_mandir}/man1/%{sourcename}.1* %changelog +* Thu Dec 16 2021 Matteo Corti - 1.6.3-0 +- Update to 1.6.3 + +* Tue Jun 1 2021 Matteo Corti - 1.6.2-0 +- Update to 1.6.2 +w +* Thu May 27 2021 Matteo Corti - 1.6.1-0 +- Update to 1.6.1 + +* Thu May 27 2021 Matteo Corti - 1.6.0-0 +- Update to 1.6.0 + * Sun Jan 3 2021 Matteo Corti - 1.5.7-0 - Update to 1.5.7 @@ -121,7 +133,7 @@ - Updated to 1.2.1 (bug fix) * Thu Apr 8 2010 Matteo Corti - 1.2.0-0 -- Updated to 1.2.0 and imprved the SPEC file +- Updated to 1.2.0 and improved the SPEC file * Tue Oct 27 2009 Matteo Corti - 1.1.0-0 - Updated to 1.1.0 (parallel checks) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/AutoInstall.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/AutoInstall.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/AutoInstall.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/AutoInstall.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,934 @@ +#line 1 +package Module::AutoInstall; + +use strict; +use Cwd (); +use File::Spec (); +use ExtUtils::MakeMaker (); + +use vars qw{$VERSION}; +BEGIN { + $VERSION = '1.19'; +} + +# special map on pre-defined feature sets +my %FeatureMap = ( + '' => 'Core Features', # XXX: deprecated + '-core' => 'Core Features', +); + +# various lexical flags +my ( @Missing, @Existing, %DisabledTests, $UnderCPAN, $InstallDepsTarget, $HasCPANPLUS ); +my ( + $Config, $CheckOnly, $SkipInstall, $AcceptDefault, $TestOnly, $AllDeps, + $UpgradeDeps +); +my ( $PostambleActions, $PostambleActionsNoTest, $PostambleActionsUpgradeDeps, + $PostambleActionsUpgradeDepsNoTest, $PostambleActionsListDeps, + $PostambleActionsListAllDeps, $PostambleUsed, $NoTest); + +# See if it's a testing or non-interactive session +_accept_default( $ENV{AUTOMATED_TESTING} or ! -t STDIN ); +_init(); + +sub _accept_default { + $AcceptDefault = shift; +} + +sub _installdeps_target { + $InstallDepsTarget = shift; +} + +sub missing_modules { + return @Missing; +} + +sub do_install { + __PACKAGE__->install( + [ + $Config + ? ( UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) + : () + ], + @Missing, + ); +} + +# initialize various flags, and/or perform install +sub _init { + foreach my $arg ( + @ARGV, + split( + /[\s\t]+/, + $ENV{PERL_AUTOINSTALL} || $ENV{PERL_EXTUTILS_AUTOINSTALL} || '' + ) + ) + { + if ( $arg =~ /^--config=(.*)$/ ) { + $Config = [ split( ',', $1 ) ]; + } + elsif ( $arg =~ /^--installdeps=(.*)$/ ) { + __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); + exit 0; + } + elsif ( $arg =~ /^--upgradedeps=(.*)$/ ) { + $UpgradeDeps = 1; + __PACKAGE__->install( $Config, @Missing = split( /,/, $1 ) ); + exit 0; + } + elsif ( $arg =~ /^--default(?:deps)?$/ ) { + $AcceptDefault = 1; + } + elsif ( $arg =~ /^--check(?:deps)?$/ ) { + $CheckOnly = 1; + } + elsif ( $arg =~ /^--skip(?:deps)?$/ ) { + $SkipInstall = 1; + } + elsif ( $arg =~ /^--test(?:only)?$/ ) { + $TestOnly = 1; + } + elsif ( $arg =~ /^--all(?:deps)?$/ ) { + $AllDeps = 1; + } + } +} + +# overrides MakeMaker's prompt() to automatically accept the default choice +sub _prompt { + goto &ExtUtils::MakeMaker::prompt unless $AcceptDefault; + + my ( $prompt, $default ) = @_; + my $y = ( $default =~ /^[Yy]/ ); + + print $prompt, ' [', ( $y ? 'Y' : 'y' ), '/', ( $y ? 'n' : 'N' ), '] '; + print "$default\n"; + return $default; +} + +# the workhorse +sub import { + my $class = shift; + my @args = @_ or return; + my $core_all; + + print "*** $class version " . $class->VERSION . "\n"; + print "*** Checking for Perl dependencies...\n"; + + my $cwd = Cwd::getcwd(); + + $Config = []; + + my $maxlen = length( + ( + sort { length($b) <=> length($a) } + grep { /^[^\-]/ } + map { + ref($_) + ? ( ( ref($_) eq 'HASH' ) ? keys(%$_) : @{$_} ) + : '' + } + map { +{@args}->{$_} } + grep { /^[^\-]/ or /^-core$/i } keys %{ +{@args} } + )[0] + ); + + # We want to know if we're under CPAN early to avoid prompting, but + # if we aren't going to try and install anything anyway then skip the + # check entirely since we don't want to have to load (and configure) + # an old CPAN just for a cosmetic message + + $UnderCPAN = _check_lock(1) unless $SkipInstall || $InstallDepsTarget; + + while ( my ( $feature, $modules ) = splice( @args, 0, 2 ) ) { + my ( @required, @tests, @skiptests ); + my $default = 1; + my $conflict = 0; + + if ( $feature =~ m/^-(\w+)$/ ) { + my $option = lc($1); + + # check for a newer version of myself + _update_to( $modules, @_ ) and return if $option eq 'version'; + + # sets CPAN configuration options + $Config = $modules if $option eq 'config'; + + # promote every features to core status + $core_all = ( $modules =~ /^all$/i ) and next + if $option eq 'core'; + + next unless $option eq 'core'; + } + + print "[" . ( $FeatureMap{ lc($feature) } || $feature ) . "]\n"; + + $modules = [ %{$modules} ] if UNIVERSAL::isa( $modules, 'HASH' ); + + unshift @$modules, -default => &{ shift(@$modules) } + if ( ref( $modules->[0] ) eq 'CODE' ); # XXX: bugward compatibility + + while ( my ( $mod, $arg ) = splice( @$modules, 0, 2 ) ) { + if ( $mod =~ m/^-(\w+)$/ ) { + my $option = lc($1); + + $default = $arg if ( $option eq 'default' ); + $conflict = $arg if ( $option eq 'conflict' ); + @tests = @{$arg} if ( $option eq 'tests' ); + @skiptests = @{$arg} if ( $option eq 'skiptests' ); + + next; + } + + printf( "- %-${maxlen}s ...", $mod ); + + if ( $arg and $arg =~ /^\D/ ) { + unshift @$modules, $arg; + $arg = 0; + } + + # XXX: check for conflicts and uninstalls(!) them. + my $cur = _version_of($mod); + if (_version_cmp ($cur, $arg) >= 0) + { + print "loaded. ($cur" . ( $arg ? " >= $arg" : '' ) . ")\n"; + push @Existing, $mod => $arg; + $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; + } + else { + if (not defined $cur) # indeed missing + { + print "missing." . ( $arg ? " (would need $arg)" : '' ) . "\n"; + } + else + { + # no need to check $arg as _version_cmp ($cur, undef) would satisfy >= above + print "too old. ($cur < $arg)\n"; + } + + push @required, $mod => $arg; + } + } + + next unless @required; + + my $mandatory = ( $feature eq '-core' or $core_all ); + + if ( + !$SkipInstall + and ( + $CheckOnly + or ($mandatory and $UnderCPAN) + or $AllDeps + or $InstallDepsTarget + or _prompt( + qq{==> Auto-install the } + . ( @required / 2 ) + . ( $mandatory ? ' mandatory' : ' optional' ) + . qq{ module(s) from CPAN?}, + $default ? 'y' : 'n', + ) =~ /^[Yy]/ + ) + ) + { + push( @Missing, @required ); + $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; + } + + elsif ( !$SkipInstall + and $default + and $mandatory + and + _prompt( qq{==> The module(s) are mandatory! Really skip?}, 'n', ) + =~ /^[Nn]/ ) + { + push( @Missing, @required ); + $DisabledTests{$_} = 1 for map { glob($_) } @skiptests; + } + + else { + $DisabledTests{$_} = 1 for map { glob($_) } @tests; + } + } + + if ( @Missing and not( $CheckOnly or $UnderCPAN) ) { + require Config; + my $make = $Config::Config{make}; + if ($InstallDepsTarget) { + print +"*** To install dependencies type '$make installdeps' or '$make installdeps_notest'.\n"; + } + else { + print +"*** Dependencies will be installed the next time you type '$make'.\n"; + } + + # make an educated guess of whether we'll need root permission. + print " (You may need to do that as the 'root' user.)\n" + if eval '$>'; + } + print "*** $class configuration finished.\n"; + + chdir $cwd; + + # import to main:: + no strict 'refs'; + *{'main::WriteMakefile'} = \&Write if caller(0) eq 'main'; + + return (@Existing, @Missing); +} + +sub _running_under { + my $thing = shift; + print <<"END_MESSAGE"; +*** Since we're running under ${thing}, I'll just let it take care + of the dependency's installation later. +END_MESSAGE + return 1; +} + +# Check to see if we are currently running under CPAN.pm and/or CPANPLUS; +# if we are, then we simply let it taking care of our dependencies +sub _check_lock { + return unless @Missing or @_; + + if ($ENV{PERL5_CPANM_IS_RUNNING}) { + return _running_under('cpanminus'); + } + + my $cpan_env = $ENV{PERL5_CPAN_IS_RUNNING}; + + if ($ENV{PERL5_CPANPLUS_IS_RUNNING}) { + return _running_under($cpan_env ? 'CPAN' : 'CPANPLUS'); + } + + require CPAN; + + if ($CPAN::VERSION > '1.89') { + if ($cpan_env) { + return _running_under('CPAN'); + } + return; # CPAN.pm new enough, don't need to check further + } + + # last ditch attempt, this -will- configure CPAN, very sorry + + _load_cpan(1); # force initialize even though it's already loaded + + # Find the CPAN lock-file + my $lock = MM->catfile( $CPAN::Config->{cpan_home}, ".lock" ); + return unless -f $lock; + + # Check the lock + local *LOCK; + return unless open(LOCK, $lock); + + if ( + ( $^O eq 'MSWin32' ? _under_cpan() : == getppid() ) + and ( $CPAN::Config->{prerequisites_policy} || '' ) ne 'ignore' + ) { + print <<'END_MESSAGE'; + +*** Since we're running under CPAN, I'll just let it take care + of the dependency's installation later. +END_MESSAGE + return 1; + } + + close LOCK; + return; +} + +sub install { + my $class = shift; + + my $i; # used below to strip leading '-' from config keys + my @config = ( map { s/^-// if ++$i; $_ } @{ +shift } ); + + my ( @modules, @installed, @modules_to_upgrade ); + while (my ($pkg, $ver) = splice(@_, 0, 2)) { + + # grep out those already installed + if (_version_cmp(_version_of($pkg), $ver) >= 0) { + push @installed, $pkg; + if ($UpgradeDeps) { + push @modules_to_upgrade, $pkg, $ver; + } + } + else { + push @modules, $pkg, $ver; + } + } + + if ($UpgradeDeps) { + push @modules, @modules_to_upgrade; + @installed = (); + @modules_to_upgrade = (); + } + + return @installed unless @modules; # nothing to do + return @installed if _check_lock(); # defer to the CPAN shell + + print "*** Installing dependencies...\n"; + + return unless _connected_to('cpan.org'); + + my %args = @config; + my %failed; + local *FAILED; + if ( $args{do_once} and open( FAILED, '.#autoinstall.failed' ) ) { + while () { chomp; $failed{$_}++ } + close FAILED; + + my @newmod; + while ( my ( $k, $v ) = splice( @modules, 0, 2 ) ) { + push @newmod, ( $k => $v ) unless $failed{$k}; + } + @modules = @newmod; + } + + if ( _has_cpanplus() and not $ENV{PERL_AUTOINSTALL_PREFER_CPAN} ) { + _install_cpanplus( \@modules, \@config ); + } else { + _install_cpan( \@modules, \@config ); + } + + print "*** $class installation finished.\n"; + + # see if we have successfully installed them + while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { + if ( _version_cmp( _version_of($pkg), $ver ) >= 0 ) { + push @installed, $pkg; + } + elsif ( $args{do_once} and open( FAILED, '>> .#autoinstall.failed' ) ) { + print FAILED "$pkg\n"; + } + } + + close FAILED if $args{do_once}; + + return @installed; +} + +sub _install_cpanplus { + my @modules = @{ +shift }; + my @config = _cpanplus_config( @{ +shift } ); + my $installed = 0; + + require CPANPLUS::Backend; + my $cp = CPANPLUS::Backend->new; + my $conf = $cp->configure_object; + + return unless $conf->can('conf') # 0.05x+ with "sudo" support + or _can_write($conf->_get_build('base')); # 0.04x + + # if we're root, set UNINST=1 to avoid trouble unless user asked for it. + my $makeflags = $conf->get_conf('makeflags') || ''; + if ( UNIVERSAL::isa( $makeflags, 'HASH' ) ) { + # 0.03+ uses a hashref here + $makeflags->{UNINST} = 1 unless exists $makeflags->{UNINST}; + + } else { + # 0.02 and below uses a scalar + $makeflags = join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) + if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); + + } + $conf->set_conf( makeflags => $makeflags ); + $conf->set_conf( prereqs => 1 ); + + + + while ( my ( $key, $val ) = splice( @config, 0, 2 ) ) { + $conf->set_conf( $key, $val ); + } + + my $modtree = $cp->module_tree; + while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { + print "*** Installing $pkg...\n"; + + MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; + + my $success; + my $obj = $modtree->{$pkg}; + + if ( $obj and _version_cmp( $obj->{version}, $ver ) >= 0 ) { + my $pathname = $pkg; + $pathname =~ s/::/\\W/; + + foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { + delete $INC{$inc}; + } + + my $rv = $cp->install( modules => [ $obj->{module} ] ); + + if ( $rv and ( $rv->{ $obj->{module} } or $rv->{ok} ) ) { + print "*** $pkg successfully installed.\n"; + $success = 1; + } else { + print "*** $pkg installation cancelled.\n"; + $success = 0; + } + + $installed += $success; + } else { + print << "."; +*** Could not find a version $ver or above for $pkg; skipping. +. + } + + MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; + } + + return $installed; +} + +sub _cpanplus_config { + my @config = (); + while ( @_ ) { + my ($key, $value) = (shift(), shift()); + if ( $key eq 'prerequisites_policy' ) { + if ( $value eq 'follow' ) { + $value = CPANPLUS::Internals::Constants::PREREQ_INSTALL(); + } elsif ( $value eq 'ask' ) { + $value = CPANPLUS::Internals::Constants::PREREQ_ASK(); + } elsif ( $value eq 'ignore' ) { + $value = CPANPLUS::Internals::Constants::PREREQ_IGNORE(); + } else { + die "*** Cannot convert option $key = '$value' to CPANPLUS version.\n"; + } + push @config, 'prereqs', $value; + } elsif ( $key eq 'force' ) { + push @config, $key, $value; + } elsif ( $key eq 'notest' ) { + push @config, 'skiptest', $value; + } else { + die "*** Cannot convert option $key to CPANPLUS version.\n"; + } + } + return @config; +} + +sub _install_cpan { + my @modules = @{ +shift }; + my @config = @{ +shift }; + my $installed = 0; + my %args; + + _load_cpan(); + require Config; + + if (CPAN->VERSION < 1.80) { + # no "sudo" support, probe for writableness + return unless _can_write( MM->catfile( $CPAN::Config->{cpan_home}, 'sources' ) ) + and _can_write( $Config::Config{sitelib} ); + } + + # if we're root, set UNINST=1 to avoid trouble unless user asked for it. + my $makeflags = $CPAN::Config->{make_install_arg} || ''; + $CPAN::Config->{make_install_arg} = + join( ' ', split( ' ', $makeflags ), 'UNINST=1' ) + if ( $makeflags !~ /\bUNINST\b/ and eval qq{ $> eq '0' } ); + + # don't show start-up info + $CPAN::Config->{inhibit_startup_message} = 1; + + # set additional options + while ( my ( $opt, $arg ) = splice( @config, 0, 2 ) ) { + ( $args{$opt} = $arg, next ) + if $opt =~ /^(?:force|notest)$/; # pseudo-option + $CPAN::Config->{$opt} = $opt eq 'urllist' ? [$arg] : $arg; + } + + if ($args{notest} && (not CPAN::Shell->can('notest'))) { + die "Your version of CPAN is too old to support the 'notest' pragma"; + } + + local $CPAN::Config->{prerequisites_policy} = 'follow'; + + while ( my ( $pkg, $ver ) = splice( @modules, 0, 2 ) ) { + MY::preinstall( $pkg, $ver ) or next if defined &MY::preinstall; + + print "*** Installing $pkg...\n"; + + my $obj = CPAN::Shell->expand( Module => $pkg ); + my $success = 0; + + if ( $obj and _version_cmp( $obj->cpan_version, $ver ) >= 0 ) { + my $pathname = $pkg; + $pathname =~ s/::/\\W/; + + foreach my $inc ( grep { m/$pathname.pm/i } keys(%INC) ) { + delete $INC{$inc}; + } + + my $rv = do { + if ($args{force}) { + CPAN::Shell->force( install => $pkg ) + } elsif ($args{notest}) { + CPAN::Shell->notest( install => $pkg ) + } else { + CPAN::Shell->install($pkg) + } + }; + + $rv ||= eval { + $CPAN::META->instance( 'CPAN::Distribution', $obj->cpan_file, ) + ->{install} + if $CPAN::META; + }; + + if ( $rv eq 'YES' ) { + print "*** $pkg successfully installed.\n"; + $success = 1; + } + else { + print "*** $pkg installation failed.\n"; + $success = 0; + } + + $installed += $success; + } + else { + print << "."; +*** Could not find a version $ver or above for $pkg; skipping. +. + } + + MY::postinstall( $pkg, $ver, $success ) if defined &MY::postinstall; + } + + return $installed; +} + +sub _has_cpanplus { + return ( + $HasCPANPLUS = ( + $INC{'CPANPLUS/Config.pm'} + or _load('CPANPLUS::Shell::Default') + ) + ); +} + +# make guesses on whether we're under the CPAN installation directory +sub _under_cpan { + require Cwd; + require File::Spec; + + my $cwd = File::Spec->canonpath( Cwd::getcwd() ); + my $cpan = File::Spec->canonpath( $CPAN::Config->{cpan_home} ); + + return ( index( $cwd, $cpan ) > -1 ); +} + +sub _update_to { + my $class = __PACKAGE__; + my $ver = shift; + + return + if _version_cmp( _version_of($class), $ver ) >= 0; # no need to upgrade + + if ( + _prompt( "==> A newer version of $class ($ver) is required. Install?", + 'y' ) =~ /^[Nn]/ + ) + { + die "*** Please install $class $ver manually.\n"; + } + + print << "."; +*** Trying to fetch it from CPAN... +. + + # install ourselves + _load($class) and return $class->import(@_) + if $class->install( [], $class, $ver ); + + print << '.'; exit 1; + +*** Cannot bootstrap myself. :-( Installation terminated. +. +} + +# check if we're connected to some host, using inet_aton +sub _connected_to { + my $site = shift; + + return ( + ( _load('Socket') and Socket::inet_aton($site) ) or _prompt( + qq( +*** Your host cannot resolve the domain name '$site', which + probably means the Internet connections are unavailable. +==> Should we try to install the required module(s) anyway?), 'n' + ) =~ /^[Yy]/ + ); +} + +# check if a directory is writable; may create it on demand +sub _can_write { + my $path = shift; + mkdir( $path, 0755 ) unless -e $path; + + return 1 if -w $path; + + print << "."; +*** You are not allowed to write to the directory '$path'; + the installation may fail due to insufficient permissions. +. + + if ( + eval '$>' and lc(`sudo -V`) =~ /version/ and _prompt( + qq( +==> Should we try to re-execute the autoinstall process with 'sudo'?), + ((-t STDIN) ? 'y' : 'n') + ) =~ /^[Yy]/ + ) + { + + # try to bootstrap ourselves from sudo + print << "."; +*** Trying to re-execute the autoinstall process with 'sudo'... +. + my $missing = join( ',', @Missing ); + my $config = join( ',', + UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) + if $Config; + + return + unless system( 'sudo', $^X, $0, "--config=$config", + "--installdeps=$missing" ); + + print << "."; +*** The 'sudo' command exited with error! Resuming... +. + } + + return _prompt( + qq( +==> Should we try to install the required module(s) anyway?), 'n' + ) =~ /^[Yy]/; +} + +# load a module and return the version it reports +sub _load { + my $mod = pop; # method/function doesn't matter + my $file = $mod; + $file =~ s|::|/|g; + $file .= '.pm'; + local $@; + return eval { require $file; $mod->VERSION } || ( $@ ? undef: 0 ); +} + +# report version without loading a module +sub _version_of { + my $mod = pop; # method/function doesn't matter + my $file = $mod; + $file =~ s|::|/|g; + $file .= '.pm'; + foreach my $dir ( @INC ) { + next if ref $dir; + my $path = File::Spec->catfile($dir, $file); + next unless -e $path; + require ExtUtils::MM_Unix; + return ExtUtils::MM_Unix->parse_version($path); + } + return undef; +} + +# Load CPAN.pm and it's configuration +sub _load_cpan { + return if $CPAN::VERSION and $CPAN::Config and not @_; + require CPAN; + + # CPAN-1.82+ adds CPAN::Config::AUTOLOAD to redirect to + # CPAN::HandleConfig->load. CPAN reports that the redirection + # is deprecated in a warning printed at the user. + + # CPAN-1.81 expects CPAN::HandleConfig->load, does not have + # $CPAN::HandleConfig::VERSION but cannot handle + # CPAN::Config->load + + # Which "versions expect CPAN::Config->load? + + if ( $CPAN::HandleConfig::VERSION + || CPAN::HandleConfig->can('load') + ) { + # Newer versions of CPAN have a HandleConfig module + CPAN::HandleConfig->load; + } else { + # Older versions had the load method in Config directly + CPAN::Config->load; + } +} + +# compare two versions, either use Sort::Versions or plain comparison +# return values same as <=> +sub _version_cmp { + my ( $cur, $min ) = @_; + return -1 unless defined $cur; # if 0 keep comparing + return 1 unless $min; + + $cur =~ s/\s+$//; + + # check for version numbers that are not in decimal format + if ( ref($cur) or ref($min) or $cur =~ /v|\..*\./ or $min =~ /v|\..*\./ ) { + if ( ( $version::VERSION or defined( _load('version') )) and + version->can('new') + ) { + + # use version.pm if it is installed. + return version->new($cur) <=> version->new($min); + } + elsif ( $Sort::Versions::VERSION or defined( _load('Sort::Versions') ) ) + { + + # use Sort::Versions as the sorting algorithm for a.b.c versions + return Sort::Versions::versioncmp( $cur, $min ); + } + + warn "Cannot reliably compare non-decimal formatted versions.\n" + . "Please install version.pm or Sort::Versions.\n"; + } + + # plain comparison + local $^W = 0; # shuts off 'not numeric' bugs + return $cur <=> $min; +} + +# nothing; this usage is deprecated. +sub main::PREREQ_PM { return {}; } + +sub _make_args { + my %args = @_; + + $args{PREREQ_PM} = { %{ $args{PREREQ_PM} || {} }, @Existing, @Missing } + if $UnderCPAN or $TestOnly; + + if ( $args{EXE_FILES} and -e 'MANIFEST' ) { + require ExtUtils::Manifest; + my $manifest = ExtUtils::Manifest::maniread('MANIFEST'); + + $args{EXE_FILES} = + [ grep { exists $manifest->{$_} } @{ $args{EXE_FILES} } ]; + } + + $args{test}{TESTS} ||= 't/*.t'; + $args{test}{TESTS} = join( ' ', + grep { !exists( $DisabledTests{$_} ) } + map { glob($_) } split( /\s+/, $args{test}{TESTS} ) ); + + my $missing = join( ',', @Missing ); + my $config = + join( ',', UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config} ) + if $Config; + + $PostambleActions = ( + ($missing and not $UnderCPAN) + ? "\$(PERL) $0 --config=$config --installdeps=$missing" + : "\$(NOECHO) \$(NOOP)" + ); + + my $deps_list = join( ',', @Missing, @Existing ); + + $PostambleActionsUpgradeDeps = + "\$(PERL) $0 --config=$config --upgradedeps=$deps_list"; + + my $config_notest = + join( ',', (UNIVERSAL::isa( $Config, 'HASH' ) ? %{$Config} : @{$Config}), + 'notest', 1 ) + if $Config; + + $PostambleActionsNoTest = ( + ($missing and not $UnderCPAN) + ? "\$(PERL) $0 --config=$config_notest --installdeps=$missing" + : "\$(NOECHO) \$(NOOP)" + ); + + $PostambleActionsUpgradeDepsNoTest = + "\$(PERL) $0 --config=$config_notest --upgradedeps=$deps_list"; + + $PostambleActionsListDeps = + '@$(PERL) -le "print for @ARGV" ' + . join(' ', map $Missing[$_], grep $_ % 2 == 0, 0..$#Missing); + + my @all = (@Missing, @Existing); + + $PostambleActionsListAllDeps = + '@$(PERL) -le "print for @ARGV" ' + . join(' ', map $all[$_], grep $_ % 2 == 0, 0..$#all); + + return %args; +} + +# a wrapper to ExtUtils::MakeMaker::WriteMakefile +sub Write { + require Carp; + Carp::croak "WriteMakefile: Need even number of args" if @_ % 2; + + if ($CheckOnly) { + print << "."; +*** Makefile not written in check-only mode. +. + return; + } + + my %args = _make_args(@_); + + no strict 'refs'; + + $PostambleUsed = 0; + local *MY::postamble = \&postamble unless defined &MY::postamble; + ExtUtils::MakeMaker::WriteMakefile(%args); + + print << "." unless $PostambleUsed; +*** WARNING: Makefile written with customized MY::postamble() without + including contents from Module::AutoInstall::postamble() -- + auto installation features disabled. Please contact the author. +. + + return 1; +} + +sub postamble { + $PostambleUsed = 1; + my $fragment; + + $fragment .= <<"AUTO_INSTALL" if !$InstallDepsTarget; + +config :: installdeps +\t\$(NOECHO) \$(NOOP) +AUTO_INSTALL + + $fragment .= <<"END_MAKE"; + +checkdeps :: +\t\$(PERL) $0 --checkdeps + +installdeps :: +\t$PostambleActions + +installdeps_notest :: +\t$PostambleActionsNoTest + +upgradedeps :: +\t$PostambleActionsUpgradeDeps + +upgradedeps_notest :: +\t$PostambleActionsUpgradeDepsNoTest + +listdeps :: +\t$PostambleActionsListDeps + +listalldeps :: +\t$PostambleActionsListAllDeps + +END_MAKE + + return $fragment; +} + +1; + +__END__ + +#line 1197 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/AutoInstall.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/AutoInstall.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/AutoInstall.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/AutoInstall.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,93 @@ +#line 1 +package Module::Install::AutoInstall; + +use strict; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub AutoInstall { $_[0] } + +sub run { + my $self = shift; + $self->auto_install_now(@_); +} + +sub write { + my $self = shift; + $self->auto_install(@_); +} + +sub auto_install { + my $self = shift; + return if $self->{done}++; + + # Flatten array of arrays into a single array + my @core = map @$_, map @$_, grep ref, + $self->build_requires, $self->requires; + + my @config = @_; + + # We'll need Module::AutoInstall + $self->include('Module::AutoInstall'); + require Module::AutoInstall; + + my @features_require = Module::AutoInstall->import( + (@config ? (-config => \@config) : ()), + (@core ? (-core => \@core) : ()), + $self->features, + ); + + my %seen; + my @requires = map @$_, map @$_, grep ref, $self->requires; + while (my ($mod, $ver) = splice(@requires, 0, 2)) { + $seen{$mod}{$ver}++; + } + my @build_requires = map @$_, map @$_, grep ref, $self->build_requires; + while (my ($mod, $ver) = splice(@build_requires, 0, 2)) { + $seen{$mod}{$ver}++; + } + my @configure_requires = map @$_, map @$_, grep ref, $self->configure_requires; + while (my ($mod, $ver) = splice(@configure_requires, 0, 2)) { + $seen{$mod}{$ver}++; + } + + my @deduped; + while (my ($mod, $ver) = splice(@features_require, 0, 2)) { + push @deduped, $mod => $ver unless $seen{$mod}{$ver}++; + } + + $self->requires(@deduped); + + $self->makemaker_args( Module::AutoInstall::_make_args() ); + + my $class = ref($self); + $self->postamble( + "# --- $class section:\n" . + Module::AutoInstall::postamble() + ); +} + +sub installdeps_target { + my ($self, @args) = @_; + + $self->include('Module::AutoInstall'); + require Module::AutoInstall; + + Module::AutoInstall::_installdeps_target(1); + + $self->auto_install(@args); +} + +sub auto_install_now { + my $self = shift; + $self->auto_install(@_); + Module::AutoInstall::do_install(); +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Base.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Base.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Base.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Base.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,83 @@ +#line 1 +package Module::Install::Base; + +use strict 'vars'; +use vars qw{$VERSION}; +BEGIN { + $VERSION = '1.19'; +} + +# Suspend handler for "redefined" warnings +BEGIN { + my $w = $SIG{__WARN__}; + $SIG{__WARN__} = sub { $w }; +} + +#line 42 + +sub new { + my $class = shift; + unless ( defined &{"${class}::call"} ) { + *{"${class}::call"} = sub { shift->_top->call(@_) }; + } + unless ( defined &{"${class}::load"} ) { + *{"${class}::load"} = sub { shift->_top->load(@_) }; + } + bless { @_ }, $class; +} + +#line 61 + +sub AUTOLOAD { + local $@; + my $func = eval { shift->_top->autoload } or return; + goto &$func; +} + +#line 75 + +sub _top { + $_[0]->{_top}; +} + +#line 90 + +sub admin { + $_[0]->_top->{admin} + or + Module::Install::Base::FakeAdmin->new; +} + +#line 106 + +sub is_admin { + ! $_[0]->admin->isa('Module::Install::Base::FakeAdmin'); +} + +sub DESTROY {} + +package Module::Install::Base::FakeAdmin; + +use vars qw{$VERSION}; +BEGIN { + $VERSION = $Module::Install::Base::VERSION; +} + +my $fake; + +sub new { + $fake ||= bless(\@_, $_[0]); +} + +sub AUTOLOAD {} + +sub DESTROY {} + +# Restore warning handler +BEGIN { + $SIG{__WARN__} = $SIG{__WARN__}->(); +} + +1; + +#line 159 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Include.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Include.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Include.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Include.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,34 @@ +#line 1 +package Module::Install::Include; + +use strict; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub include { + shift()->admin->include(@_); +} + +sub include_deps { + shift()->admin->include_deps(@_); +} + +sub auto_include { + shift()->admin->auto_include(@_); +} + +sub auto_include_deps { + shift()->admin->auto_include_deps(@_); +} + +sub auto_include_dependent_dists { + shift()->admin->auto_include_dependent_dists(@_); +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Makefile.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Makefile.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Makefile.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Makefile.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,418 @@ +#line 1 +package Module::Install::Makefile; + +use strict 'vars'; +use ExtUtils::MakeMaker (); +use Module::Install::Base (); +use Fcntl qw/:flock :seek/; + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub Makefile { $_[0] } + +my %seen = (); + +sub prompt { + shift; + + # Infinite loop protection + my @c = caller(); + if ( ++$seen{"$c[1]|$c[2]|$_[0]"} > 3 ) { + die "Caught an potential prompt infinite loop ($c[1]|$c[2]|$_[0])"; + } + + # In automated testing or non-interactive session, always use defaults + if ( ($ENV{AUTOMATED_TESTING} or -! -t STDIN) and ! $ENV{PERL_MM_USE_DEFAULT} ) { + local $ENV{PERL_MM_USE_DEFAULT} = 1; + goto &ExtUtils::MakeMaker::prompt; + } else { + goto &ExtUtils::MakeMaker::prompt; + } +} + +# Store a cleaned up version of the MakeMaker version, +# since we need to behave differently in a variety of +# ways based on the MM version. +my $makemaker = eval $ExtUtils::MakeMaker::VERSION; + +# If we are passed a param, do a "newer than" comparison. +# Otherwise, just return the MakeMaker version. +sub makemaker { + ( @_ < 2 or $makemaker >= eval($_[1]) ) ? $makemaker : 0 +} + +# Ripped from ExtUtils::MakeMaker 6.56, and slightly modified +# as we only need to know here whether the attribute is an array +# or a hash or something else (which may or may not be appendable). +my %makemaker_argtype = ( + C => 'ARRAY', + CONFIG => 'ARRAY', +# CONFIGURE => 'CODE', # ignore + DIR => 'ARRAY', + DL_FUNCS => 'HASH', + DL_VARS => 'ARRAY', + EXCLUDE_EXT => 'ARRAY', + EXE_FILES => 'ARRAY', + FUNCLIST => 'ARRAY', + H => 'ARRAY', + IMPORTS => 'HASH', + INCLUDE_EXT => 'ARRAY', + LIBS => 'ARRAY', # ignore '' + MAN1PODS => 'HASH', + MAN3PODS => 'HASH', + META_ADD => 'HASH', + META_MERGE => 'HASH', + PL_FILES => 'HASH', + PM => 'HASH', + PMLIBDIRS => 'ARRAY', + PMLIBPARENTDIRS => 'ARRAY', + PREREQ_PM => 'HASH', + CONFIGURE_REQUIRES => 'HASH', + SKIP => 'ARRAY', + TYPEMAPS => 'ARRAY', + XS => 'HASH', +# VERSION => ['version',''], # ignore +# _KEEP_AFTER_FLUSH => '', + + clean => 'HASH', + depend => 'HASH', + dist => 'HASH', + dynamic_lib=> 'HASH', + linkext => 'HASH', + macro => 'HASH', + postamble => 'HASH', + realclean => 'HASH', + test => 'HASH', + tool_autosplit => 'HASH', + + # special cases where you can use makemaker_append + CCFLAGS => 'APPENDABLE', + DEFINE => 'APPENDABLE', + INC => 'APPENDABLE', + LDDLFLAGS => 'APPENDABLE', + LDFROM => 'APPENDABLE', +); + +sub makemaker_args { + my ($self, %new_args) = @_; + my $args = ( $self->{makemaker_args} ||= {} ); + foreach my $key (keys %new_args) { + if ($makemaker_argtype{$key}) { + if ($makemaker_argtype{$key} eq 'ARRAY') { + $args->{$key} = [] unless defined $args->{$key}; + unless (ref $args->{$key} eq 'ARRAY') { + $args->{$key} = [$args->{$key}] + } + push @{$args->{$key}}, + ref $new_args{$key} eq 'ARRAY' + ? @{$new_args{$key}} + : $new_args{$key}; + } + elsif ($makemaker_argtype{$key} eq 'HASH') { + $args->{$key} = {} unless defined $args->{$key}; + foreach my $skey (keys %{ $new_args{$key} }) { + $args->{$key}{$skey} = $new_args{$key}{$skey}; + } + } + elsif ($makemaker_argtype{$key} eq 'APPENDABLE') { + $self->makemaker_append($key => $new_args{$key}); + } + } + else { + if (defined $args->{$key}) { + warn qq{MakeMaker attribute "$key" is overriden; use "makemaker_append" to append values\n}; + } + $args->{$key} = $new_args{$key}; + } + } + return $args; +} + +# For mm args that take multiple space-separated args, +# append an argument to the current list. +sub makemaker_append { + my $self = shift; + my $name = shift; + my $args = $self->makemaker_args; + $args->{$name} = defined $args->{$name} + ? join( ' ', $args->{$name}, @_ ) + : join( ' ', @_ ); +} + +sub build_subdirs { + my $self = shift; + my $subdirs = $self->makemaker_args->{DIR} ||= []; + for my $subdir (@_) { + push @$subdirs, $subdir; + } +} + +sub clean_files { + my $self = shift; + my $clean = $self->makemaker_args->{clean} ||= {}; + %$clean = ( + %$clean, + FILES => join ' ', grep { length $_ } ($clean->{FILES} || (), @_), + ); +} + +sub realclean_files { + my $self = shift; + my $realclean = $self->makemaker_args->{realclean} ||= {}; + %$realclean = ( + %$realclean, + FILES => join ' ', grep { length $_ } ($realclean->{FILES} || (), @_), + ); +} + +sub libs { + my $self = shift; + my $libs = ref $_[0] ? shift : [ shift ]; + $self->makemaker_args( LIBS => $libs ); +} + +sub inc { + my $self = shift; + $self->makemaker_args( INC => shift ); +} + +sub _wanted_t { +} + +sub tests_recursive { + my $self = shift; + my $dir = shift || 't'; + unless ( -d $dir ) { + die "tests_recursive dir '$dir' does not exist"; + } + my %tests = map { $_ => 1 } split / /, ($self->tests || ''); + require File::Find; + File::Find::find( + sub { /\.t$/ and -f $_ and $tests{"$File::Find::dir/*.t"} = 1 }, + $dir + ); + $self->tests( join ' ', sort keys %tests ); +} + +sub write { + my $self = shift; + die "&Makefile->write() takes no arguments\n" if @_; + + # Check the current Perl version + my $perl_version = $self->perl_version; + if ( $perl_version ) { + eval "use $perl_version; 1" + or die "ERROR: perl: Version $] is installed, " + . "but we need version >= $perl_version"; + } + + # Make sure we have a new enough MakeMaker + require ExtUtils::MakeMaker; + + if ( $perl_version and $self->_cmp($perl_version, '5.006') >= 0 ) { + # This previous attempted to inherit the version of + # ExtUtils::MakeMaker in use by the module author, but this + # was found to be untenable as some authors build releases + # using future dev versions of EU:MM that nobody else has. + # Instead, #toolchain suggests we use 6.59 which is the most + # stable version on CPAN at time of writing and is, to quote + # ribasushi, "not terminally fucked, > and tested enough". + # TODO: We will now need to maintain this over time to push + # the version up as new versions are released. + $self->build_requires( 'ExtUtils::MakeMaker' => 6.59 ); + $self->configure_requires( 'ExtUtils::MakeMaker' => 6.59 ); + } else { + # Allow legacy-compatibility with 5.005 by depending on the + # most recent EU:MM that supported 5.005. + $self->build_requires( 'ExtUtils::MakeMaker' => 6.36 ); + $self->configure_requires( 'ExtUtils::MakeMaker' => 6.36 ); + } + + # Generate the MakeMaker params + my $args = $self->makemaker_args; + $args->{DISTNAME} = $self->name; + $args->{NAME} = $self->module_name || $self->name; + $args->{NAME} =~ s/-/::/g; + $args->{VERSION} = $self->version or die <<'EOT'; +ERROR: Can't determine distribution version. Please specify it +explicitly via 'version' in Makefile.PL, or set a valid $VERSION +in a module, and provide its file path via 'version_from' (or +'all_from' if you prefer) in Makefile.PL. +EOT + + if ( $self->tests ) { + my @tests = split ' ', $self->tests; + my %seen; + $args->{test} = { + TESTS => (join ' ', grep {!$seen{$_}++} @tests), + }; + } elsif ( $Module::Install::ExtraTests::use_extratests ) { + # Module::Install::ExtraTests doesn't set $self->tests and does its own tests via harness. + # So, just ignore our xt tests here. + } elsif ( -d 'xt' and ($Module::Install::AUTHOR or $ENV{RELEASE_TESTING}) ) { + $args->{test} = { + TESTS => join( ' ', map { "$_/*.t" } grep { -d $_ } qw{ t xt } ), + }; + } + if ( $] >= 5.005 ) { + $args->{ABSTRACT} = $self->abstract; + $args->{AUTHOR} = join ', ', @{$self->author || []}; + } + if ( $self->makemaker(6.10) ) { + $args->{NO_META} = 1; + #$args->{NO_MYMETA} = 1; + } + if ( $self->makemaker(6.17) and $self->sign ) { + $args->{SIGN} = 1; + } + unless ( $self->is_admin ) { + delete $args->{SIGN}; + } + if ( $self->makemaker(6.31) and $self->license ) { + $args->{LICENSE} = $self->license; + } + + my $prereq = ($args->{PREREQ_PM} ||= {}); + %$prereq = ( %$prereq, + map { @$_ } # flatten [module => version] + map { @$_ } + grep $_, + ($self->requires) + ); + + # Remove any reference to perl, PREREQ_PM doesn't support it + delete $args->{PREREQ_PM}->{perl}; + + # Merge both kinds of requires into BUILD_REQUIRES + my $build_prereq = ($args->{BUILD_REQUIRES} ||= {}); + %$build_prereq = ( %$build_prereq, + map { @$_ } # flatten [module => version] + map { @$_ } + grep $_, + ($self->configure_requires, $self->build_requires) + ); + + # Remove any reference to perl, BUILD_REQUIRES doesn't support it + delete $args->{BUILD_REQUIRES}->{perl}; + + # Delete bundled dists from prereq_pm, add it to Makefile DIR + my $subdirs = ($args->{DIR} || []); + if ($self->bundles) { + my %processed; + foreach my $bundle (@{ $self->bundles }) { + my ($mod_name, $dist_dir) = @$bundle; + delete $prereq->{$mod_name}; + $dist_dir = File::Basename::basename($dist_dir); # dir for building this module + if (not exists $processed{$dist_dir}) { + if (-d $dist_dir) { + # List as sub-directory to be processed by make + push @$subdirs, $dist_dir; + } + # Else do nothing: the module is already present on the system + $processed{$dist_dir} = undef; + } + } + } + + unless ( $self->makemaker('6.55_03') ) { + %$prereq = (%$prereq,%$build_prereq); + delete $args->{BUILD_REQUIRES}; + } + + if ( my $perl_version = $self->perl_version ) { + eval "use $perl_version; 1" + or die "ERROR: perl: Version $] is installed, " + . "but we need version >= $perl_version"; + + if ( $self->makemaker(6.48) ) { + $args->{MIN_PERL_VERSION} = $perl_version; + } + } + + if ($self->installdirs) { + warn qq{old INSTALLDIRS (probably set by makemaker_args) is overriden by installdirs\n} if $args->{INSTALLDIRS}; + $args->{INSTALLDIRS} = $self->installdirs; + } + + my %args = map { + ( $_ => $args->{$_} ) } grep {defined($args->{$_} ) + } keys %$args; + + my $user_preop = delete $args{dist}->{PREOP}; + if ( my $preop = $self->admin->preop($user_preop) ) { + foreach my $key ( keys %$preop ) { + $args{dist}->{$key} = $preop->{$key}; + } + } + + my $mm = ExtUtils::MakeMaker::WriteMakefile(%args); + $self->fix_up_makefile($mm->{FIRST_MAKEFILE} || 'Makefile'); +} + +sub fix_up_makefile { + my $self = shift; + my $makefile_name = shift; + my $top_class = ref($self->_top) || ''; + my $top_version = $self->_top->VERSION || ''; + + my $preamble = $self->preamble + ? "# Preamble by $top_class $top_version\n" + . $self->preamble + : ''; + my $postamble = "# Postamble by $top_class $top_version\n" + . ($self->postamble || ''); + + local *MAKEFILE; + open MAKEFILE, "+< $makefile_name" or die "fix_up_makefile: Couldn't open $makefile_name: $!"; + eval { flock MAKEFILE, LOCK_EX }; + my $makefile = do { local $/; }; + + $makefile =~ s/\b(test_harness\(\$\(TEST_VERBOSE\), )/$1'inc', /; + $makefile =~ s/( -I\$\(INST_ARCHLIB\))/ -Iinc$1/g; + $makefile =~ s/( "-I\$\(INST_LIB\)")/ "-Iinc"$1/g; + $makefile =~ s/^(FULLPERL = .*)/$1 "-Iinc"/m; + $makefile =~ s/^(PERL = .*)/$1 "-Iinc"/m; + + # Module::Install will never be used to build the Core Perl + # Sometimes PERL_LIB and PERL_ARCHLIB get written anyway, which breaks + # PREFIX/PERL5LIB, and thus, install_share. Blank them if they exist + $makefile =~ s/^PERL_LIB = .+/PERL_LIB =/m; + #$makefile =~ s/^PERL_ARCHLIB = .+/PERL_ARCHLIB =/m; + + # Perl 5.005 mentions PERL_LIB explicitly, so we have to remove that as well. + $makefile =~ s/(\"?)-I\$\(PERL_LIB\)\1//g; + + # XXX - This is currently unused; not sure if it breaks other MM-users + # $makefile =~ s/^pm_to_blib\s+:\s+/pm_to_blib :: /mg; + + seek MAKEFILE, 0, SEEK_SET; + truncate MAKEFILE, 0; + print MAKEFILE "$preamble$makefile$postamble" or die $!; + close MAKEFILE or die $!; + + 1; +} + +sub preamble { + my ($self, $text) = @_; + $self->{preamble} = $text . $self->{preamble} if defined $text; + $self->{preamble}; +} + +sub postamble { + my ($self, $text) = @_; + $self->{postamble} ||= $self->admin->postamble; + $self->{postamble} .= $text if defined $text; + $self->{postamble} +} + +1; + +__END__ + +#line 544 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/MakeMaker.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/MakeMaker.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/MakeMaker.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/MakeMaker.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,56 @@ +#line 1 +package Module::Install::MakeMaker; + +use strict; +use ExtUtils::MakeMaker (); +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +my $makefile = undef; + +sub WriteMakefile { + my ($self, %args) = @_; + $makefile = $self->load('Makefile'); + + # mapping between MakeMaker and META.yml keys + $args{MODULE_NAME} = $args{NAME}; + unless ( $args{NAME} = $args{DISTNAME} or ! $args{MODULE_NAME} ) { + $args{NAME} = $args{MODULE_NAME}; + $args{NAME} =~ s/::/-/g; + } + + foreach my $key ( qw{name module_name version version_from abstract author installdirs} ) { + my $value = delete($args{uc($key)}) or next; + $self->$key($value); + } + + if (my $prereq = delete($args{PREREQ_PM})) { + while (my($k,$v) = each %$prereq) { + $self->requires($k,$v); + } + } + + if (my $prereq = delete($args{BUILD_REQUIRES})) { + while (my($k,$v) = each %$prereq) { + $self->build_requires($k,$v); + } + } + + # put the remaining args to makemaker_args + $self->makemaker_args(%args); +} + +END { + if ( $makefile ) { + $makefile->write; + $makefile->Meta->write; + } +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Metadata.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Metadata.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Metadata.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Metadata.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,722 @@ +#line 1 +package Module::Install::Metadata; + +use strict 'vars'; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +my @boolean_keys = qw{ + sign +}; + +my @scalar_keys = qw{ + name + module_name + abstract + version + distribution_type + tests + installdirs +}; + +my @tuple_keys = qw{ + configure_requires + build_requires + requires + recommends + bundles + resources +}; + +my @resource_keys = qw{ + homepage + bugtracker + repository +}; + +my @array_keys = qw{ + keywords + author +}; + +*authors = \&author; + +sub Meta { shift } +sub Meta_BooleanKeys { @boolean_keys } +sub Meta_ScalarKeys { @scalar_keys } +sub Meta_TupleKeys { @tuple_keys } +sub Meta_ResourceKeys { @resource_keys } +sub Meta_ArrayKeys { @array_keys } + +foreach my $key ( @boolean_keys ) { + *$key = sub { + my $self = shift; + if ( defined wantarray and not @_ ) { + return $self->{values}->{$key}; + } + $self->{values}->{$key} = ( @_ ? $_[0] : 1 ); + return $self; + }; +} + +foreach my $key ( @scalar_keys ) { + *$key = sub { + my $self = shift; + return $self->{values}->{$key} if defined wantarray and !@_; + $self->{values}->{$key} = shift; + return $self; + }; +} + +foreach my $key ( @array_keys ) { + *$key = sub { + my $self = shift; + return $self->{values}->{$key} if defined wantarray and !@_; + $self->{values}->{$key} ||= []; + push @{$self->{values}->{$key}}, @_; + return $self; + }; +} + +foreach my $key ( @resource_keys ) { + *$key = sub { + my $self = shift; + unless ( @_ ) { + return () unless $self->{values}->{resources}; + return map { $_->[1] } + grep { $_->[0] eq $key } + @{ $self->{values}->{resources} }; + } + return $self->{values}->{resources}->{$key} unless @_; + my $uri = shift or die( + "Did not provide a value to $key()" + ); + $self->resources( $key => $uri ); + return 1; + }; +} + +foreach my $key ( grep { $_ ne "resources" } @tuple_keys) { + *$key = sub { + my $self = shift; + return $self->{values}->{$key} unless @_; + my @added; + while ( @_ ) { + my $module = shift or last; + my $version = shift || 0; + push @added, [ $module, $version ]; + } + push @{ $self->{values}->{$key} }, @added; + return map {@$_} @added; + }; +} + +# Resource handling +my %lc_resource = map { $_ => 1 } qw{ + homepage + license + bugtracker + repository +}; + +sub resources { + my $self = shift; + while ( @_ ) { + my $name = shift or last; + my $value = shift or next; + if ( $name eq lc $name and ! $lc_resource{$name} ) { + die("Unsupported reserved lowercase resource '$name'"); + } + $self->{values}->{resources} ||= []; + push @{ $self->{values}->{resources} }, [ $name, $value ]; + } + $self->{values}->{resources}; +} + +# Aliases for build_requires that will have alternative +# meanings in some future version of META.yml. +sub test_requires { shift->build_requires(@_) } +sub install_requires { shift->build_requires(@_) } + +# Aliases for installdirs options +sub install_as_core { $_[0]->installdirs('perl') } +sub install_as_cpan { $_[0]->installdirs('site') } +sub install_as_site { $_[0]->installdirs('site') } +sub install_as_vendor { $_[0]->installdirs('vendor') } + +sub dynamic_config { + my $self = shift; + my $value = @_ ? shift : 1; + if ( $self->{values}->{dynamic_config} ) { + # Once dynamic we never change to static, for safety + return 0; + } + $self->{values}->{dynamic_config} = $value ? 1 : 0; + return 1; +} + +# Convenience command +sub static_config { + shift->dynamic_config(0); +} + +sub perl_version { + my $self = shift; + return $self->{values}->{perl_version} unless @_; + my $version = shift or die( + "Did not provide a value to perl_version()" + ); + + # Normalize the version + $version = $self->_perl_version($version); + + # We don't support the really old versions + unless ( $version >= 5.005 ) { + die "Module::Install only supports 5.005 or newer (use ExtUtils::MakeMaker)\n"; + } + + $self->{values}->{perl_version} = $version; +} + +sub all_from { + my ( $self, $file ) = @_; + + unless ( defined($file) ) { + my $name = $self->name or die( + "all_from called with no args without setting name() first" + ); + $file = join('/', 'lib', split(/-/, $name)) . '.pm'; + $file =~ s{.*/}{} unless -e $file; + unless ( -e $file ) { + die("all_from cannot find $file from $name"); + } + } + unless ( -f $file ) { + die("The path '$file' does not exist, or is not a file"); + } + + $self->{values}{all_from} = $file; + + # Some methods pull from POD instead of code. + # If there is a matching .pod, use that instead + my $pod = $file; + $pod =~ s/\.pm$/.pod/i; + $pod = $file unless -e $pod; + + # Pull the different values + $self->name_from($file) unless $self->name; + $self->version_from($file) unless $self->version; + $self->perl_version_from($file) unless $self->perl_version; + $self->author_from($pod) unless @{$self->author || []}; + $self->license_from($pod) unless $self->license; + $self->abstract_from($pod) unless $self->abstract; + + return 1; +} + +sub provides { + my $self = shift; + my $provides = ( $self->{values}->{provides} ||= {} ); + %$provides = (%$provides, @_) if @_; + return $provides; +} + +sub auto_provides { + my $self = shift; + return $self unless $self->is_admin; + unless (-e 'MANIFEST') { + warn "Cannot deduce auto_provides without a MANIFEST, skipping\n"; + return $self; + } + # Avoid spurious warnings as we are not checking manifest here. + local $SIG{__WARN__} = sub {1}; + require ExtUtils::Manifest; + local *ExtUtils::Manifest::manicheck = sub { return }; + + require Module::Build; + my $build = Module::Build->new( + dist_name => $self->name, + dist_version => $self->version, + license => $self->license, + ); + $self->provides( %{ $build->find_dist_packages || {} } ); +} + +sub feature { + my $self = shift; + my $name = shift; + my $features = ( $self->{values}->{features} ||= [] ); + my $mods; + + if ( @_ == 1 and ref( $_[0] ) ) { + # The user used ->feature like ->features by passing in the second + # argument as a reference. Accomodate for that. + $mods = $_[0]; + } else { + $mods = \@_; + } + + my $count = 0; + push @$features, ( + $name => [ + map { + ref($_) ? ( ref($_) eq 'HASH' ) ? %$_ : @$_ : $_ + } @$mods + ] + ); + + return @$features; +} + +sub features { + my $self = shift; + while ( my ( $name, $mods ) = splice( @_, 0, 2 ) ) { + $self->feature( $name, @$mods ); + } + return $self->{values}->{features} + ? @{ $self->{values}->{features} } + : (); +} + +sub no_index { + my $self = shift; + my $type = shift; + push @{ $self->{values}->{no_index}->{$type} }, @_ if $type; + return $self->{values}->{no_index}; +} + +sub read { + my $self = shift; + $self->include_deps( 'YAML::Tiny', 0 ); + + require YAML::Tiny; + my $data = YAML::Tiny::LoadFile('META.yml'); + + # Call methods explicitly in case user has already set some values. + while ( my ( $key, $value ) = each %$data ) { + next unless $self->can($key); + if ( ref $value eq 'HASH' ) { + while ( my ( $module, $version ) = each %$value ) { + $self->can($key)->($self, $module => $version ); + } + } else { + $self->can($key)->($self, $value); + } + } + return $self; +} + +sub write { + my $self = shift; + return $self unless $self->is_admin; + $self->admin->write_meta; + return $self; +} + +sub version_from { + require ExtUtils::MM_Unix; + my ( $self, $file ) = @_; + $self->version( ExtUtils::MM_Unix->parse_version($file) ); + + # for version integrity check + $self->makemaker_args( VERSION_FROM => $file ); +} + +sub abstract_from { + require ExtUtils::MM_Unix; + my ( $self, $file ) = @_; + $self->abstract( + bless( + { DISTNAME => $self->name }, + 'ExtUtils::MM_Unix' + )->parse_abstract($file) + ); +} + +# Add both distribution and module name +sub name_from { + my ($self, $file) = @_; + if ( + Module::Install::_read($file) =~ m/ + ^ \s* + package \s* + ([\w:]+) + [\s|;]* + /ixms + ) { + my ($name, $module_name) = ($1, $1); + $name =~ s{::}{-}g; + $self->name($name); + unless ( $self->module_name ) { + $self->module_name($module_name); + } + } else { + die("Cannot determine name from $file\n"); + } +} + +sub _extract_perl_version { + if ( + $_[0] =~ m/ + ^\s* + (?:use|require) \s* + v? + ([\d_\.]+) + \s* ; + /ixms + ) { + my $perl_version = $1; + $perl_version =~ s{_}{}g; + return $perl_version; + } else { + return; + } +} + +sub perl_version_from { + my $self = shift; + my $perl_version=_extract_perl_version(Module::Install::_read($_[0])); + if ($perl_version) { + $self->perl_version($perl_version); + } else { + warn "Cannot determine perl version info from $_[0]\n"; + return; + } +} + +sub author_from { + my $self = shift; + my $content = Module::Install::_read($_[0]); + if ($content =~ m/ + =head \d \s+ (?:authors?)\b \s* + ([^\n]*) + | + =head \d \s+ (?:licen[cs]e|licensing|copyright|legal)\b \s* + .*? copyright .*? \d\d\d[\d.]+ \s* (?:\bby\b)? \s* + ([^\n]*) + /ixms) { + my $author = $1 || $2; + + # XXX: ugly but should work anyway... + if (eval "require Pod::Escapes; 1") { + # Pod::Escapes has a mapping table. + # It's in core of perl >= 5.9.3, and should be installed + # as one of the Pod::Simple's prereqs, which is a prereq + # of Pod::Text 3.x (see also below). + $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } + { + defined $2 + ? chr($2) + : defined $Pod::Escapes::Name2character_number{$1} + ? chr($Pod::Escapes::Name2character_number{$1}) + : do { + warn "Unknown escape: E<$1>"; + "E<$1>"; + }; + }gex; + } + elsif (eval "require Pod::Text; 1" && $Pod::Text::VERSION < 3) { + # Pod::Text < 3.0 has yet another mapping table, + # though the table name of 2.x and 1.x are different. + # (1.x is in core of Perl < 5.6, 2.x is in core of + # Perl < 5.9.3) + my $mapping = ($Pod::Text::VERSION < 2) + ? \%Pod::Text::HTML_Escapes + : \%Pod::Text::ESCAPES; + $author =~ s{ E<( (\d+) | ([A-Za-z]+) )> } + { + defined $2 + ? chr($2) + : defined $mapping->{$1} + ? $mapping->{$1} + : do { + warn "Unknown escape: E<$1>"; + "E<$1>"; + }; + }gex; + } + else { + $author =~ s{E}{<}g; + $author =~ s{E}{>}g; + } + $self->author($author); + } else { + warn "Cannot determine author info from $_[0]\n"; + } +} + +#Stolen from M::B +my %license_urls = ( + perl => 'http://dev.perl.org/licenses/', + apache => 'http://apache.org/licenses/LICENSE-2.0', + apache_1_1 => 'http://apache.org/licenses/LICENSE-1.1', + artistic => 'http://opensource.org/licenses/artistic-license.php', + artistic_2 => 'http://opensource.org/licenses/artistic-license-2.0.php', + lgpl => 'http://opensource.org/licenses/lgpl-license.php', + lgpl2 => 'http://opensource.org/licenses/lgpl-2.1.php', + lgpl3 => 'http://opensource.org/licenses/lgpl-3.0.html', + bsd => 'http://opensource.org/licenses/bsd-license.php', + gpl => 'http://opensource.org/licenses/gpl-license.php', + gpl2 => 'http://opensource.org/licenses/gpl-2.0.php', + gpl3 => 'http://opensource.org/licenses/gpl-3.0.html', + mit => 'http://opensource.org/licenses/mit-license.php', + mozilla => 'http://opensource.org/licenses/mozilla1.1.php', + open_source => undef, + unrestricted => undef, + restrictive => undef, + unknown => undef, +); + +sub license { + my $self = shift; + return $self->{values}->{license} unless @_; + my $license = shift or die( + 'Did not provide a value to license()' + ); + $license = __extract_license($license) || lc $license; + $self->{values}->{license} = $license; + + # Automatically fill in license URLs + if ( $license_urls{$license} ) { + $self->resources( license => $license_urls{$license} ); + } + + return 1; +} + +sub _extract_license { + my $pod = shift; + my $matched; + return __extract_license( + ($matched) = $pod =~ m/ + (=head \d \s+ L(?i:ICEN[CS]E|ICENSING)\b.*?) + (=head \d.*|=cut.*|)\z + /xms + ) || __extract_license( + ($matched) = $pod =~ m/ + (=head \d \s+ (?:C(?i:OPYRIGHTS?)|L(?i:EGAL))\b.*?) + (=head \d.*|=cut.*|)\z + /xms + ); +} + +sub __extract_license { + my $license_text = shift or return; + my @phrases = ( + '(?:under )?the same (?:terms|license) as (?:perl|the perl (?:\d )?programming language)' => 'perl', 1, + '(?:under )?the terms of (?:perl|the perl programming language) itself' => 'perl', 1, + 'Artistic and GPL' => 'perl', 1, + 'GNU general public license' => 'gpl', 1, + 'GNU public license' => 'gpl', 1, + 'GNU lesser general public license' => 'lgpl', 1, + 'GNU lesser public license' => 'lgpl', 1, + 'GNU library general public license' => 'lgpl', 1, + 'GNU library public license' => 'lgpl', 1, + 'GNU Free Documentation license' => 'unrestricted', 1, + 'GNU Affero General Public License' => 'open_source', 1, + '(?:Free)?BSD license' => 'bsd', 1, + 'Artistic license 2\.0' => 'artistic_2', 1, + 'Artistic license' => 'artistic', 1, + 'Apache (?:Software )?license' => 'apache', 1, + 'GPL' => 'gpl', 1, + 'LGPL' => 'lgpl', 1, + 'BSD' => 'bsd', 1, + 'Artistic' => 'artistic', 1, + 'MIT' => 'mit', 1, + 'Mozilla Public License' => 'mozilla', 1, + 'Q Public License' => 'open_source', 1, + 'OpenSSL License' => 'unrestricted', 1, + 'SSLeay License' => 'unrestricted', 1, + 'zlib License' => 'open_source', 1, + 'proprietary' => 'proprietary', 0, + ); + while ( my ($pattern, $license, $osi) = splice(@phrases, 0, 3) ) { + $pattern =~ s#\s+#\\s+#gs; + if ( $license_text =~ /\b$pattern\b/i ) { + return $license; + } + } + return ''; +} + +sub license_from { + my $self = shift; + if (my $license=_extract_license(Module::Install::_read($_[0]))) { + $self->license($license); + } else { + warn "Cannot determine license info from $_[0]\n"; + return 'unknown'; + } +} + +sub _extract_bugtracker { + my @links = $_[0] =~ m#L<( + https?\Q://rt.cpan.org/\E[^>]+| + https?\Q://github.com/\E[\w_]+/[\w_]+/issues| + https?\Q://code.google.com/p/\E[\w_\-]+/issues/list + )>#gx; + my %links; + @links{@links}=(); + @links=keys %links; + return @links; +} + +sub bugtracker_from { + my $self = shift; + my $content = Module::Install::_read($_[0]); + my @links = _extract_bugtracker($content); + unless ( @links ) { + warn "Cannot determine bugtracker info from $_[0]\n"; + return 0; + } + if ( @links > 1 ) { + warn "Found more than one bugtracker link in $_[0]\n"; + return 0; + } + + # Set the bugtracker + bugtracker( $links[0] ); + return 1; +} + +sub requires_from { + my $self = shift; + my $content = Module::Install::_readperl($_[0]); + my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+(v?[\d\.]+)/mg; + while ( @requires ) { + my $module = shift @requires; + my $version = shift @requires; + $self->requires( $module => $version ); + } +} + +sub test_requires_from { + my $self = shift; + my $content = Module::Install::_readperl($_[0]); + my @requires = $content =~ m/^use\s+([^\W\d]\w*(?:::\w+)*)\s+([\d\.]+)/mg; + while ( @requires ) { + my $module = shift @requires; + my $version = shift @requires; + $self->test_requires( $module => $version ); + } +} + +# Convert triple-part versions (eg, 5.6.1 or 5.8.9) to +# numbers (eg, 5.006001 or 5.008009). +# Also, convert double-part versions (eg, 5.8) +sub _perl_version { + my $v = $_[-1]; + $v =~ s/^([1-9])\.([1-9]\d?\d?)$/sprintf("%d.%03d",$1,$2)/e; + $v =~ s/^([1-9])\.([1-9]\d?\d?)\.(0|[1-9]\d?\d?)$/sprintf("%d.%03d%03d",$1,$2,$3 || 0)/e; + $v =~ s/(\.\d\d\d)000$/$1/; + $v =~ s/_.+$//; + if ( ref($v) ) { + # Numify + $v = $v + 0; + } + return $v; +} + +sub add_metadata { + my $self = shift; + my %hash = @_; + for my $key (keys %hash) { + warn "add_metadata: $key is not prefixed with 'x_'.\n" . + "Use appopriate function to add non-private metadata.\n" unless $key =~ /^x_/; + $self->{values}->{$key} = $hash{$key}; + } +} + + +###################################################################### +# MYMETA Support + +sub WriteMyMeta { + die "WriteMyMeta has been deprecated"; +} + +sub write_mymeta_yaml { + my $self = shift; + + # We need YAML::Tiny to write the MYMETA.yml file + unless ( eval { require YAML::Tiny; 1; } ) { + return 1; + } + + # Generate the data + my $meta = $self->_write_mymeta_data or return 1; + + # Save as the MYMETA.yml file + print "Writing MYMETA.yml\n"; + YAML::Tiny::DumpFile('MYMETA.yml', $meta); +} + +sub write_mymeta_json { + my $self = shift; + + # We need JSON to write the MYMETA.json file + unless ( eval { require JSON; 1; } ) { + return 1; + } + + # Generate the data + my $meta = $self->_write_mymeta_data or return 1; + + # Save as the MYMETA.yml file + print "Writing MYMETA.json\n"; + Module::Install::_write( + 'MYMETA.json', + JSON->new->pretty(1)->canonical->encode($meta), + ); +} + +sub _write_mymeta_data { + my $self = shift; + + # If there's no existing META.yml there is nothing we can do + return undef unless -f 'META.yml'; + + # We need Parse::CPAN::Meta to load the file + unless ( eval { require Parse::CPAN::Meta; 1; } ) { + return undef; + } + + # Merge the perl version into the dependencies + my $val = $self->Meta->{values}; + my $perl = delete $val->{perl_version}; + if ( $perl ) { + $val->{requires} ||= []; + my $requires = $val->{requires}; + + # Canonize to three-dot version after Perl 5.6 + if ( $perl >= 5.006 ) { + $perl =~ s{^(\d+)\.(\d\d\d)(\d*)}{join('.', $1, int($2||0), int($3||0))}e + } + unshift @$requires, [ perl => $perl ]; + } + + # Load the advisory META.yml file + my @yaml = Parse::CPAN::Meta::LoadFile('META.yml'); + my $meta = $yaml[0]; + + # Overwrite the non-configure dependency hashes + delete $meta->{requires}; + delete $meta->{build_requires}; + delete $meta->{recommends}; + if ( exists $val->{requires} ) { + $meta->{requires} = { map { @$_ } @{ $val->{requires} } }; + } + if ( exists $val->{build_requires} ) { + $meta->{build_requires} = { map { @$_ } @{ $val->{build_requires} } }; + } + + return $meta; +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Scripts.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Scripts.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install/Scripts.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install/Scripts.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,29 @@ +#line 1 +package Module::Install::Scripts; + +use strict 'vars'; +use Module::Install::Base (); + +use vars qw{$VERSION @ISA $ISCORE}; +BEGIN { + $VERSION = '1.19'; + @ISA = 'Module::Install::Base'; + $ISCORE = 1; +} + +sub install_script { + my $self = shift; + my $args = $self->makemaker_args; + my $exe = $args->{EXE_FILES} ||= []; + foreach ( @_ ) { + if ( -f $_ ) { + push @$exe, $_; + } elsif ( -d 'script' and -f "script/$_" ) { + push @$exe, "script/$_"; + } else { + die("Cannot find script '$_'"); + } + } +} + +1; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install.pm nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install.pm --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/inc/Module/Install.pm 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/inc/Module/Install.pm 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,451 @@ +#line 1 +package Module::Install; + +# For any maintainers: +# The load order for Module::Install is a bit magic. +# It goes something like this... +# +# IF ( host has Module::Install installed, creating author mode ) { +# 1. Makefile.PL calls "use inc::Module::Install" +# 2. $INC{inc/Module/Install.pm} set to installed version of inc::Module::Install +# 3. The installed version of inc::Module::Install loads +# 4. inc::Module::Install calls "require Module::Install" +# 5. The ./inc/ version of Module::Install loads +# } ELSE { +# 1. Makefile.PL calls "use inc::Module::Install" +# 2. $INC{inc/Module/Install.pm} set to ./inc/ version of Module::Install +# 3. The ./inc/ version of Module::Install loads +# } + +use 5.006; +use strict 'vars'; +use Cwd (); +use File::Find (); +use File::Path (); + +use vars qw{$VERSION $MAIN}; +BEGIN { + # All Module::Install core packages now require synchronised versions. + # This will be used to ensure we don't accidentally load old or + # different versions of modules. + # This is not enforced yet, but will be some time in the next few + # releases once we can make sure it won't clash with custom + # Module::Install extensions. + $VERSION = '1.19'; + + # Storage for the pseudo-singleton + $MAIN = undef; + + *inc::Module::Install::VERSION = *VERSION; + @inc::Module::Install::ISA = __PACKAGE__; + +} + +sub import { + my $class = shift; + my $self = $class->new(@_); + my $who = $self->_caller; + + #------------------------------------------------------------- + # all of the following checks should be included in import(), + # to allow "eval 'require Module::Install; 1' to test + # installation of Module::Install. (RT #51267) + #------------------------------------------------------------- + + # Whether or not inc::Module::Install is actually loaded, the + # $INC{inc/Module/Install.pm} is what will still get set as long as + # the caller loaded module this in the documented manner. + # If not set, the caller may NOT have loaded the bundled version, and thus + # they may not have a MI version that works with the Makefile.PL. This would + # result in false errors or unexpected behaviour. And we don't want that. + my $file = join( '/', 'inc', split /::/, __PACKAGE__ ) . '.pm'; + unless ( $INC{$file} ) { die <<"END_DIE" } + +Please invoke ${\__PACKAGE__} with: + + use inc::${\__PACKAGE__}; + +not: + + use ${\__PACKAGE__}; + +END_DIE + + # This reportedly fixes a rare Win32 UTC file time issue, but + # as this is a non-cross-platform XS module not in the core, + # we shouldn't really depend on it. See RT #24194 for detail. + # (Also, this module only supports Perl 5.6 and above). + eval "use Win32::UTCFileTime" if $^O eq 'MSWin32' && $] >= 5.006; + + # If the script that is loading Module::Install is from the future, + # then make will detect this and cause it to re-run over and over + # again. This is bad. Rather than taking action to touch it (which + # is unreliable on some platforms and requires write permissions) + # for now we should catch this and refuse to run. + if ( -f $0 ) { + my $s = (stat($0))[9]; + + # If the modification time is only slightly in the future, + # sleep briefly to remove the problem. + my $a = $s - time; + if ( $a > 0 and $a < 5 ) { sleep 5 } + + # Too far in the future, throw an error. + my $t = time; + if ( $s > $t ) { die <<"END_DIE" } + +Your installer $0 has a modification time in the future ($s > $t). + +This is known to create infinite loops in make. + +Please correct this, then run $0 again. + +END_DIE + } + + + # Build.PL was formerly supported, but no longer is due to excessive + # difficulty in implementing every single feature twice. + if ( $0 =~ /Build.PL$/i ) { die <<"END_DIE" } + +Module::Install no longer supports Build.PL. + +It was impossible to maintain duel backends, and has been deprecated. + +Please remove all Build.PL files and only use the Makefile.PL installer. + +END_DIE + + #------------------------------------------------------------- + + # To save some more typing in Module::Install installers, every... + # use inc::Module::Install + # ...also acts as an implicit use strict. + $^H |= strict::bits(qw(refs subs vars)); + + #------------------------------------------------------------- + + unless ( -f $self->{file} ) { + foreach my $key (keys %INC) { + delete $INC{$key} if $key =~ /Module\/Install/; + } + + local $^W; + require "$self->{path}/$self->{dispatch}.pm"; + File::Path::mkpath("$self->{prefix}/$self->{author}"); + $self->{admin} = "$self->{name}::$self->{dispatch}"->new( _top => $self ); + $self->{admin}->init; + @_ = ($class, _self => $self); + goto &{"$self->{name}::import"}; + } + + local $^W; + *{"${who}::AUTOLOAD"} = $self->autoload; + $self->preload; + + # Unregister loader and worker packages so subdirs can use them again + delete $INC{'inc/Module/Install.pm'}; + delete $INC{'Module/Install.pm'}; + + # Save to the singleton + $MAIN = $self; + + return 1; +} + +sub autoload { + my $self = shift; + my $who = $self->_caller; + my $cwd = Cwd::getcwd(); + my $sym = "${who}::AUTOLOAD"; + $sym->{$cwd} = sub { + my $pwd = Cwd::getcwd(); + if ( my $code = $sym->{$pwd} ) { + # Delegate back to parent dirs + goto &$code unless $cwd eq $pwd; + } + unless ($$sym =~ s/([^:]+)$//) { + # XXX: it looks like we can't retrieve the missing function + # via $$sym (usually $main::AUTOLOAD) in this case. + # I'm still wondering if we should slurp Makefile.PL to + # get some context or not ... + my ($package, $file, $line) = caller; + die <<"EOT"; +Unknown function is found at $file line $line. +Execution of $file aborted due to runtime errors. + +If you're a contributor to a project, you may need to install +some Module::Install extensions from CPAN (or other repository). +If you're a user of a module, please contact the author. +EOT + } + my $method = $1; + if ( uc($method) eq $method ) { + # Do nothing + return; + } elsif ( $method =~ /^_/ and $self->can($method) ) { + # Dispatch to the root M:I class + return $self->$method(@_); + } + + # Dispatch to the appropriate plugin + unshift @_, ( $self, $1 ); + goto &{$self->can('call')}; + }; +} + +sub preload { + my $self = shift; + unless ( $self->{extensions} ) { + $self->load_extensions( + "$self->{prefix}/$self->{path}", $self + ); + } + + my @exts = @{$self->{extensions}}; + unless ( @exts ) { + @exts = $self->{admin}->load_all_extensions; + } + + my %seen; + foreach my $obj ( @exts ) { + while (my ($method, $glob) = each %{ref($obj) . '::'}) { + next unless $obj->can($method); + next if $method =~ /^_/; + next if $method eq uc($method); + $seen{$method}++; + } + } + + my $who = $self->_caller; + foreach my $name ( sort keys %seen ) { + local $^W; + *{"${who}::$name"} = sub { + ${"${who}::AUTOLOAD"} = "${who}::$name"; + goto &{"${who}::AUTOLOAD"}; + }; + } +} + +sub new { + my ($class, %args) = @_; + + delete $INC{'FindBin.pm'}; + { + # to suppress the redefine warning + local $SIG{__WARN__} = sub {}; + require FindBin; + } + + # ignore the prefix on extension modules built from top level. + my $base_path = Cwd::abs_path($FindBin::Bin); + unless ( Cwd::abs_path(Cwd::getcwd()) eq $base_path ) { + delete $args{prefix}; + } + return $args{_self} if $args{_self}; + + $base_path = VMS::Filespec::unixify($base_path) if $^O eq 'VMS'; + + $args{dispatch} ||= 'Admin'; + $args{prefix} ||= 'inc'; + $args{author} ||= ($^O eq 'VMS' ? '_author' : '.author'); + $args{bundle} ||= 'inc/BUNDLES'; + $args{base} ||= $base_path; + $class =~ s/^\Q$args{prefix}\E:://; + $args{name} ||= $class; + $args{version} ||= $class->VERSION; + unless ( $args{path} ) { + $args{path} = $args{name}; + $args{path} =~ s!::!/!g; + } + $args{file} ||= "$args{base}/$args{prefix}/$args{path}.pm"; + $args{wrote} = 0; + + bless( \%args, $class ); +} + +sub call { + my ($self, $method) = @_; + my $obj = $self->load($method) or return; + splice(@_, 0, 2, $obj); + goto &{$obj->can($method)}; +} + +sub load { + my ($self, $method) = @_; + + $self->load_extensions( + "$self->{prefix}/$self->{path}", $self + ) unless $self->{extensions}; + + foreach my $obj (@{$self->{extensions}}) { + return $obj if $obj->can($method); + } + + my $admin = $self->{admin} or die <<"END_DIE"; +The '$method' method does not exist in the '$self->{prefix}' path! +Please remove the '$self->{prefix}' directory and run $0 again to load it. +END_DIE + + my $obj = $admin->load($method, 1); + push @{$self->{extensions}}, $obj; + + $obj; +} + +sub load_extensions { + my ($self, $path, $top) = @_; + + my $should_reload = 0; + unless ( grep { ! ref $_ and lc $_ eq lc $self->{prefix} } @INC ) { + unshift @INC, $self->{prefix}; + $should_reload = 1; + } + + foreach my $rv ( $self->find_extensions($path) ) { + my ($file, $pkg) = @{$rv}; + next if $self->{pathnames}{$pkg}; + + local $@; + my $new = eval { local $^W; require $file; $pkg->can('new') }; + unless ( $new ) { + warn $@ if $@; + next; + } + $self->{pathnames}{$pkg} = + $should_reload ? delete $INC{$file} : $INC{$file}; + push @{$self->{extensions}}, &{$new}($pkg, _top => $top ); + } + + $self->{extensions} ||= []; +} + +sub find_extensions { + my ($self, $path) = @_; + + my @found; + File::Find::find( {no_chdir => 1, wanted => sub { + my $file = $File::Find::name; + return unless $file =~ m!^\Q$path\E/(.+)\.pm\Z!is; + my $subpath = $1; + return if lc($subpath) eq lc($self->{dispatch}); + + $file = "$self->{path}/$subpath.pm"; + my $pkg = "$self->{name}::$subpath"; + $pkg =~ s!/!::!g; + + # If we have a mixed-case package name, assume case has been preserved + # correctly. Otherwise, root through the file to locate the case-preserved + # version of the package name. + if ( $subpath eq lc($subpath) || $subpath eq uc($subpath) ) { + my $content = Module::Install::_read($File::Find::name); + my $in_pod = 0; + foreach ( split /\n/, $content ) { + $in_pod = 1 if /^=\w/; + $in_pod = 0 if /^=cut/; + next if ($in_pod || /^=cut/); # skip pod text + next if /^\s*#/; # and comments + if ( m/^\s*package\s+($pkg)\s*;/i ) { + $pkg = $1; + last; + } + } + } + + push @found, [ $file, $pkg ]; + }}, $path ) if -d $path; + + @found; +} + + + + + +##################################################################### +# Common Utility Functions + +sub _caller { + my $depth = 0; + my $call = caller($depth); + while ( $call eq __PACKAGE__ ) { + $depth++; + $call = caller($depth); + } + return $call; +} + +sub _read { + local *FH; + open( FH, '<', $_[0] ) or die "open($_[0]): $!"; + binmode FH; + my $string = do { local $/; }; + close FH or die "close($_[0]): $!"; + return $string; +} + +sub _readperl { + my $string = Module::Install::_read($_[0]); + $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; + $string =~ s/(\n)\n*__(?:DATA|END)__\b.*\z/$1/s; + $string =~ s/\n\n=\w+.+?\n\n=cut\b.+?\n+/\n\n/sg; + return $string; +} + +sub _readpod { + my $string = Module::Install::_read($_[0]); + $string =~ s/(?:\015{1,2}\012|\015|\012)/\n/sg; + return $string if $_[0] =~ /\.pod\z/; + $string =~ s/(^|\n=cut\b.+?\n+)[^=\s].+?\n(\n=\w+|\z)/$1$2/sg; + $string =~ s/\n*=pod\b[^\n]*\n+/\n\n/sg; + $string =~ s/\n*=cut\b[^\n]*\n+/\n\n/sg; + $string =~ s/^\n+//s; + return $string; +} + +sub _write { + local *FH; + open( FH, '>', $_[0] ) or die "open($_[0]): $!"; + binmode FH; + foreach ( 1 .. $#_ ) { + print FH $_[$_] or die "print($_[0]): $!"; + } + close FH or die "close($_[0]): $!"; +} + +# _version is for processing module versions (eg, 1.03_05) not +# Perl versions (eg, 5.8.1). +sub _version { + my $s = shift || 0; + my $d =()= $s =~ /(\.)/g; + if ( $d >= 2 ) { + # Normalise multipart versions + $s =~ s/(\.)(\d{1,3})/sprintf("$1%03d",$2)/eg; + } + $s =~ s/^(\d+)\.?//; + my $l = $1 || 0; + my @v = map { + $_ . '0' x (3 - length $_) + } $s =~ /(\d{1,3})\D?/g; + $l = $l . '.' . join '', @v if @v; + return $l + 0; +} + +sub _cmp { + _version($_[1]) <=> _version($_[2]); +} + +# Cloned from Params::Util::_CLASS +sub _CLASS { + ( + defined $_[0] + and + ! ref $_[0] + and + $_[0] =~ m/^[^\W\d]\w*(?:::\w+)*\z/s + ) ? $_[0] : undef; +} + +1; + +# Copyright 2008 - 2012 Adam Kennedy. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/INSTALL nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/INSTALL --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/INSTALL 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/INSTALL 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,6 @@ Build and install check_rbl -Dependences +Dependencies =========== check_rbl depends on several Perl modules: @@ -14,6 +14,7 @@ * Net::DNS * Net::IP * Readonly + * Socket Perl modules can be found on the "Comprehensive Perl Archive Network" (CPAN). The "How to install CPAN modules" guide summarizes how these diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/Makefile.PL nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/Makefile.PL --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/Makefile.PL 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/Makefile.PL 2021-12-17 14:47:25.000000000 +0000 @@ -18,6 +18,7 @@ 'Net::DNS' => 0, 'Net::IP' => 0, 'Readonly' => 0, + 'Socket' => 0, 'IO::Select' => 0, 'Monitoring::Plugin' => 0, 'Monitoring::Plugin::Threshold' => 0, @@ -31,6 +32,9 @@ $prereqs{'Net::DNS'} = '1.04'; } +# https://metacpan.org/pod/release/DAGOLDEN/CPAN-Meta-2.142690/lib/CPAN/Meta/Spec.pm#license +license 'gpl_3'; + install_script 'check_rbl'; auto_install; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/META.yml nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/META.yml --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/META.yml 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/META.yml 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,30 @@ +--- +build_requires: + ExtUtils::MakeMaker: 6.36 +configure_requires: + ExtUtils::MakeMaker: 6.36 +distribution_type: module +dynamic_config: 1 +generated_by: 'Module::Install version 1.19' +license: gpl_3 +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: 1.4 +name: check_rbl +no_index: + directory: + - inc + - t +requires: + Data::Validate::Domain: 0.12 + Data::Validate::IP: 0 + English: 0 + IO::Select: 0 + Monitoring::Plugin: 0 + Monitoring::Plugin::Getopt: 0 + Monitoring::Plugin::Threshold: 0 + Net::DNS: 0 + Net::IP: 0 + Readonly: 0 + Socket: 0 +version: 1.6.2 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/MYMETA.json nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/MYMETA.json --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/MYMETA.json 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/MYMETA.json 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,52 @@ +{ + "abstract" : "unknown", + "author" : [ + "unknown" + ], + "dynamic_config" : 0, + "generated_by" : "Module::Install version 1.19, CPAN::Meta::Converter version 2.150010", + "license" : [ + "gpl_3" + ], + "meta-spec" : { + "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", + "version" : 2 + }, + "name" : "check_rbl", + "no_index" : { + "directory" : [ + "inc", + "t" + ] + }, + "prereqs" : { + "build" : { + "requires" : { + "ExtUtils::MakeMaker" : "6.36" + } + }, + "configure" : { + "requires" : { + "ExtUtils::MakeMaker" : "0" + } + }, + "runtime" : { + "requires" : { + "Data::Validate::Domain" : "0.12", + "Data::Validate::IP" : "0", + "English" : "0", + "IO::Select" : "0", + "Monitoring::Plugin" : "0", + "Monitoring::Plugin::Getopt" : "0", + "Monitoring::Plugin::Threshold" : "0", + "Net::DNS" : "0", + "Net::IP" : "0", + "Readonly" : "0", + "Socket" : "0" + } + } + }, + "release_status" : "stable", + "version" : "1.6.2", + "x_serialization_backend" : "JSON::PP version 4.06" +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/MYMETA.yml nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/MYMETA.yml --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/MYMETA.yml 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/MYMETA.yml 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,33 @@ +--- +abstract: unknown +author: + - unknown +build_requires: + ExtUtils::MakeMaker: '6.36' +configure_requires: + ExtUtils::MakeMaker: '0' +dynamic_config: 0 +generated_by: 'Module::Install version 1.19, CPAN::Meta::Converter version 2.150010' +license: gpl +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: '1.4' +name: check_rbl +no_index: + directory: + - inc + - t +requires: + Data::Validate::Domain: '0.12' + Data::Validate::IP: '0' + English: '0' + IO::Select: '0' + Monitoring::Plugin: '0' + Monitoring::Plugin::Getopt: '0' + Monitoring::Plugin::Threshold: '0' + Net::DNS: '0' + Net::IP: '0' + Readonly: '0' + Socket: '0' +version: 1.6.2 +x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/NEWS nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/NEWS --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/NEWS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/NEWS 2021-12-17 14:47:25.000000000 +0000 @@ -1,3 +1,7 @@ +2021-12-16: 1.6.3 - accepts FQDN as host names +2021-06-01: 1.6.2 - fixed a bug with IPv6 +2021-05-27: 1.6.1 - fixes the FQDN with IPv6 and fixes the output in case of timeouts +2021-05-27: 1.6.0 - show the FQDN if the host is specified with an IP address 2021-01-03: 1.5.7 - removed emailbasura.org from the documentation and default configuration 2020-11-30: 1.5.6 - bug fix with IPv6 addresses 2020-09-30: 1.5.5 - removed dynip.rothen.com from the documentation and default configuration @@ -19,9 +23,9 @@ 2014-09-21: 1.3.5 - fixed the default critical and warning range 2014-09-20: 1.3.4 - parameter validation fix 2014-08-09: 1.3.3 - parameter validation -2014-01-30: 1.3.2 - documentation and dependecies update +2014-01-30: 1.3.2 - documentation and dependencies update 2013-09-26: 1.3.1 - disabled embedded Perl -2011-07-11: 1.3.0 - whitelistings support +2011-07-11: 1.3.0 - whitelisting support 2011-03-22: 1.2.2 - bug fix release (dependencies fixed) 2010-07-05: 1.2.1 - bug fix release (see Changes) 2010-04-08: 1.2.0 - improved parallel checks and several fixes diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/README.md nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/README.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/README.md 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/README.md 2021-12-17 14:47:25.000000000 +0000 @@ -1,11 +1,11 @@ - (c) Matteo Corti, ETH Zurich, 2009-2012 + © Matteo Corti, ETH Zurich, 2009-2012 - (c) Matteo Corti, 2009-2021 + © Matteo Corti, 2009-2021 see AUTHORS for the complete list of contributors -# check_rbl +# check\_rbl A Nagios plugin to check if an SMTP server is blacklisted @@ -23,9 +23,9 @@ ## Example ``` -check_rbl -H example.org -t 60 -c 1 -w 1 -s cbl.abuseat.org -s bl.deadbeef.com -s spamtrap.drbl.drand.net -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s relays.nether.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s ubl.unsubscore.com -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s blacklist.sci.kun.nl -s dnsbl.kempt.net -s forbidden.icm.edu.pl -s hil.habeas.com -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s bl.technovision.dk -s b.barracudacentral.org -s dnsbl.antispam.or.id -s drone.abuse.ch -s dsn.rfc-ignorant.org -s dul.dnsbl.sorbs.net -s http.dnsbl.sorbs.net -s l1.spews.dnsbl.sorbs.net -s l2.spews.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s postmaster.rfc-ignorant.org -s rbl.spamlab.com -s relays.bl.kunden.de -s smtp.dnsbl.sorbs.net -s socks.dnsbl.sorbs.net -s spam.abuse.ch -s spamrbl.imp.ch -s tr.countries.nerd.dk -s unsure.nether.net -s virbl.bit.nl -s web.dnsbl.sorbs.net -s whois.rfc-ignorant.org -s wormrbl.imp.ch -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s blackholes.five-ten-sg.com -s blacklist.woody.ch -s bogons.cymru.com -s combined.abuse.ch -s duinv.aupads.org -s ohps.dnsbl.net.au -s omrs.dnsbl.net.au -s orvedb.aupads.org -s osps.dnsbl.net.au -s osrs.dnsbl.net.au -s owfs.dnsbl.net.au -s owps.dnsbl.net.au -s probes.dnsbl.net.au -s proxy.bl.gweep.ca -s proxy.block.transip.nl -s rbl.inter.net -s rdts.dnsbl.net.au -s relays.bl.gweep.ca -s residential.block.transip.nl -s ricn.dnsbl.net.au -s rmst.dnsbl.net.au -s spamlist.or.kr -s t3direct.dnsbl.net.au -s ubl.lashback.com -s all.s5h.net -s dnsbl.anticaptcha.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s spambot.bls.digibase.ca -s z.mailspike.net +check_rbl -H example.org -t 60 -c 1 -w 1 -s cbl.abuseat.org -s bl.deadbeef.com -s spamtrap.drbl.drand.net -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s relays.nether.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s ubl.unsubscore.com -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s blacklist.sci.kun.nl -s dnsbl.kempt.net -s forbidden.icm.edu.pl -s hil.habeas.com -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s bl.technovision.dk -s b.barracudacentral.org -s dnsbl.antispam.or.id -s drone.abuse.ch -s dsn.rfc-ignorant.org -s dul.dnsbl.sorbs.net -s http.dnsbl.sorbs.net -s l1.spews.dnsbl.sorbs.net -s l2.spews.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s postmaster.rfc-ignorant.org -s rbl.spamlab.com -s relays.bl.kunden.de -s smtp.dnsbl.sorbs.net -s socks.dnsbl.sorbs.net -s spam.abuse.ch -s spamrbl.imp.ch -s tr.countries.nerd.dk -s unsure.nether.net -s virbl.bit.nl -s web.dnsbl.sorbs.net -s whois.rfc-ignorant.org -s wormrbl.imp.ch -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s blackholes.five-ten-sg.com -s blacklist.woody.ch -s bogons.cymru.com -s combined.abuse.ch -s duinv.aupads.org -s ohps.dnsbl.net.au -s omrs.dnsbl.net.au -s orvedb.aupads.org -s osps.dnsbl.net.au -s osrs.dnsbl.net.au -s owfs.dnsbl.net.au -s owps.dnsbl.net.au -s probes.dnsbl.net.au -s proxy.bl.gweep.ca -s proxy.block.transip.nl -s rbl.inter.net -s rdts.dnsbl.net.au -s relays.bl.gweep.ca -s residential.block.transip.nl -s ricn.dnsbl.net.au -s rmst.dnsbl.net.au -s spamlist.or.kr -s t3direct.dnsbl.net.au -s ubl.lashback.com -s all.s5h.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s spambot.bls.digibase.ca -s z.mailspike.net ``` ## Bugs Please report any bugs or feature requests through the -web interface at https://github.com/matteocorti/check_rbl/issues +web interface at [https://github.com/matteocorti/check_rbl/issues](https://github.com/matteocorti/check_rbl/issues) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/test.sh nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/test.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/test.sh 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/test.sh 2021-12-17 14:47:25.000000000 +0000 @@ -8,16 +8,14 @@ echo '' echo ' the IP to check against a bunch of blacklists.' echo '' - exit $EXIT_BAD_ARGS + exit "${EXIT_BAD_ARGS}" else IP_ADDR="${1}" fi - - -perl ./check_rbl -H "$IP_ADDR" \ +perl ./check_rbl -H "${IP_ADDR}" \ -t 60 \ -c 1 \ -w 1 \ -v \ - -s cbl.abuseat.org -s bl.deadbeef.com -s spamtrap.drbl.drand.net -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s relays.nether.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s ubl.unsubscore.com -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s blacklist.sci.kun.nl -s dnsbl.kempt.net -s forbidden.icm.edu.pl -s hil.habeas.com -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s bl.technovision.dk -s b.barracudacentral.org -s dnsbl.antispam.or.id -s drone.abuse.ch -s dsn.rfc-ignorant.org -s dul.dnsbl.sorbs.net -s http.dnsbl.sorbs.net -s l1.spews.dnsbl.sorbs.net -s l2.spews.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s postmaster.rfc-ignorant.org -s rbl.spamlab.com -s relays.bl.kunden.de -s smtp.dnsbl.sorbs.net -s socks.dnsbl.sorbs.net -s spam.abuse.ch -s spamrbl.imp.ch -s tr.countries.nerd.dk -s unsure.nether.net -s virbl.bit.nl -s web.dnsbl.sorbs.net -s whois.rfc-ignorant.org -s wormrbl.imp.ch -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s blackholes.five-ten-sg.com -s blacklist.woody.ch -s bogons.cymru.com -s combined.abuse.ch -s duinv.aupads.org -s ohps.dnsbl.net.au -s omrs.dnsbl.net.au -s orvedb.aupads.org -s osps.dnsbl.net.au -s osrs.dnsbl.net.au -s owfs.dnsbl.net.au -s owps.dnsbl.net.au -s probes.dnsbl.net.au -s proxy.bl.gweep.ca -s proxy.block.transip.nl -s rbl.inter.net -s rdts.dnsbl.net.au -s relays.bl.gweep.ca -s residential.block.transip.nl -s ricn.dnsbl.net.au -s rmst.dnsbl.net.au -s spamlist.or.kr -s t3direct.dnsbl.net.au -s ubl.lashback.com -s all.s5h.net -s dnsbl.anticaptcha.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s spambot.bls.digibase.ca -s z.mailspike.net + -s cbl.abuseat.org -s spamsources.fabel.dk -s 0spam.fusionzero.com -s mail-abuse.blacklist.jippg.org -s korea.services.net -s spamguard.leadmon.net -s ix.dnsbl.manitu.net -s psbl.surriel.com -s dyna.spamrats.com -s noptr.spamrats.com -s spam.spamrats.com -s dnsbl.sorbs.net -s spam.dnsbl.sorbs.net -s bl.spamcop.net -s pbl.spamhaus.org -s sbl.spamhaus.org -s xbl.spamhaus.org -s dnsbl-1.uceprotect.net -s dnsbl-2.uceprotect.net -s dnsbl-3.uceprotect.net -s db.wpbl.info -s access.redhawk.org -s dnsbl.kempt.net -s rbl.schulte.org -s sbl-xbl.spamhaus.org -s dul.dnsbl.sorbs.net -s misc.dnsbl.sorbs.net -s smtp.dnsbl.sorbs.net -s web.dnsbl.sorbs.net -s zen.spamhaus.org -s zombie.dnsbl.sorbs.net -s dnsbl.dronebl.org -s dnsbl.spfbl.net -s ips.backscatterer.org -s singular.ttk.pte.hu -s spam.dnsbl.anonmails.de -s z.mailspike.net diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/.travis.yml nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/.travis.yml --- nagios-plugins-contrib-35.20210511ubuntu2/check_rbl/src/.travis.yml 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_rbl/src/.travis.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -language: perl -perl: - - '5.26' - - '5.24' - - '5.22' - - '5.20' - - '5.18' - - '5.16' - - '5.14' - - '5.12' - - '5.10' diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/AUTHORS nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/AUTHORS --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/AUTHORS 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/AUTHORS 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,126 @@ +Matteo Corti + +Thanks: + +* Many thanks to Kenny McCormack for his help on comp.unix.shell on + how to implement a timeout +* Many thanks to Dan Wallis for several patches and fixes + (see the Changelog) +* Many thanks to Tuomas Haarala for the -P option patch to + check TLS certs using other protocols +* Many thanks to Marcus RejÃ¥s for the -N and -n patches +* Many thanks to Marc Fournier for + - the == bashism fix + - the mktemp error handling patch +* Many thanks to Wolfgang Schricker for + - the selfsigned bug report and cleanup fixes + - the patch adding the possibility to check local files (-f option) +* Many thanks to Yannick Gravel for the patch fixing the plugin output + and the fix on the test order +* Many thanks to Scott Worthington for the --critical and --warning hints +* Many thanks to Lawren Quigley-Jones for + - the -A,--noauth patch + - the trap fix +* Many thanks to Matthias Fuhrmeister for the -servername patch +* Many thanks to Raphael Thoma for the patch allowing HTTP to be + specified as protocol and the fix on -N with wildcards +* Many thanks to Sven Nierlein for the client certificate authentication patch +* Many thanks to Rob Yamry for the help in debugging a problem with + certain versions of OpenSSL and TLS extensions +* Many thanks to Jim Hopp for the "No certificate returned" enhancement patch +* Many thanks to Javier Gonel for the TLS servername patch +* Many thanks to Christian Ruppert for the XMPP patch +* Many thanks to Robin H. Johnson for the 'timeout' patch +* Many thanks to Max Winterstein for the SSL version patch +* Many thanks to Colin Smith for the RPM build Makefile patch +* Many thanks to Andreas Dijkman for the RPM dependencies patch +* Many thanks to Lawren Quigley-Jones for the common name patch +* Many thanks to Ryan Nowakowski for the OCSP patch +* Many thanks to Jérémy Lecour for the review and corrections +* Many thanks to Mark Ruys for the OCSP patch +* Many thanks to Milan Koudelka for the serial number patch +* Many thanks to Konstantin Shalygin for the UTF-8 patch +* Many thanks to Sam Richards for the SNI patch +* Many thanks to Sergei Shmanko (https://github.com/sshmanko) for the wildcard + certificate patch +* Many thanks to juckerf (https://github.com/juckerf) for patch to increase + control over which SSL/TLS versions to use +* Many thanks to Rolf Eike Beer for the IRC and SMTP check patch +* Many thanks to Viktor Szépe for the formatting and style patches +* Many thanks to Philippe Kueck for the CN patch +* Many thanks to Ricardo (https://github.com/bb-Ricardo) and xert (https://github.com/xert) for the date timestamp patch +* Many thanks to xert for the SSLLabs patch +* Many thanks to Leynos (https://github.com/leynos) for the OCSP proxy patch +* Many thanks to Philippe Kueck for the selection of the cipher authentication +* Many thanks to Jalonet (https://github.com/jalonet) for the file/PEM patch +* Many thanks to Sander Cornelissen (https://github.com/scornelissen85) for the multiple CNs patch +* Many thanks to Pavel Rochnyak (https://github.com/rpv-tomsk) for the issuer certificate cache patch and + the wildcard support in alternative names +* Many thanks to Vamp898 (https://github.com/Vamp898) for the LDAP patch +* Many thanks to Emilian Ertel for the curl and date patches +* Many thanks to Kosta Velikov for the grep patch +* Many thanks to Vojtech Horky for the OpenSSL 1.1 patch +* Many thanks to Nicolas Lafont (https://github.com/ManicoW) for the Common Name fix +* Many thanks to d7415 (https://github.com/d7415) for the -help patch +* Many thanks to Åukasz WÄ…sikowski (https://github.com/IdahoPL) for the curl and date display patches +* Many thanks to booboo-at-gluga-de (https://github.com/booboo-at-gluga-de) for the CRL patch +* Many thanks to Georg (https://github.com/gbotti) for the fingerprint patch +* Many thanks to Wim van Ravesteijn (https://github.com/wimvr) for the DER encoded CRL files patch and the OCSP expiring date patch +* Many thanks to yasirathackersdotmu (https://github.com/yasirathackersdotmu) +* Many thanks to Christoph Moench-Tegeder (https://github.com/moench-tegeder) for the curl patch +* Many thanks to Dan Pritts for the --terse patch +* Many thanks to eeertel (https://github.com/eeertel) for the SNI warning patch +* Many thanks to Vojtech Horky (https://github.com/vhotspur) for the --format patch +* Many thanks to Markus Frosch (https://github.com/lazyfrosch) for the cleanup patch +* Many thanks to Ricardo Bartels (https://github.com/bb-Ricardo) for the patches fixing unit tests, + long output on Linux, extending the issuer checks to the whole chain +* Many thanks to eimamagi (https://github.com/eimamagi) for the client key patch and for the CA file and directory support +* Many thanks to Stefan Schlesinger for the HTTP_REQUEST patch +* Many thanks to sokol-44 (https://github.com/sokol-44) for the HTTP request fix +* Many thanks to Jonas Meurer (https://github.com/mejo-) for the IMAP / IMAPS fix +* Many thanks to Mathieu Simon (https://github.com/matsimon) for the IMAPS, POP3S and LDAP patches +* Many thanks to Nico (https://github.com/nicox) for the SSLlabs patch +* Many thanks to barakAtSoluto (https://github.com/barakAtSoluto) for the SSLlabs warning patch +* Many thanks to Valentin Heidelberger (https://github.com/va1entin) for the curl user agent patch +* Many thanks to Tone (https://github.com/anthonyhaussman) for the warning message improvement patch +* Many thanks to Michael Niewiara (https://github.com/mobitux) for the HTTPS/echo fix +* Many thanks to Zadkiel (https://github.com/aslafy-z) for the extended regex patch and for the n-elementh check +* Many thanks to Dick Visser (https://github.com/dnmvisser) for the --inetproto patch +* Many thanks to jmuecke (https://github.com/jmuecke) for the multiple errors patch +* Many thanks to iasdeoupxe (https://github.com/iasdeoupxe) for various fixes +* Many thanks to Andre Klärner (https://github.com/klaernie) for the typos corrections +* Many thanks to ДилÑн Палаузов (https://github.com/dilyanpalauzov) for the DANE checks +* Many thanks to dupondje (https://github.com/dupondje) for the check_prog fix +* Many thanks to Jörg Thalheim (https://github.com/Mic92) for the xmpp-server patch +* Many thanks to Arkadiusz MiÅ›kiewicz (https://github.com/arekm) for the OCSP timeout patch +* Many thanks to Thomas Weißschuh (https://github.com/t-8ch) for the PostgreSQL patch +* Many thanks to Jonathan Besanceney (https://github.com/jonathan-besanceney) for the proxy patch +* Many thanks to grizzlydev-sarl (https://github.com/grizzlydev-sarl) for the + processing of all the certificate in the chain, the verbose patch and the output cleanup patch +* Many thanks to Claudio Kuenzler (https://github.com/Napsty) for the chain expiration output fix +* Many thanks to jf-vf (https://github.com/jf-vf) for the MySQL support patch +* Many thanks to skanx (https://github.com/skanx) for the --not-issued-by output patch +* Many thanks to Zadkiel (https://github.com/aslafy-z) for the --version, the + --skip-element patches +* Many thanks to Marcel Burkhalter (https://github.com/explorer69) the custom HTTP header patch. +* Many thanks to Peter Newmann (https://github.com/peternewman) for the timeout + documentation patch and the issuers patch +* Many thanks to cbiedl (https://github.com/cbiedl) for the proxy patch +* Many thanks to Robin Schneider (https://github.com/ypid-geberit) for the --long-output all patch +* Many thanks to Robin Pronk (https://github.com/rfpronk) for the -u patch +* Many thanks to tunnelpr0 (https://github.com/tunnelpr0) for the --inetproto patch +* Many thanks to Christoph Moench-Tegeder (https://github.com/moench-tegeder) for the OpenSSL version patch +* Many thanks to waja (https://github.com/waja) for the GitHub workflows +* Many thanks to Tobias Grünewald (https://github.com/tobias-gruenewald) for the client certificate +* Many thanks to chornberger-c2c (https://github.com/chornberger-c2c) for the critical and warning output fix +* Many thanks to Claus-Theodor Riegg (https://github.com/ctriegg-mak) for the domain with + underscores and certificate chain fixes +* Many thanks to Ed Sabol (https://github.com/esabol) for the FQDN patch +* Many thanks to Igor Mironov (https://github.com/mcs6502) for the LibreSSL patch +* Many thanks to jalbstmeijer (https://github.com/jalbstmeijer) for the OpenSSL and INETPROTO patch +* Many thanks to Pim Rupert (https://github.com/prupert) for the file(1) patches +* Many thanks to Alexander AleksandroviÄ Klimov (https://github.com/Al2Klimov) for the DANE 312 patch +* Many thanks to Jaime Hablutzel (https://github.com/hablutzel1) for the --element fix +* Many thanks to Bernd Stroessenreuther for the CRL and IPv6 fixes and for the floating point patch +* Many thanks to Kim Jahn for the conversion typo and underscore fixes (https://github.com/mookie-) +* Many thanks to Bernd Strößenreuther (https://github.com/booboo-at-gluga-de) for the --help patch diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/ChangeLog nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/ChangeLog --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/ChangeLog 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/ChangeLog 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,1188 @@ +2021-12-15 Matteo Corti + + * check_ssl_cert (fetch_certificate): check if the used protocol was HTTP/2 (if requested) + +2021-12-10 Matteo Corti + + * check_ssl_cert (check_attr): using NMAP_BIN instead of nmap + * check_ssl_cert (main): fixed a bug causing an unnecessary scan when checking for disallowed protocols + * check_ssl_cert (main): (main): SSL 2.0 and SSL 3.0 disabled by --all and --all-local + +2021-12-08 Matteo Corti + + * Fixed several spelling mistakes + +2021-12-05 Bernd Stroessenreuther + + * check_ssl_cert: improve readability of --help by wrapping some very long lines + +2021-12-03 Matteo Corti + + * check_ssl_cert (main): IPv6 checks fixed if ipconfig is not available + +2021-11-26 Matteo Corti + + * check_ssl_cert (info): --info to print certificate information + +2021-11-24 Matteo Corti + + * check_ssl_cert (check_attr): Fixed a bug in the processing of error messages + * check_ssl_cert (main): Handle root certificates in DER format + * check_ssl_cert (check_attr): Fixed the nmap cipher check for hosts which are not discoverable + +2021-11-12 Matteo Corti + + * check_ssl_cert (main): Skipping the manual renegotiation test with OpenSSL > 3.0.0 + +2021-11-11 Matteo Corti + + * check_ssl_cert (main): Fixed a problem with newlines in variable on some systems (e.g., Fedora) + * check_ssl_cert (fetch_certificate): Fixed a problem with OpenSSL 3.0.0 and debug mode with certain servers + +2021-11-11 Matteo Corti + + * check_ssl_cert (main): Better extraction of the certificate issuers + +2021-11-09 Matteo Corti + + * check_ssl_cert (fetch_certificate): Parsing of OpenSSL 3 messages + * check_ssl_cert (fetch_certificate): Ignoring legacy renegotiation if --ignore-tls-renegotiation was specified + +2021-10-25 Matteo Corti + + * check_ssl_cert (debuglog): Better formatting of the elapsed time in the log output + +2021-10-22 Matteo Corti + + * check_ssl_cert (check_attr): Fixed the organization check + * check_ssl_cert (main): Check if -sigalgs is available + * check_ssl_cert (check_attr): check if nmap delivers cipher strengths + +2021-10-21 Matteo Corti + + * test/unit_tests.sh (testRSA): Added a test for RSA ciphers + * check_ssl_cert (main): Fixes --rsa on systems not supporting PSS + * check_ssl_cert (create_temporary_file): Uses mktemp if available (the workaround is only used if not available for speed reasons) + +2021-10-15 Matteo Corti + + * check_ssl_cert (create_temporary_file): AIX compatible temporary file creation + +2021-10-12 Matteo Corti + + * check_ssl_cert (fetch_certificate): using OpenSSL verify to verify a local chain + +2021-10-11 Matteo Corti + + * check_ssl_cert (main): Checks the certificate chain + +2021-10-08 Matteo Corti + + * test/unit_tests.sh (testSubdomainWithUnderscore): does not test with older OpenSSL versions not supporting _ + * check_ssl_cert (fetch_certificate): Fixed a typo + +2021-10-06 Matteo Corti + + * check_ssl_cert (check_ocsp): better handling of HTML pages instead of certificates + * check_ssl_cert (parse_command_line_options): a URL can be given as host (scheme and path will be stripped) + + * check_ssl_cert (check_attr): accepts certificates without subject alternative names + +2021-10-05 Matteo Corti + + * check_ssl_cert (debuglog): added an option (--debug-time) to print the elapsed time in the debugging output + +2021-10-01 Matteo Corti + + * check_ssl_cert (check_attr): --skip-element now skips a single element and can be specified multiple times + +2021-09-29 Matteo Corti + + * check_ssl_cert (main): Added an option to set a custom state by connection failures + +2021-09-27 Matteo Corti + + * check_ssl_cert (hours_until): supporting certificate expiration after 2038-01-19 on 32 bit systems + * check_ssl_cert (main): adds a check for acceptable client certificate CAs + * test/unit_tests.sh: added a routine to create a self-signed certificate expiring in a given number of days + * test/unit_tests.sh: added a test for a certificate expiring between 0.5 and 1.5 days + +2021-09-25 Bernd Stroessenreuther + + * test/unit_tests.sh: adding tests for using floating point numbers in thresholds + +2021-09-24 Bernd Stroessenreuther + + * check_ssl_cert: --warning and --critical now also accept floating point numbers + +2021-09-24 Matteo Corti + + * test/unit_tests.sh (oneTimeSetup): defining TMPDIR if not defined + +2021-09-24 Bernd Stroessenreuther + + * test/unit_tests.sh: adding a test for checking a local CRL file + +2021-09-22 Matteo Corti + + * Makefile (dist): make dist does not check the format (just builds the distribution) + +2021-09-21 Matteo Corti + + * check_ssl_cert (fetch_certificate): converts local CRLs from DER to PEM + * check_ssl_cert (main): does not check renegotiation when checking files + +2021-09-17 Bernd Stroessenreuther + + * test/unit_tests.sh: fixing error with endless ping if IPv6 enabled + +2021-09-17 Bernd Stroessenreuther + + * check_ssl_cert: fixing error with SCT when checking a CRL file + +2021-09-17 Matteo Corti + + * test/unit_tests.sh (testPrometheus): added test for --prometheus + + * check_ssl_cert: Adding output for Prometheus + +2021-09-16 Matteo Corti + + * check_ssl_cert (critical): Applied a patch to fix the output of multiple errors + * check_ssl_cert (main): Automatically assume localhost if --file is specified + +2021-09-15 Matteo Corti + + * check_ssl_cert (usage): Added an option to ignore OCSP server errors + * check_ssl_cert (check_ocsp): Fixed the detection of an internal error + +2021-09-02 Matteo Corti + + * check_ssl_cert (hours_until): computes the date with dconv if date -f is missing + +2021-09-01 Matteo Corti + + * check_ssl_cert (main): detects old BSD date without -f + +2021-08-31 Matteo Corti + + * check_ssl_cert (main): added -crlf to the connection for the renegotiation test + +2021-08-27 Matteo Corti + + * check_ssl_cert (check_attr): skipping the CN check on IP addresses + +2021-08-26 Matteo Corti + + * check_ssl_cert (check_attr): small improvement in the verbose output of SSL Labs + +2021-08-25 Matteo Corti + + * README.md: Info about quoting * + +2021-08-19 Matteo Corti + + * check_ssl_cert (parse_command_line_options): do not delete COMMON_NAME by --file + +2021-08-18 Matteo Corti + + * check_ssl_cert (parse_command_line_options): Fixed the debugging output by the command line arguments splitting + +2021-08-16 Matteo Corti + + * check_ssl_cert (main): Support DANE TLSA 312 + +2021-08-13 Matteo Corti + + * test/unit_tests.sh (testMultipleAltNamesOK): Added a test for multiple --cn and OK status + * check_ssl_cert (parse_command_line_options): Fixed the -n option (the old value was overwritten each time) + * check_ssl_cert (main): Better validation of the host command line argument + +2021-07-09 Matteo Corti + + * check_ssl_cert: performance data is no more shown by critical and warning message when --no-perf is specified + +2021-06-22 Matteo Corti + + * check_ssl_cert: removes the file name from file(1) output + +2021-06-18 Matteo Corti + + * check_ssl_cert (check_attr): stop the SSL Labs checks after an error + +2021-06-16 Matteo Corti + + * check_ssl_cert (check_attr): show the progress in % by SSL labs + * check_ssl_cert (check_attr): removing unnecessary port probing with nmap + +2021-05-31 Matteo Corti + + * check_ssl_cert (check_cert_end_date): Display since how many days the certificate was valid + +2021-05-28 Igor Mironov + + * check_ssl_cert: compatibility fixes for LibreSSL 2.8.3 on macOS Catalina + +2021-05-21 Matteo Corti + + * check_ssl_cert: added the --debug-file option + * check_ssl_cert(check_ocsp): append .crt to the debug certificates + * check_ssl_cert: sanity checks for file write operations + +2021-05-07 Matteo Corti + + * check_ssl_cert (check_ocsp): Do not store the debugging copy of the certificate in the $TMPDIR + +2021-05-06 Matteo Corti + + * check_ssl_cert (main): Fixed an error in the parameter validation + +2021-05-05 Matteo Corti + + * check_ssl_cert (check_attr): do not wait if SSL Labs is giving an error + +2021-04-30 Matteo Corti + + * Makefile: avoid putting extended attribute files in the archives + +2021-04-29 Matteo Corti + + * check_ssl_cert (check_attr): Do not remove parenthesis from URI + +2021-04-29 Claus-Theodor Riegg (https://github.com/ctriegg-mak) + + * check_ssl_cert: match underscores in subdomains when matching name to wildcard certs + +2021-04-28 Matteo Corti + + * check_ssl_cert (check_attr): adds and option to remove performance data + +2021-04-23 Matteo Corti + + * check_ssl_cert (fetch_certificate): Better handling of timeouts + +2021-04-12 Matteo Corti + + * check_ssl_cert (critical): Fixed the output when the CN is not available + +2021-04-07 Matteo Corti + + * check_ssl_cert (main): adding -starttls to the renegotiation check if needed + +2021-04-01 Matteo Corti + + * check_ssl_cert: The host name must now always match with the certificate + * check_ssl_cert: (fetch_certificate): Fixed the errors messages (and added a new one for missing STARTTLS) + +2021-03-31 Matteo Corti + + * check_ssl_cert (main): Added the --resolve option + +2021-03-29 Matteo Corti + + * check_ssl_cert: All the verbose messages are not beginning with a lowercase letter + * check_ssl_cert: Added the possibility to have different verbose and debug levels + * check_ssl_cert: Cleaner verbose output + * check_ssl_cert: Short options can now be grouped + +2021-03-25 Matteo Corti + + * check_ssl_cert (fetch_certificate): Better error handling in case a TLS connection is not possible + +2021-03-22 Matteo Corti + + * check_ssl_cert (usage): adds a --all option to allow all the optional checks at the maximum level + +2021-03-22 Matteo Corti + + * check_ssl_cert (fetch_certificate): detecting a timeout on the OpenSSL level + +2021-03-15 Matteo Corti + + * check_ssl_cert (openssl_version): works on systems which add a string to the OpenSSL version output (+ several fixes) + +2021-03-14 Matteo Corti + + * check_ssl_cert (openssl_version): added a function to compare OpenSSL versions. Getting rid of the man dependency + +2021-03-12 Matteo Corti + + * check_ssl_cert (exec_with_timeout): fixing timeout on systems using 'timeout' + +2021-03-12 Matteo Corti + + * check_ssl_cert (exec_with_timeout): reducing the total timeout by each execution + * check_ssl_cert (check_attr): check ciphers with nmap + + * check_ssl_cert (check_ocsp): looping over all the supplied URIs + +2021-03-11 Matteo Corti + + * check_ssl_cert (check_attr): Setting GZIP to quiet (-q) before using man + +2021-03-10 Matteo Corti + + * check_ssl_cert (main): Improved renegotiation testing + * check_ssl_cert (fetch_certificate): Added --password to specify a password source for PCKS12 certificates + +2021-03-09 Matteo Corti + + * check_ssl_cert (main): Added missing processing of the --inetproto option + * check_ssl_cert (main): Added a sanity check for the protocol support of s_client + * check_ssl_cert (check_ocsp): skipping empty certificates + * check_ssl_cert (fetch_certificate): supporting local files in PKCS #12 and DER formats + * check_ssl_cert (main): Using grep -F when possible + +2021-02-28 Matteo Corti + + * check_ssl_cert (check_attr): Do not check SCTs if the certificate is self signed + +2021-02-25 Matteo Corti + + * check_ssl_cert (check_attr): fixed the SCT check + +2021-02-24 Matteo Corti + + * check_ssl_cert (main): Check for TLS renegotiation + +2021-02-19 Matteo Corti + + * check_ssl_cert (main): Do not reset $OPENSSL so that a different + OpenSSL version can be specified with the environment variable + +2021-02-17 Robin Pronk + + * check_ssl_cert: Make HTTP request URL configurable (default stays /) + +2021-02-05 Matteo Corti + + * check_ssl_cert (main): Adds a check for grep (to check if basic utilities are in the PATH) + +2021-01-28 Matteo Corti + + * check_ssl_cert (check_attr): Checks for signed certificate timestamps (SCTs) + * check_ssl_cert (fetch_certificate): Better error catching for s_client errors + +2021-01-26 Matteo Corti + + * check_ssl_cert (hours_until): Warning about BusyBox date dropping the time zone + +2021-01-26 Matteo Corti + + * check_ssl_cert: added --date to specify the date binary + * check_ssl_cert (hours_until): support for BusyBox date + +2021-01-25 Matteo Corti + + * check_ssl_cert (exec_with_timeout): Better handling of wait and kill output + +2021-01-18 Matteo Corti + + * check_ssl_cert (exec_with_timeout): Execute timeout in the background so that it can handle signals + * check_ssl_cert (fetch_certificate): Better error message for DH with a too small key and handshake failure + * check_ssl_cert (check_crl): Checks revocation via CRL + +2021-01-15 Matteo Corti + + * check_ssl_cert (check_ocsp): OCSP check on all the chain elements + +2021-01-14 Matteo Corti + + * check_ssl_cert (check_attr): retries when SSL Labs is running at full capacity + +2020-12-23 Matteo Corti + + * check_ssl_cert (main): - instead of _ to separate words in the command line options + +2020-12-22 Matteo Corti + + * check_ssl_cert (main): added the --no-proxy option + +2020-12-21 Matteo Corti + + * check_ssl_cert (main): added a sanity check for the -f option + * check_ssl_cert (main): better handling of certificates without CN + +2020-12-16 Matteo Corti + + * check_ssl_cert (main): fixed the regex for the proxy cleanup for s_client + +2020-12-15 Matteo Corti + + * check_ssl_cert (require_s_client_option): Checks if s_client supports the -no_ssl[23] options + * check_ssl_cert (main): Better filtering of the nmap output + +2020-12-11 Matteo Corti + + * check_ssl_cert: Corrected the handling of the issuer URI + +2020-12-01 Matteo Corti + + * check_ssl_cert: Correct handling of -proxy by s_client and --proxy by curl + +2020-11-30 Matteo Corti + + * check_ssl_cert (create_temporary_file): bug fix: temp directory not used + * check_ssl_cert: patch for the --element option + * check_ssl_cert: bug fix: force -4 or -6 with curl when specified + +2020-08-07 Matteo Corti + + * check_ssl_cert: Fixed a bug with the output of --version + +2020-07-24 Matteo Corti + + * check_ssl_cert (check_attr): Fixed a bug in the output with --not-issued-by + +2020-07-02 Matteo Corti + + * check_ssl_cert (fetch_certificate): MySQL support + +2020-07-01 Matteo Corti + + * check_ssl_cert: Adding support for better file(1) certificate parsing + +2020-06-12 Matteo Corti + + * check_ssl_cert (main): Fixed a problem on BSD in the processing of the issuers + * check_ssl_cert (debuglog): [DBG] prefix for all the lines + +2020-06-09 Matteo Corti + + * check_ssl_cert: fixed a bug in the output (expiration date of chain elements) + +2020-06-05 Matteo Corti + + * check_ssl_cert (fetch_certificate): support for s_client -proxy option + +2020-06-04 Matteo Corti + + * check_ssl_cert: Processes all the certificates in the chain + * check_ssl_cert: New option to check that the issuer does not match a given pattern + +2020-05-18 Matteo Corti + + * check_ssl_cert: Propagates the -6 switch to nmap + +2020-03-26 Matteo Corti + + * check_ssl_cert (main): show command line arguments in debug mode + +2020-03-09 Matteo Corti + + * check_ssl_cert (check_attr): new option (--not-valid-longer-than) to check if a certificate is valid longer than the specified number of days + +2020-02-17 Matteo Corti + + * check_ssl_cert (fetch_certificate): added support for xmpp-server in the STARTTLS negotiation + +2020-01-07 Matteo Corti + + * check_ssl_cert (fetch_certificate): option to force HTTP/2 + +2019-12-23 Matteo Corti + + * check_ssl_cert (fetch_certificate): better error message in case of connection refused + +2019-12-20 Matteo Corti + + * check_ssl_cert: better error message in case of an invalid host + +2019-11-04 Matteo Corti + + * check_ssl_cert (fetch_certificate): fixed a bug in the SMTP connection (using s_client -name) + * check_ssl_cert (main): -name only used with OpenSSL versions which supports it + +2019-10-31 Matteo Corti + + * check_ssl_cert (exec_with_timeout): the return value of the command is no more ignored from expect + +2019-10-29 Matteo Corti + + * check_ssl_cert: Merged a patch fixing a copy and paste error with sieve + +2019-10-28 Matteo Corti + + * check_ssl_cert (exec_with_timeout): Better handling of timeout return codes + +2019-10-28 Matteo Corti + + * check_ssl_cert (main): Better error message for non matching DANE records + * check_ssl_cert (main): Default ports for other protocols + +2019-10-25 Matteo Corti + + * check_ssl_cert (check_required_prog): fixed a couple of small issues and introduced a feature to specify the dig binary + +2019-10-22 Matteo Corti + + * check_ssl_cert (main): Fixed a bug printing both a critical and a warning message when both condition match + +2019-10-18 Matteo Corti + + * check_ssl_cert (main): Fixed a bug ignoring --dane without parameters + +2019-10-16 Matteo Corti + + * check_ssl_cert (main): Integrated the DANE checks + +2019-10-14 Matteo Corti + + * check_ssl_cert (main): Remove RSA-PSS if not TLS 1.3 requested + * check_ssl_cert (check_attr): Write the OCSP issuer cert to the temporary directory + +2019-10-10 Matteo Corti + + * check_ssl_cert (main): do not disable TLS 1.3 if --rsa is specified + +2019-10-10 Matteo Corti + + * check_ssl_cert (main): fixes the ciphers for --rsa and --ecdsa + +2019-10-10 Matteo Corti + + * check_ssl_cert (check_attr): a wildcard certificate does not match the 'main' domain + +2019-10-09 Matteo Corti + + * check_ssl_cert: disables TLS 1.3 with --rsa + * check_ssl_cert: Validate OCSP stapling expiring date + +2019-09-26 Matteo Corti + + * check_ssl_cert: stops if needed programs are not found + +2019-09-24 Matteo Corti + + * check_ssl_cert: Fixed a bug in the processing of the SSL Labs options + * check_ssl_cert: Fixed a bug with POP3S + +2019-09-24 Matteo Corti + + * check_ssl_cert: OCSP check does not trigger an additional s_client call + +2019-09-19 Matteo Corti + + * check_ssl_cert: Fixed a problem in the critical output + +2019-09-18 Matteo Corti + + * check_ssl_cert: Consolidated the error messages in case of more than one error + * check_ssl_cert: Fixed a bug where the cipher was not forced by the OCSP checks + +2019-08-09 Matteo Corti + + * check_ssl_cert (ascii_grep): Removed NULL characters before 'grepping' a file + * check_ssl_cert (critical): Display the CN in a critical or warning message (if present) + * check_ssl_cert: merged patch to choose the IP protocol version + +2019-08-08 Matteo Corti + + * check_ssl_cert: Applied patch to support LDAPS + * check_ssl_cert.1: Formatting and ordering + +2019-07-26 Matteo Corti + + * check_ssl_cert: Try to detect if LDAP is not supported + +2019-06-02 Matteo Corti + + * check_ssl_cert: Return the filename when using --file by warnings + +2019-03-28 Matteo Corti + + * check_ssl_cert: added an option to specify a user agent for curl + +2019-02-27 Matteo Corti + + * test/unit_tests.sh (testMultipleAltNamesFailTwo): removed outdated tests + +2019-02-27 Matteo Corti + + * check_ssl_cert: better error message in case of wrong intermediate certificate + +2019-02-19 Matteo Corti + + * check_ssl_cert: Better error message in case of OCSP failure + +2019-02-08 Matteo Corti + + * check_ssl_cert: Check the readability of the certificate file + +2019-02-01 Matteo Corti + + * check_ssl_cert: applied patch for the SSLlabs warning + +2019-01-16 Matteo Corti + + * check_ssl_cert: replaced echo -e with printf + +2018-12-24 Matteo Corti + + * check_ssl_cert: Better output in case of errors while using SNI + +2018-12-19 Matteo Corti + + * check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S + * check_ssl_cert: Support for SNI and SSL Labs + +2018-12-11 Matteo Corti + + * check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993 + * check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer + +2018-11-07 Matteo Corti + + * check_ssl_cert: Fixed a problem with IMAP on port 993 + * check_ssl_cert: fixed a problem with newlines in the HTTP request + +2018-11-05 Matteo Corti + + * check_ssl_cert: CA file and directory support + +2018-10-19 Matteo Corti + + * check_ssl_cert: Fixed the HTTP request string + +2018-10-18 eimamagi + + * check_ssl_cert: Allow to specify a client certificate key + +2018-10-15 Matteo Corti + + * check_ssl_cert (exec_with_timeout): fixed the check on the the return value + +2018-08-10 Matteo Corti + + * check_ssl_cert: disabling OCSP checks if no OCSP host is found + +2018-07-20 Matteo Corti + + * check_ssl_cert: Applied a patch from Markus Frosch to fix the cleanup of temporary files + +2018-07-01 Matteo Corti + + * check_ssl_cert: do not trap on EXIT + * check_ssl_cert: remove temporary file when no signals are trapped + +2018-06-28 Matteo Corti + + * check_ssl_cert: fixed a bug in the deletion of temporary files when a signal is caught + +2018-06-25 Matteo Corti + + * check_ssl_cert: added a check to require OCSP stapling + +2018-04-29 Matteo Corti + + * check_ssl_cert: Removed the SNI name check patch (see #78) + +2018-04-19 Matteo Corti + + * check_ssl_cert: Merged the SNI name check patch + +2018-04-17 Matteo Corti + + * check_ssl_cert: Merged the --terse patch, added performance data to the terse output and reordered the help + +2018-04-12 Matteo Corti + + * Makefile: Checks if the copyright year is correct. make test is now dependent on make dist + +2018-04-06 Matteo Corti + + * check_ssl_cert: Added UTF8 output + +2018-04-05 Matteo Corti + + * check_ssl_cert: Added debugging output for curl + +2018-03-29 Matteo Corti + + * check_ssl_cert: Fixed a bug introduced in the last version + +2018-03-28 Matteo Corti + + * check_ssl_cert: Removed curl dependency when not checking SSL Labs + +2018-03-17 Matteo Corti + + * check_ssl_cert: Added support for TLS 1.3 + +2018-03-06 Matteo Corti + + * check_ssl_cert: Fixed OCSP check with LibreSSL + * check_ssl_cert: Lists the number or default root certificates in debug mode + +2018-01-19 Matteo Corti + + * check_ssl_cert: Fixed a bug processing more than one OCSP host + +2017-12-15 Matteo Corti + + * check_ssl_cert: Fixed a bug in the specification of the xmpphost parameter + +2017-12-14 Matteo Corti + + * check_ssl_cert: Added an option to specify the 'to' attribute of the XMPP stream element + +2017-11-29 Wim van Ravesteijn https://github.com/wimvr + + * check_ssl_cert: Support for DER encoded CRL files + +2017-11-28 Georg https://github.com/gbotti + + * check_ssl_cert: added --fingerprint to check the SHA1 fingerprint of the certificate + +2017-11-17 Matteo Corti + + * check_ssl_cert (fetch_certificate): adding support for -xmpphost if available + +2017-11-16 Matteo Corti + + * check_ssl_cert (fetch_certificate): fixing XMPP support + +2017-11-16 + + * check_ssl_cert (fetch_certificate): adding support for IPv6 addresses + +2017-09-18 Bernd Stroessenreuther + + * check_ssl_cert: with -f option you now can also pass a certificate revocation list (CRL) to check its validity period + +2017-09-10 Matteo Corti + + * check_ssl_cert: OCSP check is now terminated by a timeout + +2017-09-09 Matteo Corti + + * check_ssl_cert: The SAN requirement is now optional + +2017-07-28 Matteo Corti + + * check_ssl_cert: Use openssl s_client's -help option to test for SNI support (thanks to d7415) + +2017-07-24 Matteo Corti + + * check_ssl_cert: Fix in the Common Name parsing + +2017-06-23 Matteo Corti + + * check_ssl_cert: Checks for missing subjectAlternativeName extension + +2017-06-15 Matteo Corti + + * check_ssl_cert: Do not try to check OCSP if the protocol is not HTTP or HTTPS + +2017-05-15 Matteo Corti + + * check_ssl_cert: Fixed a problem with the detection of OCSP URLs + +2017-05-02 Matteo Corti + + * check_ssl_cert: Added --location to curl to follow redirects + * check_ssl_cert: Fixed the indentation of EOF in the embedded Perl script + * check_ssl_cert: Added --force-date-perl to force the usage of Perl for date computations and a test to be sure no errors in Perl are left undetected + +2017-04-28 Matteo Corti + + * check_ssl_cert: Fixed a bug occurring when more than one issuer URI is present + +2017-03-07 Matteo Corti + + * check_ssl_cert: Added LDAP support + +2017-03-01 Matteo Corti + + * check_ssl_cert: By errors it makes more sense to show the supplied host instead of the CN + +2017-02-16 Matteo Corti + + * check_ssl_cert: Support for newer OpenSSL versions (1.1) + +2017-02-10 Matteo Corti + + * check_ssl_cert: Added the --sni option + +2017-02-08 Matteo Corti + + * check_ssl_cert: Patch from Pavel Rochnyak: Changed the CN output when --altnames is used + +2017-02-02 Matteo Corti + + * check_ssl_cert: Fixed the command line argument parsing + * check_ssl_cert: Fixed -servername + +2017-01-29 Matteo Corti + + * check_ssl_cert: Added patches from Pavel Rochnyak for the issuer certificate cache patch + and the wildcard support in alternative names + +2016-12-23 Matteo Corti + + * check_ssl_cert: Added patch to specify multiple CNs (see https://github.com/matteocorti/check_ssl_cert/pull/35) + +2016-12-13 Matteo Corti + + * check_ssl_cert: fixed a minor problem with --debug + +2016-12-06 Matteo Corti + + * check_ssl_cert: fixed a problem when specifying a CN beginning with * + +2016-12-04 Matteo Corti + + * check_ssl_cert: fixed problem when file is returning PEM certificate on newer Linux distributions + +2016-09-19 Matteo Corti + + * check_ssl_cert: enabling proxy support in the OCSP check (thanks to Leynos) + +2016-08-04 Matteo Corti + + * check_ssl_cert: disabling OCSP checks when no issuer URI is found + +2016-07-29 Matteo Corti + + * check_ssl_cert: fixed case insensitive comparison of CNs + +2016-07-29 https://github.com/bb-Ricardo + + * check_ssl_cert: calculate expiration primary with date + +2016-07-12 Matteo Corti + + * check_ssl_cert: fixed the parsing of the CN field + +2016-06-25 Matteo Corti + + * check_ssl_cert: fixed OCSP header on old OpenSSL versions + +2016-06-24 Matteo Corti + + * check_ssl_cert: OCSP is now default + + * check_ssl_certe: Fixed OCSP host + +2016-06-15 Matteo Corti + + * check_ssl_cert: Better curl error handling + +2016-06-10 Matteo Corti + + * check_ssl_cert: Added an option to clear the cached result at SSLLabs + +2016-06-01 juckerf (https://github.com/juckerf) + + * check_ssl_cert: Increase control over which SSL/TLS versions to use + +2016-05-17 Matteo Corti + + * check_ssl_cert: added more debugging info (-v is automatic if -d is specified, system info and cert written to a file) + +2016-04-27 Matteo Corti + + * check_ssl_cert: Fixes a bug in the OpenSSL error parsing + +2016-04-05 Matteo Corti + + * check_ssl_cert: In case of an s_client error does not output the full (ugly) error. The error is shown in verbose mode + +2016-03-29 Sergei Shmanko + + * check_ssl_cert: Fix wildcard match regex, add additional unit tests + +2016-03-21 Matteo Corti + + * check_ssl_cert (exec_with_timeout): issues a critical status + when using the 'timeout' utility + +2016-03-19 Matteo Corti + + * check_ssl_cert: fixed CN parsing on non-GNU systems + +2016-03-19 Sergei https://github.com/sshmanko + + * check_ssl_cert: handle wildcard certificates + +2016-03-10 Matteo Corti + + * check_ssl_cert (check_attr): Better handling of verification errors + +2016-03-09 Matteo Corti + + * check_ssl_cert (convert_ssl_lab_grade): accepts lowercase letters for SSL Labs grades + * check_ssl_cert (check_attr): waits for SSL Labs results + +2016-03-08 Matteo Corti + + * check_ssl_cert: Tries to extract an error message from SSL Labs + if no status is returned + +2016-03-07 Sam Richards + * check_ssl_cert: Support SNI even when we don't want to check cn + +2016-03-07 Matteo Corti + + * check_ssl_cert: DNS errors by SSL Labs are ignored (as they are just + a sign that the result is not cached) + +2016-03-03 Matteo Corti + + * check_ssl_cert: Initial support for SSL Labs checks + +2016-03-01 Matteo Corti + + * check_ssl_cert: Fixed a bug which prevented the check on the expiration + +2015-10-31 Matteo Corti + + * check_ssl_cert: added a patch to check the certificate's serial number + (thanks to Milan Koudelka) + +2015-10-20 Matteo Corti + + * check_ssl_cert: fixed a problem with OCSP paths w/o URLs + +2015-04-07 Matteo Corti + + * check_ssl_cert: corrected some typos (thanks to Jérémy Lecour) + * check_ssl_cert: removed check on the openssl binary name + +2014-10-21 Matteo Corti + + * check_ssl_cert: added a patch to check revocation via OCSP (thanks + to Ryan Nowakowski) + +2014-02-28 Matteo Corti + + * Makefile: added a target to build an rpm + +2013-12-23 Matteo Corti + + * check_ssl_cert: added the --tls1 option to force TLS 1 + +2013-10-09 Matteo Corti + + * check_ssl_cert: whole script reviewed with shellcheck + +2013-10-01 Matteo Corti + + * check_ssl_cert: fixes with shellcheck (quoting) + +2013-07-29 Matteo Corti + + * check_ssl_cert: Added an option to force a given SSL version + +2013-03-02 Matteo Corti + + * check_ssl_cert: Fixed a bug occurring with TLS and multiple names in + the certificate + +2012-12-07 Matteo Corti + + * check_ssl_cert: removed "test -a/-o" (test has an undefined + behavior with more than 4 elements) + + * check_ssl_cert: fixed #122 (-N was always comparing the CN with 'localhost') + +2012-11-16 Matteo Corti + + * simplified the sourcing of the script file for testing + +2012-10-11 Matteo Corti + + * added some unit tests with shUnit2 + +2012-09-19 Matteo Corti + + * check_ssl_cert: improved the "No certificate returned" error message + +2012-07-13 Matteo Corti + + * check_ssl_cert: added the number of days from or to expiration in the + plugin output + +2012-07-11 Matteo Corti + + * check_ssl_cert: fixed a bug with Perl date computation on some systems + +2012-07-06 Matteo Corti + + * check_ssl_cert: performance data in days + * check_ssl_cert: long output (certificate attributes) + +2012-04-05 Matteo Corti + + * check_ssl_cert: handle broken OpenSSL clients (-servername not working) + +2012-04-04 Matteo Corti + + * check_ssl_cert: removed an hard coded reference to the error number by the + SSL chain verification + +2011-10-22 Matteo Corti + + * check_ssl_cert: added a --altnames option to match the CN to alternative + names + +2011-09-01 Matteo Corti + + * check_ssl_cert: applied a patch from Sven Nierlein + (certificate authentication) + +2011-03-10 Matteo Corti + + * check_ssl_cert: allows http to specified as protocol + (thanks to Raphael Thoma) + * check_ssl_cert: fixes the -N check for certs with wildcards + (thanks to Raphael Thoma) + +2011-01-24 Matteo Corti + + * check_ssl_cert: added an option to specify the openssl executable + +2010-12-16 Dan Wallis + + * check_ssl_cert: Sets $VERBOSE to avoid using value supplied by Nagios + * check_ssl_cert: Quotes regular expression for grep to avoid shell globbing + +2010-12-09 Matteo Corti + + * check_ssl_cert.spec: standardized the RPM package name + + * check_ssl_cert: added support for the TLS servername extension + (thanks to Matthias Fuhrmeister) + +2010-11-02 Matteo Corti + + * INSTALL: specifies that expect is needed for timeouts + +2010-10-29 Matteo Corti + + * README: specifies that expect is needed for timeouts + +2010-10-28 Matteo Corti + + * check_ssl_cert: trap on more signals (thanks to Lawren Quigley-Jones) + +2010-10-14 Matteo Corti + + * check_ssl_cert: added a patch from Yannick Gravel putting the + chain verification at the end of the tests + +2010-10-01 Matteo Corti + + * check_ssl_cert: added a patch from Lawren Quigley-Jones which + implements a new command line argument (-A) to disable the + certificate chain check + +2010-09-15 Matteo Corti + + * check_ssl_cert: fixed option processing (bug #78) + +2010-08-26 Dan Wallis + + * check_ssl_cert: overloads --rootcert for use with directories as + well as files (-CApath versus -CAfile) + +2010-07-21 Matteo Corti + + * check_ssl_cert: added a patch from Marc Fournier to check the creation of the temporary files + * check_ssl_cert: added the --temp option to specify where to store the temporary files + +2010-07-10 Matteo Corti + + * check_ssl_cert: improved the error messages + * check_ssl_cert: checks for certificates without email addresses (if -e is specified) + +2010-07-09 Matteo Corti + + * check_ssl_cert: added a "long" version for all the command line options + * check_ssl_cert: added a critical and warning option for the certificate validity (in days) + * check_ssl_cert: the plugin always issues a critical warning if the certificate is expired + * check_ssl_cert: added a man page + +2010-07-07 Matteo Corti + + * check_ssl_cert: [Wolfgang Schricker patch] Add -f to check local files + +2010-07-01 Matteo Corti + + * check_ssl_cert: [Yannick Gravel patch] Restore displaying the CN in every messages: + a previous patch changed something and only + critical were adjusted. + * check_ssl_cert: [Yannick Gravel patch] Adjust what is displayed after the from in + the OK message to display the matched ISSUER + (CN or O). + +2010-06-08 Matteo Corti + + * check_ssl_cert: added the -s option to allow self signed certificates + +2010-03-11 Matteo Corti + + * check_ssl_cert: fixed the == bashism + +2010-03-08 Matteo Corti + + * check_ssl_cert: applied patch from Marcus RejÃ¥s with the -n and -N options + +2009-12-02 Matteo Corti + + * check_ssl_cert: check if the issuer matches the O= or the CN= field of the Root Cert + +2009-11-30 Matteo Corti + + * check_ssl_cert: cleaned up error messages if the CN is not yet known + * check_ssl_cert: added certificate chain verification + * check_ssl_cert: allow backslashes escaped in the error messages (e.g., for \n used by Nagios 3) + * check_ssl_cert: -r can be used to specify a root certificate to be used for the verification + +2009-03-31 Matteo Corti + + * check_ssl_cert: standard timeout of 15 seconds (can be set with the -t option) + +2009-03-30 Matteo Corti + + * check_ssl_cert: -P option to specify the protocol + +2008-05-13 Matteo Corti + + * check_ssl_cert: applied a patch from Dan Wallis to output the CN + in all the messages + +2008-02-28 Matteo Corti + + * check_ssl_cert: shortened the error message in case of no connection + (only the first line is reported) + +2008-02-25 Matteo Corti + + * check_ssl_cert: [Dan Wallis patch] removed nmap dependency + * check_ssl_cert: [Dan Wallis patch] mktemp for the temporaries + * check_ssl_cert: [Dan Wallis patch] using trap to cleanup temporaries + * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup + * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup + * check_ssl_cert: [Dan Wallis patch] better handling of missing + certificate and non resolvable host + * check_ssl_cert: [Dan Wallis patch] stricter check for "notAfter" in the + certificate analysis + +2007-09-04 Matteo Corti + + * check_ssl_cert: better error messages (both the actual and the + expected values are displayed) + +2007-08-31 Matteo Corti + + * check_ssl_cert: new options to enforce email and + organization. Temporary files are now removed before termination + +2007-08-15 Matteo Corti + + * check_ssl_cert: openssl s_client closes the connection cleanly + +2007-08-10 Matteo Corti + + * check_ssl_cert: initial release diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,5261 @@ +#!/bin/sh +# +# check_ssl_cert +# +# Checks an X.509 certificate: +# - checks if the server is running and delivers a valid certificate +# - checks if the CA matches a given pattern +# - checks the validity +# +# See the INSTALL file for installation instructions +# +# Copyright (c) 2007-2012 ETH Zurich. +# Copyright (c) 2007-2021 Matteo Corti +# +# This module is free software; you can redistribute it and/or modify it +# under the terms of GNU general public license (gpl) version 3. +# See the LICENSE file for details. + +################################################################################ +# Constants + +VERSION=2.15.0 +SHORTNAME="SSL_CERT" + +VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint," + +SIGNALS="HUP INT QUIT TERM ABRT" + +LC_ALL=C + +# return value for the creation of temporary files +TEMPFILE="" + +################################################################################ +# Variables +STATUS_OK=0 +STATUS_WARNING=1 +STATUS_CRITICAL=2 +STATUS_UNKNOWN=3 +WARNING_MSG="" +CRITICAL_MSG="" +ALL_MSG="" +EARLIEST_VALIDITY_HOURS="" +DEBUG=0 +DEBUG_FILE="" + +################################################################################ +# Functions + +################################################################################ +# To set a variable with an HEREDOC in a POSIX compliant way +# see: https://unix.stackexchange.com/questions/340718/how-do-i-bring-heredoc-text-into-a-shell-script-variable +# Usage: +# set_variable variablename<<'HEREDOC' +# ... +# HEREDOC +set_variable() { + # shellcheck disable=SC2016 + eval "$1"'=$(cat)' +} + +################################################################################ +# Prints usage information +# Params +# $1 error message (optional) +usage() { + + if [ -n "$1" ]; then + echo "Error: $1" 1>&2 + fi + + echo + echo "Usage: check_ssl_cert -H host [OPTIONS]" + echo " check_ssl_cert -f file [OPTIONS]" + echo + echo "Arguments:" + echo " -f,--file file local file path (works with -H localhost" + echo " only) with -f you can not only pass a x509" + echo " certificate file but also a certificate" + echo " revocation list (CRL) to check the" + echo " validity period" + echo " -H,--host host server" + echo + echo "Options:" + # Delimiter at 78 chars ############################################################ + echo " -A,--noauth ignore authority warnings (expiration" + echo " only)" + echo " --all enables all the possible optional checks" + echo " at the maximum level" + echo " --all-local enables all the possible optional checks" + echo " at the maximum level (without SSL-Labs)" + echo " --allow-empty-san allow certificates without Subject" + echo " Alternative Names (SANs)" + # Delimiter at 78 chars ############################################################ + echo " -C,--clientcert path use client certificate to authenticate" + echo " -c,--critical days minimum number of days a certificate has" + echo " to be valid to issue a critical status." + echo " Can be a floating point number, e.g., 0.5" + echo " Default: ${CRITICAL_DAYS}" + echo " --check-ciphers grade checks the offered ciphers" + echo " --check-ciphers-warnings critical if nmap reports a warning for an" + echo " offered cipher" + echo " --check-ssl-labs-warn grade SSL Labs grade on which to warn" + echo " --clientpass phrase set passphrase for client certificate." + echo " --crl checks revocation via CRL (requires" + echo " --rootcert-file)" + echo " --curl-bin path path of the curl binary to be used" + echo " --curl-user-agent string user agent that curl shall use to obtain" + echo " the issuer cert" + echo " --custom-http-header string custom HTTP header sent when getting the" + echo " cert example: 'X-Check-Ssl-Cert: Foobar=1'" + # Delimiter at 78 chars ############################################################ + echo " -d,--debug produces debugging output (can be" + echo " specified more than once)" + echo " --dane verify that valid DANE records exist" + echo " (since OpenSSL 1.1.0)" + echo " --dane 211 verify that a valid DANE-TA(2) SPKI(1)" + echo " SHA2-256(1) TLSA record exists" + echo " --dane 301 verify that a valid DANE-EE(3) Cert(0)" + echo " SHA2-256(1) TLSA record exists" + echo " --dane 302 verify that a valid DANE-EE(3) Cert(0)" + echo " SHA2-512(2) TLSA record exists" + echo " --dane 311 verify that a valid DANE-EE(3) SPKI(1)" + echo " SHA2-256(1) TLSA record exists" + echo " --dane 312 verify that a valid DANE-EE(3)" + echo " SPKI(1) SHA2-512(1) TLSA record exists" + echo " --date path path of the date binary to be used" + echo " --debug-cert stores the retrieved certificates in the" + echo " current directory" + echo " --debug-file file writes the debug messages to file" + echo " --debug-time writes timing information in the" + echo " debugging output" + echo " --dig-bin path path of the dig binary to be used" + # Delimiter at 78 chars ############################################################ + echo " -e,--email address pattern to match the email address" + echo " contained in the certificate" + echo " --ecdsa signature algorithm selection: force ECDSA" + echo " certificate" + echo " --element number checks up to the N cert element from the" + echo " beginning of the chain" + # Delimiter at 78 chars ############################################################ + echo " --file-bin path path of the file binary to be used" + echo " --fingerprint SHA1 pattern to match the SHA1-Fingerprint" + echo " --first-element-only verify just the first cert element, not" + echo " the whole chain" + echo " --force-dconv-date force the usage of dconv for date" + echo " computations" + echo " --force-perl-date force the usage of Perl for date" + echo " computations" + echo " --format FORMAT format output template on success, for" + echo " example: %SHORTNAME% OK %CN% from" + echo " %CA_ISSUER_MATCHED%" + # Delimiter at 78 chars ############################################################ + echo " -h,--help,-? this help message" + echo " --http-use-get use GET instead of HEAD (default) for the" + echo " HTTP related checks" + # Delimiter at 78 chars ############################################################ + echo " -i,--issuer issuer pattern to match the issuer of the" + echo " certificate" + echo " --ignore-altnames ignores alternative names when matching" + echo " pattern specified in -n (or the host name)" + echo " --ignore-connection-problems [state] in case of connection problems" + echo " returns OK or the optional state" + echo " --ignore-exp ignore expiration date" + echo " --ignore-host-cn do not complain if the CN does not match" + echo " the host name" + echo " --ignore-incomplete-chain does not check chain integrity" + echo " --ignore-ocsp do not check revocation with OCSP" + echo " --ignore-ocsp-errors continue if the OCSP status cannot be" + echo " checked" + echo " --ignore-ocsp-timeout ignore OCSP result when timeout occurs" + echo " while checking" + echo " --ignore-sct do not check for signed certificate" + echo " timestamps (SCT)" + echo " --ignore-sig-alg do not check if the certificate was signed" + echo " with SHA1 or MD5" + echo " --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)" + echo " --ignore-tls-renegotiation Ignores the TLS renegotiation check" + echo " --inetproto protocol Force IP version 4 or 6" + echo " --info Prints certificate information" + echo " --issuer-cert-cache dir directory where to store issuer" + echo " certificates cache" + # Delimiter at 78 chars ############################################################ + echo " -K,--clientkey path use client certificate key to authenticate" + # Delimiter at 78 chars ############################################################ + echo " -L,--check-ssl-labs grade SSL Labs assessment (please check " + echo " https://www.ssllabs.com/about/terms.html)" + echo " --long-output list append the specified comma separated (no" + echo " spaces) list of attributes to the plugin" + echo " output on additional lines" + echo " Valid attributes are:" + echo " enddate, startdate, subject, issuer," + echo " modulus, serial, hash, email, ocsp_uri" + echo " and fingerprint." + echo " 'all' will include all the available" + echo " attributes." + # Delimiter at 78 chars ############################################################ + echo " -n,--cn name pattern to match the CN of the certificate" + echo " (can be specified multiple times)" + echo " --nmap-bin path path of the nmap binary to be used" + echo " --no-perf do not show performance data" + echo " --no-proxy ignores the http_proxy and https_proxy" + echo " environment variables" + echo " --no-proxy-curl ignores the http_proxy and https_proxy" + echo " environment variables for curl" + echo " --no-proxy-s_client ignores the http_proxy and https_proxy" + echo " environment variables for openssl s_client" + echo " --no-ssl2 disable SSL version 2" + echo " --no-ssl3 disable SSL version 3" + echo " --no-tls1 disable TLS version 1" + echo " --no-tls1_1 disable TLS version 1.1" + echo " --no-tls1_2 disable TLS version 1.2" + echo " --no-tls1_3 disable TLS version 1.3" + echo " --not-issued-by issuer check that the issuer of the certificate" + echo " does not match the given pattern" + echo " --not-valid-longer-than days critical if the certificate validity is" + echo " longer than the specified period" + # Delimiter at 78 chars ############################################################ + echo " -o,--org org pattern to match the organization of the" + echo " certificate" + echo " --ocsp-critical hours minimum number of hours an OCSP response" + echo " has to be valid to issue a critical status" + echo " --ocsp-warning hours minimum number of hours an OCSP response" + echo " has to be valid to issue a warning status" + echo " --openssl path path of the openssl binary to be used" + # Delimiter at 78 chars ############################################################ + echo " -p,--port port TCP port" + echo " -P,--protocol protocol use the specific protocol:" + echo " ftp, ftps, http, https (default)," + echo " h2 (HTTP/2), imap, imaps, irc, ircs, ldap," + echo " ldaps, mysql, pop3, pop3s, postgres," + echo " sieve, smtp, smtps, xmpp, xmpp-server." + echo " ftp, imap, irc, ldap, pop3, postgres," + echo " sieve, smtp: switch to TLS using StartTLS" + echo " --password source password source for a local certificate," + echo " see the PASS PHRASE ARGUMENTS section" + echo " openssl(1)" + echo " --prometheus generates Prometheus/OpenMetrics output" + echo " --proxy sets http_proxy and the s_client -proxy" + # Delimiter at 78 chars ############################################################ + echo " -r,--rootcert path root certificate or directory to be used" + echo " for certificate validation" + echo " --require-client-cert [list] the server must accept a client" + echo " certificate. 'list' is an optional comma" + echo " separated list of expected client" + echo " certificate CAs" + echo " --require-no-ssl2 critical if SSL version 2 is offered" + echo " --require-no-ssl3 critical if SSL version 3 is offered" + echo " --require-no-tls1 critical if TLS 1 is offered" + echo " --require-no-tls1_1 critical if TLS 1.1 is offered" + echo " --require-ocsp-stapling require OCSP stapling" + echo " --resolve ip provides a custom IP address for the" + echo " specified host" + echo " --rootcert-dir path root directory to be used for certificate" + echo " validation" + echo " --rootcert-file path root certificate to be used for" + echo " certificate validation" + echo " --rsa signature algorithm selection: force RSA" + echo " certificate" + # Delimiter at 78 chars ############################################################ + echo " -s,--selfsigned allows self-signed certificates" + echo " --serial serialnum pattern to match the serial number" + echo " --skip-element number skips checks on the Nth cert element (can" + echo " be specified multiple times)" + echo " --sni name sets the TLS SNI (Server Name Indication)" + echo " extension in the ClientHello message to" + echo " 'name'" + echo " --ssl2 force SSL version 2" + echo " --ssl3 force SSL version 3" + # Delimiter at 78 chars ############################################################ + echo " -t,--timeout seconds timeout after the specified time" + echo " (defaults to ${TIMEOUT} seconds)" + echo " --temp dir directory where to store the temporary" + echo " files" + echo " --terse terse output" + echo " --tls1 force TLS version 1" + echo " --tls1_1 force TLS version 1.1" + echo " --tls1_2 force TLS version 1.2" + echo " --tls1_3 force TLS version 1.3" + # Delimiter at 78 chars ############################################################ + echo " -u,--url URL HTTP request URL" + # Delimiter at 78 chars ############################################################ + echo " -v,--verbose verbose output (can be specified more than" + echo " once)" + echo " -V,--version version" + # Delimiter at 78 chars ############################################################ + echo " -w,--warning days minimum number of days a certificate has" + echo " to be valid to issue a warning status." + echo " Can be a floating point number, e.g., 0.5" + echo " Default: ${WARNING_DAYS}" + # Delimiter at 78 chars ############################################################ + echo " --xmpphost name specifies the host for the 'to' attribute" + echo " of the stream element" + # Delimiter at 78 chars ############################################################ + echo " -4 force IPv4" + echo " -6 force IPv6" + echo + echo "Deprecated options:" + echo " --altnames matches the pattern specified in -n with" + echo " alternate names too (enabled by default)" + echo " --days days minimum number of days a certificate has" + echo " to be valid" + echo " (see --critical and --warning)" + echo " -N,--host-cn match CN with the host name" + echo " (enabled by default)" + echo " --no_ssl2 disable SSLv2 (deprecated use --no-ssl2)" + echo " --no_ssl3 disable SSLv3 (deprecated use --no-ssl3)" + echo " --no_tls1 disable TLSv1 (deprecated use --no-tls1)" + echo " --no_tls1_1 disable TLSv1.1 (deprecated use" + echo " --no-tls1_1)" + echo " --no_tls1_2 disable TLSv1.1 (deprecated use" + echo " --no-tls1_2)" + echo " --no_tls1_3 disable TLSv1.1 (deprecated use" + echo " --no-tls1_3)" + echo " --ocsp check revocation via OCSP (enabled by" + echo " default)" + echo " --require-san require the presence of a Subject" + echo " Alternative Name" + echo " extension" + echo " -S,--ssl version force SSL version (2,3)" + echo " (see: --ssl2 or --ssl3)" + echo + echo "Report bugs to https://github.com/matteocorti/check_ssl_cert/issues" + echo + + exit "${STATUS_UNKNOWN}" + +} + +################################################################################ +# Prints the given message to STDERR with the prefix '[DBG] ' if the debug +# command line option was specified +# $1: string +# $2: level (optional default 1) +debuglog() { + + MESSAGE=$1 + LEVEL=$2 + + if [ -n "${DEBUG_TIME}" ]; then + NOW=$(date +%s) + ELAPSED=$((NOW - DEBUG_TIME)) + ELAPSED=$(printf "%04d" "${ELAPSED}") + fi + + if [ -z "${LEVEL}" ]; then + #default + LEVEL=1 + fi + + if [ "${LEVEL}" -le "${DEBUG}" ]; then + if [ -n "${ELAPSED}" ]; then + echo "${1}" | sed "s/^/[DBG ${ELAPSED}s] /" >&2 + else + echo "${1}" | sed "s/^/[DBG] /" >&2 + fi + fi + + # debuglog is also called during the --debug-file sanity checks: we have + # to check if the file exists + if [ -n "${DEBUG_FILE}" ] && [ -e "${DEBUG_FILE}" ] && ! [ -d "${DEBUG_FILE}" ] && [ -w "${DEBUG_FILE}" ]; then + if [ -n "${ELAPSED}" ]; then + echo "+${ELAPSED}s ${1}" >>"${DEBUG_FILE}" + else + echo "${1}" >>"${DEBUG_FILE}" + fi + fi + +} + +############################################################################## +# Prints nicely certificate information +info() { + + LABEL=$1 + VALUE=$2 + + if [ -n "${INFO}" ] && [ -n "${VALUE}" ]; then + printf "%s\\t%s\\n" "${LABEL}" "${VALUE}" | expand -t 32 + fi + +} + +################################################################################ +# Checks if the given file can be created and written +# $1: file name +open_for_appending() { + + FILE_TO_OPEN=$1 + + if [ -d "${FILE_TO_OPEN}" ]; then + + unknown "${FILE_TO_OPEN} is a directory" + + elif [ -e "${FILE_TO_OPEN}" ]; then + + # file already exists + if [ ! -w "${FILE_TO_OPEN}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + + else + + FILE_TO_OPEN_DIRECTORY=$(dirname "${FILE_TO_OPEN}") + if [ ! -w "${FILE_TO_OPEN_DIRECTORY}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + + # clear / create the file + true >"${FILE_TO_OPEN}" + + fi + +} + +################################################################################ +# Checks if the given file can be created and written +# $1: file name +open_for_writing() { + + FILE_TO_OPEN=$1 + + if [ -d "${FILE_TO_OPEN}" ]; then + + unknown "${FILE_TO_OPEN} is a directory" + + elif [ -e "${FILE_TO_OPEN}" ]; then + + # file already exists + if [ ! -w "${FILE_TO_OPEN}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + + else + + FILE_TO_OPEN_DIRECTORY=$(dirname "${FILE_TO_OPEN}") + if [ ! -w "${FILE_TO_OPEN_DIRECTORY}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + + fi + + # clear / create the file + true >"${FILE_TO_OPEN}" + +} + +################################################################################ +# Prints the given message to STDOUT if the verbose command line option was +# specified +# $1: string +# $2: level (optional default 1) +verboselog() { + + MESSAGE=$1 + LEVEL=$2 + + if [ -z "${LEVEL}" ]; then + #default + LEVEL=1 + fi + + if [ "${LEVEL}" -le "${VERBOSE}" ]; then + echo "${MESSAGE}" >&2 + fi + +} + +################################################################################ +# trap passing the signal name +# see https://stackoverflow.com/questions/2175647/is-it-possible-to-detect-which-trap-signal-in-bash/2175751#2175751 +trap_with_arg() { + func="$1" + shift + for sig; do + # shellcheck disable=SC2064 + trap "${func} ${sig}" "${sig}" + done +} + +################################################################################ +# Cleanup temporary files +remove_temporary_files() { + debuglog "cleaning up temporary files" + # shellcheck disable=SC2086 + if [ -n "${TEMPORARY_FILES}" ]; then + TEMPORARY_FILES_TMP="$(echo "${TEMPORARY_FILES}" | tr '\ ' '\n')" + debuglog "${TEMPORARY_FILES_TMP}" + rm -f ${TEMPORARY_FILES} + fi +} + +################################################################################ +# Cleanup when exiting +cleanup() { + SIGNAL=$1 + debuglog "signal caught ${SIGNAL}" + remove_temporary_files + # shellcheck disable=SC2086 + trap - ${SIGNALS} + exit +} + +create_temporary_file() { + + # create a temporary file + # mktemp is not always available (e.g., on AIX) + # we could use https://stackoverflow.com/questions/10224921/how-to-create-a-temporary-file-with-portable-shell-in-a-secure-way + # but on some systems od -N4 -tu /dev/random takes seconds (?) to execute + + if [ -n "${MKTEMP}" ]; then + TEMPFILE="$(mktemp "${TMPDIR}/XXXXXX" 2>/dev/null)" + else + TEMPFILE=${TMPDIR}/XXX-$(od -N4 -tu /dev/random | head -n 1 | sed 's/\ *$//' | sed 's/.*\ //') + touch "${TEMPFILE}" + fi + + if [ -z "${TEMPFILE}" ] || [ ! -w "${TEMPFILE}" ]; then + unknown 'temporary file creation failure.' + fi + + debuglog "temporary file ${TEMPFILE} created" + + # add the file to the list of temporary files + TEMPORARY_FILES="${TEMPORARY_FILES} ${TEMPFILE}" + +} + +################################################################################ +# Compute the number of hours until a given date +# Params +# $1 date +# return HOURS_UNTIL +hours_until() { + + DATE=$1 + + debuglog "Date computations: ${DATETYPE}" + + # we check if we are on a 32 bit system and if the date is beyond the max date + # we simplify and consider a date invalid after 1.1.2038 instead of 19.1.2038 + # since date is not able to parse the date we do it manually with a little bit of heuristics ... + LONG_BIT_TMP="$(getconf LONG_BIT)" + if [ "${LONG_BIT_TMP}" -eq 32 ]; then + debuglog "32 bit system" + CERT_YEAR=$(echo "${DATE}" | sed 's/.*\ \(2[0-9][0-9][0-9]\).*/\1/') + debuglog "Checking if the year ${CERT_YEAR} is beyond the max date for the system 2038-01-19" + if [ "${CERT_YEAR}" -gt 2038 ]; then + verboselog "${DATE} is beyond the maximum date on a 32 bit system: we consider 2038-01-19" + DATE='Jan 19 00:00:00 2038 GMT' + fi + fi + + debuglog "Computing number of hours until '${DATE}'" + + case "${DATETYPE}" in + "BSD") + + # new BSD date + HOURS_UNTIL=$((($(${DATEBIN} -jf "%b %d %T %Y %Z" "${DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + + ;; + + "DCONV") + + debuglog "Computing date with dconv" + + # detect the date -j required format + if date --help 2>&1 | grep -q '\[\[\[mm\]dd]HH\]MM\[\[cc\]yy\]\[\.ss\]\]'; then + + # e.g., macOS + + debuglog "date -j format [[[mm]dd]HH]MM[[cc]yy][.ss]]" + debuglog "executing: echo '${DATE}' | sed 's/ / /g' | ${DCONV_BIN} -f \"%m%d%H%M%Y.%S\" -i \"%b %d %H:%M:%S %Y %Z\"" + + CONVERTED_DATE=$(echo "${DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%m%d%H%M%Y.%S" -i "%b %d %H:%M:%S %Y %Z") + debuglog "date converted with dconv: ${CONVERTED_DATE}" + + HOURS_UNTIL=$((($(${DATEBIN} -j "${CONVERTED_DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + + debuglog "hours computed with ${DCONV_BIN}: ${HOURS_UNTIL}" + + elif date --help 2>&1 | grep -q '\[\[\[\[\[\[cc\]yy\]mm\]dd\]HH\]MM\[\.SS\]\]'; then + + # e.g., old BSD + + debuglog "date -j format [[[[[[cc]yy]mm]dd]HH]MM[.SS]]" + + CONVERTED_DATE=$(echo "${DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%Y%m%d%H%M.%S" -i "%b %d %H:%M:%S %Y %Z") + debuglog "date converted with ${DCONV_BIN}: ${CONVERTED_DATE}" + + HOURS_UNTIL=$((($(${DATEBIN} -j +%s "${CONVERTED_DATE}") - $(${DATEBIN} +%s)) / 3600)) + + else + unknown "Unknown date(1) input format" + fi + + ;; + + "BUSYBOX") + BUSYBOX_DATE=$(echo "${DATE}" | sed 's/[ ][^ ]*$//') + debuglog "Computing number of hours until '${BUSYBOX_DATE}' (BusyBox compatible format)" + verboselog "Warning: BusyBox date does not support time zones. Using ${BUSYBOX_DATE} in the current zone instead of ${DATE}" + HOURS_UNTIL=$((($(${DATEBIN} -d "${BUSYBOX_DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + ;; + "GNU") + HOURS_UNTIL=$((($(${DATEBIN} -d "${DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + ;; + "PERL") + # Warning: some shell script formatting tools will indent the EOF! (should be at position 0) + if ! HOURS_UNTIL=$( + perl - "${DATE}" <<-"EOF" + use strict; + use warnings; + use Date::Parse; + my $cert_date = str2time( $ARGV[0] ); + my $hours = int (( $cert_date - time ) / 3600 + 0.5); + print "$hours\n"; + EOF + ); then + # something went wrong with the embedded Perl code: check the indentation of EOF + unknown "Error computing the certificate validity with Perl" + fi + ;; + *) + unknown "Internal error: unknown date type" + ;; + esac + + debuglog "Hours until ${DATE}: ${HOURS_UNTIL}" + + echo "${HOURS_UNTIL}" + +} + +################################################################################ +# Convert a number of days into according number of seconds +# Params +# $1 NUMBER_OF_DAYS +# return NUMBER_OF_SECONDS +days_to_seconds() { + + NUMBER_OF_DAYS=$1 + + if echo "${NUMBER_OF_DAYS}" | grep -q '^[0-9][0-9]*$'; then + debuglog "Converting ${NUMBER_OF_DAYS} days into seconds by shell function" + NUMBER_OF_SECONDS=$((NUMBER_OF_DAYS * 86400)) + else + if command -v perl >/dev/null; then + debuglog "Converting ${NUMBER_OF_DAYS} days into seconds with perl" + NUMBER_OF_SECONDS=$(perl -E "say ${NUMBER_OF_DAYS}*86400") + else + debuglog "Converting ${NUMBER_OF_DAYS} days into seconds with awk" + NUMBER_OF_SECONDS=$(awk "BEGIN {print ${NUMBER_OF_DAYS} * 86400}") + fi + fi + + debuglog "Converted ${NUMBER_OF_DAYS} days into seconds: ${NUMBER_OF_SECONDS}" + + echo "${NUMBER_OF_SECONDS}" + +} + +################################################################################ +# checks if OpenSSL version is at least the given parameter +# Params +# $1 minimum version +openssl_version() { + + # See https://wiki.openssl.org/index.php/Versioning + + # Required version + MIN_VERSION=$1 + + debuglog "openssl_version ${MIN_VERSION}" + + IFS='.' read -r MIN_MAJOR1 MIN_MAJOR2 MIN_MINOR <>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" + debuglog "prepend_critical_message: new message = $1" + debuglog "prepend_critical_message: CRITICAL_MSG = ${CRITICAL_MSG}" + debuglog "prepend_critical_message: ALL_MSG 1 = ${ALL_MSG}" + + if [ -n "${CN}" ]; then + if echo "${CN}" | grep -q -F 'unavailable'; then + tmp=" ${SUBJECT_ALTERNATIVE_NAME}" + else + tmp=" ${CN}" + fi + else + if [ -n "${HOST_NAME}" ]; then + if [ -n "${SNI}" ]; then + tmp=" ${SNI}" + elif [ -n "${FILE}" ]; then + tmp=" ${FILE}" + else + tmp=" ${HOST_NAME}" + fi + fi + fi + + MSG="${SHORTNAME} CRITICAL${tmp}: ${1}${LONG_OUTPUT}" + + if [ "${CRITICAL_MSG}" = "" ] || [ -n "${2-}" ]; then + CRITICAL_MSG="${MSG}" + fi + + ALL_MSG="\\n ${MSG}${ALL_MSG}" + + debuglog "prepend_critical_message: MSG 2 = ${MSG}" + debuglog "prepend_critical_message: CRITICAL_MSG 2 = ${CRITICAL_MSG}" + debuglog "prepend_critical_message: ALL_MSG 2 = ${ALL_MSG}" + debuglog "CRITICAL <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" + +} + +################################################################################ +# Adds a line to the prometheus status output +# Params +# $1 line to be added +add_prometheus_status_output_line() { + + PROMETHEUS_LINE=$1 + + debuglog "Adding line to prometheus status output: ${PROMETHEUS_LINE}" + + if [ -n "${PROMETHEUS}" ]; then + + if [ -n "${PROMETHEUS_OUTPUT_STATUS}" ]; then + PROMETHEUS_OUTPUT_STATUS="${PROMETHEUS_OUTPUT_STATUS}\\n${PROMETHEUS_LINE}" + else + PROMETHEUS_OUTPUT_STATUS="${PROMETHEUS_LINE}" + fi + + fi + +} + +################################################################################ +# Dada a line to the prometheus validity output +# Params +# $1 line to be added +add_prometheus_valid_output_line() { + + PROMETHEUS_LINE=$1 + + debuglog "Adding line to prometheus validity output: ${PROMETHEUS_LINE}" + + if [ -n "${PROMETHEUS}" ]; then + + if [ -n "${PROMETHEUS_OUTPUT_VALID}" ]; then + PROMETHEUS_OUTPUT_VALID="${PROMETHEUS_OUTPUT_VALID}\\n${PROMETHEUS_LINE}" + else + PROMETHEUS_OUTPUT_VALID="${PROMETHEUS_LINE}" + fi + + fi + +} + +################################################################################ +# Dada a line to the prometheus days output +# Params +# $1 line to be added +add_prometheus_days_output_line() { + + PROMETHEUS_LINE=$1 + + debuglog "Adding line to prometheus days output: ${PROMETHEUS_LINE}" + + if [ -n "${PROMETHEUS}" ]; then + + if [ -n "${PROMETHEUS_OUTPUT_DAYS}" ]; then + PROMETHEUS_OUTPUT_DAYS="${PROMETHEUS_OUTPUT_DAYS}\\n${PROMETHEUS_LINE}" + else + PROMETHEUS_OUTPUT_DAYS="${PROMETHEUS_LINE}" + fi + + fi +} + +################################################################################ +# Prometheus output +prometheus_output() { + + if [ -n "${PROMETHEUS_OUTPUT_STATUS}" ]; then + echo "# HELP cert_valid If cert is ok (0), warning (1) or critical (2)" + echo "# TYPE cert_valid gauge" + echo "${PROMETHEUS_OUTPUT_STATUS}" + NL=1 + fi + + if [ -n "${PROMETHEUS_OUTPUT_VALID}" ]; then + if [ -n "${NL}" ]; then + echo + fi + echo "# HELP cert_valid_chain_elem If chain element is ok (0), warning (1) or critical (2)" + echo "# TYPE cert_valid_chain_elem gauge" + echo "${PROMETHEUS_OUTPUT_VALID}" + NL=1 + fi + + if [ -n "${PROMETHEUS_OUTPUT_DAYS}" ]; then + if [ -n "${NL}" ]; then + echo + fi + echo "# HELP cert_days_chain_elem Days until chain element expires" + echo "# TYPE cert_days_chain_elem gauge" + echo "${PROMETHEUS_OUTPUT_DAYS}" + fi +} + +################################################################################ +# Exits with a critical message +# Params +# $1 error message +critical() { + + remove_temporary_files + + debuglog 'exiting with CRITICAL' + debuglog "ALL_MSG = ${ALL_MSG}" + + NUMBER_OF_ERRORS=$(printf '%b' "${ALL_MSG}" | wc -l) + + debuglog "number of errors = ${NUMBER_OF_ERRORS}" + + if [ -n "${NO_PERF}" ]; then + PERFORMANCE_DATA= + fi + + if [ -z "${PROMETHEUS}" ]; then + + if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ "${VERBOSE}" -gt 0 ]; then + printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" + else + printf '%s%s \n' "$1" "${PERFORMANCE_DATA}" + fi + + else + + if [ -n "${CN}" ]; then + add_prometheus_status_output_line "cert_valid{cn=\"${CN}\"} 2" + else + add_prometheus_status_output_line "cert_valid 2" + fi + + prometheus_output + + fi + + exit "${STATUS_CRITICAL}" +} + +################################################################################ +# append all warning messages to list of all messages +# Params +# $1 warning message +# $2 replace current warning message +append_warning_message() { + + verboselog "Warning: $1" + + debuglog "WARNING >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" + debuglog "append_warning_message: HOST_NAME = ${HOST_NAME}" + debuglog "append_warning_message: HOST_ADDR = ${HOST_ADDR}" + debuglog "append_warning_message: CN = ${CN}" + debuglog "append_warning_message: SNI = ${SNI}" + debuglog "append_warning_message: FILE = ${FILE}" + debuglog "append_warning_message: SHORTNAME = ${SHORTNAME}" + debuglog "prepend_warning_message: MSG = ${MSG}" + debuglog "prepend_warning_message: WARNING_MSG = ${WARNING_MSG}" + debuglog "prepend_warning_message: ALL_MSG 1 = ${ALL_MSG}" + + if [ -n "${CN}" ]; then + if echo "${CN}" | grep -q -F 'unavailable'; then + tmp=" ${SUBJECT_ALTERNATIVE_NAME}" + else + tmp=" ${CN}" + fi + else + if [ -n "${HOST_NAME}" ]; then + if [ -n "${SNI}" ]; then + tmp=" ${SNI}" + elif [ -n "${FILE}" ]; then + tmp=" ${FILE}" + else + tmp=" ${HOST_NAME}" + fi + fi + fi + + MSG="${SHORTNAME} WARN${tmp}: ${1}${LONG_OUTPUT}" + + if [ "${WARNING_MSG}" = "" ] || [ -n "${2-}" ]; then + WARNING_MSG="${MSG}" + fi + + ALL_MSG="${ALL_MSG}\\n ${MSG}" + + debuglog "prepend_warning_message: MSG 2 = ${MSG}" + debuglog "prepend_warning_message: WARNING_MSG 2 = ${WARNING_MSG}" + debuglog "prepend_warning_message: ALL_MSG 2 = ${ALL_MSG}" + debuglog "WARNING <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" + +} + +################################################################################ +# Exits with a warning message +# Params +# $1 warning message +warning() { + + remove_temporary_files + + NUMBER_OF_ERRORS=$(printf '%b' "${ALL_MSG}" | wc -l) + + if [ -n "${NO_PERF}" ]; then + PERFORMANCE_DATA= + fi + + if [ -z "${PROMETHEUS}" ]; then + + if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ "${VERBOSE}" -gt 0 ]; then + printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" + else + printf '%s %s\n' "$1" "${PERFORMANCE_DATA}" + fi + + else + + if [ -n "${CN}" ]; then + add_prometheus_status_output_line "cert_valid{cn=\"${CN}\"} 1" + else + add_prometheus_status_output_line "cert_valid 1" + fi + + prometheus_output + + fi + + exit "${STATUS_WARNING}" +} + +################################################################################ +# Exits with an 'unknown' status +# Params +# $1 message +unknown() { + if [ -n "${HOST_NAME}" ]; then + if [ -n "${SNI}" ]; then + tmp=" ${SNI}" + elif [ -n "${FILE}" ]; then + tmp=" ${FILE}" + else + tmp=" ${HOST_NAME}" + fi + fi + remove_temporary_files + printf '%s UNKNOWN%s: %s\n' "${SHORTNAME}" "${tmp}" "$1" + exit "${STATUS_UNKNOWN}" +} + +################################################################################ +# Exits with unknown if s_client does not support the given option +# +# Usage: +# require_s_client_option '-no_ssl2' +# +require_s_client_option() { + debuglog "Checking if s_client supports the $1 option" + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "$1"; then + unknown "s_client does not support the $1 option" + fi +} + +################################################################################ +# Extract specific attributes from a certificate +# $1 attribute name +# $2 cert file or cert content +extract_cert_attribute() { + + debuglog "extracting cert attribute ${1}" + + if [ -f "${2}" ]; then + cert_content="$(cat "${2}")" + else + cert_content="${2}" + fi + + # shellcheck disable=SC2086,SC2016 + case $1 in + cn) + if echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject 2>/dev/null | grep -F -q 'CN' >/dev/null; then + echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject | + sed -e "s/^.*[[:space:]]*CN[[:space:]]=[[:space:]]//" -e 's/\/[[:alpha:]][[:alpha:]]*=.*$//' -e "s/,.*//" + else + echo 'CN unavailable' + return 1 + fi + ;; + subject) + echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject + ;; + serial) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -serial | sed -e "s/^serial=//" + ;; + fingerprint) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -fingerprint -sha1 | sed -e "s/^SHA1 Fingerprint=//" + ;; + oscp_uri) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -ocsp_uri + ;; + oscp_uri_single) + extract_cert_attribute 'oscp_uri' "${cert_content}" | head -n 1 + ;; + hash) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -hash + ;; + modulus) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -modulus + ;; + issuer) + # see https://unix.stackexchange.com/questions/676776/parse-comma-separated-string-ignoring-commas-between-quotes + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout -nameopt sep_multiline,utf8,esc_ctrl -issuer | + tail -n +2 | + sed 's/^\ *//' + ;; + issuer_uri) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | grep -F "CA Issuers" | grep -F -i "http" | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;${}<>`&' + ;; + issuer_uri_single) + extract_cert_attribute 'issuer_uri' "${cert_content}" | head -n 1 + ;; + issuer_hash) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -issuer_hash + ;; + org) + cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -noout -subject) + + # on older systems the fields where separated by /, e.g., + # subject= /C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com + # on newer systems the fields are separated by , and are sometimes quoted (if they contain a comma), e.g., + # subject=C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = github.com + # subject=C = ES, ST = Madrid, L = Madrid, jurisdictionC = ES, O = Ibermutua Mutua Colaboradora con la Seguridad Social N\C3\BAmero 274, businessCategory = Private Organization, serialNumber = 1998-02-18, CN = www.ibermutua.es + + if echo "${cert_subject}" | grep -q '^subject=\ \/'; then + # old format + echo "${cert_subject}" | sed -e 's/.*\/O=//' -e 's/\/.*//' + else + # new format + if echo "${cert_subject}" | grep -q 'O\ =\ "'; then + # quotes + echo "${cert_subject}" | sed -e 's/.*O\ =\ "//' -e 's/".*//' + else + # no quotes + echo "${cert_subject}" | sed -e 's/.*O\ =\ //' -e 's/\,\ .*//' + fi + fi + ;; + email) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -email + ;; + crl_uri) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -text | + grep -F -A 4 'X509v3 CRL Distribution Points' | + grep -F URI | + sed 's/^.*URI://' + ;; + sig_algo) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | grep -m 1 -F 'Signature Algorithm' + ;; + startdate) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -startdate | sed -e "s/^notBefore=//" + ;; + enddate) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} "${OPENSSL_ENDDATE_OPTION}" | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//" + ;; + sct) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -text | grep -E -q 'SCTs|1\.3\.6\.1\.4\.1\.11129\.2\.4\.2' + ;; + subjectAlternativeName) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -text | + grep -F -A 1 "509v3 Subject Alternative Name:" | + tail -n 1 | + sed -e "s/DNS://g" | + sed -e "s/,//g" | + sed -e 's/^\ *//' + ;; + *) + return 1 + ;; + esac + +} + +################################################################################ +# Executes command with a timeout +# Params: +# $1 command +# $2 where to put the stdout +# $3 where to put the stderr +# Returns 1 if timed out 0 otherwise +exec_with_timeout() { + + time=${TIMEOUT} + + # start the command in a subshell to avoid problem with pipes + # (spawn accepts one command) + command="/bin/sh -c \"$1\"" + + OUTFILE=/dev/null + if [ -n "$2" ]; then + OUTFILE=$2 + fi + ERRFILE=/dev/null + if [ -n "$3" ]; then + ERRFILE=$3 + fi + + start_time=$(date +%s) + + debuglog "executing with timeout (${time}s): $1" + debuglog " start time = ${start_time}" + + if [ -n "${TIMEOUT_BIN}" ]; then + + debuglog "$(printf '%s %s %s\n' "${TIMEOUT_BIN}" "${time}" "${command}")" + + # We execute timeout in the background so that it can be relay a signal to 'timeout' + # https://unix.stackexchange.com/questions/57667/why-cant-i-kill-a-timeout-called-from-a-bash-script-with-a-keystroke/57692#57692 + eval "${TIMEOUT_BIN} ${time} ${command} &" >"${OUTFILE}" 2>"${ERRFILE}" + TIMEOUT_PID=$! + wait "${TIMEOUT_PID}" >/dev/null 2>&1 + RET=$? + + # return codes + # https://www.gnu.org/software/coreutils/manual/coreutils.html#timeout-invocation + + # because of the execution in the background we get a 137 for a timeout + if [ "${RET}" -eq 137 ] || [ "${RET}" -eq 124 ]; then + prepend_critical_message "Timeout after ${time} seconds" + critical "${SHORTNAME} CRITICAL: Timeout after ${time} seconds" + elif [ "${RET}" -eq 125 ]; then + prepend_critical_message "execution of ${command} failed" + elif [ "${RET}" -eq 126 ]; then + prepend_critical_message "${command} is found but cannot be invoked" + elif [ "${RET}" -eq 127 ]; then + prepend_critical_message "${command} cannot be found" + fi + + end_time=$(date +%s) + TIMEOUT=$((TIMEOUT - end_time + start_time)) + debuglog " end time = ${end_time}" + debuglog " new timeout = ${TIMEOUT}" + if [ "${TIMEOUT}" -lt 1 ]; then TIMEOUT=1; fi + + return "${RET}" + + elif [ -n "${EXPECT}" ]; then + + # just to tell shellcheck that the variable is assigned + # (in fact the value is assigned with the function set_value) + EXPECT_SCRIPT='' + TIMEOUT_ERROR_CODE=42 + + set_variable EXPECT_SCRIPT < ${OUTFILE} 2> ${ERRFILE} } + +expect { + timeout { exit ${TIMEOUT_ERROR_CODE} } + eof +} + +# Get the return value +# https://stackoverflow.com/questions/23614039/how-to-get-the-exit-code-of-spawned-process-in-expect-shell-script + +foreach { pid spawnid os_error_flag value } [wait] break + +# return the command return value +exit \$value + +EOT + + debuglog 'Executing expect script' + debuglog "$(printf '%s' "${EXPECT_SCRIPT}")" + + echo "${EXPECT_SCRIPT}" | expect + RET=$? + + debuglog "expect returned ${RET}" + + if [ "${RET}" -eq "${TIMEOUT_ERROR_CODE}" ]; then + prepend_critical_message "Timeout after ${time} seconds" + critical "${SHORTNAME} CRITICAL: Timeout after ${time} seconds" + fi + + end_time=$(date +%s) + TIMEOUT=$((TIMEOUT - end_time + start_time)) + debuglog " end time = ${end_time}" + debuglog " new timeout = ${TIMEOUT}" + if [ "${TIMEOUT}" -lt 1 ]; then TIMEOUT=1; fi + + return "${RET}" + + else + + debuglog "$(printf '%s\n' eval "${command}")" + + eval "${command}" >"${OUTFILE}" 2>"${ERRFILE}" + RET=$? + + end_time=$(date +%s) + + # we deduce the command duration from the total specified timeout + TIMEOUT=$((TIMEOUT - end_time + start_time)) + debuglog " end time = ${end_time}" + debuglog " new timeout = ${TIMEOUT}" + if [ "${TIMEOUT}" -lt 1 ]; then TIMEOUT=1; fi + + return "${RET}" + + fi + +} + +################################################################################ +# Checks if a given program is available and executable +# Params +# $1 program name +# Returns 1 if the program exists and is executable +check_required_prog() { + + PROG=$(command -v "$1" 2>/dev/null) + + if [ -z "${PROG}" ]; then + unknown "cannot find program: $1" + fi + + if [ ! -x "${PROG}" ]; then + unknown "${PROG} is not executable" + fi + +} + +################################################################################ +# Checks cert revocation via CRL +# Params +# $1 cert +# $2 element number +check_crl() { + el_number=1 + if [ -n "$2" ]; then + el_number=$2 + fi + + create_temporary_file + CERT_ELEMENT=${TEMPFILE} + debuglog "Storing the chain element in ${CERT_ELEMENT}" + echo "${1}" >"${CERT_ELEMENT}" + + # We check all the elements of the chain (but the root) for revocation + # If any element is revoked, the certificate should not be trusted + # https://security.stackexchange.com/questions/5253/what-happens-when-an-intermediate-ca-is-revoked + + debuglog "Checking CRL status of element ${el_number}" + + # See https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html + + CRL_URI="$(extract_cert_attribute 'crl_uri' "${CERT_ELEMENT}")" + if [ -n "${CRL_URI}" ]; then + + debuglog "Certificate revocation list available (${CRL_URI})." + + debuglog "CRL: fetching CRL ${CRL_URI} to ${CRL_TMP_DER}" + + if [ -n "${CURL_USER_AGENT}" ]; then + exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --user-agent '${CURL_USER_AGENT}' --location \\\"${CRL_URI}\\\" > ${CRL_TMP_DER}" + else + exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --location \\\"${CRL_URI}\\\" > ${CRL_TMP_DER}" + fi + + # convert DER to + debuglog "Converting ${CRL_TMP_DER} (DER) to ${CRL_TMP_PEM} (PEM)" + "${OPENSSL}" crl -inform DER -in "${CRL_TMP_DER}" -outform PEM -out "${CRL_TMP_PEM}" + + # combine the certificate and the CRL + debuglog "Combining the certificate, the CRL and the root cert" + debuglog "cat ${CRL_TMP_PEM} ${CERT} ${ROOT_CA_FILE} > ${CRL_TMP_CHAIN}" + cat "${CRL_TMP_PEM}" "${CERT}" "${ROOT_CA_FILE}" >"${CRL_TMP_CHAIN}" + + debuglog "${OPENSSL} verify -crl_check -CRLfile ${CRL_TMP_PEM} ${CERT_ELEMENT}" + CRL_RESULT=$( + "${OPENSSL}" verify -crl_check -CAfile "${CRL_TMP_CHAIN}" -CRLfile "${CRL_TMP_PEM}" "${CERT_ELEMENT}" 2>&1 | + grep -F ':' | + head -n 1 | + sed 's/^.*:\ //' + ) + + debuglog " result: ${CRL_RESULT}" + + if ! [ "${CRL_RESULT}" = 'OK' ]; then + prepend_critical_message "certificate element ${el_number} is revoked (CRL)" + fi + + else + + debuglog "Certificate revocation list not available" + + fi + +} + +################################################################################ +# Checks cert revocation via OCSP +# Params +# $1 cert +# $2 element number +check_ocsp() { + + el_number=1 + if [ -n "$2" ]; then + el_number=$2 + fi + + # We check all the elements of the chain (but the root) for revocation + # If any element is revoked, the certificate should not be trusted + # https://security.stackexchange.com/questions/5253/what-happens-when-an-intermediate-ca-is-revoked + + debuglog "Checking OCSP status of element ${el_number}" + + create_temporary_file + CERT_ELEMENT=${TEMPFILE} + debuglog "Storing the chain element in ${CERT_ELEMENT}" + echo "${1}" >"${CERT_ELEMENT}" + + ################################################################################ + # Check revocation via OCSP + if [ -n "${OCSP}" ]; then + + debuglog "Checking revocation via OCSP" + + ISSUER_HASH="$(extract_cert_attribute 'issuer_hash' "${CERT_ELEMENT}")" + debuglog "Issuer hash: ${ISSUER_HASH}" + + if [ -z "${ISSUER_HASH}" ]; then + unknown 'unable to find issuer certificate hash.' + fi + + ISSUER_CERT= + if [ -n "${ISSUER_CERT_CACHE}" ]; then + + if [ -r "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" ]; then + + debuglog "Found cached Issuer Certificate: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" + + ISSUER_CERT="${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" + + else + + debuglog "Not found cached Issuer Certificate: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" + + fi + + fi + + ELEMENT_ISSUER_URIS="$(extract_cert_attribute 'issuer_uri' "${CERT_ELEMENT}")" + + if [ -z "${ELEMENT_ISSUER_URIS}" ]; then + verboselog "Warning cannot find the CA Issuers in the certificate chain element ${el_number}: disabling OCSP checks on chain element ${el_number}" + return + fi + + debuglog "Chain element issuer URIs: ${ELEMENT_ISSUER_URIS}" + + for ELEMENT_ISSUER_URI in ${ELEMENT_ISSUER_URIS}; do + + debuglog "checking issuer URIs: ${ELEMENT_ISSUER_URI}" + + # shellcheck disable=SC2021 + ELEMENT_ISSUER_URI_WO_SPACES_TMP="$(echo "${ELEMENT_ISSUER_URI}" | tr -d '[[:space:]]')" + if [ "${ELEMENT_ISSUER_URI}" != "${ELEMENT_ISSUER_URI_WO_SPACES_TMP}" ]; then + verboselog "Warning: unable to fetch the CA issuer certificate (spaces in URI): skipping" + continue + elif ! echo "${ELEMENT_ISSUER_URI}" | grep -q -i '^http'; then + verboselog "Warning: unable to fetch the CA issuer certificate (unsupported protocol): skipping" + continue + fi + + if [ -z "${ISSUER_CERT}" ]; then + + debuglog "OCSP: fetching issuer certificate ${ELEMENT_ISSUER_URI} to ${ISSUER_CERT_TMP}" + + if [ -n "${CURL_USER_AGENT}" ]; then + exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --user-agent '${CURL_USER_AGENT}' --location \\\"${ELEMENT_ISSUER_URI}\\\" > ${ISSUER_CERT_TMP}" + else + exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --location \\\"${ELEMENT_ISSUER_URI}\\\" > ${ISSUER_CERT_TMP}" + fi + + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}" | sed 's/.*://')" + debuglog "OCSP: issuer certificate type (1): ${TYPE_TMP}" + + if echo "${ELEMENT_ISSUER_URI}" | grep -F -q 'p7c'; then + debuglog "OCSP: converting issuer certificate from PKCS #7 to PEM" + + open_for_writing "${ISSUER_CERT_TMP2}" + cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}" + + ${OPENSSL} pkcs7 -print_certs -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}" + + fi + + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}" | sed 's/.*://')" + debuglog "OCSP: issuer certificate type (2): ${TYPE_TMP}" + + # check for errors + if "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q HTML; then + debuglog "OCSP: HTML page returned instead of a certificate" + unknown "Unable to fetch a valid certificate issuer certificate (HTML page returned)." + fi + + # check the result + if ! "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q '(ASCII|PEM)'; then + + if "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q '(data|Certificate)'; then + + debuglog "OCSP: converting issuer certificate from DER to PEM" + + open_for_writing "${ISSUER_CERT_TMP2}" + cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}" + + ${OPENSSL} x509 -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}" + + elif "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q 'empty'; then + + # empty certs are allowed + debuglog "OCSP empty certificate detected: skipping" + return + + else + + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}")" + debuglog "OCSP: complete issuer certificate type ${TYPE_TMP}" + + unknown "Unable to fetch a valid certificate issuer certificate." + + fi + + fi + + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}" | sed 's/.*://')" + debuglog "OCSP: issuer certificate type (3): ${TYPE_TMP}" + + if [ -n "${DEBUG_CERT}" ]; then + + # remove trailing / + FILE_NAME=${ELEMENT_ISSUER_URI%/} + + # remove everything up to the last slash + FILE_NAME="${FILE_NAME##*/}".crt + + debuglog "OCSP: storing a copy of the retrieved issuer certificate to ${FILE_NAME} for debugging purposes" + + open_for_writing "${FILE_NAME}" + cp "${ISSUER_CERT_TMP}" "${FILE_NAME}" + + fi + + if [ -n "${ISSUER_CERT_CACHE}" ]; then + + if [ ! -w "${ISSUER_CERT_CACHE}" ]; then + unknown "Issuer certificates cache ${ISSUER_CERT_CACHE} is not writable!" + fi + + debuglog "Storing Issuer Certificate to cache: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" + + open_for_writing "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" + cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" + + fi + + ISSUER_CERT=${ISSUER_CERT_TMP} + + fi + + done + + OCSP_URIS="$(extract_cert_attribute 'oscp_uri' "${CERT_ELEMENT}")" + + debuglog "OCSP: URIs = ${OCSP_URIS}" + + for OCSP_URI in ${OCSP_URIS}; do + + debuglog "OCSP: URI = ${OCSP_URI}" + + OCSP_HOST="$(echo "${OCSP_URI}" | sed -e 's@.*//\([^/]\+\)\(/.*\)\?$@\1@g' | sed 's/^http:\/\///' | sed 's/\/.*//')" + + debuglog "OCSP: host = ${OCSP_HOST}" + + if [ -n "${OCSP_HOST}" ]; then + + # check if -header is supported + OCSP_HEADER="" + + # ocsp -header is supported in OpenSSL versions from 1.0.0, but not documented until 1.1.0 + # so we check if the major version is greater than 0 + OPENSSL_VERSION_TMP="$(${OPENSSL} version | sed -e 's/OpenSSL \([0-9]\).*/\1/g')" + if "${OPENSSL}" version | grep -q '^LibreSSL' || [ "${OPENSSL_VERSION_TMP}" -gt 0 ]; then + + debuglog "openssl ocsp supports the -header option" + + # the -header option was first accepting key and value separated by space. The newer versions are using key=value + KEYVALUE="" + if ${OPENSSL} ocsp -help 2>&1 | grep -F header | grep -F -q 'key=value'; then + debuglog "${OPENSSL} ocsp -header requires 'key=value'" + KEYVALUE=1 + else + debuglog "${OPENSSL} ocsp -header requires 'key value'" + fi + + # http_proxy is sometimes lower- and sometimes uppercase. Programs usually check both + # shellcheck disable=SC2154 + if [ -n "${http_proxy}" ]; then + HTTP_PROXY="${http_proxy}" + fi + + if [ -n "${HTTP_PROXY:-}" ]; then + OCSP_PROXY_ARGUMENT="$(echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//')" + + if [ -n "${KEYVALUE}" ]; then + debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -host \"${OCSP_PROXY_ARGUMENT}\" -path ${OCSP_URI} -header HOST=${OCSP_HOST}" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1)" + else + debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -host \"${OCSP_PROXY_ARGUMENT}\" -path ${OCSP_URI} -header HOST ${OCSP_HOST}" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1)" + fi + + else + + if [ -n "${KEYVALUE}" ]; then + debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1)" + else + debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1)" + fi + + fi + + MESSAGE_TMP="$(echo "${OCSP_RESP}" | sed 's/^/OCSP: response = /')" + debuglog "${MESSAGE_TMP}" + + if [ -n "${OCSP_IGNORE_TIMEOUT}" ] && echo "${OCSP_RESP}" | grep -F -q -i "timeout on connect"; then + + debuglog 'OCSP: Timeout on connect' + + elif echo "${OCSP_RESP}" | grep -F -q -i "revoked"; then + + debuglog 'OCSP: revoked' + + prepend_critical_message "certificate element ${el_number} is revoked (OCSP)" + + elif echo "${OCSP_RESP}" | grep -F -q -i "internalerror" && [ -n "${OCSP_IGNORE_ERRORS}" ]; then + + verbose 'warning: the OCSP server returned an internal error' + + elif ! echo "${OCSP_RESP}" | grep -F -q -i "good"; then + + debuglog "OCSP: not good. HTTP_PROXY = ${HTTP_PROXY}" + + if [ -n "${HTTP_PROXY:-}" ]; then + + debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT_ELEMENT}]\" -host \"${HTTP_PROXY#*://}\" -path \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1" + + if [ -n "${OCSP_HEADER}" ]; then + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1)" + else + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" 2>&1)" + fi + + else + + debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT_ELEMENT}\" -url \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1" + + if [ -n "${OCSP_HEADER}" ]; then + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1)" + else + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" 2>&1)" + fi + + fi + + prepend_critical_message "OCSP error (-v for details)" + + fi + + else + + verboselog "Warning: openssl ocsp does not support the -header option: disabling OCSP checks" + + fi + + else + + verboselog "Warning: no OCSP host found: disabling OCSP checks" + + fi + + done + + verboselog "OCSP check for element ${el_number} OK" + + fi + +} + +################################################################################ +# Checks cert end date validity +# Params +# $1 cert +# $2 element number +# Returns number of days +check_cert_end_date() { + + el_number=1 + if [ -n "$2" ]; then + el_number=$2 + else + debuglog "No certificate element specified: default 1" + fi + + replace_current_message='' + + element_cn=$(extract_cert_attribute 'cn' "${1}") + debuglog "Checking expiration date of element ${el_number} (${element_cn})" + + ELEM_END_DATE="$(extract_cert_attribute 'enddate' "$1")" + debuglog "Validity date on cert element ${el_number} (${element_cn}) is ${ELEM_END_DATE}" + + HOURS_UNTIL=$(hours_until "${ELEM_END_DATE}") + + ELEM_DAYS_VALID=$((HOURS_UNTIL / 24)) + ELEM_SECONDS_VALID=$((HOURS_UNTIL * 3600)) + + add_prometheus_days_output_line "cert_days_chain_elem{cn=\"${CN}\", element=${el_number}} ${ELEM_DAYS_VALID}" + + debuglog " valid for ${ELEM_DAYS_VALID} days" + + if [ -z "${EARLIEST_VALIDITY_HOURS}" ] || [ "${HOURS_UNTIL}" -lt "${EARLIEST_VALIDITY_HOURS}" ]; then + EARLIEST_VALIDITY_HOURS="${HOURS_UNTIL}" + replace_current_message='yes' + fi + + if [ -z "${DAYS_VALID}" ] || [ "${ELEM_DAYS_VALID}" -lt "${DAYS_VALID}" ]; then + DAYS_VALID="${ELEM_DAYS_VALID}" + fi + + add_performance_data "days_chain_elem${el_number}=${ELEM_DAYS_VALID};${WARNING_DAYS};${CRITICAL_DAYS};;" + + if [ "${OPENSSL_COMMAND}" = "x509" ]; then + # x509 certificates (default) + # We always check expired certificates + debuglog "executing: ${OPENSSL} x509 -noout -checkend 0 on cert element ${el_number} (${element_cn})" + if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend 0 >/dev/null; then + if [ "${ELEM_DAYS_VALID}" -eq 0 ]; then + DAYS_AGO='today' + elif [ "${ELEM_DAYS_VALID}" -eq -1 ]; then + DAYS_AGO='yesterday' + else + DAYS_AGO="$((-ELEM_DAYS_VALID)) days ago" + fi + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) is expired (was valid until ${ELEM_END_DATE}, ${DAYS_AGO})" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" + return 2 + fi + + if [ -n "${CRITICAL_DAYS}" ] && [ -n "${CRITICAL_SECONDS}" ]; then + + debuglog "executing: ${OPENSSL} x509 -noout -checkend ${CRITICAL_SECONDS} on cert element ${el_number} (${element_cn})" + + if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend "${CRITICAL_SECONDS}" >/dev/null; then + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" + return 2 + fi + + fi + + if [ -n "${WARNING_DAYS}" ] && [ -n "${WARNING_SECONDS}" ]; then + + debuglog "executing: ${OPENSSL} x509 -noout -checkend ${WARNING_SECONDS} on cert element ${el_number}" + + if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend "${WARNING_SECONDS}" >/dev/null; then + append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 1" + return 1 + fi + + fi + if [ -n "${NOT_VALID_LONGER_THAN}" ]; then + debuglog "checking if the certificate is valid longer than ${NOT_VALID_LONGER_THAN} days" + debuglog " valid for ${DAYS_VALID} days" + if [ "${DAYS_VALID}" -gt "${NOT_VALID_LONGER_THAN}" ]; then + debuglog "Certificate expires in ${DAYS_VALID} days which is more than ${NOT_VALID_LONGER_THAN} days" + prepend_critical_message "Certificate expires in ${DAYS_VALID} days which is more than ${NOT_VALID_LONGER_THAN} days" "${replace_current_message}" + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" + return 2 + fi + fi + elif [ "${OPENSSL_COMMAND}" = "crl" ]; then + # CRL certificates + + # We always check expired certificates + if [ "${ELEM_SECONDS_VALID}" -lt 1 ]; then + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) is expired (was valid until ${ELEM_END_DATE})" "${replace_current_message}" + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" + return 2 + fi + + if [ -n "${CRITICAL_DAYS}" ] && [ -n "${CRITICAL_SECONDS}" ]; then + # When comparing, always use values in seconds, because values in days might be floating point numbers + if [ "${ELEM_SECONDS_VALID}" -lt "${CRITICAL_SECONDS}" ]; then + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" + return 2 + fi + + fi + + if [ -n "${WARNING_DAYS}" ] && [ -n "${WARNING_SECONDS}" ]; then + # When comparing, always use values in seconds, because values in days might be floating point numbers + if [ "${ELEM_SECONDS_VALID}" -lt "${WARNING_SECONDS}" ]; then + append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 1" + return 1 + fi + + fi + fi + + if [ -z "${CN}" ]; then + CN='unavailable' + fi + verboselog "Certificate element ${el_number} (${element_cn}) is valid for ${ELEM_DAYS_VALID} days" + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 0" + +} + +################################################################################ +# Converts SSL Labs or nmap grades to a numeric value +# (see https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide.pdf and +# https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html) +# Params +# $1 program name +# Sets NUMERIC_SSL_LAB_GRADE +convert_grade() { + + GRADE="$1" + + unset NUMERIC_SSL_LAB_GRADE + + case "${GRADE}" in + 'A+' | 'a+') + # Value not in documentation + NUMERIC_SSL_LAB_GRADE=85 + shift + ;; + A | a | strong | Strong) + NUMERIC_SSL_LAB_GRADE=80 + shift + ;; + 'A-' | 'a-') + # Value not in documentation + NUMERIC_SSL_LAB_GRADE=75 + shift + ;; + B | b) + NUMERIC_SSL_LAB_GRADE=65 + shift + ;; + C | c | weak | Weak) + NUMERIC_SSL_LAB_GRADE=50 + shift + ;; + D | d) + NUMERIC_SSL_LAB_GRADE=35 + shift + ;; + E | e) + NUMERIC_SSL_LAB_GRADE=20 + shift + ;; + F | f) + NUMERIC_SSL_LAB_GRADE=0 + shift + ;; + T | t | unknown | Unknown) + # No trust: value not in documentation + NUMERIC_SSL_LAB_GRADE=0 + shift + ;; + M | m) + # Certificate name mismatch: value not in documentation + NUMERIC_SSL_LAB_GRADE=0 + shift + ;; + *) + unknown "Cannot convert SSL Lab grade ${GRADE}" + ;; + esac + +} + +################################################################################ +# Check if the specified host is an IP (does not check the validity +# $1 string to check +is_ip() { + ARGUMENT=$1 + debuglog "Checking if ${ARGUMENT} is an IP address" + if [ "${ARGUMENT}" != "${ARGUMENT#*[0-9].[0-9]}" ]; then + debuglog "${ARGUMENT} is an IPv4 address" + echo '1' + elif [ "${ARGUMENT}" != "${ARGUMENT#*:[0-9a-fA-F]}" ]; then + debuglog "${ARGUMENT} is an IPv6 address" + echo '1' + else + debuglog "${ARGUMENT} is not an IP address" + echo '0' + fi +} + +################################################################################ +# Tries to fetch the certificate + +fetch_certificate() { + + RET=0 + + # IPv6 addresses need brackets in a URI + if [ "${HOST_ADDR}" != "${HOST_ADDR#*[0-9].[0-9]}" ]; then + debuglog "${HOST_ADDR} is an IPv4 address" + elif [ "${HOST_ADDR}" != "${HOST_ADDR#*:[0-9a-fA-F]}" ]; then + debuglog "${HOST_ADDR} is an IPv6 address" + if [ -z "${HOST_ADDR##*\[*}" ]; then + debuglog "${HOST_ADDR} is already specified with brackets" + else + debuglog "adding brackets to ${HOST_ADDR}" + HOST="[${HOST_ADDR}]" + fi + else + debuglog "${HOST_ADDR} is not an IP address" + fi + + if [ -n "${REQUIRE_OCSP_STAPLING}" ]; then + STATUS='-status' + fi + + debuglog "fetch_certificate: PROTOCOL = ${PROTOCOL}" + + # Check if a protocol was specified (if not HTTP switch to TLS) + if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" != 'http' ] && [ "${PROTOCOL}" != 'https' ] && [ "${PROTOCOL}" != 'h2' ]; then + + case "${PROTOCOL}" in + pop3 | ftp) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + pop3s | ftps) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + smtp) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + smtps) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + irc | ldap) + exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + ircs | ldaps) + exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + imap) + exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + imaps) + exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + postgres) + exec_with_timeout "printf 'X\\0\\0\\0\\4' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + sieve) + exec_with_timeout "echo 'LOGOUT' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + xmpp | xmpp-server) + exec_with_timeout "echo 'Q' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${XMPPPORT} ${XMPPHOST} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + mysql) + exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + *) + unknown "Error: unsupported protocol ${PROTOCOL}" + ;; + esac + + elif [ -n "${FILE}" ]; then + + if [ "${HOST_NAME}" = "localhost" ]; then + + debuglog "check if we have to convert the file ${FILE} to PEM" + TYPE_TMP="$(${FILE_BIN} -L -b "${FILE}" | sed 's/.*://')" + debuglog "certificate type (1): ${TYPE_TMP}" + create_temporary_file + CONVERSION_ERROR=${TEMPFILE} + + if echo "${FILE}" | grep -q -E '[.](p12|pfx)$'; then + + debuglog 'converting PKCS #12 to PEM' + + if [ -n "${PASSWORD_SOURCE}" ]; then + debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys -passin ${PASSWORD_SOURCE}" + "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys -passin "${PASSWORD_SOURCE}" 2>"${CONVERSION_ERROR}" + else + debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys" + "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys 2>"${CONVERSION_ERROR}" + fi + + if [ $? -eq 1 ]; then + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + unknown "Error converting ${FILE}: ${CONVERSION_ERROR_TMP}" + fi + + elif "${FILE_BIN}" -L -b "${FILE}" | grep -q -E '(data|Certificate)'; then + + debuglog 'converting DER to PEM' + "${OPENSSL}" x509 -inform der -in "${FILE}" -out "${CERT}" 2>"${CONVERSION_ERROR}" + + if [ $? -eq 1 ]; then + + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + debuglog "Error converting ${FILE}: ${CONVERSION_ERROR_TMP}" + debuglog "Checking if ${FILE} is DER encoded CRL" + + if "${OPENSSL}" crl -in "${FILE}" -inform DER 2>/dev/null | grep -F -q "BEGIN X509 CRL"; then + + debuglog "The input file is a CRL in DER format: converting to PEM" + + debuglog "Executing ${OPENSSL} crl -inform der -in ${FILE} -out ${CERT} 2> /dev/null" + "${OPENSSL}" crl -inform der -in "${FILE}" -out "${CERT}" 2>"${CONVERSION_ERROR}" + + if [ $? -eq 1 ]; then + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + unknown "Error converting CRL ${FILE}: ${CONVERSION_ERROR_TMP}" + fi + + else + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + unknown "Error converting ${FILE}: ${CONVERSION_ERROR_TMP}" + fi + + fi + + else + + debuglog "Copying the certificate to ${CERT}" + /bin/cat "${FILE}" >"${CERT}" + RET=$? + + fi + + debuglog "storing the certificate to ${CERT}" + TYPE_TMP="$(${FILE_BIN} -L -b "${CERT}" | sed 's/.*://')" + debuglog "certificate type (2): ${TYPE_TMP}" + + if ! grep -q -F 'CRL' "${CERT}"; then + + NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") + + if [ "${NUM_CERTIFICATES}" -gt 1 ]; then + debuglog "Certificate seems to be ca ca-bundle, splitting it" + + create_temporary_file + USER_CERTIFICATE=${TEMPFILE} + sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="1" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}' >"${USER_CERTIFICATE}" + + create_temporary_file + INTERMEDIATE_CERTIFICATES=${TEMPFILE} + sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="2" '/-BEGIN CERTIFICATE-/{l++} (l>=n) {print}' >"${INTERMEDIATE_CERTIFICATES}" + VERIFY_COMMAND="${OPENSSL} verify ${ROOT_CA} -untrusted ${INTERMEDIATE_CERTIFICATES} ${USER_CERTIFICATE}" + else + debuglog "Certificate does not contain any intermediates, checking the chain will probably fail." + VERIFY_COMMAND="${OPENSSL} verify ${ROOT_CA} ${CERT}" + fi + + # verify the local certificate + debuglog "verifying the certificate" + debuglog " ${VERIFY_COMMAND} 2> ${ERROR} 1>&2" + + # on older versions of OpenSSL write the error on standard input + # shellcheck disable=SC2086 + ${VERIFY_COMMAND} 2>"${ERROR}" 1>&2 + RET=$? + + else + + debuglog "skipping verification on CRL" + + fi + + else + unknown "Error: option 'file' works with -H localhost only" + fi + + else + + if [ "${PROTOCOL}" = 'h2' ]; then + ALPN="-alpn h2" + fi + + exec_with_timeout "printf '${HTTP_REQUEST}' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${ALPN} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -showcerts -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + + fi + + debuglog "Return value of the command = ${RET}" + + if [ -n "${DEBUG_CERT}" ]; then + + debuglog "storing a copy of the retrieved certificate in ${HOST_NAME}.crt for debugging purposes" + open_for_writing "${HOST_NAME}.crt" + cp "${CERT}" "${HOST_NAME}.crt" + + debuglog "storing a copy of the OpenSSL errors in ${HOST_NAME}.error for debugging purposes" + open_for_writing "${HOST_NAME}.error" + cp "${ERROR}" "${HOST_NAME}.error" + + fi + + if [ "${RET}" -ne 0 ]; then + + MESSAGE_TMP="$(sed 's/^/SSL error: /' "${ERROR}")" + debuglog "${MESSAGE_TMP}" + + # s_client could verify the server certificate because the server requires a client certificate + if ascii_grep '^Client Certificate Types' "${CERT}"; then + + verboselog "Warning: the server requires a client certificate" + + elif ascii_grep 'nodename\ nor\ servname\ provided,\ or\ not\ known' "${ERROR}" || + ascii_grep 'Name or service not known' "${ERROR}" || + ascii_grep 'connect\ argument\ or\ target\ parameter\ malformed\ or\ ambiguous' "${ERROR}"; then + + ERROR="${HOST_ADDR} is not a valid hostname" + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep 'Connection\ refused' "${ERROR}"; then + + ERROR='Connection refused' + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep 'Connection timed out' "${ERROR}"; then + + ERROR='OpenSSL connection timed out' + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep 'unable to get local issuer certificate' "${ERROR}"; then + + if [ -z "${IGNORE_INCOMPLETE_CHAIN}" ]; then + prepend_critical_message 'Error verifying the certificate chain' + fi + + elif ascii_grep 'self[ -]signed certificate' "${ERROR}"; then + + if [ -z "${SELFSIGNED}" ]; then + prepend_critical_message 'Self signed certificate' + fi + + elif ascii_grep 'dh\ key\ too\ small' "${ERROR}"; then + + prepend_critical_message 'DH with a key too small' + + elif ascii_grep 'alert\ handshake\ failure' "${ERROR}"; then + + prepend_critical_message 'Handshake failure' + + elif ascii_grep 'wrong\ version\ number' "${ERROR}"; then + + prepend_critical_message 'No TLS connection possible' + + elif ascii_grep 'tlsv1 alert decode error' "${ERROR}"; then + + prepend_critical_message 'Error decoding certificate' + + elif ascii_grep 'gethostbyname failure' "${ERROR}"; then + + ERROR='Invalid host name' + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep 'Operation\ timed\ out' "${ERROR}"; then + + ERROR='OpenSSL timed out' + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep 'write:errno=54' "${ERROR}"; then + + ERROR='No certificate returned (SNI required?)' + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep "Didn't find STARTTLS in server response, trying anyway..." "${ERROR}"; then + + ERROR="Didn't find STARTTLS in server response" + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep "unsafe legacy renegotiation disabled" "${ERROR}"; then + + ERROR="The server does not support the Renegotiation Indication Extension" + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep "no certificate or crl found" "${ERROR}"; then + + ERROR="Cannot read or parse the supplied certificate (e.g., root certificate)" + prepend_critical_message "${ERROR}" + critical "SSL_CERT_CRITICAL ${HOST_NAME}: ${ERROR}" + + else + + # Try to clean up the error message + # Remove the 'verify and depth' lines + # Take the 1st line (seems OK with the use cases I tested) + ERROR_MESSAGE=$( + grep -v '^depth' "${ERROR}" | + grep -v '^verify' | + head -n 1 + ) + + debuglog "Unknown error: ${ERROR_MESSAGE}" + + prepend_critical_message "SSL error: ${ERROR_MESSAGE}" + + fi + + else + + if ascii_grep usage "${ERROR}" && [ "${PROTOCOL}" = "ldap" ]; then + unknown "it seems that OpenSSL -starttls does not support yet LDAP" + fi + + NEGOTIATED_PROTOCOL=$( grep -F 'ALPN protocol' "${CERT}" | sed 's/^ALPN protocol:\ //' ) + debuglog "Negotiated protocol: ${NEGOTIATED_PROTOCOL}" + + # check if the protocol was really HTTP/2 + if [ "${PROTOCOL}" = 'h2' ]; then + if ! grep -q -F 'ALPN protocol: h2' "${CERT}"; then + prepend_critical_message 'The server does not support HTTP/2' + fi + fi + + fi + +} + +################################################################################ +# Adds metric to performance data +# Params +# $1 performance data in Nagios plugin format, +# see https://nagios-plugins.org/doc/guidelines.html#AEN200 +add_performance_data() { + if [ -z "${PERFORMANCE_DATA}" ]; then + PERFORMANCE_DATA="|${1}" + else + PERFORMANCE_DATA="${PERFORMANCE_DATA} $1" + fi +} + +################################################################################ +# Prepares sed-style command for variable replacement +# Params +# $1 variable name (e.g. SHORTNAME) +# $2 variable value (e.g. SSL_CERT) +var_for_sed() { + VALUE_TMP="$(echo "$2" | sed -e 's#|#\\\\|#g')" + echo "s|%$1%|${VALUE_TMP}|g" +} + +################################################################################ +# Performs a grep removing the NULL characters first +# +# As the POSIX grep does not have the -a option, we remove the NULL characters +# first to avoid the error Binary file matches +# +# Params +# $1 pattern +# $2 file +# +ascii_grep() { + tr -d '\000' <"$2" | grep -q "$1" +} + +################################################################################ +# Checks if there is an option argument (should not begin with -) +# +# Params +# $1 name of the option (e.g., '-w,--warning') to be used in the error message +# $2 next command line parameter +check_option_argument() { + + # shellcheck disable=SC2295 + if [ -z "$2" ] || [ "${2%${2#?}}"x = '-x' ]; then + unknown "'${1}' requires an argument" + fi + +} + +################################################################################ +# Parse command line options +# +# Params +# $* options +parse_command_line_options() { + + COMMAND_LINE_ARGUMENTS=$* + + while true; do + + case "$1" in + + ######################################## + # Options without arguments + + -A | --noauth) + NOAUTH=1 + shift + ;; + --all) + ALL=1 + shift + ;; + --all-local) + ALL_LOCAL=1 + shift + ;; + --allow-empty-san) + REQUIRE_SAN="" + shift + ;; + --altnames) + ALTNAMES=1 + shift + ;; + --check-ciphers-warnings) + CHECK_CIPHERS_WARNINGS=1 + shift + ;; + --crl) + CRL=1 + shift + ;; + -d | --debug) + DEBUG=$((DEBUG + 1)) + shift + ;; + --debug-cert) + DEBUG_CERT=1 + shift + ;; + --debug-time) + # start time + DEBUG_TIME=$(date +%s) + shift + ;; + -h | --help | -\?) + usage + ;; + --first-element-only) + FIRST_ELEMENT_ONLY=1 + shift + ;; + --force-dconv-date) + FORCE_DCONV_DATE=1 + shift + ;; + --force-perl-date) + FORCE_PERL_DATE=1 + shift + ;; + --http-use-get) + HTTP_METHOD="GET" + shift + ;; + --ignore-exp) + NOEXP=1 + shift + ;; + --ignore-altnames) + ALTNAMES= + shift + ;; + --ignore-host-cn) + COMMON_NAME= + ALTNAMES= + shift + ;; + --ignore-sig-alg) + NOSIGALG=1 + shift + ;; + --ignore-sct) + SCT= + shift + ;; + --ignore-ssl-labs-cache) + IGNORE_SSL_LABS_CACHE="&startNew=on" + shift + ;; + --ignore-tls-renegotiation) + IGNORE_TLS_RENEGOTIATION='1' + shift + ;; + --info) + INFO='1' + shift + ;; + --no-perf) + NO_PERF=1 + shift + ;; + --no-proxy) + NO_PROXY=1 + shift + ;; + --no-proxy-s_client) + NO_PROXY_S_CLIENT=1 + shift + ;; + --no-proxy-curl) + NO_PROXY_CURL=1 + shift + ;; + --no-ssl2 | --no_ssl2) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl2" + shift + ;; + --no-ssl3 | --no_ssl3) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl3" + shift + ;; + --no-tls1 | --no_tls1) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1" + shift + ;; + --no-tls1_1 | --no_tls1_1) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_1" + shift + ;; + --no-tls1_2 | --no_tls1_2) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_2" + shift + ;; + --no-tls1_3 | --no_tls1_3) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_3" + shift + ;; + -N | --host-cn) + COMMON_NAME="__HOST__" + shift + ;; + --prometheus) + PROMETHEUS=1 + shift + ;; + --rsa) + RSA=1 + shift + ;; + --require-no-ssl2) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv2" + shift + ;; + --require-no-ssl3) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv3" + shift + ;; + --require-no-tls1) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.0" + shift + ;; + --require-no-tls1_1) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.1" + shift + ;; + --require-ocsp-stapling) + REQUIRE_OCSP_STAPLING=1 + shift + ;; + --require-san) + REQUIRE_SAN=1 + shift + ;; + -s | --selfsigned) + SELFSIGNED=1 + shift + ;; + --ecdsa) + ECDSA=1 + shift + ;; + --ssl2) + SSL_VERSION="-ssl2" + shift + ;; + --ssl3) + SSL_VERSION="-ssl3" + shift + ;; + --tls1) + SSL_VERSION="-tls1" + shift + ;; + --tls1_1) + SSL_VERSION="-tls1_1" + shift + ;; + --tls1_2) + SSL_VERSION="-tls1_2" + shift + ;; + --tls1_3) + SSL_VERSION="-tls1_3" + shift + ;; + --ocsp) + # deprecated + shift + ;; + --ignore-incomplete-chain) + IGNORE_INCOMPLETE_CHAIN=1 + shift + ;; + --ignore-ocsp) + OCSP="" + shift + ;; + --ignore-ocsp-errors) + OCSP_IGNORE_ERRORS=1 + shift + ;; + --ignore-ocsp-timeout) + OCSP_IGNORE_TIMEOUT=1 + shift + ;; + --terse) + TERSE=1 + shift + ;; + -v | --verbose) + VERBOSE=$((VERBOSE + 1)) + shift + ;; + -V | --version) + echo "check_ssl_cert version ${VERSION}" + exit "${STATUS_UNKNOWN}" + ;; + -4) + INETPROTO="-4" + shift + ;; + -6) + INETPROTO="-6" + shift + ;; + + ######################################## + # Options with one argument + + -c | --critical) + check_option_argument '-c,--critical' "$2" + CRITICAL_DAYS="$2" + CRITICAL_SECONDS=$(days_to_seconds "${CRITICAL_DAYS}") + shift 2 + ;; + --check-ciphers) + check_option_argument '--check-ciphers' "$2" + CHECK_CIPHERS="$2" + shift 2 + ;; + --curl-bin) + check_option_argument '--curl-bin' "$2" + CURL_BIN="$2" + shift 2 + ;; + --curl-user-agent) + check_option_argument '--curl-user-agent' "$2" + CURL_USER_AGENT="$2" + shift 2 + ;; + --custom-http-header) + check_option_argument '--custom-http-header' "$2" + CUSTOM_HTTP_HEADER="$2" + shift 2 + ;; + --date) + check_option_argument '--date' "$2" + DATEBIN="$2" + shift 2 + ;; + # Deprecated option: used to be as --warning + --days) + check_option_argument '--days' "$2" + WARNING_DAYS="$2" + WARNING_SECONDS=$(days_to_seconds "${WARNING_DAYS}") + shift 2 + ;; + --debug-file) + check_option_argument '--debug-file' "$2" + DEBUG_FILE="$2" + shift 2 + ;; + --dig-bin) + check_option_argument '--dig-bin' "$2" + DIG_BIN="$2" + shift 2 + ;; + --inetproto) + check_option_argument '--inetproto' "$2" + INETPROTO="-$2" + shift 2 + ;; + --nmap-bin) + check_option_argument '--nmap-bin' "$2" + NMAP_BIN="$2" + ;; + -e | --email) + check_option_argument 'e|--email' "$2" + ADDR="$2" + shift 2 + ;; + -f | --file) + check_option_argument ' -f|--file' "$2" + FILE="$2" + # remove _HOST_ from COMMON_NAME + COMMON_NAME=$(echo "${COMMON_NAME}" | sed 's/__HOST__\ *//') + ALTNAMES= + shift 2 + ;; + --file-bin) + check_option_argument '--file-bin' "$2" + FILE_BIN="$2" + shift 2 + ;; + --format) + check_option_argument '--format' "$2" + FORMAT="$2" + shift 2 + ;; + -H | --host) + check_option_argument '-H|--host' "$2" + HOST="$2" + # remove http[s] from the input + if echo "${HOST}" | grep -F -q '://'; then + # try to remove the protocol (we do not consider URLs without + # an authority (https://en.wikipedia.org/wiki/URL) + debuglog "Stripping protocol and path from URL" + HOST=$(echo "${HOST}" | sed 's/^[a-z]*:\/\///' | sed 's/\/.*//') + fi + shift 2 + ;; + -i | --issuer) + check_option_argument '-i|--issuer' "$2" + ISSUER="$2" + shift 2 + ;; + --issuer-cert-cache) + check_option_argument '--issuer-cert-cache' "$2" + ISSUER_CERT_CACHE="$2" + shift 2 + ;; + -L | --check-ssl-labs) + check_option_argument '-L|--check-ssl-labs' "$2" + SSL_LAB_CRIT_ASSESSMENT="$2" + shift 2 + ;; + --check-ssl-labs-warn) + check_option_argument '--check-ssl-labs-warn' "$2" + SSL_LAB_WARN_ASSESTMENT="$2" + shift 2 + ;; + --serial) + check_option_argument '--serial' "$2" + SERIAL_LOCK="$2" + shift 2 + ;; + --element) + check_option_argument '--element' "$2" + ELEMENT="$2" + shift 2 + ;; + --skip-element) + check_option_argument '--skip-element' "$2" + if [ -z "${SKIP_ELEMENT}" ]; then + SKIP_ELEMENT="$2" + else + SKIP_ELEMENT="${SKIP_ELEMENT}\\n$2" + fi + shift 2 + ;; + --fingerprint) + check_option_argument '--fingerprint' "$2" + FINGERPRINT_LOCK="$2" + shift 2 + ;; + --long-output) + check_option_argument '--long-output' "$2" + LONG_OUTPUT_ATTR="$2" + shift 2 + ;; + -n | --cn) + check_option_argument ' -n|--cn' "$2" + if [ -z "${COMMON_NAME}" ]; then + COMMON_NAME="${2}" + else + COMMON_NAME="${COMMON_NAME} ${2}" + fi + debuglog "--cn specified: COMMON_MANE = ${COMMON_NAME}" + shift 2 + ;; + --not-issued-by) + check_option_argument '--not-issued-by' "$2" + NOT_ISSUED_BY="$2" + shift 2 + ;; + --not-valid-longer-than) + check_option_argument '--not-valid-longer-than' "$2" + NOT_VALID_LONGER_THAN=$2 + shift 2 + ;; + --ocsp-critical) + check_option_argument '--ocsp-critical' "$2" + OCSP_CRITICAL="$2" + shift 2 + ;; + --ocsp-warning) + check_option_argument '--ocsp-warning' "$2" + OCSP_WARNING="$2" + shift 2 + ;; + -o | --org) + check_option_argument '-o|--org' "$2" + ORGANIZATION="$2" + shift 2 + ;; + --openssl) + check_option_argument '--openssl' "$2" + OPENSSL="$2" + shift 2 + ;; + --password) + check_option_argument '--password' "$2" + PASSWORD_SOURCE="$2" + shift 2 + ;; + -p | --port) + check_option_argument '-p|--port' "$2" + PORT="$2" + XMPPPORT="$2" + shift 2 + ;; + -P | --protocol) + check_option_argument '-P|--protocol' "$2" + PROTOCOL="$2" + shift 2 + ;; + --proxy) + check_option_argument '--proxy' "$2" + PROXY="$2" + export http_proxy="$2" + shift 2 + ;; + --resolve) + check_option_argument '--resolve' "$2" + RESOLVE="$2" + shift 2 + ;; + -r | --rootcert) + check_option_argument '-r|--rootcert' "$2" + ROOT_CA="$2" + shift 2 + ;; + --rootcert-dir) + check_option_argument '--rootcert-dir' "$2" + ROOT_CA_DIR="$2" + shift 2 + ;; + --rootcert-file) + check_option_argument '--rootcert-file' "$2" + ROOT_CA_FILE="$2" + shift 2 + ;; + -C | --clientcert) + check_option_argument '-C|--clientcert' "$2" + CLIENT_CERT="$2" + shift 2 + ;; + -K | --clientkey) + check_option_argument '-K|--clientkey' "$2" + CLIENT_KEY="$2" + shift 2 + ;; + --clientpass) + if [ $# -gt 1 ]; then + CLIENT_PASS="$2" + shift 2 + else + unknown "--clientpass requires an argument" + fi + ;; + --sni) + check_option_argument '--sni' "$2" + SNI="$2" + shift 2 + ;; + -S | --ssl) + check_option_argument '' "$2" + if [ "$2" = "2" ] || [ "$2" = "3" ]; then + SSL_VERSION="-ssl${2}" + shift 2 + else + unknown "invalid argument for --ssl" + fi + ;; + -t | --timeout) + check_option_argument '-t|--timeout' "$2" + TIMEOUT="$2" + shift 2 + ;; + --temp) + check_option_argument '--temp' "$2" + TMPDIR="$2" + shift 2 + ;; + -u | --url) + check_option_argument '-u|--url' "$2" + HTTP_REQUEST_URL="$2" + shift 2 + ;; + -w | --warning) + check_option_argument '-w|--warning' "$2" + WARNING_DAYS="$2" + WARNING_SECONDS=$(days_to_seconds "${WARNING_DAYS}") + shift 2 + ;; + --xmpphost) + check_option_argument '--xmpphost' "$2" + XMPPHOST="$2" + shift 2 + ;; + + ############################## + # Variable number of arguments + --dane) + + if [ -n "${DANE}" ]; then + unknown "--dane can be specified only once" + fi + + # check the second parameter if it exist + if [ $# -gt 1 ]; then + + # shellcheck disable=SC2295 + if [ "${2%${2#?}}"x = '-x' ]; then + DANE=1 + shift + else + DANE=$2 + shift 2 + fi + + else + + DANE=1 + shift + + fi + + ;; + + --require-client-cert) + + REQUIRE_CLIENT_CERT=1 + + # check the second optional parameter if it exist + if [ $# -gt 1 ]; then + # shellcheck disable=SC2295 + if [ "${2%${2#?}}"x = '-x' ]; then + shift + else + REQUIRE_CLIENT_CERT_CAS=$2 + shift 2 + fi + else + shift + fi + + ;; + + --ignore-connection-problems) + + # default OK + IGNORE_CONNECTION_STATE="${STATUS_OK}" + + # check the second optional parameter if it exist + if [ $# -gt 1 ]; then + # shellcheck disable=SC2295 + if [ "${2%${2#?}}"x = '-x' ]; then + shift + else + IGNORE_CONNECTION_STATE=$2 + shift 2 + fi + else + shift + fi + + ;; + + ######################################## + # Special + --) + shift + break + ;; + -*) + # we try to check for grouped variables + OPTION="${1}" + # if the option begins with a single dash and it's longer than one character + OPTION_TMP="$(echo "${OPTION}" | wc -c | sed 's/\ //g')" + if ! echo "${OPTION}" | grep -q -- '^--' && + [ "${OPTION_TMP}" -gt 3 ]; then + if [ "${DEBUG}" -gt 0 ]; then + echo "[DBG] unknown option ${OPTION}: splitting since it could be an option group" + fi + for letter in $(echo "${OPTION}" | sed 's/^-//' | grep -o .); do + parse_command_line_options "-${letter}" + done + shift + else + unknown "invalid option: ${1}" + fi + ;; + *) + if [ -n "$1" ]; then + unknown "invalid option: ${1}" + fi + break + ;; + esac + + done + +} + +################################################################################ +# Main +################################################################################ +main() { + + # Default values + + ALTNAMES=1 # enabled by default + COMMON_NAME="__HOST__" # enabled by default + CRITICAL_DAYS=15 + CRITICAL_SECONDS=$(days_to_seconds "${CRITICAL_DAYS}") + CRL="" + CURL_BIN="" + CURL_PROXY="" + CURL_USER_AGENT="" + CUSTOM_HTTP_HEADER="" + DANE="" + DEBUG="0" + DIG_BIN="" + DISALLOWED_PROTOCOLS="" + ECDSA="" + ELEMENT=0 + FILE_BIN="" + FORCE_DCONV_DATE="" + FORCE_PERL_DATE="" + FORMAT="" + HTTP_METHOD="HEAD" + HTTP_REQUEST_URL="/" + IGNORE_SSL_LABS_CACHE="" + NMAP_BIN="" + NO_PROXY="" + NO_PROXY_CURL="" + NO_PROXY_S_CLIENT="" + OCSP="1" # enabled by default + OCSP_IGNORE_ERRORS="" + OCSP_IGNORE_TIMEOUT="" + PORT="" + PROMETHEUS_OUTPUT_STATUS="" + PROMETHEUS_OUTPUT_VALID="" + PROMETHEUS_OUTPUT_DAYS="" + PROXY="" + REQUIRE_OCSP_STAPLING="" + REQUIRE_SAN=1 + RSA="" + SCT="1" # enabled by default + SKIP_ELEMENT="" + SNI="" + TIMEOUT="120" + VERBOSE="0" + WARNING_DAYS=20 + WARNING_SECONDS=$(days_to_seconds "${WARNING_DAYS}") + XMPPHOST="" + XMPPPORT="5222" + + # after 2020-09-01 we could set the default to 398 days because of Apple + # https://support.apple.com/en-us/HT211025 + NOT_VALID_LONGER_THAN="" + FIRST_ELEMENT_ONLY="" + + # Set the default temp dir if not set + if [ -z "${TMPDIR}" ]; then + TMPDIR="/tmp" + fi + + ################################################################################ + # Process command line options + # + # We do not use getopts since it is unable to process long options and it is + # Bash specific. + + parse_command_line_options "$@" + + ################################################################################ + # Default ports + if [ -z "${PORT}" ]; then + + if [ -z "${PROTOCOL}" ]; then + + # default is HTTPS + PORT='443' + + else + + case "${PROTOCOL}" in + smtp) + PORT=25 + ;; + smtps) + PORT=465 + ;; + pop3) + PORT=110 + ;; + ftp | ftps) + PORT=21 + ;; + pop3s) + PORT=995 + ;; + irc | ircs) + PORT=6667 + ;; + ldap) + PORT=389 + ;; + ldaps) + PORT=636 + ;; + imap) + PORT=143 + ;; + imaps) + PORT=993 + ;; + postgres) + PORT=5432 + ;; + sieve) + PORT=4190 + ;; + http) + PORT=80 + ;; + https | h2) + PORT=443 + ;; + mysql) + PORT=3306 + ;; + *) + unknown "Error: unsupported protocol ${PROTOCOL}" + ;; + esac + + fi + + fi + + if [ -n "${DEBUG_FILE}" ]; then + open_for_appending "${DEBUG_FILE}" + date >>"${DEBUG_FILE}" + fi + + debuglog "Command line arguments: ${COMMAND_LINE_ARGUMENTS}" + debuglog " TMPDIR = ${TMPDIR}" + + if [ -n "${ALL}" ]; then + + # enable ciphers checks (level A) + SSL_LAB_CRIT_ASSESSMENT='A' + + fi + + if [ -n "${ALL_LOCAL}" ] || [ -n "${ALL}" ]; then + + # enable ciphers checks (level A) + CHECK_CIPHERS='A' + + # enable ciphers warnings + CHECK_CIPHERS_WARNINGS=1 + + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- '-no_ssl2'; then + debuglog "s_client supports -no_ssl2: disabling" + # disable SSL 2.0 and SSL 3.0 + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl2 -no_ssl3" + else + # disable SSL 3.0 (SSL 2.0 is not supported anymore) + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl3" + fi + + fi + + ############################## + # Check options: sanity checks + + if [ -z "${HOST}" ] && [ -z "${FILE}" ]; then + usage "No host specified" + elif [ -z "${HOST}" ] && [ -n "${FILE}" ]; then + HOST='localhost' + fi + + # we need the FQDN of an host to check the CN + if ! echo "${HOST}" | grep -q '[.]' && [ -z "${FILE}" ] && [ "${HOST}" != 'localhost' ]; then + debuglog "Domain for ${HOST} missing" + DOMAIN=$(nslookup "${HOST}" | grep ^Name: | head -n 1 | cut -d. -f2-) + if [ -z "${DOMAIN}" ]; then + unknown "Cannot resolve ${HOST}" + fi + debuglog "Adding domain ${DOMAIN} to ${HOST}" + HOST="${HOST}.${DOMAIN}" + debuglog "New host: ${HOST}" + fi + + ################################################################################ + # Usually SERVERADDR and SERVERNAME both contain the fully qualified domain name + # (FQDN) or IP address of the host to check + # + # If --resolve is specified (defining an alternative IP address for the HOST + # we set SERVERADDR to the address specified with --resolve and SERVERNAME to the + # FQDN of the host. + # + # In addition we set the Server Name Indication (SNI) to HOST so that when + # connecting with the IP address the server will be able to deliver the + # correct certificate + # + if [ -n "${RESOLVE}" ]; then + + debuglog "Forcing ${HOST} to resolve to ${RESOLVE}" + + HOST_ADDR="${RESOLVE}" + HOST_NAME="${HOST}" + SNI="${HOST}" + + else + + HOST_ADDR="${HOST}" + HOST_NAME="${HOST}" + + fi + + debuglog "SNI = ${SNI}" + debuglog "HOST_NAME = ${HOST_NAME}" + debuglog "HOST_ADDR = ${HOST_ADDR}" + debuglog "COMMON_NAME = ${COMMON_NAME}" + + # if the host name contains a / (e.g., a URL) the regex for COMMON_NAME substitution fails + # we check that only allowed characters are present + # we don't need a complete validation since a wrong host name will fail anyway + if ! echo "${HOST_NAME}" | grep -q '^[.a-zA-Z0-9\_\-]*$'; then + unknown "Invalid host name: ${HOST_NAME}" + fi + + # we accept underscores since some hosts with an underscore exist but these names + # are invalid: we issue a small warning + if echo "${HOST_NAME}" | grep -q '[\_]' && [ -n "${VERBOSE}" ]; then + verboselog "Warning: ${HOST_NAME} contains an underscore (invalid)" + fi + + ################################################################################ + # Set COMMON_NAME to hostname if -N was given as argument. + # COMMON_NAME may be a space separated list of hostnames. + case ${COMMON_NAME} in + *__HOST__*) + # localhost is used for files to be checked: we ignore it + if [ "${HOST_NAME}" != 'localhost' ]; then + COMMON_NAME=$(echo "${COMMON_NAME}" | sed "s/__HOST__/${HOST_NAME}/") + fi + ;; + *) ;; + esac + debuglog "COMMON_NAME = ${COMMON_NAME}" + + if [ -n "${ALTNAMES}" ] && [ -z "${COMMON_NAME}" ]; then + unknown "--altnames requires a common name to match (--cn or --host-cn)" + fi + + ############################################################################## + # file + if [ -z "${FILE_BIN}" ]; then + FILE_BIN='file' + fi + check_required_prog "${FILE_BIN}" + FILE_BIN=${PROG} + + ############################################################################## + # OpenSSL + if [ -n "${OPENSSL}" ]; then + if [ ! -x "${OPENSSL}" ]; then + unknown "${OPENSSL} is not an executable" + fi + else + OPENSSL='openssl' + fi + check_required_prog "${OPENSSL}" + OPENSSL=${PROG} + + ############################################################################## + # Root certificate + if [ -n "${ROOT_CA}" ]; then + + if [ ! -r "${ROOT_CA}" ]; then + unknown "Cannot read root certificate ${ROOT_CA}" + fi + + if [ -d "${ROOT_CA}" ]; then + ROOT_CA="-CApath ${ROOT_CA}" + elif [ -f "${ROOT_CA}" ]; then + + # check if the file is in DER format and has to be converted + if "${FILE_BIN}" -L -b "${ROOT_CA}" | grep -E -q '(data|Certificate)'; then + + create_temporary_file + ROOT_CA_PEM=${TEMPFILE} + debuglog "Converting ${ROOT_CA} (DER) to PEM: ${ROOT_CA_PEM}" + + create_temporary_file + CONVERT_ERROR=${TEMPFILE} + if ! ${OPENSSL} x509 -inform DER -outform PEM -in "${ROOT_CA}" -out "${ROOT_CA_PEM}" 2> "${CONVERT_ERROR}"; then + + CONVERT_ERROR=$( head -n 1 "${CONVERT_ERROR}" ) + prepend_critical_message "Error converting ${ROOT_CA} to PEM: ${CONVERT_ERROR}" + critical "${SHORTNAME} CRITICAL: Error converting ${ROOT_CA} to PEM: ${CONVERT_ERROR}" + + fi + + ROOT_CA="-CAfile ${ROOT_CA_PEM}" + + else + + ROOT_CA="-CAfile ${ROOT_CA}" + + fi + + else + FILE_TMP="$(file "${ROOT_CA}" 2>/dev/null)" + unknown "Root certificate of unknown type ${FILE_TMP}" + fi + + debuglog "Root CA option = ${ROOT_CA}" + + fi + + if [ -n "${REQUIRE_CLIENT_CERT}" ]; then + debuglog "Check if at at least one client certificate is accepted" + if [ -n "${REQUIRE_CLIENT_CERT_CAS}" ]; then + debuglog " from the following CAs: ${REQUIRE_CLIENT_CERT_CAS}" + fi + fi + + if [ -n "${ROOT_CA_DIR}" ]; then + + if [ ! -d "${ROOT_CA_DIR}" ]; then + unknown "${ROOT_CA_DIR} is not a directory" + fi + + if [ ! -r "${ROOT_CA_DIR}" ]; then + unknown "Cannot read root directory ${ROOT_CA_DIR}" + fi + + ROOT_CA_DIR="-CApath ${ROOT_CA_DIR}" + fi + + if [ -n "${ROOT_CA_FILE}" ]; then + + if [ ! -r "${ROOT_CA_FILE}" ]; then + unknown "Cannot read root certificate ${ROOT_CA_FILE}" + fi + + fi + + if [ -n "${ROOT_CA_DIR}" ] || [ -n "${ROOT_CA_FILE}" ]; then + if [ -n "${ROOT_CA_FILE}" ]; then + ROOT_CA="${ROOT_CA_DIR} -CAfile ${ROOT_CA_FILE}" + else + ROOT_CA="${ROOT_CA_DIR}" + fi + fi + + if [ -n "${CLIENT_CERT}" ]; then + + if [ ! -r "${CLIENT_CERT}" ]; then + unknown "Cannot read client certificate ${CLIENT_CERT}" + fi + + fi + + if [ -n "${CLIENT_KEY}" ]; then + + if [ ! -r "${CLIENT_KEY}" ]; then + unknown "Cannot read client certificate key ${CLIENT_KEY}" + fi + + fi + + if [ -n "${FILE}" ]; then + if [ ! -r "${FILE}" ]; then + unknown "Cannot read file ${FILE}" + fi + fi + + # check if grep is in the path (see #244) + if ! echo 0 | grep 0 >/dev/null 2>&1; then + unknown "cannot execute grep: please check the PATH variable (${PATH})" + fi + + if [ -n "${CRITICAL_DAYS}" ]; then + + debuglog "-c specified: ${CRITICAL_DAYS}" + + if ! echo "${CRITICAL_DAYS}" | grep -E -q '^[0-9][0-9]*(\.[0-9][0-9]*)?$'; then + unknown "invalid number of days '${CRITICAL_DAYS}'" + fi + + fi + + if [ -n "${WARNING_DAYS}" ]; then + + debuglog "-w specified: ${WARNING_DAYS}" + + if ! echo "${WARNING_DAYS}" | grep -E -q '^[0-9][0-9]*(\.[0-9][0-9]*)?$'; then + unknown "invalid number of days '${WARNING_DAYS}'" + fi + + fi + + if [ -n "${CRITICAL_DAYS}" ] && [ -n "${WARNING_DAYS}" ] && [ -n "${CRITICAL_SECONDS}" ] && [ -n "${WARNING_SECONDS}" ]; then + + # When comparing, always use values in seconds, because values in days might be floating point numbers + if [ "${WARNING_SECONDS}" -le "${CRITICAL_SECONDS}" ]; then + unknown "--warning (${WARNING_DAYS}) is less than or equal to --critical (${CRITICAL_DAYS})" + fi + + fi + + if [ -n "${NOT_VALID_LONGER_THAN}" ]; then + + debuglog "--not-valid-longer-than specified: ${NOT_VALID_LONGER_THAN}" + + if ! echo "${NOT_VALID_LONGER_THAN}" | grep -q '^[0-9][0-9]*$'; then + unknown "invalid number of days '${NOT_VALID_LONGER_THAN}'" + fi + + fi + + if [ -n "${CRL}" ] && [ -z "${ROOT_CA_FILE}" ]; then + + unknown "To be able to check CRL we need the Root Cert. Please specify it with the --rootcert-file option" + + fi + + if [ -n "${TMPDIR}" ]; then + + if [ ! -d "${TMPDIR}" ]; then + unknown "${TMPDIR} is not a directory" + fi + + if [ ! -w "${TMPDIR}" ]; then + unknown "${TMPDIR} is not writable" + fi + + fi + + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ]; then + convert_grade "${SSL_LAB_CRIT_ASSESSMENT}" + SSL_LAB_CRIT_ASSESSMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" + fi + + if [ -n "${SSL_LAB_WARN_ASSESTMENT}" ]; then + convert_grade "${SSL_LAB_WARN_ASSESTMENT}" + SSL_LAB_WARN_ASSESTMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ]; then + if [ "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ]; then + unknown '--check-ssl-labs-warn must be greater than -L|--check-ssl-labs' + fi + fi + fi + + if [ -n "${CHECK_CIPHERS}" ]; then + convert_grade "${CHECK_CIPHERS}" + CHECK_CIPHERS_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" + fi + + debuglog "ROOT_CA = ${ROOT_CA}" + + if [ -n "${IGNORE_CONNECTION_STATE}" ]; then + if ! echo "${IGNORE_CONNECTION_STATE}" | grep -q '^[0-3]$'; then + unknown "The specified state (${IGNORE_CONNECTION_STATE}) is not valid (must be 0,1,2 or 3)" + fi + fi + + ####################### + # Check needed programs + + # Signature algorithms + if [ -n "${RSA}" ] && [ -n "${ECDSA}" ]; then + unknown 'both --rsa and --ecdsa specified: cannot force both ciphers at the same time' + fi + + # check if -sigalgs is available + if [ -n "${RSA}" ] || [ -n "${ECDSA}" ]; then + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -F -- -sigalgs; then + unknown '--rsa or --ecdsa specified but OpenSSL does not support the -sigalgs option' + fi + fi + + if [ -n "${ECDSA}" ]; then + # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 + SSL_AU="ECDSA+SHA1:ECDSA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512" + fi + + if [ -n "${RSA}" ]; then + + # check if ciphers with PSS are available + if ! "${OPENSSL}" ciphers | grep -q -F 'PSS'; then + NO_PSS=1 + fi + + if echo "${SSL_VERSION_DISABLED}" | grep -F -q -- '-no_tls1_3' || + [ "${SSL_VERSION}" = '-tls1' ] || + [ "${SSL_VERSION}" = '-tls1_1' ] || + [ "${SSL_VERSION}" = '-tls1_2' ] || + [ -n "${NO_PSS}" ]; then + # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 + # see https://github.com/matteocorti/check_ssl_cert/issues/167 + SSL_AU="RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" + else + # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 + SSL_AU="RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" + fi + fi + if [ -n "${SSL_AU}" ]; then + if ! "${OPENSSL}" ciphers "${SSL_AU}" >/dev/null 2>&1; then + unknown "OpenSSL does not support cipher '${SSL_AU}'" + fi + SSL_AU="-sigalgs '${SSL_AU}'" + fi + + # mktemp + MKTEMP=$(command -v mktemp 2>/dev/null) + if [ -z "${MKTEMP}" ]; then + debuglog "mktemp not available" + else + debuglog "mktemp available: ${MKTEMP}" + fi + + # date + if [ -z "${DATEBIN}" ]; then + check_required_prog 'date' + DATEBIN=${PROG} + fi + + FILE_BIN_VERSION="$("${FILE_BIN}" --version 2>&1)" + debuglog "file version: ${FILE_BIN_VERSION}" + + # curl + if [ -z "${CURL_BIN}" ]; then + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || + [ -n "${OCSP}" ] || + [ -n "${CRL}" ] || + [ -n "${IGNORE_CONNECTION_STATE}" ]; then + debuglog "curl binary needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}, CURL = ${CRL}, IGNORE_CONNECTION_STATE=${IGNORE_CONNECTION_STATE}" + debuglog "curl binary not specified" + + check_required_prog curl + CURL_BIN=${PROG} + + debuglog "curl available: ${CURL_BIN}" + CURL_BIN_VERSION_TMP="$(${CURL_BIN} --version)" + debuglog "${CURL_BIN_VERSION_TMP}" + + else + debuglog "curl binary not needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}" + fi + else + # we check if the provided binary actually works + check_required_prog "${CURL_BIN}" + fi + + # nmap + if [ -z "${NMAP_BIN}" ]; then + + if [ -n "${DISALLOWED_PROTOCOLS}" ] || [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then + + if [ -n "${DISALLOWED_PROTOCOLS}" ]; then debuglog "nmap binary needed. DISALLOWED_PROTOCOLS = ${DISALLOWED_PROTOCOLS}"; fi + if [ -n "${CHECK_CIPHERS}" ]; then debuglog "nmap binary needed. CHECK_CIPHERS = ${CHECK_CIPHERS}"; fi + if [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then debuglog "nmap binary needed. CHECK_CIPHERS_WARNINGS"; fi + debuglog "nmap binary not specified" + + check_required_prog nmap + NMAP_BIN=${PROG} + + debuglog "nmap available: ${NMAP_BIN}" + else + debuglog "nmap binary not needed. No disallowed protocols" + fi + + else + # we check if the provided binary actually works + check_required_prog "${NMAP_BIN}" + + fi + + # Expect (optional) + EXPECT="$(command -v expect 2>/dev/null)" + test -x "${EXPECT}" || EXPECT="" + if [ -z "${EXPECT}" ]; then + verboselog "expect not available" 2 + else + verboselog "expect available (${EXPECT})" 2 + fi + + # Timeout (optional) + TIMEOUT_BIN="$(command -v timeout 2>/dev/null)" + test -x "${TIMEOUT_BIN}" || TIMEOUT_BIN="" + if [ -z "${TIMEOUT_BIN}" ]; then + verboselog "timeout not available" 2 + else + + verboselog "timeout available (${TIMEOUT_BIN})" 2 + fi + + if [ -z "${TIMEOUT_BIN}" ] && [ -z "${EXPECT}" ]; then + verboselog "disabling timeouts" 2 + fi + + PERL="$(command -v perl 2>/dev/null)" + + if [ -n "${PERL}" ]; then + debuglog "perl available: ${PERL}" + fi + + if [ -n "${DATEBIN}" ]; then + debuglog "date available: ${DATEBIN}" + fi + + DATETYPE="" + + if ! "${DATEBIN}" +%s >/dev/null 2>&1; then + + debuglog "no date binary available" + + # Perl with Date::Parse (optional) + test -x "${PERL}" || PERL="" + if [ -z "${PERL}" ]; then + verboselog "Warning: Perl not found: disabling date computations" + fi + + if ! ${PERL} -e "use Date::Parse;" >/dev/null 2>&1; then + + verboselog "Perl module Date::Parse not installed: disabling date computations" + + PERL="" + + else + + verboselog "Perl module Date::Parse installed: enabling date computations" + + DATETYPE="PERL" + + fi + + else + + debuglog 'checking date version' + + if "${DATEBIN}" --version 2>&1 | grep -F -q GNU; then + DATETYPE='GNU' + elif "${DATEBIN}" --version 2>&1 | grep -F -q BusyBox; then + DATETYPE='BUSYBOX' + else + DATETYPE='BSD' + if "${DATEBIN}" -f "%b %d %T %Y %Z" '' 2>&1 | grep -q -F 'date: unknown option -- f'; then + debuglog "Old BSD date without -f: checking for dconv" + + DCONV_BIN=$(command -v dconv) + if [ -z "${DCONV_BIN}" ]; then + unknown "Old version of date without the -f option detected and no dconv installed" + else + debuglog "dconv detected: ${DCONV_BIN}" + DATETYPE='DCONV' + fi + fi + fi + + debuglog "date computation type: ${DATETYPE}" + verboselog "Found ${DATETYPE} date with timestamp support: enabling date computations" 2 + + fi + + if [ -n "${FORCE_DCONV_DATE}" ] && [ -n "${FORCE_PERL_DATE}" ]; then + unknown "--force-dconv-date and --force-perl-date cannot be specified at the same time" + fi + if [ -n "${FORCE_PERL_DATE}" ]; then + DATETYPE="PERL" + fi + if [ -n "${FORCE_DCONV_DATE}" ]; then + + debuglog "Forcing date computations with dconv" + + DATETYPE="DCONV" + check_required_prog dconv + DCONV_BIN=${PROG} + debuglog "dconv binary: ${DCONV_BIN}" + + fi + + if [ "${DEBUG}" -ge 1 ]; then + + debuglog "check_ssl_cert version: ${VERSION}" + debuglog "OpenSSL binary: ${OPENSSL}" + if [ "${DEBUG}" -ge 1 ]; then + debuglog "OpenSSL info:" + ${OPENSSL} version -a | sed 's/^/[DBG] /' + fi + OPENSSL_DIR="$(${OPENSSL} version -d | sed -E 's/OPENSSLDIR: "([^"]*)"/\1/')" + + debuglog "OpenSSL configuration directory: ${OPENSSL_DIR}" + + DEFAULT_CA=0 + if [ -f "${OPENSSL_DIR}"/cert.pem ]; then + DEFAULT_CA="$(grep -c BEGIN "${OPENSSL_DIR}"/cert.pem)" + elif [ -f "${OPENSSL_DIR}"/certs ]; then + DEFAULT_CA="$(grep -c BEGIN "${OPENSSL_DIR}"/certs)" + fi + debuglog "${DEFAULT_CA} root certificates installed by default" + + UNAME_TMP="$(uname -a)" + debuglog " System info: ${UNAME_TMP}" + debuglog "Date computation: ${DATETYPE}" + + fi + + ################################################################################ + # Check if openssl s_client supports the -servername option + # + # openssl s_client now has a -help option, so we can use that. + # Some older versions support -servername, but not -help + # => We supply an invalid command line option to get the help + # on standard error for these intermediate versions. + # + SERVERNAME= + if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -servername || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -servername; then + + if [ -n "${SNI}" ]; then + SERVERNAME="-servername ${SNI}" + else + SERVERNAME="-servername ${HOST_NAME}" + fi + + debuglog "'${OPENSSL} s_client' supports '-servername': using ${SERVERNAME}" + + else + + verboselog "'${OPENSSL} s_client' does not support '-servername': disabling virtual server support" + + fi + + ################################################################################ + # Check if openssl s_client supports the specified protocol + if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" = 'sieve' ]; then + if ${OPENSSL} s_client "${INETPROTO}" -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || ${OPENSSL} s_client -starttls sieve 2>&1 | grep -F -q 'error: usage:'; then + unknown "OpenSSL does not support the protocol sieve" + fi + fi + + if [ -n "${PROXY}" ] && + { + [ -n "${NO_PROXY}" ] || + [ -n "${NO_PROXY_CURL}" ] || + [ -n "${NO_PROXY_S_CLIENT}" ] + }; then + unknown "Only one of --proxy or --no_proxy can be specified" + fi + + debuglog "Proxy settings (before):" + debuglog " http_proxy = ${http_proxy}" + debuglog " https_proxy = ${https_proxy}" + debuglog " HTTP_PROXY = ${HTTP_PROXY}" + debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" + + ################################################################################ + # If --no-proxy was specified unset the http_proxy variables + if [ -n "${NO_PROXY}" ]; then + debuglog "Disabling the proxy" + unset http_proxy + unset https_proxy + unset HTTP_PROXY + unset HTTPS_PROXY + fi + + ################################################################################ + # Check if openssl s_client supports the -proxy option + # + SCLIENT_PROXY= + SCLIENT_PROXY_ARGUMENT= + CURL_PROXY= + CURL_PROXY_ARGUMENT= + if [ -n "${http_proxy}" ] || [ -n "${HTTP_PROXY}" ]; then + + if [ -n "${http_proxy}" ]; then + HTTP_PROXY="${http_proxy}" + fi + + if [ -z "${https_proxy}" ]; then + # try to set https_proxy + https_proxy="${http_proxy}" + fi + + if [ -z "${HTTPS_PROXY}" ]; then + # try to set HTTPS_proxy + HTTPS_PROXY="${HTTP_PROXY}" + fi + + if ${CURL_BIN} --manual | grep -F -q -- --proxy; then + debuglog "Adding --proxy ${HTTP_PROXY} to the curl options" + CURL_PROXY="--proxy" + CURL_PROXY_ARGUMENT="${HTTP_PROXY}" + fi + + if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -proxy || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -proxy; then + SCLIENT_PROXY="-proxy" + SCLIENT_PROXY_ARGUMENT="$(echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//')" + + debuglog "Adding -proxy ${SCLIENT_PROXY_ARGUMENT} to the s_client options" + + else + + verboselog "'${OPENSSL} s_client' does not support '-proxy': HTTP_PROXY could be ignored" + + fi + + fi + + if [ -n "${NO_PROXY_CURL}" ]; then + CURL_PROXY='' + CURL_PROXY_ARGUMENT='' + fi + + if [ -n "${NO_PROXY_S_CLIENT}" ]; then + SCLIENT_PROXY='' + SCLIENT_PROXY_ARGUMENT='' + fi + + debuglog "Proxy settings (after):" + debuglog " http_proxy = ${http_proxy}" + debuglog " https_proxy = ${https_proxy}" + debuglog " HTTP_PROXY = ${HTTP_PROXY}" + debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" + debuglog " s_client = ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT}" + debuglog " curl = ${CURL_PROXY} ${CURL_PROXY_ARGUMENT}" + + ################################################################################ + # Check if openssl s_client supports the -name option + # + S_CLIENT_NAME= + if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -name || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -name; then + + CURRENT_HOSTNAME=$(hostname) + S_CLIENT_NAME="-name ${CURRENT_HOSTNAME}" + + debuglog "'${OPENSSL} s_client' supports '-name': using ${CURRENT_HOSTNAME}" + + else + + verboselog "'${OPENSSL} s_client' does not support '-name'" + + fi + + ################################################################################ + # Check if openssl s_client supports the -xmpphost option + # + if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -xmpphost; then + XMPPHOST="-xmpphost ${XMPPHOST:-${HOST_NAME}}" + debuglog "'${OPENSSL} s_client' supports '-xmpphost': using ${XMPPHOST}" + else + if [ -n "${XMPPHOST}" ]; then + unknown " s_client' does not support '-xmpphost'" + fi + XMPPHOST= + verboselog "'${OPENSSL} s_client' does not support '-xmpphost': disabling 'to' attribute" + fi + + ################################################################################ + # check if openssl s_client supports the SSL TLS version + if [ -n "${SSL_VERSION}" ]; then + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${SSL_VERSION}"; then + unknown "OpenSSL does not support the ${SSL_VERSION} version" + fi + fi + + ################################################################################ + # --inetproto validation + if [ -n "${INETPROTO}" ]; then + + # validate the arguments + if [ "${INETPROTO}" != "-4" ] && [ "${INETPROTO}" != "-6" ]; then + VERSION=$(echo "${INETPROTO}" | awk '{ string=substr($0, 2); print string; }') + unknown "Invalid argument '${VERSION}': the value must be 4 or 6" + fi + + # Check if openssl s_client supports the -4 or -6 option + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${INETPROTO}"; then + unknown "OpenSSL does not support the ${INETPROTO} option" + fi + + # Check if curl is needed and if it supports the -4 and -6 options + if [ -z "${CURL_BIN}" ]; then + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ]; then + if ! "${CURL_BIN}" --manual | grep -F -q -- -6 && [ -n "${INETPROTO}" ]; then + unknown "curl does not support the ${INETPROTO} option" + fi + fi + fi + + # check if IPv6 is available locally + if command -v ifconfig > /dev/null; then + ifconfig -a | grep -F -q inet6 + IPV6_INTERFACE=$? + elif command -v ip > /dev/null; then + ip addr | grep -F -q inet6 + IPV6_INTERFACE=$? + else + unknown "cannot determine if a network interface has IPv6 configured" + fi + + + if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" -eq "-6" ] && [ "${IPV6_INTERFACE}" -ne 0 ]; then + unknown "cannot connect using IPv6 as no local interface has IPv6 configured" + fi + + # nmap does not have a -4 switch + NMAP_INETPROTO='' + if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" = '-6' ]; then + NMAP_INETPROTO='-6' + fi + + fi + + ################################################################################ + # Check if s_client supports the no_ssl options + for S_CLIENT_OPTION in ${SSL_VERSION_DISABLED}; do + require_s_client_option "${S_CLIENT_OPTION}" + done + + ################################################################################ + # define the HTTP request string + if [ -n "${SNI}" ]; then + HOST_HEADER="${SNI}" + else + HOST_HEADER="${HOST_NAME}" + fi + debuglog "HOST_HEADER = ${HOST_HEADER}" + + # add newline if custom HTTP header is defined + if [ -n "${CUSTOM_HTTP_HEADER}" ]; then + CUSTOM_HTTP_HEADER="${CUSTOM_HTTP_HEADER}\\n" + fi + + # HTTP version + if [ "${PROTOCOL}" = 'h2' ]; then + HTTP_VERSION="2" + else + HTTP_VERSION="1.1" + fi + + HTTP_REQUEST="${HTTP_METHOD} ${HTTP_REQUEST_URL} HTTP/${HTTP_VERSION}\\nHost: ${HOST_HEADER}\\nUser-Agent: check_ssl_cert/${VERSION}\\n${CUSTOM_HTTP_HEADER}Connection: close\\n\\n" + + ############################################################################## + # Check for disallowed protocols + if [ -n "${DISALLOWED_PROTOCOLS}" ]; then + + # check if the host has an IPv6 address only (as nmap is not able to resolve without the -6 switch) + if ! host "${HOST_ADDR}" | grep -F -q ' has address ' ; then + debuglog "the host does not have an IPv4 address. Trying nmap with -6 to force IPv6 for an IPv6-only host" + NMAP_INETPROTO='-6' + fi + + debuglog "Executing ${NMAP_BIN} -Pn -p \"${PORT}\" \"${NMAP_INETPROTO}\" --script ssl-enum-ciphers \"${HOST_ADDR}\" 2>&1 | grep '^|'" + + OFFERED_PROTOCOLS=$(${NMAP_BIN} -Pn -p "${PORT}" "${NMAP_INETPROTO}" --script ssl-enum-ciphers "${HOST_ADDR}" 2>&1 | grep '^|') + + debuglog "offered ciphers and protocols:" + debuglog "${OFFERED_PROTOCOLS}" | sed 's/^|/[DBG] /' + + DISALLOWED_PROTOCOLS_FAIL= + for protocol in ${DISALLOWED_PROTOCOLS}; do + debuglog "Checking if '${protocol}' is offered" + if echo "${OFFERED_PROTOCOLS}" | grep -F -v 'No supported ciphers found' | grep -q "${protocol}"; then + debuglog "'${protocol}' is offered" + DISALLOWED_PROTOCOLS_FAIL=1 + prepend_critical_message "${protocol} is offered" + fi + done + + if [ -z "${DISALLOWED_PROTOCOLS_FAIL}" ] ; then + verboselog "no disallowed protocols offered" + fi + + fi + + ############################################################################## + # DANE + if [ -n "${DANE}" ]; then + debuglog 'checking DANE' + if [ -z "${DIG_BIN}" ]; then + DIG_BIN='dig' + fi + check_required_prog "${DIG_BIN}" + DIG_BIN=${PROG} + # check if OpenSSL supports -dane_tlsa_rrdata + if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -dane_tlsa_rrdata || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -dane_tlsa_rrdata; then + DIG_RESULT=$("${DIG_BIN}" +short TLSA "_${PORT}._tcp.${HOST_ADDR}" | while read -r L; do echo " -dane_tlsa_rrdata '${L}' "; done) + debuglog "Checking DANE (${DANE})" + debuglog "$(printf '%s\n' "${DIG_BIN} +short TLSA _${PORT}._tcp.${HOST_ADDR} =")" + debuglog "${DIG_RESULT}" + + case ${DANE} in + 1) + DANE=$(echo "${DIG_RESULT}" | tr -d '\n') + ;; + 211) + DANE=$(echo "${DIG_RESULT}" | grep -F '2 1 1' | tr -d '\n') + ;; + 301) + DANE=$(echo "${DIG_RESULT}" | grep -F '3 0 1' | tr -d '\n') + ;; + 311) + DANE=$(echo "${DIG_RESULT}" | grep -F '3 1 1' | tr -d '\n') + ;; + 312) + DANE=$(echo "${DIG_RESULT}" | grep -F '3 1 2' | tr -d '\n') + ;; + 302) + DANE=$(echo "${DIG_RESULT}" | grep -F '3 0 2' | tr -d '\n') + ;; + *) + unknown "Internal error: unknown DANE check type ${DANE}" + ;; + esac + debuglog "${#DANE} DANE =" + debuglog "${DANE}" + + if [ ${#DANE} -lt 5 ]; then + prepend_critical_message "No matching TLSA records found at _${PORT}._tcp.${HOST_ADDR}" + critical "${SHORTNAME} CRITICAL: No matching TLSA records found at _${PORT}._tcp.${HOST_ADDR}" + else + verboselog "DANE OK" + fi + DANE="${DANE} -dane_tlsa_domain ${HOST_ADDR} " + debuglog "DBG] DANE = ${DANE}" + else + unknown 'OpenSSL s_client does not support DNS-based Authentication of Named Entities' + fi + fi + + # OpenSSL 3.0.0 gives an error for legacy renegotiation: ignore the error if --ignore-tls-renegotiation was specified + if [ -n "${IGNORE_TLS_RENEGOTIATION}" ]; then + debuglog "--ignore-tls-renegotiation specified: checking OpenSSL version and -legacy_renegotiation support" + if "${OPENSSL}" s_client -help 2>&1 | grep -q -F -- "-legacy_renegotiation"; then + debuglog "OpenSSL s_client supports the -legacy_renegotiation option" + RENEGOTIATION="-legacy_renegotiation" + fi + fi + + ################################################################################ + # Connection check + if [ -n "${IGNORE_CONNECTION_STATE}" ]; then + + debuglog "Testing connection with ${HOST}:${PORT} with timeout ${TIMEOUT}" + + # we check with curl if a connection is possible + debuglog "Executing: ${CURL_BIN} --silent --connect-timeout ${TIMEOUT} ${HOST}:${PORT}" + + "${CURL_BIN}" --silent --connect-timeout "${TIMEOUT}" "${HOST}":"${PORT}" >/dev/null + CURL_EXIT_STATUS=$? + + debuglog " curl exited with status ${CURL_EXIT_STATUS}" + + # curl exit codes + # - 7 Failed to connect to host + # - 28 Timeout + if [ "${CURL_EXIT_STATUS}" -eq 28 ] || + [ "${CURL_EXIT_STATUS}" -eq 7 ]; then + + debuglog " connection timed out: exiting with code ${IGNORE_CONNECTION_STATE}" + + case "${IGNORE_CONNECTION_STATE}" in + "${STATUS_OK}") + echo "${SHORTNAME} OK: Cannot connect to ${HOST}:${PORT}" + exit "${STATUS_OK}" + ;; + "${STATUS_WARNING}") + echo "${SHORTNAME} WARNING: Cannot connect to ${HOST}:${PORT}" + exit "${STATUS_WARNING}" + ;; + "${STATUS_CRITICAL}") + echo "${SHORTNAME} CRITICAL: Cannot connect to ${HOST}:${PORT}" + exit "${STATUS_CRITICAL}" + ;; + "${STATUS_UNKNOWN}") + unknown "Cannot connect to ${HOST}:${PORT}" + ;; + *) + unknown "Wrong exit code () specified for --ignore-connection-problem" + ;; + esac + + exit + + fi + + fi + + debuglog "Sanity checks: OK" + + ################################################################################ + # Fetch the X.509 certificate + + # Temporary storage for the certificate and the errors + create_temporary_file + CERT=${TEMPFILE} + create_temporary_file + ERROR=${TEMPFILE} + + create_temporary_file + CRL_TMP_DER=${TEMPFILE} + create_temporary_file + CRL_TMP_PEM=${TEMPFILE} + create_temporary_file + CRL_TMP_CHAIN=${TEMPFILE} + + if [ -n "${OCSP}" ]; then + + create_temporary_file + ISSUER_CERT_TMP=${TEMPFILE} + create_temporary_file + ISSUER_CERT_TMP2=${TEMPFILE} + + fi + + if [ -n "${REQUIRE_OCSP_STAPLING}" ]; then + create_temporary_file + OCSP_RESPONSE_TMP=${TEMPFILE} + fi + + debuglog "Temporary files created" + + if [ -z "${FILE}" ]; then + verboselog "Downloading certificate to ${TMPDIR}" 2 + fi + + CLIENT="" + if [ -n "${CLIENT_CERT}" ]; then + CLIENT="-cert ${CLIENT_CERT}" + fi + if [ -n "${CLIENT_KEY}" ]; then + CLIENT="${CLIENT} -key ${CLIENT_KEY}" + fi + + CLIENTPASS="" + if [ -n "${CLIENT_PASS}" ]; then + CLIENTPASS="-pass pass:${CLIENT_PASS}" + fi + + # Cleanup before program termination + # Using named signals to be POSIX compliant + # shellcheck disable=SC2086 + trap_with_arg cleanup ${SIGNALS} + + fetch_certificate + + if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}"; then + + if [ -n "${SERVERNAME}" ]; then + + verboselog "'${OPENSSL} s_client' returned an error: trying without '-servername'" + + SERVERNAME="" + fetch_certificate + + fi + + if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}"; then + + prepend_critical_message 'cannot fetch certificate: OpenSSL got an unexpected message' + + fi + + fi + + # check for TLS renegotiation + if openssl_version '3.0.0' ; then + debuglog 'Skipping TLS renegotiation check as OpenSSL 3.0.0 enforces it by default' + + else + + if [ -z "${IGNORE_TLS_RENEGOTIATION}" ] && [ -z "${FILE}" ]; then + + debuglog "checking TLS renegotiation" + + # see https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/ + + case "${PROTOCOL}" in + pop3 | ftp | smtp | irc | ldap | imap | postgres | sieve | xmpp | xmpp-server | mysql) + exec_with_timeout "printf 'R\\n' | ${OPENSSL} s_client ${INETPROTO} -crlf -connect ${HOST_ADDR}:${PORT} -starttls ${PROTOCOL} 2>&1 | grep -F -q err" + RET=$? + ;; + *) + exec_with_timeout "printf 'R\\n' | ${OPENSSL} s_client ${INETPROTO} -crlf -connect ${HOST_ADDR}:${PORT} 2>&1 | grep -F -q err" + RET=$? + ;; + esac + + if [ "${RET}" -eq 1 ]; then + + if ascii_grep '^Secure\ Renegotiation\ IS\ NOT' "${CERT}" && ! ascii_grep 'TLSv1.3' "${CERT}"; then + prepend_critical_message 'TLS renegotiation is supported but not secure' + else + verboselog "TLS renegotiation OK" + fi + + else + verboselog "TLS renegotiation OK" + + fi + + fi + + fi + + # check client certificates + if [ -n "${REQUIRE_CLIENT_CERT}" ]; then + + debuglog "Checking required client cert CAs" + + if ascii_grep "No client certificate CA names sent" "${CERT}"; then + prepend_critical_message "Did not return any client certificate CA names" + else + + for ca in $(echo "${REQUIRE_CLIENT_CERT_CAS}" | tr ',' '\n'); do + + debuglog " checking ${ca}" + + if ! grep "${ca}" "${CERT}" | grep -q '^C\ =\ ' && + ! grep "${ca}" "${CERT}" | grep -q '^\/C='; then + prepend_critical_message "${ca} is not listed as an acceptable client certificate CA" + fi + + done + + fi + + fi + + if ascii_grep "BEGIN X509 CRL" "${CERT}"; then + # we are dealing with a CRL file + OPENSSL_COMMAND="crl" + OPENSSL_PARAMS="-nameopt utf8,oneline,-esc_msb" + OPENSSL_ENDDATE_OPTION="-nextupdate" + else + # look if we are dealing with a regular certificate file (x509) + if ! ascii_grep "CERTIFICATE" "${CERT}"; then + if [ -n "${FILE}" ]; then + + if [ -r "${FILE}" ]; then + + if "${OPENSSL}" crl -in "${CERT}" -inform DER | grep -F -q "BEGIN X509 CRL"; then + debuglog "File is DER encoded CRL" + + OPENSSL_COMMAND="crl" + OPENSSL_PARAMS="-inform DER -nameopt utf8,oneline,-esc_msb" + OPENSSL_ENDDATE_OPTION="-nextupdate" + else + prepend_critical_message "'${FILE}' is not a valid certificate file" + fi + + else + + prepend_critical_message "'${FILE}' is not readable" + + fi + + else + # See + # http://stackoverflow.com/questions/1251999/sed-how-can-i-replace-a-newline-n + # + # - create a branch label via :a + # - the N command appends a newline and and the next line of the input + # file to the pattern space + # - if we are before the last line, branch to the created label $!ba + # ($! means not to do it on the last line (as there should be one final newline)) + # - finally the substitution replaces every newline with a space on + # the pattern space + ERROR_MESSAGE="$(sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/; /g' "${ERROR}")" + verboselog "error: ${ERROR_MESSAGE}" + prepend_critical_message "No certificate returned" + critical "${CRITICAL_MSG}" + fi + else + # parameters for regular x509 certificates + OPENSSL_COMMAND="x509" + OPENSSL_PARAMS="-nameopt utf8,oneline,-esc_msb" + OPENSSL_ENDDATE_OPTION="-enddate" + fi + + fi + + verboselog "Parsing the ${OPENSSL_COMMAND} certificate file" 2 + + ################################################################################ + # Parse the X.509 certificate or crl + DATE="$(extract_cert_attribute 'enddate' "${CERT}")" + info "Valid until" "${DATE}" + + if [ "${OPENSSL_COMMAND}" != 'crl' ]; then + START_DATE="$(extract_cert_attribute 'startdate' "${CERT}")" + info "Valid from" "${START_DATE}" + fi + + if [ "${OPENSSL_COMMAND}" = "crl" ]; then + CN="" + SUBJECT="" + SERIAL=0 + OCSP_URI="" + VALID_ATTRIBUTES=",lastupdate,nextupdate,issuer," + ISSUERS="$(extract_cert_attribute 'issuer' "${CERT}")" + else + + # we need to remove everything before 'CN = ', to remove an eventual email + # supplied with / and additional elements (after ', ') + + if ! CN="$(extract_cert_attribute 'cn' "${CERT}")"; then + if [ -z "${ALTNAMES}" ]; then + debuglog "certificate without common name (CN), enabling altername names" + verboselog "certificate without common name (CN), enabling altername names" + ALTNAMES=1 + fi + fi + + SUBJECT="$(extract_cert_attribute 'subject' "${CERT}")" + debuglog "SUBJECT = ${SUBJECT}" + + info "Subject" "${CN}" + + SERIAL="$(extract_cert_attribute 'serial' "${CERT}")" + debuglog "SERIAL = ${SERIAL}" + + info "Serial Number" "${SERIAL}" + + FINGERPRINT="$(extract_cert_attribute 'fingerprint' "${CERT}")" + debuglog "FINGERPRINT = ${FINGERPRINT}" + + FINGERPRINT_INFO="$( echo "${FINGERPRINT}" | sed 's/Fingerprint=//' )" + info "Fingerprint" "${FINGERPRINT_INFO}" + + # TO DO: we just take the first result: a loop over all the hosts should + # be implemented + OCSP_URI="$(extract_cert_attribute 'oscp_uri_single' "${CERT}")" + debuglog "OCSP_URI = ${OCSP_URI}" + + info "Revocation information" "OCSP: ${OCSP_URI}" + + # Extract the issuers + debuglog "Extracting issuers" + + # count the certificates in the chain + NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") + debuglog " Number of certificates in the chain: ${NUM_CERTIFICATES}" + + debuglog "Checking certificate chain" + + # start with first certificate + CERT_IN_CHAIN=1 + while [ "${CERT_IN_CHAIN}" -le "${NUM_CERTIFICATES}" ]; do + + debuglog " extracting issuer for element ${CERT_IN_CHAIN}" + if echo "${SKIP_ELEMENT}" | grep -q "${CERT_IN_CHAIN}"; then + debuglog " skipping element ${CERT_IN_CHAIN}" + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + continue + fi + + if [ -n "${ISSUERS}" ]; then + # add a newline + ISSUERS="${ISSUERS} +" + fi + CERT_ELEMENT="$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}')" + + # get the organization and common name + + ELEMENT_ISSUER="$(extract_cert_attribute 'issuer' "${CERT_ELEMENT}" | grep -E "^(O|CN) ?= ?" | sed 's/^[^=]*=//' )" + + MESSAGE="$( echo "${ELEMENT_ISSUER}" | sed 's/^/ELEMENT_ISSUER=/' )" + debuglog "${MESSAGE}" + + ISSUERS="${ISSUERS}${ELEMENT_ISSUER}" + MESSAGE="$( echo "${ISSUERS}" | sed 's/^/ISSUERS=/' )" + debuglog "${MESSAGE}" + + + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + if ! [ "${ELEMENT}" -eq 0 ] && [ $((ELEMENT - CERT_IN_CHAIN)) -lt 0 ]; then + break + fi + done + + debuglog "Certificate chain check finished" + + fi + + debuglog 'ISSUERS = ' + debuglog "${ISSUERS}" + + # we just consider the first HTTP(S) URI + ISSUER_URI="$(extract_cert_attribute 'issuer_uri_single' "${CERT}")" + + # Check OCSP stapling + if [ -n "${REQUIRE_OCSP_STAPLING}" ]; then + + grep -F -A 17 'OCSP response:' "${CERT}" >"${OCSP_RESPONSE_TMP}" + + debuglog "${OCSP_RESPONSE_TMP}" + + if ! ascii_grep 'Next Update' "${OCSP_RESPONSE_TMP}"; then + prepend_critical_message "OCSP stapling not enabled" + else + NEXT_UPDATE=$(grep -o 'Next Update: .*$' "${OCSP_RESPONSE_TMP}" | cut -b14-) + OCSP_EXPIRES_IN_HOURS=$(hours_until "${NEXT_UPDATE}") + verboselog "OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours" + if [ -n "${OCSP_CRITICAL}" ] && [ "${OCSP_CRITICAL}" -ge "${OCSP_EXPIRES_IN_HOURS}" ]; then + prepend_critical_message "${OPENSSL_COMMAND} OCSP stapling will expire in ${OCSP_EXPIRES_IN_HOURS} hour(s) on ${NEXT_UPDATE}" + elif [ -n "${OCSP_WARNING}" ] && [ "${OCSP_WARNING}" -ge "${OCSP_EXPIRES_IN_HOURS}" ]; then + append_warning_message "${OPENSSL_COMMAND} OCSP stapling will expire in ${OCSP_EXPIRES_IN_HOURS} hour(s) on ${NEXT_UPDATE}" + fi + fi + + fi + + SIGNATURE_ALGORITHM="$(extract_cert_attribute 'sig_algo' "${CERT}" | sed 's/.*:\ //' )" + info "Signature algorithm" "${SIGNATURE_ALGORITHM}" + + if [ "${DEBUG}" -ge 1 ]; then + debuglog "${SUBJECT}" + debuglog "CN = ${CN}" + # shellcheck disable=SC2162 + echo "${ISSUERS}" | while read LINE; do + debuglog "CA = ${LINE}" + done + debuglog "SERIAL = ${SERIAL}" + debuglog "FINGERPRINT= ${FINGERPRINT}" + debuglog "OCSP_URI = ${OCSP_URI}" + debuglog "ISSUER_URI = ${ISSUER_URI}" + debuglog "${SIGNATURE_ALGORITHM}" + fi + + info "Issuer URI" "${ISSUER_URI}" + # shellcheck disable=SC2116,SC2086 + ISSUER_INFO="$( echo ${ISSUERS} )" + info "Issuers" "${ISSUER_INFO}" + + if echo "${SIGNATURE_ALGORITHM}" | grep -F -q "sha1"; then + + if [ -n "${NOSIGALG}" ]; then + + verboselog "${OPENSSL_COMMAND} Certificate is signed with SHA-1" + + else + + prepend_critical_message "${OPENSSL_COMMAND} Certificate is signed with SHA-1" + + fi + + fi + + if echo "${SIGNATURE_ALGORITHM}" | grep -F -qi "md5"; then + + if [ -n "${NOSIGALG}" ]; then + + verboselog "${OPENSSL_COMMAND} Certificate is signed with MD5" + + else + + prepend_critical_message "${OPENSSL_COMMAND} Certificate is signed with MD5" + + fi + + fi + + ################################################################################ + # Generate the long output + if [ -n "${LONG_OUTPUT_ATTR}" ]; then + + check_attr() { + ATTR="$1" + if ! echo "${VALID_ATTRIBUTES}" | grep -q ",${ATTR},"; then + unknown "Invalid certificate attribute: ${ATTR}" + else + # shellcheck disable=SC2086 + value="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -noout -nameopt utf8,oneline,-esc_msb -"${ATTR}" | sed -e "s/.*=//")" + LONG_OUTPUT="${LONG_OUTPUT}\\n${ATTR}: ${value}" + fi + + } + + # Split on comma + if [ "${LONG_OUTPUT_ATTR}" = "all" ]; then + LONG_OUTPUT_ATTR="${VALID_ATTRIBUTES}" + fi + attributes=$(echo "${LONG_OUTPUT_ATTR}" | tr ',' '\n') + for attribute in ${attributes}; do + check_attr "${attribute}" + done + + LONG_OUTPUT="$(echo "${LONG_OUTPUT}" | sed 's/\\n/\n/g')" + + fi + + ################################################################################ + # Check the presence of a subjectAlternativeName (required for Chrome) + + # Do not use grep --after-context=NUM but -A NUM so that it works on BusyBox + + SUBJECT_ALTERNATIVE_NAME="$(extract_cert_attribute 'subjectAlternativeName' "${CERT}")" + debuglog "subjectAlternativeName = ${SUBJECT_ALTERNATIVE_NAME}" + if [ -n "${REQUIRE_SAN}" ] && [ -z "${SUBJECT_ALTERNATIVE_NAME}" ] && [ "${OPENSSL_COMMAND}" != "crl" ]; then + prepend_critical_message "The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address." + else + verboselog "The certificate for this site contains a Subject Alternative Name extension" + fi + + for san in ${SUBJECT_ALTERNATIVE_NAME}; do + info "Subject Alternative Name" "${san}" + done + + ################################################################################ + # Check the CN + if [ -n "${COMMON_NAME}" ]; then + + ok="" + + debuglog "check CN ${CN}" + debuglog "COMMON_NAME = ${COMMON_NAME}" + debuglog "ALTNAMES = ${ALTNAMES}" + debuglog "SUBJECT_ALTERNATIVE_NAME = ${SUBJECT_ALTERNATIVE_NAME}" + + IS_IP_TMP="$(is_ip "${COMMON_NAME}")" + if [ "${IS_IP_TMP}" -eq 0 ]; then + + # Common name is case insensitive: using grep for comparison (and not 'case' with 'shopt -s nocasematch' as not defined in POSIX + if echo "${CN}" | grep -q -i '^\*\.'; then + + # Or the literal with the wildcard + CN_TMP="$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/')" + debuglog "checking if the common name matches ^${CN_TMP}\$" + if echo "${COMMON_NAME}" | grep -q -i "^${CN_TMP}\$"; then + debuglog "the common name ${COMMON_NAME} matches ^${CN_TMP}\$" + ok="true" + fi + + # Or if both are exactly the same + debuglog "checking if the common name matches ^${CN}\$" + + if echo "${COMMON_NAME}" | grep -q -i "^${CN}\$"; then + debuglog "the common name ${COMMON_NAME} matches ^${CN}\$" + ok="true" + fi + + else + + if echo "${COMMON_NAME}" | grep -q -i "^${CN}$"; then + ok="true" + fi + + fi + + else + + verboselog "Skipping the matching of the host name (${COMMON_NAME}) as it is an IP address" + COMMON_NAME_IS_AN_IP=1 + + fi + + if [ -n "${REQUIRE_SAN}" ] && [ -z "${SUBJECT_ALTERNATIVE_NAME}" ]; then + + prepend_critical_message "The certificate does not have any Subject Alternative Names" + + else + + # Check alternate names + # SUBJECT_ALTERNATIVE_NAME can also be empty + + if [ -n "${SUBJECT_ALTERNATIVE_NAME}" ]; then + + if [ -n "${ALTNAMES}" ] && [ -z "${ok}" ]; then + + debuglog "Checking alternate names" + + for cn in ${COMMON_NAME}; do + + IS_IP_TMP="$(is_ip "${cn}")" + if [ "${IS_IP_TMP}" -eq 1 ]; then + verboselog "Skipping the matching of ${cn} as it is an IP address" + continue + fi + + ok="" + + debuglog '===============================' + debuglog "checking altnames against ${cn}" + debuglog " SUBJECT_ALTERNATIVE_NAME = ${SUBJECT_ALTERNATIVE_NAME}" + + for alt_name in ${SUBJECT_ALTERNATIVE_NAME}; do + + debuglog "check Altname: ${alt_name}" + + if echo "${alt_name}" | grep -q -i '^\*\.'; then + + # Match the domain + debuglog "the altname ${alt_name} begins with a '*'" + ALT_NAME_TMP="$(echo "${alt_name}" | cut -c 3-)" + debuglog "checking if the common name matches ^${ALT_NAME_TMP}\$" + + if echo "${cn}" | grep -q -i "^${ALT_NAME_TMP}\$"; then + debuglog "the common name ${cn} matches ^${ALT_NAME_TMP}\$" + ok="true" + + fi + + # Or the literal with the wildcard + ALT_NAME_TMP="$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/')" + debuglog "checking if the common name matches ^${ALT_NAME_TMP}\$" + + if echo "${cn}" | grep -q -i "^${ALT_NAME_TMP}\$"; then + debuglog "the common name ${cn} matches ^${ALT_NAME_TMP}\$" + ok="true" + fi + + # Or if both are exactly the same + debuglog "checking if the common name matches ^${alt_name}\$" + + if echo "${cn}" | grep -q -i "^${alt_name}\$"; then + debuglog "the common name ${cn} matches ^${alt_name}\$" + ok="true" + fi + + else + + if echo "${cn}" | grep -q -i "^${alt_name}$"; then + ok="true" + fi + + fi + + if [ -n "${ok}" ]; then + break + fi + + done + + if [ -z "${ok}" ]; then + fail="${cn}" + break + fi + + done + + fi + + CN_TMP="$(echo "${CN}" | sed "s/|/ PIPE /g")" + if [ -n "${fail}" ]; then + prepend_critical_message "invalid CN ('${CN_TMP}' does not match '${fail}')" + else + if [ -z "${ok}" ] && [ -z "${COMMON_NAME_IS_AN_IP}" ]; then + prepend_critical_message "invalid CN ('${CN_TMP}' does not match '${COMMON_NAME}')" + fi + fi + + fi + + fi + + debuglog " CN check finished" + + fi + + ################################################################################ + # Check the issuer + if [ -n "${ISSUER}" ]; then + + debuglog "check ISSUER: ${ISSUER}" + + ok="" + CA_ISSUER_MATCHED=$(echo "${ISSUERS}" | grep -E "^${ISSUER}\$" | head -n1) + + debuglog " issuer matched = ${CA_ISSUER_MATCHED}" + + if [ -n "${CA_ISSUER_MATCHED}" ]; then + verboselog "The certificate issuer matches ${ISSUER}" + ok="true" + else + # this looks ugly but preserves spaces in CA name + ISSUER_TMP="$(echo "${ISSUER}" | sed "s/|/ PIPE /g")" + ISSUERS_TMP="$(echo "${ISSUERS}" | tr '\n' '|' | sed 's/|$//g' | sed "s/|/\\' or \\'/g")" + prepend_critical_message "invalid CA ('${ISSUER_TMP}' does not match '${ISSUERS_TMP}')" + fi + + fi + + ################################################################################ + # Check if not issued by + if [ -n "${NOT_ISSUED_BY}" ]; then + + debuglog "check NOT_ISSUED_BY: ${NOT_ISSUED_BY}" + + debuglog " executing echo \"${ISSUERS}\" | sed -E -e \"s/^(O|CN) ?= ?//\" | grep -E \"^${NOT_ISSUED_BY}\$\" | head -n1" + + ok="" + CA_ISSUER_MATCHED=$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | grep -E "^${NOT_ISSUED_BY}\$" | head -n1) + + debuglog " issuer matched = ${CA_ISSUER_MATCHED}" + + if [ -n "${CA_ISSUER_MATCHED}" ]; then + # this looks ugly but preserves spaces in CA name + NOT_ISSUED_BY_TMP="$(echo "${NOT_ISSUED_BY}" | sed "s/|/ PIPE /g")" + ISSUERS_TMP="$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | tr '\n' '|' | sed 's/|$//g' | sed "s/|/\\' or \\'/g")" + prepend_critical_message "invalid CA ('${NOT_ISSUED_BY_TMP}' matches '${ISSUERS_TMP}')" + else + ok="true" + CA_ISSUER_MATCHED="$(echo "${ISSUERS}" | grep -E "^CN ?= ?" | sed -E -e "s/^CN ?= ?//" | head -n1)" + fi + + else + + CA_ISSUER_MATCHED="$(echo "${ISSUERS}" | head -n1)" + + fi + + ################################################################################ + # Check the serial number + if [ -n "${SERIAL_LOCK}" ]; then + + ok="" + + if echo "${SERIAL}" | grep -q "^${SERIAL_LOCK}\$"; then + ok="true" + fi + + if [ -z "${ok}" ]; then + SERIAL_LOCK_TMP="$(echo "${SERIAL_LOCK}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid serial number ('${SERIAL_LOCK_TMP}' does not match '${SERIAL}')" + else + verboselog "Valid serial number (${SERIAL})" + fi + + fi + ################################################################################ + # Check the Fingerprint + if [ -n "${FINGERPRINT_LOCK}" ]; then + + ok="" + + if echo "${FINGERPRINT}" | grep -q -E "^${FINGERPRINT_LOCK}\$"; then + ok="true" + fi + + if [ -z "${ok}" ]; then + FINGERPRINT_LOCK_TMP="$(echo "${FINGERPRINT_LOCK}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid SHA1 Fingerprint ('${FINGERPRINT_LOCK_TMP}' does not match '${FINGERPRINT}')" + else + verboselog "Valid SHA1 fingerprint (${FINGERPRINT})" + fi + + fi + + ################################################################################ + # Check the validity + if [ -z "${NOEXP}" ]; then + + debuglog "Checking expiration date" + if [ -n "${FIRST_ELEMENT_ONLY}" ] || [ "${OPENSSL_COMMAND}" = "crl" ]; then + debuglog "Only one element or CRL" + DATE_TMP="$(cat "${CERT}")" + check_cert_end_date "${DATE_TMP}" + else + # count the certificates in the chain + NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") + debuglog "Number of certificates in CA chain: $((NUM_CERTIFICATES))" + + CERT_IN_CHAIN=1 + while [ "${CERT_IN_CHAIN}" -le "${NUM_CERTIFICATES}" ]; do + + debuglog '------------------------------------------------------------------------------' + debuglog "-- Checking element ${CERT_IN_CHAIN}" + + if echo "${SKIP_ELEMENT}" | grep -q "${CERT_IN_CHAIN}"; then + debuglog " skipping element ${CERT_IN_CHAIN}" + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + continue + fi + + elem_number=$((CERT_IN_CHAIN)) + chain_element=$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}') + + check_cert_end_date "${chain_element}" "${elem_number}" + + debuglog '------------------------------------------------------------------------------' + check_ocsp "${chain_element}" "${elem_number}" + + if [ -n "${CRL}" ]; then + debuglog '------------------------------------------------------------------------------' + check_crl "${chain_element}" "${elem_number}" + fi + + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + if ! [ "${ELEMENT}" -eq 0 ] && [ $((ELEMENT - CERT_IN_CHAIN)) -lt 0 ]; then + break + fi + + done + + debuglog '------------------------------------------------------------------------------' + + fi + + fi + + ################################################################################ + # Check nmap + if [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then + + if [ -n "${CHECK_CIPHERS}" ]; then + debuglog "Checking offered ciphers (minimum level ${CHECK_CIPHERS}: ${CHECK_CIPHERS_NUMERIC})" + fi + + create_temporary_file + NMAP_OUT=${TEMPFILE} + create_temporary_file + NMAP_ERR=${TEMPFILE} + + # -Pn is needed even if we specify a port + exec_with_timeout "${NMAP_BIN} -Pn --script ssl-enum-ciphers ${HOST_ADDR} -p ${PORT}" "${NMAP_OUT}" "${NMAP_ERR}" + + if [ "${DEBUG}" -ge 1 ]; then + debuglog 'nmap output:' + while read -r LINE; do + debuglog "${LINE}" + done <"${NMAP_OUT}" + debuglog 'nmap errors:' + if [ -s "${NMAP_ERR}" ]; then + while read -r LINE; do + debuglog "${LINE}" + done <"${NMAP_ERR}" + fi + fi + + if [ -s "${NMAP_ERR}" ]; then + + NMAP_ERROR=$(head -n 1 "${NMAP_ERR}") + + # check for -Pn warning + if ! grep -q "Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower." "${NMAP_ERR}"; then + unknown "nmap exited with error: ${NMAP_ERROR}" + fi + + fi + + + if ! grep -F -q '| ssl-enum-ciphers' "${NMAP_OUT}"; then + unknown "empty nmap result while checking ciphers" + fi + + if [ -n "${CHECK_CIPHERS}" ]; then + + if ! grep -q -F 'least strength' "${NMAP_OUT}"; then + unknown 'nmap does not deliver cipher strength' + fi + + NMAP_GRADE=$(grep -F 'least strength' "${NMAP_OUT}" | sed 's/.*\ //') + convert_grade "${NMAP_GRADE}" + NMAP_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" + + verboselog "Cipher grade ${NMAP_GRADE_NUMERIC}: ${NMAP_GRADE}" + + # Check the grade + if [ "${NMAP_GRADE_NUMERIC}" -lt "${CHECK_CIPHERS_NUMERIC}" ]; then + prepend_critical_message "${HOST_ADDR} offers ciphers with grade ${NMAP_GRADE} (instead of ${CHECK_CIPHERS})" + fi + + fi + + if [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then + + if grep -F -q 'warnings:' "${NMAP_OUT}"; then + + PARSING_WARNINGS= + WARNINGS= + while IFS= read -r line; do + + if echo "${line}" | grep -q -F 'warnings:'; then + PARSING_WARNINGS=1 + elif echo "${line}" | grep -q -F ':'; then + PARSING_WARNINGS= + elif [ -n "${PARSING_WARNINGS}" ]; then + WARNING=$(echo "${line}" | sed 's/|\ *//') + if [ -n "${WARNINGS}" ]; then + debuglog "Cipher warning '${WARNING}'" + WARNINGS="${WARNINGS} +${WARNING}" + else + WARNINGS="${WARNING}" + fi + fi + + done <"${NMAP_OUT}" + + WARNINGS="$( echo "${WARNINGS}" | sort | uniq | tr '\n' ',' | sed -e 's/,/,\ /g' -e 's/,\ $//' )" + prepend_critical_message "${HOST_ADDR} offers ciphers with warnings: ${WARNINGS}" + + else + + verboselog "No ciphers with warnings are offered" + + fi + + fi + + fi + + ################################################################################ + # Check SSL Labs + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ]; then + + while true; do + + debuglog "http_proxy = ${http_proxy}" + debuglog "HTTPS_PROXY = ${HTTPS_PROXY}" + debuglog "executing ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}\"" + + if [ -n "${SNI}" ]; then + JSON="$(${CURL_BIN} "${CURL_PROXY}" "${CURL_PROXY_ARGUMENT}" "${INETPROTO}" --silent "https://api.ssllabs.com/api/v2/analyze?host=${SNI}${IGNORE_SSL_LABS_CACHE}")" + CURL_RETURN_CODE=$? + else + JSON="$(${CURL_BIN} "${CURL_PROXY}" "${CURL_PROXY_ARGUMENT}" "${INETPROTO}" --silent "https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}")" + CURL_RETURN_CODE=$? + fi + + if [ "${CURL_RETURN_CODE}" -ne 0 ]; then + + debuglog "curl returned ${CURL_RETURN_CODE}: ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}\"" + + unknown "Error checking SSL Labs: curl returned ${CURL_RETURN_CODE}, see 'man curl' for details" + + fi + + JSON="$(printf '%s' "${JSON}" | tr '\n' ' ')" + + debuglog "Checking SSL Labs: ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}\"" + debuglog "SSL Labs JSON: ${JSON}" + + # We clear the cache only on the first run + IGNORE_SSL_LABS_CACHE="" + + if echo "${JSON}" | grep -F -q 'Running\ at\ full\ capacity.\ Please\ try\ again\ later'; then + verboselog ' SSL Labs running at full capacity' + else + + SSL_LABS_HOST_STATUS=$(echo "${JSON}" | + sed 's/.*"status":[ ]*"\([^"]*\)".*/\1/') + + debuglog "SSL Labs status: ${SSL_LABS_HOST_STATUS}" + + case "${SSL_LABS_HOST_STATUS}" in + 'ERROR') + SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" | + sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') + prepend_critical_message "Error checking SSL Labs: ${SSL_LABS_STATUS_MESSAGE}" + break + ;; + 'READY') + if ! echo "${JSON}" | grep -F -q "grade"; then + + # Something went wrong + SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" | + sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') + prepend_critical_message "SSL Labs error: ${SSL_LABS_STATUS_MESSAGE}" + break + + else + + SSL_LABS_HOST_GRADE=$(echo "${JSON}" | + sed 's/.*"grade":[ ]*"\([^"]*\)".*/\1/') + + debuglog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" + + verboselog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" + + convert_grade "${SSL_LABS_HOST_GRADE}" + SSL_LABS_HOST_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" + + add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" + + # Check the grade + if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ]; then + prepend_critical_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_CRIT_ASSESSMENT})" + elif [ -n "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then + if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then + append_warning_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_WARN_ASSESTMENT})" + fi + fi + + debuglog "SSL Labs grade (converted): ${SSL_LABS_HOST_GRADE_NUMERIC}" + + # We have a result: exit + break + + fi + ;; + 'IN_PROGRESS') + # Data not yet available: warn and continue + PROGRESS=$(echo "${JSON}" | sed 's/.*progress"://' | sed 's/,.*//') + if [ "${PROGRESS}" -eq -1 ]; then + verboselog " warning: no cached data by SSL Labs, check in progress" 2 + else + verboselog " warning: no cached data by SSL Labs, check in progress ${PROGRESS}%" 2 + fi + ;; + 'DNS') + verboselog " SSL Labs resolving the domain name" 2 + ;; + *) + # Try to extract a message + SSL_LABS_ERROR_MESSAGE=$(echo "${JSON}" | + sed 's/.*"message":[ ]*"\([^"]*\)".*/\1/') + + if [ -z "${SSL_LABS_ERROR_MESSAGE}" ]; then + SSL_LABS_ERROR_MESSAGE="${JSON}" + fi + + prepend_critical_message "Cannot check status on SSL Labs: ${SSL_LABS_ERROR_MESSAGE}" + ;; + esac + + fi + + WAIT_TIME=60 + verboselog " waiting ${WAIT_TIME} seconds" 2 + + sleep "${WAIT_TIME}" + + done + + fi + + ################################################################################ + # Check the organization + if [ -n "${ORGANIZATION}" ]; then + + debuglog "Checking organization ${ORGANIZATION}" + + ORG="$(extract_cert_attribute 'org' "${CERT}")" + debuglog " ORG = ${ORG}" + debuglog " ORGANIZATION = ${ORGANIZATION}" + + if ! echo "${ORG}" | grep -q -E "^${ORGANIZATION}"; then + ORGANIZATION_TMP="$(echo "${ORGANIZATION}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid organization ('${ORGANIZATION_TMP}' does not match '${ORG}')" + fi + + fi + + if [ "${OPENSSL_COMMAND}" != 'crl' ]; then + EMAIL="$(extract_cert_attribute 'email' "${CERT}")" + debuglog "EMAIL = ${EMAIL}" + info "Email" "${EMAIL}" + fi + + ################################################################################ + # Check the email + if [ -n "${ADDR}" ]; then + + if [ -z "${EMAIL}" ]; then + + debuglog "no email in certificate" + + prepend_critical_message "the certificate does not contain an email address" + + else + + if ! echo "${EMAIL}" | grep -q -E "^${ADDR}"; then + EMAIL_TMP="$(echo "${ADDR}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid email ('${EMAIL_TMP}' does not match ${EMAIL})" + else + verboselog "email ${ADDR} is OK" + fi + + fi + + fi + + ################################################################################ + # Check if the certificate was verified + if [ -z "${NOAUTH}" ] && ascii_grep '^verify\ error:' "${ERROR}"; then + + debuglog 'Checking if the certificate was self signed' + + if ascii_grep '^verify\ error:num=[0-9][0-9]*:self\ signed\ certificate' "${ERROR}"; then + + debuglog 'Self signed certificate' + + if [ -z "${SELFSIGNED}" ]; then + prepend_critical_message "Cannot verify certificate, self signed certificate" + else + SELFSIGNEDCERT="self signed " + fi + + elif ascii_grep '^verify\ error:num=[0-9][0-9]*:certificate\ has\ expired' "${ERROR}"; then + + debuglog 'Cannot verify since the certificate has expired.' + + else + + DEBUG_MESSAGE="$(sed 's/^/Error: /' "${ERROR}")" + debuglog "${DEBUG_MESSAGE}" + + # Process errors + # details=$(grep '^verify\ error:' "${ERROR}" | sed 's/verify\ error:num=[0-9]*://' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/, /g') + details=$(grep '^verify\ error:' "${ERROR}" | sed 's/verify\ error:num=[0-9]*://' ) + prepend_critical_message "Cannot verify certificate: ${details}" + + fi + + else + + verboselog "The certificate was successfully verified" + + fi + + ############################################################################## + # Check for Signed Certificate Timestamps (SCT) + if [ -z "${SELFSIGNED}" ] && [ "${OPENSSL_COMMAND}" != "crl" ]; then + + # check if OpenSSL supports SCTs + if openssl_version '1.1.0'; then + + debuglog 'Checking Signed Certificate Timestamps (SCTs)' + + if [ -n "${SCT}" ] && ! extract_cert_attribute 'sct' "${CERT}"; then + prepend_critical_message "Cannot find Signed Certificate Timestamps (SCT)" + else + info "SCT" "yes" + verboselog "The certificate contains signed certificate timestamps (SCT)" + fi + + else + verboselog 'warning: Skipping SCTs check as not supported by OpenSSL' + fi + fi + + # if errors exist at this point return + if [ "${CRITICAL_MSG}" != "" ]; then + critical "${CRITICAL_MSG}" + fi + + if [ "${WARNING_MSG}" != "" ]; then + warning "${WARNING_MSG}" + fi + + ################################################################################ + # If we get this far, assume all is well. :) + + # If --altnames was specified or if the certificate is wildcard, + # then we show the specified CN in addition to the certificate CN + CHECKEDNAMES="" + if [ -n "${ALTNAMES}" ] && [ -n "${COMMON_NAME}" ] && [ "${CN}" != "${COMMON_NAME}" ]; then + CHECKEDNAMES="(${COMMON_NAME}) " + elif [ -n "${COMMON_NAME}" ] && echo "${CN}" | grep -q -i '^\*\.'; then + CHECKEDNAMES="(${COMMON_NAME}) " + fi + + if [ -n "${DAYS_VALID}" ]; then + # nicer formatting + if [ "${DAYS_VALID}" -gt 1 ]; then + DAYS_VALID=" (expires in ${DAYS_VALID} days)" + elif [ "${DAYS_VALID}" -eq 1 ]; then + DAYS_VALID=" (expires tomorrow)" + elif [ "${DAYS_VALID}" -eq 0 ]; then + DAYS_VALID=" (expires today)" + elif [ "${DAYS_VALID}" -eq -1 ]; then + DAYS_VALID=" (expired yesterday)" + else + DAYS_VALID=" (expired ${DAYS_VALID} days ago)" + fi + fi + + if [ -n "${OCSP_EXPIRES_IN_HOURS}" ]; then + # nicer formatting + if [ "${OCSP_EXPIRES_IN_HOURS}" -gt 1 ]; then + OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours)" + elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 1 ]; then + OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires in one hour)" + elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 0 ]; then + OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires now)" + elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq -1 ]; then + OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expired one hour ago)" + else + OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expired ${OCSP_EXPIRES_IN_HOURS} hours ago)" + fi + fi + + if [ -n "${SSL_LABS_HOST_GRADE}" ]; then + SSL_LABS_HOST_GRADE=", SSL Labs grade: ${SSL_LABS_HOST_GRADE}" + fi + + if [ -z "${CN}" ]; then + DISPLAY_CN="" + else + DISPLAY_CN="'${CN}' " + fi + + if [ -z "${FORMAT}" ]; then + if [ -n "${TERSE}" ]; then + FORMAT="%SHORTNAME% OK %CN% %DAYS_VALID%" + else + FORMAT="%SHORTNAME% OK - %OPENSSL_COMMAND% %SELFSIGNEDCERT%certificate %DISPLAY_CN%%CHECKEDNAMES%from '%CA_ISSUER_MATCHED%' valid until %DATE%%DAYS_VALID%%OCSP_EXPIRES_IN_HOURS%%SSL_LABS_HOST_GRADE%" + fi + fi + + # long output + if [ -z "${TERSE}" ]; then + EXTRA_OUTPUT="${LONG_OUTPUT}" + fi + # performance + if [ -z "${NO_PERF}" ]; then + EXTRA_OUTPUT="${EXTRA_OUTPUT}${PERFORMANCE_DATA}" + fi + + debuglog "output parameters: CA_ISSUER_MATCHED = ${CA_ISSUER_MATCHED}" + debuglog "output parameters: CHECKEDNAMES = ${CHECKEDNAMES}" + debuglog "output parameters: CN = ${CN}" + debuglog "output parameters: DATE = ${DATE}" + debuglog "output parameters: DAYS_VALID = ${DAYS_VALID}" + debuglog "output parameters: DYSPLAY_CN = ${DISPLAY_CN}" + debuglog "output parameters: OPENSSL_COMMAND = ${OPENSSL_COMMAND}" + debuglog "output parameters: SELFSIGNEDCERT = ${SELFSIGNEDCERT}" + debuglog "output parameters: SHORTNAME = ${SHORTNAME}" + debuglog "output parameters: OCSP_EXPIRES_IN_HOURS = ${OCSP_EXPIRES_IN_HOURS}" + debuglog "output parameters: SSL_LABS_HOST_GRADE = ${SSL_LABS_HOST_GRADE}" + + if [ -z "${PROMETHEUS}" ]; then + + CA_ISSUER_MATCHED_TMP="$(var_for_sed CA_ISSUER_MATCHED "${CA_ISSUER_MATCHED}")" + CHECKEDNAMES_TMP="$(var_for_sed CHECKEDNAMES "${CHECKEDNAMES}")" + CN_TMP="$(var_for_sed CN "${CN}")" + DATE_TMP="$(var_for_sed DATE "${DATE}")" + DAYS_VALID_TMP="$(var_for_sed DAYS_VALID "${DAYS_VALID}")" + DISPLAY_CN_TMP="$(var_for_sed DISPLAY_CN "${DISPLAY_CN}")" + OPENSSL_COMMAND_TMP="$(var_for_sed OPENSSL_COMMAND "${OPENSSL_COMMAND}")" + SELFSIGNEDCERT_TMP="$(var_for_sed SELFSIGNEDCERT "${SELFSIGNEDCERT}")" + SHORTNAME_TMP="$(var_for_sed SHORTNAME "${SHORTNAME}")" + OCSP_EXPIRES_IN_HOURS_TMP="$(var_for_sed OCSP_EXPIRES_IN_HOURS "${OCSP_EXPIRES_IN_HOURS}")" + SSL_LABS_HOST_GRADE_TMP="$(var_for_sed SSL_LABS_HOST_GRADE "${SSL_LABS_HOST_GRADE}")" + + echo "${FORMAT}${EXTRA_OUTPUT}" | sed \ + -e "${CA_ISSUER_MATCHED_TMP}" \ + -e "${CHECKEDNAMES_TMP}" \ + -e "${CN_TMP}" \ + -e "${DATE_TMP}" \ + -e "${DAYS_VALID_TMP}" \ + -e "${DISPLAY_CN_TMP}" \ + -e "${OPENSSL_COMMAND_TMP}" \ + -e "${SELFSIGNEDCERT_TMP}" \ + -e "${SHORTNAME_TMP}" \ + -e "${OCSP_EXPIRES_IN_HOURS_TMP}" \ + -e "${SSL_LABS_HOST_GRADE_TMP}" + + else + + add_prometheus_status_output_line "cert_valid{cn=\"${CN}\"} 0" + prometheus_output + + fi + + remove_temporary_files + + exit "${STATUS_OK}" + +} + +# Defined externally +# shellcheck disable=SC2154 +if [ -z "${SOURCE_ONLY}" ]; then + main "${@}" +fi diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.1 nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.1 --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.1 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.1 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,408 @@ +.\" Process this file with +.\" groff -man -Tascii check_ssl_cert.1 +.\" +.TH "check_ssl_cert" 1 "December, 2021" "2.15.0" "USER COMMANDS" +.SH NAME +check_ssl_cert \- checks the validity of X.509 certificates +.SH SYNOPSIS +.BR "check_ssl_cert " "-H host [OPTIONS]" +.br +.BR "check_ssl_cert " "-f file [OPTIONS]" +.SH DESCRIPTION +.B check_ssl_cert +A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection +.SH ARGUMENTS +.TP +.BR "-f,--file" " file" +local file path (works with -H localhost only) with -f you can not only pass a x509 certificate file but also a certificate revocation list (CRL) to check the validity period +.TP +.BR "-H,--host" " host" +server +.SH OPTIONS +.TP +.BR "-A,--noauth" +ignore authority warnings (expiration only) +.TP +.BR " --all" +enables all the possible optional checks at the maximum level +.TP +.BR " --all-local" +enables all the possible optional checks at the maximum level (without SSL-Labs) +.TP +.BR " --allow-empty-san" +allow certificates without Subject Alternative Names (SANs) +.TP +.BR "-C,--clientcert" " path" +use client certificate to authenticate +.TP +.BR "-c,--critical" " days" +minimum number of days a certificate has to be valid to issue a critical status. Can be a floating point number, e.g., 0.5. Default: 15 +.TP +.BR " --check-ciphers" " grade" +checks the offered ciphers +.TP +.BR " --check-ciphers-warnings" +critical if nmap reports a warning for an offered cipher +.TP +.BR " --check-ssl-labs-warn grade" +SSL Labs grade on which to warn +.TP +.BR " --clientpass" " phrase" +set passphrase for client certificate. +.TP +.BR " --crl" +checks revocation via CRL (requires --rootcert-file) +.TP +.BR " --curl-bin" " path" +path of the curl binary to be used +.TP +.BR " --curl-user-agent" " string" +user agent that curl shall use to obtain the issuer cert +.TP +.BR " --custom-http-header" " string" +custom HTTP header sent when getting the cert example: 'X-Check-Ssl-Cert: Foobar=1' +.TP +.BR "-d,--debug" +produces debugging output (can be specified more than once) +.TP +.BR " --dane" +verify that valid DANE records exist (since OpenSSL 1.1.0) +.TP +.BR " --dane 211" +verify that a valid DANE-TA(2) SPKI(1) SHA2-256(1) TLSA record exists +.TP +.BR " --dane 301" +verify that a valid DANE-EE(3) Cert(0) SHA2-256(1) TLSA record exists +.TP +.BR " --dane 302" +verify that a valid DANE-EE(3) Cert(0) SHA2-512(2) TLSA record exists +.TP +.BR " --dane 311" +verify that a valid DANE-EE(3) SPKI(1) SHA2-256(1) TLSA record exists +.TP +.BR " --dane 312" +'verify that a valid DANE-EE(3) SPKI(1) SHA2-512(1) TLSA record exists +.TP +.BR " --date" " path" +path of the date binary to be used +.TP +.BR " --debug-cert" +stores the retrieved certificates in the current directory +.TP +.BR " --debug-file" " file" +writes the debug messages to file +.TP +.BR " --debug-time" +writes timing information in the debugging output +.TP +.BR " --dig-bin" " path" +path of the dig binary to be used +.TP +.BR "-e,--email" " address" +pattern to match the email address contained in the certificate +.TP +.BR " --ecdsa" +signature algorithm selection: force ECDSA certificate +.TP +.BR " --element" " number" +checks up to the N cert element from the beginning of the chain +.TP +.BR " --file-bin" " path" +path of the file binary to be used +.TP +.BR " --fingerprint" " SHA1" +pattern to match the SHA1-Fingerprint +.TP +.BR " --first-element-only" +verify just the first cert element, not the whole chain +.TP +.BR " --force-dconv-date" +force the usage of dconv for date computations +.TP +.BR " --force-perl-date" +force the usage of Perl for date computations +.TP +.BR " --format" " FORMAT" +format output template on success, for example: %SHORTNAME% OK %CN% from %CA_ISSUER_MATCHED% +.TP +.BR "-h,--help,-?" +this help message +.TP +.BR " --http-use-get" +use GET instead of HEAD (default) for the HTTP related checks +.TP +.BR "-i,--issuer" " issuer" +pattern to match the issuer of the certificate +.TP +.BR " --ignore-altnames" +ignores alternative names when matching pattern specified in -n (or the host name) +.TP +.BR " --ignore-connection-problems" " [state]" +in case of connection problems returns OK or the optional state +.TP +.BR " --ignore-exp" +ignore expiration date +.TP +.BR " --ignore-host-cn" +do not complain if the CN does not match the host name +.TP +.BR " --ignore-incomplete-chain" +does not check chain integrity +.TP +.BR " --ignore-ocsp" +do not check revocation with OCSP +.TP +.BR " --ignore-ocsp-errors" +continue if the OCSP status cannot be checked +.TP +.BR " --ignore-ocsp-timeout" +ignore OCSP result when timeout occurs while checking +.TP +.BR " --ignore-sct" +do not check for signed certificate timestamps (SCT) +.TP +.BR " --ignore-sig-alg" +do not check if the certificate was signed with SHA1 or MD5 +.TP +.BR " --ignore-ssl-labs-cache" +Forces a new check by SSL Labs (see -L) +.TP +.BR " --ignore-tls-renegotiation" +Ignores the TLS renegotiation check +.TP +.BR " --inetproto protocol" +Force IP version 4 or 6 +.TP +.BR " --info" +Prints certificate information +.TP +.BR " --issuer-cert-cache" " dir" +directory where to store issuer certificates cache +.TP +.BR "-K,--clientkey" " path" +use client certificate key to authenticate +.TP +.BR "-L,--check-ssl-labs grade" +SSL Labs assessment (please check https://www.ssllabs.com/about/terms.html). Critical if the grade is lower than specified. +.TP +.BR " --long-output" " list" +append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines. +Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes. +.TP +.BR "-n,--cn" " name" +pattern to match the CN of the certificate (can be specified multiple times) +.TP +.BR " --nmap-bin" " path" +path of the nmap binary to be used +.TP +.BR " --no-perf" +do not show performance data +.TP +.BR " --no-proxy" +ignores the http_proxy and https_proxy environment variables +.TP +.BR " --no-proxy-curl" +ignores the http_proxy and https_proxy environment variables for curl +.TP +.BR " --no-proxy-s_client" +ignores the http_proxy and https_proxy environment variables for openssl s_client +.TP +.BR " --no-ssl2" +disable SSL version 2 +.TP +.BR " --no-ssl3" +disable SSL version 3 +.TP +.BR " --no-tls1" +disable TLS version 1 +.TP +.BR " --no-tls1_1" +disable TLS version 1.1 +.TP +.BR " --no-tls1_3" +disable TLS version 1.3 +.TP +.BR " --no-tls1_2" +disable TLS version 1.2 +.TP +.BR " --not-issued-by" " issuer" +check that the issuer of the certificate does not match the given pattern +.TP +.BR " --not-valid-longer-than" " days" +critical if the certificate validity is longer than the specified period +.TP +.BR "-o,--org" " org" +pattern to match the organization of the certificate +.TP +.BR " --ocsp-critical" " hours" +minimum number of hours an OCSP response has to be valid to issue a critical status +.TP +.BR " --ocsp-warning" " hours" +minimum number of hours an OCSP response has to be valid to issue a warning status +.TP +.BR " --openssl" " path" +path of the openssl binary to be used +.TP +.BR "-p,--port" " port" +TCP port +.TP +.BR "-P,--protocol" " protocol" +use the specific protocol: ftp, ftps, http, https (default), h2 (HTTP/2), imap, imaps, irc, ircs, ldap, ldaps, mysql, pop3, pop3s, postgres, sieve, smtp, smtps, xmpp, xmpp-server, ftp, imap, irc, ldap, pop3, postgres, sieve, smtp: switch to TLS using StartTLS. +.br +These protocols switch to TLS using StartTLS: ftp, imap, irc, ldap, mysql, pop3, smtp. +.TP +.BR " --password" " source" +password source for a local certificate, see the PASS PHRASE ARGUMENTS section openssl(1) +.TP +.BR " --prometheus" +generates Prometheus/OpenMetrics output +.TP +.BR " --proxy" " proxy" +sets http_proxy and the s_client -proxy option +.TP +.BR "-r,--rootcert" " cert" +root certificate or directory to be used for certificate validation (passed to openssl's -CAfile or -CApath) +.TP +.BR " --require-client-cert" " [list]" +the server must accept a client certificate. 'list' is an optional comma separated list of expected client certificate CAs +.TP +.BR " --require-no-ssl2" +critical if SSL version 2 is offered +.TP +.BR " --require-no-ssl3" +critical if SSL version 3 is offered +.TP +.BR " --require-no-tls1" +critical if TLS 1 is offered +.TP +.BR " --require-no-tls1_1" +critical if TLS 1.1 is offered +.TP +.BR " --require-ocsp-stapling" +require OCSP stapling +.TP +.BR " --resolve" " ip" +provides a custom IP address for the specified host +.TP +.BR " --rootcert-dir" " dir" +root directory to be used for certificate validation (passed to openssl's -CApath) +overrides option -r,--rootcert +.TP +.BR " --rootcert-file" " cert" +root certificate to be used for certificate validation (passed to openssl's -CAfile) +overrides option -r,--rootcert +.TP +.BR " --rsa" +signature algorithm selection: force RSA certificate +.TP +.BR "-s,--selfsigned" +allows self-signed certificates +.TP +.BR " --serial" " serialnum" +pattern to match the serial number +.TP +.BR "--skip-element" " number" +skips checks on the Nth cert element (can be specified multiple times) +.TP +.BR " --sni name" +sets the TLS SNI (Server Name Indication) extension in the ClientHello message to 'name' +.TP +.BR " --ssl2" +force SSL version 2 +.TP +.BR " --ssl3" +force SSL version 3 +.TP +.BR "-t,--timeout" +seconds timeout after the specified time (defaults to 120 seconds) +.TP +.BR " --temp" " dir" +directory where to store the temporary files +.TP +.BR " --terse" +terse output (also see --verbose) +.TP +.BR " --tls1" +force TLS version 1 +.TP +.BR " --tls1_1" +force TLS version 1.1 +.TP +.BR " --tls1_2" +force TLS version 1.2 +.TP +.BR " --tls1_3" +force TLS version 1.3 +.TP +.BR "-u,--url" " URL" +HTTP request URL +.TP +.BR "-v,--verbose" +verbose output (can be specified more than once) +.TP +.BR "-V,--version" +version +.TP +.BR "-w,--warning" " days" +minimum number of days a certificate has to be valid to issue a warning status. Might be a floating point number, e.g., 0.5. Default: 20 +.TP +.BR " --xmpphost" " name" +specifies the host for the 'to' attribute of the stream element +.TP +.BR "-4" +force IPv4 +.TP +.BR "-6" +force IPv6 +.SH DEPRECATED OPTIONS +.TP +.BR " --altnames" +matches the pattern specified in -n with alternate names too (enabled by default) +.TP +.BR "-d,--days" " days" +minimum number of days a certificate has to be valid (see --critical and --warning) +.TP +.BR "-N,--host-cn" +match CN with the host name (enabled by default) +.TP +.BR "--no_ssl2" +disable SSLv2 (deprecated use --no-ssl2) +.TP +.BR "--no_ssl3" +disable SSLv3 (deprecated use --no-ssl3) +.TP +.BR "--no_tls1" +disable TLSv1 (deprecated use --no-tls1) +.TP +.BR "--no_tls1_1" +disable TLSv1.1 (deprecated use --no-tls1_1) +.TP +.BR "--no_tls1_2" +disable TLSv1.1 (deprecated use --no-tls1_2) +.TP +.BR "--no_tls1_3" +disable TLSv1.1 (deprecated use --no-tls1_3) +.TP +.BR " --ocsp" +check revocation via OCSP (enabled by default) +.TP +.BR " --require-san" +require the presence of a Subject Alternative Name extension +.TP +.BR "-S,--ssl" " version" +force SSL version (2,3) (see: --ssl2 or --ssl3) + +.SH NOTES +If the host has multiple certificates and the installed openssl version supports the -servername option it is possible to specify the TLS SNI (Server Name Identificator) with the -N (or --host-cn) option. + +.SH "EXIT STATUS" +check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems +.SH BUGS +Please report bugs to: +https://github.com/matteocorti/check_ssl_cert/issues + +.SH "EXAMPLE" +check_ssl_cert --host github.com --all-local + +.SH "SEE ALSO" +openssl(1), openssl-x509(1) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.completion nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.completion --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.completion 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.completion 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,6 @@ +#/usr/bin/env bash + +_check_ssl_cert() { +} + +complete -F _check_ssl_cert check_ssl_cert diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.spec nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.spec --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.spec 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/check_ssl_cert.spec 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,703 @@ +%define version 2.15.0 +%define release 0 +%define sourcename check_ssl_cert +%define packagename nagios-plugins-check_ssl_cert +%define nagiospluginsdir %{_libdir}/nagios/plugins + +# No binaries in this package +%define debug_package %{nil} + +Summary: A Nagios plugin to check X.509 certificates +Name: %{packagename} +Version: %{version} +Obsoletes: check_ssl_cert +Release: %{release}%{?dist} +License: GPLv3+ +Packager: Matteo Corti +Group: Applications/System +BuildRoot: %{_tmppath}/%{packagename}-%{version}-%{release}-root-%(%{__id_u} -n) +URL: https://github.com/matteocorti/check_ssl_cert +Source: https://github.com/matteocorti/check_ssl_cert/releases/download/v%{version}/check_ssl_cert-%{version}.tar.gz + +Requires: nagios-plugins expect perl(Date::Parse) + +%description +A shell script (that can be used as a Nagios plugin) to check an SSL/TLS connection + +%prep +%setup -q -n %{sourcename}-%{version} + +%build + +%install +make DESTDIR=${RPM_BUILD_ROOT}%{nagiospluginsdir} MANDIR=${RPM_BUILD_ROOT}%{_mandir} install + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%doc AUTHORS ChangeLog NEWS README.md COPYING VERSION COPYRIGHT +%attr(0755, root, root) %{nagiospluginsdir}/check_ssl_cert +%{_mandir}/man1/%{sourcename}.1* + +%changelog +* Wed Dec 15 2021 Matteo Corti - 2.15.0-0 +- Updated to 2.15.0 + +* Fri Dec 10 2021 Matteo Corti - 2.14.0-0 +- Updated to 2.14.0 + +* Wed Nov 24 2021 Matteo Corti - 2.13.0-0 +- Updated to 2.13.0 + +* Tue Nov 16 2021 Matteo Corti - 2.12.0-0 +- Updated to 2.12.0 + +* Thu Nov 11 2021 Matteo Corti - 2.11.0-0 +- Updated to 2.11.0 + +* Fri Oct 22 2021 Matteo Corti - 2.10.4-0 +- Updated to 2.10.4 + +* Thu Oct 21 2021 Matteo Corti - 2.10.3-0 +- Updated to 2.10.3 + +* Thu Oct 14 2021 Matteo Corti - 2.10.2-0 +- Updated to 2.10.2 + +* Tue Oct 12 2021 Matteo Corti - 2.10.1-0 +- Updated to 2.10.1 + +* Mon Oct 11 2021 Matteo Corti - 2.10.0-0 +- Updated to 2.10.0 + +* Wed Oct 6 2021 Matteo Corti - 2.9.1-0 +- Updated to 2.9.1 + +* Fri Oct 1 2021 Matteo Corti - 2.9.0-0 +- Updated to 2.9.0 + +* Wed Sep 29 2021 Matteo Corti - 2.8.0-0 +- Updated to 2.8.0 + +* Fri Sep 24 2021 Matteo Corti - 2.7.0-0 +- Updated to 2.7.0 + +* Tue Sep 21 2021 Matteo Corti - 2.6.1-0 +- Updated to 2.6.1 + +* Fri Sep 17 2021 Matteo Corti - 2.6.0-0 +- Updated to 2.6.0 + +* Thu Sep 16 2021 Matteo Corti - 2.5.2-0 +- Updated to 2.5.2 + +* Wed Sep 15 2021 Matteo Corti - 2.5.1-0 +- Updated to 2.5.1 + +* Wed Sep 15 2021 Matteo Corti - 2.5.0-0 +- Updated to 2.5.0 + +* Wed Sep 1 2021 Matteo Corti - 2.4.3-0 +- Updated to 2.4.3 + +* Thu Aug 27 2021 Matteo Corti - 2.4.2-0 +- Updated to 2.4.2 + +* Thu Aug 19 2021 Matteo Corti - 2.4.1-0 +- Updated to 2.4.1 + +* Mon Aug 16 2021 Matteo Corti - 2.4.0-0 +- Updated to 2.4.0 + +* Fri Aug 13 2021 Matteo Corti - 2.3.8-0 +- Updated to 2.3.8 + +* Fri Jul 9 2021 Matteo Corti - 2.3.7-0 +- Updated to 2.3.7 + +* Wed Jun 23 2021 Matteo Corti - 2.3.6-0 +- Updated to 2.3.6 + +* Tue Jun 22 2021 Matteo Corti - 2.3.5-0 +- Updated to 2.3.5 + +* Fri Jun 18 2021 Matteo Corti - 2.3.4-0 +- Updated to 2.3.4 + +* Wed Jun 16 2021 Matteo Corti - 2.3.3-0 +- Updated to 2.3.3 + +* Thu Jun 3 2021 Matteo Corti - 2.3.2-0 +- Updated to 2.3.2 + +* Fri May 28 2021 Matteo Corti - 2.3.1-0 +- Updated to 2.3.1 + +* Fri May 21 2021 Matteo Corti - 2.3.0-0 +- Updated to 2.3.0 + +* Fri May 7 2021 Matteo Corti - 2.2.0-0 +- Updated to 2.2.0 + +* Thu May 6 2021 Matteo Corti - 2.1.4-0 +- Updated to 2.1.4 + +* Wed May 5 2021 Matteo Corti - 2.1.3-0 +- Updated to 2.1.3 + +* Fri Apr 30 2021 Matteo Corti - 2.1.2-0 +- Updated to 2.1.2 + +* Thu Apr 29 2021 Matteo Corti - 2.1.1-0 +- Updated to 2.1.1 + +* Wed Apr 28 2021 Matteo Corti - 2.1.0-0 +- Updated to 2.1.0 + +* Wed Apr 7 2021 Matteo Corti - 2.0.1-0 +- Updated to 2.0.1 + +* Mon Apr 1 2021 Matteo Corti - 2.0.0-0 +- Updated to 2.0.0 + +* Mon Mar 29 2021 Matteo Corti - 1.147.0-0 +- Updated to 1.147.0 + +* Thu Mar 25 2021 Matteo Corti - 1.146.0-0 +- Updated to 1.146.0 + +* Mon Mar 15 2021 Matteo Corti - 1.145.0-0 +- Updated to 1.145.0 + +* Sun Mar 14 2021 Matteo Corti - 1.144.0-0 +- Updated to 1.144.0 + +* Fri Mar 12 2021 Matteo Corti - 1.143.0-0 +- Updated to 1.143.0 + +* Wed Mar 10 2021 Matteo Corti - 1.142.0-0 +- Updated to 1.142.0 + +* Tue Mar 9 2021 Matteo Corti - 1.141.0-0 +- Updated to 1.141.0 + +* Thu Feb 25 2021 Matteo Corti - 1.140.0-0 +- Updated to 1.140.0 + +* Wed Feb 24 2021 Matteo Corti - 1.139.0-0 +- Updated to 1.139.0 + +* Wed Feb 24 2021 Matteo Corti - 1.138.0-0 +- Updated to 1.138.0 + +* Thu Feb 18 2021 Matteo Corti - 1.137.0-0 +- Updated to 1.137.0 + +* Tue Feb 16 2021 Matteo Corti - 1.136.0-0 +- Updated to 1.136.0 + +* Thu Jan 28 2021 Matteo Corti - 1.135.0-0 +- Updated to 1.135.0 + +* Wed Jan 27 2021 Matteo Corti - 1.134.0-0 +- Updated to 1.134.0 + +* Tue Jan 26 2021 Matteo Corti - 1.133.0-0 +- Updated to 1.133.0 + +* Mon Jan 18 2021 Matteo Corti - 1.132.0-0 +- Updated to 1.132.0 + +* Fri Jan 15 2021 Matteo Corti - 1.131.0-0 +- Updated to 1.131.0 + +* Thu Jan 14 2021 Matteo Corti - 1.130.0-0 +- Updated to 1.130.0 + +* Thu Dec 24 2020 Matteo Corti - 1.129.0-0 +- Updated to 1.129.0 + +* Tue Dec 22 2020 Matteo Corti - 1.128.0-0 +- Updated to 1.128.0 + +* Mon Dec 21 2020 Matteo Corti - 1.127.0-0 +- Updated to 1.127.0 + +* Wed Dec 16 2020 Matteo Corti - 1.126.0-0 +- Updated to 1.126.0 + +* Fri Dec 11 2020 Matteo Corti - 1.125.0-0 +- Updated to 1.125.0 + +* Tue Dec 1 2020 Matteo Corti - 1.124.0-0 +- Updated to 1.124.0 + +* Mon Nov 30 2020 Matteo Corti - 1.123.0-0 +- Updated to 1.123.0 + +* Fri Aug 7 2020 Matteo Corti - 1.122.0-0 +- Updated to 1.122.0 + +* Fri Jul 24 2020 Matteo Corti - 1.121.0-0 +- Updated to 1.121.0 + +* Thu Jul 2 2020 Matteo Corti - 1.120.0-0 +- Updated to 1.120.0 + +* Wed Jul 1 2020 Matteo Corti - 1.119.0-0 +- Updated to 1.119.0 + +* Fri Jun 12 2020 Matteo Corti - 1.118.0-0 +- Updated to 1.118.0 + +* Sat Jun 6 2020 Matteo Corti - 1.117.0-0 +- Updated to 1.117.0 + +* Thu Jun 4 2020 Matteo Corti - 1.115.0-0 +- Updated to 1.115.0 + +* Wed May 27 2020 Matteo Corti - 1.114.0-0 +- Updated to 1.114.0 + +* Tue May 19 2020 Matteo Corti - 1.113.0-0 +- Updated to 1.113.0 + +* Tue Apr 7 2020 Matteo Corti - 1.112.0-0 +- Updated to 1.112.0 + +* Mon Mar 9 2020 Matteo Corti - 1.111.0-0 +- Updated to 1.111.0 + +* Mon Feb 17 2020 Matteo Corti - 1.110.0-0 +- Updated to 1.110.0 + +* Tue Jan 7 2020 Matteo Corti - 1.109.0-0 +- Updated to 1.109.0 + +* Mon Dec 23 2019 Matteo Corti - 1.108.0-0 +- Updated to 1.108.0 + +* Fri Dec 20 2019 Matteo Corti - 1.107.0-0 +- Updated to 1.107.0 + +* Thu Nov 21 2019 Matteo Corti - 1.106.0-0 +- Updated to 1.106.0 + +* Mon Nov 4 2019 Matteo Corti - 1.105.0-0 +- Updated to 1.105.0 + +* Mon Nov 4 2019 Matteo Corti - 1.104.0-0 +- Updated to 1.104.0 + +* Thu Oct 31 2019 Matteo Corti - 1.103.0-0 +- Updated to 1.103.0 + +* Fri Oct 25 2019 Matteo Corti - 1.102.0-0 +- Updated to 1.102.0 + +* Tue Oct 22 2019 Matteo Corti - 1.101.0-0 +- Updated to 1.101.0 + +* Fri Oct 18 2019 Matteo Corti - 1.100.0-0 +- Updated to 1.100.0 + +* Wed Oct 16 2019 Matteo Corti - 1.99.0-0 +- Updated to 1.99.0 +w +* Thu Oct 10 2019 Matteo Corti - 1.98.0-0 +- Updated to 1.98.0 + +* Wed Oct 9 2019 Matteo Corti - 1.97.0-0 +- Updated to 1.97.0 + +* Wed Sep 25 2019 Matteo Corti - 1.96.0-0 +- Updated to 1.96.0 + +* Tue Sep 24 2019 Matteo Corti - 1.95.0-0 +- Updated to 1.95.0 + +* Tue Sep 24 2019 Matteo Corti - 1.94.0-0 +- Updated to 1.94.0 + +* Tue Sep 24 2019 Matteo Corti - 1.93.0-0 +- Updated to 1.93.0 + +* Tue Sep 24 2019 Matteo Corti - 1.92.0-0 +- Updated to 1.92.0 + +* Tue Sep 24 2019 Matteo Corti - 1.91.0-0 +- Updated to 1.91.0 + +* Thu Sep 19 2019 Matteo Corti - 1.90.0-0 +- Updated to 1.90.0 + +* Thu Aug 22 2019 Matteo Corti - 1.89.0-0 +- Updated to 1.89.0 + +* Fri Aug 9 2019 Matteo Corti - 1.88.0-0 +- Updated to 1.88.0 + +* Thu Aug 8 2019 Matteo Corti - 1.87.0-0 +- Updated to 1.87.0 + +* Sun Jul 21 2019 Matteo Corti - 1.86.0-0 +- Updated to 1.86.0 + +* Sun Jun 2 2019 Matteo Corti - 1.85.0-0 +- Updated to 1.85.0 + +* Thu Mar 28 2019 Matteo Corti - 1.84.0-0 +- Updated to 1.84.0 + +* Fri Mar 1 2019 Matteo Corti - 1.83.0-0 +- Updated to 1.83.0 + +* Fri Feb 8 2019 Matteo Corti - 1.82.0-0 +- Updated to 1.82.0 + +* Sat Feb 2 2019 Matteo Corti - 1.81.0-0 +- Updated to 1.81.0 + +* Wed Jan 16 2019 Matteo Corti - 1.80.1-0 +- Updated to 1.80.1 + +* Mon Dec 24 2018 Matteo Corti - 1.80.0-0 +- Updated to 1.80.0 + +* Tue Dec 11 2018 Matteo Corti - 1.79.0-0 +- Updated to 1.79.0 + +* Wed Nov 7 2018 Matteo Corti - 1.78.0-0 +- Updated to 1.78.0 + +* Mon Nov 5 2018 Matteo Corti - 1.77.0-0 +- Updated to 1.77.0 + +* Fri Oct 19 2018 Matteo Corti - 1.76.0-0 +- Updated to 1.76.0 + +* Thu Oct 18 2018 Matteo Corti - 1.75.0-0 +- Updated to 1.75.0 + +* Mon Oct 15 2018 Matteo Corti - 1.74.0-0 +- Updated to 1.74.0 + +* Mon Sep 10 2018 Matteo Corti - 1.73.0-0 +- Updated to 1.73.0 + +* Mon Jul 30 2018 Matteo Corti - 1.72.0-0 +- Updated to 1.72.0 + +* Mon Jul 30 2018 Matteo Corti - 1.71.0-0 +- Updated to 1.71.0 + +* Sat Jun 28 2018 Matteo Corti - 1.70.0-0 +- Updated to 1.70.0 + +* Mon Jun 25 2018 Matteo Corti - 1.69.0-0 +- Updated to 1.69.0 + +* Sun Apr 29 2018 Matteo Corti - 1.68.0-0 +- Updated to 1.68.0 + +* Tue Apr 17 2018 Matteo Corti - 1.67.0-0 +- Updated to 1.67.0 + +* Fri Apr 6 2018 Matteo Corti - 1.66.0-0 +- Updated to 1.66.0 + +* Thu Mar 29 2018 Matteo Corti - 1.65.0-0 +- Updated to 1.65.0 + +* Wed Mar 28 2018 Matteo Corti - 1.64.0-0 +- Updated to 1.64.0 + +* Sat Mar 17 2018 Matteo Corti - 1.63.0-0 +- Updated to 1.63.0 + +* Tue Mar 6 2018 Matteo Corti - 1.62.0-0 +- Updated to 1.62.0 + +* Fri Jan 19 2018 Matteo Corti - 1.61.0-0 +- Updated to 1.61.0 + +* Fri Dec 15 2017 Matteo Corti - 1.60.0-0 +- Updated to 1.60.0 + +* Thu Dec 14 2017 Matteo Corti - 1.59.0-0 +- Updated to 1.59.0 + +* Wed Nov 29 2017 Matteo Corti - 1.58.0-0 +- Updated to 1.58.0 + +* Tue Nov 28 2017 Matteo Corti - 1.57.0-0 +- Updated to 1.57.0 + +* Fri Nov 17 2017 Matteo Corti - 1.56.0-0 +- Updated to 1.56.0 + +* Thu Nov 16 2017 Matteo Corti - 1.55.0-0 +- Updated to 1.55.0 + +* Tue Sep 19 2017 Matteo Corti - 1.54.0-0 +- Updated to 1.54.0 + +* Sun Sep 10 2017 Matteo Corti - 1.53.0-0 +- Updated to 1.53.0 + +* Sat Sep 9 2017 Matteo Corti - 1.52.0-0 +- Updated to 1.52.0 + +* Fri Jul 28 2017 Matteo Corti - 1.51.0-0 +- Updated to 1.51.0 + +* Mon Jul 24 2017 Matteo Corti - 1.50.0-0 +- Updated to 1.50.0 + +* Mon Jul 17 2017 Matteo Corti - 1.49.0-0 +- Updated to 1.49.0 + +* Fri Jun 23 2017 Matteo Corti - 1.48.0-0 +- Updated to 1.48.0 + +* Thu Jun 15 2017 Matteo Corti - 1.47.0-0 +- Updated to 1.47.0 + +* Mon May 15 2017 Matteo Corti - 1.46.0-0 +- Updated to 1.46.0 + +* Tue May 2 2017 Matteo Corti - 1.45.0-0 +- Updated to 1.45.0 + +* Fri Apr 28 2017 Matteo Corti - 1.44.0-0 +- Updated to 1.44.0 + +* Tue Mar 7 2017 Matteo Corti - 1.43.0-0 +- Updated to 1.43.0 + +* Thu Feb 16 2017 Matteo Corti - 1.42.0-0 +- Updated to 1.42.0 + +* Fri Feb 10 2017 Matteo Corti - 1.41.0-0 +- Updated to 1.41.0 + +* Wed Feb 8 2017 Matteo Corti - 1.40.0-0 +- Updated to 1.40.0 + +* Thu Feb 2 2017 Matteo Corti - 1.39.0-0 +- Updated to 1.39.0 + +* Thu Feb 2 2017 Matteo Corti - 1.38.2-0 +- Updated to 1.38.2 + +* Sun Jan 29 2017 Matteo Corti - 1.38.1-0 +- Updated to 1.38.1 + +* Sat Jan 28 2017 Matteo Corti - 1.38.0-0 +- Updated to 1.38.0 + +* Fri Dec 23 2016 Matteo Corti - 1.37.0-0 +- Updated to 1.37.0 + +* Tue Dec 13 2016 Matteo Corti - 1.36.2-0 +- Updated to 1.36.2 + +* Tue Dec 06 2016 Matteo Corti - 1.36.1-0 +- Updated to 1.36.1 + +* Sun Dec 04 2016 Matteo Corti - 1.36.0-0 +- Updated to 1.36.0 + +* Tue Oct 18 2016 Matteo Corti - 1.35.0-0 +- Updated to 1.35.0 + +* Mon Sep 19 2016 Matteo Corti - 1.34.0-0 +- Updated to 1.34.0 + +* Thu Aug 4 2016 Matteo Corti - 1.33.0-0 +- Updated to 1.33.0 + +* Fri Jul 29 2016 Matteo Corti - 1.32.0-0 +- Updated to 1.32.0 + +* Tue Jul 12 2016 Matteo Corti - 1.31.0-0 +- Updated to 1.31.0 + +* Thu Jun 30 2016 Matteo Corti - 1.30.0-0 +- Updated to 1.30.0 + +* Wed Jun 15 2016 Matteo Corti - 1.29.0-0 +- Updated to 1.29.0 + +* Wed Jun 01 2016 Matteo Corti - 1.28.0-0 +- Updated to 1.28.0 + +* Wed Apr 27 2016 Matteo Corti - 1.27.0-0 +- Updated to 1.27.0 + +* Tue Mar 29 2016 Matteo Corti - 1.26.0-0 +- Updated to 1.26.0 + +* Mon Mar 21 2016 Matteo Corti - 1.25.0-0 +- Updated to 1.25.0 + +* Wed Mar 9 2016 Matteo Corti - 1.24.0-0 +- Updated to 1.24.0 + +* Mon Mar 7 2016 Matteo Corti - 1.23.0-0 +- Updated to 1.23.0 + +* Thu Mar 3 2016 Matteo Corti - 1.22.0-0 +- Updated to 1.22.0 + +* Tue Mar 1 2016 Matteo Corti - 1.21.0-0 +- Updated to 1.21.0 + +* Fri Feb 26 2016 Matteo Corti - 1.20.0-0 +- Updated to 1.20.0 + +* Thu Feb 25 2016 Matteo Corti - 1.19.0-0 +- Updated to 1.19.0 + +* Sat Oct 31 2015 Matteo Corti - 1.18.0-0 +- Updated to 1.18.0 + +* Tue Oct 20 2015 Matteo Corti - 1.17.2-0 +- Updated to 1.17.2 + +* Tue Apr 7 2015 Matteo Corti - 1.17.1-0 +- Updated to 1.17.1 + +* Tue Oct 21 2014 Matteo Corti - 1.17.0-0 +- Updated to 1.17.0 + +* Fri Jun 6 2014 Matteo Corti - 1.16.2-0 +- updated to 1.16.2 + +* Thu May 22 2014 Andreas Dijkman - 1.16.1-1 +- Added noarch as buildarch +- Added expect and perl(Date::Parse) dependency + +* Fri Feb 28 2014 Matteo Corti - 1.16.1-0 +- Updated to 1.16.1 (rpm make target) + +* Mon Dec 23 2013 Matteo Corti - 1.16.0-0 +- Updated to 1.16.0 (force TLS) + +* Mon Jul 29 2013 Matteo Corti - 1.15.0-0 +- Updated to 1.15.0 (force SSL version) + +* Sun May 12 2013 Matteo Corti - 1.14.6-0 +- Updated to 1.16.6 (timeout and XMPP support) + +* Sat Mar 2 2013 Matteo Corti - 1.14.5-0 +- Updated to 1.14.5 (TLS and multiple names fix) + +* Fri Dec 7 2012 Matteo Corti - 1.14.4-0 +- Updated to 1.14.4 (bug fix release) + +* Wed Sep 19 2012 Matteo Corti - 1.14.3-0 +- Updated to 1.14.3 + +* Fri Jul 13 2012 Matteo Corti - 1.14.2-0 +- Updated to 1.14.2 + +* Wed Jul 11 2012 Matteo Corti - 1.14.1-0 +- Updated to 1.14.1 + +* Fri Jul 6 2012 Matteo Corti - 1.14.0-0 +- updated to 1.14.0 + +* Thu Apr 5 2012 Matteo Corti - 1.13.0-0 +- updated to 1.13.0 + +* Wed Apr 4 2012 Matteo Corti - 1.12.0-0 +- updated to 1.12.0 (bug fix release) + +* Sat Oct 22 2011 Matteo Corti - 1.11.0-0 +- updated to 1.10.1 (--altnames option) + +* Thu Sep 1 2011 Matteo Corti - 1.10.0-0 +- applied patch from Sven Nierlein for client certificate authentication + +* Thu Mar 10 2011 Matteo Corti - 1.9.1-0 +- updated to 1.9.1: allows http as protocol and fixes -N with wildcards + +* Mon Jan 24 2011 Matteo Corti - 1.9.0-0 +- updated to 1.9.0: --openssl option + +* Thu Dec 16 2010 Dan Wallis - 1.8.1-0 +- Fixed bugs with environment bleeding & shell globbing + +* Thu Dec 9 2010 Matteo Corti - 1.8.0-0 +- added support for TLS servername extension + +* Thu Oct 28 2010 Matteo Corti - 1.7.7-0 +- Fixed a bug in the signal specification + +* Thu Oct 28 2010 Matteo Corti - 1.7.6-0 +- better temporary file clean up + +* Thu Oct 14 2010 Matteo Corti - 1.7.5-0 +- updated to 1.7.5 (fixed the check order) + +* Fri Oct 1 2010 Matteo Corti - 1.7.4-0 +- added -A command line option + +* Wed Sep 15 2010 Matteo Corti - 1.7.3-0 +- Fixed a bug in the command line options processing + +* Thu Aug 26 2010 Dan Wallis - 1.7.2-0 +- updated to 1.7.2 (cat and expect fixes) + +* Thu Aug 26 2010 Dan Wallis - 1.7.1-0 +- updated to 1.7.1 ("-verify 6" revert) + +* Thu Aug 26 2010 Dan Wallis - 1.7.0-0 + +* Wed Jul 21 2010 Matteo Corti - 1.6.1-0 +- updated to 1.6.0 (--temp option) + +* Fri Jul 9 2010 Matteo Corti - 1.6.0-0 +- updated to version 1.6.0 (long options, --critical and --warning, man page) + +* Wed Jul 7 2010 Matteo Corti - 1.5.2-0 +- updated to version 1.5.2 (Wolfgang Schricker patch, see ChangeLog) + +* Thu Jul 1 2010 Matteo Corti - 1.5.1-0 +- updated to version 1.5.1 (Yannick Gravel patch, see ChangeLog) + +* Tue Jun 8 2010 Matteo Corti - 1.5.0-0 +- updated to version 1.5.0 (-s option to allow self signed certificates) + +* Thu Mar 11 2010 Matteo Corti - 1.4.4-0 +- updated to 1.4.4 (bug fix release) + +* Tue Mar 9 2010 Matteo Corti - 1.4.3-0 +- updated to 1.4.3 (-n and -N options) + +* Wed Dec 2 2009 Matteo Corti - 1.4.2-0 +- updated to 1.4.2 + +* Mon Nov 30 2009 Matteo Corti - 1.4.1-0 +- updated to 1.4.1 (-r option) + +* Mon Nov 30 2009 Matteo Corti - 1.4.0-0 +- Updated to 1.4.0: verify the certificate chain + +* Mon Mar 30 2009 Matteo Corti - 1.3.0-0 +- Tuomas Haarala patch: -P option + +* Tue May 13 2008 Matteo Corti - 1.2.2-0 +- Dan Wallis patch to include the CN in the messages + +* Mon Feb 25 2008 Matteo Corti - 1.2.1-0 +- Dan Wallis patches (error checking, see ChangeLog) + +* Mon Feb 25 2008 Matteo Corti - 1.2.0-0 +- Dan Wallis patches (see the ChangeLog) + +* Mon Sep 24 2007 Matteo Corti - 1.1.0-0 +- first RPM package diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/CODE_OF_CONDUCT.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/CODE_OF_CONDUCT.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/CODE_OF_CONDUCT.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/CODE_OF_CONDUCT.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at matteo@corti.li. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +[https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/CONTRIBUTING.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/CONTRIBUTING.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/CONTRIBUTING.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/CONTRIBUTING.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,16 @@ +# How to contribute + +## Submitting bugs + +When reporting a bug please include as much information as possible. Include the output of the plugin with the `-verbose` and `-debug` options. + +If possible give a real-life example that can be tested (e.g., a public host) + +## Submitting changes + + * Always write clear log messages for your commits + * Check the code with [ShellCheck](https://www.shellcheck.net) + * Always format the code with [shfmt](https://github.com/mvdan/sh) + * Always log your changes in the ChangeLog file + * Always test the changes `make test` and be sure that all the tests are passed + * If possible write some tests to validate the changes you did to the plugin diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/COPYING nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/COPYING --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/COPYING 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/COPYING 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,674 @@ +GNU GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. + +Preamble + +The GNU General Public License is a free, copyleft license for +software and other kinds of works. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + +For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + +Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + +Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + +Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and +modification follow. + +TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based +on the Program. + +To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +1. Source Code. + +The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + +A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + +The Corresponding Source for a work in source code form is that +same work. + +2. Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + +4. Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + +a) The work must carry prominent notices stating that you modified +it, and giving a relevant date. + +b) The work must carry prominent notices stating that it is +released under this License and any conditions added under section +7. This requirement modifies the requirement in section 4 to +"keep intact all notices". + +c) You must license the entire work, as a whole, under this +License to anyone who comes into possession of a copy. This +License will therefore apply, along with any applicable section 7 +additional terms, to the whole of the work, and all its parts, +regardless of how they are packaged. This License gives no +permission to license the work in any other way, but it does not +invalidate such permission if you have separately received it. + +d) If the work has interactive user interfaces, each must display +Appropriate Legal Notices; however, if the Program has interactive +interfaces that do not display Appropriate Legal Notices, your +work need not make them do so. + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +6. Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + +a) Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by the +Corresponding Source fixed on a durable physical medium +customarily used for software interchange. + +b) Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by a +written offer, valid for at least three years and valid for as +long as you offer spare parts or customer support for that product +model, to give anyone who possesses the object code either (1) a +copy of the Corresponding Source for all the software in the +product that is covered by this License, on a durable physical +medium customarily used for software interchange, for a price no +more than your reasonable cost of physically performing this +conveying of source, or (2) access to copy the +Corresponding Source from a network server at no charge. + +c) Convey individual copies of the object code with a copy of the +written offer to provide the Corresponding Source. This +alternative is allowed only occasionally and noncommercially, and +only if you received the object code with such an offer, in accord +with subsection 6b. + +d) Convey the object code by offering access from a designated +place (gratis or for a charge), and offer equivalent access to the +Corresponding Source in the same way through the same place at no +further charge. You need not require recipients to copy the +Corresponding Source along with the object code. If the place to +copy the object code is a network server, the Corresponding Source +may be on a different server (operated by you or a third party) +that supports equivalent copying facilities, provided you maintain +clear directions next to the object code saying where to find the +Corresponding Source. Regardless of what server hosts the +Corresponding Source, you remain obligated to ensure that it is +available for as long as needed to satisfy these requirements. + +e) Convey the object code using peer-to-peer transmission, provided +you inform other peers where the object code and Corresponding +Source of the work are being offered to the general public at no +charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +7. Additional Terms. + +"Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + +a) Disclaiming warranty or limiting liability differently from the +terms of sections 15 and 16 of this License; or + +b) Requiring preservation of specified reasonable legal notices or +author attributions in that material or in the Appropriate Legal +Notices displayed by works containing it; or + +c) Prohibiting misrepresentation of the origin of that material, or +requiring that modified versions of such material be marked in +reasonable ways as different from the original version; or + +d) Limiting the use for publicity purposes of names of licensors or +authors of the material; or + +e) Declining to grant rights under trademark law for use of some +trade names, trademarks, or service marks; or + +f) Requiring indemnification of licensors and authors of that +material by anyone who conveys the material (or modified versions of +it) with contractual assumptions of liability to the recipient, for +any liability that these contractual assumptions directly impose on +those licensors and authors. + +All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + +13. Use with the GNU Affero General Public License. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) +This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. +This is free software, and you are welcome to redistribute it +under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + +You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + +The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/COPYRIGHT nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/COPYRIGHT --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/COPYRIGHT 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/COPYRIGHT 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,115 @@ + + Copyright (c) 2007-2013 ETH Zurich + Copyright (c) 2007-2021 Matteo Corti + +with the following individuals added to the list of Contributing Authors + + Dan Wallis + Lawren Quigley-Jones + Marc Fournier + Marcus RejÃ¥s + Matteo Corti + Matthias Fuhrmeister + Raphael Thoma + Scott Worthington + Sven Nierlein + Tuomas Haarala + Wolfgang Schricker + Yannick Gravel + Jim Hopp + Javier Gonel + Christian Ruppert + Robin H. Johnson + Max Winterstein + Colin Smith + Andreas Dijkman + Ryan Nowakowski + Jérémy Lecour + Mark Ruys + Milan Koudelka + Konstantin Shalygin + Sam Richards + Sergei Shmanko + Rolf Eike Beer + Viktor Szépe + Philippe Kueck + Sander Cornelissen + Pavel Rochnyak + Vamp898 (https://github.com/Vamp898) + Emilian Ertel + Kosta Velikov + Vojtech Horky + Nicolas Lafont (https://github.com/ManicoW) + d7415 (https://github.com/d7415) + Åukasz WÄ…sikowski (https://github.com/IdahoPL) + booboo-at-gluga-de (https://github.com/booboo-at-gluga-de) + Georg (https://github.com/gbotti) + Wim van Ravesteijn (https://github.com/wimvr) + yasirathackersdotmu (https://github.com/yasirathackersdotmu) + Christoph Moench-Tegeder (https://github.com/moench-tegeder) + Dan Pritts + eeertel (https://github.com/eeertel) + Vojtech Horky (https://github.com/vhotspur) + Markus Frosch (https://github.com/lazyfrosch) + Ricardo Bartels (https://github.com/bb-Ricardo) + eimamagi (https://github.com/eimamagi) + Stefan Schlesinger + sokol-44 (https://github.com/sokol-44) + Jonas Meurer (https://github.com/mejo-) + Mathieu Simon (https://github.com/matsimon) + Nico (https://github.com/nicox) + barakAtSoluto (https://github.com/barakAtSoluto) + Valentin Heidelberger (https://github.com/va1entin) + Tone (https://github.com/anthonyhaussman) + Michael Niewiara (https://github.com/mobitux) + Zadkiel (https://github.com/aslafy-z) + Dick Visser (https://github.com/dnmvisser) + jmuecke (https://github.com/jmuecke) + iasdeoupxe (https://github.com/iasdeoupxe) + Andre Klärner (https://github.com/klaernie) + ДилÑн Палаузов (https://github.com/dilyanpalauzov) + dupondje (https://github.com/dupondje) + Jörg Thalheim (https://github.com/Mic92) + Arkadiusz MiÅ›kiewicz (https://github.com/arekm) + Thomas Weißschuh (https://github.com/t-8ch) + Jonathan Besanceney (https://github.com/jonathan-besanceney) + grizzlydev-sarl (https://github.com/grizzlydev-sarl) + processing of all the certificate in the chain, the verbose patch and the output cleanup patch + Claudio Kuenzler (https://github.com/Napsty) + jf-vf (https://github.com/jf-vf) + skanx (https://github.com/skanx) + Zadkiel (https://github.com/aslafy-z) + Marcel Burkhalter (https://github.com/explorer69) the custom HTTP header patch. + Peter Newmann (https://github.com/peternewman) + cbiedl (https://github.com/cbiedl) + Robin Schneider (https://github.com/ypid-geberit) + Robin Pronk (https://github.com/rfpronk) + tunnelpr0 (https://github.com/tunnelpr0) + Christoph Moench-Tegeder (https://github.com/moench-tegeder) + waja (https://github.com/waja) + Tobias Grünewald (https://github.com/tobias-gruenewald) + chornberger-c2c (https://github.com/chornberger-c2c) + Claus-Theodor Riegg (https://github.com/ctriegg-mak) + Ed Sabol (https://github.com/esabol) + Igor Mironov (https://github.com/mcs6502) + jalbstmeijer (https://github.com/jalbstmeijer) + Pim Rupert (https://github.com/prupert) + Alexander AleksandroviÄ Klimov (https://github.com/Al2Klimov) + Jaime Hablutzel (https://github.com/hablutzel1) + Bernd Stroessenreuther + Kim Jahn + Bernd Strößenreuther (https://github.com/booboo-at-gluga-de) + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 3 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/help.txt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/help.txt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/help.txt 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/help.txt 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,226 @@ +-H,--host host;server +-A,--noauth;ignore authority warnings (expiration +-A,--noauth;only) +--all;enables all the possible optional checks +--all;at the maximum level +--all-local;enables all the possible optional checks +--all-local;at the maximum level +--all-local;(without SSL-Labs) +--allow-empty-san;allow certificates without Subject +--allow-empty-san;Alternative Names (SANs) +--check-ciphers grade;checks the offered ciphers +--check-ciphers-warnings;critical if nmap reports a warning for an +--check-ciphers-warnings;offered cipher +-C,--clientcert path;use client certificate to authenticate +--clientpass phrase;set passphrase for client certificate. +-c,--critical days;minimum number of days a certificate has +-c,--critical days;to be valid to issue a critical status. +-c,--critical days;Can be a floating point number, e.g., 0.5 +-c,--critical days;Default: ${CRITICAL_DAYS} +--crl;checks revocation via CRL (requires +--crl;--rootcert-file) +--curl-bin path;path of the curl binary to be used +--curl-user-agent string;user agent that curl shall use to obtain +--curl-user-agent string;the issuer cert +--custom-http-header string;custom HTTP header sent when getting the +--custom-http-header string;cert example: 'X-Check-Ssl-Cert: Foobar=1' +--dane;verify that valid DANE records exist +--dane;(since OpenSSL 1.1.0) +--dane 211;verify that a valid DANE-TA(2) SPKI(1) +--dane 211;SHA2-256(1) TLSA record exists +--dane 301;verify that a valid DANE-EE(3) Cert(0) +--dane 301;SHA2-256(1) TLSA record exists +--dane 302;verify that a valid DANE-EE(3) Cert(0) +--dane 302;SHA2-512(2) TLSA record exists +--dane 311;verify that a valid DANE-EE(3) SPKI(1) +--dane 311;SHA2-256(1) TLSA record exists +--dane 312;verify that a valid DANE-EE(3) SPKI(1) +--dane 312;SHA2-512(1) TLSA record exists +--date path;path of the date binary to be used +-d,--debug;produces debugging output (can be +-d,--debug;specified more than once) +--debug-cert;stores the retrieved certificates in the +--debug-cert;current directory +--debug-file file;writes the debug messages to file +--debug-time;writes timing information in the +--debug-time;debugging output +--dig-bin path;path of the dig binary to be used +--ecdsa;signature algorithm selection: force ECDSA +--ecdsa;certificate +--element number;checks up to the N cert element from the +--element number;beginning of the chain +-e,--email address;pattern to match the email address +-e,--email address;contained in the certificate +-f,--file file;local file path (works with -H localhost +-f,--file file; only) with -f you can not only pass a x509 +-f,--file file;certificate file but also a certificate +-f,--file file;revocation list (CRL) to check the +-f,--file file;validity period +--file-bin path;path of the file binary to be used +--fingerprint SHA1;pattern to match the SHA1-Fingerprint +--first-element-only;verify just the first cert element, not +--first-element-only;the whole chain +--force-dconv-date;force the usage of dconv for date +--force-dconv-date;computations +--force-perl-date;force the usage of Perl for date +--force-perl-date;computations +--format FORMAT;format output template on success, for +--format FORMAT;example: %SHORTNAME% OK %CN% from +--format FORMAT;%CA_ISSUER_MATCHED% +-h,--help,-?;this help message +--http-use-get;use GET instead of HEAD (default) for the +--http-use-get;HTTP related checks +--ignore-altnames;ignores alternative names when matching +--ignore-altnames;pattern specified in -n (or the host name) +--ignore-connection-problems [state];in case of connection problems +--ignore-connection-problems [state];returns OK or the optional state +--ignore-exp;ignore expiration date +--ignore-host-cn;do not complain if the CN does not match +--ignore-host-cn;the host name +--ignore-incomplete-chain;does not check chain integrity +--ignore-ocsp;do not check revocation with OCSP +--ignore-ocsp-errors;continue if the OCSP status cannot be +--ignore-ocsp-errors;checked +--ignore-ocsp-timeout;ignore OCSP result when timeout occurs +--ignore-ocsp-timeout;while checking +--ignore-sig-alg;do not check if the certificate was signed +--ignore-sig-alg;with SHA1 or MD5 +--ignore-sct;do not check for signed certificate +--ignore-sct;timestamps (SCT) +--ignore-ssl-labs-cache;Forces a new check by SSL Labs (see -L) +--ignore-tls-renegotiation;Ignores the TLS renegotiation check +--inetproto protocol;Force IP version 4 or 6 +--info;Prints certificate information +-i,--issuer issuer;pattern to match the issuer of the +-i,--issuer issuer;certificate +--issuer-cert-cache dir;directory where to store issuer +--issuer-cert-cache dir;certificates cache +-K,--clientkey path;use client certificate key to authenticate +-L,--check-ssl-labs grade;SSL Labs assessment +-L,--check-ssl-labs grade;(please check +-L,--check-ssl-labs grade;https://www.ssllabs.com/about/terms.html) +--check-ssl-labs-warn grade;SSL Labs grade on which to warn +--long-output list;append the specified comma separated (no +--long-output list;spaces) list of attributes to the plugin +--long-output list;output on additional lines +--long-output list;Valid attributes are: +--long-output list;enddate, startdate, subject, issuer, +--long-output list;modulus, serial, hash, email, ocsp_uri +--long-output list;and fingerprint. +--long-output list;'all' will include all the available +--long-output list;attributes. +-n,--cn name;pattern to match the CN of the certificate +-n,--cn name;(can be specified multiple times) +--nmap-bin path;path of the nmap binary to be used +--no-perf;do not show performance data +--no-proxy;ignores the http_proxy and https_proxy +--no-proxy;environment variables +--no-proxy-curl;ignores the http_proxy and https_proxy +--no-proxy-curl;environment variables +--no-proxy-curl;for curl +--no-proxy-s_client;ignores the http_proxy and https_proxy +--no-proxy-s_client;environment variables +--no-proxy-s_client;for openssl s_client +--no-ssl2;disable SSL version 2 +--no-ssl3;disable SSL version 3 +--no-tls1;disable TLS version 1 +--no-tls1_1;disable TLS version 1.1 +--no-tls1_2;disable TLS version 1.2 +--no-tls1_3;disable TLS version 1.3 +--not-issued-by issuer;check that the issuer of the certificate +--not-issued-by issuer;does not match the given pattern +--not-valid-longer-than days;critical if the certificate validity is +--not-valid-longer-than days;longer than the specified period +--ocsp-critical hours;minimum number of hours an OCSP response +--ocsp-critical hours;has to be valid to issue a critical status +--ocsp-warning hours;minimum number of hours an OCSP response +--ocsp-warning hours;has to be valid to issue a warning status +-o,--org org;pattern to match the organization of the +-o,--org org;certificate +--openssl path;path of the openssl binary to be used +--password source;password source for a local certificate, +--password source;see the PASS PHRASE ARGUMENTS section +--password source;openssl(1) +-p,--port port;TCP port +--prometheus;generates Prometheus/OpenMetrics output +-P,--protocol protocol;use the specific protocol: +-P,--protocol protocol;ftp, ftps, http, https (default), +-P,--protocol protocol;h2 (HTTP/2), imap, imaps, irc, ircs, ldap, +-P,--protocol protocol;ldaps, mysql, pop3, pop3s, postgres, +-P,--protocol protocol;sieve, smtp, smtps, xmpp, xmpp-server. +-P,--protocol protocol;ftp, imap, irc, ldap, pop3, postgres, +-P,--protocol protocol;sieve, smtp: switch to TLS using StartTLS +--proxy proxy;sets http_proxy and the s_client -proxy +--proxy proxy;option +--require-client-cert [list];the server must accept a client +--require-client-cert [list];certificate. 'list' is an optional comma +--require-client-cert [list];separated list of expected client +--require-client-cert [list]; certificate CAs +--require-no-ssl2;critical if SSL version 2 is offered +--require-no-ssl3;critical if SSL version 3 is offered +--require-no-tls1;critical if TLS 1 is offered +--require-no-tls1_1;critical if TLS 1.1 is offered +--resolve ip;provides a custom IP address for the +--resolve ip;specified host +-s,--selfsigned;allows self-signed certificates +--serial serialnum;pattern to match the serial number +--skip-element number;skips checks on the Nth cert element (can +--skip-element number;be specified multiple times) +--sni name;sets the TLS SNI (Server Name Indication) +--sni name;extension in the ClientHello message to +--sni name;'name' +--ssl2;force SSL version 2 +--ssl3;force SSL version 3 +--require-ocsp-stapling;require OCSP stapling +-r,--rootcert path;root certificate or directory to be used +-r,--rootcert path;for certificate validation +--rootcert-dir path;root directory to be used for +--rootcert-dir path;certificate validation +--rootcert-file path;root certificate to be used for +--rootcert-file path;certificate validation +--rsa;signature algorithm selection: force RSA +--rsa;certificate +--temp dir;directory where to store the temporary +--temp dir;files +--terse;terse output +-t,--timeout;seconds timeout after the specified time +-t,--timeout;(defaults to ${TIMEOUT} seconds) +--tls1;force TLS version 1 +--tls1_1;force TLS version 1.1 +--tls1_2;force TLS version 1.2 +--tls1_3;force TLS version 1.3 +-u,--url URL;HTTP request URL +-v,--verbose;verbose output (can be specified more than +-v,--verbose;once) +-V,--version;version +-w,--warning days;minimum number of days a certificate has +-w,--warning days;to be valid to issue a warning status. +-w,--warning days;Can be a floating point number, e.g., 0.5 +-w,--warning days;Default: ${WARNING_DAYS}" +--xmpphost name;specifies the host for the 'to' attribute +--xmpphost name;of the stream element +-4;force IPv4 +-6;force IPv6 +--altnames;matches the pattern specified in -n with +--altnames;alternate names too (enabled by default) +--days days;minimum number of days a certificate has +--days days;to be valid +--days days;(see --critical and --warning) +-N,--host-cn;match CN with the host name +-N,--host-cn;(enabled by default) +--no_ssl2;disable SSLv2 (deprecated use --no-ssl2) +--no_ssl3;disable SSLv3 (deprecated use --no-ssl3) +--no_tls1;disable TLSv1 (deprecated use --no-tls1) +--no_tls1_1;disable TLSv1.1 (deprecated use +--no_tls1_1;--no-tls1_1) +--no_tls1_2;disable TLSv1.1 (deprecated use +--no_tls1_2;--no-tls1_2) +--no_tls1_3;disable TLSv1.1 (deprecated use +--no_tls1_3;--no-tls1_3) +--ocsp;check revocation via OCSP (enabled by +--ocsp;default) +--require-san;require the presence of a Subject +--require-san;Alternative Name +--require-san;extension +-S,--ssl version;force SSL version (2,3) +-S,--ssl version;(see: --ssl2 or --ssl3) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/INSTALL.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/INSTALL.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/INSTALL.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/INSTALL.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,30 @@ +# check\_ssl\_check + +## Requirements + +* [OpenSSL](https://www.openssl.org) +* [curl](https://curl.se) +* ```date``` +* ```file``` + +## Optional dependencies + +* check\_ssl\_cert requires [```expect```](http://en.wikipedia.org/wiki/Expect) or [```timeout```](https://man7.org/linux/man-pages/man1/timeout.1.html) to enable timeouts. If ```expect``` or ```timeout``` are not present on your system timeouts will be disabled. +* ```dig``` for DANE checks +* [nmap](https://nmap.org) for the disallowed protocols and cyphers checks +* ```expand`` for ```--info``` +* ```tar``` and ```bzip2``` to build release packages +* ```ip``` or ```ifconfig``` to be able to use the ```-4``` and ```-6``` options + +## Development + +Following tools are required for development: + +* [shUnit2](https://github.com/kward/shunit2) for the tests +* [shfmt](https://github.com/mvdan/sh) to format the source files +* [ShellCheck](https://www.shellcheck.net) for the code quality checks + +## Installation + +* Simply copy the plugin to your Nagios/Icinga plugin directory +* Use ```make install``` by defining the ```DESTDIR``` and ```MANDIR``` variables with the installation targets. E.g, ```make DESTDIR=/nagios/plugins/dir MANDIR=/nagios/plugins/man/dir install``` diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/Makefile nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/Makefile --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/Makefile 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,102 @@ +PLUGIN=check_ssl_cert +VERSION=`cat VERSION` +DIST_DIR=$(PLUGIN)-$(VERSION) +DIST_FILES=AUTHORS COPYING ChangeLog INSTALL.md Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 +YEAR=`date +"%Y"` +FORMATTED_FILES=test/unit_tests.sh AUTHORS COPYING ChangeLog INSTALL.md Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 .github/workflows/* utils/*.sh +SCRIPTS=check_ssl_cert test/*.sh + +dist: version_check + rm -rf $(DIST_DIR) $(DIST_DIR).tar.gz + mkdir $(DIST_DIR) + cp -r $(DIST_FILES) $(DIST_DIR) +# avoid to include extended attribute data files +# see https://superuser.com/questions/259703/get-mac-tar-to-stop-putting-filenames-in-tar-archives + export COPY_EXTENDED_ATTRIBUTES_DISABLE=1; \ + export COPYFILE_DISABLE=1; \ + tar -c -z -f $(DIST_DIR).tar.gz $(DIST_DIR) && \ + tar -c -j -f $(DIST_DIR).tar.bz2 $(DIST_DIR) + +install: +ifndef DESTDIR + echo "Please define DESTDIR and MANDIR variables with the installation targets" + echo "e.g, make DESTDIR=/nagios/plugins/dir MANDIR=/nagios/plugins/man/dir install" +else + mkdir -p $(DESTDIR) + install -m 755 $(PLUGIN) $(DESTDIR) + mkdir -p ${MANDIR}/man1 + install -m 644 ${PLUGIN}.1 ${MANDIR}/man1/ +endif + +version_check: + grep -q "VERSION\ *=\ *[\'\"]*$(VERSION)" $(PLUGIN) + grep -q "^%define\ version\ *$(VERSION)" $(PLUGIN).spec + grep -q -F -- "- $(VERSION)-" $(PLUGIN).spec + grep -q "\"$(VERSION)\"" $(PLUGIN).1 + grep -q -F "${VERSION}" NEWS + echo "Version check: OK" + +# we check for tabs +# and remove trailing blanks +formatting_check: + ! grep -q '[[:blank:]]$$' $(FORMATTED_FILES) + +remove_blanks: + ./utils/format_files.sh $(FORMATTED_FILES) + +SHFMT= := $(shell command -v shfmt 2> /dev/null) +format: +ifndef SHFMT + echo "No shfmt installed" +else +# -p POSIX +# -w write to file +# -s simplify +# -i 4 indent with 4 spaces + shfmt -p -w -s -i 4 $(SCRIPTS) +endif + +clean: + rm -f *~ + rm -f *.bak + rm -rf rpmroot + +distclean: clean + rm -rf check_ssl_cert-[0-9]* + rm -f *.crt + rm -f *.error + +check: test + +SHELLCHECK := $(shell command -v shellcheck 2> /dev/null) +SHUNIT := $(shell command -v shunit2 2> /dev/null || if [ -x /usr/share/shunit2/shunit2 ] ; then echo /usr/share/shunit2/shunit2 ; fi ) + +distcheck: disttest +disttest: dist formatting_check shellcheck + ./utils/check_documentation.sh + man ./check_ssl_cert.1 > /dev/null + +test: disttest +ifndef SHUNIT + echo "No shUnit2 installed: see README.md" + exit 1 +else + ( export SHUNIT2=$(SHUNIT) && export LC_ALL=C && cd test && ./unit_tests.sh ) +endif + + +shellcheck: +ifndef SHELLCHECK + echo "No shellcheck installed: skipping check" +else + if shellcheck --help 2>&1 | grep -q -- '-o\ ' ; then shellcheck -o all $(SCRIPTS) ; else shellcheck $(SCRIPTS) ; fi +endif + +rpm: dist + mkdir -p rpmroot/SOURCES rpmroot/BUILD + cp $(DIST_DIR).tar.gz rpmroot/SOURCES + rpmbuild --define "_topdir `pwd`/rpmroot" -ba check_ssl_cert.spec + + + +.PHONY: install clean test rpm distclean check diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/NEWS nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/NEWS --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/NEWS 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/NEWS 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,308 @@ +2021-12-15 Version 2.15.0: Error if HTTP/2 is requested but not offered by the server + SSL 2.0 and SSL 3.0 disabled by --all and --all-local +2021-12-10 Version 2.14.0: Added an option --info to print certificate information + Fixed the IPv6 checks when ipconfig is not available + Fixed a bug causing an unnecessary scan when checking for disallowed protocols +2021-11-24 Version 2.13.0: Fixed a bug in the processing of error messages + Handling of root certificates in DER format +2021-11-16 Version 2.12.0: Improved verbose messages +2021-11-11 Version 2.11.0: Several fixes in the documentation + Works with OpenSSL 3.0.0 + Fixes a bug in the processing of certificate issuers containing commas +2021-10-22 Version 2.10.4: Fixes the organization check +2021-10-21 Version 2.10.3: Fixes --rsa on systems not supporting PSS + Uses mktemp if available (the workaround is only used if not available for speed reasons) +2021-10-14 Version 2.10.2: Improved the certificate chain check of local bundles +2021-10-12 Version 2.10.1: Fixed the certificate chain check +2021-10-11 Version 2.10.0: Checks the certificate chain integrity + Does not accept certificates without SANs (use --allow-empty-san to ignore) + Bug fix in the handling of errors while fetching certificates + Allows a check on invalid FQDNs containing an underscore +2021-10-06 Version 2.9.1: Accepts certificates without subject alternative names + Added an option (--debug-time) to print the elapsed time in the debugging output +2021-10-01 Version 2.9.0: The --skip-element option can now be specified multiple times and specifies to skip a single + element of the certificate chain +2021-09-29 Version 2.8.0: Adds a check for acceptable client certificate CAs (--require-client-cert [list]) + Supporting certificate expiration after 2038-01-19 on 32 bit systems + Adds an option (--ignore-connection-problem) to set a custom state in case of connection failures + Adds two options to selectively disable proxy setting for curl and s_client + (--no-proxy-curl and --no-proxy-s_client) +2021-09-24 Version 2.7.0: Critical and warning can now be floating point numbers +2021-09-21 Version 2.6.1: Fixed the output of several messages + Fixed the order of the critical messages + Fixed a problem when checking a local CRL (no STC checks and automatic conversion from DER format) + Fixed a problem with the tests with IPv6 + Fixed a problem when checking a local certificate (does not try to connect to localhost to check for renegotiation) +2021-09-17 Version 2.6.0: Added the --prometheus command line option to generate output for Prometheus/OpenMetrics + Automatically assume localhost if --file is specified +2021-09-16 Version 2.5.2: Bug fix: fixed the output in case or multiple errors +2021-09-15 Version 2.5.1: Bug fix: fixed the detection of server internal errors by OCSP checks +2021-09-15 Version 2.5.0: Added the --ignore-ocsp-errors command line option + Bug fix: fixed the behavior of the --element command line option +2021-08-31 Version 2.4.3: Fixed the connection to the TLS renegotiation on FreeBSD + Detects old BSD date without -f and computes the date with dconv +2021-08-27 Version 2.4.2: Fixed the handling of IP addresses +2021-08-19 Version 2.4.1: Fixed the handling of --file and --cn +2021-08-16 Version 2.4.0: Support DANE TLSA 312 +2021-08-13 Version 2.3.8: Bug fix: fixed the parsing of the --cn command line option + Bug fix: better validation of the host command line argument +2021-07-09 Version 2.3.7: Bug fix: performance data is no more shown by critical and warning message when --no-perf is specified +2021-06-23 Version 2.3.6: Bug fix: follows symbolic links +2021-06-22 Version 2.3.5: Bug fix: correct parsing of file(1) ou +2021-06-18 Version 2.3.4: Stop the SSL Labs checks after an error +2021-06-16 Version 2.3.3: Speedup the offered ciphers check +2021-06-03 Version 2.3.2: Bug fix: always uses the specifies OpenSSL binary and respects the specified IP version +2021-05-28 Version 2.3.1: Compatibility fixes for LibreSSL on macOS + Added sanity checks for file write operations +2021-05-21 Version 2.3.0: Added the --debug-file option +2021-05-07 Version 2.2.0: Bug fix: --debug does not store any information in $TMPDIR anymore + To locally store the retrieved certificates in debug mode the option --debug-cert has to be specified +2021-05-06 Version 2.1.4: Bug fix in the handling of Qualy's SSL Lab command line options +2021-05-05 Version 2.1.3: Bug fix in the Qualy's SSL Lab check of non-reachable machines +2021-04-30 Version 2.1.2: Add domain if FQDN is missing +2021-04-29 Version 2.1.1: Correct handling of subdomains with underscores +2021-04-25 Version 2.1.0: Added an option to hide performance data + Fixed a bug in the critical and warning output when the CN is not available +2021-04-07 Version 2.0.1: Fixed a bug in renegotiation checks with STARTTLS +2021-03-29 Version 2.0.0: Fixed the documentation of various options + The host name must now always match with the certificate + Short options can be grouped (e.g., -vs -c 10 -w 15) + Different verbosity levels can now be specified (-v can be used more than once) + Added the --resolve option to specify a custom IP for the checked host +2021-03-25 Version 1.146.0: Added --all to enable all the optional checks + Fixed a bug in the processing of client certificate requirements + Improved the error handling in case a TLS connection is not possible +2021-03-15 Version 1.145-0: Fix in the parsing of OpenSSL version +2021-03-14 Version 1.144.0: Getting rid of the man dependency +2021-03-12 Version 1.143.0: Better handling of the timeout + Checks ciphers with nmap (--check-ciphers and --check-ciphers-warnings) + Checks all the supplied OCSP URIs +2021-03-10 Version 1.142.0: Improved the TLS renegotiation check + Added --password to specify a password source for PCKS12 certificates +2021-03-09 Version 1.141.0: Do not check SCTs if the certificate is self signed + Fixed the processing of --inetproto + Supports local PCKS #12 and DER formatted certificates +2021-02-25 Version 1.140.0: Fixed a bug in the SCT check +2021-02-24 Version 1.139.0: Fixed a bug in the TLS renegotiation check +2021-02-24 Version 1.138.0: Checks for TLS renegotiation< +2021-02-18 Version 1.137.0: Added the --url option to specify the URL for the HTTP request +2021-02-16 Version 1.136.0: Fixed the signed certificate timestamps spelling (command line option) +2021-01-28 Version 1.135.0: Checks for signed certificate timestamps (SCTs) +2021-01-27 Version 1.134.0: Complete support for Alpine Linux and BusyBox +2021-01-26 Version 1.133.0: Added the --date option to specify the date binary + support for BusyBox date +2021-01-18 Version 1.132.0: Time-outed sub-processes can now be interrupted + Revocation via CRL can be checked with the --crl option + Better error messages for DH with small keys and handshake failures +2021-01-15 Version 1.131.0: OCSP check on all the chain elements +2021-01-14 Version 1.130.0: Retries when SSL Labs has no available slot +2020-12-24 Version 1.129.0: Bug fix in the proxy parameters handling +2020-12-22 Version 1.128.0: Added --no-proxy to ignore proxy settings +2020-12-21 Version 1.127.0: Better handling of certificates without CN in the subject +2020-12-16 Version 1.126.0: Corrected the handling of old nmap versions +2020-12-11 Version 1.125.0: Corrected the handling of the issuer URI +2020-11-31 Version 1.124.0: Bug fix when using a proxy +2020-11-30 Version 1.123.0: Enhancement: option to check the nth element +2020-08-07 Version 1.122.0: Bug fix, --skip-element and --custom-header +2020-07-24 Version 1.121.0: Bug fix release +2020-07-02 Version 1.120.0: MySQL support +2020-07-01 Version 1.119.0: Bug fix release +2020-06-12 Version 1.118.0: Bug fix release +2020-06-09 Version 1.117.0: Fixed a bug in the output (expiration date of chain elements) +2020-06-05 Version 1.116.0: Supports s_client -proxy option +2020-06-04 Version 1.115.0: Checks all the certificates in the chain + New option to check that the issuer does not match a given pattern +2020-05-27 Version 1.114.0: Added an option to specify a proxy +2020-05-19 Version 1.113.0: Fixed a bug with nmap and hosts with IPv6 addresses only +2020-04-07 Version 1.112.0: Timeout for OCSP queries and option to ignore timeout errors and PostgreSQL support +2020-03-09 Version 1.111.0: New option (--not-valid-longer-than) to check if a certificate is valid longer than the + specified number of days +2020-02-17 Version 1.110.0: Added support for xmpp-server in the STARTTLS negotiation +2020-01-07 Version 1.109.0: Option to force HTTP/2 +2019-12-23 Version 1.108.0: Better error message in case of connection refused +2019-12-20 Version 1.107.0: Better error message in case of an invalid host +2019-11-21 Version 1.106.0: Optional checks for protocols that should not be supported +2019-11-04 Version 1.105.0: SMTP connections with -name only with OpenSSL versions supporting it +2019-11-04 Version 1.104.0: Fixed a bug in the SMTP connection +2019-10-31 Version 1.103.0: Fixed a bug with the interpretation of OpenSSL errors +2019-10-25 Version 1.102.0: Option to specify the dig binary and fix in the command line validation checks +2019-10-22 Version 1.101.0: Fixed a bug printing both a critical and a warning message when both condition match +2019-10-18 Version 1.100.0: Fixed a bug ignoring --dane without parameters +2019-10-16 Version 1.99.0: DNS-based Authentication of Named Entities (DANE) checks +2019-10-10 Version 1.98.0: Bug fix release: A wildcard certificate does not match the 'main' domain, ciphers and TLS 1.3 +2019-10-09 Version 1.97.0: Validate OCSP stapling expiring date, option to disable TLS 1.3 +2019-09-25 Version 1.96.0: Bug fixes +2019-09-24 Version 1.95.0: Bug fixes +2019-09-24 Version 1.94.0: Several bugs fixed +2019-09-24 Version 1.93.0: Fixed a bug in the processing of the SSL Labs options +2019-09-24 Version 1.92.0: Bug fix in the OCSP check +2019-09-23 Version 1.91.0: Various minor improvements and fixes +2019-09-19 Version 1.90.0: Bug fix, did not always print all the detected errors +2019-08-22 Version 1.89.0: Prints all the errors +2019-08-09 Version 1.88.0: Add an option to force IPv4 or IPv6 +2019-08-08 Version 1.87.0: LDAPS support +2019-07-21 Version 1.86.0: Fixed a bug and enabled extended regex search +2019-06-02 Version 1.85.0: Improved the warnings when using the --file option +2019-03-28 Version 1.84.0: Added an option to specify the curl user agent +2019-03-01 Version 1.83.0: Spelling corrections +2019-02-08 Version 1.82.0: Added a check on the readability of the certificate file +2019-02-01 Version 1.81.0: Added an option to specify a warning level with SSL Labs +2019-01-16 Version 1.80.1: Fixed a problem on systems not supporting echo -e +2018-12-24 Version 1.80.0: Better output in case of errors while using SNI +2018-12-10 Version 1.79.0: Differentiate between IMAP on port 143 and IMAPS on port 993 + Fixed a vulnerability in the parsing of the certificate issuer +2018-11-07 Version 1.78.0: Bug fixes in IMAP and HTTP requests +2018-11-05 Version 1.77.0: CA file and directory support +2018-10-19 Version 1.76.0: Sends a correct HTTP request +2018-10-18 Version 1.75.0: Allow to specify a client certificate key +2018-10-15 Version 1.74.0: Fixed a bug generating a confusing error message on timeout +2018-09-10 Version 1.73.0: Fixed a bug in the cleanup of temporary files, fixed a bug with certificates without OCSP + Fixed tests with more reliable hosts + Allows to check against all the issuers in the CA chain + Fixed a bug with --long-output on Linux + Fixed the validation of --critical and --warning +2018-07-01 Version 1.72.0: Corrected a bug introduced in 1.71.0: remove temporary files +2018-07-01 Version 1.71.0: Corrected a bug introduced in 1.70.0: wrong exit codes +2018-06-28 Version 1.70.0: Improved the management of temporary files +2018-06-25 Version 1.69.0: Added an option to require OCSP stapling +2018-04-29 Version 1.68.0: Removed the SNI name check +2018-04-17 Version 1.67.0: Terse output, warning if the specified server name is not found in the certificate and --format option +2018-04-06 Version 1.66.0: UTF-8 output +2018-03-29 Version 1.65.0: Bug fix release +2018-03-28 Version 1.64.0: Remove curl dependency +2018-03-17 Version 1.63.0: Support for TLS 1.3 +2018-03-06 Version 1.62.0: Support for LibreSSL +2018-01-19 Version 1.61.0: Fixed a bug handling more than one OCSP host +2017-12-15 Version 1.60.0: Fixed a bug related to XMPP introduced in the last version +2017-12-14 Version 1.59.0: Added an option to specify the 'to' attribute of the XMPP stream element +2017-11-29 Version 1.58.0: Support for DER encoded CRL files +2017-11-28 Version 1.57.0: Added --fingerprint to check the SHA1 fingerprint of the certificate +2017-11-17 Version 1.56.0: Added support for -xmpphost if available +2017-11-16 Version 1.55.0: Fixed XMPP support and IPv6 addresses as host +2017-09-19 Version 1.54.0: With the -f command line option, you can also specify a certificate revocation list (CRL) +2017-09-10 Version 1.53.0: The timeout is applied to OCSP checks +2017-09-09 Version 1.52.0: The SAN requirement check is now optional +2017-07-28 Version 1.51.0: Use openssl s_client's -help option to test for SNI support +2017-07-24 Version 1.50.0: Fix in the Common Name parsing +2017-07-17 Version 1.49.0: Support for OpenSSL 1.1 +2017-06-22 Version 1.48.0: Checks for missing subjectAlternativeName extension (https://support.google.com/chrome/a/answer/7391219?hl=en) +2017-06-15 Version 1.47.0: Fixed an issue with OCSP URI with protocols other than HTTP or HTTPS +2017-05-15 Version 1.46.0: Fixed a problem with the detection of OCSP URLs +2017-05-02 Version 1.45.0: Fixed bugs in the date computation and OCSP checks +2017-04-28 Version 1.44.0: Fixed a bug occurring when more than one issuer URI is present +2017-03-07 Version 1.43.0: Support for LDAP +2017-02-16 Version 1.42.0: Support for OpenSSL > 1.1.0 +2017-02-10 Version 1.41.0: Added --sni to specify the server name +2017-02-08 Version 1.40.0: Changed the CN output when --altnames is used +2017-02-02 Version 1.39.0: Fixed a bug related to SNI +2017-02-02 Version 1.38.2: Fixed a bug in the command line argument parsing +2017-01-29 Version 1.38.1: Small corrections in the documentation +2017-01-28 Version 1.38.0: Added support for wildcards in alternative names and caching of the issuer certificate +2016-12-23 Version 1.37.0: Added a patch to specify multiple CNs +2016-12-13 Version 1.36.2: fixed a minor problem with --debug +2016-12-06 Version 1.36.1: fixed a problem when specifying a CN beginning with * +2016-12-04 Version 1.36.0: fixed problem when file is returning PEM certificate on newer + Linux distributions + added an option to specify the location of the file utility +2016-10-18 Version 1.35.0: added support for the selection of the cipher authentication +2016-09-19 Version 1.34.0: added proxy support for the OCSP checks (thanks to Leynos) +2016-08-04 Version 1.33.0: disabling OCSP checks when no issuer URI is found +2016-07-29 Version 1.32.0: added support for date with timestamp calculation and + fixed case sensitive comparison of CN +2016-07-12 Version 1.31.0 Fixed the parsing of the CN field +2016-06-30 Version 1.30.0 OCSP check is fixed and enabled by default +2016-06-15 Version 1.29.0 New option to clear the cached value at SSL Labs + IRC support +2016-06-01 Version 1.28.0 Increased control over which SSL/TLS versions to use +2016-03-29 Version 1.27.0 Fixes a bug in the OpenSSL error parsing +2016-03-29 Version 1.26.0 Fixes a bug in wildcard match +2016-03-21 Version 1.25.0 Fixes a bug on CN parsing on non-GNU systems + Handle wildcard certificates +2016-03-09 Version 1.24.0 Waits for SSL Labs Results +2016-03-07 Version 1.23.0 Supports SNI even when not checking CN and does not + issue a critical when SSL Labs is still checking a host +2016-03-03 Version 1.22.0 Initial support for SSL Labs checks + Support for UTF output (thanks to Konstantin Shalygin) +2016-03-01 Version 1.21.0 Fixed a bug which prevented the check on the expiration date +2016-02-26 Version 1.20.0 Added debugging output (-d or --debug) + Improved the handling of OpenSSL error messages + Does not stop the validation if the server requires a + client certificate +2016-02-25 Version 1.19.0 Added a check for certificates signed with SHA-1 or MD5 + Added an option to disable the expiration date check +2015-10-31 Version 1.18.0 Added an option to check the certificate's serial number + (thanks to Milan Koudelka) +2015-10-20 Version 1.17.2 Fixed a bug with OCSP +2015-04-07 Version 1.17.1 Fixed the check on the openssl binary +2014-10-21 Version 1.17.0 Added an option to check revocation via OCSP +2014-06-06 Version 1.16.2 Fixed a problem with -servername when -n was not specified +2014-02-28 Version 1.16.1 Added a Make target for the RPM package +2013-12-23 Version 1.16.0 Added an option to force TLS version 1 +2013-07-29 Version 1.15.0 Added an option to force a certain SSL version (thanks + to Max Winterstein) +2013-05-12 Version 1.14.6 Added XMPP and timeout support (thanks to Christian + Ruppert and Robin H. Johnson) +2013-03-02 Version 1.14.5 Fixed a bug occurring with TLS and multiple names in + the certificate +2012-12-07 Version 1.14.4 Fixed a bug causing -N to always compare the CN + with 'localhost' +2012-09-19 Version 1.14.3 Improved the error message in case of a failure in + the certificate download +2012-07-13 Version 1.14.2 Added the name since or to expiration in the plugin + output. +2012-07-11 Version 1.14.1 Fixed a bug with Perl date computation on some systems +2012-07-06 Version 1.14.0 The status now includes performance data in days until + expiration (requires Perl with Date::Parse). + It is now possible to print additional information in + the plugins long output (multi-line, Nagios 3 only) +2012-04-05 Version 1.13.0 The plugin will now try to fetch the certificate without + without TLS extensions in case of error +2012-04-04 Version 1.12.0 Fixed a bug in the chain verification (hard coded + error number) +2011-10-22 Version 1.11.0 --altname option +2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenticate + using a client certificate +2011-03-10 Version 1.9.1 Allows HTTP as protocol and fixes -N with wildcards +2011-01-24 Version 1.9.0 Added an option to specify the openssl executable +2010-12-16 Version 1.8.1 Fixed bugs with environment bleeding & shell globbing +2010-12-08 Version 1.8.0 Added support for TLS servername extension in + ClientHello +2010-10-28 Version 1.7.7 Fixed a bug in the signal specification introduced + in 1.7.6 +2010-10-28 Version 1.7.6 Better temporary file clean up (thanks to Lawren + Quigley-Jones) +2010-10-14 Version 1.7.5 Applied a patch from Yannick Gravel fixing the test + order +2010-10-01 Version 1.7.4 Applied a patch from Lawren Quigley-Jones adding the + -A option +2010-09-15 Version 1.7.3 Fixed a bug in the option processing +2010-08-26 Version 1.7.2 Removes useless use of cat, better test for expect + utility +2010-08-26 Version 1.7.1 Replaces "-verify 6" which was erroneously removed in + the previous version +2010-08-26 Version 1.7.0 Overloaded --rootcert option to allow -CApath as well + as -CAfile +2010-07-21 Version 1.6.1 Added an option to specify where to temporarily + store the certificate +2010-07-09 Version 1.6.0 Added long command line options and substituted + -days with --critical and --warning +2010-07-07 Version 1.5.2 Added the -f option to check a local file +2010-07-01 Version 1.5.1 Fixed the plugin output +2010-03-11 Version 1.4.4 Fixed bug #64 (== bashism) +2010-03-09 Version 1.4.3 -N and -n options to compare the CN to an hostname +2009-12-02 Version 1.4.2 the -i ISSUER option now checks if the O= or the + CN= fields of the root certificate match +2009-11-30 Version 1.4.1 -r to specify the root cert to be used for + verification +2009-11-30 Version 1.4.0 certificate chain verification +2009-03-30 Version 1.3.0 -P option to check TLS certificates + (SMTP, FTP, POP3, ...) +2008-05-13 Version 1.2.2 include the CN in the messages (D. Wallis) +2008-02-25 Version 1.2.1 better error handling +2008-02-25 Version 1.2.0 general cleanup (POSIX compliance, removed + nmap dependency, ...) from Dan Wallis +2007-08-31 Version 1.1.0 - option to enforce a given email address + - option to enforce a given organization + - temporary files cleanup upon exit +2007-08-15 Version 1.0.1 Bug fix: openssl did not close the connection cleanly +2007-08-10 Version 1.0.0 First release (1.0) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/pull_request_template.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/pull_request_template.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/pull_request_template.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/pull_request_template.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,7 @@ +Fixes # + +## Proposed Changes + + - + - + - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/README.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/README.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/README.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/README.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,320 @@ + + © Matteo Corti, ETH Zurich, 2007-2012 + + © Matteo Corti, 2007-2021 + see AUTHORS for the complete list of contributors + +# check\_ssl\_cert + +A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection + +## Usage + +``` +Usage: check_ssl_cert -H host [OPTIONS] + check_ssl_cert -f file [OPTIONS] + +Arguments: + -f,--file file local file path (works with -H localhost + only) with -f you can not only pass a x509 + certificate file but also a certificate + revocation list (CRL) to check the + validity period + -H,--host host server + +Options: + -A,--noauth ignore authority warnings (expiration + only) + --all enables all the possible optional checks + at the maximum level + --all-local enables all the possible optional checks + at the maximum level (without SSL-Labs) + --allow-empty-san allow certificates without Subject + Alternative Names (SANs) + -C,--clientcert path use client certificate to authenticate + -c,--critical days minimum number of days a certificate has + to be valid to issue a critical status. + Can be a floating point number, e.g., 0.5 + Default: 15 + --check-ciphers grade checks the offered ciphers + --check-ciphers-warnings critical if nmap reports a warning for an + offered cipher + --check-ssl-labs-warn grade SSL Labs grade on which to warn + --clientpass phrase set passphrase for client certificate. + --crl checks revocation via CRL (requires + --rootcert-file) + --curl-bin path path of the curl binary to be used + --curl-user-agent string user agent that curl shall use to obtain + the issuer cert + --custom-http-header string custom HTTP header sent when getting the + cert example: 'X-Check-Ssl-Cert: Foobar=1' + -d,--debug produces debugging output (can be + specified more than once) + --dane verify that valid DANE records exist + (since OpenSSL 1.1.0) + --dane 211 verify that a valid DANE-TA(2) SPKI(1) + SHA2-256(1) TLSA record exists + --dane 301 verify that a valid DANE-EE(3) Cert(0) + SHA2-256(1) TLSA record exists + --dane 302 verify that a valid DANE-EE(3) Cert(0) + SHA2-512(2) TLSA record exists + --dane 311 verify that a valid DANE-EE(3) SPKI(1) + SHA2-256(1) TLSA record exists + --dane 312 verify that a valid DANE-EE(3) + SPKI(1) SHA2-512(1) TLSA record exists + --date path path of the date binary to be used + --debug-cert stores the retrieved certificates in the + current directory + --debug-file file writes the debug messages to file + --debug-time writes timing information in the + debugging output + --dig-bin path path of the dig binary to be used + -e,--email address pattern to match the email address + contained in the certificate + --ecdsa signature algorithm selection: force ECDSA + certificate + --element number checks up to the N cert element from the + beginning of the chain + --file-bin path path of the file binary to be used + --fingerprint SHA1 pattern to match the SHA1-Fingerprint + --first-element-only verify just the first cert element, not + the whole chain + --force-dconv-date force the usage of dconv for date + computations + --force-perl-date force the usage of Perl for date + computations + --format FORMAT format output template on success, for + example: %SHORTNAME% OK %CN% from + %CA_ISSUER_MATCHED% + -h,--help,-? this help message + --http-use-get use GET instead of HEAD (default) for the + HTTP related checks + -i,--issuer issuer pattern to match the issuer of the + certificate + --ignore-altnames ignores alternative names when matching + pattern specified in -n (or the host name) + --ignore-connection-problems [state] in case of connection problems + returns OK or the optional state + --ignore-exp ignore expiration date + --ignore-host-cn do not complain if the CN does not match + the host name + --ignore-incomplete-chain does not check chain integrity + --ignore-ocsp do not check revocation with OCSP + --ignore-ocsp-errors continue if the OCSP status cannot be + checked + --ignore-ocsp-timeout ignore OCSP result when timeout occurs + while checking + --ignore-sct do not check for signed certificate + timestamps (SCT) + --ignore-sig-alg do not check if the certificate was signed + with SHA1 or MD5 + --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L) + --ignore-tls-renegotiation Ignores the TLS renegotiation check + --inetproto protocol Force IP version 4 or 6 + --info Prints certificate information + --issuer-cert-cache dir directory where to store issuer + certificates cache + -K,--clientkey path use client certificate key to authenticate + -L,--check-ssl-labs grade SSL Labs assessment (please check + https://www.ssllabs.com/about/terms.html) + --long-output list append the specified comma separated (no + spaces) list of attributes to the plugin + output on additional lines + Valid attributes are: + enddate, startdate, subject, issuer, + modulus, serial, hash, email, ocsp_uri + and fingerprint. + 'all' will include all the available + attributes. + -n,--cn name pattern to match the CN of the certificate + (can be specified multiple times) + --nmap-bin path path of the nmap binary to be used + --no-perf do not show performance data + --no-proxy ignores the http_proxy and https_proxy + environment variables + --no-proxy-curl ignores the http_proxy and https_proxy + environment variables for curl + --no-proxy-s_client ignores the http_proxy and https_proxy + environment variables for openssl s_client + --no-ssl2 disable SSL version 2 + --no-ssl3 disable SSL version 3 + --no-tls1 disable TLS version 1 + --no-tls1_1 disable TLS version 1.1 + --no-tls1_2 disable TLS version 1.2 + --no-tls1_3 disable TLS version 1.3 + --not-issued-by issuer check that the issuer of the certificate + does not match the given pattern + --not-valid-longer-than days critical if the certificate validity is + longer than the specified period + -o,--org org pattern to match the organization of the + certificate + --ocsp-critical hours minimum number of hours an OCSP response + has to be valid to issue a critical status + --ocsp-warning hours minimum number of hours an OCSP response + has to be valid to issue a warning status + --openssl path path of the openssl binary to be used + -p,--port port TCP port + -P,--protocol protocol use the specific protocol: + ftp, ftps, http, https (default), + h2 (HTTP/2), imap, imaps, irc, ircs, ldap, + ldaps, mysql, pop3, pop3s, postgres, + sieve, smtp, smtps, xmpp, xmpp-server. + ftp, imap, irc, ldap, pop3, postgres, + sieve, smtp: switch to TLS using StartTLS + --password source password source for a local certificate, + see the PASS PHRASE ARGUMENTS section + openssl(1) + --prometheus generates Prometheus/OpenMetrics output + --proxy sets http_proxy and the s_client -proxy + -r,--rootcert path root certificate or directory to be used + for certificate validation + --require-client-cert [list] the server must accept a client + certificate. 'list' is an optional comma + separated list of expected client + certificate CAs + --require-no-ssl2 critical if SSL version 2 is offered + --require-no-ssl3 critical if SSL version 3 is offered + --require-no-tls1 critical if TLS 1 is offered + --require-no-tls1_1 critical if TLS 1.1 is offered + --require-ocsp-stapling require OCSP stapling + --resolve ip provides a custom IP address for the + specified host + --rootcert-dir path root directory to be used for certificate + validation + --rootcert-file path root certificate to be used for + certificate validation + --rsa signature algorithm selection: force RSA + certificate + -s,--selfsigned allows self-signed certificates + --serial serialnum pattern to match the serial number + --skip-element number skips checks on the Nth cert element (can + be specified multiple times) + --sni name sets the TLS SNI (Server Name Indication) + extension in the ClientHello message to + 'name' + --ssl2 force SSL version 2 + --ssl3 force SSL version 3 + -t,--timeout seconds timeout after the specified time + (defaults to 120 seconds) + --temp dir directory where to store the temporary + files + --terse terse output + --tls1 force TLS version 1 + --tls1_1 force TLS version 1.1 + --tls1_2 force TLS version 1.2 + --tls1_3 force TLS version 1.3 + -u,--url URL HTTP request URL + -v,--verbose verbose output (can be specified more than + once) + -V,--version version + -w,--warning days minimum number of days a certificate has + to be valid to issue a warning status. + Can be a floating point number, e.g., 0.5 + Default: 20 + --xmpphost name specifies the host for the 'to' attribute + of the stream element + -4 force IPv4 + -6 force IPv6 + +Deprecated options: + --altnames matches the pattern specified in -n with + alternate names too (enabled by default) + --days days minimum number of days a certificate has + to be valid + (see --critical and --warning) + -N,--host-cn match CN with the host name + (enabled by default) + --no_ssl2 disable SSLv2 (deprecated use --no-ssl2) + --no_ssl3 disable SSLv3 (deprecated use --no-ssl3) + --no_tls1 disable TLSv1 (deprecated use --no-tls1) + --no_tls1_1 disable TLSv1.1 (deprecated use + --no-tls1_1) + --no_tls1_2 disable TLSv1.1 (deprecated use + --no-tls1_2) + --no_tls1_3 disable TLSv1.1 (deprecated use + --no-tls1_3) + --ocsp check revocation via OCSP (enabled by + default) + --require-san require the presence of a Subject + Alternative Name + extension + -S,--ssl version force SSL version (2,3) + (see: --ssl2 or --ssl3) + +Report bugs to https://github.com/matteocorti/check_ssl_cert/issues +``` + +## Expect & timeout + +check\_ssl\_cert requires [```expect```](http://en.wikipedia.org/wiki/Expect) or [```timeout```](https://man7.org/linux/man-pages/man1/timeout.1.html) to enable timeouts. If ```expect``` or ```timeout``` are not present on your system timeouts will be disabled. + +## Virtual servers + +check\_ssl\_cert supports the servername TLS extension in ClientHello +if the installed OpenSSL version provides it. This is needed if you +are checking a server with virtual hosts. + +## SSL Labs + +If `-L` or `--check-ssl-labs` are specified the plugin will check the +cached status using the [SSL Labs Assessment API](https://www.ssllabs.com/about/terms.html). + +The plugin will ask for a cached result (maximum age 1 day) to avoid +too many checks. The first time you issue the check you could therefore +get an outdated result. + +## Root Certificate + +The root certificate corresponding to the checked certificate must be +available to OpenSSL or specified with the `-r cabundle` or +`--rootcert cabundle` option, where ```cabundle``` is either a file for `-CAfile` +or a directory for `-CApath`. + +On macOS the root certificates bundle is stored in the Keychain and +OpenSSL will complain with: + +``` +verification error: unable to get local issuer certificate +``` + +The bundle can be extracted with: + +``` +$ sudo security find-certificate -a \ + -p /System/Library/Keychains/SystemRootCertificates.keychain > cabundle.crt +``` + +and then submitted to `check_ssl_cert` with the `-r,--rootcert path` option + +``` + ./check_ssl_cert -H www.google.com -r ./cabundle.crt +``` + +## Quoting in Nagios + +An asterisk ```*``` is automatically escaped by nagios. If you need to specify an option (e.g., ```--cn```) with an argument containing an asterisk you need to enclose it in double quotes (e.g., ```''*.github.com''```) + +## Development + +### Testing + +To run the test suite you will need [shUnit2](https://github.com/kward/shunit2) + + * Manual install: [github](https://github.com/kward/shunit2) + * macOS with [Homebrew](https://brew.sh): ```brew install shunit2``` + * Debian, Ubuntu: ```apt-get install shunit2``` + * Fedora: ```dnf install shunit2``` + +Run ```make test``` to execute the whole test suite. + +With ```make disttest``` you can check the formatting of the files (e.g. tabs and blanks at the end of the lines) and run ShellCheck to lint the scripts. + +To run a single test: + + * set the ```SHUNIT2``` environment variable with the location of the shUnit2 binary + * change the directory to the test suite: ```cd test``` + * execute the test suite with the tests to be run as argument after ```--```. For example ```./unit_tests.sh -- testName``` + +## Bugs + +Report bugs to [https://github.com/matteocorti/check_ssl_cert/issues](https://github.com/matteocorti/check_ssl_cert/issues) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/RELEASE_NOTES.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/RELEASE_NOTES.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/RELEASE_NOTES.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/RELEASE_NOTES.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,2 @@ + * Error if HTTP/2 is requested but not offered by the server + * SSL 2.0 and SSL 3.0 disabled by ```--all``` and ```--all-local``` diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/SECURITY.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/SECURITY.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/SECURITY.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/SECURITY.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +Please contact the [matteo@corti.li](mailto:matteo@corti.li) directly diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cabundle.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cabundle.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cabundle.crt 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cabundle.crt 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,4355 @@ +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjEN +MAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQw +ODA1NDZaFw0yNTA4MjQwODA1NDZaMGQxCzAJBgNVBAYTAktSMQ0wCwYDVQQKDARL +SVNBMS4wLAYDVQQLDCVLb3JlYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBDZW50 +cmFsMRYwFAYDVQQDDA1LSVNBIFJvb3RDQSAxMIIBIDANBgkqhkiG9w0BAQEFAAOC +AQ0AMIIBCAKCAQEAvATk+hM58DSWIGtsaLv623f/J/es7C/n/fB/bW+MKs0lCVsk +9KFo/CjsySXirO3eyDOE9bClCTqnsUdIxcxPjHmc+QZXfd3uOPbPFLKc6tPAXXdi +8EcNuRpAU1xkcK8IWsD3z3X5bI1kKB4g/rcbGdNaZoNy4rCbvdMlFQ0yb2Q3lIVG +yHK+d9VuHygvx2nt54OJM1jT3qC/QOhDUO7cTWu8peqmyGGO9cNkrwYV3CmLP3WM +vHFE2/yttRcdbYmDz8Yzvb9Fov4Kn6MRXw+5H5wawkbMnChmn3AmPC7fqoD+jMUE +CSVPzZNHPDfqAmeS/vwiJFys0izgXAEzisEZ2wIBA6MyMDAwHQYDVR0OBBYEFL+2 +J9gDWnZlTGEBQVYx5Yt7OtnMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADggEBABOvUQveimpb5poKyLGQSk6hAp3MiNKrZr097LuxQpVqslxa/6FjZJap +aBV/JV6K+KRzwYCKhQoOUugy50X4TmWAkZl0Q+VFnUkq8JSV3enhMNITbslOsXfl +BM+tWh6UCVrXPAgcrnrpFDLBRa3SJkhyrKhB2vAhhzle3/xk/2F0KpzZm4tfwjeT +2KM3LzuTa7IbB6d/CVDv0zq+IWuKkDsnSlFOa56ch534eJAx7REnxqhZvvwYC/uO +fi5C4e3nCSG9uRPFVmf0JqZCQ5BEVLRxm3bkGhKsGigA35vB1fjbXKP4krG9tNT5 +UNkAAk/bg9ART6RCVmE6fhMy04Qfybo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD +QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD +VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU +IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm +CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ +ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq +WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u +loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 +lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ +BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv +Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt +YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v +Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN +BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf +jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg +t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv +m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN +h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln +tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIIAeDltYNno+AwDQYJKoZIhvcNAQEMBQAwZzEbMBkGA1UE +AwwSQXBwbGUgUm9vdCBDQSAtIEcyMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMw +HhcNMTQwNDMwMTgxMDA5WhcNMzkwNDMwMTgxMDA5WjBnMRswGQYDVQQDDBJBcHBs +ZSBSb290IENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBANgREkhI2imKScUcx+xuM23+TfvgHN6s +XuI2pyT5f1BrTM65MFQn5bPW7SXmMLYFN14UIhHF6Kob0vuy0gmVOKTvKkmMXT5x +ZgM4+xb1hYjkWpIMBDLyyED7Ul+f9sDx47pFoFDVEovy3d6RhiPw9bZyLgHaC/Yu +OQhfGaFjQQscp5TBhsRTL3b2CtcM0YM/GlMZ81fVJ3/8E7j4ko380yhDPLVoACVd +J2LT3VXdRCCQgzWTxb+4Gftr49wIQuavbfqeQMpOhYV4SbHXw8EwOTKrfl+q04tv +ny0aIWhwZ7Oj8ZhBbZF8+NfbqOdfIRqMM78xdLe40fTgIvS/cjTf94FNcX1RoeKz +8NMoFnNvzcytN31O661A4T+B/fc9Cj6i8b0xlilZ3MIZgIxbdMYs0xBTJh0UT8TU +gWY8h2czJxQI6bR3hDRSj4n4aJgXv8O7qhOTH11UL6jHfPsNFL4VPSQ08prcdUFm +IrQB1guvkJ4M6mL4m1k8COKWNORj3rw31OsMiANDC1CvoDTdUE0V+1ok2Az6DGOe +HwOx4e7hqkP0ZmUoNwIx7wHHHtHMn23KVDpA287PT0aLSmWaasZobNfMmRtHsHLD +d4/E92GcdB/O/WuhwpyUgquUoue9G7q5cDmVF8Up8zlYNPXEpMZ7YLlmQ1A/bmH8 +DvmGqmAMQ0uVAgMBAAGjQjBAMB0GA1UdDgQWBBTEmRNsGAPCe8CjoA1/coB6HHcm +jTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQwF +AAOCAgEAUabz4vS4PZO/Lc4Pu1vhVRROTtHlznldgX/+tvCHM/jvlOV+3Gp5pxy+ +8JS3ptEwnMgNCnWefZKVfhidfsJxaXwU6s+DDuQUQp50DhDNqxq6EWGBeNjxtUVA +eKuowM77fWM3aPbn+6/Gw0vsHzYmE1SGlHKy6gLti23kDKaQwFd1z4xCfVzmMX3z +ybKSaUYOiPjjLUKyOKimGY3xn83uamW8GrAlvacp/fQ+onVJv57byfenHmOZ4VxG +/5IFjPoeIPmGlFYl5bRXOJ3riGQUIUkhOb9iZqmxospvPyFgxYnURTbImHy99v6Z +SYA7LNKmp4gDBDEZt7Y6YUX6yfIjyGNzv1aJMbDZfGKnexWoiIqrOEDCzBL/FePw +N983csvMmOa/orz6JopxVtfnJBtIRD6e/J/JzBrsQzwBvDR4yGn1xuZW7AYJNpDr +FEobXsmII9oDMJELuDY++ee1KG++P+w8j2Ud5cAeh6Squpj9kuNsJnfdBrRkBof0 +Tta6SqoWqPQFZ2aWuuJVecMsXUmPgEkrihLHdoBR37q9ZV0+N0djMenl9MU/S60E +inpxLK8JQzcPqOMyT/RFtm2XNuyE9QoB6he7hY1Ck3DDUOUUi78/w0EP3SIEIwiK +um1xRKtzCTrJ+VKACd+66eYWyi4uTLLT3OUEVLLUNIAytbwPF+E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW +MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1 +OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG +A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ +JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD +vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo +D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/ +Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW +RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK +HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN +nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM +0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i +UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9 +Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg +TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL +BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K +2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX +UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl +6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK +9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ +HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI +wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY +XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l +IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo +hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr +so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz +MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N +IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 +bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE +RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO +zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 +bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF +MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 +VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC +OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW +tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ +q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb +EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ +Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O +VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL +ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx +MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc +MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ +AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH +iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj +vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA +0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB +OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ +BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E +FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 +GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW +zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 +1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE +f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F +jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN +ZetX2fNXlrtIzYE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICQzCCAcmgAwIBAgIILcX8iNLFS5UwCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwS +QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN +MTQwNDMwMTgxOTA2WhcNMzkwNDMwMTgxOTA2WjBnMRswGQYDVQQDDBJBcHBsZSBS +b290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABJjpLz1AcqTtkyJygRMc3RCV8cWjTnHcFBbZDuWmBSp3ZHtf +TjjTuxxEtX/1H7YyYl3J6YRbTzBPEVoA/VhYDKX1DyxNB0cTddqXl5dvMVztK517 +IDvYuVTZXpmkOlEKMaNCMEAwHQYDVR0OBBYEFLuw3qFYM4iapIqZ3r6966/ayySr +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gA +MGUCMQCD6cHEFl4aXTQY2e3v9GwOAEZLuN+yRhHFD/3meoyhpmvOwgPUnPWTxnS4 +at+qIxUCMG1mihDK1A3UT82NQz60imOlM27jbdoXt2QfyFMm+YhidDkLF1vLUagM +6BgD56KyKA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEBDCCAuygAwIBAgIIGHqpqMKWIQwwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTEy +MDIwMTIyMTIxNVoXDTI3MDIwMTIyMTIxNVoweTEtMCsGA1UEAwwkRGV2ZWxvcGVy +IElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQLDB1BcHBsZSBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UE +BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJdk8GW5pB7qUj +KwKjX9dzP8A1sIuECj8GJH+nlT/rTw6Tr7QO0Mg+5W0Ysx/oiUe/1wkI5P9WmCkV +55SduTWjCs20wOHiYPTK7Cl4RWlpYGtfipL8niPmOsIiszFPHLrytjRZQu6wqQID +GJEEtrN4LjMfgEUNRW+7Dlpbfzrn2AjXCw4ybfuGNuRsq8QRinCEJqqfRNHxuMZ7 +lBebSPcLWBa6I8WfFTl+yl3DMl8P4FJ/QOq+rAhklVvJGpzlgMofakQcbD7EsCYf +Hex7r16gaj1HqVgSMT8gdihtHRywwk4RaSaLy9bQEYLJTg/xVnTQ2QhLZniiq6yn +4tJMh1nJAgMBAAGjgaYwgaMwHQYDVR0OBBYEFFcX7aLP3HyYoRDg/L6HLSzy4xdU +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/ +CF4wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5j +cmwwDgYDVR0PAQH/BAQDAgGGMBAGCiqGSIb3Y2QGAgYEAgUAMA0GCSqGSIb3DQEB +CwUAA4IBAQBCOXRrodzGpI83KoyzHQpEvJUsf7xZuKxh+weQkjK51L87wVA5akR0 +ouxbH3Dlqt1LbBwjcS1f0cWTvu6binBlgp0W4xoQF4ktqM39DHhYSQwofzPuAHob +tHastrW7T9+oG53IGZdKC1ZnL8I+trPEgzrwd210xC4jUe6apQNvYPSlSKcGwrta +4h8fRkV+5Jf1JxC3ICJyb3LaxlB1xT0lj12jAOmfNoxIOY+zO+qQgC6VmmD0eM70 +DgpTPqL6T9geroSVjTK8Vk2J6XgY4KyaQrp6RhuEoonOFOiI0ViL9q5WxCwFKkWv +C9lLqQIPNKyIx2FViUTJJ3MH7oLlTvVw +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD +6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o +ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH +w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn +r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP +N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX +tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP +4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q +dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz +5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA +DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 +0jPg/73RVDkpDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID+TCCAuGgAwIBAgIQW1fXqEywr9nTb0ugMbTW4jANBgkqhkiG9w0BAQUFADB5 +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xKjAoBgNVBAMTIVZpc2EgSW5m +b3JtYXRpb24gRGVsaXZlcnkgUm9vdCBDQTAeFw0wNTA2MjcxNzQyNDJaFw0yNTA2 +MjkxNzQyNDJaMHkxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRWSVNBMS8wLQYDVQQL +EyZWaXNhIEludGVybmF0aW9uYWwgU2VydmljZSBBc3NvY2lhdGlvbjEqMCgGA1UE +AxMhVmlzYSBJbmZvcm1hdGlvbiBEZWxpdmVyeSBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyREA4R/QkkfpLx0cYjga/EhIPZpchH0MZsRZ +FfP6C2ITtf/Wc+MtgD4yTK0yoiXvni3d+aCtEgK3GDvkdgYrgF76ROJFZwUQjQ9l +x42gRT05DbXvWFoy7dTglCZ9z/Tt2Cnktv9oxKgmkeHY/CyfpCBg1S8xth2JlGMR +0ug/GMO5zANuegZOv438p5Lt5So+du2Gl+RMFQqEPwqN5uJSqAe0VtmB4gWdQ8on +Bj2ZAM2R73QW7UW0Igt2vA4JaSiNtaAG/Y/58VXWHGgbq7rDtNK1R30X0kJV0rGA +ib3RSwB3LpG7bOjbIucV5mQgJoVjoA1e05w6g1x/KmNTmOGRVwIDAQABo30wezAP +BgNVHRMBAf8EBTADAQH/MDkGA1UdIAQyMDAwLgYFZ4EDAgEwJTAVBggrBgEFBQcC +ARYJMS4yLjMuNC41MAwGCCsGAQUFBwICMAAwDgYDVR0PAQH/BAQDAgEGMB0GA1Ud +DgQWBBRPitp2/2d3I5qmgH1924h1hfeBejANBgkqhkiG9w0BAQUFAAOCAQEACUW1 +QdUHdDJydgDPmYt+telnG/Su+DPaf1cregzlN43bJaJosMP7NwjoJY/H2He4XLWb +5rXEkl+xH1UyUwF7mtaUoxbGxEvt8hPZSTB4da2mzXgwKvXuHyzF5Qjy1hOB0/pS +WaF9ARpVKJJ7TOJQdGKBsF2Ty4fSCLqZLgfxbqwMsd9sysXI3rDXjIhekqvbgeLz +PqZr+pfgFhwCCLSMQWl5Ll3u7Qk9wR094DZ6jj6+JCVCRUS3HyabH4OlM0Vc2K+j +INsF/64Or7GNtRf9HYEJvrPxHINxl3JVwhYj4ASeaO4KwhVbwtw94Tc/XrGcexDo +c5lC3rAi4/UZqweYCw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVTCCBD2gAwIBAgIEO/OB0DANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJj +aDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYDVQQLExlD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1BZG1pbi1Sb290LUNB +MB4XDTAxMTExNTA4NTEwN1oXDTIxMTExMDA3NTEwN1owbDELMAkGA1UEBhMCY2gx +DjAMBgNVBAoTBWFkbWluMREwDwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UECxMZQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdGllczEWMBQGA1UEAxMNQWRtaW4tUm9vdC1DQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvgr0QUIv5qF0nyXZ3PXAJi +C4C5Wr+oVTN7oxIkXkxvO0GJToM9n7OVJjSmzBL0zJ2HXj0MDRcvhSY+KiZZc6Go +vDvr5Ua481l7ILFeQAFtumeza+vvxeL5Nd0Maga2miiacLNAKXbAcUYRa0Ov5VZB +++YcOYNNt/aisWbJqA2y8He+NsEgJzK5zNdayvYXQTZN+7tVgWOck16Da3+4FXdy +fH1NCWtZlebtMKtERtkVAaVbiWW24CjZKAiVfggjsiLo3yVMPGj3budLx5D9hEEm +vlyDOtcjebca+AcZglppWMX/iHIrx7740y0zd6cWEqiLIcZCrnpkr/KzwO135GkC +AwEAAaOCAf0wggH5MA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIASBkTCBjjCBiwYI +YIV0AREDAQAwfzArBggrBgEFBQcCAjAfGh1UaGlzIGlzIHRoZSBBZG1pbi1Sb290 +LUNBIENQUzBQBggrBgEFBQcCARZEaHR0cDovL3d3dy5pbmZvcm1hdGlrLmFkbWlu +LmNoL1BLSS9saW5rcy9DUFNfMl8xNl83NTZfMV8xN18zXzFfMC5wZGYwfwYDVR0f +BHgwdjB0oHKgcKRuMGwxFjAUBgNVBAMTDUFkbWluLVJvb3QtQ0ExIjAgBgNVBAsT +GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxETAPBgNVBAsTCFNlcnZpY2VzMQ4w +DAYDVQQKEwVhZG1pbjELMAkGA1UEBhMCY2gwHQYDVR0OBBYEFIKf+iNzIPGXi7JM +Tb5CxX9mzWToMIGZBgNVHSMEgZEwgY6AFIKf+iNzIPGXi7JMTb5CxX9mzWTooXCk +bjBsMQswCQYDVQQGEwJjaDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZp +Y2VzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQD +Ew1BZG1pbi1Sb290LUNBggQ784HQMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B +AQUFAAOCAQEAeE96XCYRpy6umkPKXDWCRn7INo96ZrWpMggcDORuofHIwdTkgOeM +vWOxDN/yuT7CC3FAaUajbPRbDw0hRMcqKz0aC8CgwcyIyhw/rFK29mfNTG3EviP9 +QSsEbnelFnjpm1wjz4EaBiFjatwpUbI6+Zv3XbEt9QQXBn+c6DeFLe4xvC4B+MTr +a440xTk59pSYux8OHhEvqIwHCkiijGqZhTS3KmGFeBopaR+dJVBRBMoXwzk4B3Hn +0Zib1dEYFZa84vPJZyvxCbLOnPRDJgH6V2uQqbG+6DXVaf/wORVOvF/wzzv0viM/ +RWbEtJZdvo8N3sdtCULzifnxP/V0T9+4ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat +93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x +Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj +FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG +SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch +p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal +U5ORGpOucGpnutee5WEaXw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB +lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w +HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl +YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE +BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT +eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy +IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn +V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs +ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx ++FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y +KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN +KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB +AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW +tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L +0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 +bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 +Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm +KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ +b/xa5IJVWa8xqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGATCCA+mgAwIBAgIRAI9hcRW6eVgXjH0ROqzW264wDQYJKoZIhvcNAQELBQAw +RTEfMB0GA1UEAxMWQ29tU2lnbiBHbG9iYWwgUm9vdCBDQTEVMBMGA1UEChMMQ29t +U2lnbiBMdGQuMQswCQYDVQQGEwJJTDAeFw0xMTA3MTgxMDI0NTRaFw0zNjA3MTYx +MDI0NTVaMEUxHzAdBgNVBAMTFkNvbVNpZ24gR2xvYmFsIFJvb3QgQ0ExFTATBgNV +BAoTDENvbVNpZ24gTHRkLjELMAkGA1UEBhMCSUwwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQCyKClzKh3rm6n1nvigmV/VU1D4hSwYW2ro3VqpzpPo0Ph3 +3LguqjXd5juDwN4mpxTpD99d7Xu5X6KGTlMVtfN+bTbA4t3x7DU0Zqn0BE5XuOgs +3GLH41Vmr5wox1bShVpM+IsjcN4E/hMnDtt/Bkb5s33xCG+ohz5dlq0gA9qfr/g4 +O9lkHZXTCeYrmVzd/il4x79CqNvGkdL3um+OKYl8rg1dPtD8UsytMaDgBAopKR+W +igc16QJzCbvcinlETlrzP/Ny76BWPnAQgaYBULax/Q5thVU+N3sEOKp6uviTdD+X +O6i96gARU4H0xxPFI75PK/YdHrHjfjQevXl4J37FJfPMSHAbgPBhHC+qn/014DOx +46fEGXcdw2BFeIIIwbj2GH70VyJWmuk/xLMCHHpJ/nIF8w25BQtkPpkwESL6esaU +b1CyB4Vgjyf16/0nRiCAKAyC/DY/Yh+rDWtXK8c6QkXD2XamrVJo43DVNFqGZzbf +5bsUXqiVDOz71AxqqK+p4ek9374xPNMJ2rB5MLPAPycwI0bUuLHhLy6nAIFHLhut +TNI+6Y/soYpi5JSaEjcY7pxI8WIkUAzr2r+6UoT0vAdyOt7nt1y8844a7szo/aKf +woziHl2O1w6ZXUC30K+ptXVaOiW79pBDcbLZ9ZdbONhS7Ea3iH4HJNwktrBJLQID +AQABo4HrMIHoMA8GA1UdEwEB/wQFMAMBAf8wgYQGA1UdHwR9MHswPKA6oDiGNmh0 +dHA6Ly9mZWRpci5jb21zaWduLmNvLmlsL2NybC9jb21zaWduZ2xvYmFscm9vdGNh +LmNybDA7oDmgN4Y1aHR0cDovL2NybDEuY29tc2lnbi5jby5pbC9jcmwvY29tc2ln +bmdsb2JhbHJvb3RjYS5jcmwwDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBQCRZPY +DUhirGm6rgZbPvuqJpFQsTAfBgNVHSMEGDAWgBQCRZPYDUhirGm6rgZbPvuqJpFQ +sTANBgkqhkiG9w0BAQsFAAOCAgEAk1V5V9701xsfy4mfX+tP9Ln5e9h3N+QMwUfj +kr+k3e8iXOqADjTpUHeBkEee5tJq09ZLp/43F5tZ2eHdYq2ZEX7iWHCnOQet6Yw9 +SU1TahsrGDA6JJD9sdPFnNZooGsU1520e0zNB0dNWwxrWAmu4RsBxvEpWCJbvzQL +dOfyX85RWwli81OiVMBc5XvJ1mxsIIqli45oRynKtsWP7E+b0ISJ1n+XFLdQo/Nm +WA/5sDfT0F5YPzWdZymudMbXitimxC+n4oQE4mbQ4Zm718Iwg3pP9gMMcSc7Qc1J +kJHPH9O7gVubkKHuSYj9T3Ym6c6egL1pb4pz/uT7cT26Fiopc/jdqbe2EAfoJZkv +hlp/zdzOoXTWjiKNA5zmgWnZn943FuE9KMRyKtyi/ezJXCh8ypnqLIKxeFfZl69C +BwJsPXUTuqj8Fic0s3aZmmr7C4jXycP+Q8V+akMEIoHAxcd960b4wVWKqOcI/kZS +Q0cYqWOY1LNjznRt9lweWEfwDBL3FhrHOmD4++1N3FkkM4W+Q1b2WOL24clDMj+i +2n9Iw0lc1llHMSMvA5D0vpsXZpOgcCVahfXczQKi9wQ3oZyonJeWx4/rXdMtagAB +VBYGFuMEUEQtybI+eIbnp5peO2WAAblQI4eTy/jMVowe5tfMEXovV3sz9ULgmGb3 +DscLP1I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a +iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt +6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP +0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f +6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE +EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN +1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc +h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT +mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV +4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO +WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd +Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq +hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 +/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS +S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j +2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R +Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr +RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy +6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV +V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 +g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl +++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk +BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4 +Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl +cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0 +aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY +F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N +8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe +rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K +/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu +7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC +28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6 +lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E +nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB +0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09 +5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj +WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN +jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ +KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s +ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM +OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q +619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn +2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj +o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v +nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG +5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq +pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb +dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0 +BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8DCCA9igAwIBAgIPBuhGJy8fCo/RhFzjafbVMA0GCSqGSIb3DQEBBQUAMDgx +CzAJBgNVBAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwKSXpl +bnBlLmNvbTAeFw0wNzEyMTMxMzA4MjdaFw0zNzEyMTMwODI3MjVaMDgxCzAJBgNV +BAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwKSXplbnBlLmNv +bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMnTesoPHqynhugWZWqx +whtFMnGV2f4QW8yv56V5AY+Jw8ryVXH3d753lPNypCxE2J6SmxQ6oeckkAoKVo7F +2CaU4dlI4S0+2gpy3aOZFdqBoof0e24md4lYrdbrDLJBenNubdt6eEHpCIgSfocu +ZhFjbFT7PJ1ywLwu/8K33Q124zrX97RovqL144FuwUZvXY3gTcZUVYkaMzEKsVe5 +o4qYw+w7NMWVQWl+dcI8IMVhulFHoCCQk6GQS/NOfIVFVJrRBSZBsLVNHTO+xAPI +JXzBcNs79AktVCdIrC/hxKw+yMuSTFM5NyPs0wH54AlETU1kwOENWocivK0bo/4m +tRXzp/yEGensoYi0RGmEg/OJ0XQGqcwL1sLeJ4VQJsoXuMl6h1YsGgEebL4TrRCs +tST1OJGh1kva8bvS3ke18byB9llrzxlT6Y0Vy0rLqW9E5RtBz+GGp8rQap+8TI0G +M1qiheWQNaBiXBZO8OOi+gMatCxxs1gs3nsL2xoP694hHwZ3BgOwye+Z/MC5TwuG +KP7Suerj2qXDR2kS4Nvw9hmL7Xtw1wLW7YcYKCwEJEx35EiKGsY7mtQPyvp10gFA +Wo15v4vPS8+qFsGV5K1Mij4XkdSxYuWC5YAEpAN+jb/af6IPl08M0w3719Hlcn4c +yHf/W5oPt64FRuXxqBbsR6QXAgMBAAGjgfYwgfMwgbAGA1UdEQSBqDCBpYEPaW5m +b0BpemVucGUuY29tpIGRMIGOMUcwRQYDVQQKDD5JWkVOUEUgUy5BLiAtIENJRiBB +MDEzMzcyNjAtUk1lcmMuVml0b3JpYS1HYXN0ZWl6IFQxMDU1IEY2MiBTODFDMEEG +A1UECQw6QXZkYSBkZWwgTWVkaXRlcnJhbmVvIEV0b3JiaWRlYSAxNCAtIDAxMDEw +IFZpdG9yaWEtR2FzdGVpejAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUHRxlDqjyJXu0kc/ksbHmvVV0bAUwDQYJKoZIhvcNAQEFBQAD +ggIBAMeBRm8hGE+gBe/n1bqXUKJg7aWSFBpSm/nxiEqg3Hh10dUflU7F57dp5iL0 ++CmoKom+z892j+Mxc50m0xwbRxYpB2iEitL7sRskPtKYGCwkjq/2e+pEFhsqxPqg +l+nqbFik73WrAGLRne0TNtsiC7bw0fRue0aHwp28vb5CO7dz0JoqPLRbEhYArxk5 +ja2DUBzIgU+9Ag89njWW7u/kwgN8KRwCfr00J16vU9adF79XbOnQgxCvv11N75B7 +XSus7Op9ACYXzAJcY9cZGKfsK8eKPlgOiofmg59OsjQerFQJTx0CCzl+gQgVuaBp +E8gyK+OtbBPWg50jLbJtooiGfqgNASYJQNntKE6MkyQP2/EeTXp6WuKlWPHcj1+Z +ggwuz7LdmMySlD/5CbOlliVbN/UShUHiGUzGigjB3Bh6Dx4/glmimj4/+eAJn/3B +kUtdyXvWton83x18hqrNA/ILUpLxYm9/h+qrdslsUMIZgq+qHfUgKGgu1fxkN0/P +pUTEvnK0jHS0bKf68r10OEMr3q/53NjgnZ/cPcqlY0S/kqJPTIAcuxrDmkoEVU3K +7iYLHL8CxWTTnn7S05EcS6L1HOUXHA0MUqORH5zwIe0ClG+poEnK6EOMxPQ02nwi +o8ZmPrgbBYhdurz3vOXcFD2nhqi2WVIhA16L4wTtSyoeo09Q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX +DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP +cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW +IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX +xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy +KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR +9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az +5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 +6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 +Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP +bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt +BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt +XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd +INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp +LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 +Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp +gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh +/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw +0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A +fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq +4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR +1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ +QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM +94B7IWcnMFk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE5zCCA8+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCQ0Ex +EDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoTFEVj +aG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZp +Y2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMjAeFw0wNTEwMDYxMDQ5MTNa +Fw0zMDEwMDcxMDQ5MTNaMIGNMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJp +bzEQMA4GA1UEBxMHVG9yb250bzEdMBsGA1UEChMURWNob3dvcnggQ29ycG9yYXRp +b24xHzAdBgNVBAsTFkNlcnRpZmljYXRpb24gU2VydmljZXMxGjAYBgNVBAMTEUVj +aG93b3J4IFJvb3QgQ0EyMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA +utU/5BkV15UBf+s+JQruKQxr77s3rjp/RpOtmhHILIiO5gsEWP8MMrfrVEiidjI6 +Qh6ans0KAWc2Dw0/j4qKAQzOSyAZgjcdypNTBZ7muv212DA2Pu41rXqwMrlBrVi/ +KTghfdLlNRu6JrC5y8HarrnRFSKF1Thbzz921kLDRoCi+FVs5eVuK5LvIfkhNAqA +byrTgO3T9zfZgk8upmEkANPDL1+8y7dGPB/d6lk0I5mv8PESKX02TlvwgRSIiTHR +k8++iOPLBWlGp7ZfqTEXkPUZhgrQQvxcrwCUo6mk8TqgxCDP5FgPoHFiPLef5szP +ZLBJDWp7GLyE1PmkQI6WiwIBA6OCAVAwggFMMA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBQ74YEboKs/OyGC1eISrq5QqxSlEzCBugYDVR0j +BIGyMIGvgBQ74YEboKs/OyGC1eISrq5QqxSlE6GBk6SBkDCBjTELMAkGA1UEBhMC +Q0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoT +FEVjaG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMoIBADBQBgNVHSAESTBH +MEUGCysGAQQB+REKAQMBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuZWNob3dv +cnguY29tL2NhL3Jvb3QyL2Nwcy5wZGYwDQYJKoZIhvcNAQEFBQADggEBAG+nrPi/ +0RpfEzrj02C6JGPUar4nbjIhcY6N7DWNeqBoUulBSIH/PYGNHYx7/lnJefiixPGE +7TQ5xPgElxb9bK8zoAApO7U33OubqZ7M7DlHnFeCoOoIAZnG1kuwKwD5CXKB2a74 +HzcqNnFW0IsBFCYqrVh/rQgJOzDA8POGbH0DeD0xjwBBooAolkKT+7ZItJF1Pb56 +QpDL9G+16F7GkmnKlAIYT3QTS3yFGYChnJcd+6txUPhKi9sSOOmAIaKHnkH9Scz+ +A2cSi4A3wUYXVatuVNHpRb2lygfH3SuCX9MU8Ure3zBlSU1LALtMqI4JmcQmQpIq +zIzvO2jHyu9PQqo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcTCCAlmgAwIBAgIVAOYJ/nrqAGiM4CS07SAbH+9StETRMA0GCSqGSIb3DQEB +BQUAMFAxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGlj +emVuaW93YSBTLkEuMRcwFQYDVQQDDA5TWkFGSVIgUk9PVCBDQTAeFw0xMTEyMDYx +MTEwNTdaFw0zMTEyMDYxMTEwNTdaMFAxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRcwFQYDVQQDDA5TWkFGSVIg +Uk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxHL49ZMTml +6g3wpYwrvQKkvc0Kc6oJ5sxfgmp1qZfluwbv88BdocHSiXlY8NzrVYzuWBp7J/9K +ULMAoWoTIzOQ6C9TNm4YbA9A1jdX1wYNL5Akylf8W5L/I4BXhT9KnlI6x+a7BVAm +nr/Ttl+utT/Asms2fRfEsF2vZPMxH4UFqOAhFjxTkmJWf2Cu4nvRQJHcttB+cEAo +ag/hERt/+tzo4URz6x6r19toYmxx4FjjBkUhWQw1X21re//Hof2+0YgiwYT84zLb +eqDqCOMOXxvH480yGDkh/QoazWX3U75HQExT/iJlwnu7I1V6HXztKIwCBjsxffbH +3jOshCJtywcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFFOSo33/gnbwM9TrkmdHYTMbaDsqMA0GCSqGSIb3DQEBBQUA +A4IBAQA5UFWd5EL/pBviIMm1zD2JLUCpp0mJG7JkwznIOzawhGmFFaxGoxAhQBEg +haP+E0KR66oAwVC6xe32QUVSHfWqWndzbODzLB8yj7WAR0cDM45ZngSBPBuFE3Wu +GLJX9g100ETfIX+4YBR/4NR/uvTnpnd9ete7Whl0ZfY94yuu4xQqB5QFv+P7IXXV +lTOjkjuGXEcyQAjQzbFaT9vIABSbeCXWBbjvOXukJy6WgAiclzGNSYprre8Ryydd +fmjW9HIGwsIO03EldivvqEYL1Hv1w/Pur+6FUEOaL68PEIUovfgwIB2BAw+vZDuw +cH0mX548PojGyg434cDjkSXa3mHF +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIIGDCCBgCgAwIBAgIGAT8vMXfmMA0GCSqGSIb3DQEBCwUAMIIBCjELMAkGA1UE +BhMCRVMxEjAQBgNVBAgMCUJhcmNlbG9uYTFYMFYGA1UEBwxPQmFyY2Vsb25hIChz +ZWUgY3VycmVudCBhZGRyZXNzIGF0IGh0dHA6Ly93d3cuYW5mLmVzL2VzL2FkZHJl +c3MtZGlyZWNjaW9uLmh0bWwgKTEnMCUGA1UECgweQU5GIEF1dG9yaWRhZCBkZSBD +ZXJ0aWZpY2FjaW9uMRcwFQYDVQQLDA5BTkYgQ2xhc2UgMSBDQTEaMBgGCSqGSIb3 +DQEJARYLaW5mb0BhbmYuZXMxEjAQBgNVBAUTCUc2MzI4NzUxMDEbMBkGA1UEAwwS +QU5GIEdsb2JhbCBSb290IENBMB4XDTEzMDYxMDE3NDUzOFoXDTMzMDYwNTE3NDUz +OFowggEKMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vsb25hMVgwVgYDVQQH +DE9CYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgaHR0cDovL3d3dy5h +bmYuZXMvZXMvYWRkcmVzcy1kaXJlY2Npb24uaHRtbCApMScwJQYDVQQKDB5BTkYg +QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xFzAVBgNVBAsMDkFORiBDbGFzZSAx +IENBMRowGAYJKoZIhvcNAQkBFgtpbmZvQGFuZi5lczESMBAGA1UEBRMJRzYzMjg3 +NTEwMRswGQYDVQQDDBJBTkYgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDHPi9xy4wynbcUbWjorVUgQKeUAVh937J7P37XmsfH +ZLOBZKIIlhhCtRwnDlg7x+BUvtJOTkIbEGMujDygUQ2s3HDYr5I41hTyM2Pl0cq2 +EuSGEbPIHb3dEX8NAguFexM0jqNjrreN3hM2/+TOkAxSdDJP2aMurlySC5zwl47K +ZLHtcVrkZnkDa0o5iN24hJT4vBDT4t2q9khQ+qb1D8KgCOb02r1PxWXu3vfd6Ha2 +mkdB97iGuEh5gO2n4yOmFS5goFlVA2UdPbbhJsb8oKVKDd+YdCKGQDCkQyG4AjmC +YiNm3UPG/qtftTH5cWri67DlLtm6fyUFOMmO6NSh0RtR745pL8GyWJUanyq/Q4bF +HQB21E+WtTsCaqjGaoFcrBunMypmCd+jUZXl27TYENRFbrwNdAh7m2UztcIyb+Sg +VJFyfvVsBQNvnp7GPimVxXZNc4VpxEXObRuPWQN1oZN/90PcZVqTia/SHzEyTryL +ckhiLG3jZiaFZ7pTZ5I9wti9Pn+4kOHvE3Y/4nEnUo4mTxPX9pOlinF+VCiybtV2 +u1KSlc+YaIM7VmuyndDZCJRXm3v0/qTE7t5A5fArZl9lvibigMbWB8fpD+c1GpGH +Eo8NRY0lkaM+DkIqQoaziIsz3IKJrfdKaq9bQMSlIfameKBZ8fNYTBZrH9KZAIhz +YwIDAQABo4IBfjCCAXowHQYDVR0OBBYEFIf6nt9SdnXsSUogb1twlo+d77sXMB8G +A1UdIwQYMBaAFIf6nt9SdnXsSUogb1twlo+d77sXMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMIIBFQYDVR0RBIIBDDCCAQiCEWh0dHA6Ly93d3cuYW5m +LmVzgQtpbmZvQGFuZi5lc6SB5TCB4jE0MDIGA1UECQwrR3JhbiBWaWEgZGUgbGVz +IENvcnRzIENhdGFsYW5lcy4gOTk2LiAwODAxODESMBAGA1UEBwwJQmFyY2Vsb25h +MScwJQYDVQQKDB5BTkYgQXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xEjAQBgNV +BAUTCUc2MzI4NzUxMDFZMFcGA1UECwxQSW5zY3JpdGEgZW4gZWwgTWluaXN0ZXJp +byBkZWwgSW50ZXJpb3IgZGUgRXNwYcOxYSBjb24gZWwgbnVtZXJvIG5hY2lvbmFs +IDE3MS40NDMwDQYJKoZIhvcNAQELBQADggIBAIgR9tFTZ9BCYg+HViMxOfF0MHN2 +Pe/eC128ARdS+GH8A4thtbqiH/SOYbWofO/0zssHhNKa5iQEj45lCAb8BANpWJMD +nWkPr6jq2+50a6d0MMgSS2l1rvjSF+3nIrEuicshHXSTi3q/vBLKr7uGKMVFaM68 +XAropIwk6ndlA0JseARSPsbetv7ALESMIZAxlHV1TcctYHd0bB3c/Jz+PLszJQqs +Cg/kBPo2D111OXZkIY8W/fJuG9veR783khAK2gUnC0zLLCNsYzEbdGt8zUmBsAsM +cGxqGm6B6vDXd65OxWqw13xdq/24+5R8Ng1PF9tvfjZkUFBF30CxjWur7P90WiKI +G7IGfr6BE1NgXlhEQQu4F+HizB1ypEPzGWltecXQ4yOzO+H0WfFTjLTYX6VSveyW +DQV18ixF8M4tHP/SwNE+yyv2b2JJ3/3RpxjtFlLk+opJ574x0gD/dMJuWTH0JqVY +3PbRfE1jIxFpk164Qz/Xp7H7w7f6xh+tQCkBs3PUYmnGIZcPwq44Q6JHlCNsKx4K +hxfggTvRCk4w79cUID45c2qDsRCqTPoOo/cbOpcfVhbH9LdMORpmuLwNogRZEUSE +fWpqR9q+0kcQf4zGSWIURIyDrogdpDgoHDxktqgMgc+qA4ZE2WQl1D8hmev53A46 +lUSrWUiWfDXtK3ux +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy +MDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjEw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy3QRk +D2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/o +OI7bm+V8u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3A +fQ+lekLZWnDZv6fXARz2m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJe +IgpFy4QxTaz+29FHuvlglzmxZcfe+5nkCiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8n +oc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTaYVKvJrT1cU/J19IG32PK +/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6vpmumwKj +rckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD +3AjLLhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE +7cderVC6xkGbrPAXZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkC +yC2fg69naQanMVXVz0tv/wQFx1isXxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLd +qvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ04IwDQYJKoZI +hvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR +xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaA +SfX8MPWbTx9BLxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXo +HqJPYNcHKfyyo6SdbhWSVhlMCrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpB +emOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5GfbVSUZP/3oNn6z4eGBrxEWi1CXYBmC +AMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85YmLLW1AL14FABZyb +7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKSds+x +DzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvk +F7mGnjixlAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqF +a3qdnom2piiZk4hA9z7NUaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsT +Q6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJa7+h89n07eLw4+1knj0vllJPgFOL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh +/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e +CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 +1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE +FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS +gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X +G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy +YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH +vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 +t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ +gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 +5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w +DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 +nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT +RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT +wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 +t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa +TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 +o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU +3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA +iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f +WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM +S1IK +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGHDCCBASgAwIBAgIES45gAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE +SzESMBAGA1UEChMJVFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQ +cmltYXJ5IENBMB4XDTEwMDMwMzEyNDEzNFoXDTM3MTIwMzEzMTEzNFowRTELMAkG +A1UEBhMCREsxEjAQBgNVBAoTCVRSVVNUMjQwODEiMCAGA1UEAxMZVFJVU1QyNDA4 +IE9DRVMgUHJpbWFyeSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJlJodr3U1Fa+v8HnyACHV81/wLevLS0KUk58VIABl6Wfs3LLNoj5soVAZv4LBi5 +gs7E8CZ9w0F2CopW8vzM8i5HLKE4eedPdnaFqHiBZ0q5aaaQArW+qKJx1rT/AaXt +alMB63/yvJcYlXS2lpexk5H/zDBUXeEQyvfmK+slAySWT6wKxIPDwVapauFY9QaG ++VBhCa5jBstWS7A5gQfEvYqn6csZ3jW472kW6OFNz6ftBcTwufomGJBMkonf4ZLr +6t0AdRi9jflBPz3MNNRGxyjIuAmFqGocYFA/OODBRjvSHB2DygqQ8k+9tlpvzMRr +kU7jq3RKL+83G1dJ3/LTjCLz4ryEMIC/OJ/gNZfE0qXddpPtzflIPtUFVffXdbFV +1t6XZFhJ+wBHQCpJobq/BjqLWUA86upsDbfwnePtmIPRCemeXkY0qabC+2Qmd2Fe +xyZphwTyMnbqy6FG1tB65dYf3mOqStmLa3RcHn9+2dwNfUkh0tjO2FXD7drWcU0O +I9DW8oAypiPhm/QCjMU6j6t+0pzqJ/S0tdAo+BeiXK5hwk6aR+sRb608QfBbRAs3 +U/q8jSPByenggac2BtTN6cl+AA1Mfcgl8iXWNFVGegzd/VS9vINClJCe3FNVoUnR +YCKkj+x0fqxvBLopOkJkmuZw/yhgMxljUi2qYYGn90OzAgMBAAGjggESMIIBDjAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUd +IAAwgZcGA1UdHwSBjzCBjDAsoCqgKIYmaHR0cDovL2NybC5vY2VzLnRydXN0MjQw +OC5jb20vb2Nlcy5jcmwwXKBaoFikVjBUMQswCQYDVQQGEwJESzESMBAGA1UEChMJ +VFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQcmltYXJ5IENBMQ0w +CwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFPZt+LFIs0FDAduGROUYBbdezAY3MB0G +A1UdDgQWBBT2bfixSLNBQwHbhkTlGAW3XswGNzANBgkqhkiG9w0BAQsFAAOCAgEA +VPAQGrT7dIjD3/sIbQW86f9CBPu0c7JKN6oUoRUtKqgJ2KCdcB5ANhCoyznHpu3m +/dUfVUI5hc31CaPgZyY37hch1q4/c9INcELGZVE/FWfehkH+acpdNr7j8UoRZlkN +15b/0UUBfGeiiJG/ugo4llfoPrp8bUmXEGggK3wyqIPcJatPtHwlb6ympfC2b/Ld +v/0IdIOzIOm+A89Q0utx+1cOBq72OHy8gpGb6MfncVFMoL2fjP652Ypgtr8qN9Ka +/XOazktiIf+2Pzp7hLi92hRc9QMYexrV/nnFSQoWdU8TqULFUoZ3zTEC3F/g2yj+ +FhbrgXHGo5/A4O74X+lpbY2XV47aSuw+DzcPt/EhMj2of7SA55WSgbjPMbmNX0rb +oenSIte2HRFW5Tr2W+qqkc/StixgkKdyzGLoFx/xeTWdJkZKwyjqge2wJqws2upY +EiThhC497+/mTiSuXd69eVUwKyqYp9SD2rTtNmF6TCghRM/dNsJOl+osxDVGcwvt +WIVFF/Onlu5fu1NHXdqNEfzldKDUvCfii3L2iATTZyHwU9CALE+2eIA+PIaLgnM1 +1oCfUnYBkQurTrihvzz9PryCVkLxiqRmBVvUz+D4N5G/wvvKDS6t6cPCS+hqM482 +cbBsn0R9fFLO4El62S9eH1tqOzO20OAOK65yJIsOpSE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAw +ZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdp +dGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290 +IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcNMzEwNjI1MDg0NTA4WjBnMQswCQYD +VQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2Vy +dGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYgQ0Eg +MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7Bx +UglgRCgzo3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD +1ycfMQ4jFrclyxy0uYAyXhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPH +oCE2G3pXKSinLr9xJZDzRINpUKTk4RtiGZQJo/PDvO/0vezbE53PnUgJUmfANykR +HvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8LiqG12W0OfvrSdsyaGOx9/ +5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaHZa0zKcQv +idm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHL +OdAGalNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaC +NYGu+HuB5ur+rPQam3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f +46Fq9mDU5zXNysRojddxyNMkM3OxbPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCB +UWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDixzgHcgplwLa7JSnaFp6LNYth +7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/BAQDAgGGMB0G +A1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED +MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWB +bj2ITY1x0kbBbkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6x +XCX5145v9Ydkn+0UjrgEjihLj6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98T +PLr+flaYC/NUn81ETm484T4VvwYmneTwkLbUwp4wLh/vx3rEUMfqe9pQy3omywC0 +Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7XwgiG/W9mR4U9s70 +WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH59yL +Gn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm +7JFe3VE/23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4S +nr8PyQUQ3nqjsTzyP6WqJ3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VN +vBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyAHmBR3NdUIR7KYndP+tiPsys6DXhyyWhB +WkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/giuMod89a2GQ+fYWVq6nTI +fI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuWl8PVP3wb +I+2ksx0WckNLIOFZfsLorSa/ovc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCBKKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMCVVMx +HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMS0wKwYDVQQLEyRBcHBsZSBD +b21wdXRlciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgNVBAMTIEFwcGxlIFJv +b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA1MDIxMDAwMTgxNFoXDTI1MDIx +MDAwMTgxNFowgYYxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBcHBsZSBDb21wdXRl +ciwgSW5jLjEtMCsGA1UECxMkQXBwbGUgQ29tcHV0ZXIgQ2VydGlmaWNhdGUgQXV0 +aG9yaXR5MSkwJwYDVQQDEyBBcHBsZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSRqQkfkdseR1DrBe1e +eYQt6zaiV0xV7IsZid75S2z1B6siMALoGD74UAnTf0GomPnRymacJGsR0KO75Bsq +wx+VnnoMpEeLW9QWNzPLxA9NzhRp0ckZcvVdDtV/X5vyJQO6VY9NXQ3xZDUjFUsV +WR2zlPf2nJ7PULrBWFBnjwi0IPfLrCwgb3C2PwEwjLdDzw+dPfMrSSgayP7OtbkO +2V4c1ss9tTqt9A8OAJILsSEWLnTVPA3bYharo3GSR1NVwa8vQbP4++NwzeajTEV+ +H0xrUJZBicR0YgsQg0GHM4qBsTBY7FoEMoxos48d3mVz/2deZbxJ2HafMxRloXeU +yS0CAwEAAaOCAi8wggIrMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBQr0GlHlHYJ/vRrjS5ApvdHTX8IXjAfBgNVHSMEGDAWgBQr0GlH +lHYJ/vRrjS5ApvdHTX8IXjCCASkGA1UdIASCASAwggEcMIIBGAYJKoZIhvdjZAUB +MIIBCTBBBggrBgEFBQcCARY1aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmlj +YXRlYXV0aG9yaXR5L3Rlcm1zLmh0bWwwgcMGCCsGAQUFBwICMIG2GoGzUmVsaWFu +Y2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2Nl +cHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5k +IGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRp +ZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wRAYDVR0fBD0wOzA5oDegNYYz +aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L3Jvb3Qu +Y3JsMFUGCCsGAQUFBwEBBEkwRzBFBggrBgEFBQcwAoY5aHR0cHM6Ly93d3cuYXBw +bGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L2Nhc2lnbmVycy5odG1sMA0GCSqG +SIb3DQEBBQUAA4IBAQCd2i0oWC99dgS5BNM+zrdmY06PL9T+S61yvaM5xlJNBZhS +9YlRASR5vhoy9+VEi0tEBzmC1lrKtCBe2a4VXR2MHTK/ODFiSF3H4ZCx+CRA+F9Y +m1FdV53B5f88zHIhbsTp6aF31ywXJsM/65roCwO66bNKcuszCVut5mIxauivL9Wv +Hld2j383LS4CXN1jyfJxuCZA3xWNdUQ/eb3mHZnhQyw+rW++uaT+DjUZUWOxw961 +kj5ReAFziqQjyqSI8R5cH0EWLX6VCqrpiUGYGxrdyyC/R14MJsVVNU3GMIuZZxTH +CR+6R8faAQmHJEKVvRNgGQrv6n8Obs3BREM6StXj +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx +CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U +cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow +QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl +blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm +3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d +oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 +DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK +BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q +j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx +4nxp5V2a+EEfOzmTk51V6s2N8fvB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b +wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX +/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 +77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP +uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx +p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx +Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 +TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W +G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw +vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY +EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 +2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw +DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E +PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf +gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS +FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 +V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P +XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I +i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t +TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 +09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky +Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ +AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj +1oxx +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJDTjER +MA8GA1UEChMIVW5pVHJ1c3QxGDAWBgNVBAMTD1VDQSBHbG9iYWwgUm9vdDAeFw0w +ODAxMDEwMDAwMDBaFw0zNzEyMzEwMDAwMDBaMDoxCzAJBgNVBAYTAkNOMREwDwYD +VQQKEwhVbmlUcnVzdDEYMBYGA1UEAxMPVUNBIEdsb2JhbCBSb290MIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2rPlBlA/9nP3xDK/RqUlYjOHsGj+p9+I +A2N9Apb964fJ7uIIu527u+RBj8cwiQ9tJMAEbBSUgU2gDXRm8/CFr/hkGd656YGT +0CiFmUdCSiw8OCdKzP/5bBnXtfPvm65bNAbXj6ITBpyKhELVs6OQaG2BkO5NhOxM +cE4t3iQ5zhkAQ5N4+QiGHUPR9HK8BcBn+sBR0smFBySuOR56zUHSNqth6iur8CBV +mTxtLRwuLnWW2HKX4AzKaXPudSsVCeCObbvaE/9GqOgADKwHLx25urnRoPeZnnRc +GQVmMc8+KlL+b5/zub35wYH1N9ouTIElXfbZlJrTNYsgKDdfUet9Ysepk9H50DTL +qScmLCiQkjtVY7cXDlRzq6987DqrcDOsIfsiJrOGrCOp139tywgg8q9A9f9ER3Hd +J90TKKHqdjn5EKCgTUCkJ7JZFStsLSS3JGN490MYeg9NEePorIdCjedYcaSrbqLA +l3y74xNLytu7awj5abQEctXDRrl36v+6++nwOgw19o8PrgaEFt2UVdTvyie3AzzF +HCYq9TyopZWbhvGKiWf4xwxmse1Bv4KmAGg6IjTuHuvlb4l0T2qqaqhXZ1LUIGHB +zlPL/SR/XybfoQhplqCe/klD4tPq2sTxiDEhbhzhzfN1DiBEFsx9c3Q1RSw7gdQg +7LYJjD5IskkCAwEAAaOBojCBnzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zBj +BgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcD +BAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUF +BwMJMB0GA1UdDgQWBBTZw9P4gJJnzF3SOqLXcaK0xDiALTANBgkqhkiG9w0BAQUF +AAOCAgEA0Ih5ygiq9ws0oE4Jwul+NUiJcIQjL1HDKy9e21NrW3UIKlS6Mg7VxnGF +sZdJgPaE0PC6t3GUyHlrpsVE6EKirSUtVy/m1jEp+hmJVCl+t35HNmktbjK81HXa +QnO4TuWDQHOyXd/URHOmYgvbqm4FjMh/Rk85hZCdvBtUKayl1/7lWFZXbSyZoUkh +1WHGjGHhdSTBAd0tGzbDLxLMC9Z4i3WA6UG5iLHKPKkWxk4V43I29tSgQYWvimVw +TbVEEFDs7d9t5tnGwBLxSzovc+k8qe4bqi81pZufTcU0hF8mFGmzI7GJchT46U1R +IgP/SobEHOh7eQrbRyWBfvw0hKxZuFhD5D1DCVR0wtD92e9uWfdyYJl2b/Unp7uD +pEqB7CmB9HdL4UISVdSGKhK28FWbAS7d9qjjGcPORy/AeGEYWsdl/J1GW1fcfA67 +loMQfFUYCQSu0feLKj6g5lDWMDbX54s4U+xJRODPpN/xU3uLWrb2EZBL1nXz/gLz +Ka/wI3J9FO2pXd96gZ6bkiL8HvgBRUGXx2sBYb4zaPKgZYRmvOAqpGjTcezHCN6j +w8k2SjTxF+KAryAhk5Qe5hXTVGLxtTgv48y5ZwSpuuXu+RBuyy5+E6+SFP7zJ3N7 +OPxzbbm5iPZujAv1/P8JDrMtXnt145Ik4ubhWD5LKAN1axibRww= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw +CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 +bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg +Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ +BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu +ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS +b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni +eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W +p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T +rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV +57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg +Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIJmzCCB4OgAwIBAgIBATANBgkqhkiG9w0BAQwFADCCAR4xPjA8BgNVBAMTNUF1 +dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9s +YW5vMQswCQYDVQQGEwJWRTEQMA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlz +dHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0 +aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBlcmludGVuZGVuY2lh +IGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUwIwYJ +KoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyMjE4MDgy +MVoXDTMwMTIxNzIzNTk1OVowggEeMT4wPAYDVQQDEzVBdXRvcmlkYWQgZGUgQ2Vy +dGlmaWNhY2lvbiBSYWl6IGRlbCBFc3RhZG8gVmVuZXpvbGFubzELMAkGA1UEBhMC +VkUxEDAOBgNVBAcTB0NhcmFjYXMxGTAXBgNVBAgTEERpc3RyaXRvIENhcGl0YWwx +NjA0BgNVBAoTLVNpc3RlbWEgTmFjaW9uYWwgZGUgQ2VydGlmaWNhY2lvbiBFbGVj +dHJvbmljYTFDMEEGA1UECxM6U3VwZXJpbnRlbmRlbmNpYSBkZSBTZXJ2aWNpb3Mg +ZGUgQ2VydGlmaWNhY2lvbiBFbGVjdHJvbmljYTElMCMGCSqGSIb3DQEJARYWYWNy +YWl6QHN1c2NlcnRlLmdvYi52ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAME77xNS8ZlW47RsBeEaaRZhJoZ4rw785UAFCuPZOAVMqNS1wMYqzy95q6Gk +UO81ER/ugiQX/KMcq/4HBn83fwdYWxPZfwBfK7BP2p/JsFgzYeFP0BXOLmvoJIzl +Jb6FW+1MPwGBjuaZGFImWZsSmGUclb51mRYMZETh9/J5CLThR1exStxHQptwSzra +zNFpkQY/zmj7+YZNA9yDoroVFv6sybYOZ7OxNDo7zkSLo45I7gMwtxqWZ8VkJZkC +8+p0dX6mkhUT0QAV64Zc9HsZiH/oLhEkXjhrgZ28cF73MXIqLx1fyM4kPH1yOJi/ +R72nMwL7D+Sd6mZgI035TxuHXc2/uOwXfKrrTjaJDz8Jp6DdessOkxIgkKXRjP+F +K3ze3n4NUIRGhGRtyvEjK95/2g02t6PeYiYVGur6ruS49n0RAaSS0/LJb6XzaAAe +0mmO2evnEqxIKwy2mZRNPfAVW1l3wCnWiUwryBU6OsbFcFFrQm+00wOicXvOTHBM +aiCVAVZTb9RSLyi+LJ1llzJZO3pq3IRiiBj38Nooo+2ZNbMEciSgmig7YXaUcmud +SVQvLSL+Yw+SqawyezwZuASbp7d/0rutQ59d81zlbMt3J7yB567rT2IqIydQ8qBW +k+fmXzghX+/FidYsh/aK+zZ7Wy68kKHuzEw1Vqkat5DGs+VzAgMBAAGjggLeMIIC +2jASBgNVHRMBAf8ECDAGAQH/AgECMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52 +ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMB0GA1UdDgQWBBStuyIdxuDS +Aaj9dlBSk+2YwU2u0zCCAVAGA1UdIwSCAUcwggFDgBStuyIdxuDSAaj9dlBSk+2Y +wU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRpZmlj +YWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAw +DgYDVQQHEwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYD +VQQKEy1TaXN0ZW1hIE5hY2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25p +Y2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5kZW5jaWEgZGUgU2VydmljaW9zIGRlIENl +cnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG9w0BCQEWFmFjcmFpekBz +dXNjZXJ0ZS5nb2IudmWCAQEwDgYDVR0PAQH/BAQDAgEGMDcGA1UdEQQwMC6CD3N1 +c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMFQGA1Ud +HwRNMEswJKAioCCGHmhodHA6Ly93d3cuc3VzY2VydGUuZ29iLnZlL2xjcjAjoCGg +H4YdbGRhcDovL2FjcmFpei5zdXNjZXJ0ZS5nb2IudmUwNwYIKwYBBQUHAQEEKzAp +MCcGCCsGAQUFBzABhhtoaHRwOi8vb2NzcC5zdXNjZXJ0ZS5nb2IudmUwQAYDVR0g +BDkwNzA1BgVghl4BAjAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN1c2NlcnRl +LmdvYi52ZS9kcGMwDQYJKoZIhvcNAQEMBQADggIBAK4qy/zmZ9zBwfW3yOYtLcBT +Oy4szJyPz7/RhNH3bPVH7HbDTGpi6JZ4YXdXMBeJE5qBF4a590Kgj8Rlnltt+Rbo +OFQOU1UDqKuTdBsA//Zry5899fmn8jBUkg4nh09jhHHbLlaUScdz704Zz2+UVg7i +s/r3Legxap60KzmdrmTAE9VKte1TQRgavQwVX5/2mO/J+SCas//UngI+h8SyOucq +mjudYEgBrZaodUsagUfn/+AzFNrGLy+al+5nZeHb8JnCfLHWS0M9ZyhgoeO/czyn +99+5G93VWNv4zfc4KiavHZKrkn8F9pg0ycIZh+OwPT/RE2zq4gTazBMlP3ACIe/p +olkNaOEa8KvgzW96sjBZpMW49zFmyINYkcj+uaNCJrVGsXgdBmkuRGJNWFZ9r0cG +woIaxViFBypsz045r1ESfYPlfDOavBhZ/giR/Xocm9CHkPRY2BApMMR0DUCyGETg +Ql+L3kfdTKzuDjUp2DM9FqysQmaM81YDZufWkMhlZPfHwC7KbNougoLroa5Umeos +bqAXWmk46SwIdWRPLLqbUpDTKooynZKpSYIkkotdgJoVZUUCY+RCO8jsVPEU6ece +SxztNUm5UOta1OJPMwSAKRHOo3ilVb9c6lAixDdvV8MeNbqe6asM1mpCHWbJ/0rg +5Ls9Cxx8hracyp0ev7b0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIIKv++n6Lw6YcwDQYJKoZIhvcNAQEFBQAwKDELMAkGA1UE +BhMCQkUxGTAXBgNVBAMTEEJlbGdpdW0gUm9vdCBDQTIwHhcNMDcxMDA0MTAwMDAw +WhcNMjExMjE1MDgwMDAwWjAoMQswCQYDVQQGEwJCRTEZMBcGA1UEAxMQQmVsZ2l1 +bSBSb290IENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZzQh6S +/3UPi790hqc/7bIYLS2X+an7mEoj39WN4IzGMhwWLQdC1i22bi+n9fzGhYJdld61 +IgDMqFNAn68KNaJ6x+HK92AQZw6nUHMXU5WfIp8MXW+2QbyM69odRr2nlL/zGsvU ++40OHjPIltfsjFPekx40HopQcSZYtF3CiInaYNKJIT/e1wEYNm7hLHADBGXvmAYr +XR5i3FVr/mZkIV/4L+HXmymvb82fqgxG0YjFnaKVn6w/Fa7yYd/vw2uaItgscf1Y +HewApDgglVrH1Tdjuk+bqv5WRi5j2Qsj1Yr6tSPwiRuhFA0m2kHwOI8w7QUmecFL +TqG4flVSOmlGhHUCAwEAAaOBuzCBuDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zBCBgNVHSAEOzA5MDcGBWA4CQEBMC4wLAYIKwYBBQUHAgEWIGh0dHA6 +Ly9yZXBvc2l0b3J5LmVpZC5iZWxnaXVtLmJlMB0GA1UdDgQWBBSFiuv0xbu+DlkD +lN7WgAEV4xCcOTARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUhYrr9MW7 +vg5ZA5Te1oABFeMQnDkwDQYJKoZIhvcNAQEFBQADggEBAFHYhd27V2/MoGy1oyCc +UwnzSgEMdL8rs5qauhjyC4isHLMzr87lEwEnkoRYmhC598wUkmt0FoqW6FHvv/pK +JaeJtmMrXZRY0c8RcrYeuTlBFk0pvDVTC9rejg7NqZV3JcqUWumyaa7YwBO+mPyW +nIR/VRPmPIfjvCCkpDZoa01gZhz5v6yAlGYuuUGK02XThIAC71AdXkbc98m6tTR8 +KvPG2F9fVJ3bTc0R5/0UAoNmXsimABKgX77OFP67H6dh96tK8QYUn8pJQsKpvO2F +sauBQeYNxUJpU4c5nUwfAA4+Bw11V0SoU7Q2dmSZ3G7rPUZuFF1eR1ONeE3gJ7uO +hXY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW +MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg +Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9 +MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi +U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk +pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf +OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C +Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT +Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi +HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM +Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w ++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ +Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 +Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B +26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID +AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul +F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC +ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w +ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk +aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0 +YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg +c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93 +d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG +CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF +wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS +Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst +0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc +pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl +CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF +P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK +1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm +KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE +JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ +8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm +fyWl8kgAwKQB2j8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB +gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu +QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG +A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz +OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ +VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 +b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA +DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn +0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB +OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE +fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E +Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m +o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i +sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW +OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez +Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS +adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n +3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ +F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf +CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 +XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm +djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ +WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb +AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq +P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko +b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj +XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P +5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi +DrW5viSP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr +jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r +0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f +2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP +ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF +y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA +tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL +6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 +uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL +acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh +k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q +VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O +BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh +b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R +fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv +/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI +REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx +srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv +aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT +woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n +Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W +t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N +8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 +9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 +wSsSnqaeG8XmDtkx2Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFSzCCAzOgAwIBAgIRALZLiAfiI+7IXBKtpg4GofIwDQYJKoZIhvcNAQELBQAw +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xMjA5MjgwODU4NTFaFw0zNzEyMzExNTU5NTla +MD8xCzAJBgNVBAYTAlRXMTAwLgYDVQQKDCdHb3Zlcm5tZW50IFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC2/5c8gb4BWCQnr44BK9ZykjAyG1+bfNTUf+ihYHMwVxAA+lCWJP5Q5ow6ldFX +eYTVZ1MMKoI+GFy4MCYa1l7GLbIEUQ7v3wxjR+vEEghRK5lxXtVpe+FdyXcdIOxW +juVhYC386RyA3/pqg7sFtR4jEpyCygrzFB0g5AaPQySZn7YKk1pzGxY5vgW28Yyl +ZJKPBeRcdvc5w88tvQ7Yy6gOMZvJRg9nU0MEj8iyyIOAX7ryD6uBNaIgIZfOD4k0 +eA/PH07p+4woPN405+2f0mb1xcoxeNLOUNFggmOd4Ez3B66DNJ1JSUPUfr0t4urH +cWWACOQ2nnlwCjyHKenkkpTqBpIpJ3jmrdc96QoLXvTg1oadLXLLi2RW5vSueKWg +OTNYPNyoj420ai39iHPplVBzBN8RiD5C1gJ0+yzEb7xs1uCAb9GGpTJXA9ZN9E4K +mSJ2fkpAgvjJ5E7LUy3Hsbbi08J1J265DnGyNPy/HE7CPfg26QrMWJqhGIZO4uGq +s3NZbl6dtMIIr69c/aQCb/+4DbvVq9dunxpPkUDwH0ZVbaCSw4nNt7H/HLPLo5wK +4/7NqrwB7N1UypHdTxOHpPaY7/1J1lcqPKZc9mA3v9g+fk5oKiMyOr5u5CI9ByTP +isubXVGzMNJxbc5Gim18SjNE2hIvNkvy6fFRCW3bapcOFwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVZx3gnHosnMvFmOcdByYqhux0zTAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAJA75cJTQijq9TFOjj2Rnk0J +89ixUuZPrAwxIbvx6pnMg/y2KOTshAcOD06Xu29oRo8OURWV+Do7H1+CDgxxDryR +T64zLiNB9CZrTxOH+nj2LsIPkQWXqmrBap+8hJ4IKifd2ocXhuGzyl3tOKkpboTe +Rmv8JxlQpRJ6jH1i/NrnzLyfSa8GuCcn8on3Fj0Y5r3e9YwSkZ/jBI3+BxQaWqw5 +ghvxOBnhY+OvbLamURfr+kvriyL2l/4QOl+UoEtTcT9a4RD4co+WgN2NApgAYT2N +vC2xR8zaXeEgp4wxXPHj2rkKhkfIoT0Hozymc26Uke1uJDr5yTDRB6iBfSZ9fYTf +hsmL5a4NHr6JSFEVg5iWL0rrczTXdM3Jb9DCuiv2mv6Z3WAUjhv5nDk8f0OJU+jl +wqu+Iq0nOJt3KLejY2OngeepaUXrjnhWzAWEx/uttjB8YwWfLYwkf0uLkvw4Hp+g +pVezbp3YZLhwmmBScMip0P/GnO0QYV7Ngw5u6E0CQUridgR51lQ/ipgyFKDdLZzn +uoJxo4ZVKZnSKdt1OvfbQ/+2W/u3fjWAjg1srnm3Ni2XUqGwB5wH5Ss2zQOXlL0t +DjQG/MAWifw3VOTWzz0TBPKR2ck2Lj7FWtClTILD/y58Jnb38/1FoqVuVa4uzM8s +iTTa9g3nkagQ6hed8vbs +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzET +MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0 +MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBw +bGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx +FjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg+ ++FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1 +XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9w +tj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IW +q6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKM +aLOPHd5lc/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3 +R01/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wggERBgNVHSAE +ggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93 +d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNl +IG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0 +YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBj +b25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZp +Y2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBc +NplMLXi37Yyb3PN3m/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQP +y3lPNNiiPvl4/2vIB+x9OYOLUyDTOMSxv5pPCmv/K/xZpwUJfBdAVhEedNO3iyM7 +R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4Fg +xhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL/lTaltkwGMzd/c6ByxW69oP +IQ7aunMZT7XZNn/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AX +UKqK1drk/NAJBzewdXUh +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW +MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg +Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 +MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi +U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk +pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf +OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C +Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT +Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi +HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM +Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w ++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ +Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 +Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B +26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID +AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE +FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j +ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js +LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM +BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 +Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy +dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh +cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh +YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg +dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp +bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ +YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT +TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ +9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 +jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW +FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz +ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 +ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L +EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu +L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq +yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC +O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V +um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh +NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwKgAwIBAgIDAYagMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYDVQQGEwJG +STEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0ZXJpa2Vz +a3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNl +czEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJLIEdvdi4g +Um9vdCBDQTAeFw0wMjEyMTgxMzUzMDBaFw0yMzEyMTgxMzUxMDhaMIGjMQswCQYD +VQQGEwJGSTEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0 +ZXJpa2Vza3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBT +ZXJ2aWNlczEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJL +IEdvdi4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCF +FdrIAzfQo0Y3bBseljDCWoUSZyPyu5/nioFgJ/gTqTy894aqqvTzJSm0/nWuHoGG +igWyHWWyOOi0zCia+xc28ZPVec7Bg4shT8MNrUHfeJ1I4x9CRPw8bSEga60ihCRC +jxdNwlAfZM0tOSJWiP2yY51U2kJpwMhP1xjiPshphJQ9LIDGfM6911Mf64i5psu7 +hVfvV3ZdDIvTXhJBnyHAOfQmbQj6OLOhd7HuFtjQaNq0mKWgZUZKa41+qk1guPjI +DfxxPu45h4G02fhukO4/DmHXHSto5i7hQkQmeCxY8n0Wf2HASSQqiYe2XS8pGfim +545SnkFLWg6quMJmQlMCAwEAAaNVMFMwDwYDVR0TAQH/BAUwAwEB/zARBglghkgB +hvhCAQEEBAMCAAcwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTb6eGb0tEkC/yr +46Bn6q6cS3f0sDANBgkqhkiG9w0BAQUFAAOCAQEArX1ID1QRnljurw2bEi8hpM2b +uoRH5sklVSPj3xhYKizbXvfNVPVRJHtiZ+GxH0mvNNDrsczZog1Sf0JLiGCXzyVy +t08pLWKfT6HAVVdWDsRol5EfnGTCKTIB6dTI2riBmCguGMcs/OubUpbf9MiQGS0j +8/G7cdqehSO9Gu8u5Hp5t8OdhkktY7ktdM9lDzJmid87Ie4pbzlj2RXBbvbfgD5Q +eBmK3QOjFKU3p7UsfLYRh+cF8ry23tT/l4EohP7+bEaFEEGfTXWMB9SZZ291im/k +UJL2mdUQuMSpe/cXjUu/15WfCdxEDx4yw8DP03kN5Mc7h/CQNIghYkmSBAQfvA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu +hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l +xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0 +CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx +sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIBCTANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJDTjER +MA8GA1UEChMIVW5pVHJ1c3QxETAPBgNVBAMTCFVDQSBSb290MB4XDTA0MDEwMTAw +MDAwMFoXDTI5MTIzMTAwMDAwMFowMzELMAkGA1UEBhMCQ04xETAPBgNVBAoTCFVu +aVRydXN0MREwDwYDVQQDEwhVQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALNdB8qGJn1r4vs4CQ7MgsJqGgCiFV/W6dQBt1YDAVmP9ThpJHbC +XivF9iu/r/tB/Q9a/KvXg3BNMJjRnrJ2u5LWu+kQKGkoNkTo8SzXWHwk1n8COvCB +a2FgP/Qz3m3l6ihST/ypHWN8C7rqrsRoRuTej8GnsrZYWm0dLNmMOreIy4XU9+gD +Xv2yTVDo1h//rgI/i0+WITyb1yXJHT/7mLFZ5PCpO6+zzYUs4mBGzG+OoOvwNMXx +QhhgrhLtRnUc5dipllq+3lrWeGeWW5N3UPJuG96WUUqm1ktDdSFmjXfsAoR2XEQQ +th1hbOSjIH23jboPkXXHjd+8AmCoKai9PUMCAwEAAaOBojCBnzALBgNVHQ8EBAMC +AQYwDAYDVR0TBAUwAwEB/zBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIG +CCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcD +BwYIKwYBBQUHAwgGCCsGAQUFBwMJMB0GA1UdDgQWBBTbHzXza0z/QjFkm827Wh4d +SBC37jANBgkqhkiG9w0BAQUFAAOCAQEAOGy3iPGt+lg3dNHocN6cJ1nL5BXXoMNg +14iABMUwTD3UGusGXllH5rxmy+AI/Og17GJ9ysDawXiv5UZv+4mCI4/211NmVaDe +JRI7cTYWVRJ2+z34VFsxugAG+H1V5ad2g6pcSpemKijfvcZsCyOVjjN/Hl5AHxNU +LJzltQ7dFyiuawHTUin1Ih+QOfTcYmjwPIZH7LgFRbu3DJaUxmfLI3HQjnQi1kHr +A6i26r7EARK1s11AdgYg1GS4KUYGis4fk5oQ7vuqWrTcL9Ury/bXBYSYBZELhPc9 ++tb5evosFeo2gkO3t7jj83EB7UNDogVFwygFBzXjAaU4HoDU18PZ3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx +MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET +MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI +xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k +ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD +aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw +LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw +1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX +k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 +SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h +bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n +WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY +rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce +MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu +bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt +Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 +55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj +vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf +cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz +oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp +nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs +pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v +JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R +8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 +5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 +m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih +FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ +TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F +EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco +kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu +HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF +vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo +19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC +L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW +bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX +JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j +BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc +K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf +ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik +Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB +sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e +3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR +ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip +mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH +b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf +rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms +hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y +zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 +MBr1mmz0DlP5OlvRHA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIQX/h7KCtU3I1CoxW1aMmt/zANBgkqhkiG9w0BAQUFADA1 +MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB +IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK +Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg +MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH +xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ +FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr/4NEb7Y9JHcJ6r8qqB9q +VvYgDxFUl4F1pyXOWWqCZe+36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW/VgpSdH +jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l +Eg6CTY5j/e/rmxrbU6YTYK/CfdfHbBcl1HP7R2RQgYCUTOG/rksc35LtLgXfAgED +o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJ/PI +FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF +BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW +Yqpao2TB9k5UM8Z3/sUcuuVdJcr18JOagxEu5sv4dEX+5wW4q+ffy0vhN4TauYuX +cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz +Bvt9YAretIpjsJyp8qS5UwGH0GikJ3+r/+n6yUA4iGe0OcaEb1fJU9u6ju7AQ7L4 +CYNu/2bPPu8Xs1gYJQk0XuPL1hS27PKSb3TkL4Eq1ZKR4OCXPDJoBYVL0fdX4lId +kxpUnwVwwEpxYB5DC2Ae/qPOgRnhCzU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 +MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG +EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT +CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK +8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 +98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb +2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC +ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi +Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB +o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl +ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD +AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL +AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd +foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M +cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq +8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp +hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk +Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U +AGegcQCCSA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout +736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A +DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk +fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA +njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw +PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu +MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx +GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL +MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf +HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh +gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW +v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue +Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr +9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt +6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7 +MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl +Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58 +ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq +hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p +iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC +dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL +kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL +hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz +OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy +MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl +cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv +CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg +GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu +XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd +re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu +PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1 +mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K +8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj +x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR +nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0 +kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok +twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp +8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT +vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT +z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA +pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb +pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB +R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R +RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk +0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC +5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF +izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn +yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb +BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz +MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx +FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g +Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 +fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl +LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV +WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF +TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb +5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc +CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri +wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ +wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG +m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 +F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng +WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 +2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF +AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ +0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw +F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS +g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj +qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN +h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ +ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V +btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj +Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ +8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW +gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 +czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG +CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy +MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl +ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS +b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy +euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO +bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw +WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d +MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE +1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ +zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB +BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF +BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV +v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG +E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u +uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW +iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v +GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy +MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl +cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM +f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX +mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7 +zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P +fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc +vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4 +Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp +zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO +Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW +k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+ +DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF +lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW +Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 +d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z +XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR +gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3 +d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv +J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg +DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM ++SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy +F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9 +SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws +E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cacert.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cacert.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cacert.crt 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cacert.crt 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_empty_subject.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_empty_subject.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_empty_subject.crt 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_empty_subject.crt 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCAhugAwIBAgIJANtVCnAolv4dMA0GCSqGSIb3DQEBDQUAMH4xCzAJBgNV +BAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcMCVN0 +dXR0Z2FydDEcMBoGA1UECgwTLi4udW5kIHVlYmVyaGF1cHQhPzEPMA0GA1UECwwG +dXVlIENBMQ8wDQYDVQQDDAZ1dWUgQ0EwHhcNMjAxMjIwMTYyNTM1WhcNMjExMjIw +MTYyNTM1WjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvlsqMXz +GDKdN0bochMAPx2/XTKxP4q8dsHqLnGGZ+VoNYecvJ/rXhvvWC9eeOknKZwaXe/H +tOyITCc/L/4lx0krlCGcLH7AkVijlrgZeWbE/Ia/OUPlHYiVcXV0Pw8Hzy/+JdU/ +BPkuCcxZhdwhB3k61HSdg8wAc/aJom9RveoI0dCweoeq7lHz5jv5Azjq5mK2rriB +4vMVTzzbLVAAQ451KrAkBNKaH+1Bvyn1S5SpMA+K4HnleBIGsc5ZnY03N2EAZq5h +NczSBpdwZRkCxDXHpv6F4FIF7RJwCqgCpPRPsVuSr/KXFRnsSxhQCDiB4i3dEAwn +iXJVHfHEmTe0UwIDAQABozIwMDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAWBgNV +HREEDzANggt3d3cudXVlLm9yZzANBgkqhkiG9w0BAQ0FAAOCAQEAdv5Z9KMWcItp +0ZsJlYEHmuHbw+lXvKzz11mY//D4HXSXthltc5dSW9wUJMWYiOJc8IoQnOOXo9Tx +Ye8JvK6gOhOE8RELPr0e4jmIBCYq02bMh6v82EoN0gzI4ZgTfkLYZtVSGhUHYA8K +0gsPUz88VmVLrcz/EhOhbLuxmgUJWjE3z48zD/QO6TQRjVtwql5Qc2iBq9ZnCNgZ +pf8r+/m561xMN5r3Jvp0+0xDM0gM5LigdObguUBzAhWExuHXHubcC0ovppSA5Qey +uoalFu8pQXRTSZ9tatP7mYERciMtW+fK/MDbMNNVMcDgQoOtPna1zDFgqyEygLXy +xZGfiGQBgw== +-----END CERTIFICATE----- \ No newline at end of file diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_subject_without_cn.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_subject_without_cn.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_subject_without_cn.crt 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/cert_with_subject_without_cn.crt 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdDCCAlygAwIBAgIJAL5rKAz6XKBNMA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcMCVN0 +dXR0Z2FydDEcMBoGA1UECgwTLi4udW5kIHVlYmVyaGF1cHQhPzEUMBIGA1UEAwwL +dXVlIFJvb3QgQ0EwHhcNMjAxMjExMjAyNjI0WhcNMjExMjExMjAyNjI0WjBcMQsw +CQYDVQQGEwJERTEbMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQH +DAlTdHV0dGdhcnQxHDAaBgNVBAoMEy4uLnVuZCB1ZWJlcmhhdXB0IT8wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX7icpGipAoscdhSvgepldiBizkZXq +aM4KKdArbeG2SThiMuOqZesegKLI3oTcIfQA9Z1ZT0qk5XdN/uybTtkstGZduIr+ +ZgvGZ605VVdOzbX9gQJ8yCj6/yUT+PLLhZXoHVqh0t2nkxr9Ed97iDeCbnnqPuKB +tcdYrSIfxoPEonLiS0xVKb2qNBx2qfkseRkRBMYfh/1i9q29JoepkcUzqSH44Af/ +oGlVeAhVMgOF0MS8Qa7LM+jx6qF4RQPiaCIj/UaNvX7idewiNf4QmEgbAaEjGtuk +s92mHhze7IVleNjNTqVoLCfazLH2NLe51djfD8w60TlKRpD2Qt2aTOP9AgMBAAGj +IzAhMB8GA1UdEQQYMBaCB3V1ZS5vcmeCC3d3dy51dWUub3JnMA0GCSqGSIb3DQEB +BQUAA4IBAQBKdrw0i3npNbo80XDO0mHUuvsyBMTToaBL1F4SFtSauvtWaY9DF2RH +gazu79y7n85czl4Nr7g4/HtZm2/oCxD6YeZEt+pHbTCIH7FVyfl5NrAza+Zs4TMs +tujwB+JVsj9KD8MXEgBbohVYLMsA9vjVEA00I3hvro3rB/suvt4GnQyHHAsXrbuu +eenCXULd0B4onD4ki2cUDXy3hArkO8LIwQ8iu55wYIgDlIX00Q2oPZRP+ZYCKdUl +w5sjV1qPVtrDYzoeA5h/Ls5P0llZapnWGzJzmD6U6wk+zQAs+GgqlYrmEmNq97kL +iRuLlubcbMknF/JN5mLUvgYqf7M71nEe +-----END CERTIFICATE----- Binary files /tmp/tmpbvznukrd/AR2TEg1FPo/nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/client.p12 and /tmp/tmpbvznukrd/rsuwgAjtog/nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/client.p12 differ Binary files /tmp/tmpbvznukrd/AR2TEg1FPo/nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/der.cer and /tmp/tmpbvznukrd/rsuwgAjtog/nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/der.cer differ Binary files /tmp/tmpbvznukrd/AR2TEg1FPo/nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/derlink.cer and /tmp/tmpbvznukrd/rsuwgAjtog/nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/derlink.cer differ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/fullchain.pem nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/fullchain.pem --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/fullchain.pem 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/fullchain.pem 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,140 @@ +-----BEGIN CERTIFICATE----- +MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw +MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl/ejLa6T/belaI+KZ9hzp +kgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsX +lOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu/t/bgRQIh4JZCF8/ZK2VWNAcm +BA2o/X3KLu/qSHw3TT8An4Pf73WELnlXXPxXbhqW//yMmqaZviXZf5YsBvcRKgKA +gOtjGDxQSYflispfGStZloEAoPtR28p3CwvJlk/vcEnHXG0g/Zm0tOLKLnf9LdwL +tmsTDIwZKxeWmLnwi/agJ7u2441Rj72ux5uxiZ0CAwEAAaOCAYAwggF8MA4GA1Ud +DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T +AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUinR/r4XN7pXNPZzQ4kYU83E1HScwHwYD +VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG +CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw +AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt +MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsMFcG +A1UdIARQME4wOAYKKwYBBAHWeQIFAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Br +aS5nb29nL3JlcG9zaXRvcnkvMAgGBmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcN +AQELBQADggIBAIl9rCBcDDy+mqhXlRu0rvqrpXJxtDaV/d9AEQNMwkYUuxQkq/BQ +cSLbrcRuf8/xam/IgxvYzolfh2yHuKkMo5uhYpSTld9brmYZCwKWnvy15xBpPnrL +RklfRuFBsdeYTWU0AIAaP0+fbH9JAIFTQaSSIYKCGvGjRFsqUBITTcFTNvNCCK9U ++o53UxtkOCcXCb1YyRt8OS1b887U7ZfbFAO/CVMkH8IMBHmYJvJh8VNS/UKMG2Yr +PxWhu//2m+OBmgEGcYk1KCTd4b3rGS3hSMs9WYNRtHTGnXzGsYZbr8w0xNPM1IER +lQCh9BIiAfq0g3GvjLeMcySsN1PCAJA/Ef5c7TaUEDu9Ka7ixzpiO2xj2YC/WXGs +Yye5TBeg2vZzFb8q3o/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjO +z23HFtz30dZGm6fKa+l3D/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJG +AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw +juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl +1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX +MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE +CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx +OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT +GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63 +ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS +iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k +KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ +DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk +j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5 +cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW +CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499 +iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei +Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap +sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b +9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf +BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw +JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH +MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al +oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy +MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF +AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9 +NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9 +WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw +9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy ++qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi +d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIINxDCCDKygAwIBAgIQaczIXdXLFjQKAAAAAP9gXDANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMTA5MTMwMTM4MzdaFw0yMTExMjAw +MTM4MzZaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABF63ur9oci8z3kct0yU6SdxiU/D5SpKsSUTOWT5uRIUFtE4ZP6dI +fhoZP3ZzJDGVHirnokMh3VxZaLZQMInFMDGjggumMIILojAOBgNVHQ8BAf8EBAMC +B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +9X1jQB4WTJwnDM6S2qCd08XH8VowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU +83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w +a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv +L2NlcnRzL2d0czFjMy5kZXIwgglWBgNVHREEgglNMIIJSYIMKi5nb29nbGUuY29t +ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tggkqLmJkbi5kZXaCEiouY2xvdWQuZ29v +Z2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5nb29nbGUuY29tghgqLmRhdGFjb21wdXRl +Lmdvb2dsZS5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUu +Y28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUu +Y29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29n +bGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5n +b29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xl +LmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29n +bGVhcGlzLmNughEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNughAqLmdz +dGF0aWMtY24uY29tghIqLmdzdGF0aWNjbmFwcHMuY26CD2dvb2dsZWNuYXBwcy5j +boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds +ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n +bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu +bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CC3dpZGV2aW5lLmNugg0qLndpZGV2 +aW5lLmNughFhbXBwcm9qZWN0Lm9yZy5jboITKi5hbXBwcm9qZWN0Lm9yZy5jboIR +YW1wcHJvamVjdC5uZXQuY26CEyouYW1wcHJvamVjdC5uZXQuY26CF2dvb2dsZS1h +bmFseXRpY3MtY24uY29tghkqLmdvb2dsZS1hbmFseXRpY3MtY24uY29tghdnb29n +bGVhZHNlcnZpY2VzLWNuLmNvbYIZKi5nb29nbGVhZHNlcnZpY2VzLWNuLmNvbYIR +Z29vZ2xldmFkcy1jbi5jb22CEyouZ29vZ2xldmFkcy1jbi5jb22CEWdvb2dsZWFw +aXMtY24uY29tghMqLmdvb2dsZWFwaXMtY24uY29tghVnb29nbGVvcHRpbWl6ZS1j +bi5jb22CFyouZ29vZ2xlb3B0aW1pemUtY24uY29tghJkb3VibGVjbGljay1jbi5u +ZXSCFCouZG91YmxlY2xpY2stY24ubmV0ghgqLmZscy5kb3VibGVjbGljay1jbi5u +ZXSCFiouZy5kb3VibGVjbGljay1jbi5uZXSCDmRvdWJsZWNsaWNrLmNughAqLmRv +dWJsZWNsaWNrLmNughQqLmZscy5kb3VibGVjbGljay5jboISKi5nLmRvdWJsZWNs +aWNrLmNughFkYXJ0c2VhcmNoLWNuLm5ldIITKi5kYXJ0c2VhcmNoLWNuLm5ldIId +Z29vZ2xldHJhdmVsYWRzZXJ2aWNlcy1jbi5jb22CHyouZ29vZ2xldHJhdmVsYWRz +ZXJ2aWNlcy1jbi5jb22CGGdvb2dsZXRhZ3NlcnZpY2VzLWNuLmNvbYIaKi5nb29n +bGV0YWdzZXJ2aWNlcy1jbi5jb22CF2dvb2dsZXRhZ21hbmFnZXItY24uY29tghkq +Lmdvb2dsZXRhZ21hbmFnZXItY24uY29tghhnb29nbGVzeW5kaWNhdGlvbi1jbi5j +b22CGiouZ29vZ2xlc3luZGljYXRpb24tY24uY29tgiQqLnNhZmVmcmFtZS5nb29n +bGVzeW5kaWNhdGlvbi1jbi5jb22CFmFwcC1tZWFzdXJlbWVudC1jbi5jb22CGCou +YXBwLW1lYXN1cmVtZW50LWNuLmNvbYILZ3Z0MS1jbi5jb22CDSouZ3Z0MS1jbi5j +b22CC2d2dDItY24uY29tgg0qLmd2dDItY24uY29tggsybWRuLWNuLm5ldIINKi4y +bWRuLWNuLm5ldIIUZ29vZ2xlZmxpZ2h0cy1jbi5uZXSCFiouZ29vZ2xlZmxpZ2h0 +cy1jbi5uZXSCDGFkbW9iLWNuLmNvbYIOKi5hZG1vYi1jbi5jb22CDSouZ3N0YXRp +Yy5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggoqLmd2dDEuY29tghEqLmdjcGNk +bi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIOKi5nY3AuZ3Z0Mi5jb22CECoudXJsLmdv +b2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CCyoueXRpbWcuY29tggth +bmRyb2lkLmNvbYINKi5hbmRyb2lkLmNvbYITKi5mbGFzaC5hbmRyb2lkLmNvbYIE +Zy5jboIGKi5nLmNuggRnLmNvggYqLmcuY2+CBmdvby5nbIIKd3d3Lmdvby5nbIIU +Z29vZ2xlLWFuYWx5dGljcy5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv +b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIUKi5nb29nbGVjb21tZXJjZS5j +b22CCGdncGh0LmNuggoqLmdncGh0LmNuggp1cmNoaW4uY29tggwqLnVyY2hpbi5j +b22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHVi +ZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVr +aWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRy +b2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xl +LmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9p +ZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvUU92 +SjBOMXNUMkEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcARJRlLrDuzq/E +QAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAF73QViLQAABAMASDBGAiEArWffq368 +tzMiCHLl+A1BFjfaVIJORVMn4o43ejqiCToCIQC2XB2yUfqlhx8t70bRv9PsrATA +VJeG4w1NoCvspRpCnAB1APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTj +AAABe90FYRMAAAQDAEYwRAIgAZcPBI5OJaZQHgCD2qkmRAWyE3G60hQklI3psMyA +yaICIAvd8zNVImiwu5RRhKkJ2c6sI9RABL43P9+cj0Qxddk8MA0GCSqGSIb3DQEB +CwUAA4IBAQCTyIgyrPBdskJmSjsTLl6Dbe8Z9NuUCsqlL4t2L6MrZECzMxKag2H9 +pFdhSbQxjwdySgTwXWfVcAfuWxOw3qIrClr47G//aBN1m+Q35I73V3Ya16LKdoNm +3CLGe6qMArlBAg86q0Sr72OeZVKRuTya7l7wHRAMK1+nGCv5Acc+75q/HKj1OkVV +njIG2whCZ+G5LmYZmKroEXIBUna3MGijHrlq58tFgQUSVQqVQzU2tseLIBvz284r +iarLqQ7sR3xVM76Qgl+Be4A4z4fE7Dz1zRIbnetKn8YO5SO/B/H91EeIB4q+nmRO +tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/incomplete_chain.pem nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/incomplete_chain.pem --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/incomplete_chain.pem 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/incomplete_chain.pem 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,76 @@ +-----BEGIN CERTIFICATE----- +MIINxDCCDKygAwIBAgIQaczIXdXLFjQKAAAAAP9gXDANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMTA5MTMwMTM4MzdaFw0yMTExMjAw +MTM4MzZaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABF63ur9oci8z3kct0yU6SdxiU/D5SpKsSUTOWT5uRIUFtE4ZP6dI +fhoZP3ZzJDGVHirnokMh3VxZaLZQMInFMDGjggumMIILojAOBgNVHQ8BAf8EBAMC +B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +9X1jQB4WTJwnDM6S2qCd08XH8VowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU +83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w +a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv +L2NlcnRzL2d0czFjMy5kZXIwgglWBgNVHREEgglNMIIJSYIMKi5nb29nbGUuY29t +ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tggkqLmJkbi5kZXaCEiouY2xvdWQuZ29v +Z2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5nb29nbGUuY29tghgqLmRhdGFjb21wdXRl +Lmdvb2dsZS5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUu +Y28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUu +Y29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29n +bGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5n +b29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xl +LmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29n +bGVhcGlzLmNughEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNughAqLmdz +dGF0aWMtY24uY29tghIqLmdzdGF0aWNjbmFwcHMuY26CD2dvb2dsZWNuYXBwcy5j +boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds +ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n +bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu +bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CC3dpZGV2aW5lLmNugg0qLndpZGV2 +aW5lLmNughFhbXBwcm9qZWN0Lm9yZy5jboITKi5hbXBwcm9qZWN0Lm9yZy5jboIR +YW1wcHJvamVjdC5uZXQuY26CEyouYW1wcHJvamVjdC5uZXQuY26CF2dvb2dsZS1h +bmFseXRpY3MtY24uY29tghkqLmdvb2dsZS1hbmFseXRpY3MtY24uY29tghdnb29n +bGVhZHNlcnZpY2VzLWNuLmNvbYIZKi5nb29nbGVhZHNlcnZpY2VzLWNuLmNvbYIR +Z29vZ2xldmFkcy1jbi5jb22CEyouZ29vZ2xldmFkcy1jbi5jb22CEWdvb2dsZWFw +aXMtY24uY29tghMqLmdvb2dsZWFwaXMtY24uY29tghVnb29nbGVvcHRpbWl6ZS1j +bi5jb22CFyouZ29vZ2xlb3B0aW1pemUtY24uY29tghJkb3VibGVjbGljay1jbi5u +ZXSCFCouZG91YmxlY2xpY2stY24ubmV0ghgqLmZscy5kb3VibGVjbGljay1jbi5u +ZXSCFiouZy5kb3VibGVjbGljay1jbi5uZXSCDmRvdWJsZWNsaWNrLmNughAqLmRv +dWJsZWNsaWNrLmNughQqLmZscy5kb3VibGVjbGljay5jboISKi5nLmRvdWJsZWNs +aWNrLmNughFkYXJ0c2VhcmNoLWNuLm5ldIITKi5kYXJ0c2VhcmNoLWNuLm5ldIId +Z29vZ2xldHJhdmVsYWRzZXJ2aWNlcy1jbi5jb22CHyouZ29vZ2xldHJhdmVsYWRz +ZXJ2aWNlcy1jbi5jb22CGGdvb2dsZXRhZ3NlcnZpY2VzLWNuLmNvbYIaKi5nb29n +bGV0YWdzZXJ2aWNlcy1jbi5jb22CF2dvb2dsZXRhZ21hbmFnZXItY24uY29tghkq +Lmdvb2dsZXRhZ21hbmFnZXItY24uY29tghhnb29nbGVzeW5kaWNhdGlvbi1jbi5j +b22CGiouZ29vZ2xlc3luZGljYXRpb24tY24uY29tgiQqLnNhZmVmcmFtZS5nb29n +bGVzeW5kaWNhdGlvbi1jbi5jb22CFmFwcC1tZWFzdXJlbWVudC1jbi5jb22CGCou +YXBwLW1lYXN1cmVtZW50LWNuLmNvbYILZ3Z0MS1jbi5jb22CDSouZ3Z0MS1jbi5j +b22CC2d2dDItY24uY29tgg0qLmd2dDItY24uY29tggsybWRuLWNuLm5ldIINKi4y +bWRuLWNuLm5ldIIUZ29vZ2xlZmxpZ2h0cy1jbi5uZXSCFiouZ29vZ2xlZmxpZ2h0 +cy1jbi5uZXSCDGFkbW9iLWNuLmNvbYIOKi5hZG1vYi1jbi5jb22CDSouZ3N0YXRp +Yy5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggoqLmd2dDEuY29tghEqLmdjcGNk +bi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIOKi5nY3AuZ3Z0Mi5jb22CECoudXJsLmdv +b2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CCyoueXRpbWcuY29tggth +bmRyb2lkLmNvbYINKi5hbmRyb2lkLmNvbYITKi5mbGFzaC5hbmRyb2lkLmNvbYIE +Zy5jboIGKi5nLmNuggRnLmNvggYqLmcuY2+CBmdvby5nbIIKd3d3Lmdvby5nbIIU +Z29vZ2xlLWFuYWx5dGljcy5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv +b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIUKi5nb29nbGVjb21tZXJjZS5j +b22CCGdncGh0LmNuggoqLmdncGh0LmNuggp1cmNoaW4uY29tggwqLnVyY2hpbi5j +b22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHVi +ZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVr +aWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRy +b2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xl +LmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9p +ZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvUU92 +SjBOMXNUMkEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcARJRlLrDuzq/E +QAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAF73QViLQAABAMASDBGAiEArWffq368 +tzMiCHLl+A1BFjfaVIJORVMn4o43ejqiCToCIQC2XB2yUfqlhx8t70bRv9PsrATA +VJeG4w1NoCvspRpCnAB1APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTj +AAABe90FYRMAAAQDAEYwRAIgAZcPBI5OJaZQHgCD2qkmRAWyE3G60hQklI3psMyA +yaICIAvd8zNVImiwu5RRhKkJ2c6sI9RABL43P9+cj0Qxddk8MA0GCSqGSIb3DQEB +CwUAA4IBAQCTyIgyrPBdskJmSjsTLl6Dbe8Z9NuUCsqlL4t2L6MrZECzMxKag2H9 +pFdhSbQxjwdySgTwXWfVcAfuWxOw3qIrClr47G//aBN1m+Q35I73V3Ya16LKdoNm +3CLGe6qMArlBAg86q0Sr72OeZVKRuTya7l7wHRAMK1+nGCv5Acc+75q/HKj1OkVV +njIG2whCZ+G5LmYZmKroEXIBUna3MGijHrlq58tFgQUSVQqVQzU2tseLIBvz284r +iarLqQ7sR3xVM76Qgl+Be4A4z4fE7Dz1zRIbnetKn8YO5SO/B/H91EeIB4q+nmRO +tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/unit_tests.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/unit_tests.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/unit_tests.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/unit_tests.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,1242 @@ +#!/bin/sh + +# $SHUNIT2 should be defined as an environment variable before running the tests +# shellcheck disable=SC2154 +if [ -z "${SHUNIT2}" ]; then + + SHUNIT2=$( command -v shunit2 ) + + if [ -z "${SHUNIT2}" ]; then + + cat <&1 | grep -q 'TEMPLATE must end with XXXXXX'; then + # no suffix possible + SUFFIX= + fi + + # create a temporary file + TEMPFILE="$(mktemp "${TMPDIR}/XXXXXX${SUFFIX}" 2>/dev/null)" + + if [ -z "${TEMPFILE}" ] || [ ! -w "${TEMPFILE}" ]; then + fail 'temporary file creation failure.' + fi + + # add the file to the list of temporary files + TEMPORARY_FILES="${TEMPORARY_FILES} ${TEMPFILE}" + +} + +remove_temporary_test_files() { + # shellcheck disable=SC2086 + if [ -n "${TEMPORARY_FILES}" ]; then + rm -f ${TEMPORARY_FILES} + fi +} + +cleanup_temporary_test_files() { + SIGNALS=$1 + remove_temporary_test_files + # shellcheck disable=SC2086 + trap - ${SIGNALS} +} + +createSelfSignedCertificate() { + + DAYS=$1 + + if [ -z "${DAYS}" ]; then + DAYS=30 # default + fi + + create_temporary_test_file + CONFIGURATION=${TEMPFILE} + create_temporary_test_file + KEY=${TEMPFILE} + create_temporary_test_file + CERTIFICATE=${TEMPFILE} + + cat <<'EOT' >"${CONFIGURATION}" +[ req ] +default_bits = 2048 + +prompt = no +distinguished_name=req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +countryName=CH +stateOrProvinceName=ZH +localityName=Zurich +organizationName=Matteo Corti +organizationalUnitName=None +commonName=localhost +emailAddress=matteo@corti.li + +[ alternate_names ] +DNS.1 = localhost + +[ v3_req ] +keyUsage=digitalSignature +subjectKeyIdentifier = hash +subjectAltName = @alternate_names +EOT + + ${OPENSSL} genrsa -out "${KEY}" 2048 >/dev/null 2>&1 + + ${OPENSSL} req -new -x509 -key "${KEY}" -out "${CERTIFICATE}" -days "${DAYS}" -config "${CONFIGURATION}" + + echo "${CERTIFICATE}" + +} + +############################################################################## +# Initial setup + +oneTimeSetUp() { + # constants + + NAGIOS_OK=0 + NAGIOS_WARNING=1 + NAGIOS_CRITICAL=2 + NAGIOS_UNKNOWN=3 + + if [ -z "${TMPDIR}" ]; then + TMPDIR=/tmp + fi + + # Cleanup before program termination + # Using named signals to be POSIX compliant + # shellcheck disable=SC2086 + trap_with_arg cleanup ${SIGNALS} + + # we trigger a test by Qualy's SSL so that when the last test is run the result will be cached + echo 'Starting SSL Lab test (to cache the result)' + curl --silent 'https://www.ssllabs.com/ssltest/analyze.html?d=ethz.ch&latest' >/dev/null + + # check in OpenSSL supports dane checks + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -dane_tlsa_rrdata || "${OPENSSL}" s_client not_a_real_option 2>&1 | grep -q -- -dane_tlsa_rrdata; then + echo "dane checks supported" + DANE=1 + fi + + # print the openssl version + echo 'OpenSSL version' + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + "${OPENSSL}" version + +} + +oneTimeTearDown() { + # Cleanup before program termination + # Using named signals to be POSIX compliant + # shellcheck disable=SC2086 + cleanup_temporary_test_files ${SIGNALS} +} + +############################################################################## +# Tests + +testHoursUntilNow() { + # testing with perl + if perl -e 'use Date::Parse;' >/dev/null 2>&1 ; then + export DATETYPE='PERL' + DATE_TMP="$(date)" + hours_until "${DATE_TMP}" + assertEquals "error computing the missing hours until now" 0 "${HOURS_UNTIL}" + else + echo "Date::Parse not installed: skipping Perl date computation tests" + fi +} + +testHoursUntil5Hours() { + # testing with perl + if perl -e 'use Date::Parse;' >/dev/null 2>&1 ; then + export DATETYPE='PERL' + DATE_TMP="$(perl -e '$x=localtime(time+(5*3600));print $x')" + hours_until "${DATE_TMP}" + assertEquals "error computing the missing hours until now" 5 "${HOURS_UNTIL}" + else + echo "Date::Parse not installed: skipping Perl date computation tests" + fi +} + +testHoursUntil42Hours() { + # testing with perl + if perl -e 'use Date::Parse;' >/dev/null 2>&1 ; then + export DATETYPE='PERL' + DATE_TMP="$(perl -e '$x=localtime(time+(42*3600));print $x')" + hours_until "${DATE_TMP}" + assertEquals "error computing the missing hours until now" 42 "${HOURS_UNTIL}" + else + echo "Date::Parse not installed: skipping Perl date computation tests" + fi +} + +testOpenSSLVersion1() { + export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' + export REQUIRED_VERSION='1.2.0a' + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + openssl_version "${REQUIRED_VERSION}" + RET=$? + assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 1 "${RET}" + export OPENSSL_VERSION= +} + +testOpenSSLVersion2() { + export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' + export REQUIRED_VERSION='1.1.1j' + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + openssl_version "${REQUIRED_VERSION}" + RET=$? + assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" + export OPENSSL_VERSION= +} + +testOpenSSLVersion3() { + export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' + export REQUIRED_VERSION='1.0.0b' + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + openssl_version "${REQUIRED_VERSION}" + RET=$? + assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" + export OPENSSL_VERSION= +} + +testOpenSSLVersion4() { + export OPENSSL_VERSION='OpenSSL 1.0.2k-fips 26 Jan 2017' + export REQUIRED_VERSION='1.0.0b' + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + openssl_version "${REQUIRED_VERSION}" + RET=$? + assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" + export OPENSSL_VERSION= +} + +testOpenSSLVersion5() { + export OPENSSL_VERSION='OpenSSL 1.1.1h-freebsd 22 Sep 2020' + export REQUIRED_VERSION='1.0.0b' + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + openssl_version "${REQUIRED_VERSION}" + RET=$? + assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" + export OPENSSL_VERSION= +} + +testDependencies() { + check_required_prog openssl + # $PROG is defined in the script + # shellcheck disable=SC2154 + assertNotNull 'openssl not found' "${PROG}" +} + +testInfo() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --info +} + +testSCT() { + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + ${OPENSSL} version + if openssl_version '1.1.0'; then + echo "OpenSSL >= 1.1.0: SCTs supported" + ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com -c 1 -w 2 --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + else + echo "OpenSSL < 1.1.0: SCTs not supported" + ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com -c 1 -w 2 --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + fi +} + +testUsage() { + ${SCRIPT} >/dev/null 2>&1 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testMissingArgument() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical >/dev/null 2>&1 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testMissingArgument2() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical --warning 10 >/dev/null 2>&1 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testGroupedVariables() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvv >/dev/null 2>&1 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testGroupedVariablesError() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvxv >/dev/null 2>&1 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testPrometheus() { + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H github.com --prometheus --critical 1000 --warning 1100) + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + assertContains "wrong output" "${OUTPUT}" '# HELP cert_valid ' + assertContains "wrong output" "${OUTPUT}" 'cert_valid_chain_elem{cn="github.com", element=1} 2' + assertContains "wrong output" "${OUTPUT}" 'cert_days_chain_elem{cn="github.com", element=1}' +} + +testGitHub() { + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn github.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testLetsEncrypt() { + ${SCRIPT} --rootcert-file cabundle.crt -H helloworld.letsencrypt.org --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testGoDaddy() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.godaddy.com --cn www.godaddy.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testGITHUBCaseInsensitive() { + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn GITHUB.COM --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIPOK() { + ${SCRIPT} --rootcert-file cabundle.crt -H 138.201.94.172 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIPOKAltName() { + ${SCRIPT} --rootcert-file cabundle.crt -H 138.201.94.172 --cn pasi.corti.li --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIPFailAltName() { + ${SCRIPT} --rootcert-file cabundle.crt -H 138.201.94.172 --cn bogus.corti.li --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testETHZWildCard() { + # * should not match, see https://serverfault.com/questions/310530/should-a-wildcard-ssl-certificate-secure-both-the-root-domain-as-well-as-the-sub + # we ignore the altnames as sp.ethz.ch is listed + ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn sp.ethz.ch --ignore-altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testETHZWildCardCaseInsensitive() { + # * should not match, see https://serverfault.com/questions/310530/should-a-wildcard-ssl-certificate-secure-both-the-root-domain-as-well-as-the-sub + # we ignore the altnames as sp.ethz.ch is listed + ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn SP.ETHZ.CH --ignore-altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testETHZWildCardSub() { + ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn sub.sp.ethz.ch --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testETHZWildCardSubCaseInsensitive() { + ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn SUB.SP.ETHZ.CH --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testRootIssuer() { + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --issuer 'DigiCert Inc' --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testValidity() { + # Tests bug #8 + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -w 1000 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" +} + +testValidityWithPerl() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -w 1000 --force-perl-date + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" +} + +testAltNames() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --cn www.github.com --altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +#Do not require to match Alternative Name if CN already matched +testWildcardAltNames1() { + ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +#Check for wildcard support in Alternative Names +testWildcardAltNames2() { + ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch \ + --cn somehost.spapps.ethz.ch \ + --cn otherhost.sPaPPs.ethz.ch \ + --cn spapps.ethz.ch \ + --critical 1 --warning 2 \ + --altnames + + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testAltNamesCaseInsensitve() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --cn WWW.GITHUB.COM --altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testMultipleAltNamesOK() { + # Test with multiple CN's + ${SCRIPT} --rootcert-file cabundle.crt -H corti.li -n www.corti.li -n rpm.corti.li --altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testMultipleAltNamesFailOne() { + # Test with multiple CN's but last one is wrong + ${SCRIPT} --rootcert-file cabundle.crt -H github.com -n www.github.com -n wrong.com --altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testMultipleAltNamesFailTwo() { + # Test with multiple CN's but first one is wrong + ${SCRIPT} --rootcert-file cabundle.crt -H github.com -n wrong.ch -n www.github.com --altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +# not working +# testXMPPHost() { +# out=$(${SCRIPT} --rootcert-file cabundle.crt -H prosody.xmpp.is --port 5222 --protocol xmpp --xmpphost xmpp.is --critical 1 --warning 2) +# EXIT_CODE=$? +# if echo "${out}" | grep -q "s_client' does not support '-xmpphost'"; then +# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +# else +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# fi +# } + +testTimeOut() { + ${SCRIPT} --rootcert-file cabundle.crt -H gmail.com --protocol imap --port 993 --timeout 1 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testIMAP() { + # minimal critical and warning as they renew pretty late + ${SCRIPT} --rootcert-file cabundle.crt -H imap.gmx.com --port 143 --timeout 30 --protocol imap --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIMAPS() { + ${SCRIPT} --rootcert-file cabundle.crt -H imap.gmail.com --port 993 --timeout 30 --protocol imaps --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testPOP3S() { + ${SCRIPT} --rootcert-file cabundle.crt -H pop.gmail.com --port 995 --timeout 30 --protocol pop3s --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testSMTP() { + ${SCRIPT} --rootcert-file cabundle.crt -H smtp.gmail.com --protocol smtp --port 25 --timeout 60 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testSMTPSubmbission() { + ${SCRIPT} --rootcert-file cabundle.crt -H smtp.gmail.com --protocol smtp --port 587 --timeout 60 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testSMTPS() { + ${SCRIPT} --rootcert-file cabundle.crt -H smtp.gmail.com --protocol smtps --port 465 --timeout 60 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +# Disabled as test.rebex.net is currently not working. Should find another public FTP server with TLS +#testFTP() { +# ${SCRIPT} --rootcert-file cabundle.crt -H test.rebex.net --protocol ftp --port 21 --timeout 60 +# EXIT_CODE=$? +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +#} +# +#testFTPS() { +# ${SCRIPT} --rootcert-file cabundle.crt -H test.rebex.net --protocol ftps --port 990 --timeout 60 +# EXIT_CODE=$? +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +#} + +################################################################################ +# From https://badssl.com + +testBadSSLExpired() { + ${SCRIPT} --rootcert-file cabundle.crt -H expired.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLExpiredAndWarnThreshold() { + ${SCRIPT} --rootcert-file cabundle.crt -H expired.badssl.com --warning 3000 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLWrongHost() { + ${SCRIPT} --rootcert-file cabundle.crt -H wrong.host.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLSelfSigned() { + ${SCRIPT} --rootcert-file cabundle.crt -H self-signed.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLUntrustedRoot() { + ${SCRIPT} --rootcert-file cabundle.crt -H untrusted-root.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLRevoked() { + ${SCRIPT} --rootcert-file cabundle.crt -H revoked.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLRevokedCRL() { + ${SCRIPT} --rootcert-file cabundle.crt -H revoked.badssl.com --crl --ignore-ocsp --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testGRCRevoked() { + ${SCRIPT} --rootcert-file cabundle.crt -H revoked.grc.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLIncompleteChain() { + ${SCRIPT} --rootcert-file cabundle.crt -H incomplete-chain.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLDH480() { + ${SCRIPT} --rootcert-file cabundle.crt -H dh480.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLDH512() { + ${SCRIPT} --rootcert-file cabundle.crt -H dh512.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLRC4MD5() { + # older versions of OpenSSL validate RC4-MD5 + if ! "${OPENSSL}" ciphers RC4-MD5 >/dev/null 2>&1; then + ${SCRIPT} --rootcert-file cabundle.crt -H rc4-md5.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + else + echo "OpenSSL too old to test RC4-MD5 ciphers" + fi +} + +testBadSSLRC4() { + # older versions of OpenSSL validate RC4 + if ! "${OPENSSL}" ciphers RC4 >/dev/null 2>&1; then + ${SCRIPT} --rootcert-file cabundle.crt -H rc4.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + else + echo "OpenSSL too old to test RC4-MD5 ciphers" + fi +} + +testBadSSL3DES() { + # older versions of OpenSSL validate RC4 + if ! "${OPENSSL}" ciphers 3DES >/dev/null 2>&1; then + ${SCRIPT} --rootcert-file cabundle.crt -H 3des.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + else + echo "OpenSSL too old to test 3DES ciphers" + fi +} + +testBadSSLNULL() { + ${SCRIPT} --rootcert-file cabundle.crt -H null.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLSHA256() { + ${SCRIPT} --rootcert-file cabundle.crt -H sha256.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testBadSSLEcc256() { + ${SCRIPT} --rootcert-file cabundle.crt -H ecc256.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testBadSSLEcc384() { + ${SCRIPT} --rootcert-file cabundle.crt -H ecc384.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testBadSSLRSA8192() { + ${SCRIPT} --rootcert-file cabundle.crt -H rsa8192.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testBadSSLLongSubdomainWithDashes() { + ${SCRIPT} --rootcert-file cabundle.crt -H long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testBadSSLLongSubdomain() { + ${SCRIPT} --rootcert-file cabundle.crt -H longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testBadSSLSHA12016() { + ${SCRIPT} --rootcert-file cabundle.crt -H sha1-2016.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testBadSSLSHA12017() { + ${SCRIPT} --rootcert-file cabundle.crt -H sha1-2017.badssl.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testRequireOCSP() { + ${SCRIPT} --rootcert-file cabundle.crt -H videolan.org --require-ocsp-stapling --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +# tests for -4 and -6 +testIPv4() { + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -4; then + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -4 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + echo "Skipping forcing IPv4: no OpenSSL support" + fi +} + +testIPv6() { + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -6; then + + IPV6= + if command -v ifconfig >/dev/null && ifconfig -a | grep -q -F inet6; then + IPV6=1 + elif command -v ip >/dev/null && ip addr | grep -q -F inet6; then + IPV6=1 + fi + + if [ -n "${IPV6}" ]; then + + echo "IPv6 is configured" + + if ping -c 3 -6 www.google.com >/dev/null 2>&1; then + + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -6 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + + else + echo "IPv6 is configured but not working: skipping test" + fi + + else + echo "Skipping forcing IPv6: not IPv6 configured locally" + fi + + else + echo "Skipping forcing IPv6: no OpenSSL support" + fi +} + +testFormatShort() { + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn github.com --critical 1 --warning 2 --format "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'" | cut '-d|' -f 1) + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + assertEquals "wrong output" "SSL_CERT OK github.com from 'DigiCert, Inc.'" "${OUTPUT}" +} + +testMoreErrors() { + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -v --email doesnotexist --critical 1000 --warning 1001 | wc -l | sed 's/\ //g') + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + # we should get three lines: the plugin output and three errors + assertEquals "wrong number of errors" 4 "${OUTPUT}" +} + +testMoreErrors2() { + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -v --email doesnotexist --warning 1000 --warning 1001 --verbose | wc -l | sed 's/\ //g') + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + # we should get three lines: the plugin output and three errors + assertEquals "wrong number of errors" 4 "${OUTPUT}" +} + +# dane + +testDANE211() { + # dig is needed for DANE + if command -v dig >/dev/null; then + + # on github actions the dig command produces no output + if dig +short TLSA _25._tcp.hummus.csx.cam.ac.uk | grep -q -f 'hummus'; then + + # check if a connection is possible + if printf 'QUIT\\n' | "${OPENSSL}" s_client -connect hummus.csx.cam.ac.uk:25 -starttls smtp >/dev/null 2>&1; then + ${SCRIPT} --rootcert-file cabundle.crt --dane 211 --port 25 -P smtp -H hummus.csx.cam.ac.uk --critical 1 --warning 2 + EXIT_CODE=$? + if [ -n "${DANE}" ]; then + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" + fi + else + echo "connection to hummus.csx.cam.ac.uk:25 not possible: skipping test" + fi + else + echo "no TLSA entries in DNS: skipping DANE test" + fi + else + echo "dig not available: skipping DANE test" + fi +} + +# does not work anymore +#testDANE311SMTP() { +# ${SCRIPT} --rootcert-file cabundle.crt --dane 311 --port 25 -P smtp -H mail.ietf.org +# EXIT_CODE=$? +# if [ -n "${DANE}" ] ; then +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# else +# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +# fi +#} +# +#testDANE311() { +# ${SCRIPT} --rootcert-file cabundle.crt --dane 311 -H www.ietf.org +# EXIT_CODE=$? +# if [ -n "${DANE}" ] ; then +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# else +# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +# fi +#} +# +#testDANE301ECDSA() { +# if command -v dig > /dev/null ; then +# ${SCRIPT} --rootcert-file cabundle.crt --dane 301 --ecdsa -H mail.aegee.org --critical 1 --warning 2 +# EXIT_CODE=$? +# if [ -n "${DANE}" ] ; then +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# else +# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +# fi +# else +# echo "dig not available: skipping DANE test" +# fi +#} + +testRequiredProgramFile() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --file-bin /doesnotexist --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testRequiredProgramPermissions() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --file-bin /etc/hosts --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testSieveECDSA() { + if ! { "${OPENSSL}" s_client -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || "${OPENSSL}" s_client -starttls sieve 2>&1 | grep -F -q 'usage:'; }; then + ${SCRIPT} --rootcert-file cabundle.crt -P sieve -p 4190 -H mail.aegee.org --ecdsa --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + echo "Skipping sieve tests (not supported)" + fi +} + +testHTTP2() { + ${SCRIPT} --rootcert-file cabundle.crt -H rwserve.readwritetools.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testForceHTTP2() { + if "${OPENSSL}" s_client -help 2>&1 | grep -q -F alpn; then + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --protocol h2 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + echo "Skipping forced HTTP2 test as -alpn is not supported" + fi +} + +testNotLongerValidThan() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --not-valid-longer-than 2 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testDERCert() { + ${SCRIPT} --rootcert-file cabundle.crt -f ./der.cer --ignore-sct --critical 1 --warning 2 --allow-empty-san -s + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testDERCertSymbolicLink() { + ${SCRIPT} --rootcert-file cabundle.crt -f ./derlink.cer --ignore-sct --critical 1 --warning 2 --allow-empty-san -s + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testPKCS12Cert() { + export PASS= + ${SCRIPT} --rootcert-file cabundle.crt -f ./client.p12 --ignore-sct --password env:PASS --critical 1 --warning 2 --allow-empty-san -s + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testCertificateWithoutCN() { + ${SCRIPT} --rootcert-file cabundle.crt -n www.uue.org -f ./cert_with_subject_without_cn.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 --ignore-incomplete-chain --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testCertificsteWithEmptySubject() { + ${SCRIPT} --rootcert-file cabundle.crt -n www.uue.org -f ./cert_with_empty_subject.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 --ignore-incomplete-chain + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testResolveSameName() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --resolve www.github.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testResolveDifferentName() { + ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve www.google.com --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +#testNewQuoVadis() { +# ${SCRIPT} --rootcert-file cabundle.crt -H matteo.github.com +# EXIT_CODE=$? +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +#} + +testResolveCorrectIP() { + # dig is needed to resolve the IP address + if command -v dig >/dev/null; then + RESOLVED_IP="$(dig +short github.com)" + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --resolve "${RESOLVED_IP}" --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + echo 'dig missing: skipping test' + fi +} + +testResolveWrongIP() { + # dig is needed to resolve the IP address + if command -v dig >/dev/null; then + RESOLVED_IP="$(dig +short www.google.com)" + ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve "${RESOLVED_IP}" --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + else + echo 'dig missing: skipping test' + fi +} + +testCiphersOK() { + + # nmap ssl-enum-ciphers dumps core on CentOS 7 and RHEL 7 + if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release; then + echo 'Skipping tests on CentOS and RedHat 7 since nmap is crashing (core dump)' + elif [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 6\.' /etc/redhat-release; then + echo 'Skipping tests on CentOS and RedHat 6 since nmap is not delivering cipher strengths' + else + + # check if nmap is installed + if command -v nmap >/dev/null; then + + # check if ssl-enum-ciphers is present + if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine'; then + + ${SCRIPT} --rootcert-file cabundle.crt -H cloudflare.com --check-ciphers C --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + + else + echo "no ssl-enum-ciphers nmap script found: skipping ciphers test" + fi + + else + echo "no nmap found: skipping ciphers test" + fi + + fi + +} + +testCiphersError() { + + # nmap ssl-enum-ciphers dumps core on CentOS 7 and RHEL 7 + if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release; then + echo 'Skipping tests on CentOS and RedHat 7 since nmap is crashing (core dump)' + elif [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 6\.' /etc/redhat-release; then + echo 'Skipping tests on CentOS and RedHat 6 since nmap is not delivering cipher strengths' + else + + # check if nmap is installed + if command -v nmap >/dev/null; then + + # check if ssl-enum-ciphers is present + if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine'; then + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --check-ciphers A --check-ciphers-warnings --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + + else + echo "no ssl-enum-ciphers nmap script found: skipping ciphers test" + fi + + else + echo "no nmap found: skipping ciphers test" + fi + + fi + +} + +# SSL Labs (last one as it usually takes a lot of time + +testGitHubWithSSLLabs() { + # we assume www.github.com gets at least a B + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn github.com --check-ssl-labs B --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testGithubComCRL() { + + # get current certificate of github.com, download the CRL named in that certificate + # and use it for local CRL check + + create_temporary_test_file + TEMPFILE_GITHUB_CERT=${TEMPFILE} + + echo Q | "${OPENSSL}" s_client -connect github.com:443 2>/dev/null | sed -n '/-----BEGIN/,/-----END/p' >"${TEMPFILE_GITHUB_CERT}" + + GITHUB_CRL_URI=$(${OPENSSL} x509 -in "${TEMPFILE_GITHUB_CERT}" -noout -text | grep -A 6 "X509v3 CRL Distribution Points" | grep "http://" | head -1 | sed -e "s/.*URI://") + + create_temporary_test_file '.crl' + TEMPFILE_CRL=${TEMPFILE} + + echo "${GITHUB_CRL_URI}" + curl --silent "${GITHUB_CRL_URI}" >"${TEMPFILE_CRL}" + + ${SCRIPT} --file "${TEMPFILE_CRL}" --warning 2 --critical 1 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + +} + +testFloatingPointThresholds() { + + ${SCRIPT} -H github.com --warning 2.5 --critical 1.5 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + +} + +testFloatingPointThresholdsWrongUsage() { + + ${SCRIPT} -H github.com --warning 1.5 --critical 2.5 + EXIT_CODE=$? + assertEquals "expecting error message about --warning is less or equal --critical, but got wrong exit code, " "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" + +} + +testCertExpiringInLessThanOneDay() { + + CERT=$(createSelfSignedCertificate 1) + + ${SCRIPT} -f "${CERT}" --warning 1.5 --critical 0.5 --selfsigned --allow-empty-san --ignore-sig-alg + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" + +} + +testAcceptableClientCertCAMissing() { + + ${SCRIPT} -H www.github.com --require-client-cert + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + +} + +# not responding: should find something new + +# testAcceptableClientCertCAGeneric() { +# +# ${SCRIPT} -H klik.nlb.si --require-client-cert +# EXIT_CODE=$? +# +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# +# } + +# testAcceptableClientCertCAList() { +# +# ${SCRIPT} -H klik.nlb.si --require-client-cert ACNLB,NLB +# EXIT_CODE=$? +# +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# +# } + +testAcceptableClientCertCAListWrong() { + + ${SCRIPT} -H klik.nlb.si --require-client-cert ACNLB,NLB,fake + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + +} + +testMaxDateOn32BitSystems() { + + # generate a cert expiring after 2038-01-19 + CERT=$(createSelfSignedCertificate 7000) + + ${SCRIPT} -f "${CERT}" --warning 2 --critical 1 --selfsigned --allow-empty-san --ignore-sig-alg + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + + ${SCRIPT} -f "${CERT}" --warning 2 --critical 1 --selfsigned --allow-empty-san --ignore-sig-alg 2>&1 | grep -q 'invalid\ date' + EXIT_CODE=$? + + assertEquals "Invalid date" 1 "${EXIT_CODE}" + +} + +testIgnoreConnectionStateOK() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_OK}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateWARNING() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_WARNING}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateCRITICAL() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_CRITICAL}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateWARNING() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_WARNING}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateError() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-state 4 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testSubdomainWithUnderscore() { + TEST_HOST=_test.github.com + OUTPUT=$(echo Q | "${OPENSSL}" s_client -connect "${TEST_HOST}":443 2>&1) + if [ $? -eq 1 ]; then + # there was an error: check if it's due to the _ + if echo "${OUTPUT}" | grep -q -F 'gethostbyname failure' || + echo "${OUTPUT}" | grep -q -F 'ame or service not known'; then + # older versions of OpenSSL are not able to connect + echo "OpenSSL does not support underscores in the host name: disabling test" + else + fail "error connecting to ${TEST_HOST}" + fi + else + ${SCRIPT} -H "${TEST_HOST}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + fi +} + +testChainOK() { + ${SCRIPT} -f ./fullchain.pem --allow-empty-san --ignore-sct --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testChainFail() { + ${SCRIPT} -f ./incomplete_chain.pem --allow-empty-san --ignore-sct --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testChainFailIgnored() { + ${SCRIPT} -f ./incomplete_chain.pem --ignore-incomplete-chain --allow-empty-san --ignore-sct --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testRSA() { + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -sigalgs; then + ${SCRIPT} -H github.com --rsa --tls1_2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + echo "Skipping forcing RSA: no OpenSSL support" + fi +} + +testOrganizationFail() { + ${SCRIPT} -H github.com -o 'SomeOrg' + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testOrganizationOK() { + ${SCRIPT} -H github.com -o 'GitHub,\ Inc.' + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +# the script will exit without executing main +export SOURCE_ONLY='test' + +# source the script. +# Do not follow +# shellcheck disable=SC1090 +. "${SCRIPT}" + +unset SOURCE_ONLY + +# run shUnit: it will execute all the tests in this file +# (e.g., functions beginning with 'test' +# +# We clone to output to pass it to grep as shunit does always return 0 +# We parse the output to check if a test failed +# + +# Do not follow +# shellcheck disable=SC1090 +. "${SHUNIT2}" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/wrong_chain.pem nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/wrong_chain.pem --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/test/wrong_chain.pem 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/test/wrong_chain.pem 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,106 @@ +-----BEGIN CERTIFICATE----- +MIIFADCCA+igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAw +MFoXDTMxMDUwMzA3MDAwMFowgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxk +dGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUg +Q2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDlkGZL7PlGcakgg77pbL9KyUhpgXVObST2yxcT+LBxWYR6ayuF +pDS1FuXLzOlBcCykLtb6Mn3hqN6UEKwxwcDYav9ZJ6t21vwLdGu4p64/xFT0tDFE +3ZNWjKRMXpuJyySDm+JXfbfYEh/JhW300YDxUJuHrtQLEAX7J7oobRfpDtZNuTlV +Bv8KJAV+L8YdcmzUiymMV33a2etmGtNPp99/UsQwxaXJDgLFU793OGgGJMNmyDd+ +MB5FcSM1/5DYKp2N57CSTTx/KgqT3M0WRmX3YISLdkuRJ3MUkuDq7o8W6o0OPnYX +v32JgIBEQ+ct4EMJddo26K3biTr1XRKOIwSDAgMBAAGjggEsMIIBKDAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJUWBaFAmOD07LSy+ +zWrZtj2zZmMwHwYDVR0jBBgwFoAUfAwyH6fZMH/EfWijYqihzqsHWycwOgYIKwYB +BQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNo +LmNvbS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmllbGR0ZWNo +LmNvbS9zZnJvb3QtZzIuY3JsMEwGA1UdIARFMEMwQQYEVR0gADA5MDcGCCsGAQUF +BwIBFitodHRwczovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv +MA0GCSqGSIb3DQEBCwUAA4IBAQBWZcr+8z8KqJOLGMfeQ2kTNCC+Tl94qGuc22pN +QdvBE+zcMQAiXvcAngzgNGU0+bE6TkjIEoGIXFs+CFN69xpk37hQYcxTUUApS8L0 +rjpf5MqtJsxOYUPl/VemN3DOQyuwlMOS6eFfqhBJt2nk4NAfZKQrzR9voPiEJBjO +eT2pkb9UGBOJmVQRDVXFJgt5T1ocbvlj2xSApAer+rKluYjdkf5lO6Sjeb6JTeHQ +sPTIFwwKlhR8Cbds4cLYVdQYoKpBaXAko7nv6VrcPuuUSvC33l8Odvr7+2kDRUBQ +7nIMpBKGgc0T0U7EPMpODdIm8QC3tKai4W56gf0wrHofx1l7 +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIINxDCCDKygAwIBAgIQaczIXdXLFjQKAAAAAP9gXDANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMTA5MTMwMTM4MzdaFw0yMTExMjAw +MTM4MzZaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABF63ur9oci8z3kct0yU6SdxiU/D5SpKsSUTOWT5uRIUFtE4ZP6dI +fhoZP3ZzJDGVHirnokMh3VxZaLZQMInFMDGjggumMIILojAOBgNVHQ8BAf8EBAMC +B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +9X1jQB4WTJwnDM6S2qCd08XH8VowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU +83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w +a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv +L2NlcnRzL2d0czFjMy5kZXIwgglWBgNVHREEgglNMIIJSYIMKi5nb29nbGUuY29t +ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tggkqLmJkbi5kZXaCEiouY2xvdWQuZ29v +Z2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5nb29nbGUuY29tghgqLmRhdGFjb21wdXRl +Lmdvb2dsZS5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUu +Y28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUu +Y29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29n +bGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5n +b29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xl +LmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29n +bGVhcGlzLmNughEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNughAqLmdz +dGF0aWMtY24uY29tghIqLmdzdGF0aWNjbmFwcHMuY26CD2dvb2dsZWNuYXBwcy5j +boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds +ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n +bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu +bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CC3dpZGV2aW5lLmNugg0qLndpZGV2 +aW5lLmNughFhbXBwcm9qZWN0Lm9yZy5jboITKi5hbXBwcm9qZWN0Lm9yZy5jboIR +YW1wcHJvamVjdC5uZXQuY26CEyouYW1wcHJvamVjdC5uZXQuY26CF2dvb2dsZS1h +bmFseXRpY3MtY24uY29tghkqLmdvb2dsZS1hbmFseXRpY3MtY24uY29tghdnb29n +bGVhZHNlcnZpY2VzLWNuLmNvbYIZKi5nb29nbGVhZHNlcnZpY2VzLWNuLmNvbYIR +Z29vZ2xldmFkcy1jbi5jb22CEyouZ29vZ2xldmFkcy1jbi5jb22CEWdvb2dsZWFw +aXMtY24uY29tghMqLmdvb2dsZWFwaXMtY24uY29tghVnb29nbGVvcHRpbWl6ZS1j +bi5jb22CFyouZ29vZ2xlb3B0aW1pemUtY24uY29tghJkb3VibGVjbGljay1jbi5u +ZXSCFCouZG91YmxlY2xpY2stY24ubmV0ghgqLmZscy5kb3VibGVjbGljay1jbi5u +ZXSCFiouZy5kb3VibGVjbGljay1jbi5uZXSCDmRvdWJsZWNsaWNrLmNughAqLmRv +dWJsZWNsaWNrLmNughQqLmZscy5kb3VibGVjbGljay5jboISKi5nLmRvdWJsZWNs +aWNrLmNughFkYXJ0c2VhcmNoLWNuLm5ldIITKi5kYXJ0c2VhcmNoLWNuLm5ldIId +Z29vZ2xldHJhdmVsYWRzZXJ2aWNlcy1jbi5jb22CHyouZ29vZ2xldHJhdmVsYWRz +ZXJ2aWNlcy1jbi5jb22CGGdvb2dsZXRhZ3NlcnZpY2VzLWNuLmNvbYIaKi5nb29n +bGV0YWdzZXJ2aWNlcy1jbi5jb22CF2dvb2dsZXRhZ21hbmFnZXItY24uY29tghkq +Lmdvb2dsZXRhZ21hbmFnZXItY24uY29tghhnb29nbGVzeW5kaWNhdGlvbi1jbi5j +b22CGiouZ29vZ2xlc3luZGljYXRpb24tY24uY29tgiQqLnNhZmVmcmFtZS5nb29n +bGVzeW5kaWNhdGlvbi1jbi5jb22CFmFwcC1tZWFzdXJlbWVudC1jbi5jb22CGCou +YXBwLW1lYXN1cmVtZW50LWNuLmNvbYILZ3Z0MS1jbi5jb22CDSouZ3Z0MS1jbi5j +b22CC2d2dDItY24uY29tgg0qLmd2dDItY24uY29tggsybWRuLWNuLm5ldIINKi4y +bWRuLWNuLm5ldIIUZ29vZ2xlZmxpZ2h0cy1jbi5uZXSCFiouZ29vZ2xlZmxpZ2h0 +cy1jbi5uZXSCDGFkbW9iLWNuLmNvbYIOKi5hZG1vYi1jbi5jb22CDSouZ3N0YXRp +Yy5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggoqLmd2dDEuY29tghEqLmdjcGNk +bi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIOKi5nY3AuZ3Z0Mi5jb22CECoudXJsLmdv +b2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CCyoueXRpbWcuY29tggth +bmRyb2lkLmNvbYINKi5hbmRyb2lkLmNvbYITKi5mbGFzaC5hbmRyb2lkLmNvbYIE +Zy5jboIGKi5nLmNuggRnLmNvggYqLmcuY2+CBmdvby5nbIIKd3d3Lmdvby5nbIIU +Z29vZ2xlLWFuYWx5dGljcy5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv +b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIUKi5nb29nbGVjb21tZXJjZS5j +b22CCGdncGh0LmNuggoqLmdncGh0LmNuggp1cmNoaW4uY29tggwqLnVyY2hpbi5j +b22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHVi +ZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVr +aWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRy +b2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xl +LmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9p +ZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvUU92 +SjBOMXNUMkEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcARJRlLrDuzq/E +QAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAF73QViLQAABAMASDBGAiEArWffq368 +tzMiCHLl+A1BFjfaVIJORVMn4o43ejqiCToCIQC2XB2yUfqlhx8t70bRv9PsrATA +VJeG4w1NoCvspRpCnAB1APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTj +AAABe90FYRMAAAQDAEYwRAIgAZcPBI5OJaZQHgCD2qkmRAWyE3G60hQklI3psMyA +yaICIAvd8zNVImiwu5RRhKkJ2c6sI9RABL43P9+cj0Qxddk8MA0GCSqGSIb3DQEB +CwUAA4IBAQCTyIgyrPBdskJmSjsTLl6Dbe8Z9NuUCsqlL4t2L6MrZECzMxKag2H9 +pFdhSbQxjwdySgTwXWfVcAfuWxOw3qIrClr47G//aBN1m+Q35I73V3Ya16LKdoNm +3CLGe6qMArlBAg86q0Sr72OeZVKRuTya7l7wHRAMK1+nGCv5Acc+75q/HKj1OkVV +njIG2whCZ+G5LmYZmKroEXIBUna3MGijHrlq58tFgQUSVQqVQzU2tseLIBvz284r +iarLqQ7sR3xVM76Qgl+Be4A4z4fE7Dz1zRIbnetKn8YO5SO/B/H91EeIB4q+nmRO +tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/check_documentation.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/check_documentation.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/check_documentation.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/check_documentation.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,92 @@ +#!/bin/sh + +ERROR=0 + +# get the help +HELP=$( ./check_ssl_cert --help ) + +# check for lines that are too long (78 chars) +LONG_LINES=$( echo "${HELP}" | perl -ne 'length ($_) > 78 && print' ) + +if [ -n "${LONG_LINES}" ]; then + echo "Help lines are too long (>78 chars)" + echo "${LONG_LINES}" + ERROR=1 +fi + +# list all the command line options + +for option in $( grep '^[ ]*-.*)$' check_ssl_cert | sed -e 's/^[ ]*//' -e 's/)//' ) ; do + + case "${option}" in + '|'|'--'|'-*') + continue + ;; + *) + + # check if the option is documented in the help.txt file + if ! grep -q -- "${option}" help.txt ; then + echo "Error: ${option} is not documented in help.txt" + ERROR=1 + fi + + # check if the option is documented in check_ssl_cert + + if ! echo "${HELP}" | grep -q -- "${option}" ; then + echo "Error: ${option} is not documented in the help (--help)" + ERROR=1 + fi + + # check if the option is documented in README.md + + if ! grep -q -- "${option}" README.md ; then + echo "Error: ${option} is not documented in README.md" + ERROR=1 + fi + + # check if the option is documented in the man page + + if ! grep -q -- "${option}" check_ssl_cert.1 ; then + echo "Error: ${option} is not documented in check_ssl_cert.1" + ERROR=1 + fi + + + ;; + + esac + +done + +# check if the option descriptions are present in all the files + +while read line; do + + option=$( echo "${line}" | sed 's/;.*//' ) + description=$( echo "${line}" | sed 's/[^;]*;//' ) + + if ! grep -q -- "${description}" check_ssl_cert ; then + echo "Error: the description of option '${option}' '${description}' is not present in check_ssl_cert" + ERROR=1 + fi + + if ! grep -q -- "${description}" check_ssl_cert.1 ; then + # check for automatically generated options + if ! echo "${description}" | grep -q '${' ; then + echo "Error: the description of option '${option}' '${description}' is not present in check_ssl_cert.1" + ERROR=1 + fi + fi + + if ! grep -q -- "${description}" README.md ; then + # check for automatically generated options + if ! echo "${description}" | grep -q '${' ; then + echo "Error: the description of option '${option}' '${description}' is not present in README.md" + ERROR=1 + fi + fi + +done < help.txt + + +exit "${ERROR}" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/format_files.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/format_files.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/format_files.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/format_files.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,11 @@ +#!/bin/sh + +# Remove trailing spaces (see https://unix.stackexchange.com/questions/92895/how-can-i-achieve-portability-with-sed-i-in-place-editing) +case $(sed --help 2>&1) in +*GNU*) + sed -i'' 's/[[:blank:]]*$//' "$@" + ;; +*) + sed -i '' 's/[[:blank:]]*$//' "$@" + ;; +esac diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/prepare_rpm.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/prepare_rpm.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/prepare_rpm.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/prepare_rpm.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,88 @@ +#!/bin/sh + +echo "Building the RPMs" +OUT=$(make rpm 2>&1 | grep ^Wrote) + +echo "${OUT}" + +RPM=$(echo "${OUT}" | grep /RPMS | grep -v debug | sed 's/.*\ //') +SRPM=$(echo "${OUT}" | grep SRPMS | sed 's/.*\ //') + +echo "RPM: ${RPM}" +echo "SRPM: ${SRPM}" + +ARCH=$(echo "${RPM}" | sed 's/\.rpm$//' | sed 's/.*\.//') +DIST=$(echo "${SRPM}" | sed 's/\.src\.rpm$//' | sed 's/.*\.//') + +echo "arch: ${ARCH}" +echo "dist: ${DIST}" + +WEBROOT=/var/www/rpm +case ${DIST} in +fc30) + RPMDIR="${WEBROOT}/fedora/30/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/30/SRPMS" + DIST='fedora' + RELEASE='30' + ;; +fc31) + RPMDIR="${WEBROOT}/fedora/31/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/31/SRPMS" + DIST='fedora' + RELEASE='31' + ;; +fc32) + RPMDIR="${WEBROOT}/fedora/32/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/32/SRPMS" + DIST='fedora' + RELEASE='32' + ;; +fc33) + RPMDIR="${WEBROOT}/fedora/33/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/33/SRPMS" + DIST='fedora' + RELEASE='33' + ;; +fc34) + RPMDIR="${WEBROOT}/fedora/34/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/34/SRPMS" + DIST='fedora' + RELEASE='34' + ;; +fc35) + RPMDIR="${WEBROOT}/fedora/35/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/35/SRPMS" + DIST='fedora' + RELEASE='35' + ;; +el7) + RPMDIR="${WEBROOT}/epel/7/${ARCH}" + SRPMDIR="${WEBROOT}/epel/7/SRPMS" + DIST='epel' + RELEASE='7' + ;; +el8) + RPMDIR="${WEBROOT}/epel/8/${ARCH}" + SRPMDIR="${WEBROOT}/epel/8/SRPMS" + DIST='epel' + RELEASE='8' + ;; +*) + echo "Unknown distribution ${DIST}" 1>&2 + exit 1 + ;; +esac + +echo "RPMDIR: ${RPMDIR}" +echo "SRPMDIR: ${SRPMDIR}" +echo "RPM: ${RPM}" +echo "SRPM: ${SRPM}" +echo "DIST: ${DIST}" +echo "RELEASE: ${RELEASE}" + +export RPMDIR +export SRPMDIR +export RPM +export SRPM +export DIST +export RELEASE diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/publish_release.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/publish_release.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/publish_release.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/publish_release.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,46 @@ +#!/bin/sh + +VERSION=$(head -n 1 VERSION) + +echo "Publishing release ${VERSION}" + +echo + +echo 'Checking release date' + +MONTH_YEAR=$( date +"%B, %Y" ) +YEAR=$( date +"%Y" ) + +if ! grep -q "${MONTH_YEAR}" check_ssl_cert.1 ; then + echo "Please update the date in check_ssl_cert.1" + exit 1 +fi +if ! grep -q "© Matteo Corti, 2007-${YEAR}" README.md ; then + echo "Please update the copyright year in README.md" + exit 1 +fi +if ! grep -q "Copyright (c) 2007-${YEAR} Matteo Corti" COPYRIGHT ; then + echo "Please update the copyright year in COPYRIGHT" + exit 1 +fi +if ! grep -q "Copyright (c) 2007-${YEAR} Matteo Corti " check_ssl_cert ; then + echo "Please update the copyright year in check_ssl_cert" + exit 1 +fi +echo "Copyright year check: OK" + +echo +echo 'RELEASE_NOTES.md:' +echo '------------------------------------------------------------------------------' + +cat RELEASE_NOTES.md + +echo '------------------------------------------------------------------------------' + +echo 'Did you update the RELEASE_NOTES.md file? ' +read -r ANSWER +if [ "${ANSWER}" = "y" ]; then + make + gh release create "v${VERSION}" --title "check_ssl_cert-${VERSION}" --notes-file RELEASE_NOTES.md "check_ssl_cert-${VERSION}.tar.gz" "check_ssl_cert-${VERSION}.tar.bz2" + +fi diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/stats.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/stats.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/utils/stats.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/utils/stats.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,52 @@ +#!/bin/sh + +# authors +authors=$( grep -c 'Many thanks' AUTHORS ) + +# versions +versions=$( grep -c Version NEWS ) + +version=$( head -n 1 VERSION ) + +echo +printf "\tcheck_ssl_cert version ${version}\n" +echo + +echo "------------------------------------------------------------------------------" +echo "-- Version History and Authors" +echo + +printf "Authors:\\t\\t%'10d\\n" "${authors}" +printf "Versions:\\t\\t%'10d\\n" "${versions}" +echo + +echo "------------------------------------------------------------------------------" +echo "-- Code" +echo + +tests=$( grep -c '^test' test/unit_tests.sh ) +loc=$( grep -c '.' check_ssl_cert ) + +printf "LoC:\\t\\t\\t%'10d\\n" "${loc}" +printf "Tests:\\t\\t\\t%'10d\\n" "${tests}" +echo + +echo "------------------------------------------------------------------------------" +echo "-- Repository" +echo + +commits=$( git log --oneline | wc -l ) + +printf "Commits:\\t\\t%'10d\\n" "${commits}" +git log --numstat --format="" | awk '{files += 1}{ins += $1}{del += $2} END{printf "File changes:\t\t%10'"'"'d\nInsertions:\t\t%10'"'"'d\nDeletions:\t\t%10'"'"'d\n", files, ins, del}' + +echo + +echo "------------------------------------------------------------------------------" +echo "-- Features" +echo + +command_line_options=$( sed 's/;.*//' help.txt | sort | uniq | wc -l ) +printf "Command line options:\\t%'10d\\n" "${command_line_options}" + +echo diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/VERSION nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/VERSION --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.15.0/VERSION 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.15.0/VERSION 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +2.15.0 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/AUTHORS nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/AUTHORS --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/AUTHORS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/AUTHORS 1970-01-01 00:00:00.000000000 +0000 @@ -1,117 +0,0 @@ -Matteo Corti - -Thanks: - -* Many thanks to Kenny McCormack for his help on comp.unix.shell on - how to implement a timeout -* Many thanks to Dan Wallis for several patches and fixes - (see the Changelog) -* Many thanks to Tuomas Haarala for the -P option patch to - check TLS certs using other protocols -* Many thanks to Marcus RejÃ¥s for the -N and -n patches -* Many thanks to Marc Fournier for - - the == bashism fix - - the mktemp error handling patch -* Many thanks to Wolfgang Schricker for - - the selfsigned bug report and cleanup fixes - - the patch adding the possibility to check local files (-f option) -* Many thanks to Yannick Gravel for the patch fixing the plugin output - and the fix on the test order -* Many thanks to Scott Worthington for the --critical and --warning hints -* Many thanks to Lawren Quigley-Jones for - - the -A,--noauth patch - - the trap fix -* Many thanks to Matthias Fuhrmeister for the -servername patch -* Many thanks to Raphael Thoma for the patch allowing HTTP to be - specified as protocol and the fix on -N with wildcards -* Many thanks to Sven Nierlein for the client certificate authentication patch -* Many thanks to Rob Yamry for the help in debugging a problem with - certain versions of OpenSSL and TLS extensions -* Many thanks to Jim Hopp for the "No certificate returned" enhancement patch -* Many thanks to Javier Gonel for the TLS servername patch -* Many thanks to Christian Ruppert for the XMPP patch -* Many thanks to Robin H. Johnson for the 'timeout' patch -* Many thanks to Max Winterstein for the SSL version patch -* Many thanks to Colin Smith for the RPM build Makefile patch -* Many thanks to Andreas Dijkman for the RPM dependencies patch -* Many thanks to Lawren Quigley-Jones for the common name patch -* Many thanks to Ryan Nowakowski for the OCSP patch -* Many thanks to Jérémy Lecour for the review and corrections -* Many thanks to Mark Ruys for the OCSP patch -* Many thanks to Milan Koudelka for the serial number patch -* Many thanks to Konstantin Shalygin for the UTF-8 patch -* Many thanks to Sam Richards for the SNI patch -* Many thanks to Sergei Shmanko (https://github.com/sshmanko) for the wildcard - certificate patch -* Many thanks to juckerf (https://github.com/juckerf) for patch to increase - control over which SSL/TLS versions to use -* Many thanks to Rolf Eike Beer for the IRC and SMTP check patch -* Many thanks to Viktor Szépe for the formatting and style patches -* Many thanks to Philippe Kueck for the CN patch -* Many thanks to Ricardo (https://github.com/bb-Ricardo) and xert (https://github.com/xert) for the date timestamp patch -* Many thanks to xert for the SSLLabs patch -* Many thanks to Leynos (https://github.com/leynos) for the OCSP proxy patch -* Many thanks to Philippe Kueck for the selection of the cipher authentication -* Many thanks to Jalonet (https://github.com/jalonet) for the file/PEM patch -* Many thanks to Sander Cornelissen (https://github.com/scornelissen85) for the multiple CNs patch -* Many thanks to Pavel Rochnyak (https://github.com/rpv-tomsk) for the issuer certificate cache patch and - the wildcard support in alternative names -* Many thanks to Vamp898 (https://github.com/Vamp898) for the LDAP patch -* Many thanks to Emilian Ertel for the curl and date patches -* Many thanks to Kosta Velikov for the grep patch -* Many thanks to Vojtech Horky for the OpenSSL 1.1 patch -* Many thanks to Nicolas Lafont (https://github.com/ManicoW) for the Common Name fix -* Many thanks to d7415 (https://github.com/d7415) for the -help patch -* Many thanks to Åukasz WÄ…sikowski (https://github.com/IdahoPL) for the curl and date display patches -* Many thanks to booboo-at-gluga-de (https://github.com/booboo-at-gluga-de) for the CRL patch -* Many thanks to Georg (https://github.com/gbotti) for the fingerprint patch -* Many thanks to Wim van Ravesteijn (https://github.com/wimvr) for the DER encoded CRL files patch and the OCSP expiring date patch -* Many thanks to yasirathackersdotmu (https://github.com/yasirathackersdotmu) -* Many thanks to Christoph Moench-Tegeder (https://github.com/moench-tegeder) for the curl patch -* Many thanks to Dan Pritts for the --terse patch -* Many thanks to eeertel (https://github.com/eeertel) for the SNI warning patch -* Many thanks to Vojtech Horky (https://github.com/vhotspur) for the --format patch -* Many thanks to Markus Frosch (https://github.com/lazyfrosch) for the cleanup patch -* Many thanks to Ricardo Bartels (https://github.com/bb-Ricardo) for the patches fixing unit tests, - long output on Linux, extending the issuer checks to the whole chain -* Many thanks to eimamagi (https://github.com/eimamagi) for the client key patch and for the CA file and directory support -* Many thanks to Stefan Schlesinger for the HTTP_REQUEST patch -* Many thanks to sokol-44 (https://github.com/sokol-44) for the HTTP request fix -* Many thanks to Jonas Meurer (https://github.com/mejo-) for the IMAP / IMAPS fix -* Many thanks to Mathieu Simon (https://github.com/matsimon) for the IMAPS, POP3S and LDAP patches -* Many thanks to Nico (https://github.com/nicox) for the SSLlabs patch -* Many thanks to barakAtSoluto (https://github.com/barakAtSoluto) for the SSLlabs warning patch -* Many thanks to Valentin Heidelberger (https://github.com/va1entin) for the cURL user agent patch -* Many thanks to Tone (https://github.com/anthonyhaussman) for the warning message improvement patch -* Many thanks to Michael Niewiara (https://github.com/mobitux) for the HTTPS/echo fix -* Many thanks to Zadkiel (https://github.com/aslafy-z) for the extended regex patch and for the n-elementh check -* Many thanks to Dick Visser (https://github.com/dnmvisser) for the --inetproto patch -* Many thanks to jmuecke (https://github.com/jmuecke) for the multiple errors patch -* Many thanks to iasdeoupxe (https://github.com/iasdeoupxe) for various fixes -* Many thanks to Andre Klärner (https://github.com/klaernie) for the typos corrections -* Many thanks to ДилÑн Палаузов (https://github.com/dilyanpalauzov) for the DANE checks -* Many thanks to dupondje (https://github.com/dupondje) for the check_prog fix -* Many thanks to Jörg Thalheim (https://github.com/Mic92) for the xmpp-server patch -* Many thanks to Arkadiusz MiÅ›kiewicz (https://github.com/arekm) for the OCSP timeout patch -* Many thanks to Thomas Weißschuh (https://github.com/t-8ch) for the PostgreSQL patch -* Many thanks to Jonathan Besanceney (https://github.com/jonathan-besanceney) for the proxy patch -* Many thanks to grizzlydev-sarl (https://github.com/grizzlydev-sarl) for the - processing of all the certificate in the chain -* Many thanks to Claudio Kuenzler (https://github.com/Napsty) for the chain expiration output fix -* Many thanks to jf-vf (https://github.com/jf-vf) for the MySQL support patch -* Many thanks to skanx (https://github.com/skanx) for the --not-issued-by output patch -* Many thanks to Zadkiel (https://github.com/aslafy-z) for the --version, the - --skip-element patches -* Many thanks to Marcel Burkhalter (https://github.com/explorer69) the custom HTTP header patch. -* Many thanks to Peter Newmann (https://github.com/peternewman) for the timeout - documentation patch and the issuers patch -* Many thanks to cbiedl (https://github.com/cbiedl) for the proxy patch -* Many thanks to Robin Schneider (https://github.com/ypid-geberit) for the --long-output all patch -* Many thanks to Robin Pronk (https://github.com/rfpronk) for the -u patch -* Many thanks to tunnelpr0 (https://github.com/tunnelpr0) for the --inetproto patch -* Many thanks to Christoph Moench-Tegeder (https://github.com/moench-tegeder) for the OpenSSL version patch -* Many thanks to waja (https://github.com/waja) for the GitHub workflows -* Many thanks to Tobias Grünewald (https://github.com/tobias-gruenewald) for the client certificate -* Many thanks to chornberger-c2c (https://github.com/chornberger-c2c) for the critical and warning output fix -* Many thanks to Claus-Theodor Riegg (https://github.com/ctriegg-mak) for the domain with underscores fix -* Many thanks to Ed Sabol (https://github.com/esabol) for the FQDN patch \ No newline at end of file diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/ChangeLog nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/ChangeLog --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/ChangeLog 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/ChangeLog 1970-01-01 00:00:00.000000000 +0000 @@ -1,957 +0,0 @@ -2021-05-07 Matteo Corti - - * check_ssl_cert (check_ocsp): Do not store the debugging copy of the certificate in the $TMPDIR - -2021-05-06 Matteo Corti - - * check_ssl_cert (main): Fixed an error in the parameter validation - -2021-05-05 Matteo Corti - - * check_ssl_cert (check_attr): do not wait if SSL Labs is giving an error - -2021-04-30 Matteo Corti - - * Makefile: avoid putting extended attribute files in the archives - -2021-04-29 Matteo Corti - - * check_ssl_cert (check_attr): Do not remove parenthesis from URI - -2021-04-29 Claus-Theodor Riegg (https://github.com/ctriegg-mak) - - * check_ssl_cert: match underscores in subdomains when matching name to wildcard certs - -2021-04-28 Matteo Corti - - * check_ssl_cert (check_attr): adds and option to remove performance data - -2021-04-23 Matteo Corti - - * check_ssl_cert (fetch_certificate): Better handling of timeouts - -2021-04-12 Matteo Corti - - * check_ssl_cert (critical): Fixed the output when the CN is not available - -2021-04-07 Matteo Corti - - * check_ssl_cert (main): adding -starttls to the renegotiation check if needed - -2021-04-01 Matteo Corti - - * check_ssl_cert: The host name must now always match with the certificate - * check_ssl_cert: (fetch_certificate): Fixed the errors messages (and added a new one for missing STARTTLS) - -2021-03-31 Matteo Corti - - * check_ssl_cert (main): Added the --resolve option - -2021-03-29 Matteo Corti - - * check_ssl_cert: All the verbose messages are not beginning with a lowercase letter - * check_ssl_cert: Added the possibility to have different verbose and debug levels - * check_ssl_cert: Cleaner verbose output - * check_ssl_cert: Short options can now be grouped - -2021-03-25 Matteo Corti - - * check_ssl_cert (fetch_certificate): Better error handling in case a TLS connection is not possible - -2021-03-22 Matteo Corti - - * check_ssl_cert (usage): adds a --all option to allow all the optional checks at the maximum level - -2021-03-22 Matteo Corti - - * check_ssl_cert (fetch_certificate): detecting a timeout on the OpenSSL level - -2021-03-15 Matteo Corti - - * check_ssl_cert (openssl_version): works on systems which add a string to the OpenSSL version output (+ several fixes) - -2021-03-14 Matteo Corti - - * check_ssl_cert (openssl_version): added a function to compare OpenSSL versions. Getting rid of the man dependency - -2021-03-12 Matteo Corti - - * check_ssl_cert (exec_with_timeout): fixing timeout on systems using 'timeout' - -2021-03-12 Matteo Corti - - * check_ssl_cert (exec_with_timeout): reducing the total timeout by each execution - * check_ssl_cert (check_attr): check chiphers with nmap - - * check_ssl_cert (check_ocsp): looping over all the supplied URIs - -2021-03-11 Matteo Corti - - * check_ssl_cert (check_attr): Setting GZIP to quiet (-q) before using man - -2021-03-10 Matteo Corti - - * check_ssl_cert (main): Improved renegotiation testing - * check_ssl_cert (fetch_certificate): Added --password to specify a password source for PCKS12 certificates - -2021-03-09 Matteo Corti - - * check_ssl_cert (main): Added missing processing of the --inetproto option - * check_ssl_cert (main): Added a sanity check for the protocol support of s_client - * check_ssl_cert (check_ocsp): skipping empty certificates - * check_ssl_cert (fetch_certificate): supporting local files in PKCS #12 and DER formats - * check_ssl_cert (main): Using grep -F when possible - -2021-02-28 Matteo Corti - - * check_ssl_cert (check_attr): Do not check SCTs if the certificate is self signed - -2021-02-25 Matteo Corti - - * check_ssl_cert (check_attr): fixed the SCT check - -2021-02-24 Matteo Corti - - * check_ssl_cert (main): Check for TLS renegotiation - -2021-02-19 Matteo Corti - - * check_ssl_cert (main): Do not reset $OPENSSL so that a different - OpenSSL version can be specified with the environment variable - -2021-02-17 Robin Pronk - - * check_ssl_cert: Make HTTP request url configurable (default stays /) - -2021-02-05 Matteo Corti - - * check_ssl_cert (main): Adds a check for grep (to check if basic utilities are in the PATH) - -2021-01-28 Matteo Corti - - * check_ssl_cert (check_attr): Checks for signed certificate timestamps (SCTs) - * check_ssl_cert (fetch_certificate): Better error catching for s_client errors - -2021-01-26 Matteo Corti - - * check_ssl_cert (hours_until): Warning about BusyBox date dropping the time zone - -2021-01-26 Matteo Corti - - * check_ssl_cert: added --date to specify the date binary - * check_ssl_cert (hours_until): support for BusyBox date - -2021-01-25 Matteo Corti - - * check_ssl_cert (exec_with_timeout): Better handling of wait and kill output - -2021-01-18 Matteo Corti - - * check_ssl_cert (exec_with_timeout): Execute timeout in the background so that it can handle signals - * check_ssl_cert (fetch_certificate): Better error message for DH with a too small key and handshake failure - * check_ssl_cert (check_crl): Checks revokation via CRL - -2021-01-15 Matteo Corti - - * check_ssl_cert (check_ocsp): OCSP check on all the chain elements - -2021-01-14 Matteo Corti - - * check_ssl_cert (check_attr): retries when SSL Labs is running at full capacity - -2020-12-23 Matteo Corti - - * check_ssl_cert (main): - instead of _ to separate words in the command line options - -2020-12-22 Matteo Corti - - * check_ssl_cert (main): added the --no-proxy option - -2020-12-21 Matteo Corti - - * check_ssl_cert (main): added a sanity check for the -f option - * check_ssl_cert (main): better handling of certificates without CN - -2020-12-16 Matteo Corti - - * check_ssl_cert (main): fixed the regex for the proxy cleanup for s_client - -2020-12-15 Matteo Corti - - * check_ssl_cert (require_s_client_option): Checks if s_client supports the -no_ssl[23] options - * check_ssl_cert (main): Better filtering of the nmap output - -2020-12-11 Matteo Corti - - * check_ssl_cert: Corrected the handling of the issuer URI - -2020-12-01 Matteo Corti - - * check_ssl_cert: Correct handling of -proxy by s_client and --proxy by cURL - -2020-11-30 Matteo Corti - - * check_ssl_cert (create_temporary_file): bug fix: temp directory not used - * check_ssl_cert: patch for the --element option - * check_ssl_cert: bug fix: force -4 or -6 with cURL when specified - -2020-08-07 Matteo Corti - - * check_ssl_cert: Fixed a bug with the output of --version - -2020-07-24 Matteo Corti - - * check_ssl_cert (check_attr): Fixed a bug in the output with --not-issued-by - -2020-07-02 Matteo Corti - - * check_ssl_cert (fetch_certificate): MySQL support - -2020-07-01 Matteo Corti - - * check_ssl_cert: Adding support for better file(1) certificate parsing - -2020-06-12 Matteo Corti - - * check_ssl_cert (main): Fixed a problem on BSD in the processing of the issuers - * check_ssl_cert (debuglog): [DBG] prefix for all the lines - -2020-06-09 Matteo Corti - - * check_ssl_cert: fixed a bug in the output (expiration date of chain elements) - -2020-06-05 Matteo Corti - - * check_ssl_cert (fetch_certificate): support for s_client -proxy option - -2020-06-04 Matteo Corti - - * check_ssl_cert: Processes all the certificates in the chain - * check_ssl_cert: New option to check that the issuer does not match a given pattern - -2020-05-18 Matteo Corti - - * check_ssl_cert: Propagates the -6 switch to nmap - -2020-03-26 Matteo Corti - - * check_ssl_cert (main): show command line arguments in debug mode - -2020-03-09 Matteo Corti - - * check_ssl_cert (check_attr): new option (--not-valid-longer-than) to check if a certificate is valid longer than the specified number of days - -2020-02-17 Matteo Corti - - * check_ssl_cert (fetch_certificate): added support for xmpp-server in the STARTTLS negotiation - -2020-01-07 Matteo Corti - - * check_ssl_cert (fetch_certificate): option to force HTTP/2 - -2019-12-23 Matteo Corti - - * check_ssl_cert (fetch_certificate): better error message in case of connection refused - -2019-12-20 Matteo Corti - - * check_ssl_cert: better error message in case of an invalid host - -2019-11-04 Matteo Corti - - * check_ssl_cert (fetch_certificate): fixed a bug in the SMTP connection (using s_client -name) - * check_ssl_cert (main): -name only used with OpenSSL versions which supports it - -2019-10-31 Matteo Corti - - * check_ssl_cert (exec_with_timeout): the return value of the command is no more ignored from expect - -2019-10-29 Matteo Corti - - * check_ssl_cert: Merged a patch fixing a copy and paste error with sieve - -2019-10-28 Matteo Corti - - * check_ssl_cert (exec_with_timeout): Better handling of timeout return codes - -2019-10-28 Matteo Corti - - * check_ssl_cert (main): Better error message for non matching DANE records - * check_ssl_cert (main): Default ports for other protocols - -2019-10-25 Matteo Corti - - * check_ssl_cert (check_required_prog): fixed a couple of small issues and introduced a feature to specify the dig binary - -2019-10-22 Matteo Corti - - * check_ssl_cert (main): Fixed a bug printing both a critical and a warning message when both condition match - -2019-10-18 Matteo Corti - - * check_ssl_cert (main): Fixed a bug ignoring --dane without parameters - -2019-10-16 Matteo Corti - - * check_ssl_cert (main): Integrated the DANE checks - -2019-10-14 Matteo Corti - - * check_ssl_cert (main): Remove RSA-PSS if not TLS 1.3 requested - * check_ssl_cert (check_attr): Write the OPSP issuer cert to the temporary directory - -2019-10-10 Matteo Corti - - * check_ssl_cert (main): do not disable TLS 1.3 if --rsa is specified - -2019-10-10 Matteo Corti - - * check_ssl_cert (main): fixes the ciphers for --rsa and --ecdsa - -2019-10-10 Matteo Corti - - * check_ssl_cert (check_attr): a wildcard certificate does not match the 'main' domain - -2019-10-09 Matteo Corti - - * check_ssl_cert: disables TLS 1.3 with --rsa - * check_ssl_cert: Validate OCSP stapling expiring date - -2019-09-26 Matteo Corti - - * check_ssl_cert: stops if needed programs are not foud - -2019-09-24 Matteo Corti - - * check_ssl_cert: Fixed a bug in the processing of the SSL Labs options - * check_ssl_cert: Fixed a bug with POP3S - -2019-09-24 Matteo Corti - - * check_ssl_cert: OCSP check does not trigger an additional s_client call - -2019-09-19 Matteo Corti - - * check_ssl_cert: Fixed a problem in the critical output - -2019-09-18 Matteo Corti - - * check_ssl_cert: Consolidated the error messages in case of more than one error - * check_ssl_cert: Fixed a bug where the cypher was not forced by the OCSP checks - -2019-08-09 Matteo Corti - - * check_ssl_cert (ascii_grep): Removed NULL characters before 'grepping' a file - * check_ssl_cert (critical): Display the CN in a crical or warning message (if present) - * check_ssl_cert: merged patch to choose the IP protocol version - -2019-08-08 Matteo Corti - - * check_ssl_cert: Applied patch to support LDAPS - * check_ssl_cert.1: Formatting and ordering - -2019-07-26 Matteo Corti - - * check_ssl_cert: Try to detect if LDAP is not supported - -2019-06-02 Matteo Corti - - * check_ssl_cert: Return the filename when using --file by warnings - -2019-03-28 Matteo Corti - - * check_ssl_cert: added an option to specify a user agent for cURL - -2019-02-27 Matteo Corti - - * test/unit_tests.sh (testMultipleAltNamesFailTwo): removed outdated tests - -2019-02-27 Matteo Corti - - * check_ssl_cert: better error message in case of wrong intermediate certificate - -2019-02-19 Matteo Corti - - * check_ssl_cert: Better error message in case of OCSP failure - -2019-02-08 Matteo Corti - - * check_ssl_cert: Check the readability of the certificate file - -2019-02-01 Matteo Corti - - * check_ssl_cert: applied patch for the SSLlabs warning - -2019-01-16 Matteo Corti - - * check_ssl_cert: replaced echo -e with printf - -2018-12-24 Matteo Corti - - * check_ssl_cert: Better output in case of errors while using SNI - -2018-12-19 Matteo Corti - - * check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S - * check_ssl_cert: Support for SNI and SSL Labs - -2018-12-11 Matteo Corti - - * check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993 - * check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer - -2018-11-07 Matteo Corti - - * check_ssl_cert: Fixed a problem with IMAP on port 993 - * check_ssl_cert: fixed a problem with newlines in the HTTP request - -2018-11-05 Matteo Corti - - * check_ssl_cert: CA file and directory support - -2018-10-19 Matteo Corti - - * check_ssl_cert: Fixed the HTTP request string - -2018-10-18 eimamagi - - * check_ssl_cert: Allow to specify a client certificate key - -2018-10-15 Matteo Corti - - * check_ssl_cert (exec_with_timeout): fixed the check on the the return value - -2018-08-10 Matteo Corti - - * check_ssl_cert: disabling OCSP checks if no OCSP host is found - -2018-07-20 Matteo Corti - - * check_ssl_cert: Applied a patch from Markus Frosch to fix the cleanup of temporary files - -2018-07-01 Matteo Corti - - * check_ssl_cert: do not trap on EXIT - * check_ssl_cert: remove temporary file when no signals are trapped - -2018-06-28 Matteo Corti - - * check_ssl_cert: fixed a bug in the deletion of temporary files when a signal is caught - -2018-06-25 Matteo Corti - - * check_ssl_cert: added a check to require OCSP stapling - -2018-04-29 Matteo Corti - - * check_ssl_cert: Remooved the SNI name check patch (see #78) - -2018-04-19 Matteo Corti - - * check_ssl_cert: Merged the SNI name check patch - -2018-04-17 Matteo Corti - - * check_ssl_cert: Merged the --terse patch, added performance data to the terse output and reordered the help - -2018-04-12 Matteo Corti - - * Makefile: Checks if the copyright year is correct. make test is now dependent on make dist - -2018-04-06 Matteo Corti - - * check_ssl_cert: Added UTF8 output - -2018-04-05 Matteo Corti - - * check_ssl_cert: Added debugging output for cURL - -2018-03-29 Matteo Corti - - * check_ssl_cert: Fixed a bug introduced in the last verstion - -2018-03-28 Matteo Corti - - * check_ssl_cert: Removed cURL dependency when not checking SSL Labs - -2018-03-17 Matteo Corti - - * check_ssl_cert: Added support for TLS 1.3 - -2018-03-06 Matteo Corti - - * check_ssl_cert: Fixed OCSP check with LibreSSL - * check_ssl_cert: Lists the number or default root certificates in debug mode - -2018-01-19 Matteo Corti - - * check_ssl_cert: Fixed a bug processing more than one OCSP host - -2017-12-15 Matteo Corti - - * check_ssl_cert: Fixed a bug in the specification of the xmpphost parameter - -2017-12-14 Matteo Corti - - * check_ssl_cert: Added an option to specify the 'to' attribute of the XMPP stream element - -2017-11-29 Wim van Ravesteijn https://github.com/wimvr - - * check_ssl_cert: Support for DER encoded CRL files - -2017-11-28 Georg https://github.com/gbotti - - * check_ssl_cert: added --fingerprint to check the SHA1 fingerprint of the certificate - -2017-11-17 Matteo Corti - - * check_ssl_cert (fetch_certificate): adding support for -xmpphost if available - -2017-11-16 Matteo Corti - - * check_ssl_cert (fetch_certificate): fixing XMPP support - -2017-11-16 - - * check_ssl_cert (fetch_certificate): adding support for IPv6 addresses - -2017-09-18 Bernd Stroessenreuther - - * check_ssl_cert: with -f option you now can also pass a certificate revocation list (CRL) to check its validity period - -2017-09-10 Matteo Corti - - * check_ssl_cert: OCSP check is now terminated by a timeout - -2017-09-09 Matteo Corti - - * check_ssl_cert: The SAN requirement is now optional - -2017-07-28 Matteo Corti - - * check_ssl_cert: Use openssl s_client's -help option to test for SNI support (thanks to d7415) - -2017-07-24 Matteo Corti - - * check_ssl_cert: Fix in the Common Name parsing - -2017-06-23 Matteo Corti - - * check_ssl_cert: Checks for missing subjectAlternativeName extension - -2017-06-15 Matteo Corti - - * check_ssl_cert: Do not try to check OCSP if the protocol is not HTTP or HTTPS - -2017-05-15 Matteo Corti - - * check_ssl_cert: Fixed a problem with the detection of OCSP URLs - -2017-05-02 Matteo Corti - - * check_ssl_cert: Added --location to curl to follow redirects - * check_ssl_cert: Fixed the indentation of EOF in the embedded Perl script - * check_ssl_cert: Added --force-date-perl to force the usage of Perl for date computations and a test to be sure no errors in Perl are left undetected - -2017-04-28 Matteo Corti - - * check_ssl_cert: Fixed a bug occurring when more than one issuNer URI is present - -2017-03-07 Matteo Corti - - * check_ssl_cert: Added LDAP support - -2017-03-01 Matteo Corti - - * check_ssl_cert: By errors it makes more sense to show the supplied host instead of the CN - -2017-02-16 Matteo Corti - - * check_ssl_cert: Support for newer OpenSSL versions (1.1) - -2017-02-10 Matteo Corti - - * check_ssl_cert: Added the --sni option - -2017-02-08 Matteo Corti - - * check_ssl_cert: Patch from Pavel Rochnyak: Changed the CN output when --altnames is used - -2017-02-02 Matteo Corti - - * check_ssl_cert: Fixed the command line argument parsing - * check_ssl_cert: Fixed -servername - -2017-01-29 Matteo Corti - - * check_ssl_cert: Added patches from Pavel Rochnyak for the issuer certificate cache patch - and the wildcard support in alternative names - -2016-12-23 Matteo Corti - - * check_ssl_cert: Added patch to specify multiple CNs (see https://github.com/matteocorti/check_ssl_cert/pull/35) - -2016-12-13 Matteo Corti - - * check_ssl_cert: fixed a minor problem with --debug - -2016-12-06 Matteo Corti - - * check_ssl_cert: fixed a problem when specifying a CN beginnging with * - -2016-12-04 Matteo Corti - - * check_ssl_cert: fixed problem when file is returning PEM certificate on newer Linux distributions - -2016-09-19 Matteo Corti - - * check_ssl_cert: enabling proxy support in the OCSP check (thanks to Leynos) - -2016-08-04 Matteo Corti - - * check_ssl_cert: disabling OCSP checks when no issuer URI is found - -2016-07-29 Matteo Corti - - * check_ssl_cert: fixed case insensitive comparison of CNs - -2016-07-29 https://github.com/bb-Ricardo - - * check_ssl_cert: calculate expiration primary with date - -2016-07-12 Matteo Corti - - * check_ssl_cert: fixed the parsing of the CN field - -2016-06-25 Matteo Corti - - * check_ssl_cert: fixed OSCP header on old OpenSSL versions - -2016-06-24 Matteo Corti - - * check_ssl_cert: OCSP is now default - - * check_ssl_certe: Fixed OCSP host - -2016-06-15 Matteo Corti - - * check_ssl_cert: Better curl error handling - -2016-06-10 Matteo Corti - - * check_ssl_cert: Added an option to clear the cached result at SSLLabs - -2016-06-01 juckerf (https://github.com/juckerf) - - * check_ssl_cert: Increase control over which SSL/TLS versions to use - -2016-05-17 Matteo Corti - - * check_ssl_cert: added more debugging info (-v is automatic if -d is spefied, system info and cert written to a file) - -2016-04-27 Matteo Corti - - * check_ssl_cert: Fixes a bug in the OpenSSL error parsing - -2016-04-05 Matteo Corti - - * check_ssl_cert: In case of an s_client error does not output the full (ugly) error. The error is shown in verbose mode - -2016-03-29 Sergei Shmanko - - * check_ssl_cert: Fix wildcard match regex, add additional unit tests - -2016-03-21 Matteo Corti - - * check_ssl_cert (exec_with_timeout): issues a critical status - when using the 'timout' utility - -2016-03-19 Matteo Corti - - * check_ssl_cert: fixed CN parsing on non-GNU systems - -2016-03-19 Sergei https://github.com/sshmanko - - * check_ssl_cert: handle wildcard certificates - -2016-03-10 Matteo Corti - - * check_ssl_cert (check_attr): Better handling of verification errors - -2016-03-09 Matteo Corti - - * check_ssl_cert (convert_ssl_lab_grade): accepts lowercase letters for SSL Labs grades - * check_ssl_cert (check_attr): waits for SSL Labs results - -2016-03-08 Matteo Corti - - * check_ssl_cert: Tries to extract an error message from SSL Labs - if no status is returned - -2016-03-07 Sam Richards - * check_ssl_cert: Support SNI even when we don't want to check cn - -2016-03-07 Matteo Corti - - * check_ssl_cert: DNS errors by SSL Labs are ignored (as they are just - a sign that the result is not cached) - -2016-03-03 Matteo Corti - - * check_ssl_cert: Initial support for SSL Labs checks - -2016-03-01 Matteo Corti - - * check_ssl_cert: Fixed a bug which prevented the check on the expiration - -2015-10-31 Matteo Corti - - * check_ssl_cert: added a patch to check the certificate's serial number - (thanks to Milan Koudelka) - -2015-10-20 Matteo Corti - - * check_ssl_cert: fixex a problem with OCSP paths w/o URLs - -2015-04-07 Matteo Corti - - * check_ssl_cert: corrected some typos (thanks to Jérémy Lecour) - * check_ssl_cert: removed check on the openssl binary name - -2014-10-21 Matteo Corti - - * check_ssl_cert: added a patch to check revocation via OCSP (thanks - to Ryan Nowakowski) - -2014-02-28 Matteo Corti - - * Makefile: added a target to build an rpm - -2013-12-23 Matteo Corti - - * check_ssl_cert: added the --tls1 option to force TLS 1 - -2013-10-09 Matteo Corti - - * check_ssl_cert: whole script reviewed with shellcheck - -2013-10-01 Matteo Corti - - * check_ssl_cert: fixes with shellcheck (quoting) - -2013-07-29 Matteo Corti - - * check_ssl_cert: Added an option to force a given SSL version - -2013-03-02 Matteo Corti - - * check_ssl_cert: Fixed a bug occurring with TLS and multiple names in - the certificate - -2012-12-07 Matteo Corti - - * check_ssl_cert: removed "test -a/-o" (test has an undefined - behavior with more than 4 elements) - - * check_ssl_cert: fixed #122 (-N was always comparing the CN with 'localhost') - -2012-11-16 Matteo Corti - - * simplified the sourcing of the script file for testing - -2012-10-11 Matteo Corti - - * added some unit tests with shUnit2 - -2012-09-19 Matteo Corti - - * check_ssl_cert: improved the "No certificate returned" error message - -2012-07-13 Matteo Corti - - * check_ssl_cert: added the number of days from or to expiration in the - plugin output - -2012-07-11 Matteo Corti - - * check_ssl_cert: fixed a bug with Perl date computation on some systems - -2012-07-06 Matteo Corti - - * check_ssl_cert: performance data in days - * check_ssl_cert: long output (certificate attributes) - -2012-04-05 Matteo Corti - - * check_ssl_cert: handle broken OpenSSL clients (-servername not working) - -2012-04-04 Matteo Corti - - * check_ssl_cert: removed an hard coded reference to the error number by the - SSL chain verification - -2011-10-22 Matteo Corti - - * check_ssl_cert: added a --altnames option to match the CN to alternative - names - -2011-09-01 Matteo Corti - - * check_ssl_cert: applied a patch from Sven Nierlein - (certificate authentication) - -2011-03-10 Matteo Corti - - * check_ssl_cert: allows http to specified as protocol - (thanks to Raphael Thoma) - * check_ssl_cert: fixes the -N check for certs with wildcards - (thanks to Raphael Thoma) - -2011-01-24 Matteo Corti - - * check_ssl_cert: added an option to specify the openssl executable - -2010-12-16 Dan Wallis - - * check_ssl_cert: Sets $VERBOSE to avoid using value supplied by Nagios - * check_ssl_cert: Quotes regular expression for grep to avoid shell globbing - -2010-12-09 Matteo Corti - - * check_ssl_cert.spec: standardized the RPM package name - - * check_ssl_cert: added support for the TLS servername extension - (thanks to Matthias Fuhrmeister) - -2010-11-02 Matteo Corti - - * INSTALL: specifies that expect is needed for timeouts - -2010-10-29 Matteo Corti - - * README: specifies that expect is needed for timeouts - -2010-10-28 Matteo Corti - - * check_ssl_cert: trap on more signals (thanks to Lawren Quigley-Jones) - -2010-10-14 Matteo Corti - - * check_ssl_cert: added a patch from Yannick Gravel putting the - chain verification at the end of the tests - -2010-10-01 Matteo Corti - - * check_ssl_cert: added a patch from Lawren Quigley-Jones which - implements a new command line argument (-A) to disable the - certificate chain check - -2010-09-15 Matteo Corti - - * check_ssl_cert: fixed option processing (bug #78) - -2010-08-26 Dan Wallis - - * check_ssl_cert: overloads --rootcert for use with directories as - well as files (-CApath versus -CAfile) - -2010-07-21 Matteo Corti - - * check_ssl_cert: added a patch from Marc Fournier to check the creation of the temporary files - * check_ssl_cert: added the --temp option to specify where to store the temporary files - -2010-07-10 Matteo Corti - - * check_ssl_cert: improved the error messages - * check_ssl_cert: checks for certificates without email addresses (if -e is specified) - -2010-07-09 Matteo Corti - - * check_ssl_cert: added a "long" version for all the command line options - * check_ssl_cert: added a critical and warning option for the certificate validity (in days) - * check_ssl_cert: the plugin always issues a critical warning if the certificate is expired - * check_ssl_cert: added a man page - -2010-07-07 Matteo Corti - - * check_ssl_cert: [Wolfgang Schricker patch] Add -f to check local files - -2010-07-01 Matteo Corti - - * check_ssl_cert: [Yannick Gravel patch] Restore displaying the CN in every messages: - a previous patch changed something and only - critical were adjusted. - * check_ssl_cert: [Yannick Gravel patch] Adjust what is displayed after the from in - the OK message to display the matched ISSUER - (CN or O). - -2010-06-08 Matteo Corti - - * check_ssl_cert: added the -s option to allow self signed certificates - -2010-03-11 Matteo Corti - - * check_ssl_cert: fixed the == bashism - -2010-03-08 Matteo Corti - - * check_ssl_cert: applied patch from Marcus RejÃ¥s with the -n and -N options - -2009-12-02 Matteo Corti - - * check_ssl_cert: check if the issuer matches the O= or the CN= field of the Root Cert - -2009-11-30 Matteo Corti - - * check_ssl_cert: cleaned up error messages if the CN is not yet known - * check_ssl_cert: added certificate chain verification - * check_ssl_cert: allow backslashes escaped in the error messages (e.g., for \n used by Nagios 3) - * check_ssl_cert: -r can be used to specify a root certificate to be used for the verification - -2009-03-31 Matteo Corti - - * check_ssl_cert: standard timeout of 15 seconds (can be set with the -t option) - -2009-03-30 Matteo Corti - - * check_ssl_cert: -P option to specify the protocol - -2008-05-13 Matteo Corti - - * check_ssl_cert: applied a patch from Dan Wallis to output the CN - in all the messages - -2008-02-28 Matteo Corti - - * check_ssl_cert: shortened the error message in case of no connection - (only the first line is reported) - -2008-02-25 Matteo Corti - - * check_ssl_cert: [Dan Wallis patch] removed nmap dependency - * check_ssl_cert: [Dan Wallis patch] mktemp for the temporaries - * check_ssl_cert: [Dan Wallis patch] using trap to cleanup temporaries - * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup - * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup - * check_ssl_cert: [Dan Wallis patch] better handling of missing - certificate and non resolvable host - * check_ssl_cert: [Dan Wallis patch] stricter check for "notAfter" in the - certificate analysis - -2007-09-04 Matteo Corti - - * check_ssl_cert: better error messages (both the actual and the - expected values are displayed) - -2007-08-31 Matteo Corti - - * check_ssl_cert: new options to enforce email and - organization. Temporary files are now removed before termination - -2007-08-15 Matteo Corti - - * check_ssl_cert: openssl s_client closes the connection cleanly - -2007-08-10 Matteo Corti - - * check_ssl_cert: initial release diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert 1970-01-01 00:00:00.000000000 +0000 @@ -1,3963 +0,0 @@ -#!/bin/sh -# -# check_ssl_cert -# -# Checks an X.509 certificate: -# - checks if the server is running and delivers a valid certificate -# - checks if the CA matches a given pattern -# - checks the validity -# -# See the INSTALL file for installation instructions -# -# Copyright (c) 2007-2012 ETH Zurich. -# Copyright (c) 2007-2021 Matteo Corti -# -# This module is free software; you can redistribute it and/or modify it -# under the terms of GNU general public license (gpl) version 3. -# See the LICENSE file for details. - -################################################################################ -# Constants - -VERSION=2.2.0 -SHORTNAME="SSL_CERT" - -VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint," - -SIGNALS="HUP INT QUIT TERM ABRT" - -LC_ALL=C - -# return value for the creation of temporary files -TEMPFILE="" - -################################################################################ -# Variables -STATUS_OK=0 -STATUS_WARNING=1 -STATUS_CRITICAL=2 -STATUS_UNKNOWN=3 -WARNING_MSG="" -CRITICAL_MSG="" -ALL_MSG="" -DEBUG=0 - -################################################################################ -# Functions - -################################################################################ -# Prints usage information -# Params -# $1 error message (optional) -usage() { - - if [ -n "$1" ] ; then - echo "Error: $1" 1>&2 - fi - - #### The following line is 80 characters long (helps to fit the help text in a standard terminal) - ######-------------------------------------------------------------------------------- - - echo - echo "Usage: check_ssl_cert -H host [OPTIONS]" - echo - echo "Arguments:" - echo " -H,--host host server" - echo - echo "Options:" - echo " -A,--noauth ignore authority warnings (expiration only)" - echo " --all enables all the possible optional checks at the maximum level" - echo " --check-ciphers grade checks the offered ciphers" - echo " --check-ciphers-warnings critical if nmap reports a warning for an offered cipher" - echo " -C,--clientcert path use client certificate to authenticate" - echo " --clientpass phrase set passphrase for client certificate." - echo " -c,--critical days minimum number of days a certificate has to" - echo " be valid to issue a critical status. Default: ${CRITICAL_DAYS}" - echo " --crl checks revokation via CRL (requires --rootcert-file)" - echo " --curl-bin path path of the curl binary to be used" - echo " --curl-user-agent string user agent that curl shall use to obtain the" - echo " issuer cert" - echo " --custom-http-header string custom HTTP header sent when getting the cert" - echo " example: 'X-Check-Ssl-Cert: Foobar=1'" - echo " --dane verify that valid DANE records exist (since OpenSSL 1.1.0)" - echo " --dane 211 verify that a valid DANE-TA(2) SPKI(1) SHA2-256(1) TLSA record exists" - echo " --dane 301 verify that a valid DANE-EE(3) Cert(0) SHA2-256(1) TLSA record exists" - echo " --dane 302 verify that a valid DANE-EE(3) Cert(0) SHA2-512(2) TLSA record exists" - echo " --dane 311 verify that a valid DANE-EE(3) SPKI(1) SHA2-256(1) TLSA record exists" - echo " --date path path of the date binary to be used" - echo " -d,--debug produces debugging output (can be specified more than once)" - echo " --debug-cert stores the retrieved certificates in the current directory" - echo " --dig-bin path path of the dig binary to be used" - echo " --ecdsa signature algorithm selection: force ECDSA certificate" - echo " --element number checks N cert element from the begining of the chain" - echo " -e,--email address pattern to match the email address contained" - echo " in the certificate" - echo " -f,--file file local file path (works with -H localhost only)" - echo " with -f you can not only pass a x509" - echo " certificate file but also a certificate" - echo " revocation list (CRL) to check the validity" - echo " period" - echo " --file-bin path path of the file binary to be used" - echo " --fingerprint SHA1 pattern to match the SHA1-Fingerprint" - echo " --first-element-only verify just the first cert element, not the whole chain" - echo " --force-perl-date force the usage of Perl for date computations" - echo " --format FORMAT format output template on success, for example" - echo " \"%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'\"" - echo " -h,--help,-? this help message" - echo " --http-use-get use GET instead of HEAD (default) for the HTTP" - echo " related checks" - echo " --ignore-altnames ignores alternative names when matching pattern specified in -n (or the host name)" - echo " --ignore-exp ignore expiration date" - echo " --ignore-host-cn do not complain if the CN does not match the host name" - echo " --ignore-ocsp do not check revocation with OCSP" - echo " --ignore-ocsp-timeout ignore OCSP result when timeout occurs while checking" - echo " --ignore-sig-alg do not check if the certificate was signed with SHA1" - echo " or MD5" - echo " --ignore-sct do not check for signed certificate timestamps (SCT)" - echo " --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)" - echo " --ignore-tls-renegotiation Ignores the TLS renegotiation check" - echo " --inetproto protocol Force IP version 4 or 6" - echo " -i,--issuer issuer pattern to match the issuer of the certificate" - echo " --issuer-cert-cache dir directory where to store issuer certificates cache" - echo " -K,--clientkey path use client certificate key to authenticate" - echo " -L,--check-ssl-labs grade SSL Labs assessment" - echo " (please check https://www.ssllabs.com/about/terms.html)" - echo " --check-ssl-labs-warn grade SSL-Labs grade on which to warn" - echo " --long-output list append the specified comma separated (no spaces) list" - echo " of attributes to the plugin output on additional lines" - echo " Valid attributes are:" - echo " enddate, startdate, subject, issuer, modulus," - echo " serial, hash, email, ocsp_uri and fingerprint." - echo " 'all' will include all the available attributes." - echo " -n,--cn name pattern to match the CN of the certificate (can be" - echo " specified multiple times)" - echo " --nmap-bin path path of the nmap binary to be used" - echo " --no-perf do not show performance data" - echo " --no-proxy ignores the http_proxy and https_proxy environment variables" - echo " --no-ssl2 disable SSL version 2" - echo " --no-ssl3 disable SSL version 3" - echo " --no-tls1 disable TLS version 1" - echo " --no-tls1_1 disable TLS version 1.1" - echo " --no-tls1_2 disable TLS version 1.2" - echo " --no-tls1_3 disable TLS version 1.3" - echo " --not-issued-by issuer check that the issuer of the certificate does not match" - echo " the given pattern" - echo " --not-valid-longer-than days critical if the certificate validity is longer than" - echo " the specified period" - echo " --ocsp-critical hours minimum number of hours an OCSP response has to be valid to" - echo " issue a critical status" - echo " --ocsp-warning hours minimum number of hours an OCSP response has to be valid to" - echo " issue a warning status" - echo " -o,--org org pattern to match the organization of the certificate" - echo " --openssl path path of the openssl binary to be used" - echo " --password source password source for a local certificate, see the PASS PHRASE ARGUMENTS section" - echo " openssl(1)" - echo " -p,--port port TCP port" - echo " -P,--protocol protocol use the specific protocol" - echo " {ftp|ftps|http|https|h2|imap|imaps|irc|ircs|ldap|ldaps|mysql|pop3|pop3s|" - echo " postgres|sieve|smtp|smtps|xmpp|xmpp-server}" - echo " https: default" - echo " h2: forces HTTP/2" - echo " ftp,imap,irc,ldap,pop3,postgres,sieve,smtp: switch to" - echo " TLS using StartTLS" - echo " --proxy proxy sets http_proxy and the s_client -proxy option" - echo " --require-no-ssl2 critical if SSL version 2 is offered" - echo " --require-no-ssl3 critical if SSL version 3 is offered" - echo " --require-no-tls1 critical if TLS 1 is offered" - echo " --require-no-tls1_1 critical if TLS 1.1 is offered" - echo " --resolve ip provides a custom IP address for the specified host" - echo " -s,--selfsigned allows self-signed certificates" - echo " --serial serialnum pattern to match the serial number" - echo " --skip-element number skip checks on N cert element from the begining of the chain" - echo " --sni name sets the TLS SNI (Server Name Indication) extension" - echo " in the ClientHello message to 'name'" - echo " --ssl2 forces SSL version 2" - echo " --ssl3 forces SSL version 3" - echo " --require-ocsp-stapling require OCSP stapling" - echo " --require-san require the presence of a Subject Alternative Name" - echo " extension" - echo " -r,--rootcert path root certificate or directory to be used for" - echo " certificate validation" - echo " --rootcert-dir path root directory to be used for certificate validation" - echo " --rootcert-file path root certificate to be used for certificate validation" - echo " --rsa signature algorithm selection: force RSA certificate" - echo " --temp dir directory where to store the temporary files" - echo " --terse terse output" - echo " -t,--timeout seconds timeout after the specified time" - echo " (defaults to ${TIMEOUT} seconds)" - echo " --tls1 force TLS version 1" - echo " --tls1_1 force TLS version 1.1" - echo " --tls1_2 force TLS version 1.2" - echo " --tls1_3 force TLS version 1.3" - echo " -u,--url URL HTTP request URL" - echo " -v,--verbose verbose output (can be specified more than once)" - echo " -V,--version version" - echo " -w,--warning days minimum number of days a certificate has to be valid" - echo " to issue a warning status. Default: ${WARNING_DAYS}" - echo " --xmpphost name specifies the host for the 'to' attribute of the stream element" - echo " -4 force IPv4" - echo " -6 force IPv6" - echo - echo "Deprecated options:" - echo " --altnames matches the pattern specified in -n with" - echo " alternate names too (enabled by default)" - echo " --days days minimum number of days a certificate has to be valid" - echo " (see --critical and --warning)" - echo " -N,--host-cn match CN with the host name (enabled by default)" - echo " --ocsp check revocation via OCSP (enabled by default)" - echo " -S,--ssl version force SSL version (2,3)" - echo " (see: --ssl2 or --ssl3)" - echo - echo "Report bugs to https://github.com/matteocorti/check_ssl_cert/issues" - echo - - exit "${STATUS_UNKNOWN}" - -} - -################################################################################ -# Prints the given message to STDERR with the prefix '[DBG] ' if the debug -# command line option was specified -# $1: string -# $2: level (optional default 1) -debuglog() { - - MESSAGE=$1 - LEVEL=$2 - - if [ -z "${LEVEL}" ] ; then - #default - LEVEL=1 - fi - - if [ "${LEVEL}" -le "${DEBUG}" ] ; then - echo "${1}" | sed 's/^/[DBG] /' >&2 - fi - -} - -################################################################################ -# Prints the given message to STDOUT if the verbose command line opttion was -# specified -# $1: string -# $2: level (optional default 1) -verboselog() { - - MESSAGE=$1 - LEVEL=$2 - - if [ -z "${LEVEL}" ] ; then - #default - LEVEL=1 - fi - - if [ "${LEVEL}" -le "${VERBOSE}" ] ; then - echo "${MESSAGE}" >&2 - fi - -} - -################################################################################ -# trap passing the signal name -# see https://stackoverflow.com/questions/2175647/is-it-possible-to-detect-which-trap-signal-in-bash/2175751#2175751 -trap_with_arg() { - func="$1" ; shift - for sig ; do - # shellcheck disable=SC2064 - trap "${func} ${sig}" "${sig}" - done -} - -################################################################################ -# Cleanup temporary files -remove_temporary_files() { - debuglog "cleaning up temporary files" - # shellcheck disable=SC2086 - if [ -n "${TEMPORARY_FILES}" ]; then - debuglog "$(echo "${TEMPORARY_FILES}" | tr '\ ' '\n')" - rm -f ${TEMPORARY_FILES} - fi -} - -################################################################################ -# Cleanup when exiting -cleanup() { - SIGNAL=$1 - debuglog "signal caught ${SIGNAL}" - remove_temporary_files - # shellcheck disable=SC2086 - trap - ${SIGNALS} - exit -} - -create_temporary_file() { - - # create a temporary file - TEMPFILE="$( mktemp "${TMPDIR}/XXXXXX" 2> /dev/null )" - if [ -z "${TEMPFILE}" ] || [ ! -w "${TEMPFILE}" ] ; then - unknown 'temporary file creation failure.' - fi - - debuglog "temporary file ${TEMPFILE} created" - - # add the file to the list of temporary files - TEMPORARY_FILES="${TEMPORARY_FILES} ${TEMPFILE}" - -} - -################################################################################ -# Compute the number of hours until a given date -# Params -# $1 date -# return HOURS_UNTIL -hours_until() { - - DATE=$1 - - debuglog "Date computations: ${DATETYPE}" - debuglog "Computing number of hours until '${DATE}'" - - case "${DATETYPE}" in - "BSD") - HOURS_UNTIL=$(( ( $(${DATEBIN} -jf "%b %d %T %Y %Z" "${DATE}" +%s) - $(${DATEBIN} +%s) ) / 3600 )) - ;; - "BUSYBOX") - BUSYBOX_DATE=$( echo "${DATE}" | sed 's/[ ][^ ]*$//' ) - debuglog "Computing number of hours until '${BUSYBOX_DATE}' (BusyBox compatible format)" - verboselog "warning: BusyBox date does not support time zones. Using ${BUSYBOX_DATE} in the current zone instead of ${DATE}" - HOURS_UNTIL=$(( ( $(${DATEBIN} -d "${BUSYBOX_DATE}" +%s) - $(${DATEBIN} +%s) ) / 3600 )) - ;; - "GNU") - HOURS_UNTIL=$(( ( $(${DATEBIN} -d "${DATE}" +%s) - $(${DATEBIN} +%s) ) / 3600 )) - ;; - "PERL") - # Warning: some shell script formatting tools will indent the EOF! (should be at position 0) - if ! HOURS_UNTIL=$(perl - "${DATE}" <<-"EOF" - use strict; - use warnings; - use Date::Parse; - my $cert_date = str2time( $ARGV[0] ); - my $hours = int (( $cert_date - time ) / 3600 + 0.5); - print "$hours\n"; -EOF - ) ; then - # something went wrong with the embedded Perl code: check the indentation of EOF - unknown "Error computing the certificate validity with Perl" - fi - ;; - *) - unknown "Internal error: unknown date type" - esac - - debuglog "Hours until ${DATE}: ${HOURS_UNTIL}" - echo "${HOURS_UNTIL}" - -} - -################################################################################ -# checks if OpenSSL version is at least the given parameter -# Params -# $1 minumum version -openssl_version() { - - # See https://wiki.openssl.org/index.php/Versioning - - # Required version - MIN_VERSION=$1 - - debuglog "openssl_version ${MIN_VERSION}" - - IFS='.' read -r MIN_MAJOR1 MIN_MAJOR2 MIN_MINOR <>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" - debuglog "prepend_critical_message: new message = $1" - debuglog "prepend_critical_message: HOST_NAME = ${HOST_NAME}" - debuglog "prepend_critical_message: HOST_ADDR = ${HOST_ADDR}" - debuglog "prepend_critical_message: CN = ${CN}" - debuglog "prepend_critical_message: SNI = ${SNI}" - debuglog "prepend_critical_message: FILE = ${FILE}" - debuglog "prepend_critical_message: SHORTNAME = ${SHORTNAME}" - debuglog "prepend_critical_message: MSG = ${MSG}" - debuglog "prepend_critical_message: CRITICAL_MSG = ${CRITICAL_MSG}" - debuglog "prepend_critical_message: ALL_MSG 1 = ${ALL_MSG}" - - if [ -n "${CN}" ] ; then - if echo "${CN}" | grep -q -F 'unavailable' ; then - tmp=" ${SUBJECT_ALTERNATIVE_NAME}" - else - tmp=" ${CN}" - fi - else - if [ -n "${HOST_NAME}" ] ; then - if [ -n "${SNI}" ] ; then - tmp=" ${SNI}" - elif [ -n "${FILE}" ] ; then - tmp=" ${FILE}" - else - tmp=" ${HOST_NAME}" - fi - fi - fi - - MSG="${SHORTNAME} CRITICAL${tmp}: ${1}${LONG_OUTPUT}" - - if [ "${CRITICAL_MSG}" = "" ]; then - CRITICAL_MSG="${MSG}" - fi - - ALL_MSG="\\n ${MSG}${ALL_MSG}" - - debuglog "prepend_critical_message: MSG 2 = ${MSG}" - debuglog "prepend_critical_message: CRITICAL_MSG 2 = ${CRITICAL_MSG}" - debuglog "prepend_critical_message: ALL_MSG 2 = ${ALL_MSG}" - debuglog "CRITICAL <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" - -} - -################################################################################ -# Exits with a critical message -# Params -# $1 error message -critical() { - - remove_temporary_files - - debuglog 'exiting with CRITICAL' - debuglog "ALL_MSG = ${ALL_MSG}" - - NUMBER_OF_ERRORS=$( printf '%b' "${ALL_MSG}" | wc -l ) - - debuglog "number of errors = ${NUMBER_OF_ERRORS}" - - if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ -n "${VERBOSE}" ] ; then - printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" - else - printf '%s%s \n' "$1" "${PERFORMANCE_DATA}" - fi - - exit "${STATUS_CRITICAL}" -} - -################################################################################ -# append all warning messages to list of all messages -# Params -# $1 warning message -append_warning_message() { - - debuglog "WARNING >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" - debuglog "append_warning_message: HOST_NAME = ${HOST_NAME}" - debuglog "append_warning_message: HOST_ADDR = ${HOST_ADDR}" - debuglog "append_warning_message: CN = ${CN}" - debuglog "append_warning_message: SNI = ${SNI}" - debuglog "append_warning_message: FILE = ${FILE}" - debuglog "append_warning_message: SHORTNAME = ${SHORTNAME}" - debuglog "prepend_warning_message: MSG = ${MSG}" - debuglog "prepend_warning_message: WARNING_MSG = ${WARNING_MSG}" - debuglog "prepend_warning_message: ALL_MSG 1 = ${ALL_MSG}" - - if [ -n "${CN}" ] ; then - if echo "${CN}" | grep -q -F 'unavailable' ; then - tmp=" ${SUBJECT_ALTERNATIVE_NAME}" - else - tmp=" ${CN}" - fi - else - if [ -n "${HOST_NAME}" ] ; then - if [ -n "${SNI}" ] ; then - tmp=" ${SNI}" - elif [ -n "${FILE}" ] ; then - tmp=" ${FILE}" - else - tmp=" ${HOST_NAME}" - fi - fi - fi - - MSG="${SHORTNAME} WARN${tmp}: ${1}${LONG_OUTPUT}" - - if [ "${WARNING_MSG}" = "" ]; then - WARNING_MSG="${MSG}" - fi - - ALL_MSG="${ALL_MSG}\\n ${MSG}" - - - debuglog "prepend_warning_message: MSG 2 = ${MSG}" - debuglog "prepend_warning_message: WARNING_MSG 2 = ${WARNING_MSG}" - debuglog "prepend_warning_message: ALL_MSG 2 = ${ALL_MSG}" - debuglog "WARNING <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" - -} - - -################################################################################ -# Exits with a warning message -# Param -# $1 warning message -warning() { - - remove_temporary_files - - NUMBER_OF_ERRORS=$( printf '%b' "${ALL_MSG}" | wc -l ) - - if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ -n "${VERBOSE}" ]; then - printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" - else - printf '%s %s\n' "$1" "${PERFORMANCE_DATA}" - fi - - exit "${STATUS_WARNING}" -} - -################################################################################ -# Exits with an 'unknown' status -# Param -# $1 message -unknown() { - if [ -n "${HOST_NAME}" ] ; then - if [ -n "${SNI}" ] ; then - tmp=" ${SNI}" - elif [ -n "${FILE}" ] ; then - tmp=" ${FILE}" - else - tmp=" ${HOST_NAME}" - fi - fi - remove_temporary_files - printf '%s UNKNOWN%s: %s\n' "${SHORTNAME}" "${tmp}" "$1" - exit "${STATUS_UNKNOWN}" -} - - -################################################################################ -# Exits with unknown if s_client does not support the given option -# -# Usage: -# require_s_client_option '-no_ssl2' -# -require_s_client_option() { - debuglog "Checking if s_client supports the $1 option" - if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "$1" ; then - unknown "s_client does not support the $1 option" - fi -} - -################################################################################ -# To set a variable with an HEREDOC in a POSIX compliant way -# see: https://unix.stackexchange.com/questions/340718/how-do-i-bring-heredoc-text-into-a-shell-script-variable -# Usage: -# set_variable variablename<<'HEREDOC' -# ... -# HEREDOC -set_variable() { - # shellcheck disable=SC2016 - eval "$1"'=$(cat)' -} - -################################################################################ -# Executes command with a timeout -# Params: -# $1 command -# $2 where to put the stdout -# $3 where to put the stderr -# Returns 1 if timed out 0 otherwise -exec_with_timeout() { - - time=${TIMEOUT} - - # start the command in a subshell to avoid problem with pipes - # (spawn accepts one command) - command="/bin/sh -c \"$1\"" - - OUTFILE=/dev/null - if [ -n "$2" ] ; then - OUTFILE=$2 - fi - ERRFILE=/dev/null - if [ -n "$3" ] ; then - ERRFILE=$3 - fi - - start_time=$( date +%s ) - - debuglog "executing with timeout (${time}s): $1" - debuglog " start time = ${start_time}" - - if [ -n "${TIMEOUT_BIN}" ] ; then - - debuglog "$(printf "%s %s %s\\n" "${TIMEOUT_BIN}" "${time}" "${command}")" - - # We execute timeout in the backgroud so that it can be relay a signal to 'timeout' - # https://unix.stackexchange.com/questions/57667/why-cant-i-kill-a-timeout-called-from-a-bash-script-with-a-keystroke/57692#57692 - eval "${TIMEOUT_BIN} ${time} ${command} &" > "${OUTFILE}" 2> "${ERRFILE}" - TIMEOUT_PID=$! - wait "${TIMEOUT_PID}" > /dev/null 2>&1 - RET=$? - - # return codes - # https://www.gnu.org/software/coreutils/manual/coreutils.html#timeout-invocation - - # because of the execution in the backgroud we get a 137 for a timeout - if [ "${RET}" -eq 137 ] || [ "${RET}" -eq 124 ] ; then - prepend_critical_message "Timeout after ${time} seconds" - critical "${SHORTNAME} CRITICAL: Timeout after ${time} seconds" - elif [ "${RET}" -eq 125 ] ; then - prepend_critical_message "execution of ${command} failed" - elif [ "${RET}" -eq 126 ] ; then - prepend_critical_message "${command} is found but cannot be invoked" - elif [ "${RET}" -eq 127 ] ; then - prepend_critical_message "${command} cannot be found" - fi - - end_time=$( date +%s ) - TIMEOUT=$(( TIMEOUT - end_time + start_time )) - debuglog " end time = ${end_time}" - debuglog " new timeout = ${TIMEOUT}" - if [ "${TIMEOUT}" -lt 1 ] ; then TIMEOUT=1; fi - - return "${RET}" - - elif [ -n "${EXPECT}" ] ; then - - # just to tell shellcheck that the variable is assigned - # (in fact the value is assigned with the function set_value) - EXPECT_SCRIPT='' - TIMEOUT_ERROR_CODE=42 - - set_variable EXPECT_SCRIPT << EOT - -set echo \"-noecho\" -set timeout ${time} - -# spawn the process -spawn -noecho sh -c { ${command} > ${OUTFILE} 2> ${ERRFILE} } - -expect { - timeout { exit ${TIMEOUT_ERROR_CODE} } - eof -} - -# Get the return value -# https://stackoverflow.com/questions/23614039/how-to-get-the-exit-code-of-spawned-process-in-expect-shell-script - -foreach { pid spawnid os_error_flag value } [wait] break - -# return the command return value -exit \$value - -EOT - - debuglog 'Executing expect script' - debuglog "$(printf '%s' "${EXPECT_SCRIPT}")" - - echo "${EXPECT_SCRIPT}" | expect - RET=$? - - debuglog "expect returned ${RET}" - - if [ "${RET}" -eq "${TIMEOUT_ERROR_CODE}" ] ; then - prepend_critical_message "Timeout after ${time} seconds" - critical "${SHORTNAME} CRITICAL: Timeout after ${time} seconds" - fi - - end_time=$( date +%s ) - TIMEOUT=$(( TIMEOUT - end_time + start_time )) - debuglog " end time = ${end_time}" - debuglog " new timeout = ${TIMEOUT}" - if [ "${TIMEOUT}" -lt 1 ] ; then TIMEOUT=1; fi - - return "${RET}" - - else - - debuglog "$(printf "%s\\n" eval "${command}")" - - eval "${command}" > "${OUTFILE}" 2> "${ERRFILE}" - RET=$? - - end_time=$( date +%s ) - - # we deduce the command duration from the total specified timeout - TIMEOUT=$(( TIMEOUT - end_time + start_time )) - debuglog " end time = ${end_time}" - debuglog " new timeout = ${TIMEOUT}" - if [ "${TIMEOUT}" -lt 1 ] ; then TIMEOUT=1; fi - - return "${RET}" - - fi - - -} - -################################################################################ -# Checks if a given program is available and executable -# Params -# $1 program name -# Returns 1 if the program exists and is executable -check_required_prog() { - - PROG=$(command -v "$1" 2> /dev/null) - - if [ -z "${PROG}" ] ; then - unknown "cannot find program: $1" - fi - - if [ ! -x "${PROG}" ] ; then - unknown "${PROG} is not executable" - fi - -} - - -################################################################################ -# Checks cert revokation via CRL -# Params -# $1 cert -# $2 element number -check_crl() { - el_number=1 - if [ -n "$2" ]; then - el_number=$2 - fi - - create_temporary_file; CERT_ELEMENT=${TEMPFILE} - debuglog "Storing the chain element in ${CERT_ELEMENT}" - echo "${1}" > "${CERT_ELEMENT}" - - # We check all the elements of the chain (but the root) for revocation - # If any element is revoked, the certificate should not be trusted - # https://security.stackexchange.com/questions/5253/what-happens-when-an-intermediate-ca-is-revoked - - debuglog "Checking CRL status of element ${el_number}" - - # See https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html - - CRL_URI=$( "${OPENSSL}" x509 -noout -text -in "${CERT_ELEMENT}" | - grep -F -A 4 'X509v3 CRL Distribution Points' | - grep -F URI | - sed 's/^.*URI://' - ) - if [ -n "${CRL_URI}" ] ; then - - debuglog "Certificate revokation list available (${CRL_URI})" - - debuglog "CRL: fetching CRL ${CRL_URI} to ${CRL_TMP_DER}" - - if [ -n "${CURL_USER_AGENT}" ] ; then - exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --user-agent '${CURL_USER_AGENT}' --location \\\"${CRL_URI}\\\" > ${CRL_TMP_DER}" - else - exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --location \\\"${CRL_URI}\\\" > ${CRL_TMP_DER}" - fi - - # convert DER to - debuglog "Converting ${CRL_TMP_DER} (DER) to ${CRL_TMP_PEM} (PEM)" - "${OPENSSL}" crl -inform DER -in "${CRL_TMP_DER}" -outform PEM -out "${CRL_TMP_PEM}" - - # combine the certificate and the CRL - debuglog "Combining the certificate, the CRL and the root cert" - debuglog "cat ${CRL_TMP_PEM} ${CERT} ${ROOT_CA_FILE} > ${CRL_TMP_CHAIN}" - cat "${CRL_TMP_PEM}" "${CERT}" "${ROOT_CA_FILE}" > "${CRL_TMP_CHAIN}" - - debuglog "${OPENSSL} verify -crl_check -CRLfile ${CRL_TMP_PEM} ${CERT_ELEMENT}" - CRL_RESULT=$( "${OPENSSL}" verify -crl_check -CAfile "${CRL_TMP_CHAIN}" -CRLfile "${CRL_TMP_PEM}" "${CERT_ELEMENT}" 2>&1 | - grep -F ':' | - head -n 1 | - sed 's/^.*:\ //' - ) - - debuglog " result: ${CRL_RESULT}" - - if ! [ "${CRL_RESULT}" = 'OK' ] ; then - prepend_critical_message "certificate element ${el_number} is revoked (CRL)" - fi - - else - - debuglog "Certificate revokation list not available" - - fi - -} - -################################################################################ -# Checks cert revokation via OCSP -# Params -# $1 cert -# $2 element number -check_ocsp() { - - el_number=1 - if [ -n "$2" ]; then - el_number=$2 - fi - - # We check all the elements of the chain (but the root) for revocation - # If any element is revoked, the certificate should not be trusted - # https://security.stackexchange.com/questions/5253/what-happens-when-an-intermediate-ca-is-revoked - - debuglog "Checking OCSP status of element ${el_number}" - - create_temporary_file; CERT_ELEMENT=${TEMPFILE} - debuglog "Storing the chain element in ${CERT_ELEMENT}" - echo "${1}" > "${CERT_ELEMENT}" - - ################################################################################ - # Check revocation via OCSP - if [ -n "${OCSP}" ]; then - - debuglog "Checking revokation via OCSP" - - ISSUER_HASH="$(${OPENSSL} x509 -in "${CERT_ELEMENT}" -noout -issuer_hash)" - debuglog "Issuer hash: ${ISSUER_HASH}" - - if [ -z "${ISSUER_HASH}" ] ; then - unknown 'unable to find issuer certificate hash.' - fi - - ISSUER_CERT= - if [ -n "${ISSUER_CERT_CACHE}" ] ; then - - if [ -r "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" ]; then - - debuglog "Found cached Issuer Certificate: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" - - ISSUER_CERT="${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" - - else - - debuglog "Not found cached Issuer Certificate: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" - - - fi - - fi - - # shellcheck disable=SC2086,SC2016 - ELEMENT_ISSUER_URIS="$( ${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -text -noout -in ${CERT_ELEMENT} | grep -F "CA Issuers" | grep -F -i "http" | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;${}<>`&')" - - if [ -z "${ELEMENT_ISSUER_URIS}" ] ; then - verboselog "cannot find the CA Issuers in the certificate: disabling OCSP checks on element ${el_number}" - return - fi - - debuglog "Chain element issuer URIs: ${ELEMENT_ISSUER_URIS}" - - for ELEMENT_ISSUER_URI in ${ELEMENT_ISSUER_URIS} ; do - debuglog "checking issuer URIs: ${ELEMENT_ISSUER_URI}" - - # shellcheck disable=SC2021 - if [ "${ELEMENT_ISSUER_URI}" != "$(echo "${ELEMENT_ISSUER_URI}" | tr -d '[[:space:]]')" ]; then - verboselog "unable to fetch the CA issuer certificate (spaces in URI): skipping" - continue - elif ! echo "${ELEMENT_ISSUER_URI}" | grep -q -i '^http' ; then - verboselog "unable to fetch the CA issuer certificate (unsupported protocol): skipping" - continue - fi - - - if [ -z "${ISSUER_CERT}" ] ; then - - debuglog "OCSP: fetching issuer certificate ${ELEMENT_ISSUER_URI} to ${ISSUER_CERT_TMP}" - - if [ -n "${CURL_USER_AGENT}" ] ; then - exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --user-agent '${CURL_USER_AGENT}' --location \\\"${ELEMENT_ISSUER_URI}\\\" > ${ISSUER_CERT_TMP}" - else - exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --location \\\"${ELEMENT_ISSUER_URI}\\\" > ${ISSUER_CERT_TMP}" - fi - - debuglog "OCSP: issuer certificate type (1): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )" - - if echo "${ELEMENT_ISSUER_URI}" | grep -F -q 'p7c' ; then - debuglog "OCSP: converting issuer certificate from PKCS #7 to PEM" - - cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}" - - ${OPENSSL} pkcs7 -print_certs -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}" - - fi - - debuglog "OCSP: issuer certificate type (2): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )" - - # check the result - if ! "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q ': (ASCII|PEM)' ; then - - if "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q '(data|Certificate)' ; then - - debuglog "OCSP: converting issuer certificate from DER to PEM" - - cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}" - - ${OPENSSL} x509 -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}" - - elif "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q 'empty' ; then - - # empty certs are allowed - debuglog "OCSP empty certificate detected: skipping" - return - - else - - debuglog "OCSP: complete issuer certificate type $( ${FILE_BIN} "${ISSUER_CERT_TMP}" )" - - unknown "Unable to fetch a valid certificate issuer certificate." - - fi - - fi - - debuglog "OCSP: issuer certificate type (3): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )" - - if [ -n "${DEBUG_CERT}" ] ; then - - # remove trailing / - FILE_NAME=${ELEMENT_ISSUER_URI%/} - - # remove everything up to the last slash - FILE_NAME="${FILE_NAME##*/}" - - debuglog "OCSP: storing a copy of the retrieved issuer certificate to ${FILE_NAME} for debugging purposes" - - cp "${ISSUER_CERT_TMP}" "${FILE_NAME}" - - fi - - if [ -n "${ISSUER_CERT_CACHE}" ] ; then - - if [ ! -w "${ISSUER_CERT_CACHE}" ]; then - unknown "Issuer certificates cache ${ISSUER_CERT_CACHE} is not writeable!" - fi - - debuglog "Storing Issuer Certificate to cache: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" - - cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" - - fi - - ISSUER_CERT=${ISSUER_CERT_TMP} - - fi - - - done - - # shellcheck disable=SC2086 - OCSP_URIS="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT_ELEMENT}" -ocsp_uri -noout)" - - debuglog "OCSP: URIs = ${OCSP_URIS}" - - for OCSP_URI in ${OCSP_URIS} ; do - - debuglog "OCSP: URI = ${OCSP_URI}" - - OCSP_HOST="$(echo "${OCSP_URI}" | sed -e "s@.*//\\([^/]\\+\\)\\(/.*\\)\\?\$@\\1@g" | sed 's/^http:\/\///' | sed 's/\/.*//' )" - - debuglog "OCSP: host = ${OCSP_HOST}" - - if [ -n "${OCSP_HOST}" ] ; then - - # check if -header is supported - OCSP_HEADER="" - - # ocsp -header is supported in OpenSSL versions from 1.0.0, but not documented until 1.1.0 - # so we check if the major version is greater than 0 - if "${OPENSSL}" version | grep -q '^LibreSSL' || [ "$( ${OPENSSL} version | sed -e 's/OpenSSL \([0-9]\).*/\1/g' )" -gt 0 ] ; then - - debuglog "openssl ocsp supports the -header option" - - # the -header option was first accepting key and value separated by space. The newer versions are using key=value - KEYVALUE="" - if ${OPENSSL} ocsp -help 2>&1 | grep -F header | grep -F -q 'key=value' ; then - debuglog "${OPENSSL} ocsp -header requires 'key=value'" - KEYVALUE=1 - else - debuglog "${OPENSSL} ocsp -header requires 'key value'" - fi - - # http_proxy is sometimes lower- and sometimes uppercase. Programs usually check both - # shellcheck disable=SC2154 - if [ -n "${http_proxy}" ] ; then - HTTP_PROXY="${http_proxy}" - fi - - if [ -n "${HTTP_PROXY:-}" ] ; then - OCSP_PROXY_ARGUMENT="$( echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//' )" - - if [ -n "${KEYVALUE}" ] ; then - debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -host \"${OCSP_PROXY_ARGUMENT}\" -path ${OCSP_URI} -header HOST=${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1 )" - else - debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -host \"${OCSP_PROXY_ARGUMENT}\" -path ${OCSP_URI} -header HOST ${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )" - fi - - else - - if [ -n "${KEYVALUE}" ] ; then - debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1 )" - else - debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )" - fi - - fi - - debuglog "$(echo "${OCSP_RESP}" | sed 's/^/OCSP: response = /')" - - if [ -n "${OCSP_IGNORE_TIMEOUT}" ] && echo "${OCSP_RESP}" | grep -F -q -i "timeout on connect" ; then - - debuglog 'OCSP: Timeout on connect' - - elif echo "${OCSP_RESP}" | grep -F -q -i "revoked" ; then - - debuglog 'OCSP: revoked' - - prepend_critical_message "certificate element ${el_number} is revoked (OCSP)" - - elif ! echo "${OCSP_RESP}" | grep -F -q -i "good" ; then - - debuglog "OCSP: not good. HTTP_PROXY = ${HTTP_PROXY}" - - if [ -n "${HTTP_PROXY:-}" ] ; then - - debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT_ELEMENT}]\" -host \"${HTTP_PROXY#*://}\" -path \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1" - - if [ -n "${OCSP_HEADER}" ] ; then - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" - else - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" 2>&1 )" - fi - - else - - debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT_ELEMENT}\" -url \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1" - - if [ -n "${OCSP_HEADER}" ] ; then - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" - else - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" 2>&1 )" - fi - - fi - - verboselog "OCSP Error: ${OCSP_RESP}" - - prepend_critical_message "OCSP error (-v for details)" - - fi - - else - - verboselog "openssl ocsp does not support the -header option: disabling OCSP checks" - - fi - - else - - verboselog "no OCSP host found: disabling OCSP checks" - - fi - - done - - fi - -} - - -################################################################################ -# Checks cert end date validity -# Params -# $1 cert -# $2 element number -# Returns number of days -check_cert_end_date() { - el_number=1 - if [ -n "$2" ]; then - el_number=$2 - fi - - debuglog "Checking expiration date of element ${el_number}" - - # shellcheck disable=SC2086 - ELEM_END_DATE=$(echo "${1}" | "${OPENSSL}" "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -noout "${OPENSSL_ENDDATE_OPTION}" | sed -e "s/.*=//") - debuglog "Validity date on cert element ${el_number} is ${ELEM_END_DATE}" - - HOURS_UNTIL=$(hours_until "${ELEM_END_DATE}") - ELEM_DAYS_VALID=$(( HOURS_UNTIL / 24 )) - if [ -z "${DAYS_VALID}" ] || [ "${ELEM_DAYS_VALID}" -lt "${DAYS_VALID}" ]; then - DAYS_VALID="${ELEM_DAYS_VALID}" - fi - - add_performance_data "days_chain_elem${el_number}=${ELEM_DAYS_VALID};${WARNING_DAYS};${CRITICAL_DAYS};;" - - if [ "${OPENSSL_COMMAND}" = "x509" ]; then - # x509 certificates (default) - # We always check expired certificates - debuglog "executing: ${OPENSSL} x509 -noout -checkend 0 on cert element ${el_number}" - if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend 0 > /dev/null ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} is expired (was valid until ${ELEM_END_DATE})" - return 2 - fi - - if [ -n "${CRITICAL_DAYS}" ] ; then - - debuglog "executing: ${OPENSSL} x509 -noout -checkend $(( CRITICAL_DAYS * 86400 )) on cert element ${el_number}" - - if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend $(( CRITICAL_DAYS * 86400 )) > /dev/null ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" - return 2 - fi - - fi - - if [ -n "${WARNING_DAYS}" ] ; then - - debuglog "executing: ${OPENSSL} x509 -noout -checkend $(( WARNING_DAYS * 86400 )) on cert element ${el_number}" - - if ! echo "$1" | ${OPENSSL} x509 -noout -checkend $(( WARNING_DAYS * 86400 )) > /dev/null ; then - append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" - return 1 - fi - - fi - if [ -n "${NOT_VALID_LONGER_THAN}" ] ; then - debuglog "checking if the certificate is valid longer than ${NOT_VALID_LONGER_THAN} days" - debuglog " valid for ${DAYS_VALID} days" - if [ "${DAYS_VALID}" -gt "${NOT_VALID_LONGER_THAN}" ] ; then - debuglog "Certificate expires in ${DAYS_VALID} days which is more than ${NOT_VALID_LONGER_THAN} days" - prepend_critical_message "Certificate expires in ${DAYS_VALID} days which is more than ${NOT_VALID_LONGER_THAN} days" - return 2 - fi - fi - elif [ "${OPENSSL_COMMAND}" = "crl" ]; then - # CRL certificates - - # We always check expired certificates - if [ "${ELEM_DAYS_VALID}" -lt 1 ] ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} is expired (was valid until ${ELEM_END_DATE})" - return 2 - fi - - if [ -n "${CRITICAL_DAYS}" ] ; then - if [ "${ELEM_DAYS_VALID}" -lt "${CRITICAL_DAYS}" ] ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" - return 2 - fi - - fi - - if [ -n "${WARNING_DAYS}" ] ; then - if [ "${ELEM_DAYS_VALID}" -lt "${WARNING_DAYS}" ] ; then - append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" - return 1 - fi - - fi - fi -} - - -################################################################################ -# Converts SSL Labs or nmap grades to a numeric value -# (see https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide.pdf and -# https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html) -# Params -# $1 program name -# Sets NUMERIC_SSL_LAB_GRADE -convert_grade() { - - GRADE="$1" - - unset NUMERIC_SSL_LAB_GRADE - - case "${GRADE}" in - 'A+'|'a+') - # Value not in documentation - NUMERIC_SSL_LAB_GRADE=85 - shift - ;; - A|a|strong|Strong) - NUMERIC_SSL_LAB_GRADE=80 - shift - ;; - 'A-'|'a-') - # Value not in documentation - NUMERIC_SSL_LAB_GRADE=75 - shift - ;; - B|b) - NUMERIC_SSL_LAB_GRADE=65 - shift - ;; - C|c|weak|Weak) - NUMERIC_SSL_LAB_GRADE=50 - shift - ;; - D|d) - NUMERIC_SSL_LAB_GRADE=35 - shift - ;; - E|e) - NUMERIC_SSL_LAB_GRADE=20 - shift - ;; - F|f) - NUMERIC_SSL_LAB_GRADE=0 - shift - ;; - T|t|unknown|Unknown) - # No trust: value not in documentation - NUMERIC_SSL_LAB_GRADE=0 - shift - ;; - M|m) - # Certificate name mismatch: value not in documentation - NUMERIC_SSL_LAB_GRADE=0 - shift - ;; - *) - unknown "Cannot convert SSL Lab grade ${GRADE}" - ;; - esac - -} - -################################################################################ -# Tries to fetch the certificate - -fetch_certificate() { - - RET=0 - - # IPv6 addresses need brackets in a URI - if [ "${HOST_ADDR}" != "${HOST_ADDR#*[0-9].[0-9]}" ]; then - debuglog "${HOST_ADDR} is an IPv4 address" - elif [ "${HOST_ADDR}" != "${HOST_ADDR#*:[0-9a-fA-F]}" ]; then - debuglog "${HOST_ADDR} is an IPv6 address" - if [ -z "${HOST_ADDR##*\[*}" ] ; then - debuglog "${HOST_ADDR} is already specified with brackets" - else - debuglog "adding brackets to ${HOST_ADDR}" - HOST="[${HOST_ADDR}]" - fi - else - debuglog "${HOST_ADDR} is not an IP address" - fi - - if [ -n "${REQUIRE_OCSP_STAPLING}" ] ; then - STATUS='-status' - fi - - if [ "${DEBUG}" -ge 1 ] ; then - debuglog "Adding -ign_eof to the options" - IGN_EOF='-ign_eof' - fi - - # Check if a protocol was specified (if not HTTP switch to TLS) - if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" != 'http' ] && [ "${PROTOCOL}" != 'https' ] && [ "${PROTOCOL}" != 'h2' ] ; then - - case "${PROTOCOL}" in - pop3|ftp) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - pop3s|ftps) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - smtp) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - smtps) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - irc|ldap) - exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - ircs|ldaps) - exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - imap) - exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - imaps) - exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - postgres) - exec_with_timeout "printf 'X\\0\\0\\0\\4' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - sieve) - exec_with_timeout "echo 'LOGOUT' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - xmpp|xmpp-server) - exec_with_timeout "echo 'Q' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${XMPPPORT} ${XMPPHOST} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - mysql) - exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - *) - unknown "Error: unsupported protocol ${PROTOCOL}" - ;; - esac - - elif [ -n "${FILE}" ] ; then - - if [ "${HOST_NAME}" = "localhost" ] ; then - - debuglog "check if we have to convert the file ${FILE} to PEM" - debuglog "certificate type (1): $(${FILE_BIN} "${FILE}" | sed 's/.*://' )" - - if echo "${FILE}" | grep -q -E '[.](p12|pfx)$' ; then - - debuglog 'converting PKCS #12 to PEM' - - create_temporary_file; PKCS12_ERROR=${TEMPFILE} - - if [ -n "${PASSWORD_SOURCE}" ] ; then - debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys -passin ${PASSWORD_SOURCE}" - "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys -passin "${PASSWORD_SOURCE}" 2> "${PKCS12_ERROR}" - else - debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys" - "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys 2> "${PKCS12_ERROR}" - fi - - if [ $? -eq 1 ] ; then - unknown "Error converting ${FILE}: $( head -n 1 "${PKCS12_ERROR}" ) " - fi - - elif "${FILE_BIN}" "${FILE}" | grep -q -E '(data|Certificate)' ; then - - debuglog 'converting DER to PEM' - "${OPENSSL}" x509 -inform der -in "${FILE}" -out "${CERT}" - - else - - debuglog "Copying the certificate to ${CERT}" - /bin/cat "${FILE}" > "${CERT}" - RET=$? - - fi - - debuglog "storing the certificate to ${CERT}" - debuglog "certificate type (2): $(${FILE_BIN} "${CERT}" | sed 's/.*://' )" - - else - unknown "Error: option 'file' works with -H localhost only" - fi - - else - - if [ "${PROTOCOL}" = 'h2' ] ; then - ALPN='-alpn h2' - fi - - exec_with_timeout "printf '${HTTP_REQUEST}' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} ${ALPN} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -showcerts -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - - fi - - if [ -n "${DEBUG_CERT}" ] ; then - - debuglog "storing a copy of the retrieved certificate in ${HOST_NAME}.crt for debugging purposes" - cp "${CERT}" "${HOST_NAME}.crt" - - debuglog "storing a copy of the OpenSSL errors in ${HOST_NAME}.error for debugging purposes" - cp "${ERROR}" "${HOST_NAME}.error" - - fi - - debuglog "Return value of the command = ${RET}" - - if [ "${RET}" -ne 0 ] ; then - - debuglog "$(sed 's/^/SSL error: /' "${ERROR}")" - - # s_client could verify the server certificate because the server requires a client certificate - if ascii_grep '^Client Certificate Types' "${CERT}" ; then - - verboselog "the server requires a client certificate" - - elif ascii_grep 'nodename\ nor\ servname\ provided,\ or\ not\ known' "${ERROR}" || - ascii_grep 'connect\ argument\ or\ target\ parameter\ malformed\ or\ ambiguous' "${ERROR}" ; then - - ERROR="${HOST_ADDR} is not a valid hostname" - prepend_critical_message "${ERROR}" - critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - - elif ascii_grep 'Connection\ refused' "${ERROR}" ; then - - ERROR='Connection refused' - prepend_critical_message "${ERROR}" - critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - - elif ascii_grep 'Connection timed out' "${ERROR}" ; then - - ERROR='OpenSSL connection timed out' - prepend_critical_message "${ERROR}" - critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - - elif ascii_grep 'dh\ key\ too\ small' "${ERROR}" ; then - - prepend_critical_message 'DH with a key too small' - - elif ascii_grep 'alert\ handshake\ failure' "${ERROR}" ; then - - prepend_critical_message 'Handshake failure' - - elif ascii_grep 'wrong\ version\ number' "${ERROR}" ; then - - prepend_critical_message 'No TLS connection possible' - - elif ascii_grep 'Operation\ timed\ out' "${ERROR}" ; then - - ERROR='OpenSSL timed out' - prepend_critical_message "${ERROR}" - critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - - elif ascii_grep 'write:errno=54' "${ERROR}" ; then - - ERROR='No certificate returned (SNI reqired?)' - prepend_critical_message "${ERROR}" - critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - - elif ascii_grep "Didn't find STARTTLS in server response, trying anyway..." "${ERROR}" ; then - - ERROR="Didn't find STARTTLS in server response" - prepend_critical_message "${ERROR}" - critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - - else - - # Try to clean up the error message - # Remove the 'verify and depth' lines - # Take the 1st line (seems OK with the use cases I tested) - ERROR_MESSAGE=$( - grep -v '^depth' "${ERROR}" \ - | grep -v '^verify' \ - | head -n 1 - ) - - debuglog "Unknown error: ${ERROR_MESSAGE}" - - prepend_critical_message "SSL error: ${ERROR_MESSAGE}" - - fi - - else - - if ascii_grep usage "${ERROR}" && [ "${PROTOCOL}" = "ldap" ] ; then - unknown "it seems that OpenSSL -starttls does not support yet LDAP" - fi - - fi - -} - -################################################################################ -# Adds metric to performance data -# Params -# $1 performance data in nagios plugin format, -# see https://nagios-plugins.org/doc/guidelines.html#AEN200 -add_performance_data() { - if [ -z "${PERFORMANCE_DATA}" ]; then - PERFORMANCE_DATA="|${1}" - else - PERFORMANCE_DATA="${PERFORMANCE_DATA} $1" - fi -} - -################################################################################ -# Prepares sed-style command for variable replacement -# Params -# $1 variable name (e.g. SHORTNAME) -# $2 variable value (e.g. SSL_CERT) -var_for_sed() { - echo "s|%$1%|$( echo "$2" | sed -e 's#|#\\\\|#g' )|g" -} - -################################################################################ -# Performs a grep removing the NULL characters first -# -# As the POSIX grep does not have the -a option, we remove the NULL characters -# first to avoid the error Binary file matches -# -# Params -# $1 pattern -# $2 file -# -ascii_grep() { - tr -d '\000' < "$2" | grep -q "$1" -} - -################################################################################ -# Checks if there is an option argument (should not begin with -) -# -# Params -# $1 name of the option (e.g., '-w,--waring') to be used in the error message -# $2 next command line parameter -check_option_argument() { - - if [ -z "$2" ] || [ "${2%${2#?}}"x = '-x' ] ; then - unknown "'${1}' requires an argument" - fi - -} - -################################################################################ -# Parse command line options -# -# Params -# $* options -parse_command_line_options() { - - COMMAND_LINE_ARGUMENTS=$* - - while true; do - - case "$1" in - - ######################################## - # Options without arguments - - -A|--noauth) - NOAUTH=1 - shift - ;; - --all) - ALL=1 - shift - ;; - --altnames) - ALTNAMES=1 - shift - ;; - --check-ciphers-warnings) - CHECK_CIPHERS_WARNINGS=1 - shift - ;; - --crl) - CRL=1 - shift - ;; - -d|--debug) - DEBUG=$(( DEBUG + 1 )) - shift - ;; - --debug-cert) - DEBUG_CERT=1 - shift - ;; - -h|--help|-\?) - usage - ;; - --first-element-only) - FIRST_ELEMENT_ONLY=1 - shift - ;; - --force-perl-date) - FORCE_PERL_DATE=1 - shift - ;; - --http-use-get) - HTTP_METHOD="GET" - shift - ;; - --ignore-exp) - NOEXP=1 - shift - ;; - --ignore-altnames) - ALTNAMES= - shift - ;; - --ignore-host-cn) - COMMON_NAME= - ALTNAMES= - shift - ;; - --ignore-sig-alg) - NOSIGALG=1 - shift - ;; - --ignore-sct) - SCT= - shift - ;; - --ignore-ssl-labs-cache) - IGNORE_SSL_LABS_CACHE="&startNew=on" - shift - ;; - --ignore-tls-renegotiation) - IGNORE_TLS_RENEGOTIATION='1' - shift - ;; - --no-perf) - NO_PERF=1 - shift - ;; - --no-proxy) - NO_PROXY=1 - shift - ;; - --no-ssl2|--no_ssl2) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl2" - shift - ;; - --no-ssl3|--no_ssl3) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl3" - shift - ;; - --no-tls1|--no_tls1) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1" - shift - ;; - --no-tls1_1|--no_tls1_1) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_1" - shift - ;; - --no-tls1_2|--no_tls1_2) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_2" - shift - ;; - --no-tls1_3|--no_tls1_3) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_3" - shift - ;; - -N|--host-cn) - COMMON_NAME="__HOST__" - shift - ;; - -s|--selfsigned) - SELFSIGNED=1 - shift - ;; - --rsa) - RSA=1 - shift - ;; - --require-no-ssl2) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv2" - shift - ;; - --require-no-ssl3) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv3" - shift - ;; - --require-no-tls1) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.0" - shift - ;; - --require-no-tls1_1) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.1" - shift - ;; - --require-ocsp-stapling) - REQUIRE_OCSP_STAPLING=1 - shift - ;; - --require-san) - REQUIRE_SAN=1 - shift - ;; - --ecdsa) - ECDSA=1 - shift - ;; - --ssl2) - SSL_VERSION="-ssl2" - shift - ;; - --ssl3) - SSL_VERSION="-ssl3" - shift - ;; - --tls1) - SSL_VERSION="-tls1" - shift - ;; - --tls1_1) - SSL_VERSION="-tls1_1" - shift - ;; - --tls1_2) - SSL_VERSION="-tls1_2" - shift - ;; - --tls1_3) - SSL_VERSION="-tls1_3" - shift - ;; - --ocsp) - # deprecated - shift - ;; - --ignore-ocsp) - OCSP="" - shift - ;; - --ignore-ocsp-timeout) - OCSP_IGNORE_TIMEOUT=1 - shift - ;; - --terse) - TERSE=1 - shift - ;; - -v|--verbose) - VERBOSE=$((VERBOSE+1)) - shift - ;; - -V|--version) - echo "check_ssl_cert version ${VERSION}" - exit "${STATUS_UNKNOWN}" - ;; - -4) - INETPROTO="-4" - shift - ;; - -6) - INETPROTO="-6" - shift - ;; - - - ######################################## - # Options with one argument - - -c|--critical) - check_option_argument '-c,--critical' "$2" - CRITICAL_DAYS="$2" - shift 2 - ;; - --check-ciphers) - check_option_argument '--check-ciphers' "$2" - CHECK_CIPHERS="$2" - shift 2 - ;; - --curl-bin) - check_option_argument '--curl-bin' "$2" - CURL_BIN="$2" - shift 2 - ;; - --curl-user-agent) - check_option_argument '--curl-user-agent' "$2" - CURL_USER_AGENT="$2" - shift 2 - ;; - --custom-http-header) - check_option_argument '--custom-http-header' "$2" - CUSTOM_HTTP_HEADER="$2" - shift 2 - ;; - --date) - check_option_argument '--date' "$2" - DATEBIN="$2" - shift 2 - ;; - # Deprecated option: used to be as --warning - --days) - check_option_argument '--days' "$2" - WARNING_DAYS="$2" - shift 2 - ;; - --dig-bin) - check_option_argument '--dig-bin' "$2" - DIG_BIN="$2" - shift 2 - ;; - --inetproto) - check_option_argument '--inetproto' "$2" - INETPROTO="-$2" - shift 2 - ;; - --nmap-bin) - check_option_argument '--nmap-bin' "$2" - NMAP_BIN="$2" - ;; - -e|--email) - check_option_argument 'e|--email' "$2" - ADDR="$2" - shift 2 - ;; - -f|--file) - check_option_argument ' -f|--file' "$2" - FILE="$2" - COMMON_NAME= - ALTNAMES= - shift 2 - ;; - --file-bin) - check_option_argument '--file-bin' "$2" - FILE_BIN="$2" - shift 2 - ;; - --format) - check_option_argument '--format' "$2" - FORMAT="$2" - shift 2 - ;; - -H|--host) - check_option_argument '-H|--host' "$2" - HOST="$2" - shift 2 - ;; - -i|--issuer) - check_option_argument '-i|--issuer' "$2" - ISSUER="$2" - shift 2 - ;; - --issuer-cert-cache) - check_option_argument '--issuer-cert-cache' "$2" - ISSUER_CERT_CACHE="$2" - shift 2 - ;; - -L|--check-ssl-labs) - check_option_argument '-L|--check-ssl-labs' "$2" - SSL_LAB_CRIT_ASSESSMENT="$2" - shift 2 - ;; - --check-ssl-labs-warn) - check_option_argument '--check-ssl-labs-warn' "$2" - SSL_LAB_WARN_ASSESTMENT="$2" - shift 2 - ;; - --serial) - check_option_argument '--serial' "$2" - SERIAL_LOCK="$2" - shift 2 - ;; - --element) - check_option_argument '--element' "$2" - ELEMENT="$2" - shift 2 - ;; - --skip-element) - check_option_argument '--skip-element' "$2" - SKIP_ELEMENT="$2" - shift 2 - ;; - --fingerprint) - check_option_argument '--fingerprint' "$2" - FINGERPRINT_LOCK="$2" - shift 2 - ;; - --long-output) - check_option_argument '--long-output' "$2" - LONG_OUTPUT_ATTR="$2" - shift 2 - ;; - -n|--cn) - check_option_argument ' -n|--cn' "$2" - COMMON_NAME="${2}" - shift 2 - ;; - --not-issued-by) - check_option_argument '--not-issued-by' "$2" - NOT_ISSUED_BY="$2" - shift 2 - ;; - --not-valid-longer-than) - check_option_argument '--not-valid-longer-than' "$2" - NOT_VALID_LONGER_THAN=$2 - shift 2 - ;; - --ocsp-critical) - check_option_argument '--ocsp-critical' "$2" - OCSP_CRITICAL="$2" - shift 2 - ;; - --ocsp-warning) - check_option_argument '--ocsp-warning' "$2" - OCSP_WARNING="$2" - shift 2 - ;; - -o|--org) - check_option_argument '-o|--org' "$2" - ORGANIZATION="$2" - shift 2 - ;; - --openssl) - check_option_argument '--openssl' "$2" - OPENSSL="$2" - shift 2 - ;; - --password) - check_option_argument '--password' "$2" - PASSWORD_SOURCE="$2" - shift 2 - ;; - -p|--port) - check_option_argument '-p|--port' "$2" - PORT="$2" - XMPPPORT="$2" - shift 2 - ;; - -P|--protocol) - check_option_argument '-P|--protocol' "$2" - PROTOCOL="$2" - shift 2 - ;; - --proxy) - check_option_argument '--proxy' "$2" - PROXY="$2" - export http_proxy="$2" - shift 2 - ;; - --resolve) - check_option_argument '--resolve' "$2" - RESOLVE="$2" - shift 2 - ;; - -r|--rootcert) - check_option_argument '-r|--rootcert' "$2" - ROOT_CA="$2" - shift 2 - ;; - --rootcert-dir) - check_option_argument '--rootcert-dir' "$2" - ROOT_CA_DIR="$2" - shift 2 - ;; - --rootcert-file) - check_option_argument '--rootcert-file' "$2" - ROOT_CA_FILE="$2" - shift 2 - ;; - -C|--clientcert) - check_option_argument '-C|--clientcert' "$2" - CLIENT_CERT="$2" - shift 2 - ;; - -K|--clientkey) - check_option_argument '-K|--clientkey' "$2" - CLIENT_KEY="$2" - shift 2 - ;; - --clientpass) - if [ $# -gt 1 ]; then - CLIENT_PASS="$2" - shift 2 - else - unknown "--clientpass requires an argument" - fi - ;; - --sni) - check_option_argument '--sni' "$2" - SNI="$2" - shift 2 - ;; - -S|--ssl) - check_option_argument '' "$2" - if [ "$2" = "2" ] || [ "$2" = "3" ] ; then - SSL_VERSION="-ssl${2}" - shift 2 - else - unknown "invalid argument for --ssl" - fi - ;; - -t|--timeout) - check_option_argument '-t|--timeout' "$2" - TIMEOUT="$2" - shift 2 - ;; - --temp) - check_option_argument '--temp' "$2" - TMPDIR="$2" - shift 2 - ;; - -u|--url) - check_option_argument '-u|--url' "$2" - HTTP_REQUEST_URL="$2" - shift 2 - ;; - -w|--warning) - check_option_argument '-w|--warning' "$2" - WARNING_DAYS="$2" - shift 2 - ;; - --xmpphost) - check_option_argument '--xmpphost' "$2" - XMPPHOST="$2" - shift 2 - ;; - - ############################## - # Variable number of arguments - --dane) - - if [ -n "${DANE}" ]; then - unknown "--dane can be specified only once" - fi - - # check the second parameter if it exist - if [ $# -gt 1 ] ; then - - if [ "${2%${2#?}}"x = '-x' ] ; then - DANE=1 - shift - else - DANE=$2 - shift 2 - fi - - else - - DANE=1 - shift - - fi - - ;; - ######################################## - # Special - --) - shift - break - ;; - -*) - # we try to check for grouped variables - OPTION="${1}" - # if the option begins with a single dash and it's longer than one character - if ! echo "${OPTION}" | grep -q -- '^--' && - [ "$( echo "${OPTION}" | wc -c | sed 's/\ //g' )" -gt 3 ] ; then - if [ -n "${DEBUG}" ] ; then - echo "[DBG] unknown option ${OPTION}: splitting since it could be an option group" - fi - for letter in $( echo "${OPTION}" | sed 's/^-//' | grep -o . ) ; do - parse_command_line_options "-${letter}" - done - shift - else - unknown "invalid option: ${1}" - fi - ;; - *) - if [ -n "$1" ] ; then - unknown "invalid option: ${1}" - fi - break - ;; - esac - - done - -} - - -################################################################################ -# Main -################################################################################ -main() { - - # Default values - DEBUG="0" - FILE_BIN="" - CURL_BIN="" - CURL_PROXY="" - CURL_USER_AGENT="" - CUSTOM_HTTP_HEADER="" - DIG_BIN="" - NMAP_BIN="" - IGNORE_SSL_LABS_CACHE="" - PORT="" - XMPPPORT="5222" - XMPPHOST="" - SNI="" - TIMEOUT="120" - VERBOSE="0" - FORCE_PERL_DATE="" - REQUIRE_SAN="" - REQUIRE_OCSP_STAPLING="" - OCSP="1" # enabled by default - OCSP_IGNORE_TIMEOUT="" - FORMAT="" - HTTP_METHOD="HEAD" - RSA="" - ECDSA="" - DANE="" - DISALLOWED_PROTOCOLS="" - WARNING_DAYS=20 - CRITICAL_DAYS=15 - ELEMENT=0 - SKIP_ELEMENT=0 - NO_PROXY="" - PROXY="" - CRL="" - SCT="1" # enabled by default - HTTP_REQUEST_URL="/" - - COMMON_NAME="__HOST__" # enabled by default - ALTNAMES=1 # enabled by default - - # after 2020-09-01 we could set the default to 398 days because of Apple - # https://support.apple.com/en-us/HT211025 - NOT_VALID_LONGER_THAN="" - FIRST_ELEMENT_ONLY="" - - # Set the default temp dir if not set - if [ -z "${TMPDIR}" ] ; then - TMPDIR="/tmp" - fi - - ################################################################################ - # Process command line options - # - # We do not use getopts since it is unable to process long options and it is - # Bash specific. - - parse_command_line_options "$@" - - ################################################################################ - # Default ports - if [ -z "${PORT}" ]; then - - if [ -z "${PROTOCOL}" ]; then - - # default is HTTPS - PORT='443' - - else - - case "${PROTOCOL}" in - smtp) - PORT=25 - ;; - smtps) - PORT=465 - ;; - pop3) - PORT=110 - ;; - ftp|ftps) - PORT=21 - ;; - pop3s) - PORT=995 - ;; - irc|ircs) - PORT=6667 - ;; - ldap) - PORT=389 - ;; - ldaps) - PORT=636 - ;; - imap) - PORT=143 - ;; - imaps) - PORT=993 - ;; - postgres) - PORT=5432 - ;; - sieve) - PORT=4190 - ;; - http) - PORT=80 - ;; - https|h2) - PORT=443 - ;; - mysql) - PORT=3306 - ;; - *) - unknown "Error: unsupported protocol ${PROTOCOL}" - ;; - esac - - - fi - fi - - debuglog "Command line arguments: ${COMMAND_LINE_ARGUMENTS}" - - if [ -n "${ALL}" ] ; then - - # enable ciphers checks (level A) - CHECK_CIPHERS='A' - - # enable ciphers warnings - CHECK_CIPHERS_WARNINGS=1 - - # enable ciphers checks (level A) - SSL_LAB_CRIT_ASSESSMENT='A' - - REQUIRE_SAN=1 - - fi - - ############### - # Check options - if [ -z "${HOST}" ] ; then - usage "No host specified" - fi - - # we need the FQDN of an host to check the CN - if ! echo "${HOST}" | grep -q '[.]' && [ -z "${FILE}" ] && [ "${HOST}" != 'localhost' ] ; then - debuglog "Domain for ${HOST} missing" - DOMAIN=$( nslookup "${HOST}" | grep ^Name: | head -n 1 | cut -d. -f2- ) - if [ -z "${DOMAIN}" ] ; then - unknown "Cannot resolve ${HOST}" - fi - debuglog "Adding domain ${DOMAIN} to ${HOST}" - HOST="${HOST}.${DOMAIN}" - debuglog "New host: ${HOST}" - fi - - ################################################################################ - # Ususally SERVERADDR and SERVERNAME both contain the fully qualified domain name - # (FQDN) or IP address of the host to check - # - # If --resolve is specified (defining an alternative IP address for the HOST - # we set SERVERADDR to the address specified with --resolve and SERVERNAME to the - # FQDN of the host. - # - # In addition we set the Server Name Indication (SNI) to HOST so that when - # connecting with the IP address the server will be able to deliver the - # correct certificate - # - if [ -n "${RESOLVE}" ] ; then - - debuglog "Forcing ${HOST} to resolve to ${RESOLVE}" - - HOST_ADDR="${RESOLVE}" - HOST_NAME="${HOST}" - SNI="${HOST}" - - else - - HOST_ADDR="${HOST}" - HOST_NAME="${HOST}" - - fi - - debuglog "SNI = ${SNI}" - debuglog "HOST_NAME = ${HOST_NAME}" - debuglog "HOST_ADDR = ${HOST_ADDR}" - - - ################################################################################ - # Set COMMON_NAME to hostname if -N was given as argument. - # COMMON_NAME may be a space separated list of hostnames. - case ${COMMON_NAME} in - *__HOST__*) - # localhost is used for files to be checked: we ignore it - if [ "${HOST_NAME}" != 'localhost' ] ; then - COMMON_NAME=$(echo "${COMMON_NAME}" | sed "s/__HOST__/${HOST_NAME}/") - fi - ;; - *) ;; - esac - debuglog "COMMON_NAME = ${COMMON_NAME}" - - if [ -n "${ALTNAMES}" ] && [ -z "${COMMON_NAME}" ] ; then - unknown "--altnames requires a common name to match (--cn or --host-cn)" - fi - - if [ -n "${ROOT_CA}" ] ; then - - if [ ! -r "${ROOT_CA}" ] ; then - unknown "Cannot read root certificate ${ROOT_CA}" - fi - - if [ -d "${ROOT_CA}" ] ; then - ROOT_CA="-CApath ${ROOT_CA}" - elif [ -f "${ROOT_CA}" ] ; then - ROOT_CA="-CAfile ${ROOT_CA}" - else - unknown "Root certificate of unknown type $(file "${ROOT_CA}" 2> /dev/null)" - fi - - fi - - if [ -n "${ROOT_CA_DIR}" ] ; then - - if [ ! -d "${ROOT_CA_DIR}" ] ; then - unknown "${ROOT_CA_DIR} is not a directory"; - fi - - if [ ! -r "${ROOT_CA_DIR}" ] ; then - unknown "Cannot read root directory ${ROOT_CA_DIR}" - fi - - ROOT_CA_DIR="-CApath ${ROOT_CA_DIR}" - fi - - if [ -n "${ROOT_CA_FILE}" ] ; then - - if [ ! -r "${ROOT_CA_FILE}" ] ; then - unknown "Cannot read root certificate ${ROOT_CA_FILE}" - fi - - fi - - if [ -n "${ROOT_CA_DIR}" ] || [ -n "${ROOT_CA_FILE}" ]; then - if [ -n "${ROOT_CA_FILE}" ] ; then - ROOT_CA="${ROOT_CA_DIR} -CAfile ${ROOT_CA_FILE}" - else - ROOT_CA="${ROOT_CA_DIR}" - fi - fi - - if [ -n "${CLIENT_CERT}" ] ; then - - if [ ! -r "${CLIENT_CERT}" ] ; then - unknown "Cannot read client certificate ${CLIENT_CERT}" - fi - - fi - - if [ -n "${CLIENT_KEY}" ] ; then - - if [ ! -r "${CLIENT_KEY}" ] ; then - unknown "Cannot read client certificate key ${CLIENT_KEY}" - fi - - fi - - if [ -n "${FILE}" ] ; then - if [ ! -r "${FILE}" ] ; then - unknown "Cannot read file ${FILE}" - fi - fi - - # check if grep is in the path (see #244) - if ! echo 0 | grep 0 > /dev/null 2>&1 ; then - unknown "cannot execute grep: please check the PATH variable (${PATH})" - fi - - if [ -n "${CRITICAL_DAYS}" ] ; then - - debuglog "-c specified: ${CRITICAL_DAYS}" - - if ! echo "${CRITICAL_DAYS}" | grep -q '^[0-9][0-9]*$' ; then - unknown "invalid number of days '${CRITICAL_DAYS}'" - fi - - fi - - if [ -n "${WARNING_DAYS}" ] ; then - - if ! echo "${WARNING_DAYS}" | grep -q '^[0-9][0-9]*$' ; then - unknown "invalid number of days '${WARNING_DAYS}'" - fi - - fi - - if [ -n "${CRITICAL_DAYS}" ] && [ -n "${WARNING_DAYS}" ] ; then - - if [ "${WARNING_DAYS}" -le "${CRITICAL_DAYS}" ] ; then - unknown "--warning (${WARNING_DAYS}) is less than or equal to --critical (${CRITICAL_DAYS})" - fi - - fi - - if [ -n "${NOT_VALID_LONGER_THAN}" ] ; then - - debuglog "--not-valid-longer-than specified: ${NOT_VALID_LONGER_THAN}" - - if ! echo "${NOT_VALID_LONGER_THAN}" | grep -q '^[0-9][0-9]*$' ; then - unknown "invalid number of days '${NOT_VALID_LONGER_THAN}'" - fi - - fi - - if [ -n "${CRL}" ] && [ -z "${ROOT_CA_FILE}" ] ; then - - unknown "To be able to check CRL we need the Root Cert. Please specify it with the --rootcert-file option" - - fi - - if [ -n "${TMPDIR}" ] ; then - - if [ ! -d "${TMPDIR}" ] ; then - unknown "${TMPDIR} is not a directory"; - fi - - if [ ! -w "${TMPDIR}" ] ; then - unknown "${TMPDIR} is not writable"; - fi - - fi - - if [ -n "${OPENSSL}" ] ; then - - if [ ! -x "${OPENSSL}" ] ; then - unknown "${OPENSSL} is not an executable" - fi - - fi - - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then - convert_grade "${SSL_LAB_CRIT_ASSESSMENT}" - SSL_LAB_CRIT_ASSESSMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - fi - - if [ -n "${SSL_LAB_WARN_ASSESTMENT}" ] ; then - convert_grade "${SSL_LAB_WARN_ASSESTMENT}" - SSL_LAB_WARN_ASSESTMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then - if [ "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ]; then - unknown '--check-ssl-labs-warn must be greater than -L|--check-ssl-labs' - fi - fi - fi - - if [ -n "${CHECK_CIPHERS}" ] ; then - convert_grade "${CHECK_CIPHERS}" - CHECK_CIPHERS_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - fi - - debuglog "ROOT_CA = ${ROOT_CA}" - - # Signature algorithms - if [ -n "${RSA}" ] && [ -n "${ECDSA}" ] ; then - unknown 'both --rsa and --ecdsa specified: cannot force both ciphers at the same time' - fi - if [ -n "${ECDSA}" ] ; then - # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 - SSL_AU="ECDSA+SHA1:ECDSA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512" - fi - if [ -n "${RSA}" ] ; then - if echo "${SSL_VERSION_DISABLED}" | grep -F -q -- '-no_tls1_3' || - [ "${SSL_VERSION}" = '-tls1' ] || - [ "${SSL_VERSION}" = '-tls1_1' ] || - [ "${SSL_VERSION}" = '-tls1_2' ] ; then - # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 - # see https://github.com/matteocorti/check_ssl_cert/issues/167 - SSL_AU="RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" - else - # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 - SSL_AU="RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" - fi - fi - if [ -n "${SSL_AU}" ] ; then - if "${OPENSSL}" ciphers "${SSL_AU}" > /dev/null 2>&1 ; then - unknown "OpenSSL does not support cipher ${SSL_AU}" - fi - SSL_AU="-sigalgs '${SSL_AU}'" - fi - - ####################### - # Check needed programs - - # OpenSSL - if [ -z "${OPENSSL}" ] ; then - OPENSSL='openssl' - fi - check_required_prog "${OPENSSL}" - OPENSSL=${PROG} - - # file - if [ -z "${FILE_BIN}" ] ; then - FILE_BIN='file' - fi - check_required_prog "${FILE_BIN}" - FILE_BIN=${PROG} - - # date - if [ -z "${DATEBIN}" ] ; then - check_required_prog 'date' - DATEBIN=${PROG} - fi - - debuglog "file version: $( "${FILE_BIN}" --version 2>&1 )" - - # cURL - if [ -z "${CURL_BIN}" ] ; then - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ] || [ -n "${CRL}" ] ; then - debuglog "cURL binary needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}, CURL = ${CRL}" - debuglog "cURL binary not specified" - - check_required_prog curl - CURL_BIN=${PROG} - - debuglog "cURL available: ${CURL_BIN}" - debuglog "$( ${CURL_BIN} --version )" - - else - debuglog "cURL binary not needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}" - fi - else - # we check if the provided binary actually works - check_required_prog "${CURL_BIN}" - fi - - # nmap - if [ -z "${NMAP_BIN}" ] ; then - - if [ -n "${DISALLOWED_PROTOCOLS}" ] || [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then - - if [ -n "${DISALLOWED_PROTOCOLS}" ] ; then debuglog "nmap binary needed. DISALLOWED_PROTOCOLS = ${DISALLOWED_PROTOCOLS}" ; fi - if [ -n "${CHECK_CIPHERS}" ] ; then debuglog "nmap binary needed. CHECK_CIPHERS = ${CHECK_CIPHERS}" ; fi - if [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then debuglog "nmap binary needed. CHECK_CIPHERS_WARNINGS" ; fi - debuglog "nmap binary not specified" - - check_required_prog nmap - NMAP_BIN=${PROG} - - debuglog "nmap available: ${NMAP_BIN}" - else - debuglog "nmap binary not needed. No disallowed protocols" - fi - - else - # we check if the provided binary actually works - check_required_prog "${NMAP_BIN}" - - fi - - # Expect (optional) - EXPECT="$(command -v expect 2> /dev/null)" - test -x "${EXPECT}" || EXPECT="" - if [ -z "${EXPECT}" ] ; then - verboselog "expect not available" 2 - else - verboselog "expect available (${EXPECT})" 2 - fi - - # Timeout (optional) - TIMEOUT_BIN="$(command -v timeout 2> /dev/null)" - test -x "${TIMEOUT_BIN}" || TIMEOUT_BIN="" - if [ -z "${TIMEOUT_BIN}" ] ; then - verboselog "timeout not available" 2 - else - verboselog "timeout available (${TIMEOUT_BIN})" 2 - fi - - if [ -z "${TIMEOUT_BIN}" ] && [ -z "${EXPECT}" ] ; then - verboselog "disabling timeouts" - fi - - PERL="$(command -v perl 2> /dev/null)" - - if [ -n "${PERL}" ] ; then - debuglog "perl available: ${PERL}" - fi - - if [ -n "${DATEBIN}" ] ; then - debuglog "date available: ${DATEBIN}" - fi - - DATETYPE="" - - if ! "${DATEBIN}" +%s >/dev/null 2>&1 ; then - - debuglog "no date binary available" - - # Perl with Date::Parse (optional) - test -x "${PERL}" || PERL="" - if [ -z "${PERL}" ] ; then - verboselog "Perl not found: disabling date computations" - fi - - if ! ${PERL} -e "use Date::Parse;" > /dev/null 2>&1 ; then - - verboselog "Perl module Date::Parse not installed: disabling date computations" - - PERL="" - - else - - verboselog "Perl module Date::Parse installed: enabling date computations" - - DATETYPE="PERL" - - fi - - else - - debuglog 'checking date version' - - if "${DATEBIN}" --version 2>&1 | grep -F -q GNU ; then - DATETYPE='GNU' - elif "${DATEBIN}" --version 2>&1 | grep -F -q BusyBox ; then - DATETYPE='BUSYBOX' - else - DATETYPE='BSD' - fi - - verboselog "found ${DATETYPE} date with timestamp support: enabling date computations" 2 - - fi - - if [ -n "${FORCE_PERL_DATE}" ] ; then - DATETYPE="PERL" - fi - - if [ "${DEBUG}" -ge 1 ] ; then - - debuglog "check_ssl_cert version: ${VERSION}" - debuglog "OpenSSL binary: ${OPENSSL}" - if [ "${DEBUG}" -ge 1 ] ; then - debuglog "OpenSSL info:" - ${OPENSSL} version -a | sed 's/^/[DBG]/' - fi - OPENSSL_DIR="$( ${OPENSSL} version -d | sed -E 's/OPENSSLDIR: "([^"]*)"/\1/' )" - - debuglog "OpenSSL configuration directory: ${OPENSSL_DIR}" - - DEFAULT_CA=0 - if [ -f "${OPENSSL_DIR}"/cert.pem ] ; then - DEFAULT_CA="$( grep -c BEGIN "${OPENSSL_DIR}"/cert.pem )" - elif [ -f "${OPENSSL_DIR}"/certs ] ; then - DEFAULT_CA="$( grep -c BEGIN "${OPENSSL_DIR}"/certs )" - fi - debuglog "${DEFAULT_CA} root certificates installed by default" - - debuglog " System info: $( uname -a )" - debuglog "Date computation: ${DATETYPE}" - fi - - ################################################################################ - # Check if openssl s_client supports the -servername option - # - # openssl s_client now has a -help option, so we can use that. - # Some older versions support -servername, but not -help - # => We supply an invalid command line option to get the help - # on standard error for these intermediate versions. - # - SERVERNAME= - if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -servername || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -servername; then - - if [ -n "${SNI}" ]; then - SERVERNAME="-servername ${SNI}" - else - SERVERNAME="-servername ${HOST_NAME}" - fi - - debuglog "'${OPENSSL} s_client' supports '-servername': using ${SERVERNAME}" - - else - - verboselog "'${OPENSSL} s_client' does not support '-servername': disabling virtual server support" - - fi - - ################################################################################ - # Check if openssl s_client supports the specified protocol - if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" = 'sieve' ] ; then - if ${OPENSSL} s_client -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || ${OPENSSL} s_client -starttls sieve 2>&1 | grep -F -q 'error: usage:' ; then - unknown "OpenSSL does not support the protocol sieve" - fi - fi - - if [ -n "${PROXY}" ] && [ -n "${NO_PROXY}" ] ; then - unknown "Only one of --proxy or --no_proxy can be specfied" - fi - - ################################################################################ - # If --no-proxy was specified unset the http_proxy variables - if [ -n "${NO_PROXY}" ] ; then - debuglog "Disabling the proxy" - unset http_proxy - unset https_proxy - unset HTTP_PROXY - unset HTTPS_PROXY - fi - - ################################################################################ - # Check if openssl s_client supports the -proxy option - # - SCLIENT_PROXY= - SCLIENT_PROXY_ARGUMENT= - CURL_PROXY= - CURL_PROXY_ARGUMENT= - if [ -n "${http_proxy}" ] || [ -n "${HTTP_PROXY}" ] ; then - - debuglog "Proxy settings (before):" - debuglog " http_proxy = ${http_proxy}" - debuglog " https_proxy = ${https_proxy}" - debuglog " HTTP_PROXY = ${HTTP_PROXY}" - debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" - - if [ -n "${http_proxy}" ] ; then - HTTP_PROXY="${http_proxy}" - fi - - if [ -z "${https_proxy}" ] ; then - # try to set https_proxy - https_proxy="${http_proxy}" - fi - - if [ -z "${HTTPS_PROXY}" ] ; then - # try to set HTTPS_proxy - HTTPS_PROXY="${HTTP_PROXY}" - fi - - if ${CURL_BIN} --manual | grep -F -q -- --proxy ; then - debuglog "Adding --proxy ${HTTP_PROXY} to the cURL options" - CURL_PROXY="--proxy" - CURL_PROXY_ARGUMENT="${HTTP_PROXY}" - fi - - if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -proxy || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -proxy; then - SCLIENT_PROXY="-proxy" - SCLIENT_PROXY_ARGUMENT="$( echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//' )" - - debuglog "Adding -proxy ${SCLIENT_PROXY_ARGUMENT} to the s_client options" - - else - - verboselog "'${OPENSSL} s_client' does not support '-proxy': HTTP_PROXY could be ignored" - - fi - - debuglog "Proxy settings (after):" - debuglog " http_proxy = ${http_proxy}" - debuglog " https_proxy = ${https_proxy}" - debuglog " HTTP_PROXY = ${HTTP_PROXY}" - debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" - debuglog " s_client = ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT}" - debuglog " cURL = ${CURL_PROXY} ${CURL_PROXY_ARGUMENT}" - - fi - - ################################################################################ - # Check if openssl s_client supports the -name option - # - S_CLIENT_NAME= - if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -name || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -name; then - - CURRENT_HOSTNAME=$( hostname ) - S_CLIENT_NAME="-name ${CURRENT_HOSTNAME}" - - debuglog "'${OPENSSL} s_client' supports '-name': using ${CURRENT_HOSTNAME}" - - else - - verboselog "'${OPENSSL} s_client' does not support '-name'" - - fi - - ################################################################################ - # Check if openssl s_client supports the -xmpphost option - # - if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -xmpphost ; then - XMPPHOST="-xmpphost ${XMPPHOST:-${HOST_NAME}}" - debuglog "'${OPENSSL} s_client' supports '-xmpphost': using ${XMPPHOST}" - else - if [ -n "${XMPPHOST}" ] ; then - unknown " s_client' does not support '-xmpphost'" - fi - XMPPHOST= - verboselog "'${OPENSSL} s_client' does not support '-xmpphost': disabling 'to' attribute" - fi - - ################################################################################ - # check if openssl s_client supports the SSL TLS version - if [ -n "${SSL_VERSION}" ] ; then - if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${SSL_VERSION}" ; then - unknown "OpenSSL does not support the ${SSL_VERSION} version" - fi - fi - - ################################################################################ - # --inetproto validation - if [ -n "${INETPROTO}" ] ; then - - # validate the arguments - if [ "${INETPROTO}" != "-4" ] && [ "${INETPROTO}" != "-6" ] ; then - VERSION=$(echo "${INETPROTO}" | awk '{ string=substr($0, 2); print string; }' ) - unknown "Invalid argument '${VERSION}': the value must be 4 or 6" - fi - - # Check if openssl s_client supports the -4 or -6 option - if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${INETPROTO}" ; then - unknown "OpenSSL does not support the ${INETPROTO} option" - fi - - # Check if cURL is needed and if it supports the -4 and -6 options - if [ -z "${CURL_BIN}" ] ; then - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ] ; then - if ! "${CURL_BIN}" --manual | grep -F -q -- -6 && [ -n "${INETPROTO}" ] ; then - unknown "cURL does not support the ${INETPROTO} option" - fi - fi - fi - - # check if IPv6 is available locally - if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" -eq "-6" ] && ! ifconfig -a | grep -F -q inet6 ; then - unknown "cannot connect using IPv6 as no local interface has IPv6 configured" - fi - - # nmap does not have a -4 switch - NMAP_INETPROTO='' - if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" = '-6' ] ; then - NMAP_INETPROTO='-6' - fi - - - fi - - ################################################################################ - # Check if s_client supports the no_ssl options - for S_CLIENT_OPTION in ${SSL_VERSION_DISABLED} ; do - require_s_client_option "${S_CLIENT_OPTION}" - done - - ################################################################################ - # define the HTTP request string - if [ -n "${SNI}" ]; then - HOST_HEADER="${SNI}" - else - HOST_HEADER="${HOST_NAME}" - fi - - # add newline if custom HTTP header is defined - if [ -n "${CUSTOM_HTTP_HEADER}" ]; then - CUSTOM_HTTP_HEADER="${CUSTOM_HTTP_HEADER}\\n" - fi - - HTTP_REQUEST="${HTTP_METHOD} ${HTTP_REQUEST_URL} HTTP/1.1\\nHost: ${HOST_HEADER}\\nUser-Agent: check_ssl_cert/${VERSION}\\n${CUSTOM_HTTP_HEADER}Connection: close\\n\\n" - - ############################################################################## - # Check for disallowed protocols - if [ -n "${DISALLOWED_PROTOCOLS}" ] ; then - - # check if the host has an IPv6 address only (as nmap is not able to resolve without the -6 switch - if ${NMAP_BIN} "${HOST_ADDR}" 2>&1 | grep -F -q 'Failed to resolve' ; then - debuglog "nmap is not able to resolve the host name (${HOST_ADDR}). Trying with -6 to force IPv6 for an IPv6-only host" - - NMAP_INETPROTO='-6' - fi - - debuglog "Executing ${NMAP_BIN} -Pn -p \"${PORT}\" \"${NMAP_INETPROTO}\" --script ssl-enum-ciphers \"${HOST_ADDR}\" 2>&1 | grep '^|'" - - OFFERED_PROTOCOLS=$( ${NMAP_BIN} -Pn -p "${PORT}" "${NMAP_INETPROTO}" --script ssl-enum-ciphers "${HOST_ADDR}" 2>&1 | grep '^|' ) - - debuglog "offered cyphers and protocols:" - debuglog "${OFFERED_PROTOCOLS}" | sed 's/^|/[DBG] /' - - for protocol in ${DISALLOWED_PROTOCOLS} ; do - debuglog "Checking if '${protocol}' is offered" - if echo "${OFFERED_PROTOCOLS}" | grep -F -v 'No supported ciphers found' | grep -q "${protocol}" ; then - debuglog "'${protocol}' is offered" - prepend_critical_message "${protocol} is offered" - fi - - done - - fi - - ############################################################################## - # DANE - if [ -n "${DANE}" ] ; then - debuglog 'checking DANE' - if [ -z "${DIG_BIN}" ] ; then - DIG_BIN='dig' - fi - check_required_prog "${DIG_BIN}" - DIG_BIN=${PROG} - # check if OpenSSL supports -dane_tlsa_rrdata - if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -dane_tlsa_rrdata || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -dane_tlsa_rrdata; then - DIG_RESULT=$( "${DIG_BIN}" +short TLSA "_${PORT}._tcp.${HOST_ADDR}" |while read -r L; do echo " -dane_tlsa_rrdata '${L}' "; done ) - debuglog "Checking DANE (${DANE})" - debuglog "$(printf '%s\n' "${DIG_BIN} +short TLSA _${PORT}._tcp.${HOST_ADDR} =")" - debuglog "${DIG_RESULT}" - - case ${DANE} in - 1) - DANE=$( echo "${DIG_RESULT}" | tr -d '\n') - ;; - 211) - DANE=$( echo "${DIG_RESULT}" | grep -F '2 1 1' | tr -d '\n') - ;; - 301) - DANE=$( echo "${DIG_RESULT}" | grep -F '3 0 1' | tr -d '\n') - ;; - 311) - DANE=$( echo "${DIG_RESULT}" | grep -F '3 1 1' | tr -d '\n') - ;; - 302) - DANE=$( echo "${DIG_RESULT}" | grep -F '3 0 2' | tr -d '\n') - ;; - *) - unknown "Internal error: unknown DANE check type ${DANE}" - esac - debuglog "${#DANE} DANE =" - debuglog "${DANE}" - - if [ ${#DANE} -lt 5 ]; then - prepend_critical_message "No matching TLSA records found at _${PORT}._tcp.${HOST_ADDR}" - critical "${SHORTNAME} CRITICAL: No matching TLSA records found at _${PORT}._tcp.${HOST_ADDR}" - fi - DANE="${DANE} -dane_tlsa_domain ${HOST_ADDR} " - debuglog "DBG] DANE = ${DANE}" - else - unknown 'OpenSSL s_client does not support DNS-based Authentication of Named Entities' - fi - fi - ################################################################################ - # Fetch the X.509 certificate - - # Temporary storage for the certificate and the errors - create_temporary_file; CERT=${TEMPFILE} - create_temporary_file; ERROR=${TEMPFILE} - - create_temporary_file; CRL_TMP_DER=${TEMPFILE} - create_temporary_file; CRL_TMP_PEM=${TEMPFILE} - create_temporary_file; CRL_TMP_CHAIN=${TEMPFILE} - - if [ -n "${OCSP}" ] ; then - - create_temporary_file; ISSUER_CERT_TMP=${TEMPFILE} - create_temporary_file; ISSUER_CERT_TMP2=${TEMPFILE} - - fi - - if [ -n "${REQUIRE_OCSP_STAPLING}" ] ; then - create_temporary_file; OCSP_RESPONSE_TMP=${TEMPFILE} - fi - - verboselog "downloading certificate to ${TMPDIR}" - - CLIENT="" - if [ -n "${CLIENT_CERT}" ] ; then - CLIENT="-cert ${CLIENT_CERT}" - fi - if [ -n "${CLIENT_KEY}" ] ; then - CLIENT="${CLIENT} -key ${CLIENT_KEY}" - fi - - CLIENTPASS="" - if [ -n "${CLIENT_PASS}" ] ; then - CLIENTPASS="-pass pass:${CLIENT_PASS}" - fi - - # Cleanup before program termination - # Using named signals to be POSIX compliant - # shellcheck disable=SC2086 - trap_with_arg cleanup ${SIGNALS} - - fetch_certificate - - if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}" ; then - - if [ -n "${SERVERNAME}" ] ; then - - verboselog "'${OPENSSL} s_client' returned an error: trying without '-servername'" - - SERVERNAME="" - fetch_certificate - - fi - - if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}" ; then - - prepend_critical_message 'cannot fetch certificate: OpenSSL got an unexpected message' - - fi - - fi - - # check for TLS renegotiation - if [ -z "${IGNORE_TLS_RENEGOTIATION}" ] ; then - - verboselog "checking TLS renegotiation" - - # see https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/ - - case "${PROTOCOL}" in - pop3|ftp|smtp|irc|ldap|imap|postgres|sieve|xmpp|xmpp-server|mysql) - exec_with_timeout "printf 'R\\n' | openssl s_client -connect ${HOST_ADDR}:${PORT} -starttls ${PROTOCOL} 2>&1 | grep -F -q err" - RET=$? - ;; - *) - exec_with_timeout "printf 'R\\n' | openssl s_client -connect ${HOST_ADDR}:${PORT} 2>&1 | grep -F -q err" - RET=$? - ;; - esac - - if [ "${RET}" -eq 1 ] ; then - - if ascii_grep '^Secure\ Renegotiation\ IS\ NOT' "${CERT}" && ! ascii_grep 'TLSv1.3' "${CERT}" ; then - prepend_critical_message 'TLS renegotiation is supported but not secure' - fi - - fi - - fi - - if ascii_grep "BEGIN X509 CRL" "${CERT}" ; then - # we are dealing with a CRL file - OPENSSL_COMMAND="crl" - OPENSSL_PARAMS="-nameopt utf8,oneline,-esc_msb" - OPENSSL_ENDDATE_OPTION="-nextupdate" - else - # look if we are dealing with a regular certificate file (x509) - if ! ascii_grep "CERTIFICATE" "${CERT}" ; then - if [ -n "${FILE}" ] ; then - - if [ -r "${FILE}" ] ; then - - if "${OPENSSL}" crl -in "${CERT}" -inform DER | grep -F -q "BEGIN X509 CRL" ; then - debuglog "File is DER encoded CRL" - - OPENSSL_COMMAND="crl" - OPENSSL_PARAMS="-inform DER -nameopt utf8,oneline,-esc_msb" - OPENSSL_ENDDATE_OPTION="-nextupdate" - else - prepend_critical_message "'${FILE}' is not a valid certificate file" - fi - - else - - prepend_critical_message "'${FILE}' is not readable" - - fi - - else - # See - # http://stackoverflow.com/questions/1251999/sed-how-can-i-replace-a-newline-n - # - # - create a branch label via :a - # - the N command appends a newline and and the next line of the input - # file to the pattern space - # - if we are before the last line, branch to the created label $!ba - # ($! means not to do it on the last line (as there should be one final newline)) - # - finally the substitution replaces every newline with a space on - # the pattern space - ERROR_MESSAGE="$(sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/; /g' "${ERROR}")" - verboselog "error: ${ERROR_MESSAGE}" - prepend_critical_message "No certificate returned" - critical "${CRITICAL_MSG}" - fi - else - # parameters for regular x509 certificates - OPENSSL_COMMAND="x509" - OPENSSL_PARAMS="-nameopt utf8,oneline,-esc_msb" - OPENSSL_ENDDATE_OPTION="-enddate" - fi - - fi - - verboselog "parsing the ${OPENSSL_COMMAND} certificate file" - - ################################################################################ - # Parse the X.509 certificate or crl - # shellcheck disable=SC2086 - DATE="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" "${OPENSSL_ENDDATE_OPTION}" -noout | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//")" - - if [ "${OPENSSL_COMMAND}" = "crl" ]; then - CN="" - SUBJECT="" - SERIAL=0 - OCSP_URI="" - VALID_ATTRIBUTES=",lastupdate,nextupdate,issuer," - # shellcheck disable=SC2086 - ISSUERS="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -issuer -noout)" - else - # we need to remove everything before 'CN = ', to remove an eventual email supplied with / and additional elements (after ', ') - # shellcheck disable=SC2086 - if ${OPENSSL} x509 -in "${CERT}" -subject -noout ${OPENSSL_PARAMS} | grep -F -q 'CN' ; then - CN="$(${OPENSSL} x509 -in "${CERT}" -subject -noout ${OPENSSL_PARAMS} | - sed -e "s/^.*[[:space:]]*CN[[:space:]]=[[:space:]]//" -e "s/\\/[[:alpha:]][[:alpha:]]*=.*\$//" -e "s/,.*//" )" - else - CN='CN unavailable' - if [ -z "${ALTNAMES}" ] ; then - verboselog "certificate without common name (CN), enabling altername names" - ALTNAMES=1 - fi - fi - - # shellcheck disable=SC2086 - SUBJECT="$(${OPENSSL} x509 -in "${CERT}" -subject -noout ${OPENSSL_PARAMS})" - - SERIAL="$(${OPENSSL} x509 -in "${CERT}" -serial -noout | sed -e "s/^serial=//")" - - FINGERPRINT="$(${OPENSSL} x509 -in "${CERT}" -fingerprint -sha1 -noout | sed -e "s/^SHA1 Fingerprint=//")" - - # TO DO: we just take the first result: a loop over all the hosts should - # shellcheck disable=SC2086 - OCSP_URI="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -ocsp_uri -noout | head -n 1)" - - # count the certificates in the chain - NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") - - # start with first certificate - debuglog "Skipping ${SKIP_ELEMENT} element of the chain" - CERT_IN_CHAIN=$(( SKIP_ELEMENT + 1 )) - - # shellcheck disable=SC2086 - while [ "${CERT_IN_CHAIN}" -le "${NUM_CERTIFICATES}" ]; do - if [ -n "${ISSUERS}" ]; then - ISSUERS="${ISSUERS}\\n" - fi - # shellcheck disable=SC2086 - ISSUERS="${ISSUERS}$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | \ - awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}' | \ - ${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -issuer -noout)" - - CERT_IN_CHAIN=$(( CERT_IN_CHAIN + 1 )) - if ! [ "${ELEMENT}" -eq 0 ] && [ $(( CERT_IN_CHAIN - ELEMENT )) -lt 0 ]; then - break - fi - done - fi - - debuglog 'ISSUERS = ' - debuglog "${ISSUERS}" - - # Handle properly openssl x509 -issuer -noout output format differences: - # OpenSSL 1.1.0: issuer=C = XY, ST = Alpha, L = Bravo, O = Charlie, CN = Charlie SSL CA - # OpenSSL 1.0.2: issuer= /C=XY/ST=Alpha/L=Bravo/O=Charlie/CN=Charlie SSL CA 3 - # shellcheck disable=SC2086 - ISSUERS=$(echo "${ISSUERS}" | sed 's/\\n/\n/g' | sed -E -e "s/^issuer=( \\/)?//" | awk '{gsub(", ","\n")};1' | grep -E "^(O|CN) ?= ?") - - debuglog 'ISSUERS = ' - debuglog "${ISSUERS}" - - # we just consider the first HTTP(S) URI - # TODO check SC2016 - # shellcheck disable=SC2086,SC2016 - - ISSUER_URI="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep -F "CA Issuers" | grep -F -i "http" | head -n 1 | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;$(){}<>`&')" - - # Check OCSP stapling - if [ -n "${REQUIRE_OCSP_STAPLING}" ] ; then - - verboselog "checking OCSP stapling" - - grep -F -A 17 'OCSP response:' "${CERT}" > "${OCSP_RESPONSE_TMP}" - - debuglog "${OCSP_RESPONSE_TMP}" - - if ! ascii_grep 'Next Update' "${OCSP_RESPONSE_TMP}" ; then - prepend_critical_message "OCSP stapling not enabled" - else - verboselog " OCSP stapling enabled" - NEXT_UPDATE=$(grep -o 'Next Update: .*$' "${OCSP_RESPONSE_TMP}" | cut -b14-) - - - - OCSP_EXPIRES_IN_HOURS=$(hours_until "${NEXT_UPDATE}") - verboselog " OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours" - if [ -n "${OCSP_CRITICAL}" ] && [ "${OCSP_CRITICAL}" -ge "${OCSP_EXPIRES_IN_HOURS}" ] ; then - prepend_critical_message "${OPENSSL_COMMAND} OCSP stapling will expire in ${OCSP_EXPIRES_IN_HOURS} hour(s) on ${NEXT_UPDATE}" - elif [ -n "${OCSP_WARNING}" ] && [ "${OCSP_WARNING}" -ge "${OCSP_EXPIRES_IN_HOURS}" ] ; then - append_warning_message "${OPENSSL_COMMAND} OCSP stapling will expire in ${OCSP_EXPIRES_IN_HOURS} hour(s) on ${NEXT_UPDATE}" - fi - fi - - fi - - # shellcheck disable=SC2086 - SIGNATURE_ALGORITHM="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep -m 1 -F 'Signature Algorithm')" - - if [ "${DEBUG}" -ge 1 ] ; then - debuglog "${SUBJECT}" - debuglog "CN = ${CN}" - # shellcheck disable=SC2162 - echo "${ISSUERS}" | while read LINE; do - debuglog "CA = ${LINE}" - done - debuglog "SERIAL = ${SERIAL}" - debuglog "FINGERPRINT= ${FINGERPRINT}" - debuglog "OCSP_URI = ${OCSP_URI}" - debuglog "ISSUER_URI = ${ISSUER_URI}" - debuglog "${SIGNATURE_ALGORITHM}" - fi - - if echo "${SIGNATURE_ALGORITHM}" | grep -F -q "sha1" ; then - - if [ -n "${NOSIGALG}" ] ; then - - verboselog "${OPENSSL_COMMAND} Certificate is signed with SHA-1" - - else - - prepend_critical_message "${OPENSSL_COMMAND} Certificate is signed with SHA-1" - - fi - - fi - - if echo "${SIGNATURE_ALGORITHM}" | grep -F -qi "md5" ; then - - if [ -n "${NOSIGALG}" ] ; then - - verboselog "${OPENSSL_COMMAND} Certificate is signed with MD5" - - else - - prepend_critical_message "${OPENSSL_COMMAND} Certificate is signed with MD5" - - fi - - fi - - ################################################################################ - # Generate the long output - if [ -n "${LONG_OUTPUT_ATTR}" ] ; then - - check_attr() { - ATTR="$1" - if ! echo "${VALID_ATTRIBUTES}" | grep -q ",${ATTR}," ; then - unknown "Invalid certificate attribute: ${ATTR}" - else - # shellcheck disable=SC2086 - value="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -noout -nameopt utf8,oneline,-esc_msb -"${ATTR}" | sed -e "s/.*=//")" - LONG_OUTPUT="${LONG_OUTPUT}\\n${ATTR}: ${value}" - fi - - } - - # Split on comma - if [ "${LONG_OUTPUT_ATTR}" = "all" ] ; then - LONG_OUTPUT_ATTR="${VALID_ATTRIBUTES}" - fi - attributes=$( echo "${LONG_OUTPUT_ATTR}" | tr ',' "\\n" ) - for attribute in ${attributes} ; do - check_attr "${attribute}" - done - - LONG_OUTPUT="$(echo "${LONG_OUTPUT}" | sed 's/\\n/\n/g')" - - fi - - ################################################################################ - # Check the presence of a subjectAlternativeName (required for Chrome) - - # Do not use grep --after-context=NUM but -A NUM so that it works on BusyBox - - # shellcheck disable=SC2086 - SUBJECT_ALTERNATIVE_NAME=$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text | - grep -F -A 1 "509v3 Subject Alternative Name:" | - tail -n 1 | - sed -e "s/DNS://g" | - sed -e "s/,//g" | - sed -e "s/^\\ *//" - ) - debuglog "subjectAlternativeName = ${SUBJECT_ALTERNATIVE_NAME}" - if [ -n "${REQUIRE_SAN}" ] && [ -z "${SUBJECT_ALTERNATIVE_NAME}" ] && [ "${OPENSSL_COMMAND}" != "crl" ] ; then - prepend_critical_message "The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address." - fi - - ################################################################################ - # Check the CN - if [ -n "${COMMON_NAME}" ] ; then - - ok="" - - debuglog "check CN: ${CN}" - debuglog "COMMON_NAME = ${COMMON_NAME}" - debuglog "ALTNAMES = ${ALTNAMES}" - - # Common name is case insensitive: using grep for comparison (and not 'case' with 'shopt -s nocasematch' as not defined in POSIX - - if echo "${CN}" | grep -q -i "^\\*\\." ; then - - # Or the literal with the wildcard - debuglog "checking if the common name matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" - if echo "${COMMON_NAME}" | grep -q -i "^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" ; then - debuglog "the common name ${COMMON_NAME} matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" - ok="true" - fi - - # Or if both are exactly the same - debuglog "checking if the common name matches ^${CN}\$" - - if echo "${COMMON_NAME}" | grep -q -i "^${CN}\$" ; then - debuglog "the common name ${COMMON_NAME} matches ^${CN}\$" - ok="true" - fi - - else - - if echo "${COMMON_NAME}" | grep -q -i "^${CN}$" ; then - ok="true" - fi - - fi - - # Check alternate names - if [ -n "${ALTNAMES}" ] && [ -z "${ok}" ]; then - - for cn in ${COMMON_NAME} ; do - - ok="" - - debuglog '===============================' - debuglog "checking altnames against ${cn}" - - for alt_name in ${SUBJECT_ALTERNATIVE_NAME} ; do - - debuglog "check Altname: ${alt_name}" - - if echo "${alt_name}" | grep -q -i "^\\*\\." ; then - - # Match the domain - debuglog "the altname ${alt_name} begins with a '*'" - debuglog "checking if the common name matches ^$(echo "${alt_name}" | cut -c 3-)\$" - - if echo "${cn}" | grep -q -i "^$(echo "${alt_name}" | cut -c 3-)\$" ; then - debuglog "the common name ${cn} matches ^$( echo "${alt_name}" | cut -c 3- )\$" - ok="true" - - fi - - # Or the literal with the wildcard - debuglog "checking if the common name matches ^$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" - - if echo "${cn}" | grep -q -i "^$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" ; then - debuglog "the common name ${cn} matches ^$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" - ok="true" - fi - - # Or if both are exactly the same - debuglog "checking if the common name matches ^${alt_name}\$" - - if echo "${cn}" | grep -q -i "^${alt_name}\$" ; then - debuglog "the common name ${cn} matches ^${alt_name}\$" - ok="true" - fi - - else - - if echo "${cn}" | grep -q -i "^${alt_name}$" ; then - ok="true" - fi - - fi - - if [ -n "${ok}" ] ; then - break; - fi - - done - - if [ -z "${ok}" ] ; then - fail="${cn}" - break; - fi - - done - - fi - - if [ -n "${fail}" ] ; then - prepend_critical_message "invalid CN ('$(echo "${CN}" | sed "s/|/ PIPE /g")' does not match '${fail}')" - else - if [ -z "${ok}" ] ; then - prepend_critical_message "invalid CN ('$(echo "${CN}" | sed "s/|/ PIPE /g")' does not match '${COMMON_NAME}')" - fi - fi - - debuglog " CN check finished" - - fi - - ################################################################################ - # Check the issuer - if [ -n "${ISSUER}" ] ; then - - debuglog "check ISSUER: ${ISSUER}" - - ok="" - CA_ISSUER_MATCHED=$(echo "${ISSUERS}" | grep -E "^(O|CN) ?= ?${ISSUER}\$" | sed -E -e "s/^(O|CN) ?= ?//" | head -n1) - - debuglog " issuer matched = ${CA_ISSUER_MATCHED}" - - if [ -n "${CA_ISSUER_MATCHED}" ]; then - ok="true" - else - # this looks ugly but preserves spaces in CA name - prepend_critical_message "invalid CA ('$(echo "${ISSUER}" | sed "s/|/ PIPE /g")' does not match '$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | tr '\n' '|' | sed "s/|\$//g" | sed "s/|/\\' or \\'/g")')" - fi - - fi - - ################################################################################ - # Check if not issued by - if [ -n "${NOT_ISSUED_BY}" ] ; then - - debuglog "check NOT_ISSUED_BY: ${NOT_ISSUED_BY}" - - debuglog " executing echo \"${ISSUERS}\" | sed -E -e \"s/^(O|CN) ?= ?//\" | grep -E \"^${NOT_ISSUED_BY}\$\" | head -n1" - - ok="" - CA_ISSUER_MATCHED=$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | grep -E "^${NOT_ISSUED_BY}\$" | head -n1) - - debuglog " issuer matched = ${CA_ISSUER_MATCHED}" - - if [ -n "${CA_ISSUER_MATCHED}" ]; then - # this looks ugly but preserves spaces in CA name - prepend_critical_message "invalid CA ('$(echo "${NOT_ISSUED_BY}" | sed "s/|/ PIPE /g")' matches '$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | tr '\n' '|' | sed "s/|\$//g" | sed "s/|/\\' or \\'/g")')" - else - ok="true" - CA_ISSUER_MATCHED="$(echo "${ISSUERS}" | grep -E "^CN ?= ?" | sed -E -e "s/^CN ?= ?//" | head -n1)" - fi - - else - - CA_ISSUER_MATCHED="$(echo "${ISSUERS}" | grep -E "^CN ?= ?" | sed -E -e "s/^CN ?= ?//" | head -n1)" - - fi - - ################################################################################ - # Check the serial number - if [ -n "${SERIAL_LOCK}" ] ; then - - ok="" - - if echo "${SERIAL}" | grep -q "^${SERIAL_LOCK}\$" ; then - ok="true" - fi - - if [ -z "${ok}" ] ; then - prepend_critical_message "invalid serial number ('$(echo "${SERIAL_LOCK}" | sed "s/|/ PIPE /g")' does not match '${SERIAL}')" - fi - - fi - ################################################################################ - # Check the Fingerprint - if [ -n "${FINGERPRINT_LOCK}" ] ; then - - ok="" - - if echo "${FINGERPRINT}" | grep -q -E "^${FINGERPRINT_LOCK}\$" ; then - ok="true" - fi - - if [ -z "${ok}" ] ; then - prepend_critical_message "invalid SHA1 Fingerprint ('$(echo "${FINGERPRINT_LOCK}" | sed "s/|/ PIPE /g")' does not match '${FINGERPRINT}')" - fi - - fi - - ################################################################################ - # Check the validity - if [ -z "${NOEXP}" ] ; then - - debuglog "Checking expiration date" - if [ -n "${FIRST_ELEMENT_ONLY}" ] || [ "${OPENSSL_COMMAND}" = "crl" ]; then - check_cert_end_date "$(cat "${CERT}")" - else - # count the certificates in the chain - NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") - debuglog "Number of certificates in CA chain: $((NUM_CERTIFICATES))" - debuglog "Skipping ${SKIP_ELEMENT} element of the chain" - - CERT_IN_CHAIN=$(( SKIP_ELEMENT + 1 )) - while [ "${CERT_IN_CHAIN}" -le "${NUM_CERTIFICATES}" ]; do - elem_number=$((CERT_IN_CHAIN)) - chain_element=$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | \ - awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}') - - debuglog '------------------------------------------------------------------------------' - check_cert_end_date "${chain_element}" "${elem_number}" - - debuglog '------------------------------------------------------------------------------' - check_ocsp "${chain_element}" "${elem_number}" - - if [ -n "${CRL}" ] ; then - debuglog '------------------------------------------------------------------------------' - check_crl "${chain_element}" "${elem_number}" - fi - - CERT_IN_CHAIN=$(( CERT_IN_CHAIN + 1 )) - if ! [ "${ELEMENT}" -eq 0 ] && [ $(( CERT_IN_CHAIN - ELEMENT )) -lt 0 ]; then - break - fi - done - fi - - fi - - ################################################################################ - # Check SSL Labs - if [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then - - verboselog "checking offered ciphers with nmap" - - if [ -n "${CHECK_CIPHERS}" ] ; then - debuglog "Checking offered ciphers (minimum level ${CHECK_CIPHERS}: ${CHECK_CIPHERS_NUMERIC})" - fi - - create_temporary_file; NMAP_OUT=${TEMPFILE} - create_temporary_file; NMAP_ERR=${TEMPFILE} - - exec_with_timeout "nmap -sV --script ssl-enum-ciphers ${HOST_ADDR} -p ${PORT}" "${NMAP_OUT}" "${NMAP_ERR}" - - if [ "${DEBUG}" -ge 1 ] ; then - debuglog 'nmap output:' - while read -r LINE; do - debuglog "${LINE}" - done < "${NMAP_OUT}" - debuglog 'nmap errors:' - if [ -s "${NMAP_ERR}" ] ; then - while read -r LINE; do - debuglog "${LINE}" - done < "${NMAP_ERR}" - fi - fi - - if [ -s "${NMAP_ERR}" ] ; then - NMAP_ERROR=$( head -n 1 "${NMAP_ERR}" ) - unknown "nmap exited with error: ${NMAP_ERROR}" - fi - - if ! grep -F -q '| ssl-enum-ciphers' "${NMAP_OUT}" ; then - unknown "empty nmap result while checking ciphers" - fi - - if [ -n "${CHECK_CIPHERS}" ] ; then - - NMAP_GRADE=$( grep -F 'least strength' "${NMAP_OUT}" | sed 's/.*\ //' ) - convert_grade "${NMAP_GRADE}" - NMAP_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - - verboselog "nmap cipher grade ${NMAP_GRADE}: ${NMAP_GRADE_NUMERIC}" - - # Check the grade - if [ "${NMAP_GRADE_NUMERIC}" -lt "${CHECK_CIPHERS_NUMERIC}" ] ; then - prepend_critical_message "${HOST_ADDR} offers ciphers with grade ${NMAP_GRADE} (instead of ${CHECK_CIPHERS})" - fi - - fi - - if [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then - - if grep -F -q 'warnings:' "${NMAP_OUT}" ; then - - PARSING_WARNINGS= - WARNINGS= - while IFS= read -r line; do - - if echo "${line}" | grep -q -F 'warnings:' ; then - PARSING_WARNINGS=1 - elif echo "${line}" | grep -q -F ':' ; then - PARSING_WARNINGS= - elif [ -n "${PARSING_WARNINGS}" ] ; then - WARNING=$( echo "${line}" | sed 's/|\ *//' ) - if [ -n "${WARNINGS}" ] ; then - debuglog "Cipher warning '${WARNING}'" - WARNINGS="${WARNINGS}\\n${WARNING}" - else - WARNINGS="${WARNING}" - fi - fi - - done < "${NMAP_OUT}" - - WARNINGS=$( echo "${WARNINGS}" | sort | uniq | tr '\n' ',' | sed 's/,/,\ /g' | sed 's/,\ $//' ) - prepend_critical_message "${HOST_ADDR} offers ciphers with warning: ${WARNINGS}" - - fi - - fi - - fi - - ################################################################################ - # Check SSL Labs - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then - - verboselog "checking SSL Labs assessment" - - while true; do - - debuglog "http_proxy = ${http_proxy}" - debuglog "HTTPS_PROXY = ${HTTPS_PROXY}" - debuglog "executing ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}\"" - - if [ -n "${SNI}" ] ; then - JSON="$(${CURL_BIN} "${CURL_PROXY}" "${CURL_PROXY_ARGUMENT}" "${INETPROTO}" --silent "https://api.ssllabs.com/api/v2/analyze?host=${SNI}${IGNORE_SSL_LABS_CACHE}")" - CURL_RETURN_CODE=$? - else - JSON="$(${CURL_BIN} "${CURL_PROXY}" "${CURL_PROXY_ARGUMENT}" "${INETPROTO}" --silent "https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}")" - CURL_RETURN_CODE=$? - fi - - if [ "${CURL_RETURN_CODE}" -ne 0 ] ; then - - debuglog "curl returned ${CURL_RETURN_CODE}: ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}\"" - - unknown "Error checking SSL Labs: curl returned ${CURL_RETURN_CODE}, see 'man curl' for details" - - fi - - JSON="$(printf '%s' "${JSON}" | tr '\n' ' ' )" - - debuglog "Checking SSL Labs: ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}\"" - debuglog "SSL Labs JSON: ${JSON}" - - # We clear the cache only on the first run - IGNORE_SSL_LABS_CACHE="" - - if echo "${JSON}" | grep -F -q 'Running\ at\ full\ capacity.\ Please\ try\ again\ later' ; then - verboselog 'SSL Labs running at full capacity' - else - - SSL_LABS_HOST_STATUS=$(echo "${JSON}" \ - | sed 's/.*"status":[ ]*"\([^"]*\)".*/\1/') - - debuglog "SSL Labs status: ${SSL_LABS_HOST_STATUS}" - - case "${SSL_LABS_HOST_STATUS}" in - 'ERROR') - SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" \ - | sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') - prepend_critical_message "Error checking SSL Labs: ${SSL_LABS_STATUS_MESSAGE}" - ;; - 'READY') - if ! echo "${JSON}" | grep -F -q "grade" ; then - - # Something went wrong - SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" \ - | sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') - prepend_critical_message "SSL Labs error: ${SSL_LABS_STATUS_MESSAGE}" - break - - else - - SSL_LABS_HOST_GRADE=$(echo "${JSON}" \ - | sed 's/.*"grade":[ ]*"\([^"]*\)".*/\1/') - - debuglog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" - - verboselog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" - - convert_grade "${SSL_LABS_HOST_GRADE}" - SSL_LABS_HOST_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - - add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" - - # Check the grade - if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ] ; then - prepend_critical_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_CRIT_ASSESSMENT})" - elif [ -n "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then - if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ] ; then - append_warning_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_WARN_ASSESTMENT})" - fi - fi - - debuglog "SSL Labs grade (converted): ${SSL_LABS_HOST_GRADE_NUMERIC}" - - # We have a result: exit - break - - fi - ;; - 'IN_PROGRESS') - # Data not yet available: warn and continue - verboselog "warning: no cached data by SSL Labs, check initiated" - ;; - 'DNS') - verboselog "SSL Labs cannot resolve the domain name" - ;; - *) - # Try to extract a message - SSL_LABS_ERROR_MESSAGE=$(echo "${JSON}" \ - | sed 's/.*"message":[ ]*"\([^"]*\)".*/\1/') - - if [ -z "${SSL_LABS_ERROR_MESSAGE}" ] ; then - SSL_LABS_ERROR_MESSAGE="${JSON}" - fi - - prepend_critical_message "Cannot check status on SSL Labs: ${SSL_LABS_ERROR_MESSAGE}" - esac - - fi - - WAIT_TIME=60 - verboselog "waiting ${WAIT_TIME} seconds" - - sleep "${WAIT_TIME}" - - done - - fi - - ################################################################################ - # Check the organization - if [ -n "${ORGANIZATION}" ] ; then - - debuglog "Checking organization ${ORGANIZATION}" - - ORG=$(${OPENSSL} x509 -in "${CERT}" -subject -noout | sed -e "s/.*\\/O=//" -e "s/\\/.*//") - - if ! echo "${ORG}" | grep -q -E "^${ORGANIZATION}" ; then - prepend_critical_message "invalid organization ('$(echo "${ORGANIZATION}" | sed "s/|/ PIPE /g")' does not match '${ORG}')" - fi - - fi - - ################################################################################ - # Check the organization - if [ -n "${ADDR}" ] ; then - - EMAIL=$(${OPENSSL} x509 -in "${CERT}" -email -noout) - - verboselog "checking email (${ADDR}): ${EMAIL}" - - if [ -z "${EMAIL}" ] ; then - - debuglog "no email in certificate" - - prepend_critical_message "the certificate does not contain an email address" - - else - - if ! echo "${EMAIL}" | grep -q -E "^${ADDR}" ; then - prepend_critical_message "invalid email ('$(echo "${ADDR}" | sed "s/|/ PIPE /g")' does not match ${EMAIL})" - fi - - fi - - fi - - ################################################################################ - # Check if the certificate was verified - if [ -z "${NOAUTH}" ] && ascii_grep '^verify\ error:' "${ERROR}" ; then - - debuglog 'Checking if the certificate was self signed' - - if ascii_grep '^verify\ error:num=[0-9][0-9]*:self\ signed\ certificate' "${ERROR}" ; then - - if [ -z "${SELFSIGNED}" ] ; then - prepend_critical_message "Cannot verify certificate, self signed certificate" - else - SELFSIGNEDCERT="self signed " - fi - - elif ascii_grep '^verify\ error:num=[0-9][0-9]*:certificate\ has\ expired' "${ERROR}" ; then - - debuglog 'Cannot verify since the certificate has expired.' - - else - - debuglog "$(sed 's/^/Error: /' "${ERROR}")" - - # Process errors - details=$( grep '^verify\ error:' "${ERROR}" | sed 's/verify\ error:num=[0-9]*://' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/, /g' ) - prepend_critical_message "Cannot verify certificate: ${details}" - - fi - - fi - - ############################################################################## - # Check for Signed Certificate Timestamps (SCT) - if [ -z "${SELFSIGNED}" ] ; then - - # check if OpenSSL supoort SCTs - if openssl_version '1.1.0' ; then - - debuglog 'Checking Signed Certificate Timestamps (SCTs)' - - if [ -n "${SCT}" ] && ! "${OPENSSL}" x509 -in "${CERT}" -text -noout | grep -F -q 'SCTs' ; then - prepend_critical_message "Cannot find Signed Certificate Timestamps (SCT)" - fi - - else - verboselog 'Skipping SCTs check as not supported by OpenSSL' - fi - fi - - # if errors exist at this point return - if [ "${CRITICAL_MSG}" != "" ] ; then - critical "${CRITICAL_MSG}" - fi - - if [ "${WARNING_MSG}" != "" ] ; then - warning "${WARNING_MSG}" - fi - - ################################################################################ - # If we get this far, assume all is well. :) - - # If --altnames was specified or if the certificate is wildcard, - # then we show the specified CN in addition to the certificate CN - CHECKEDNAMES="" - if [ -n "${ALTNAMES}" ] && [ -n "${COMMON_NAME}" ] && [ "${CN}" != "${COMMON_NAME}" ]; then - CHECKEDNAMES="(${COMMON_NAME}) " - elif [ -n "${COMMON_NAME}" ] && echo "${CN}" | grep -q -i "^\\*\\." ; then - CHECKEDNAMES="(${COMMON_NAME}) " - fi - - if [ -n "${DAYS_VALID}" ] ; then - # nicer formatting - if [ "${DAYS_VALID}" -gt 1 ] ; then - DAYS_VALID=" (expires in ${DAYS_VALID} days)" - elif [ "${DAYS_VALID}" -eq 1 ] ; then - DAYS_VALID=" (expires tomorrow)" - elif [ "${DAYS_VALID}" -eq 0 ] ; then - DAYS_VALID=" (expires today)" - elif [ "${DAYS_VALID}" -eq -1 ] ; then - DAYS_VALID=" (expired yesterday)" - else - DAYS_VALID=" (expired ${DAYS_VALID} days ago)" - fi - fi - - if [ -n "${OCSP_EXPIRES_IN_HOURS}" ] ; then - # nicer formatting - if [ "${OCSP_EXPIRES_IN_HOURS}" -gt 1 ] ; then - OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours)" - elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 1 ] ; then - OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires in one hour)" - elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 0 ] ; then - OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires now)" - elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq -1 ] ; then - OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expired one hour ago)" - else - OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expired ${OCSP_EXPIRES_IN_HOURS} hours ago)" - fi - fi - - if [ -n "${SSL_LABS_HOST_GRADE}" ] ; then - SSL_LABS_HOST_GRADE=", SSL Labs grade: ${SSL_LABS_HOST_GRADE}" - fi - - if [ -z "${CN}" ]; then - DISPLAY_CN="" - else - DISPLAY_CN="'${CN}' " - fi - - if [ -z "${FORMAT}" ]; then - if [ -n "${TERSE}" ]; then - FORMAT="%SHORTNAME% OK %CN% %DAYS_VALID%" - else - FORMAT="%SHORTNAME% OK - %OPENSSL_COMMAND% %SELFSIGNEDCERT%certificate %DISPLAY_CN%%CHECKEDNAMES%from '%CA_ISSUER_MATCHED%' valid until %DATE%%DAYS_VALID%%OCSP_EXPIRES_IN_HOURS%%SSL_LABS_HOST_GRADE%" - fi - fi - - # long output - if [ -z "${TERSE}" ] ; then - EXTRA_OUTPUT="${LONG_OUTPUT}" - fi - # performance - if [ -z "${NO_PERF}" ] ; then - EXTRA_OUTPUT="${EXTRA_OUTPUT}${PERFORMANCE_DATA}" - fi - - debuglog "output parameters: CA_ISSUER_MATCHED = ${CA_ISSUER_MATCHED}" - debuglog "output parameters: CHECKEDNAMES = ${CHECKEDNAMES}" - debuglog "output parameters: CN = ${CN}" - debuglog "output parameters: DATE = ${DATE}" - debuglog "output parameters: DAYS_VALID = ${DAYS_VALID}" - debuglog "output parameters: DYSPLAY_CN = ${DISPLAY_CN}" - debuglog "output parameters: OPENSSL_COMMAND = ${OPENSSL_COMMAND}" - debuglog "output parameters: SELFSIGNEDCERT = ${SELFSIGNEDCERT}" - debuglog "output parameters: SHORTNAME = ${SHORTNAME}" - debuglog "output parameters: OCSP_EXPIRES_IN_HOURS = ${OCSP_EXPIRES_IN_HOURS}" - debuglog "output parameters: SSL_LABS_HOST_GRADE = ${SSL_LABS_HOST_GRADE}" - - echo "${FORMAT}${EXTRA_OUTPUT}" | sed \ - -e "$( var_for_sed CA_ISSUER_MATCHED "${CA_ISSUER_MATCHED}" )" \ - -e "$( var_for_sed CHECKEDNAMES "${CHECKEDNAMES}" )" \ - -e "$( var_for_sed CN "${CN}" )" \ - -e "$( var_for_sed DATE "${DATE}" )" \ - -e "$( var_for_sed DAYS_VALID "${DAYS_VALID}" )" \ - -e "$( var_for_sed DISPLAY_CN "${DISPLAY_CN}" )" \ - -e "$( var_for_sed OPENSSL_COMMAND "${OPENSSL_COMMAND}" )" \ - -e "$( var_for_sed SELFSIGNEDCERT "${SELFSIGNEDCERT}" )" \ - -e "$( var_for_sed SHORTNAME "${SHORTNAME}" )" \ - -e "$( var_for_sed OCSP_EXPIRES_IN_HOURS "${OCSP_EXPIRES_IN_HOURS}" )" \ - -e "$( var_for_sed SSL_LABS_HOST_GRADE "${SSL_LABS_HOST_GRADE}" )" - - remove_temporary_files - - exit "${STATUS_OK}" - -} - -# Defined externally -# shellcheck disable=SC2154 -if [ -z "${SOURCE_ONLY}" ]; then - main "${@}" -fi diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.1 nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.1 --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.1 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.1 1970-01-01 00:00:00.000000000 +0000 @@ -1,350 +0,0 @@ -.\" Process this file with -.\" groff -man -Tascii check_ssl_cert.1 -.\" -.TH "check_ssl_cert" 1 "May, 2021" "2.2.0" "USER COMMANDS" -.SH NAME -check_ssl_cert \- checks the validity of X.509 certificates -.SH SYNOPSIS -.BR "check_ssl_cert " "-H host [OPTIONS]" -.SH DESCRIPTION -.B check_ssl_cert -A Nagios plugin to check an X.509 certificate: - - checks if the server is running and delivers a valid certificate - - checks if the CA matches a given pattern - - checks the validity -.SH ARGUMENTS -.TP -.BR "-H,--host" " host" -server -.SH OPTIONS -.TP -.BR "-A,--noauth" -ignore authority warnings (expiration only) -.TP -.BR " --all" -enables all the possible optional checks at the maximum level -.TP -.BR " --altnames" -matches the pattern specified in -n with alternate names too -.TP -.BR " --check-ciphers" " grade" -checks the offered ciphers -.TP -.BR " --check-ciphers-warnings" -critical if nmap reports a warning for an offered cipher -.TP -.BR "-C,--clientcert" " path" -use client certificate to authenticate -.TP -.BR " --clientpass" " phrase" -set passphrase for client certificate. -.TP -.BR "-c,--critical" " days" -minimum number of days a certificate has to be valid to issue a critical status -.TP -.BR " --crl" -checks revokation via CRL (requires --rootcert-file) -.TP -.BR " --curl-bin" " path" -path of the curl binary to be used -.TP -.BR " --curl-user-agent" " string" -user agent that curl shall use to obtain the issuer cert -.TP -.BR " --custom-http-header" " string" -custom HTTP header sent when getting the cert -.TP -.BR " --dane" -verifies there are valid TLSA records for the returned certificate, requires OpenSSL 1.1.0 or later -.TP -.BR " --dane 211" -verify that a valid DANE-TA(2) SPKI(1) SHA2-256(1) TLSA record exists -.TP -.BR " --dane 301" -verify that a valid DANE-EE(3) Cert(0) SHA2-256(1) TLSA record exists -.TP -.BR " --dane 302" -verify that a valid DANE-EE(3) Cert(0) SHA2-512(2) TLSA record exists -.TP -.BR " --dane 311" -verify that a valid DANE-EE(3) SPKI(1) SHA2-256(1) TLSA record exists -.TP -.BR " --date" " path" -path of the date binary to be used -.TP -.BR "-d,--debug" -produces debugging output (can be specified more than once) -.TP -.BR " --debug-cert" -stores the retrieved certificates in the current directory -.TP -.BR " --dig-bin" " path" -path of the dig binary to be used -.TP -.BR " --ecdsa" -signature algorithm selection: force ECDSA certificate -.TP -.BR " --element" " number" -checks N cert element from the begining of the chain -.TP -.BR "-e,--email" " address" -pattern to match the email address contained in the certificate -.TP -.BR "-f,--file" " file" -local file path (works with -H localhost only) with -f you can not only pass a x509 certificate file but also a certificate revocation list (CRL) to check the validity period -.TP -.BR " --file-bin" " path" -path of the file binary to be used -.TP -.BR " --fingerprint" " SHA1" -pattern to match the SHA1-Fingerprint -.TP -.BR " --first-element-only" -verify just the first cert element, not the whole chain -.TP -.BR " --force-perl-date" -force the usage of Perl for date computations -.TP -.BR " --format" " FORMAT" -custom output format (e.g. "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'") -.TP -.BR "-h,--help,-?" -this help message -.TP -.BR " --http-use-get" -use GET instead of HEAD (default) for the HTTP related checks -.TP -.BR " --ignore-altnames" -ignores alternative names when matching pattern specified in -n (or the host name) -.TP -.BR " --ignore-exp" -ignore expiration date -.TP -.BR " --ignore-host-cn" -do not complain if the CN does not match the host name -.TP -.BR " --ignore-ocsp" -do not check revocation with OCSP -.TP -.BR " --ignore-ocsp-timeout" -ignore OCSP result when timeout occurs while checking -.TP -.BR " --ignore-sig-alg" -do not check if the certificate was signed with SHA1 or MD5 -.TP -.BR " --ignore-sct" -do not check for signed certificate timestamps (SCT) -.TP -.BR " --ignore-ssl-labs-cache" -Forces a new check by SSL Labs (see -L) -.TP -.BR " --ignore-tls-renegotiation" -Ignores the TLS renegotiation check -.TP -.BR " --inetproto protocol" -Force IP version 4 or 6 -.TP -.BR " --issuer-cert-cache" " dir" -directory where to store issuer certificates cache -.TP -.BR "-i,--issuer" " issuer" -pattern to match the issuer of the certificate -.TP -.BR "-K,--clientkey" " path" -use client certificate key to authenticate -.TP -.BR "-L,--check-ssl-labs grade" -SSL Labs assestment (please check https://www.ssllabs.com/about/terms.html). Critical if the grade is lower than specified. -.TP -.BR " --check-ssl-labs-warn grade" -SSL Labs grade on which to warn -.TP -.BR " --long-output" " list" -append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines. -Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes. -.TP -.BR "-n,--cn" " name" -pattern to match the CN of the certificate (can be specified multiple times) -.TP -.BR " --nmap-bin" " path" -path of the nmap binary to be used -.TP -.BR " --no-perf" -do not show performance data -.TP -.BR " --no-proxy" -ignores the http_proxy and https_proxy environment variables -.TP -.BR " --no-ssl2" -disable SSL version 2 -.TP -.BR " --no-ssl3" -disable SSL version 3 -.TP -.BR " --no-tls1" -disable TLS version 1 -.TP -.BR " --no-tls1_1" -disable TLS version 1.1 -.TP -.BR " --no-tls1_3" -disable TLS version 1.3 -.TP -.BR " --no-tls1_2" -disable TLS version 1.2 -.TP -.BR " --not-issued-by" " issuer" -check that the issuer of the certificate does not match the given pattern -.TP -.BR " --not-valid-longer-than" " days" -critical if the certificate validity is longer than the specified period -.TP -.BR "-N,--host-cn" -match CN with the host name -.TP -.BR " --ocsp-critical" " hours" -minimum number of hours an OCSP response has to be valid to issue a critical status -.TP -.BR " --ocsp-warning" " hours" -minimum number of hours an OCSP response has to be valid to issue a warning status -.TP -.BR "-o,--org" " org" -pattern to match the organization of the certificate -.TP -.BR " --openssl" " path" -path of the openssl binary to be used -.TP -.BR " --password" " source" -password source for a local certificate, see the PASS PHRASE ARGUMENTS section openssl(1) -.TP -.BR "-p,--port" " port" -TCP port -.TP -.BR "-P,--protocol" " protocol" -use the specific protocol: ftp, ftps, http, https (default), h2 (http/2), imap, imaps, irc, ircs, ldap, ldaps, mysql, pop3, pop3s, postgres, sieve, smtp, smtps, xmpp, xmpp-server. -.br -These protocols switch to TLS using StartTLS: ftp, imap, irc, ldap, mysql, pop3, smtp. -.TP -.BR " --proxy" " proxy" -sets http_proxy -.TP -.BR " --require-no-ssl2" -critical if SSL version 2 is offered -.TP -.BR " --require-no-ssl3" -critical if SSL version 3 is offered -.TP -.BR " --require-no-tls1" -critical if TLS 1 is offered -.TP -.BR " --require-no-tls1_1" -critical if TLS 1.1 is offered -.TP -.BR " --resolve" " ip" -provides a custom IP address for the specified host -.TP -.BR "-s,--selfsigned" -allows self-signed certificates -.TP -.BR " --serial" " serialnum" -pattern to match the serial number -.TP -.BR "--skip-element" " number" -skip checks on N cert element from the begining of the chain -.TP -.BR " --sni name" -sets the TLS SNI (Server Name Indication) extension in the ClientHello message to 'name' -.TP -.BR " --ssl2" -force SSL version 2 -.TP -.BR " --ssl3" -force SSL version 3 -.TP -.BR " --require-ocsp-stapling" -require OCSP stapling -.TP -.BR " --require-san" -require the presence of a Subject Alternative Name extension -.TP -.BR "-r,--rootcert" " cert" -root certificate or directory to be used for certificate validation (passed to openssl's -CAfile or -CApath) -.TP -.BR " --rootcert-dir" " dir" -root directory to be used for certificate validation (passed to openssl's -CApath) -overrides option -r,--rootcert -.TP -.BR " --rootcert-file" " cert" -root certificate to be used for certificate validation (passed to openssl's -CAfile) -overrides option -r,--rootcert -.TP -.BR " --rsa" -signature algorithm selection: force RSA certificate -.TP -.BR " --temp" " dir" -directory where to store the temporary files -.TP -.BR " --terse" -terse output (also see --verbose) -.TP -.BR "-t,--timeout" -seconds timeout after the specified time (defaults to 120 seconds) -.TP -.BR " --tls1" -force TLS version 1 -.TP -.BR " --tls1_1" -force TLS version 1.1 -.TP -.BR " --tls1_2" -force TLS version 1.2 -.TP -.BR " --tls1_3" -force TLS version 1.3 -.TP -.BR "-u,--url" " URL" -HTTP request URL -.TP -.BR "-v,--verbose" -verbose output (can be specified more than once) -.TP -.BR "-V,--version" -version -.TP -.BR "-w,--warning" " days" -minimum number of days a certificate has to be valid to issue a warning status -.TP -.BR " --xmpphost" " name" -specifies the host for the "to" attribute of the stream element -.TP -.BR "-4" -forces IPv4 -.TP -.BR "-6" -forces IPv6 -.SH DEPRECATED OPTIONS -.TP -.BR "-d,--days" " days" -minimum number of days a certificate has to be valid (see --critical and --warning) -.TP -.BR " --ocsp" -check revocation via OCSP -.TP -.BR "-S,--ssl" " version" -force SSL version (2,3) (see: --ssl2 or --ssl3) - -.SH MULTIPLE CERTIFICATES -If the host has multiple certificates and the installed openssl version supports the -servername option it is possible to specify the TLS SNI (Server Name Idetificator) with the -N (or --host-cn) option. - -.SH "SEE ALSO" -x509(1), openssl(1), expect(1), timeout(1) -.SH "EXIT STATUS" -check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems -.SH BUGS -Please report bugs to: - -https://github.com/matteocorti/check_ssl_cert/issues -.SH AUTHOR -Matteo Corti (matteo (at) corti.li ) -See the AUTHORS file for the complete list of contributors - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.spec nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.spec --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.spec 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/check_ssl_cert.spec 1970-01-01 00:00:00.000000000 +0000 @@ -1,608 +0,0 @@ -%define version 2.2.0 -%define release 0 -%define sourcename check_ssl_cert -%define packagename nagios-plugins-check_ssl_cert -%define nagiospluginsdir %{_libdir}/nagios/plugins - -# No binaries in this package -%define debug_package %{nil} - -Summary: A Nagios plugin to check X.509 certificates -Name: %{packagename} -Version: %{version} -Obsoletes: check_ssl_cert -Release: %{release}%{?dist} -License: GPLv3+ -Packager: Matteo Corti -Group: Applications/System -BuildRoot: %{_tmppath}/%{packagename}-%{version}-%{release}-root-%(%{__id_u} -n) -URL: https://github.com/matteocorti/check_ssl_cert -Source: https://github.com/matteocorti/check_ssl_cert/releases/download/v%{version}/check_ssl_cert-%{version}.tar.gz - -Requires: nagios-plugins expect perl(Date::Parse) - -%description -A shell script (that can be used as a Nagios plugin) to check an SSL/TLS connection - -%prep -%setup -q -n %{sourcename}-%{version} - -%build - -%install -make DESTDIR=${RPM_BUILD_ROOT}%{nagiospluginsdir} MANDIR=${RPM_BUILD_ROOT}%{_mandir} install - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root,-) -%doc AUTHORS ChangeLog NEWS README.md COPYING VERSION COPYRIGHT -%attr(0755, root, root) %{nagiospluginsdir}/check_ssl_cert -%{_mandir}/man1/%{sourcename}.1* - -%changelog -* Fri May 7 2021 Matteo Corti - 2.2.0-0 -- Updated to 2.2.0 - -* Thu May 6 2021 Matteo Corti - 2.1.4-0 -- Updated to 2.1.4 - -* Wed May 5 2021 Matteo Corti - 2.1.3-0 -- Updated to 2.1.3 - -* Fri Apr 30 2021 Matteo Corti - 2.1.2-0 -- Updated to 2.1.2 - -* Thu Apr 29 2021 Matteo Corti - 2.1.1-0 -- Updated to 2.1.1 - -* Wed Apr 28 2021 Matteo Corti - 2.1.0-0 -- Updated to 2.1.0 - -* Wed Apr 7 2021 Matteo Corti - 2.0.1-0 -- Updated to 2.0.1 - -* Mon Apr 1 2021 Matteo Corti - 2.0.0-0 -- Updated to 2.0.0 - -* Mon Mar 29 2021 Matteo Corti - 1.147.0-0 -- Updated to 1.147.0 - -* Thu Mar 25 2021 Matteo Corti - 1.146.0-0 -- Updated to 1.146.0 - -* Mon Mar 15 2021 Matteo Corti - 1.145.0-0 -- Updated to 1.145.0 - -* Sun Mar 14 2021 Matteo Corti - 1.144.0-0 -- Updated to 1.144.0 - -* Fri Mar 12 2021 Matteo Corti - 1.143.0-0 -- Updated to 1.143.0 - -* Wed Mar 10 2021 Matteo Corti - 1.142.0-0 -- Updated to 1.142.0 - -* Tue Mar 9 2021 Matteo Corti - 1.141.0-0 -- Updated to 1.141.0 - -* Thu Feb 25 2021 Matteo Corti - 1.140.0-0 -- Updated to 1.140.0 - -* Wed Feb 24 2021 Matteo Corti - 1.139.0-0 -- Updated to 1.139.0 - -* Wed Feb 24 2021 Matteo Corti - 1.138.0-0 -- Updated to 1.138.0 - -* Thu Feb 18 2021 Matteo Corti - 1.137.0-0 -- Updated to 1.137.0 - -* Tue Feb 16 2021 Matteo Corti - 1.136.0-0 -- Updated to 1.136.0 - -* Thu Jan 28 2021 Matteo Corti - 1.135.0-0 -- Updated to 1.135.0 - -* Wed Jan 27 2021 Matteo Corti - 1.134.0-0 -- Updated to 1.134.0 - -* Tue Jan 26 2021 Matteo Corti - 1.133.0-0 -- Updated to 1.133.0 - -* Mon Jan 18 2021 Matteo Corti - 1.132.0-0 -- Updated to 1.132.0 - -* Fri Jan 15 2021 Matteo Corti - 1.131.0-0 -- Updated to 1.131.0 - -* Thu Jan 14 2021 Matteo Corti - 1.130.0-0 -- Updated to 1.130.0 - -* Thu Dec 24 2020 Matteo Corti - 1.129.0-0 -- Updated to 1.129.0 - -* Tue Dec 22 2020 Matteo Corti - 1.128.0-0 -- Updated to 1.128.0 - -* Mon Dec 21 2020 Matteo Corti - 1.127.0-0 -- Updated to 1.127.0 - -* Wed Dec 16 2020 Matteo Corti - 1.126.0-0 -- Updated to 1.126.0 - -* Fri Dec 11 2020 Matteo Corti - 1.125.0-0 -- Updated to 1.125.0 - -* Tue Dec 1 2020 Matteo Corti - 1.124.0-0 -- Updated to 1.124.0 - -* Mon Nov 30 2020 Matteo Corti - 1.123.0-0 -- Updated to 1.123.0 - -* Fri Aug 7 2020 Matteo Corti - 1.122.0-0 -- Updated to 1.122.0 - -* Fri Jul 24 2020 Matteo Corti - 1.121.0-0 -- Updated to 1.121.0 - -* Thu Jul 2 2020 Matteo Corti - 1.120.0-0 -- Updated to 1.120.0 - -* Wed Jul 1 2020 Matteo Corti - 1.119.0-0 -- Updated to 1.119.0 - -* Fri Jun 12 2020 Matteo Corti - 1.118.0-0 -- Updated to 1.118.0 - -* Sat Jun 6 2020 Matteo Corti - 1.117.0-0 -- Updated to 1.117.0 - -* Thu Jun 4 2020 Matteo Corti - 1.115.0-0 -- Updated to 1.115.0 - -* Wed May 27 2020 Matteo Corti - 1.114.0-0 -- Updated to 1.114.0 - -* Tue May 19 2020 Matteo Corti - 1.113.0-0 -- Updated to 1.113.0 - -* Tue Apr 7 2020 Matteo Corti - 1.112.0-0 -- Updated to 1.112.0 - -* Mon Mar 9 2020 Matteo Corti - 1.111.0-0 -- Updated to 1.111.0 - -* Mon Feb 17 2020 Matteo Corti - 1.110.0-0 -- Updated to 1.110.0 - -* Tue Jan 7 2020 Matteo Corti - 1.109.0-0 -- Updated to 1.109.0 - -* Mon Dec 23 2019 Matteo Corti - 1.108.0-0 -- Updated to 1.108.0 - -* Fri Dec 20 2019 Matteo Corti - 1.107.0-0 -- Updated to 1.107.0 - -* Thu Nov 21 2019 Matteo Corti - 1.106.0-0 -- Updated to 1.106.0 - -* Mon Nov 4 2019 Matteo Corti - 1.105.0-0 -- Updated to 1.105.0 - -* Mon Nov 4 2019 Matteo Corti - 1.104.0-0 -- Updated to 1.104.0 - -* Thu Oct 31 2019 Matteo Corti - 1.103.0-0 -- Updated to 1.103.0 - -* Fri Oct 25 2019 Matteo Corti - 1.102.0-0 -- Updated to 1.102.0 - -* Tue Oct 22 2019 Matteo Corti - 1.101.0-0 -- Updated to 1.101.0 - -* Fri Oct 18 2019 Matteo Corti - 1.100.0-0 -- Updated to 1.100.0 - -* Wed Oct 16 2019 Matteo Corti - 1.99.0-0 -- Updated to 1.99.0 -w -* Thu Oct 10 2019 Matteo Corti - 1.98.0-0 -- Updated to 1.98.0 - -* Wed Oct 9 2019 Matteo Corti - 1.97.0-0 -- Updated to 1.97.0 - -* Wed Sep 25 2019 Matteo Corti - 1.96.0-0 -- Updated to 1.96.0 - -* Tue Sep 24 2019 Matteo Corti - 1.95.0-0 -- Updated to 1.95.0 - -* Tue Sep 24 2019 Matteo Corti - 1.94.0-0 -- Updated to 1.94.0 - -* Tue Sep 24 2019 Matteo Corti - 1.93.0-0 -- Updated to 1.93.0 - -* Tue Sep 24 2019 Matteo Corti - 1.92.0-0 -- Updated to 1.92.0 - -* Tue Sep 24 2019 Matteo Corti - 1.91.0-0 -- Updated to 1.91.0 - -* Thu Sep 19 2019 Matteo Corti - 1.90.0-0 -- Updated to 1.90.0 - -* Thu Aug 22 2019 Matteo Corti - 1.89.0-0 -- Updated to 1.89.0 - -* Fri Aug 9 2019 Matteo Corti - 1.88.0-0 -- Updated to 1.88.0 - -* Thu Aug 8 2019 Matteo Corti - 1.87.0-0 -- Updated to 1.87.0 - -* Sun Jul 21 2019 Matteo Corti - 1.86.0-0 -- Updated to 1.86.0 - -* Sun Jun 2 2019 Matteo Corti - 1.85.0-0 -- Updated to 1.85.0 - -* Thu Mar 28 2019 Matteo Corti - 1.84.0-0 -- Updated to 1.84.0 - -* Fri Mar 1 2019 Matteo Corti - 1.83.0-0 -- Updated to 1.83.0 - -* Fri Feb 8 2019 Matteo Corti - 1.82.0-0 -- Updated to 1.82.0 - -* Sat Feb 2 2019 Matteo Corti - 1.81.0-0 -- Updated to 1.81.0 - -* Wed Jan 16 2019 Matteo Corti - 1.80.1-0 -- Updated to 1.80.1 - -* Mon Dec 24 2018 Matteo Corti - 1.80.0-0 -- Updated to 1.80.0 - -* Tue Dec 11 2018 Matteo Corti - 1.79.0-0 -- Updated to 1.79.0 - -* Wed Nov 7 2018 Matteo Corti - 1.78.0-0 -- Updated to 1.78.0 - -* Mon Nov 5 2018 Matteo Corti - 1.77.0-0 -- Updated to 1.77.0 - -* Fri Oct 19 2018 Matteo Corti - 1.76.0-0 -- Updated to 1.76.0 - -* Thu Oct 18 2018 Matteo Corti - 1.75.0-0 -- Updated to 1.75.0 - -* Mon Oct 15 2018 Matteo Corti - 1.74.0-0 -- Updated to 1.74.0 - -* Mon Sep 10 2018 Matteo Corti - 1.73.0-0 -- Updated to 1.73.0 - -* Mon Jul 30 2018 Matteo Corti - 1.72.0-0 -- Updated to 1.72.0 - -* Mon Jul 30 2018 Matteo Corti - 1.71.0-0 -- Updated to 1.71.0 - -* Sat Jun 28 2018 Matteo Corti - 1.70.0-0 -- Updated to 1.70.0 - -* Mon Jun 25 2018 Matteo Corti - 1.69.0-0 -- Updated to 1.69.0 - -* Sun Apr 29 2018 Matteo Corti - 1.68.0-0 -- Updated to 1.68.0 - -* Tue Apr 17 2018 Matteo Corti - 1.67.0-0 -- Updated to 1.67.0 - -* Fri Apr 6 2018 Matteo Corti - 1.66.0-0 -- Updated to 1.66.0 - -* Thu Mar 29 2018 Matteo Corti - 1.65.0-0 -- Updated to 1.65.0 - -* Wed Mar 28 2018 Matteo Corti - 1.64.0-0 -- Updated to 1.64.0 - -* Sat Mar 17 2018 Matteo Corti - 1.63.0-0 -- Updated to 1.63.0 - -* Tue Mar 6 2018 Matteo Corti - 1.62.0-0 -- Updated to 1.62.0 - -* Fri Jan 19 2018 Matteo Corti - 1.61.0-0 -- Updated to 1.61.0 - -* Fri Dec 15 2017 Matteo Corti - 1.60.0-0 -- Updated to 1.60.0 - -* Thu Dec 14 2017 Matteo Corti - 1.59.0-0 -- Updated to 1.59.0 - -* Wed Nov 29 2017 Matteo Corti - 1.58.0-0 -- Updated to 1.58.0 - -* Tue Nov 28 2017 Matteo Corti - 1.57.0-0 -- Updated to 1.57.0 - -* Fri Nov 17 2017 Matteo Corti - 1.56.0-0 -- Updated to 1.56.0 - -* Thu Nov 16 2017 Matteo Corti - 1.55.0-0 -- Updated to 1.55.0 - -* Tue Sep 19 2017 Matteo Corti - 1.54.0-0 -- Updated to 1.54.0 - -* Sun Sep 10 2017 Matteo Corti - 1.53.0-0 -- Updated to 1.53.0 - -* Sat Sep 9 2017 Matteo Corti - 1.52.0-0 -- Updated to 1.52.0 - -* Fri Jul 28 2017 Matteo Corti - 1.51.0-0 -- Updated to 1.51.0 - -* Mon Jul 24 2017 Matteo Corti - 1.50.0-0 -- Updated to 1.50.0 - -* Mon Jul 17 2017 Matteo Corti - 1.49.0-0 -- Updated to 1.49.0 - -* Fri Jun 23 2017 Matteo Corti - 1.48.0-0 -- Updated to 1.48.0 - -* Thu Jun 15 2017 Matteo Corti - 1.47.0-0 -- Updated to 1.47.0 - -* Mon May 15 2017 Matteo Corti - 1.46.0-0 -- Updated to 1.46.0 - -* Tue May 2 2017 Matteo Corti - 1.45.0-0 -- Updated to 1.45.0 - -* Fri Apr 28 2017 Matteo Corti - 1.44.0-0 -- Updated to 1.44.0 - -* Tue Mar 7 2017 Matteo Corti - 1.43.0-0 -- Updated to 1.43.0 - -* Thu Feb 16 2017 Matteo Corti - 1.42.0-0 -- Updated to 1.42.0 - -* Fri Feb 10 2017 Matteo Corti - 1.41.0-0 -- Updated to 1.41.0 - -* Wed Feb 8 2017 Matteo Corti - 1.40.0-0 -- Updated to 1.40.0 - -* Thu Feb 2 2017 Matteo Corti - 1.39.0-0 -- Updated to 1.39.0 - -* Thu Feb 2 2017 Matteo Corti - 1.38.2-0 -- Updated to 1.38.2 - -* Sun Jan 29 2017 Matteo Corti - 1.38.1-0 -- Updated to 1.38.1 - -* Sat Jan 28 2017 Matteo Corti - 1.38.0-0 -- Updated to 1.38.0 - -* Fri Dec 23 2016 Matteo Corti - 1.37.0-0 -- Updated to 1.37.0 - -* Tue Dec 13 2016 Matteo Corti - 1.36.2-0 -- Updated to 1.36.2 - -* Tue Dec 06 2016 Matteo Corti - 1.36.1-0 -- Updated to 1.36.1 - -* Sun Dec 04 2016 Matteo Corti - 1.36.0-0 -- Updated to 1.36.0 - -* Tue Oct 18 2016 Matteo Corti - 1.35.0-0 -- Updated to 1.35.0 - -* Mon Sep 19 2016 Matteo Corti - 1.34.0-0 -- Updated to 1.34.0 - -* Thu Aug 4 2016 Matteo Corti - 1.33.0-0 -- Updated to 1.33.0 - -* Fri Jul 29 2016 Matteo Corti - 1.32.0-0 -- Updated to 1.32.0 - -* Tue Jul 12 2016 Matteo Corti - 1.31.0-0 -- Updated to 1.31.0 - -* Thu Jun 30 2016 Matteo Corti - 1.30.0-0 -- Updated to 1.30.0 - -* Wed Jun 15 2016 Matteo Corti - 1.29.0-0 -- Updated to 1.29.0 - -* Wed Jun 01 2016 Matteo Corti - 1.28.0-0 -- Updated to 1.28.0 - -* Wed Apr 27 2016 Matteo Corti - 1.27.0-0 -- Updated to 1.27.0 - -* Tue Mar 29 2016 Matteo Corti - 1.26.0-0 -- Updated to 1.26.0 - -* Mon Mar 21 2016 Matteo Corti - 1.25.0-0 -- Updated to 1.25.0 - -* Wed Mar 9 2016 Matteo Corti - 1.24.0-0 -- Updated to 1.24.0 - -* Mon Mar 7 2016 Matteo Corti - 1.23.0-0 -- Updated to 1.23.0 - -* Thu Mar 3 2016 Matteo Corti - 1.22.0-0 -- Updated to 1.22.0 - -* Tue Mar 1 2016 Matteo Corti - 1.21.0-0 -- Updated to 1.21.0 - -* Fri Feb 26 2016 Matteo Corti - 1.20.0-0 -- Updated to 1.20.0 - -* Thu Feb 25 2016 Matteo Corti - 1.19.0-0 -- Updated to 1.19.0 - -* Sat Oct 31 2015 Matteo Corti - 1.18.0-0 -- Updated to 1.18.0 - -* Tue Oct 20 2015 Matteo Corti - 1.17.2-0 -- Updated to 1.17.2 - -* Tue Apr 7 2015 Matteo Corti - 1.17.1-0 -- Updated to 1.17.1 - -* Tue Oct 21 2014 Matteo Corti - 1.17.0-0 -- Updated to 1.17.0 - -* Fri Jun 6 2014 Matteo Corti - 1.16.2-0 -- updated to 1.16.2 - -* Thu May 22 2014 Andreas Dijkman - 1.16.1-1 -- Added noarch as buildarch -- Added expect and perl(Date::Parse) dependency - -* Fri Feb 28 2014 Matteo Corti - 1.16.1-0 -- Updated to 1.16.1 (rpm make target) - -* Mon Dec 23 2013 Matteo Corti - 1.16.0-0 -- Udated to 1.16.0 (force TLS) - -* Mon Jul 29 2013 Matteo Corti - 1.15.0-0 -- Updated to 1.15.0 (force SSL version) - -* Sun May 12 2013 Matteo Corti - 1.14.6-0 -- Updated to 1.16.6 (timeout and XMPP support) - -* Sat Mar 2 2013 Matteo Corti - 1.14.5-0 -- Updated to 1.14.5 (TLS and multiple names fix) - -* Fri Dec 7 2012 Matteo Corti - 1.14.4-0 -- Updated to 1.14.4 (bug fix release) - -* Wed Sep 19 2012 Matteo Corti - 1.14.3-0 -- Updated to 1.14.3 - -* Fri Jul 13 2012 Matteo Corti - 1.14.2-0 -- Updated to 1.14.2 - -* Wed Jul 11 2012 Matteo Corti - 1.14.1-0 -- Updated to 1.14.1 - -* Fri Jul 6 2012 Matteo Corti - 1.14.0-0 -- updated to 1.14.0 - -* Thu Apr 5 2012 Matteo Corti - 1.13.0-0 -- updated to 1.13.0 - -* Wed Apr 4 2012 Matteo Corti - 1.12.0-0 -- updated to 1.12.0 (bug fix release) - -* Sat Oct 22 2011 Matteo Corti - 1.11.0-0 -- ipdated to 1.10.1 (--altnames option) - -* Thu Sep 1 2011 Matteo Corti - 1.10.0-0 -- applied patch from Sven Nierlein for client certificate authentication - -* Thu Mar 10 2011 Matteo Corti - 1.9.1-0 -- updated to 1.9.1: allows http as protocol and fixes -N with wildcards - -* Mon Jan 24 2011 Matteo Corti - 1.9.0-0 -- updated to 1.9.0: --openssl option - -* Thu Dec 16 2010 Dan Wallis - 1.8.1-0 -- Fixed bugs with environment bleeding & shell globbing - -* Thu Dec 9 2010 Matteo Corti - 1.8.0-0 -- added support for TLS servername extension - -* Thu Oct 28 2010 Matteo Corti - 1.7.7-0 -- Fixed a bug in the signal specification - -* Thu Oct 28 2010 Matteo Corti - 1.7.6-0 -- better temporary file clean up - -* Thu Oct 14 2010 Matteo Corti - 1.7.5-0 -- updated to 1.7.5 (fixed the check order) - -* Fri Oct 1 2010 Matteo Corti - 1.7.4-0 -- added -A command line option - -* Wed Sep 15 2010 Matteo Corti - 1.7.3-0 -- Fixed a bug in the command line options processing - -* Thu Aug 26 2010 Dan Wallis - 1.7.2-0 -- updated to 1.7.2 (cat and expect fixes) - -* Thu Aug 26 2010 Dan Wallis - 1.7.1-0 -- updated to 1.7.1 ("-verify 6" revert) - -* Thu Aug 26 2010 Dan Wallis - 1.7.0-0 - -* Wed Jul 21 2010 Matteo Corti - 1.6.1-0 -- updated to 1.6.0 (--temp option) - -* Fri Jul 9 2010 Matteo Corti - 1.6.0-0 -- updated to version 1.6.0 (long options, --critical and --warning, man page) - -* Wed Jul 7 2010 Matteo Corti - 1.5.2-0 -- updated to version 1.5.2 (Wolfgang Schricker patch, see ChangeLog) - -* Thu Jul 1 2010 Matteo Corti - 1.5.1-0 -- updated to version 1.5.1 (Yannick Gravel patch, see ChangeLog) - -* Tue Jun 8 2010 Matteo Corti - 1.5.0-0 -- updated to version 1.5.0 (-s option to allow self signed certificates) - -* Thu Mar 11 2010 Matteo Corti - 1.4.4-0 -- updated to 1.4.4 (bug fix release) - -* Tue Mar 9 2010 Matteo Corti - 1.4.3-0 -- updated to 1.4.3 (-n and -N options) - -* Wed Dec 2 2009 Matteo Corti - 1.4.2-0 -- updated to 1.4.2 - -* Mon Nov 30 2009 Matteo Corti - 1.4.1-0 -- updated to 1.4.1 (-r option) - -* Mon Nov 30 2009 Matteo Corti - 1.4.0-0 -- Updated to 1.4.0: verify the certificate chain - -* Mon Mar 30 2009 Matteo Corti - 1.3.0-0 -- Tuomas Haarala patch: -P option - -* Tue May 13 2008 Matteo Corti - 1.2.2-0 -- Dan Wallis patch to include the CN in the messages - -* Mon Feb 25 2008 Matteo Corti - 1.2.1-0 -- Dan Wallis patches (error checking, see ChangeLog) - -* Mon Feb 25 2008 Matteo Corti - 1.2.0-0 -- Dan Wallis patches (see the ChangeLog) - -* Mon Sep 24 2007 Matteo Corti - 1.1.0-0 -- first RPM package - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/COPYING nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/COPYING --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/COPYING 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/COPYING 1970-01-01 00:00:00.000000000 +0000 @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/COPYRIGHT nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/COPYRIGHT --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/COPYRIGHT 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/COPYRIGHT 1970-01-01 00:00:00.000000000 +0000 @@ -1,85 +0,0 @@ - - Copyright (c) 2007-2013 ETH Zurich - Copyright (c) 2007-2021 Matteo Corti - -with the following individuals added to the list of Contributing Authors - - Dan Wallis - Lawren Quigley-Jones - Marc Fournier - Marcus RejÃ¥s - Matteo Corti - Matthias Fuhrmeister - Raphael Thoma - Scott Worthington - Sven Nierlein - Tuomas Haarala - Wolfgang Schricker - Yannick Gravel - Jim Hopp - Javier Gonel - Christian Ruppert - Robin H. Johnson - Max Winterstein - Colin Smith - Andreas Dijkman - Ryan Nowakowski - Jérémy Lecour - Mark Ruys - Milan Koudelka - Konstantin Shalygin - Sam Richards - Sergei Shmanko - Rolf Eike Beer - Viktor Szépe - Philippe Kueck - Sander Cornelissen - Pavel Rochnyak - Vamp898 (https://github.com/Vamp898) - Emilian Ertel - Kosta Velikov - Vojtech Horky - Nicolas Lafont (https://github.com/ManicoW) - d7415 (https://github.com/d7415) - Åukasz WÄ…sikowski (https://github.com/IdahoPL) - booboo-at-gluga-de (https://github.com/booboo-at-gluga-de) - Georg (https://github.com/gbotti) - Wim van Ravesteijn (https://github.com/wimvr) - yasirathackersdotmu (https://github.com/yasirathackersdotmu) - Christoph Moench-Tegeder (https://github.com/moench-tegeder) - Dan Pritts - eeertel (https://github.com/eeertel) - Vojtech Horky (https://github.com/vhotspur) - Markus Frosch (https://github.com/lazyfrosch) - Ricardo Bartels (https://github.com/bb-Ricardo) - eimamagi (https://github.com/eimamagi) - Stefan Schlesinger - sokol-44 (https://github.com/sokol-44) - Jonas Meurer (https://github.com/mejo-) - Mathieu Simon (https://github.com/matsimon) - Nico (https://github.com/nicox) - barakAtSoluto (https://github.com/barakAtSoluto) - Valentin Heidelberger (https://github.com/va1entin) - Tone (https://github.com/anthonyhaussman) - Michael Niewiara (https://github.com/mobitux) - Zadkiel (https://github.com/aslafy-z) - Dick Visser (https://github.com/dnmvisser) - jmuecke (https://github.com/jmuecke) - iasdeoupxe (https://github.com/iasdeoupxe) - Andre Klärner (https://github.com/klaernie) - ДилÑн Палаузов (https://github.com/dilyanpalauzov) - dupondje (https://github.com/dupondje) - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 3 of the License, or (at -your option) any later version. - -This program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/INSTALL nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/INSTALL --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/INSTALL 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/INSTALL 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -Requirements -============ - -- OpenSSL - -Optional dependencies -===================== - -- In order to use timeouts the plugin needs 'expect' in the current PATH - See: http://en.wikipedia.org/wiki/Expect or 'timeout' - -- In order to use the SSL Lab Assessment 'curl' is required to reside in the - current PATH. - -Installation -============ - -Simply copy the plugin to your nagios plugin directory - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/Makefile nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/Makefile --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/Makefile 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/Makefile 1970-01-01 00:00:00.000000000 +0000 @@ -1,76 +0,0 @@ -PLUGIN=check_ssl_cert -VERSION=`cat VERSION` -DIST_DIR=$(PLUGIN)-$(VERSION) -DIST_FILES=AUTHORS COPYING ChangeLog INSTALL Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 test -YEAR=`date +"%Y"` -MONTH_YEAR=`date +"%B, %Y"` -FORMATTED_FILES=test/unit_tests.sh AUTHORS COPYING ChangeLog INSTALL Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 .github/workflows/* - -dist: version_check formatting_check copyright_check shellcheck - rm -rf $(DIST_DIR) $(DIST_DIR).tar.gz - mkdir $(DIST_DIR) - cp -r $(DIST_FILES) $(DIST_DIR) -# avoid to include extended attribute data files -# see https://superuser.com/questions/259703/get-mac-tar-to-stop-putting-filenames-in-tar-archives - env COPYFILE_DISABLE=1 tar cfz $(DIST_DIR).tar.gz $(DIST_DIR) - env COPYFILE_DISABLE=1 tar cfj $(DIST_DIR).tar.bz2 $(DIST_DIR) - -install: - mkdir -p $(DESTDIR) - install -m 755 $(PLUGIN) $(DESTDIR) - mkdir -p ${MANDIR}/man1 - install -m 644 ${PLUGIN}.1 ${MANDIR}/man1/ - -version_check: - grep -q "VERSION\ *=\ *[\'\"]*$(VERSION)" $(PLUGIN) - grep -q "^%define\ version\ *$(VERSION)" $(PLUGIN).spec - grep -q -- "- $(VERSION)-" $(PLUGIN).spec - grep -q "\"$(VERSION)\"" $(PLUGIN).1 - grep -q "${VERSION}" NEWS - grep -q "$(MONTH_YEAR)" $(PLUGIN).1 - echo "Version check: OK" - -# we check for tabs -# and remove trailing blanks -formatting_check: - ! grep -q '\\t' check_ssl_cert test/unit_tests.sh - ! grep -q '[[:blank:]]$$' $(FORMATTED_FILES) - -remove_blanks: - sed -i '' 's/[[:blank:]]*$$//' $(FORMATTED_FILES) - -clean: - rm -f *~ - rm -rf rpmroot - -distclean: clean - rm -rf check_ssl_cert-[0-9]* - rm -f *.crt - rm -f *.error - -test: dist - ( export SHUNIT2="$$(pwd)/shunit2/shunit2" && cd test && ./unit_tests.sh ) - -SHELLCHECK := $(shell command -v shellcheck 2> /dev/null) - -shellcheck: -ifndef SHELLCHECK - echo "No shellcheck installed: skipping test" -else - if shellcheck --help 2>&1 | grep -q -- '-o\ ' ; then shellcheck -o all check_ssl_cert test/unit_tests.sh prepare_rpm.sh publish_release.sh ; else shellcheck check_ssl_cert test/unit_tests.sh prepare_rpm.sh publish_release.sh ; fi -endif - -copyright_check: - grep -q "© Matteo Corti, 2007-$(YEAR)" README.md - grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti" COPYRIGHT - grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti " $(PLUGIN) - echo "Copyright year check: OK" - -rpm: dist - mkdir -p rpmroot/SOURCES rpmroot/BUILD - cp $(DIST_DIR).tar.gz rpmroot/SOURCES - rpmbuild --define "_topdir `pwd`/rpmroot" -ba check_ssl_cert.spec - - - -.PHONY: install clean test rpm distclean diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/NEWS nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/NEWS --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/NEWS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/NEWS 1970-01-01 00:00:00.000000000 +0000 @@ -1,251 +0,0 @@ -2021-05-07 Version 2.2.0: Bug fix: --debug does not store any information in $TMPDIR anymore - To locally store the retrieved certificates in debug mode the option --debug-cert has to be specified -2021-05-06 Version 2.1.4: Bug fix in the handling of Qualy's SSL Lab command line options -2021-05-05 Version 2.1.3: Bug fix in the Qualy's SSL Lab check of non-reachable machines -2021-04-30 Version 2.1.2: Add domain if FQDN is missing -2021-04-29 Version 2.1.1: Correct handling of subdomains with underscores -2021-04-25 Version 2.1.0: Added an option to hide performance data - Fixed a bug in the critical and warning output when the CN is not available -2021-04-07 Version 2.0.1: Fixed a bug in renegotiation checks with STARTTLS -2021-03-29 Version 2.0.0: Fixed the documentation of various options - The host name must now always match with the certificate - Short options can be grouped (e.g., -vs -c 10 -w 15) - Different verbosity levels can now be specified (-v can be used more than once) - Added the --resolve option to specify a custom IP for the checked host -2021-03-25 Version 1.146.0: Added --all to enable oll the optional checks - Fixed a bug in the processing of client certificate requirements - Improved the error handling in case a TLS connection is not possible -2021-03-15 Version 1.145-0: Fix in the parsing of OpenSSL version -2021-03-14 Version 1.144.0: Getting rid of the man dependency -2021-03-12 Version 1.143.0: Better handling of the timeout - Checks ciphers with nmap (--check-ciphers and --check-ciphers-warnings) - Checks oll the supplied OCSP URIs -2021-03-10 Version 1.142.0: Improved the TLS renegotiation check - Added --password to specify a password source for PCKS12 certificates -2021-03-09 Version 1.141.0: Do not check SCTs if the certificate is self signed - Fixed the processing of --inetproto - Supports local PCKS #12 and DER formatted certificates -2021-02-25 Version 1.140.0: Fixed a bug in the SCT check -2021-02-24 Version 1.139.0: Fixed a bug in the TLS renegotiation check -2021-02-24 Version 1.138.0: Checks for TLS renegotiation -2021-02-18 Version 1.137.0: Added the --url option to specify the URL for the HTTP request -2021-02-16 Version 1.136.0: Fixed the signed certificate timestamps spelling (command line option) -2021-01-28 Version 1.135.0: Checks for signed certificate timestamps (SCTs) -2021-01-27 Version 1.134.0: Complete support for Alpine Linux and BusyBox -2021-01-26 Version 1.133.0: Added the --date option to specify the date binary - support for BusyBox date -2021-01-18 Version 1.132.0: Timeouted subprocesses can now be interrupted - Revokation via CRL can be checked with the --crl option - Better error messages for DH with small keys and handshake failures -2021-01-15 Version 1.131.0: OCSP check on all the chain elements -2021-01-14 Version 1.130.0: Retries when SSL Labs has no available slot -2020-12-24 Version 1.129.0: Bug fix in the proxy parameters handling -2020-12-22 Version 1.128.0: Added --no-proxy to ignore proxy settings -2020-12-21 Version 1.127.0: Better handling of certificates without CN in the subject -2020-12-16 Version 1.126.0: Corrected the handling of old nmap versions -2020-12-11 Version 1.125.0: Corrected the handling of the issuer URI -2020-11-31 Version 1.124.0: Bug fix when using a proxy -2020-11-30 Version 1.123.0: Enhancement: option to check the nth element -2020-08-07 Version 1.122.0: Bug fix, --skip-element and --custom-header -2020-07-24 Version 1.121.0: Bug fix release -2020-07-02 Version 1.120.0: MySQL support -2020-07-01 Version 1.119.0: Bug fix release -2020-06-12 Version 1.118.0: Bug fix release -2020-06-09 Version 1.117.0: Fixed a bug in the output (expiration date of chain elements) -2020-06-05 Version 1.116.0: Supports s_client -proxy option -2020-06-04 Version 1.115.0: Checks all the certificates in the chain - New option to check that the issuer does not match a given pattern -2020-05-27 Version 1.114.0: Added an option to specify a proxy -2020-05-19 Version 1.113.0: Fixed a bug with nmap and hosts with IPv6 addresses only -2020-04-07 Version 1.112.0: Timeout for OCSP queries and option to ignore timeout errors and PostgreSQL support -2020-03-09 Version 1.111.0: New option (--not-valid-longer-than) to check if a certificate is valid longer than the - specified number of days -2020-02-17 Version 1.110.0: Added support for xmpp-server in the STARTTLS negotiation -2020-01-07 Version 1.109.0: Option to force HTTP/2 -2019-12-23 Version 1.108.0: Better error message in case of connection refused -2019-12-20 Version 1.107.0: Better error message in case of an invalid host -2019-11-21 Version 1.106.0: Optional checks for protocols that should not be supported -2019-11-04 Version 1.105.0: SMTP connections with -name only with OpenSSL versions supporting it -2019-11-04 Version 1.104.0: Fixed a bug in the SMTP connection -2019-10-31 Version 1.103.0: Fixed a bug with the interpretation of OpenSSL errors -2019-10-25 Version 1.102.0: Option to specify the dig binary and fix in the command line validation checks -2019-10-22 Version 1.101.0: Fixed a bug printing both a critical and a warning message when both condition match -2019-10-18 Version 1.100.0: Fixed a bug ignoring --dane without parameters -2019-10-16 Version 1.99.0: DNS-based Authentication of Named Entities (DANE) checks -2019-10-10 Version 1.98.0: Bug fix release: A wildcard certificate does not match the 'main' domain, ciphers and TLS 1.3 -2019-10-09 Version 1.97.0: Validate OCSP stapling expiring date, option to disable TLS 1.3 -2019-09-25 Version 1.96.0: Bug fixes -2019-09-24 Version 1.95.0: Bug fixes -2019-09-24 Version 1.94.0: Several bugs fixed -2019-09-24 Version 1.93.0: Fixed a bug in the processing of the SSL Labs options -2019-09-24 Version 1.92.0: Bug fix in the OCSP check -2019-09-23 Version 1.91.0: Various minor improvements and fixes -2019-09-19 Version 1.90.0: Bug fix, did not always print all the detected errors -2019-08-22 Version 1.89.0: Prints all the errors -2019-08-09 Version 1.88.0: Add an option to force IPv4 or IPv6 -2019-08-08 Version 1.87.0: LDAPS support -2019-07-21 Version 1.86.0: Fixed a bug and enabled extended regex search -2019-06-02 Version 1.85.0: Improved the warnings when using the --file option -2019-03-28 Version 1.84.0: Added an option to specify the cURL user agent -2019-03-01 Version 1.83.0: Spelling corrections -2019-02-08 Version 1.82.0: Added a check on the readability of the certificate file -2019-02-01 Version 1.81.0: Added an option to specify a warning level with SSL Labs -2019-01-16 Version 1.80.1: Fixed a problem on systems not supporting echo -e -2018-12-24 Version 1.80.0: Better output in case of errors while using SNI -2018-12-10 Version 1.79.0: Differentiate between IMAP on port 143 and IMAPS on port 993 - Fixed a vulnerability in the parsing of the certificate issuer -2018-11-07 Version 1.78.0: Bug fixes in IMAP and HTTP requests -2018-11-05 Version 1.77.0: CA file and directory support -2018-10-19 Version 1.76.0: Sends a correct HTTP request -2018-10-18 Version 1.75.0: Allow to specify a client certificate key -2018-10-15 Version 1.74.0: Fixed a bug generating a confusing error message on timeout -2018-09-10 Version 1.73.0: Fixed a bug in the cleanup of temporary files, fixed a bug with certificates without OCSP - Fixed tests with more reliable hosts - Allows to check against all the issuers in the CA chain - Fixed a bug with --long-output on Linux - Fixed the validation of --critical and --warning -2018-07-01 Version 1.72.0: Corrected a bug introduced in 1.71.0: remove temporary files -2018-07-01 Version 1.71.0: Corrected a bug introduced in 1.70.0: wrong exit codes -2018-06-28 Version 1.70.0: Improved the management of temporary files -2018-06-25 Version 1.69.0: Added an option to require OCSP stapling -2018-04-29 Version 1.68.0: Removed the SNI name check -2018-04-17 Version 1.67.0: Terse output, warning if the specified server name is not found in the certificate and --format option -2018-04-06 Version 1.66.0: UTF-8 output -2018-03-29 Version 1.65.0: Bug fix release -2018-03-28 Version 1.64.0: Remove cURL dependency -2018-03-17 Version 1.63.0: Support for TLS 1.3 -2018-03-06 Version 1.62.0: Support for LibreSSL -2018-01-19 Version 1.61.0: Fixed a bug handling more than one OCSP host -2017-12-15 Version 1.60.0: Fixed a bug related to XMPP introduced in the last version -2017-12-14 Version 1.59.0: Added an option to specify the 'to' attribute of the XMPP stream element -2017-11-29 Version 1.58.0: Support for DER encoded CRL files -2017-11-28 Version 1.57.0: Added --fingerprint to check the SHA1 fingerprint of the certificate -2017-11-17 Version 1.56.0: Added support for -xmpphost if available -2017-11-16 Version 1.55.0: Fixed XMPP support and IPv6 addresses as host -2017-09-19 Version 1.54.0: With the -f command line option, you can also specify a certificate revocation list (CRL) -2017-09-10 Version 1.53.0: The timeout is applied to OCSP checks -2017-09-09 Version 1.52.0: The SAN requirement check is now optional -2017-07-28 Version 1.51.0: Use openssl s_client's -help option to test for SNI support -2017-07-24 Version 1.50.0: Fix in the Common Name parsing -2017-07-17 Version 1.49.0: Support for OpenSSL 1.1 -2017-06-22 Version 1.48.0: Checks for missing subjectAlternativeName extension (https://support.google.com/chrome/a/answer/7391219?hl=en) -2017-06-15 Version 1.47.0: Fixed an issue with OCSP URI with protocols other than HTTP or HTTPS -2017-05-15 Version 1.46.0: Fixed a problem with the detection of OCSP URLs -2017-05-02 Version 1.45.0: Fixed bugs in the date computation and OCSP checks -2017-04-28 Version 1.44.0: Fixed a bug occurring when more than one issuer URI is present -2017-03-07 Version 1.43.0: Support for LDAP -2017-02-16 Version 1.42.0: Support for OpenSSL > 1.1.0 -2017-02-10 Version 1.41.0: Added --sni to specify the server name -2017-02-08 Version 1.40.0: Changed the CN output when --altnames is used -2017-02-02 Version 1.39.0: Fixed a bug related to SNI -2017-02-02 Version 1.38.2: Fixed a bug in the command line argument parsing -2017-01-29 Version 1.38.1: Small corrections in the documentation -2017-01-28 Version 1.38.0: Added support for wildcards in alternative names and caching of the issuer certificate -2016-12-23 Version 1.37.0: Added a patch to specify multiple CNs -2016-12-13 Version 1.36.2: fixed a minor problem with --debug -2016-12-06 Version 1.36.1: fixed a problem when specifying a CN beginning with * -2016-12-04 Version 1.36.0: fixed problem when file is returning PEM certificate on newer - Linux distributions - added an option to specify the location of the file utility -2016-10-18 Version 1.35.0: added support for the selection of the cipher authentication -2016-09-19 Version 1.34.0: added proxy support for the OCSP checks (thanks to Leynos) -2016-08-04 Version 1.33.0: disabling OCSP checks when no issuer URI is found -2016-07-29 Version 1.32.0: added support for date with timestamp calculation and - fixed case sensitive comparison of CN -2016-07-12 Version 1.31.0 Fixed the parsing of the CN field -2016-06-30 Version 1.30.0 OCSP check is fixed and enabled by default -2016-06-15 Version 1.29.0 New option to clear the cached value at SSL Labs - IRC support -2016-06-01 Version 1.28.0 Increased control over which SSL/TLS versions to use -2016-03-29 Version 1.27.0 Fixes a bug in the OpenSSL error parsing -2016-03-29 Version 1.26.0 Fixes a bug in wildcard match -2016-03-21 Version 1.25.0 Fixes a bug on CN parsing on non-GNU systems - Handle wildcard certificates -2016-03-09 Version 1.24.0 Waits for SSL Labs Results -2016-03-07 Version 1.23.0 Supports SNI even when not checking CN and does not - issue a critical when SSL Labs is still checking a host -2016-03-03 Version 1.22.0 Initial support for SSL Labs checks - Support for UTF output (thanks to Konstantin Shalygin) -2016-03-01 Version 1.21.0 Fixed a bug which prevented the check on the expiration date -2016-02-26 Version 1.20.0 Added debugging output (-d or --debug) - Improved the handling of OpenSSL error messages - Does not stop the validation if the server requires a - client certificate -2016-02-25 Version 1.19.0 Added a check for certificates signed with SHA-1 or MD5 - Added an option to disable the expiration date check -2015-10-31 Version 1.18.0 Added an option to check the certificate's serial number - (thanks to Milan Koudelka) -2015-10-20 Version 1.17.2 Fixed a bug with OCSP -2015-04-07 Version 1.17.1 Fixed the check on the openssl binary -2014-10-21 Version 1.17.0 Added an option to check revocation via OCSP -2014-06-06 Version 1.16.2 Fixed a problem with -servername when -n was not specified -2014-02-28 Version 1.16.1 Added a Make target for the RPM package -2013-12-23 Version 1.16.0 Added an option to force TLS version 1 -2013-07-29 Version 1.15.0 Added an option to force a certain SSL version (thanks - to Max Winterstein) -2013-05-12 Version 1.14.6 Added XMPP and timeout support (thanks to Christian - Ruppert and Robin H. Johnson) -2013-03-02 Version 1.14.5 Fixed a bug occurring with TLS and multiple names in - the certificate -2012-12-07 Version 1.14.4 Fixed a bug causing -N to always compare the CN - with 'localhost' -2012-09-19 Version 1.14.3 Improved the error message in case of a failure in - the certificate download -2012-07-13 Version 1.14.2 Added the name since or to expiration in the plugin - output. -2012-07-11 Version 1.14.1 FIxed a bug with Perl date computation on some systems -2012-07-06 Version 1.14.0 The status now includes performance data in days until - expiration (requires perl with Date::Parse). - It is now possible to print additional information in - the plugins long output (multiline, Nagios 3 only) -2012-04-05 Version 1.13.0 The plugin will now try to fetch the certificate without - without TLS extensions in case of error -2012-04-04 Version 1.12.0 Fixed a bug in the chain verification (hard coded - error number) -2011-10-22 Version 1.11.0 --altname option -2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenicate - using a client certificate -2011-03-10 Version 1.9.1 Allows HTTP as protocol and fixes -N with wildcards -2011-01-24 Version 1.9.0 Added an option to specify the openssl executable -2010-12-16 Version 1.8.1 Fixed bugs with environment bleeding & shell globbing -2010-12-08 Version 1.8.0 Added support for TLS servername extension in - ClientHello -2010-10-28 Version 1.7.7 Fixed a bug in the signal specification introduced - in 1.7.6 -2010-10-28 Version 1.7.6 Better temporary file clean up (thanks to Lawren - Quigley-Jones) -2010-10-14 Version 1.7.5 Applied a patch from Yannick Gravel fixing the test - order -2010-10-01 Version 1.7.4 Applied a patch from Lawren Quigley-Jones adding the - -A option -2010-09-15 Version 1.7.3 Fixed a bug in the option processing -2010-08-26 Version 1.7.2 Removes useless use of cat, better test for expect - utility -2010-08-26 Version 1.7.1 Replaces "-verify 6" which was erroneously removed in - the previous version -2010-08-26 Version 1.7.0 Overloaded --rootcert option to allow -CApath as well - as -CAfile -2010-07-21 Version 1.6.1 Added an option to specify where to temporarily - store the certificate -2010-07-09 Version 1.6.0 Added long command line options and substituted - -days with --critical and --warning -2010-07-07 Version 1.5.2 Added the -f option to check a local file -2010-07-01 Version 1.5.1 Fixed the plugin output -2010-03-11 Version 1.4.4 Fixed bug #64 (== bashism) -2010-03-09 Version 1.4.3 -N and -n options to compare the CN to an hostname -2009-12-02 Version 1.4.2 the -i ISSUER option now checks if the O= or the - CN= fields of the root certificate match -2009-11-30 Version 1.4.1 -r to specify the root cert to be used for - verification -2009-11-30 Version 1.4.0 certificate chain verification -2009-03-30 Version 1.3.0 -P option to check TLS certificates - (SMTP, FTP, POP3, ...) -2008-05-13 Version 1.2.2 include the CN in the messages (D. Wallis) -2008-02-25 Version 1.2.1 better error handling -2008-02-25 Version 1.2.0 general cleanup (POSIX compliance, removed - nmap dependency, ...) from Dan Wallis -2007-08-31 Version 1.1.0 - option to enforce a given email address - - option to enforce a given organization - - temporary files cleanup upon exit -2007-08-15 Bug fix: openssl did not close the connection cleanly -2007-08-10 First release (1.0) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/README.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/README.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/README.md 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/README.md 1970-01-01 00:00:00.000000000 +0000 @@ -1,223 +0,0 @@ - - © Matteo Corti, ETH Zurich, 2007-2012 - - © Matteo Corti, 2007-2021 - see AUTHORS for the complete list of contributors - -# check\_ssl\_cert - -A shell script (that can be used as a Nagios plugin) to check an SSL/TLS connection - -## Usage - -``` - -Usage: check_ssl_cert -H host [OPTIONS] - -Arguments: - -H,--host host server - -Options: - -A,--noauth ignore authority warnings (expiration only) - --all enables all the possible optional checks at the maximum level - --altnames matches the pattern specified in -n with - alternate names too - --check-ciphers grade checks the offered ciphers - --check-ciphers-warnings critical if nmap reports a warning for an offered cipher - -C,--clientcert path use client certificate to authenticate - --clientpass phrase set passphrase for client certificate. - -c,--critical days minimum number of days a certificate has to - be valid to issue a critical status. Default: 15 - --crl checks revokation via CRL (requires --rootcert-file) - --curl-bin path path of the curl binary to be used - --curl-user-agent string user agent that curl shall use to obtain the - issuer cert - --custom-http-header string custom HTTP header sent when getting the cert - example: 'X-Check-Ssl-Cert: Foobar=1' - --dane verify that valid DANE records exist (since OpenSSL 1.1.0) - --dane 211 verify that a valid DANE-TA(2) SPKI(1) SHA2-256(1) TLSA record exists - --dane 301 verify that a valid DANE-EE(3) Cert(0) SHA2-256(1) TLSA record exists - --dane 302 verify that a valid DANE-EE(3) Cert(0) SHA2-512(2) TLSA record exists - --dane 311 verify that a valid DANE-EE(3) SPKI(1) SHA2-256(1) TLSA record exists - --date path path of the date binary to be used - -d,--debug produces debugging output (can be specified more than once) - --debug-cert stores the retrieved certificates in the current directory - --dig-bin path path of the dig binary to be used - --ecdsa signature algorithm selection: force ECDSA certificate - --element number checks N cert element from the begining of the chain - -e,--email address pattern to match the email address contained - in the certificate - -f,--file file local file path (works with -H localhost only) - with -f you can not only pass a x509 - certificate file but also a certificate - revocation list (CRL) to check the validity - period - --file-bin path path of the file binary to be used - --fingerprint SHA1 pattern to match the SHA1-Fingerprint - --first-element-only verify just the first cert element, not the whole chain - --force-perl-date force the usage of Perl for date computations - --format FORMAT format output template on success, for example - "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'" - -h,--help,-? this help message - --http-use-get use GET instead of HEAD (default) for the HTTP - related checks - --ignore-altnames ignores alternative names when matching pattern specified in -n (or the host name) - --ignore-exp ignore expiration date - --ignore-host-cn do not complain if the CN does not match the host name - --ignore-ocsp do not check revocation with OCSP - --ignore-ocsp-timeout ignore OCSP result when timeout occurs while checking - --ignore-sig-alg do not check if the certificate was signed with SHA1 - or MD5 - --ignore-sct do not check for signed certificate timestamps (SCT) - --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L) - --ignore-tls-renegotiation Ignores the TLS renegotiation check - --inetproto protocol Force IP version 4 or 6 - -i,--issuer issuer pattern to match the issuer of the certificate - --issuer-cert-cache dir directory where to store issuer certificates cache - -K,--clientkey path use client certificate key to authenticate - -L,--check-ssl-labs grade SSL Labs assessment - (please check https://www.ssllabs.com/about/terms.html) - --check-ssl-labs-warn grade SSL-Labs grade on which to warn - --long-output list append the specified comma separated (no spaces) list - of attributes to the plugin output on additional lines - Valid attributes are: - enddate, startdate, subject, issuer, modulus, - serial, hash, email, ocsp_uri and fingerprint. - 'all' will include all the available attributes. - -n,--cn name pattern to match the CN of the certificate (can be - specified multiple times) - --nmap-bin path path of the nmap binary to be used - --no-perf do not show performance data - --no-proxy ignores the http_proxy and https_proxy environment variables - --no_ssl2 disable SSL version 2 - --no_ssl3 disable SSL version 3 - --no_tls1 disable TLS version 1 - --no_tls1_1 disable TLS version 1.1 - --no_tls1_2 disable TLS version 1.2 - --no_tls1_3 disable TLS version 1.3 - --not-issued-by issuer check that the issuer of the certificate does not match - the given pattern - --not-valid-longer-than days critical if the certificate validity is longer than - the specified period - -N,--host-cn match CN with the host name - --ocsp-critical hours minimum number of hours an OCSP response has to be valid to - issue a critical status - --ocsp-warning hours minimum number of hours an OCSP response has to be valid to - issue a warning status - -o,--org org pattern to match the organization of the certificate - --openssl path path of the openssl binary to be used - --password source password source for a local certificate, see the PASS PHRASE ARGUMENTS section - openssl(1) - -p,--port port TCP port - -P,--protocol protocol use the specific protocol - {ftp|ftps|http|https|h2|imap|imaps|irc|ircs|ldap|ldaps|pop3|pop3s| - postgres|sieve|smtp|smtps|xmpp|xmpp-server} - https: default - h2: forces HTTP/2 - ftp,imap,irc,ldap,pop3,postgres,sieve,smtp: switch to - TLS using StartTLS - --proxy proxy sets http_proxy and the s_client -proxy option - --require-no-ssl2 critical if SSL version 2 is offered - --require-no-ssl3 critical if SSL version 3 is offered - --require-no-tls1 critical if TLS 1 is offered - --require-no-tls1_1 critical if TLS 1.1 is offered - --resolve ip provides a custom IP address for the specified host - -s,--selfsigned allows self-signed certificates - --serial serialnum pattern to match the serial number - --skip-element number skip checks on N cert element from the begining of the chain - --sni name sets the TLS SNI (Server Name Indication) extension - in the ClientHello message to 'name' - --ssl2 forces SSL version 2 - --ssl3 forces SSL version 3 - --require-ocsp-stapling require OCSP stapling - --require-san require the presence of a Subject Alternative Name - extension - -r,--rootcert path root certificate or directory to be used for - certificate validation - --rootcert-dir path root directory to be used for certificate validation - --rootcert-file path root certificate to be used for certificate validation - --rsa signature algorithm selection: force RSA certificate - --temp dir directory where to store the temporary files - --terse terse output - -t,--timeout seconds timeout after the specified time - (defaults to 120 seconds) - --tls1 force TLS version 1 - --tls1_1 force TLS version 1.1 - --tls1_2 force TLS version 1.2 - --tls1_3 force TLS version 1.3 - -u,--url URL HTTP request URL - -v,--verbose verbose output (can be specified more than once) - -V,--version version - -w,--warning days minimum number of days a certificate has to be valid - to issue a warning status. Default: 20 - --xmpphost name specifies the host for the 'to' attribute of the stream element - -4 force IPv4 - -6 force IPv6 - -Deprecated options: - --days days minimum number of days a certificate has to be valid - (see --critical and --warning) - --ocsp check revocation via OCSP - -S,--ssl version force SSL version (2,3) - (see: --ssl2 or --ssl3) - -Report bugs to https://github.com/matteocorti/check_ssl_cert/issues - -``` - -## Expect & timeout - -check\_ssl\_cert requires 'expect' or 'timeout' to enable timeouts. If 'expect' or 'timeout' is not -present on your system timeouts will be disabled. - -See: [http://en.wikipedia.org/wiki/Expect](http://en.wikipedia.org/wiki/Expect) and [https://man7.org/linux/man-pages/man1/timeout.1.html](https://man7.org/linux/man-pages/man1/timeout.1.html) - - -## Virtual servers - -check\_ssl\_cert supports the servername TLS extension in ClientHello -if the installed openssl version provides it. This is needed if you -are checking a machine with virtual hosts. - -## SSL Labs - -If `-L` or `--check-ssl-labs` are specified the plugin will check the -cached status using the SSL Labs Assessment API (see -https://www.ssllabs.com/about/terms.html). - -The plugin will ask for a cached result (maximum age 1 day) to avoid -to many checks. The first time you issue the check you could therefore -get an outdated result. - -## Notes - -The root certificate corresponding to the checked certificate must be -available to openssl or specified with the `-r cabundle` or -`--rootcert cabundle` option, where cabundle is either a file for `-CAfile` -or a directory for `-CApath`. - -On macOS the root certificates bundle is stored in the Keychain and -openssl will complain with: - -``` -verification error: unable to get local issuer certificate -``` - -The bundle can be extracted with: - -``` -$ sudo security find-certificate -a \ - -p /System/Library/Keychains/SystemRootCertificates.keychain > cabundle.crt -``` - -and then submitted to `check_ssl_cert` with the `-r,--rootcert path` option - -``` - ./check_ssl_cert -H www.google.com -r ./cabundle.crt -``` - -## Bugs - -The timeout is applied to each action involving a download. - -Report bugs to [https://github.com/matteocorti/check_ssl_cert/issues](https://github.com/matteocorti/check_ssl_cert/issues) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cabundle.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cabundle.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cabundle.crt 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cabundle.crt 1970-01-01 00:00:00.000000000 +0000 @@ -1,4323 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT -EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp -ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz -NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH -EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE -AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD -E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH -/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy -DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh -GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR -tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA -AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE -FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX -WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu -9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr -gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo -2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO -LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI -4uJEvlz36hz1 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE -BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu -IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw -WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD -ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y -IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn -IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ -6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob -jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw -izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl -+zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY -zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP -pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF -KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW -ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB -AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 -ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW -IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA -A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 -uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ -FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 -jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ -u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D -YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 -puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa -icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG -DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x -kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z -Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo -YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 -MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy -NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G -A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA -A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 -Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s -QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV -eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 -B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh -z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T -AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i -ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w -TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH -MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD -VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE -VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh -bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B -AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM -bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi -ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG -VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c -ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ -AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB -ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly -aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl -ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w -NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G -A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD -VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX -SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR -VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 -w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF -mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg -4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 -4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw -EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx -SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 -ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 -vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa -hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi -Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ -/L7fCg0= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjEN -MAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQw -ODA1NDZaFw0yNTA4MjQwODA1NDZaMGQxCzAJBgNVBAYTAktSMQ0wCwYDVQQKDARL -SVNBMS4wLAYDVQQLDCVLb3JlYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBDZW50 -cmFsMRYwFAYDVQQDDA1LSVNBIFJvb3RDQSAxMIIBIDANBgkqhkiG9w0BAQEFAAOC -AQ0AMIIBCAKCAQEAvATk+hM58DSWIGtsaLv623f/J/es7C/n/fB/bW+MKs0lCVsk -9KFo/CjsySXirO3eyDOE9bClCTqnsUdIxcxPjHmc+QZXfd3uOPbPFLKc6tPAXXdi -8EcNuRpAU1xkcK8IWsD3z3X5bI1kKB4g/rcbGdNaZoNy4rCbvdMlFQ0yb2Q3lIVG -yHK+d9VuHygvx2nt54OJM1jT3qC/QOhDUO7cTWu8peqmyGGO9cNkrwYV3CmLP3WM -vHFE2/yttRcdbYmDz8Yzvb9Fov4Kn6MRXw+5H5wawkbMnChmn3AmPC7fqoD+jMUE -CSVPzZNHPDfqAmeS/vwiJFys0izgXAEzisEZ2wIBA6MyMDAwHQYDVR0OBBYEFL+2 -J9gDWnZlTGEBQVYx5Yt7OtnMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADggEBABOvUQveimpb5poKyLGQSk6hAp3MiNKrZr097LuxQpVqslxa/6FjZJap -aBV/JV6K+KRzwYCKhQoOUugy50X4TmWAkZl0Q+VFnUkq8JSV3enhMNITbslOsXfl -BM+tWh6UCVrXPAgcrnrpFDLBRa3SJkhyrKhB2vAhhzle3/xk/2F0KpzZm4tfwjeT -2KM3LzuTa7IbB6d/CVDv0zq+IWuKkDsnSlFOa56ch534eJAx7REnxqhZvvwYC/uO -fi5C4e3nCSG9uRPFVmf0JqZCQ5BEVLRxm3bkGhKsGigA35vB1fjbXKP4krG9tNT5 -UNkAAk/bg9ART6RCVmE6fhMy04Qfybo= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE -BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w -MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 -IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC -SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 -ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv -UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX -4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 -KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ -gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb -rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ -51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F -be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe -KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F -v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn -fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 -jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz -ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt -ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL -e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 -jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz -WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V -SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j -pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX -X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok -fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R -K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU -ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU -LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT -LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD -QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD -VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU -IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm -CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ -ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq -WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u -loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 -lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd -BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ -BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv -Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt -YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v -Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN -BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf -jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg -t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv -m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN -h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln -tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIIAeDltYNno+AwDQYJKoZIhvcNAQEMBQAwZzEbMBkGA1UE -AwwSQXBwbGUgUm9vdCBDQSAtIEcyMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMw -HhcNMTQwNDMwMTgxMDA5WhcNMzkwNDMwMTgxMDA5WjBnMRswGQYDVQQDDBJBcHBs -ZSBSb290IENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBANgREkhI2imKScUcx+xuM23+TfvgHN6s -XuI2pyT5f1BrTM65MFQn5bPW7SXmMLYFN14UIhHF6Kob0vuy0gmVOKTvKkmMXT5x -ZgM4+xb1hYjkWpIMBDLyyED7Ul+f9sDx47pFoFDVEovy3d6RhiPw9bZyLgHaC/Yu -OQhfGaFjQQscp5TBhsRTL3b2CtcM0YM/GlMZ81fVJ3/8E7j4ko380yhDPLVoACVd -J2LT3VXdRCCQgzWTxb+4Gftr49wIQuavbfqeQMpOhYV4SbHXw8EwOTKrfl+q04tv -ny0aIWhwZ7Oj8ZhBbZF8+NfbqOdfIRqMM78xdLe40fTgIvS/cjTf94FNcX1RoeKz -8NMoFnNvzcytN31O661A4T+B/fc9Cj6i8b0xlilZ3MIZgIxbdMYs0xBTJh0UT8TU -gWY8h2czJxQI6bR3hDRSj4n4aJgXv8O7qhOTH11UL6jHfPsNFL4VPSQ08prcdUFm -IrQB1guvkJ4M6mL4m1k8COKWNORj3rw31OsMiANDC1CvoDTdUE0V+1ok2Az6DGOe -HwOx4e7hqkP0ZmUoNwIx7wHHHtHMn23KVDpA287PT0aLSmWaasZobNfMmRtHsHLD -d4/E92GcdB/O/WuhwpyUgquUoue9G7q5cDmVF8Up8zlYNPXEpMZ7YLlmQ1A/bmH8 -DvmGqmAMQ0uVAgMBAAGjQjBAMB0GA1UdDgQWBBTEmRNsGAPCe8CjoA1/coB6HHcm -jTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQwF -AAOCAgEAUabz4vS4PZO/Lc4Pu1vhVRROTtHlznldgX/+tvCHM/jvlOV+3Gp5pxy+ -8JS3ptEwnMgNCnWefZKVfhidfsJxaXwU6s+DDuQUQp50DhDNqxq6EWGBeNjxtUVA -eKuowM77fWM3aPbn+6/Gw0vsHzYmE1SGlHKy6gLti23kDKaQwFd1z4xCfVzmMX3z -ybKSaUYOiPjjLUKyOKimGY3xn83uamW8GrAlvacp/fQ+onVJv57byfenHmOZ4VxG -/5IFjPoeIPmGlFYl5bRXOJ3riGQUIUkhOb9iZqmxospvPyFgxYnURTbImHy99v6Z -SYA7LNKmp4gDBDEZt7Y6YUX6yfIjyGNzv1aJMbDZfGKnexWoiIqrOEDCzBL/FePw -N983csvMmOa/orz6JopxVtfnJBtIRD6e/J/JzBrsQzwBvDR4yGn1xuZW7AYJNpDr -FEobXsmII9oDMJELuDY++ee1KG++P+w8j2Ud5cAeh6Squpj9kuNsJnfdBrRkBof0 -Tta6SqoWqPQFZ2aWuuJVecMsXUmPgEkrihLHdoBR37q9ZV0+N0djMenl9MU/S60E -inpxLK8JQzcPqOMyT/RFtm2XNuyE9QoB6he7hY1Ck3DDUOUUi78/w0EP3SIEIwiK -um1xRKtzCTrJ+VKACd+66eYWyi4uTLLT3OUEVLLUNIAytbwPF+E= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1 -OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG -A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ -JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD -vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo -D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/ -Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW -RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK -HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN -nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM -0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i -UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9 -Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg -TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE -AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL -BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K -2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX -UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl -6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK -9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ -HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI -wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY -XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l -IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo -hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr -so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl -MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh -U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz -MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N -IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 -bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE -RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO -zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 -bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF -MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 -VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC -OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW -tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ -q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb -EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ -Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O -VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC -VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T -U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx -NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv -dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv -bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 -AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA -VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku -WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP -MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX -5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ -ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg -h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix -DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k -IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT -N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v -dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG -A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh -ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx -QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 -dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA -4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 -AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 -4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C -ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV -9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD -gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 -Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq -NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko -LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc -Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd -ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I -XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI -M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot -9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V -Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea -j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh -X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ -l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf -bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 -pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK -e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 -vm9qp/UsQu0yrbYhnr68 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe -MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 -ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe -Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw -IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL -SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH -SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh -ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X -DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 -TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ -fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA -sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU -WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS -nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH -dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip -NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC -AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF -MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH -ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB -uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl -PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP -JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ -gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 -j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 -5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB -o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS -/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z -Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE -W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D -hNQ+IIX3Sj0rnP0qCglN6oH4EZw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB -yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL -ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp -U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW -ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW -ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp -U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y -aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 -nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex -t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz -SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG -BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ -rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ -NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E -BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH -BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy -aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv -MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE -p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y -5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK -WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ -4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N -hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b -N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t -KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu -kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm -CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ -Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu -imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te -2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe -DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC -/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p -F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt -TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF -MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL -ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx -MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc -MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ -AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH -iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj -vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA -0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB -OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ -BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E -FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 -GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW -zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 -1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE -f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F -jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN -ZetX2fNXlrtIzYE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICQzCCAcmgAwIBAgIILcX8iNLFS5UwCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwS -QXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcN -MTQwNDMwMTgxOTA2WhcNMzkwNDMwMTgxOTA2WjBnMRswGQYDVQQDDBJBcHBsZSBS -b290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9y -aXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzB2MBAGByqGSM49 -AgEGBSuBBAAiA2IABJjpLz1AcqTtkyJygRMc3RCV8cWjTnHcFBbZDuWmBSp3ZHtf -TjjTuxxEtX/1H7YyYl3J6YRbTzBPEVoA/VhYDKX1DyxNB0cTddqXl5dvMVztK517 -IDvYuVTZXpmkOlEKMaNCMEAwHQYDVR0OBBYEFLuw3qFYM4iapIqZ3r6966/ayySr -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gA -MGUCMQCD6cHEFl4aXTQY2e3v9GwOAEZLuN+yRhHFD/3meoyhpmvOwgPUnPWTxnS4 -at+qIxUCMG1mihDK1A3UT82NQz60imOlM27jbdoXt2QfyFMm+YhidDkLF1vLUagM -6BgD56KyKA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 -MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL -v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 -eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq -tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd -C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa -zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB -mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH -V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n -bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG -3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs -J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO -291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS -ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd -AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 -TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu -VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN -MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 -MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 -ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy -RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS -bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF -/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R -3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw -EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy -9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V -GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ -2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV -WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD -W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN -AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj -t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV -DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 -TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G -lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW -mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df -WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 -+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ -tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA -GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv -8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 -MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR -/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu -FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR -U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c -ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR -FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k -A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw -eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl -sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp -VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q -A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ -ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD -ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px -KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI -FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv -oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg -u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP -0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf -3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl -8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ -DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN -PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ -ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEBDCCAuygAwIBAgIIGHqpqMKWIQwwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE -BhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTEy -MDIwMTIyMTIxNVoXDTI3MDIwMTIyMTIxNVoweTEtMCsGA1UEAwwkRGV2ZWxvcGVy -IElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQLDB1BcHBsZSBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UE -BhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJdk8GW5pB7qUj -KwKjX9dzP8A1sIuECj8GJH+nlT/rTw6Tr7QO0Mg+5W0Ysx/oiUe/1wkI5P9WmCkV -55SduTWjCs20wOHiYPTK7Cl4RWlpYGtfipL8niPmOsIiszFPHLrytjRZQu6wqQID -GJEEtrN4LjMfgEUNRW+7Dlpbfzrn2AjXCw4ybfuGNuRsq8QRinCEJqqfRNHxuMZ7 -lBebSPcLWBa6I8WfFTl+yl3DMl8P4FJ/QOq+rAhklVvJGpzlgMofakQcbD7EsCYf -Hex7r16gaj1HqVgSMT8gdihtHRywwk4RaSaLy9bQEYLJTg/xVnTQ2QhLZniiq6yn -4tJMh1nJAgMBAAGjgaYwgaMwHQYDVR0OBBYEFFcX7aLP3HyYoRDg/L6HLSzy4xdU -MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/ -CF4wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5j -cmwwDgYDVR0PAQH/BAQDAgGGMBAGCiqGSIb3Y2QGAgYEAgUAMA0GCSqGSIb3DQEB -CwUAA4IBAQBCOXRrodzGpI83KoyzHQpEvJUsf7xZuKxh+weQkjK51L87wVA5akR0 -ouxbH3Dlqt1LbBwjcS1f0cWTvu6binBlgp0W4xoQF4ktqM39DHhYSQwofzPuAHob -tHastrW7T9+oG53IGZdKC1ZnL8I+trPEgzrwd210xC4jUe6apQNvYPSlSKcGwrta -4h8fRkV+5Jf1JxC3ICJyb3LaxlB1xT0lj12jAOmfNoxIOY+zO+qQgC6VmmD0eM70 -DgpTPqL6T9geroSVjTK8Vk2J6XgY4KyaQrp6RhuEoonOFOiI0ViL9q5WxCwFKkWv -C9lLqQIPNKyIx2FViUTJJ3MH7oLlTvVw ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix -RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 -dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p -YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw -NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK -EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl -cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl -c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz -dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ -fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns -bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD -75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP -FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp -5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu -b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA -A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p -6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 -TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 -dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys -Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI -l7WdmplNsDz4SgCbZN2fOUvRJ9e4 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y -ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E -N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 -tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX -0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c -/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X -KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY -zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS -O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D -34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP -K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv -Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj -QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV -cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS -IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 -HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa -O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv -033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u -dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE -kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 -3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD -u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq -4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV -BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC -aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV -BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 -Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz -MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ -BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp -em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN -ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY -B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH -D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF -Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo -q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D -k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH -fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut -dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM -ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 -zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn -rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX -U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 -Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 -XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF -Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR -HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY -GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c -77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 -+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK -vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 -FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl -yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P -AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD -y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d -NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs -ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 -MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy -ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy -dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p -OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 -8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K -Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe -hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk -6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q -AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI -bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB -ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z -qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd -iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn -0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN -sSi6 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD -VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk -MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U -cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y -IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV -BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw -IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy -dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig -RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb -3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA -BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 -3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou -owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ -wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF -ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf -BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ -MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv -civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 -AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F -hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 -soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI -WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi -tJ/X5g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP -Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr -ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL -MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 -yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr -VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ -nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG -XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj -vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt -Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g -N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC -nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB -lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w -HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl -YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE -BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT -eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx -IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD -6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o -ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH -w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn -r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP -N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB -AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX -tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP -4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q -dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz -5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA -DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 -0jPg/73RVDkpDw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 -MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV -wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe -rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 -68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh -4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp -UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o -abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc -3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G -KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt -hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO -Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt -zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD -ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC -MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 -cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN -qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 -YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv -b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 -8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k -NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj -ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp -q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt -nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi -MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu -MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV -UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO -ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz -c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP -OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl -mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF -BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 -qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw -gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu -bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp -dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 -6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ -h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH -/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv -wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN -pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID+TCCAuGgAwIBAgIQW1fXqEywr9nTb0ugMbTW4jANBgkqhkiG9w0BAQUFADB5 -MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl -cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xKjAoBgNVBAMTIVZpc2EgSW5m -b3JtYXRpb24gRGVsaXZlcnkgUm9vdCBDQTAeFw0wNTA2MjcxNzQyNDJaFw0yNTA2 -MjkxNzQyNDJaMHkxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRWSVNBMS8wLQYDVQQL -EyZWaXNhIEludGVybmF0aW9uYWwgU2VydmljZSBBc3NvY2lhdGlvbjEqMCgGA1UE -AxMhVmlzYSBJbmZvcm1hdGlvbiBEZWxpdmVyeSBSb290IENBMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyREA4R/QkkfpLx0cYjga/EhIPZpchH0MZsRZ -FfP6C2ITtf/Wc+MtgD4yTK0yoiXvni3d+aCtEgK3GDvkdgYrgF76ROJFZwUQjQ9l -x42gRT05DbXvWFoy7dTglCZ9z/Tt2Cnktv9oxKgmkeHY/CyfpCBg1S8xth2JlGMR -0ug/GMO5zANuegZOv438p5Lt5So+du2Gl+RMFQqEPwqN5uJSqAe0VtmB4gWdQ8on -Bj2ZAM2R73QW7UW0Igt2vA4JaSiNtaAG/Y/58VXWHGgbq7rDtNK1R30X0kJV0rGA -ib3RSwB3LpG7bOjbIucV5mQgJoVjoA1e05w6g1x/KmNTmOGRVwIDAQABo30wezAP -BgNVHRMBAf8EBTADAQH/MDkGA1UdIAQyMDAwLgYFZ4EDAgEwJTAVBggrBgEFBQcC -ARYJMS4yLjMuNC41MAwGCCsGAQUFBwICMAAwDgYDVR0PAQH/BAQDAgEGMB0GA1Ud -DgQWBBRPitp2/2d3I5qmgH1924h1hfeBejANBgkqhkiG9w0BAQUFAAOCAQEACUW1 -QdUHdDJydgDPmYt+telnG/Su+DPaf1cregzlN43bJaJosMP7NwjoJY/H2He4XLWb -5rXEkl+xH1UyUwF7mtaUoxbGxEvt8hPZSTB4da2mzXgwKvXuHyzF5Qjy1hOB0/pS -WaF9ARpVKJJ7TOJQdGKBsF2Ty4fSCLqZLgfxbqwMsd9sysXI3rDXjIhekqvbgeLz -PqZr+pfgFhwCCLSMQWl5Ll3u7Qk9wR094DZ6jj6+JCVCRUS3HyabH4OlM0Vc2K+j -INsF/64Or7GNtRf9HYEJvrPxHINxl3JVwhYj4ASeaO4KwhVbwtw94Tc/XrGcexDo -c5lC3rAi4/UZqweYCw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB -vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL -ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp -U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W -ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe -Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX -MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 -IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y -IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh -bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF -9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH -H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H -LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN -/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT -rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw -WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs -exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud -DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 -sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ -seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz -4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ -BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR -lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 -7M2CYfE45k+XmCpajQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 -WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu -ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc -h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ -0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U -A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW -T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH -B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC -B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv -KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn -OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn -jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw -qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI -rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq -hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ -3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK -NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 -ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur -TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC -jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc -oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq -4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA -mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d -emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFVTCCBD2gAwIBAgIEO/OB0DANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJj -aDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYDVQQLExlD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1BZG1pbi1Sb290LUNB -MB4XDTAxMTExNTA4NTEwN1oXDTIxMTExMDA3NTEwN1owbDELMAkGA1UEBhMCY2gx -DjAMBgNVBAoTBWFkbWluMREwDwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UECxMZQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdGllczEWMBQGA1UEAxMNQWRtaW4tUm9vdC1DQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvgr0QUIv5qF0nyXZ3PXAJi -C4C5Wr+oVTN7oxIkXkxvO0GJToM9n7OVJjSmzBL0zJ2HXj0MDRcvhSY+KiZZc6Go -vDvr5Ua481l7ILFeQAFtumeza+vvxeL5Nd0Maga2miiacLNAKXbAcUYRa0Ov5VZB -++YcOYNNt/aisWbJqA2y8He+NsEgJzK5zNdayvYXQTZN+7tVgWOck16Da3+4FXdy -fH1NCWtZlebtMKtERtkVAaVbiWW24CjZKAiVfggjsiLo3yVMPGj3budLx5D9hEEm -vlyDOtcjebca+AcZglppWMX/iHIrx7740y0zd6cWEqiLIcZCrnpkr/KzwO135GkC -AwEAAaOCAf0wggH5MA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIASBkTCBjjCBiwYI -YIV0AREDAQAwfzArBggrBgEFBQcCAjAfGh1UaGlzIGlzIHRoZSBBZG1pbi1Sb290 -LUNBIENQUzBQBggrBgEFBQcCARZEaHR0cDovL3d3dy5pbmZvcm1hdGlrLmFkbWlu -LmNoL1BLSS9saW5rcy9DUFNfMl8xNl83NTZfMV8xN18zXzFfMC5wZGYwfwYDVR0f -BHgwdjB0oHKgcKRuMGwxFjAUBgNVBAMTDUFkbWluLVJvb3QtQ0ExIjAgBgNVBAsT -GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxETAPBgNVBAsTCFNlcnZpY2VzMQ4w -DAYDVQQKEwVhZG1pbjELMAkGA1UEBhMCY2gwHQYDVR0OBBYEFIKf+iNzIPGXi7JM -Tb5CxX9mzWToMIGZBgNVHSMEgZEwgY6AFIKf+iNzIPGXi7JMTb5CxX9mzWTooXCk -bjBsMQswCQYDVQQGEwJjaDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZp -Y2VzMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQD -Ew1BZG1pbi1Sb290LUNBggQ784HQMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B -AQUFAAOCAQEAeE96XCYRpy6umkPKXDWCRn7INo96ZrWpMggcDORuofHIwdTkgOeM -vWOxDN/yuT7CC3FAaUajbPRbDw0hRMcqKz0aC8CgwcyIyhw/rFK29mfNTG3EviP9 -QSsEbnelFnjpm1wjz4EaBiFjatwpUbI6+Zv3XbEt9QQXBn+c6DeFLe4xvC4B+MTr -a440xTk59pSYux8OHhEvqIwHCkiijGqZhTS3KmGFeBopaR+dJVBRBMoXwzk4B3Hn -0Zib1dEYFZa84vPJZyvxCbLOnPRDJgH6V2uQqbG+6DXVaf/wORVOvF/wzzv0viM/ -RWbEtJZdvo8N3sdtCULzifnxP/V0T9+4ZQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x -CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs -dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x -CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs -dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat -93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x -Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P -AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj -FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG -SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch -p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal -U5ORGpOucGpnutee5WEaXw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB -gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk -MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY -UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx -NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 -dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy -dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 -38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP -KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q -DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 -qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa -JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi -PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P -BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs -jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 -eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD -ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR -vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt -qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa -IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy -i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ -O+7ETPTsJ3xCwnR8gooJybQDJbw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV -BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw -IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy -dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig -Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk -MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg -Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD -VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy -dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ -QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq -1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp -2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK -DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape -az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF -3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 -oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM -g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 -mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh -8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd -BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U -nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw -DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX -dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ -MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL -/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX -CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa -ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW -2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 -N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 -Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB -As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp -5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu -1uwJ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD -bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw -NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV -BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn -ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 -3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z -qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR -p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 -HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw -ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea -HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw -Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh -c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E -RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt -dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku -Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp -3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 -nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF -CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na -xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX -KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB -lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w -HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl -YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE -BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT -eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy -IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn -V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs -ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx -+FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y -KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN -KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB -AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW -tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L -0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 -bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 -Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm -KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ -b/xa5IJVWa8xqQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt -MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg -Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i -YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x -CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG -b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh -bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 -HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx -WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX -1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk -u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P -99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r -M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB -BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh -cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 -gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO -ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf -aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic -Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGATCCA+mgAwIBAgIRAI9hcRW6eVgXjH0ROqzW264wDQYJKoZIhvcNAQELBQAw -RTEfMB0GA1UEAxMWQ29tU2lnbiBHbG9iYWwgUm9vdCBDQTEVMBMGA1UEChMMQ29t -U2lnbiBMdGQuMQswCQYDVQQGEwJJTDAeFw0xMTA3MTgxMDI0NTRaFw0zNjA3MTYx -MDI0NTVaMEUxHzAdBgNVBAMTFkNvbVNpZ24gR2xvYmFsIFJvb3QgQ0ExFTATBgNV -BAoTDENvbVNpZ24gTHRkLjELMAkGA1UEBhMCSUwwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQCyKClzKh3rm6n1nvigmV/VU1D4hSwYW2ro3VqpzpPo0Ph3 -3LguqjXd5juDwN4mpxTpD99d7Xu5X6KGTlMVtfN+bTbA4t3x7DU0Zqn0BE5XuOgs -3GLH41Vmr5wox1bShVpM+IsjcN4E/hMnDtt/Bkb5s33xCG+ohz5dlq0gA9qfr/g4 -O9lkHZXTCeYrmVzd/il4x79CqNvGkdL3um+OKYl8rg1dPtD8UsytMaDgBAopKR+W -igc16QJzCbvcinlETlrzP/Ny76BWPnAQgaYBULax/Q5thVU+N3sEOKp6uviTdD+X -O6i96gARU4H0xxPFI75PK/YdHrHjfjQevXl4J37FJfPMSHAbgPBhHC+qn/014DOx -46fEGXcdw2BFeIIIwbj2GH70VyJWmuk/xLMCHHpJ/nIF8w25BQtkPpkwESL6esaU -b1CyB4Vgjyf16/0nRiCAKAyC/DY/Yh+rDWtXK8c6QkXD2XamrVJo43DVNFqGZzbf -5bsUXqiVDOz71AxqqK+p4ek9374xPNMJ2rB5MLPAPycwI0bUuLHhLy6nAIFHLhut -TNI+6Y/soYpi5JSaEjcY7pxI8WIkUAzr2r+6UoT0vAdyOt7nt1y8844a7szo/aKf -woziHl2O1w6ZXUC30K+ptXVaOiW79pBDcbLZ9ZdbONhS7Ea3iH4HJNwktrBJLQID -AQABo4HrMIHoMA8GA1UdEwEB/wQFMAMBAf8wgYQGA1UdHwR9MHswPKA6oDiGNmh0 -dHA6Ly9mZWRpci5jb21zaWduLmNvLmlsL2NybC9jb21zaWduZ2xvYmFscm9vdGNh -LmNybDA7oDmgN4Y1aHR0cDovL2NybDEuY29tc2lnbi5jby5pbC9jcmwvY29tc2ln -bmdsb2JhbHJvb3RjYS5jcmwwDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBQCRZPY -DUhirGm6rgZbPvuqJpFQsTAfBgNVHSMEGDAWgBQCRZPYDUhirGm6rgZbPvuqJpFQ -sTANBgkqhkiG9w0BAQsFAAOCAgEAk1V5V9701xsfy4mfX+tP9Ln5e9h3N+QMwUfj -kr+k3e8iXOqADjTpUHeBkEee5tJq09ZLp/43F5tZ2eHdYq2ZEX7iWHCnOQet6Yw9 -SU1TahsrGDA6JJD9sdPFnNZooGsU1520e0zNB0dNWwxrWAmu4RsBxvEpWCJbvzQL -dOfyX85RWwli81OiVMBc5XvJ1mxsIIqli45oRynKtsWP7E+b0ISJ1n+XFLdQo/Nm -WA/5sDfT0F5YPzWdZymudMbXitimxC+n4oQE4mbQ4Zm718Iwg3pP9gMMcSc7Qc1J -kJHPH9O7gVubkKHuSYj9T3Ym6c6egL1pb4pz/uT7cT26Fiopc/jdqbe2EAfoJZkv -hlp/zdzOoXTWjiKNA5zmgWnZn943FuE9KMRyKtyi/ezJXCh8ypnqLIKxeFfZl69C -BwJsPXUTuqj8Fic0s3aZmmr7C4jXycP+Q8V+akMEIoHAxcd960b4wVWKqOcI/kZS -Q0cYqWOY1LNjznRt9lweWEfwDBL3FhrHOmD4++1N3FkkM4W+Q1b2WOL24clDMj+i -2n9Iw0lc1llHMSMvA5D0vpsXZpOgcCVahfXczQKi9wQ3oZyonJeWx4/rXdMtagAB -VBYGFuMEUEQtybI+eIbnp5peO2WAAblQI4eTy/jMVowe5tfMEXovV3sz9ULgmGb3 -DscLP1I= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 -MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 -ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD -VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j -b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq -scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO -xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H -LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX -uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD -yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ -JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q -rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN -BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L -hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB -QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ -HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu -Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg -QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB -BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx -MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA -A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb -laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 -awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo -JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw -LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT -VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk -LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb -UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ -QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ -naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls -QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB -gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV -BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw -MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl -YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P -RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 -UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI -2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 -Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp -+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ -DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O -nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW -/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g -PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u -QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY -SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv -IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ -RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 -zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd -BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB -ZQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD -VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk -MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U -cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y -IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB -pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h -IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG -A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU -cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid -RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V -seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme -9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV -EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW -hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ -DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw -DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD -ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I -/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf -ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ -yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts -L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN -zl/HHk484IkzlQsPpTLWPFp5LBk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy -aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s -IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp -Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV -BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp -Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu -Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g -Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt -IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU -J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO -JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY -wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o -koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN -qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E -Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe -xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u -7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU -sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI -sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP -cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA -MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy -dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa -MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy -dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a -iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt -6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP -0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f -6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE -EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN -1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc -h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT -mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV -4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO -WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud -DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd -Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq -hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh -66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 -/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS -S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j -2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R -Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr -RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy -6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV -V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 -g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl -++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc -8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke -hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI -KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg -515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO -xwy8p2Fp8fc74SrL+SvzZpA3 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx -CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ -WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ -BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG -Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ -yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf -BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz -WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF -tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z -374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC -IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL -mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 -wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS -MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 -ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet -UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H -YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 -LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD -nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 -RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM -LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf -77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N -JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm -fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp -6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp -1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B -9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok -RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv -uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET -MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk -BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4 -Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl -cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0 -aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY -F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N -8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe -rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K -/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu -7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC -28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6 -lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E -nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB -0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09 -5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj -WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN -jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ -KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s -ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM -OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q -619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn -2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj -o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v -nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG -5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq -pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb -dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0 -BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF8DCCA9igAwIBAgIPBuhGJy8fCo/RhFzjafbVMA0GCSqGSIb3DQEBBQUAMDgx -CzAJBgNVBAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwKSXpl -bnBlLmNvbTAeFw0wNzEyMTMxMzA4MjdaFw0zNzEyMTMwODI3MjVaMDgxCzAJBgNV -BAYTAkVTMRQwEgYDVQQKDAtJWkVOUEUgUy5BLjETMBEGA1UEAwwKSXplbnBlLmNv -bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMnTesoPHqynhugWZWqx -whtFMnGV2f4QW8yv56V5AY+Jw8ryVXH3d753lPNypCxE2J6SmxQ6oeckkAoKVo7F -2CaU4dlI4S0+2gpy3aOZFdqBoof0e24md4lYrdbrDLJBenNubdt6eEHpCIgSfocu -ZhFjbFT7PJ1ywLwu/8K33Q124zrX97RovqL144FuwUZvXY3gTcZUVYkaMzEKsVe5 -o4qYw+w7NMWVQWl+dcI8IMVhulFHoCCQk6GQS/NOfIVFVJrRBSZBsLVNHTO+xAPI -JXzBcNs79AktVCdIrC/hxKw+yMuSTFM5NyPs0wH54AlETU1kwOENWocivK0bo/4m -tRXzp/yEGensoYi0RGmEg/OJ0XQGqcwL1sLeJ4VQJsoXuMl6h1YsGgEebL4TrRCs -tST1OJGh1kva8bvS3ke18byB9llrzxlT6Y0Vy0rLqW9E5RtBz+GGp8rQap+8TI0G -M1qiheWQNaBiXBZO8OOi+gMatCxxs1gs3nsL2xoP694hHwZ3BgOwye+Z/MC5TwuG -KP7Suerj2qXDR2kS4Nvw9hmL7Xtw1wLW7YcYKCwEJEx35EiKGsY7mtQPyvp10gFA -Wo15v4vPS8+qFsGV5K1Mij4XkdSxYuWC5YAEpAN+jb/af6IPl08M0w3719Hlcn4c -yHf/W5oPt64FRuXxqBbsR6QXAgMBAAGjgfYwgfMwgbAGA1UdEQSBqDCBpYEPaW5m -b0BpemVucGUuY29tpIGRMIGOMUcwRQYDVQQKDD5JWkVOUEUgUy5BLiAtIENJRiBB -MDEzMzcyNjAtUk1lcmMuVml0b3JpYS1HYXN0ZWl6IFQxMDU1IEY2MiBTODFDMEEG -A1UECQw6QXZkYSBkZWwgTWVkaXRlcnJhbmVvIEV0b3JiaWRlYSAxNCAtIDAxMDEw -IFZpdG9yaWEtR2FzdGVpejAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUHRxlDqjyJXu0kc/ksbHmvVV0bAUwDQYJKoZIhvcNAQEFBQAD -ggIBAMeBRm8hGE+gBe/n1bqXUKJg7aWSFBpSm/nxiEqg3Hh10dUflU7F57dp5iL0 -+CmoKom+z892j+Mxc50m0xwbRxYpB2iEitL7sRskPtKYGCwkjq/2e+pEFhsqxPqg -l+nqbFik73WrAGLRne0TNtsiC7bw0fRue0aHwp28vb5CO7dz0JoqPLRbEhYArxk5 -ja2DUBzIgU+9Ag89njWW7u/kwgN8KRwCfr00J16vU9adF79XbOnQgxCvv11N75B7 -XSus7Op9ACYXzAJcY9cZGKfsK8eKPlgOiofmg59OsjQerFQJTx0CCzl+gQgVuaBp -E8gyK+OtbBPWg50jLbJtooiGfqgNASYJQNntKE6MkyQP2/EeTXp6WuKlWPHcj1+Z -ggwuz7LdmMySlD/5CbOlliVbN/UShUHiGUzGigjB3Bh6Dx4/glmimj4/+eAJn/3B -kUtdyXvWton83x18hqrNA/ILUpLxYm9/h+qrdslsUMIZgq+qHfUgKGgu1fxkN0/P -pUTEvnK0jHS0bKf68r10OEMr3q/53NjgnZ/cPcqlY0S/kqJPTIAcuxrDmkoEVU3K -7iYLHL8CxWTTnn7S05EcS6L1HOUXHA0MUqORH5zwIe0ClG+poEnK6EOMxPQ02nwi -o8ZmPrgbBYhdurz3vOXcFD2nhqi2WVIhA16L4wTtSyoeo09Q ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ -FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F -uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX -kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs -ewv4n4Q= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg -RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y -ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If -xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV -ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO -DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ -jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ -CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi -EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM -fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY -uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK -chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t -9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD -ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 -SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd -+SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc -fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa -sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N -cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N -0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie -4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI -r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 -/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm -gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn -MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL -ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg -b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa -MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB -ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw -IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B -AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb -unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d -BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq -7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 -0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX -roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG -A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j -aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p -26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA -BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud -EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN -BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB -AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd -p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi -1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc -XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 -eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu -tGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX -DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl -ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv -b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP -cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW -IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX -xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy -KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR -9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az -5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 -6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 -Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP -bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt -BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt -XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF -MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd -INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD -U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp -LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 -Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp -gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh -/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw -0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A -fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq -4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR -1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ -QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM -94B7IWcnMFk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES -MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU -V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz -WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO -LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE -AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH -K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX -RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z -rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx -3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq -hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC -MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls -XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D -lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn -aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ -YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp -U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw -NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE -ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp -ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 -DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf -8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN -+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 -X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa -K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA -1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G -A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR -zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 -YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD -bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 -L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D -eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl -xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp -VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY -WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIE5zCCA8+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCQ0Ex -EDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoTFEVj -aG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZp -Y2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMjAeFw0wNTEwMDYxMDQ5MTNa -Fw0zMDEwMDcxMDQ5MTNaMIGNMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJp -bzEQMA4GA1UEBxMHVG9yb250bzEdMBsGA1UEChMURWNob3dvcnggQ29ycG9yYXRp -b24xHzAdBgNVBAsTFkNlcnRpZmljYXRpb24gU2VydmljZXMxGjAYBgNVBAMTEUVj -aG93b3J4IFJvb3QgQ0EyMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA -utU/5BkV15UBf+s+JQruKQxr77s3rjp/RpOtmhHILIiO5gsEWP8MMrfrVEiidjI6 -Qh6ans0KAWc2Dw0/j4qKAQzOSyAZgjcdypNTBZ7muv212DA2Pu41rXqwMrlBrVi/ -KTghfdLlNRu6JrC5y8HarrnRFSKF1Thbzz921kLDRoCi+FVs5eVuK5LvIfkhNAqA -byrTgO3T9zfZgk8upmEkANPDL1+8y7dGPB/d6lk0I5mv8PESKX02TlvwgRSIiTHR -k8++iOPLBWlGp7ZfqTEXkPUZhgrQQvxcrwCUo6mk8TqgxCDP5FgPoHFiPLef5szP -ZLBJDWp7GLyE1PmkQI6WiwIBA6OCAVAwggFMMA8GA1UdEwEB/wQFMAMBAf8wCwYD -VR0PBAQDAgEGMB0GA1UdDgQWBBQ74YEboKs/OyGC1eISrq5QqxSlEzCBugYDVR0j -BIGyMIGvgBQ74YEboKs/OyGC1eISrq5QqxSlE6GBk6SBkDCBjTELMAkGA1UEBhMC -Q0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoT -FEVjaG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNl -cnZpY2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMoIBADBQBgNVHSAESTBH -MEUGCysGAQQB+REKAQMBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuZWNob3dv -cnguY29tL2NhL3Jvb3QyL2Nwcy5wZGYwDQYJKoZIhvcNAQEFBQADggEBAG+nrPi/ -0RpfEzrj02C6JGPUar4nbjIhcY6N7DWNeqBoUulBSIH/PYGNHYx7/lnJefiixPGE -7TQ5xPgElxb9bK8zoAApO7U33OubqZ7M7DlHnFeCoOoIAZnG1kuwKwD5CXKB2a74 -HzcqNnFW0IsBFCYqrVh/rQgJOzDA8POGbH0DeD0xjwBBooAolkKT+7ZItJF1Pb56 -QpDL9G+16F7GkmnKlAIYT3QTS3yFGYChnJcd+6txUPhKi9sSOOmAIaKHnkH9Scz+ -A2cSi4A3wUYXVatuVNHpRb2lygfH3SuCX9MU8Ure3zBlSU1LALtMqI4JmcQmQpIq -zIzvO2jHyu9PQqo= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz -MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw -IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR -dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp -li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D -rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ -WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug -F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU -xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC -Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv -dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw -ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl -IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh -c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy -ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh -Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI -KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T -KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq -y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p -dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD -VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk -fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 -7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R -cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y -mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW -xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK -SnQ2+Q== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr -MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl -cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv -bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw -CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h -dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l -cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h -2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E -lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV -ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq -299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t -vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL -dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD -AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF -AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR -zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 -LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd -7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw -++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt -398znM/jra6O1I7mT1GvFpLgXPYHDw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x -FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz -MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv -cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz -Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO -0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao -wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj -7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS -8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT -BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg -JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC -NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 -6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ -3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm -D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS -CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT -MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i -YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg -R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 -9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq -fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv -iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU -1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ -bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW -MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA -ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l -uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn -Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS -tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF -PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un -hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV -5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDcTCCAlmgAwIBAgIVAOYJ/nrqAGiM4CS07SAbH+9StETRMA0GCSqGSIb3DQEB -BQUAMFAxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGlj -emVuaW93YSBTLkEuMRcwFQYDVQQDDA5TWkFGSVIgUk9PVCBDQTAeFw0xMTEyMDYx -MTEwNTdaFw0zMTEyMDYxMTEwNTdaMFAxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L -cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRcwFQYDVQQDDA5TWkFGSVIg -Uk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxHL49ZMTml -6g3wpYwrvQKkvc0Kc6oJ5sxfgmp1qZfluwbv88BdocHSiXlY8NzrVYzuWBp7J/9K -ULMAoWoTIzOQ6C9TNm4YbA9A1jdX1wYNL5Akylf8W5L/I4BXhT9KnlI6x+a7BVAm -nr/Ttl+utT/Asms2fRfEsF2vZPMxH4UFqOAhFjxTkmJWf2Cu4nvRQJHcttB+cEAo -ag/hERt/+tzo4URz6x6r19toYmxx4FjjBkUhWQw1X21re//Hof2+0YgiwYT84zLb -eqDqCOMOXxvH480yGDkh/QoazWX3U75HQExT/iJlwnu7I1V6HXztKIwCBjsxffbH -3jOshCJtywcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFFOSo33/gnbwM9TrkmdHYTMbaDsqMA0GCSqGSIb3DQEBBQUA -A4IBAQA5UFWd5EL/pBviIMm1zD2JLUCpp0mJG7JkwznIOzawhGmFFaxGoxAhQBEg -haP+E0KR66oAwVC6xe32QUVSHfWqWndzbODzLB8yj7WAR0cDM45ZngSBPBuFE3Wu -GLJX9g100ETfIX+4YBR/4NR/uvTnpnd9ete7Whl0ZfY94yuu4xQqB5QFv+P7IXXV -lTOjkjuGXEcyQAjQzbFaT9vIABSbeCXWBbjvOXukJy6WgAiclzGNSYprre8Ryydd -fmjW9HIGwsIO03EldivvqEYL1Hv1w/Pur+6FUEOaL68PEIUovfgwIB2BAw+vZDuw -cH0mX548PojGyg434cDjkSXa3mHF ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 -cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs -IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz -dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy -NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu -dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt -dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 -aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T -RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN -cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW -wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 -U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 -jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN -BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ -jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ -Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v -1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R -nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH -VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV -BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu -MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy -MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx -EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe -NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH -PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I -x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe -QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR -yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO -QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 -H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ -QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD -i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs -nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 -rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI -hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM -tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf -GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb -lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka -+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal -TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i -nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 -gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr -G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os -zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x -L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw -MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT -aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ -jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp -xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp -1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG -snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ -U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 -9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B -AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz -yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE -38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP -AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad -DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME -HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL -BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc -BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 -MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf -qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW -n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym -c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ -O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 -o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j -IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq -IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz -8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh -vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l -7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG -cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD -ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 -AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC -roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga -W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n -lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE -+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV -csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd -dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg -KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM -HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 -WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIIGDCCBgCgAwIBAgIGAT8vMXfmMA0GCSqGSIb3DQEBCwUAMIIBCjELMAkGA1UE -BhMCRVMxEjAQBgNVBAgMCUJhcmNlbG9uYTFYMFYGA1UEBwxPQmFyY2Vsb25hIChz -ZWUgY3VycmVudCBhZGRyZXNzIGF0IGh0dHA6Ly93d3cuYW5mLmVzL2VzL2FkZHJl -c3MtZGlyZWNjaW9uLmh0bWwgKTEnMCUGA1UECgweQU5GIEF1dG9yaWRhZCBkZSBD -ZXJ0aWZpY2FjaW9uMRcwFQYDVQQLDA5BTkYgQ2xhc2UgMSBDQTEaMBgGCSqGSIb3 -DQEJARYLaW5mb0BhbmYuZXMxEjAQBgNVBAUTCUc2MzI4NzUxMDEbMBkGA1UEAwwS -QU5GIEdsb2JhbCBSb290IENBMB4XDTEzMDYxMDE3NDUzOFoXDTMzMDYwNTE3NDUz -OFowggEKMQswCQYDVQQGEwJFUzESMBAGA1UECAwJQmFyY2Vsb25hMVgwVgYDVQQH -DE9CYXJjZWxvbmEgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgaHR0cDovL3d3dy5h -bmYuZXMvZXMvYWRkcmVzcy1kaXJlY2Npb24uaHRtbCApMScwJQYDVQQKDB5BTkYg -QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xFzAVBgNVBAsMDkFORiBDbGFzZSAx -IENBMRowGAYJKoZIhvcNAQkBFgtpbmZvQGFuZi5lczESMBAGA1UEBRMJRzYzMjg3 -NTEwMRswGQYDVQQDDBJBTkYgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDHPi9xy4wynbcUbWjorVUgQKeUAVh937J7P37XmsfH -ZLOBZKIIlhhCtRwnDlg7x+BUvtJOTkIbEGMujDygUQ2s3HDYr5I41hTyM2Pl0cq2 -EuSGEbPIHb3dEX8NAguFexM0jqNjrreN3hM2/+TOkAxSdDJP2aMurlySC5zwl47K -ZLHtcVrkZnkDa0o5iN24hJT4vBDT4t2q9khQ+qb1D8KgCOb02r1PxWXu3vfd6Ha2 -mkdB97iGuEh5gO2n4yOmFS5goFlVA2UdPbbhJsb8oKVKDd+YdCKGQDCkQyG4AjmC -YiNm3UPG/qtftTH5cWri67DlLtm6fyUFOMmO6NSh0RtR745pL8GyWJUanyq/Q4bF -HQB21E+WtTsCaqjGaoFcrBunMypmCd+jUZXl27TYENRFbrwNdAh7m2UztcIyb+Sg -VJFyfvVsBQNvnp7GPimVxXZNc4VpxEXObRuPWQN1oZN/90PcZVqTia/SHzEyTryL -ckhiLG3jZiaFZ7pTZ5I9wti9Pn+4kOHvE3Y/4nEnUo4mTxPX9pOlinF+VCiybtV2 -u1KSlc+YaIM7VmuyndDZCJRXm3v0/qTE7t5A5fArZl9lvibigMbWB8fpD+c1GpGH -Eo8NRY0lkaM+DkIqQoaziIsz3IKJrfdKaq9bQMSlIfameKBZ8fNYTBZrH9KZAIhz -YwIDAQABo4IBfjCCAXowHQYDVR0OBBYEFIf6nt9SdnXsSUogb1twlo+d77sXMB8G -A1UdIwQYMBaAFIf6nt9SdnXsSUogb1twlo+d77sXMA8GA1UdEwEB/wQFMAMBAf8w -DgYDVR0PAQH/BAQDAgEGMIIBFQYDVR0RBIIBDDCCAQiCEWh0dHA6Ly93d3cuYW5m -LmVzgQtpbmZvQGFuZi5lc6SB5TCB4jE0MDIGA1UECQwrR3JhbiBWaWEgZGUgbGVz -IENvcnRzIENhdGFsYW5lcy4gOTk2LiAwODAxODESMBAGA1UEBwwJQmFyY2Vsb25h -MScwJQYDVQQKDB5BTkYgQXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xEjAQBgNV -BAUTCUc2MzI4NzUxMDFZMFcGA1UECwxQSW5zY3JpdGEgZW4gZWwgTWluaXN0ZXJp -byBkZWwgSW50ZXJpb3IgZGUgRXNwYcOxYSBjb24gZWwgbnVtZXJvIG5hY2lvbmFs -IDE3MS40NDMwDQYJKoZIhvcNAQELBQADggIBAIgR9tFTZ9BCYg+HViMxOfF0MHN2 -Pe/eC128ARdS+GH8A4thtbqiH/SOYbWofO/0zssHhNKa5iQEj45lCAb8BANpWJMD -nWkPr6jq2+50a6d0MMgSS2l1rvjSF+3nIrEuicshHXSTi3q/vBLKr7uGKMVFaM68 -XAropIwk6ndlA0JseARSPsbetv7ALESMIZAxlHV1TcctYHd0bB3c/Jz+PLszJQqs -Cg/kBPo2D111OXZkIY8W/fJuG9veR783khAK2gUnC0zLLCNsYzEbdGt8zUmBsAsM -cGxqGm6B6vDXd65OxWqw13xdq/24+5R8Ng1PF9tvfjZkUFBF30CxjWur7P90WiKI -G7IGfr6BE1NgXlhEQQu4F+HizB1ypEPzGWltecXQ4yOzO+H0WfFTjLTYX6VSveyW -DQV18ixF8M4tHP/SwNE+yyv2b2JJ3/3RpxjtFlLk+opJ574x0gD/dMJuWTH0JqVY -3PbRfE1jIxFpk164Qz/Xp7H7w7f6xh+tQCkBs3PUYmnGIZcPwq44Q6JHlCNsKx4K -hxfggTvRCk4w79cUID45c2qDsRCqTPoOo/cbOpcfVhbH9LdMORpmuLwNogRZEUSE -fWpqR9q+0kcQf4zGSWIURIyDrogdpDgoHDxktqgMgc+qA4ZE2WQl1D8hmev53A46 -lUSrWUiWfDXtK3ux ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c -JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP -mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ -wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 -VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ -AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB -AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW -BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun -pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC -dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf -fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm -NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx -H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg -RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu -Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf -Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q -RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD -AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY -JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv -6pZjamVFkpUBtA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE -BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ -IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 -MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV -BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w -HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj -Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj -TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u -KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj -qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm -MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 -ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP -zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk -L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC -jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA -HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC -AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg -p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm -DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 -COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry -L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf -JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg -IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io -2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV -09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ -XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq -T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe -MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd -AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC -FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi -1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq -jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ -wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ -WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy -NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC -uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw -IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 -g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP -BSeOE6Fuwg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN -8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ -RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 -hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 -ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM -EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 -A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy -WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ -1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 -6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT -91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml -e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p -TpPDpFQUWw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW -ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln -biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp -U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y -aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp -U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg -SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln -biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm -GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve -fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ -aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj -aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW -kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC -4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga -FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv -b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl -cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA -n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc -biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp -EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA -bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu -YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB -AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW -BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI -QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I -0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni -lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 -B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv -ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo -IhNzbM8m9Yop5w== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV -BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu -MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy -MDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx -EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjEw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy3QRk -D2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/o -OI7bm+V8u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3A -fQ+lekLZWnDZv6fXARz2m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJe -IgpFy4QxTaz+29FHuvlglzmxZcfe+5nkCiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8n -oc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTaYVKvJrT1cU/J19IG32PK -/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6vpmumwKj -rckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD -3AjLLhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE -7cderVC6xkGbrPAXZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkC -yC2fg69naQanMVXVz0tv/wQFx1isXxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLd -qvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ04IwDQYJKoZI -hvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR -xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaA -SfX8MPWbTx9BLxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXo -HqJPYNcHKfyyo6SdbhWSVhlMCrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpB -emOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5GfbVSUZP/3oNn6z4eGBrxEWi1CXYBmC -AMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85YmLLW1AL14FABZyb -7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKSds+x -DzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvk -F7mGnjixlAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqF -a3qdnom2piiZk4hA9z7NUaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsT -Q6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJa7+h89n07eLw4+1knj0vllJPgFOL ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA -MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w -ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw -MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU -T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh -/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e -CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 -1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE -FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS -gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X -G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy -YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH -vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 -t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ -gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 -5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w -DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz -Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 -nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT -RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT -wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 -t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa -TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 -o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU -3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA -iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f -WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM -S1IK ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl -MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe -U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX -DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy -dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj -YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV -OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr -zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM -VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ -hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO -ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw -awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs -OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 -DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF -coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc -okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 -t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy -1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ -SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 -nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO -8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV -ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb -PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 -6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr -n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a -qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 -wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 -ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs -pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 -E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGHDCCBASgAwIBAgIES45gAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE -SzESMBAGA1UEChMJVFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQ -cmltYXJ5IENBMB4XDTEwMDMwMzEyNDEzNFoXDTM3MTIwMzEzMTEzNFowRTELMAkG -A1UEBhMCREsxEjAQBgNVBAoTCVRSVVNUMjQwODEiMCAGA1UEAxMZVFJVU1QyNDA4 -IE9DRVMgUHJpbWFyeSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB -AJlJodr3U1Fa+v8HnyACHV81/wLevLS0KUk58VIABl6Wfs3LLNoj5soVAZv4LBi5 -gs7E8CZ9w0F2CopW8vzM8i5HLKE4eedPdnaFqHiBZ0q5aaaQArW+qKJx1rT/AaXt -alMB63/yvJcYlXS2lpexk5H/zDBUXeEQyvfmK+slAySWT6wKxIPDwVapauFY9QaG -+VBhCa5jBstWS7A5gQfEvYqn6csZ3jW472kW6OFNz6ftBcTwufomGJBMkonf4ZLr -6t0AdRi9jflBPz3MNNRGxyjIuAmFqGocYFA/OODBRjvSHB2DygqQ8k+9tlpvzMRr -kU7jq3RKL+83G1dJ3/LTjCLz4ryEMIC/OJ/gNZfE0qXddpPtzflIPtUFVffXdbFV -1t6XZFhJ+wBHQCpJobq/BjqLWUA86upsDbfwnePtmIPRCemeXkY0qabC+2Qmd2Fe -xyZphwTyMnbqy6FG1tB65dYf3mOqStmLa3RcHn9+2dwNfUkh0tjO2FXD7drWcU0O -I9DW8oAypiPhm/QCjMU6j6t+0pzqJ/S0tdAo+BeiXK5hwk6aR+sRb608QfBbRAs3 -U/q8jSPByenggac2BtTN6cl+AA1Mfcgl8iXWNFVGegzd/VS9vINClJCe3FNVoUnR -YCKkj+x0fqxvBLopOkJkmuZw/yhgMxljUi2qYYGn90OzAgMBAAGjggESMIIBDjAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUd -IAAwgZcGA1UdHwSBjzCBjDAsoCqgKIYmaHR0cDovL2NybC5vY2VzLnRydXN0MjQw -OC5jb20vb2Nlcy5jcmwwXKBaoFikVjBUMQswCQYDVQQGEwJESzESMBAGA1UEChMJ -VFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQcmltYXJ5IENBMQ0w -CwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFPZt+LFIs0FDAduGROUYBbdezAY3MB0G -A1UdDgQWBBT2bfixSLNBQwHbhkTlGAW3XswGNzANBgkqhkiG9w0BAQsFAAOCAgEA -VPAQGrT7dIjD3/sIbQW86f9CBPu0c7JKN6oUoRUtKqgJ2KCdcB5ANhCoyznHpu3m -/dUfVUI5hc31CaPgZyY37hch1q4/c9INcELGZVE/FWfehkH+acpdNr7j8UoRZlkN -15b/0UUBfGeiiJG/ugo4llfoPrp8bUmXEGggK3wyqIPcJatPtHwlb6ympfC2b/Ld -v/0IdIOzIOm+A89Q0utx+1cOBq72OHy8gpGb6MfncVFMoL2fjP652Ypgtr8qN9Ka -/XOazktiIf+2Pzp7hLi92hRc9QMYexrV/nnFSQoWdU8TqULFUoZ3zTEC3F/g2yj+ -FhbrgXHGo5/A4O74X+lpbY2XV47aSuw+DzcPt/EhMj2of7SA55WSgbjPMbmNX0rb -oenSIte2HRFW5Tr2W+qqkc/StixgkKdyzGLoFx/xeTWdJkZKwyjqge2wJqws2upY -EiThhC497+/mTiSuXd69eVUwKyqYp9SD2rTtNmF6TCghRM/dNsJOl+osxDVGcwvt -WIVFF/Onlu5fu1NHXdqNEfzldKDUvCfii3L2iATTZyHwU9CALE+2eIA+PIaLgnM1 -1oCfUnYBkQurTrihvzz9PryCVkLxiqRmBVvUz+D4N5G/wvvKDS6t6cPCS+hqM482 -cbBsn0R9fFLO4El62S9eH1tqOzO20OAOK65yJIsOpSE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y -MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg -TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS -b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS -M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC -UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d -Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p -rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l -pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb -j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC -KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS -/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X -cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH -1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP -px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 -MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI -eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u -2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS -v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC -wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy -CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e -vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 -Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa -Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL -eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 -FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc -7uzXLg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML -RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp -bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 -IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 -MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 -LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp -YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG -A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq -K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe -sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX -MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT -XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ -HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH -4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub -j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo -U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf -zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b -u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ -bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er -fF6adulZkMV8gzURZVE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY -MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t -dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 -WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD -VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 -9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ -DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 -Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N -QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ -xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G -A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG -kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr -Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 -Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU -JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot -RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz -dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL -MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp -cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y -YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua -kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL -QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp -6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG -yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i -QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ -KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO -tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu -QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ -Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u -olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 -x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE -BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h -cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy -MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg -Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 -thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM -cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG -L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i -NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h -X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b -m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy -Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja -EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T -KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF -6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh -OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD -VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp -cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv -ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl -AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF -661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 -am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 -ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 -PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS -3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k -SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF -3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM -ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g -StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz -Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB -jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB -qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV -BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw -NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j -LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG -A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs -W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta -3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk -6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 -Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J -NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP -r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU -DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz -YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX -xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 -/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ -LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 -jVaMaA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 -MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g -Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG -A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg -Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl -ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr -ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr -BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM -YyRIHN8wfdVoOw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF -ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 -b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL -MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv -b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK -gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ -W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg -1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K -8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r -2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me -z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR -8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj -mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz -7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 -+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI -0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm -UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 -LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY -+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS -k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl -7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm -btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl -urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ -fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 -n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE -76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H -9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT -4PsJYGw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC -VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ -cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ -BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt -VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D -0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 -ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G -A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs -aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I -flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAw -ZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdp -dGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290 -IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcNMzEwNjI1MDg0NTA4WjBnMQswCQYD -VQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2Vy -dGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYgQ0Eg -MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7Bx -UglgRCgzo3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD -1ycfMQ4jFrclyxy0uYAyXhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPH -oCE2G3pXKSinLr9xJZDzRINpUKTk4RtiGZQJo/PDvO/0vezbE53PnUgJUmfANykR -HvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8LiqG12W0OfvrSdsyaGOx9/ -5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaHZa0zKcQv -idm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHL -OdAGalNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaC -NYGu+HuB5ur+rPQam3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f -46Fq9mDU5zXNysRojddxyNMkM3OxbPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCB -UWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDixzgHcgplwLa7JSnaFp6LNYth -7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/BAQDAgGGMB0G -A1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED -MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWB -bj2ITY1x0kbBbkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6x -XCX5145v9Ydkn+0UjrgEjihLj6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98T -PLr+flaYC/NUn81ETm484T4VvwYmneTwkLbUwp4wLh/vx3rEUMfqe9pQy3omywC0 -Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7XwgiG/W9mR4U9s70 -WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH59yL -Gn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm -7JFe3VE/23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4S -nr8PyQUQ3nqjsTzyP6WqJ3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VN -vBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyAHmBR3NdUIR7KYndP+tiPsys6DXhyyWhB -WkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/giuMod89a2GQ+fYWVq6nTI -fI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuWl8PVP3wb -I+2ksx0WckNLIOFZfsLorSa/ovc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFujCCBKKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMS0wKwYDVQQLEyRBcHBsZSBD -b21wdXRlciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgNVBAMTIEFwcGxlIFJv -b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA1MDIxMDAwMTgxNFoXDTI1MDIx -MDAwMTgxNFowgYYxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBcHBsZSBDb21wdXRl -ciwgSW5jLjEtMCsGA1UECxMkQXBwbGUgQ29tcHV0ZXIgQ2VydGlmaWNhdGUgQXV0 -aG9yaXR5MSkwJwYDVQQDEyBBcHBsZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 -eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSRqQkfkdseR1DrBe1e -eYQt6zaiV0xV7IsZid75S2z1B6siMALoGD74UAnTf0GomPnRymacJGsR0KO75Bsq -wx+VnnoMpEeLW9QWNzPLxA9NzhRp0ckZcvVdDtV/X5vyJQO6VY9NXQ3xZDUjFUsV -WR2zlPf2nJ7PULrBWFBnjwi0IPfLrCwgb3C2PwEwjLdDzw+dPfMrSSgayP7OtbkO -2V4c1ss9tTqt9A8OAJILsSEWLnTVPA3bYharo3GSR1NVwa8vQbP4++NwzeajTEV+ -H0xrUJZBicR0YgsQg0GHM4qBsTBY7FoEMoxos48d3mVz/2deZbxJ2HafMxRloXeU -yS0CAwEAAaOCAi8wggIrMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ -MB0GA1UdDgQWBBQr0GlHlHYJ/vRrjS5ApvdHTX8IXjAfBgNVHSMEGDAWgBQr0GlH -lHYJ/vRrjS5ApvdHTX8IXjCCASkGA1UdIASCASAwggEcMIIBGAYJKoZIhvdjZAUB -MIIBCTBBBggrBgEFBQcCARY1aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmlj -YXRlYXV0aG9yaXR5L3Rlcm1zLmh0bWwwgcMGCCsGAQUFBwICMIG2GoGzUmVsaWFu -Y2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2Nl -cHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5k -IGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRp -ZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wRAYDVR0fBD0wOzA5oDegNYYz -aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L3Jvb3Qu -Y3JsMFUGCCsGAQUFBwEBBEkwRzBFBggrBgEFBQcwAoY5aHR0cHM6Ly93d3cuYXBw -bGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L2Nhc2lnbmVycy5odG1sMA0GCSqG -SIb3DQEBBQUAA4IBAQCd2i0oWC99dgS5BNM+zrdmY06PL9T+S61yvaM5xlJNBZhS -9YlRASR5vhoy9+VEi0tEBzmC1lrKtCBe2a4VXR2MHTK/ODFiSF3H4ZCx+CRA+F9Y -m1FdV53B5f88zHIhbsTp6aF31ywXJsM/65roCwO66bNKcuszCVut5mIxauivL9Wv -Hld2j383LS4CXN1jyfJxuCZA3xWNdUQ/eb3mHZnhQyw+rW++uaT+DjUZUWOxw961 -kj5ReAFziqQjyqSI8R5cH0EWLX6VCqrpiUGYGxrdyyC/R14MJsVVNU3GMIuZZxTH -CR+6R8faAQmHJEKVvRNgGQrv6n8Obs3BREM6StXj ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV -BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln -biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF -MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT -d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 -76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ -bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c -6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE -emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd -MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt -MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y -MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y -FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi -aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM -gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB -qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 -lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn -8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov -L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 -45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO -UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 -O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC -bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv -GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a -77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC -hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 -92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp -Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w -ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt -Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx -CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U -cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow -QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl -blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm -3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d -oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G -A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 -DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK -BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q -j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx -4nxp5V2a+EEfOzmTk51V6s2N8fvB ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA -MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w -ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw -MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU -T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b -wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX -/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 -77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP -uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx -p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx -Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 -TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W -G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw -vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY -EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 -2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw -DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E -PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf -gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS -FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 -V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P -XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I -i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t -TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 -09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky -Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ -AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj -1oxx ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh -MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE -YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 -MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo -ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg -MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN -ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA -PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w -wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi -EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY -avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ -YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE -sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h -/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 -IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD -ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy -OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P -TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ -HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER -dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf -ReYNnyicsbkqWletNw+vHX/bvZ8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIBCDANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJDTjER -MA8GA1UEChMIVW5pVHJ1c3QxGDAWBgNVBAMTD1VDQSBHbG9iYWwgUm9vdDAeFw0w -ODAxMDEwMDAwMDBaFw0zNzEyMzEwMDAwMDBaMDoxCzAJBgNVBAYTAkNOMREwDwYD -VQQKEwhVbmlUcnVzdDEYMBYGA1UEAxMPVUNBIEdsb2JhbCBSb290MIICIjANBgkq -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2rPlBlA/9nP3xDK/RqUlYjOHsGj+p9+I -A2N9Apb964fJ7uIIu527u+RBj8cwiQ9tJMAEbBSUgU2gDXRm8/CFr/hkGd656YGT -0CiFmUdCSiw8OCdKzP/5bBnXtfPvm65bNAbXj6ITBpyKhELVs6OQaG2BkO5NhOxM -cE4t3iQ5zhkAQ5N4+QiGHUPR9HK8BcBn+sBR0smFBySuOR56zUHSNqth6iur8CBV -mTxtLRwuLnWW2HKX4AzKaXPudSsVCeCObbvaE/9GqOgADKwHLx25urnRoPeZnnRc -GQVmMc8+KlL+b5/zub35wYH1N9ouTIElXfbZlJrTNYsgKDdfUet9Ysepk9H50DTL -qScmLCiQkjtVY7cXDlRzq6987DqrcDOsIfsiJrOGrCOp139tywgg8q9A9f9ER3Hd -J90TKKHqdjn5EKCgTUCkJ7JZFStsLSS3JGN490MYeg9NEePorIdCjedYcaSrbqLA -l3y74xNLytu7awj5abQEctXDRrl36v+6++nwOgw19o8PrgaEFt2UVdTvyie3AzzF -HCYq9TyopZWbhvGKiWf4xwxmse1Bv4KmAGg6IjTuHuvlb4l0T2qqaqhXZ1LUIGHB -zlPL/SR/XybfoQhplqCe/klD4tPq2sTxiDEhbhzhzfN1DiBEFsx9c3Q1RSw7gdQg -7LYJjD5IskkCAwEAAaOBojCBnzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zBj -BgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcD -BAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUF -BwMJMB0GA1UdDgQWBBTZw9P4gJJnzF3SOqLXcaK0xDiALTANBgkqhkiG9w0BAQUF -AAOCAgEA0Ih5ygiq9ws0oE4Jwul+NUiJcIQjL1HDKy9e21NrW3UIKlS6Mg7VxnGF -sZdJgPaE0PC6t3GUyHlrpsVE6EKirSUtVy/m1jEp+hmJVCl+t35HNmktbjK81HXa -QnO4TuWDQHOyXd/URHOmYgvbqm4FjMh/Rk85hZCdvBtUKayl1/7lWFZXbSyZoUkh -1WHGjGHhdSTBAd0tGzbDLxLMC9Z4i3WA6UG5iLHKPKkWxk4V43I29tSgQYWvimVw -TbVEEFDs7d9t5tnGwBLxSzovc+k8qe4bqi81pZufTcU0hF8mFGmzI7GJchT46U1R -IgP/SobEHOh7eQrbRyWBfvw0hKxZuFhD5D1DCVR0wtD92e9uWfdyYJl2b/Unp7uD -pEqB7CmB9HdL4UISVdSGKhK28FWbAS7d9qjjGcPORy/AeGEYWsdl/J1GW1fcfA67 -loMQfFUYCQSu0feLKj6g5lDWMDbX54s4U+xJRODPpN/xU3uLWrb2EZBL1nXz/gLz -Ka/wI3J9FO2pXd96gZ6bkiL8HvgBRUGXx2sBYb4zaPKgZYRmvOAqpGjTcezHCN6j -w8k2SjTxF+KAryAhk5Qe5hXTVGLxtTgv48y5ZwSpuuXu+RBuyy5+E6+SFP7zJ3N7 -OPxzbbm5iPZujAv1/P8JDrMtXnt145Ik4ubhWD5LKAN1axibRww= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC -VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T -U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz -WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 -b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS -b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB -BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI -7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg -CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud -EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD -VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T -kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ -gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD -TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y -aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx -MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j -aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP -T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 -sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL -TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 -/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp -7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz -EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt -hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP -a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot -aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg -TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV -PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv -cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL -tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd -BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB -ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT -ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL -jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS -ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy -P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 -xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d -Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN -5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe -/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z -AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ -5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw -CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 -bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg -Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ -BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu -ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS -b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni -eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W -p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T -rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV -57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg -Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF -ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 -b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL -MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv -b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj -ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM -9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw -IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 -VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L -93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm -jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA -A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI -U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs -N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv -o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU -5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy -rqXRfboQnoZsG4q5WTP468SQvvG5 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIJmzCCB4OgAwIBAgIBATANBgkqhkiG9w0BAQwFADCCAR4xPjA8BgNVBAMTNUF1 -dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9s -YW5vMQswCQYDVQQGEwJWRTEQMA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlz -dHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0 -aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBlcmludGVuZGVuY2lh -IGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUwIwYJ -KoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyMjE4MDgy -MVoXDTMwMTIxNzIzNTk1OVowggEeMT4wPAYDVQQDEzVBdXRvcmlkYWQgZGUgQ2Vy -dGlmaWNhY2lvbiBSYWl6IGRlbCBFc3RhZG8gVmVuZXpvbGFubzELMAkGA1UEBhMC -VkUxEDAOBgNVBAcTB0NhcmFjYXMxGTAXBgNVBAgTEERpc3RyaXRvIENhcGl0YWwx -NjA0BgNVBAoTLVNpc3RlbWEgTmFjaW9uYWwgZGUgQ2VydGlmaWNhY2lvbiBFbGVj -dHJvbmljYTFDMEEGA1UECxM6U3VwZXJpbnRlbmRlbmNpYSBkZSBTZXJ2aWNpb3Mg -ZGUgQ2VydGlmaWNhY2lvbiBFbGVjdHJvbmljYTElMCMGCSqGSIb3DQEJARYWYWNy -YWl6QHN1c2NlcnRlLmdvYi52ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAME77xNS8ZlW47RsBeEaaRZhJoZ4rw785UAFCuPZOAVMqNS1wMYqzy95q6Gk -UO81ER/ugiQX/KMcq/4HBn83fwdYWxPZfwBfK7BP2p/JsFgzYeFP0BXOLmvoJIzl -Jb6FW+1MPwGBjuaZGFImWZsSmGUclb51mRYMZETh9/J5CLThR1exStxHQptwSzra -zNFpkQY/zmj7+YZNA9yDoroVFv6sybYOZ7OxNDo7zkSLo45I7gMwtxqWZ8VkJZkC -8+p0dX6mkhUT0QAV64Zc9HsZiH/oLhEkXjhrgZ28cF73MXIqLx1fyM4kPH1yOJi/ -R72nMwL7D+Sd6mZgI035TxuHXc2/uOwXfKrrTjaJDz8Jp6DdessOkxIgkKXRjP+F -K3ze3n4NUIRGhGRtyvEjK95/2g02t6PeYiYVGur6ruS49n0RAaSS0/LJb6XzaAAe -0mmO2evnEqxIKwy2mZRNPfAVW1l3wCnWiUwryBU6OsbFcFFrQm+00wOicXvOTHBM -aiCVAVZTb9RSLyi+LJ1llzJZO3pq3IRiiBj38Nooo+2ZNbMEciSgmig7YXaUcmud -SVQvLSL+Yw+SqawyezwZuASbp7d/0rutQ59d81zlbMt3J7yB567rT2IqIydQ8qBW -k+fmXzghX+/FidYsh/aK+zZ7Wy68kKHuzEw1Vqkat5DGs+VzAgMBAAGjggLeMIIC -2jASBgNVHRMBAf8ECDAGAQH/AgECMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52 -ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMB0GA1UdDgQWBBStuyIdxuDS -Aaj9dlBSk+2YwU2u0zCCAVAGA1UdIwSCAUcwggFDgBStuyIdxuDSAaj9dlBSk+2Y -wU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRpZmlj -YWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAw -DgYDVQQHEwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYD -VQQKEy1TaXN0ZW1hIE5hY2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25p -Y2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5kZW5jaWEgZGUgU2VydmljaW9zIGRlIENl -cnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG9w0BCQEWFmFjcmFpekBz -dXNjZXJ0ZS5nb2IudmWCAQEwDgYDVR0PAQH/BAQDAgEGMDcGA1UdEQQwMC6CD3N1 -c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0wMFQGA1Ud -HwRNMEswJKAioCCGHmhodHA6Ly93d3cuc3VzY2VydGUuZ29iLnZlL2xjcjAjoCGg -H4YdbGRhcDovL2FjcmFpei5zdXNjZXJ0ZS5nb2IudmUwNwYIKwYBBQUHAQEEKzAp -MCcGCCsGAQUFBzABhhtoaHRwOi8vb2NzcC5zdXNjZXJ0ZS5nb2IudmUwQAYDVR0g -BDkwNzA1BgVghl4BAjAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN1c2NlcnRl -LmdvYi52ZS9kcGMwDQYJKoZIhvcNAQEMBQADggIBAK4qy/zmZ9zBwfW3yOYtLcBT -Oy4szJyPz7/RhNH3bPVH7HbDTGpi6JZ4YXdXMBeJE5qBF4a590Kgj8Rlnltt+Rbo -OFQOU1UDqKuTdBsA//Zry5899fmn8jBUkg4nh09jhHHbLlaUScdz704Zz2+UVg7i -s/r3Legxap60KzmdrmTAE9VKte1TQRgavQwVX5/2mO/J+SCas//UngI+h8SyOucq -mjudYEgBrZaodUsagUfn/+AzFNrGLy+al+5nZeHb8JnCfLHWS0M9ZyhgoeO/czyn -99+5G93VWNv4zfc4KiavHZKrkn8F9pg0ycIZh+OwPT/RE2zq4gTazBMlP3ACIe/p -olkNaOEa8KvgzW96sjBZpMW49zFmyINYkcj+uaNCJrVGsXgdBmkuRGJNWFZ9r0cG -woIaxViFBypsz045r1ESfYPlfDOavBhZ/giR/Xocm9CHkPRY2BApMMR0DUCyGETg -Ql+L3kfdTKzuDjUp2DM9FqysQmaM81YDZufWkMhlZPfHwC7KbNougoLroa5Umeos -bqAXWmk46SwIdWRPLLqbUpDTKooynZKpSYIkkotdgJoVZUUCY+RCO8jsVPEU6ece -SxztNUm5UOta1OJPMwSAKRHOo3ilVb9c6lAixDdvV8MeNbqe6asM1mpCHWbJ/0rg -5Ls9Cxx8hracyp0ev7b0 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo -R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx -MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK -Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 -AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA -ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 -7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W -kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI -mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ -KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 -6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl -4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K -oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj -UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU -AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd -MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg -Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow -TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw -HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB -BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr -6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV -L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 -1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx -MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ -QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB -arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr -Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi -FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS -P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN -9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP -AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz -uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h -9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s -A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t -OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo -+fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 -KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 -DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us -H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ -I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 -5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h -3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz -Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIIKv++n6Lw6YcwDQYJKoZIhvcNAQEFBQAwKDELMAkGA1UE -BhMCQkUxGTAXBgNVBAMTEEJlbGdpdW0gUm9vdCBDQTIwHhcNMDcxMDA0MTAwMDAw -WhcNMjExMjE1MDgwMDAwWjAoMQswCQYDVQQGEwJCRTEZMBcGA1UEAxMQQmVsZ2l1 -bSBSb290IENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZzQh6S -/3UPi790hqc/7bIYLS2X+an7mEoj39WN4IzGMhwWLQdC1i22bi+n9fzGhYJdld61 -IgDMqFNAn68KNaJ6x+HK92AQZw6nUHMXU5WfIp8MXW+2QbyM69odRr2nlL/zGsvU -+40OHjPIltfsjFPekx40HopQcSZYtF3CiInaYNKJIT/e1wEYNm7hLHADBGXvmAYr -XR5i3FVr/mZkIV/4L+HXmymvb82fqgxG0YjFnaKVn6w/Fa7yYd/vw2uaItgscf1Y -HewApDgglVrH1Tdjuk+bqv5WRi5j2Qsj1Yr6tSPwiRuhFA0m2kHwOI8w7QUmecFL -TqG4flVSOmlGhHUCAwEAAaOBuzCBuDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zBCBgNVHSAEOzA5MDcGBWA4CQEBMC4wLAYIKwYBBQUHAgEWIGh0dHA6 -Ly9yZXBvc2l0b3J5LmVpZC5iZWxnaXVtLmJlMB0GA1UdDgQWBBSFiuv0xbu+DlkD -lN7WgAEV4xCcOTARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUhYrr9MW7 -vg5ZA5Te1oABFeMQnDkwDQYJKoZIhvcNAQEFBQADggEBAFHYhd27V2/MoGy1oyCc -UwnzSgEMdL8rs5qauhjyC4isHLMzr87lEwEnkoRYmhC598wUkmt0FoqW6FHvv/pK -JaeJtmMrXZRY0c8RcrYeuTlBFk0pvDVTC9rejg7NqZV3JcqUWumyaa7YwBO+mPyW -nIR/VRPmPIfjvCCkpDZoa01gZhz5v6yAlGYuuUGK02XThIAC71AdXkbc98m6tTR8 -KvPG2F9fVJ3bTc0R5/0UAoNmXsimABKgX77OFP67H6dh96tK8QYUn8pJQsKpvO2F -sauBQeYNxUJpU4c5nUwfAA4+Bw11V0SoU7Q2dmSZ3G7rPUZuFF1eR1ONeE3gJ7uO -hXY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL -MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj -KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 -MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV -BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw -NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV -BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH -MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL -So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal -tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG -CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT -qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz -rD6ogRLQy7rQkgu2npaqBA+K ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx -EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT -VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 -NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT -B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF -10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz -0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh -MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH -zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc -46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 -yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi -laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP -oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA -BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE -qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm -4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL -1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn -LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF -H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo -RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ -nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh -15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW -6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW -nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j -wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz -aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy -KwbQBM0= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9 -MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi -U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk -pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf -OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C -Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT -Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi -HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM -Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w -+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ -Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 -Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B -26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID -AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul -F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC -ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w -ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk -aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0 -YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg -c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93 -d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG -CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF -wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS -Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst -0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc -pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl -CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF -P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK -1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm -KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE -JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ -8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm -fyWl8kgAwKQB2j8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK -MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x -GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx -MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg -Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ -iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa -/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ -jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI -HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 -sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w -gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw -KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG -AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L -URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO -H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm -I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY -iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc -f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 -MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g -Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG -A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg -Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi -9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk -M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB -MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw -CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW -1KyLa2tJElMzrdfkviT8tQp21KW8EA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB -gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu -QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG -A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz -OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ -VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 -b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA -DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn -0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB -OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE -fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E -Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m -o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i -sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW -OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez -Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS -adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n -3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ -F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf -CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 -XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm -djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ -WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb -AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq -P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko -b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj -XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P -5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi -DrW5viSP ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O -rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq -OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b -xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw -7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD -aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG -SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 -ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr -AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz -R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 -JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo -Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB -mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT -MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s -eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ -BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg -MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 -BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz -+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm -hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn -5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W -JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL -DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC -huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw -HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB -AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB -zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN -kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD -AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH -SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G -spki4cErx5z481+oghLrGREt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk -MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg -Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT -AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp -Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr -jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r -0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f -2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP -ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF -y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA -tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL -6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0 -uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL -acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh -k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q -VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw -FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O -BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh -b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R -fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv -/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI -REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx -srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv -aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT -woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n -Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W -t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N -8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2 -9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5 -wSsSnqaeG8XmDtkx2Q== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE -BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz -dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG -A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U -cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf -qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ -JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ -+jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS -s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 -HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 -70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG -V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S -qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S -5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia -C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX -OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE -FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 -KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg -Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B -8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ -MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc -0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ -u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF -u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH -YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 -GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO -RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e -KeC2uAloGRwYQw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE -BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu -IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow -RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY -U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv -Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br -YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF -nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH -6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt -eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ -c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ -MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH -HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf -jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 -5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB -rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU -F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c -wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 -cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB -AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp -WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 -xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ -2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ -IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 -aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X -em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR -dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ -OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ -hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy -tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP -MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx -MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV -BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o -Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt -5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s -3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej -vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu -8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw -DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG -MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil -zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ -3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD -FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 -Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 -ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG -EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 -MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl -cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR -dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB -pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM -b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm -aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz -IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT -lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz -AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 -VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG -ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 -BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG -AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M -U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh -bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C -+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC -bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F -uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 -XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX -DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl -ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv -b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 -qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp -uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU -Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE -pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp -5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M -UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN -GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy -5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv -6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK -eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 -B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ -BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov -L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG -SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS -CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen -5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 -IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK -gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL -+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL -vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm -bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk -N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC -Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z -ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFSzCCAzOgAwIBAgIRALZLiAfiI+7IXBKtpg4GofIwDQYJKoZIhvcNAQELBQAw -PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTAeFw0xMjA5MjgwODU4NTFaFw0zNzEyMzExNTU5NTla -MD8xCzAJBgNVBAYTAlRXMTAwLgYDVQQKDCdHb3Zlcm5tZW50IFJvb3QgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQC2/5c8gb4BWCQnr44BK9ZykjAyG1+bfNTUf+ihYHMwVxAA+lCWJP5Q5ow6ldFX -eYTVZ1MMKoI+GFy4MCYa1l7GLbIEUQ7v3wxjR+vEEghRK5lxXtVpe+FdyXcdIOxW -juVhYC386RyA3/pqg7sFtR4jEpyCygrzFB0g5AaPQySZn7YKk1pzGxY5vgW28Yyl -ZJKPBeRcdvc5w88tvQ7Yy6gOMZvJRg9nU0MEj8iyyIOAX7ryD6uBNaIgIZfOD4k0 -eA/PH07p+4woPN405+2f0mb1xcoxeNLOUNFggmOd4Ez3B66DNJ1JSUPUfr0t4urH -cWWACOQ2nnlwCjyHKenkkpTqBpIpJ3jmrdc96QoLXvTg1oadLXLLi2RW5vSueKWg -OTNYPNyoj420ai39iHPplVBzBN8RiD5C1gJ0+yzEb7xs1uCAb9GGpTJXA9ZN9E4K -mSJ2fkpAgvjJ5E7LUy3Hsbbi08J1J265DnGyNPy/HE7CPfg26QrMWJqhGIZO4uGq -s3NZbl6dtMIIr69c/aQCb/+4DbvVq9dunxpPkUDwH0ZVbaCSw4nNt7H/HLPLo5wK -4/7NqrwB7N1UypHdTxOHpPaY7/1J1lcqPKZc9mA3v9g+fk5oKiMyOr5u5CI9ByTP -isubXVGzMNJxbc5Gim18SjNE2hIvNkvy6fFRCW3bapcOFwIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVZx3gnHosnMvFmOcdByYqhux0zTAOBgNV -HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAJA75cJTQijq9TFOjj2Rnk0J -89ixUuZPrAwxIbvx6pnMg/y2KOTshAcOD06Xu29oRo8OURWV+Do7H1+CDgxxDryR -T64zLiNB9CZrTxOH+nj2LsIPkQWXqmrBap+8hJ4IKifd2ocXhuGzyl3tOKkpboTe -Rmv8JxlQpRJ6jH1i/NrnzLyfSa8GuCcn8on3Fj0Y5r3e9YwSkZ/jBI3+BxQaWqw5 -ghvxOBnhY+OvbLamURfr+kvriyL2l/4QOl+UoEtTcT9a4RD4co+WgN2NApgAYT2N -vC2xR8zaXeEgp4wxXPHj2rkKhkfIoT0Hozymc26Uke1uJDr5yTDRB6iBfSZ9fYTf -hsmL5a4NHr6JSFEVg5iWL0rrczTXdM3Jb9DCuiv2mv6Z3WAUjhv5nDk8f0OJU+jl -wqu+Iq0nOJt3KLejY2OngeepaUXrjnhWzAWEx/uttjB8YwWfLYwkf0uLkvw4Hp+g -pVezbp3YZLhwmmBScMip0P/GnO0QYV7Ngw5u6E0CQUridgR51lQ/ipgyFKDdLZzn -uoJxo4ZVKZnSKdt1OvfbQ/+2W/u3fjWAjg1srnm3Ni2XUqGwB5wH5Ss2zQOXlL0t -DjQG/MAWifw3VOTWzz0TBPKR2ck2Lj7FWtClTILD/y58Jnb38/1FoqVuVa4uzM8s -iTTa9g3nkagQ6hed8vbs ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzET -MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0 -MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBw -bGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx -FjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg+ -+FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1 -XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9w -tj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IW -q6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKM -aLOPHd5lc/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3 -R01/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wggERBgNVHSAE -ggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93 -d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNl -IG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0 -YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBj -b25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZp -Y2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBc -NplMLXi37Yyb3PN3m/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQP -y3lPNNiiPvl4/2vIB+x9OYOLUyDTOMSxv5pPCmv/K/xZpwUJfBdAVhEedNO3iyM7 -R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4Fg -xhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL/lTaltkwGMzd/c6ByxW69oP -IQ7aunMZT7XZNn/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AX -UKqK1drk/NAJBzewdXUh ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD -VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 -IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 -MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz -IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz -MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj -dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw -EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp -MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 -28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq -VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q -DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR -5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL -ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a -Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl -UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s -+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 -Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj -ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx -hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV -HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 -+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN -YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t -L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy -ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt -IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV -HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w -DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW -PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF -5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 -glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH -FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 -pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD -xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG -tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq -jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De -fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg -OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ -d0jQ ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT -IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw -MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy -ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N -T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR -FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J -cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW -BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm -fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv -GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW -MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg -Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 -MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi -U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh -cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk -pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf -OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C -Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT -Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi -HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM -Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w -+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ -Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 -Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B -26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID -AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j -ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js -LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM -BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy -dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh -cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh -YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg -dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp -bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ -YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT -TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ -9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 -jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW -FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz -ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 -ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L -EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu -L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC -O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V -um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh -NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx -FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg -Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG -A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr -b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ -jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn -PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh -ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 -nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h -q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED -MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC -mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 -7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB -oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs -EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO -fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi -AmvZWg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx -GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp -bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w -KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 -BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy -dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG -EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll -IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU -QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT -TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg -LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 -a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr -LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr -N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X -YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ -iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f -AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH -V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh -AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf -IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 -lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c -8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf -lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG -A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 -d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu -dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq -RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy -MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD -VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 -L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g -Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi -A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt -ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH -Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC -R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX -hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 -Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW -KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl -cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw -NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw -NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy -ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV -BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo -Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 -4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 -KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI -rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi -94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB -sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi -gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo -kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE -vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA -A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t -O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua -AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP -9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ -eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m -0vdXcDazv/wor3ElhVsT/h5/WrQ8 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE -AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG -EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM -FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC -REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp -Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM -VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ -SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ -4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L -cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi -eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV -HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG -A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 -DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j -vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP -DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc -maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D -lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv -KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF -MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD -bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha -ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM -HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 -UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 -tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R -ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM -lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp -/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G -A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G -A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj -dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy -MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl -cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js -L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL -BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni -acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 -o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K -zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 -PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y -Johw1+qRzT65ysCQblrGXnRl11z+o+I= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 -LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug -RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm -+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW -PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM -xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB -Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 -hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg -EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA -FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec -nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z -eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF -hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 -Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep -+OkuE6N36B9K ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM -MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D -ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU -cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 -WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg -Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw -IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH -UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM -TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU -BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM -kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x -AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV -HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y -sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL -I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 -J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY -VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEGjCCAwKgAwIBAgIDAYagMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYDVQQGEwJG -STEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0ZXJpa2Vz -a3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNl -czEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJLIEdvdi4g -Um9vdCBDQTAeFw0wMjEyMTgxMzUzMDBaFw0yMzEyMTgxMzUxMDhaMIGjMQswCQYD -VQQGEwJGSTEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0 -ZXJpa2Vza3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBT -ZXJ2aWNlczEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJL -IEdvdi4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCF -FdrIAzfQo0Y3bBseljDCWoUSZyPyu5/nioFgJ/gTqTy894aqqvTzJSm0/nWuHoGG -igWyHWWyOOi0zCia+xc28ZPVec7Bg4shT8MNrUHfeJ1I4x9CRPw8bSEga60ihCRC -jxdNwlAfZM0tOSJWiP2yY51U2kJpwMhP1xjiPshphJQ9LIDGfM6911Mf64i5psu7 -hVfvV3ZdDIvTXhJBnyHAOfQmbQj6OLOhd7HuFtjQaNq0mKWgZUZKa41+qk1guPjI -DfxxPu45h4G02fhukO4/DmHXHSto5i7hQkQmeCxY8n0Wf2HASSQqiYe2XS8pGfim -545SnkFLWg6quMJmQlMCAwEAAaNVMFMwDwYDVR0TAQH/BAUwAwEB/zARBglghkgB -hvhCAQEEBAMCAAcwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTb6eGb0tEkC/yr -46Bn6q6cS3f0sDANBgkqhkiG9w0BAQUFAAOCAQEArX1ID1QRnljurw2bEi8hpM2b -uoRH5sklVSPj3xhYKizbXvfNVPVRJHtiZ+GxH0mvNNDrsczZog1Sf0JLiGCXzyVy -t08pLWKfT6HAVVdWDsRol5EfnGTCKTIB6dTI2riBmCguGMcs/OubUpbf9MiQGS0j -8/G7cdqehSO9Gu8u5Hp5t8OdhkktY7ktdM9lDzJmid87Ie4pbzlj2RXBbvbfgD5Q -eBmK3QOjFKU3p7UsfLYRh+cF8ry23tT/l4EohP7+bEaFEEGfTXWMB9SZZ291im/k -UJL2mdUQuMSpe/cXjUu/15WfCdxEDx4yw8DP03kN5Mc7h/CQNIghYkmSBAQfvA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu -hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l -xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0 -CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx -sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD -VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 -IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 -MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD -aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx -MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy -cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG -A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl -BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed -KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 -G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 -zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 -ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG -HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 -Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V -yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e -beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r -6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh -wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog -zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW -BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr -ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp -ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk -cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt -YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC -CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow -KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI -hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ -UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz -X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x -fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz -a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd -Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd -SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O -AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso -M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge -v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z -09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK -MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu -VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw -MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw -JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT -3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU -+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp -S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 -bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi -T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL -vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK -Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK -dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT -c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv -l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N -iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD -ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH -6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt -LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 -nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 -+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK -W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT -AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq -l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG -4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ -mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A -7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB -rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf -Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw -MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV -BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa -Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl -LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u -MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl -ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm -gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 -YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf -b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 -9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S -zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk -OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV -HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA -2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW -oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu -t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c -KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM -m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu -MdRAGmI0Nj81Aa6sY6A= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 -MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 -RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT -gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm -KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd -QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ -XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o -LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU -RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp -jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK -6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX -mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs -Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH -WD9f ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhDCCAmygAwIBAgIBCTANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJDTjER -MA8GA1UEChMIVW5pVHJ1c3QxETAPBgNVBAMTCFVDQSBSb290MB4XDTA0MDEwMTAw -MDAwMFoXDTI5MTIzMTAwMDAwMFowMzELMAkGA1UEBhMCQ04xETAPBgNVBAoTCFVu -aVRydXN0MREwDwYDVQQDEwhVQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALNdB8qGJn1r4vs4CQ7MgsJqGgCiFV/W6dQBt1YDAVmP9ThpJHbC -XivF9iu/r/tB/Q9a/KvXg3BNMJjRnrJ2u5LWu+kQKGkoNkTo8SzXWHwk1n8COvCB -a2FgP/Qz3m3l6ihST/ypHWN8C7rqrsRoRuTej8GnsrZYWm0dLNmMOreIy4XU9+gD -Xv2yTVDo1h//rgI/i0+WITyb1yXJHT/7mLFZ5PCpO6+zzYUs4mBGzG+OoOvwNMXx -QhhgrhLtRnUc5dipllq+3lrWeGeWW5N3UPJuG96WUUqm1ktDdSFmjXfsAoR2XEQQ -th1hbOSjIH23jboPkXXHjd+8AmCoKai9PUMCAwEAAaOBojCBnzALBgNVHQ8EBAMC -AQYwDAYDVR0TBAUwAwEB/zBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIG -CCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcD -BwYIKwYBBQUHAwgGCCsGAQUFBwMJMB0GA1UdDgQWBBTbHzXza0z/QjFkm827Wh4d -SBC37jANBgkqhkiG9w0BAQUFAAOCAQEAOGy3iPGt+lg3dNHocN6cJ1nL5BXXoMNg -14iABMUwTD3UGusGXllH5rxmy+AI/Og17GJ9ysDawXiv5UZv+4mCI4/211NmVaDe -JRI7cTYWVRJ2+z34VFsxugAG+H1V5ad2g6pcSpemKijfvcZsCyOVjjN/Hl5AHxNU -LJzltQ7dFyiuawHTUin1Ih+QOfTcYmjwPIZH7LgFRbu3DJaUxmfLI3HQjnQi1kHr -A6i26r7EARK1s11AdgYg1GS4KUYGis4fk5oQ7vuqWrTcL9Ury/bXBYSYBZELhPc9 -+tb5evosFeo2gkO3t7jj83EB7UNDogVFwygFBzXjAaU4HoDU18PZ3g== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk -MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 -YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg -Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT -AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp -Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 -m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih -FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ -TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F -EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco -kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu -HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF -vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo -19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC -L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW -bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX -JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw -FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j -BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc -K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf -ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik -Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB -sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e -3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR -ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip -mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH -b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf -rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms -hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y -zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 -MBr1mmz0DlP5OlvRHA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw -NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv -b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD -VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F -VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 -7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X -Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ -/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs -81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm -dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe -Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu -sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 -pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs -slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ -arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD -VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG -9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl -dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx -0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj -TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed -Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 -Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI -OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 -vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW -t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn -HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx -SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB -hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV -BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 -MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT -EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR -6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X -pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC -9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV -/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf -Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z -+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w -qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah -SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC -u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf -Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq -crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E -FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB -/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl -wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM -4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV -2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna -FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ -CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK -boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke -jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL -S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb -QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl -0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB -NVOFBkpdn627G190 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE -BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK -DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz -OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv -dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv -bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R -xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX -qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC -C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 -6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh -/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF -YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E -JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc -US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 -ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm -+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi -M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV -HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G -A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV -cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc -Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs -PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ -q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 -cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr -a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I -H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y -K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu -nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf -oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY -Ic2wBlX7Jz9TkHCpBB5XJ7k= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDQzCCAiugAwIBAgIQX/h7KCtU3I1CoxW1aMmt/zANBgkqhkiG9w0BAQUFADA1 -MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB -IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK -Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg -MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH -xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ -FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr/4NEb7Y9JHcJ6r8qqB9q -VvYgDxFUl4F1pyXOWWqCZe+36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW/VgpSdH -jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l -Eg6CTY5j/e/rmxrbU6YTYK/CfdfHbBcl1HP7R2RQgYCUTOG/rksc35LtLgXfAgED -o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJ/PI -FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF -BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW -Yqpao2TB9k5UM8Z3/sUcuuVdJcr18JOagxEu5sv4dEX+5wW4q+ffy0vhN4TauYuX -cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz -Bvt9YAretIpjsJyp8qS5UwGH0GikJ3+r/+n6yUA4iGe0OcaEb1fJU9u6ju7AQ7L4 -CYNu/2bPPu8Xs1gYJQk0XuPL1hS27PKSb3TkL4Eq1ZKR4OCXPDJoBYVL0fdX4lId -kxpUnwVwwEpxYB5DC2Ae/qPOgRnhCzU= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT -AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD -QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP -MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do -0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ -UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d -RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ -OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv -JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C -AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O -BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ -LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY -MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ -44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I -Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw -i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN -9u6wWk5JRFRYX0KD ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 -MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG -EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT -CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK -8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 -98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb -2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC -ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi -Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB -o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl -ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD -AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL -AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd -foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M -cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq -8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp -hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk -Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U -AGegcQCCSA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV -BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE -CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy -MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G -A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD -DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq -M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf -OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa -4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 -HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR -aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA -b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ -Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV -PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO -pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu -UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY -MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV -HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 -9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW -s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 -Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg -cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM -79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz -/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt -ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm -Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK -QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ -w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi -S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 -mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout -736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A -DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk -fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA -njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL -MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl -eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT -JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx -MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT -Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg -VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo -I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng -o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G -A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB -zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW -RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD -VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 -ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G -CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y -OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx -FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp -Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o -dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP -kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc -cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U -fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 -N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC -xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 -+rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM -Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG -SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h -mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk -ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 -tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c -2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t -HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw -PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu -MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx -GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL -MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf -HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh -gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW -v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue -Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr -9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt -6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7 -MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl -Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58 -ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq -hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p -iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC -dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL -kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL -hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz -OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH -MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM -QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy -MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl -cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv -CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg -GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu -XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd -re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu -PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1 -mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K -8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj -x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR -nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0 -kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok -twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp -8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT -vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT -z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA -pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb -pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB -R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R -RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk -0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC -5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF -izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn -yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV -BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X -DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ -BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 -QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny -gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw -zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q -130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 -JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw -ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT -AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj -AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG -9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h -bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc -fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu -HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w -t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw -WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET -MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb -BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz -MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx -FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g -Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 -fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl -LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV -WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF -TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb -5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc -CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri -wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ -wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG -m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 -F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng -WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 -2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF -AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ -0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw -F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS -g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj -qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN -h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ -ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V -btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj -Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ -8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW -gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 -MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 -czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG -CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy -MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl -ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS -b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy -euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO -bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw -WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d -MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE -1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD -VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ -zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB -BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF -BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV -v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG -E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u -uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW -iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v -GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x -GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv -b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV -BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W -YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM -V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB -4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr -H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd -8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv -vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT -mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe -btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc -T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt -WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ -c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A -4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD -VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG -CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 -aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 -aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu -dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw -czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G -A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC -TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg -Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 -7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem -d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd -+LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B -4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN -t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x -DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 -k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s -zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j -Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT -mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK -4SVhM7JZG+Ju1zdXtg2pEto= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH -MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI -2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx -1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ -q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz -tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ -vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV -5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY -1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 -NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG -Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 -8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe -pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl -MrY= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs -ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw -MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj -aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg -nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 -HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N -Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN -dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 -HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G -CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU -sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 -4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg -8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K -pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 -mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN -BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl -c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl -bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv -b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ -BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj -YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 -MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 -dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg -QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa -jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi -C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep -lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof -TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD -QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB -CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 -nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt -43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P -T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 -gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR -TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw -DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr -hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg -06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF -PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls -YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw -CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu -ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe -Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw -EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x -IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF -K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG -fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO -Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd -BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx -AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ -oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 -sycX ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH -MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM -QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy -MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl -cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM -f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX -mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7 -zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P -fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc -vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4 -Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp -zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO -Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW -k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+ -DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF -lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW -Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 -d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z -XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR -gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3 -d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv -J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg -DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM -+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy -F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9 -SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws -E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x -GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv -b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV -BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W -YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa -GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg -Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J -WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB -rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp -+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 -ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i -Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz -PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og -/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH -oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI -yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud -EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 -A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL -MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT -ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f -BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn -g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl -fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K -WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha -B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc -hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR -TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD -mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z -ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y -4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza -8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM -MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD -QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM -MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD -QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E -jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo -ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI -ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu -Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg -AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 -HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA -uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa -TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg -xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q -CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x -O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs -6GAqm4VKQPNriiTsBhYscw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw -MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV -BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B -3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY -tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ -Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 -VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT -79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 -c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT -Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l -c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee -UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE -Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd -BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF -Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO -VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 -ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs -8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR -iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze -Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ -XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ -qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB -VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB -L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG -jjxDah2nGN59PRbxYvnKkKj9 ------END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cacert.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cacert.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cacert.crt 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cacert.crt 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv -b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ -Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y -dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU -MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 -Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a -iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 -aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C -jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia -pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 -FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt -XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL -oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 -R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp -rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ -LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA -BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow -gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV -BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG -A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS -c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH -AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr -BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB -MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y -Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj -ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 -b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D -QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc -7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH -Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 -D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 -VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a -lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW -Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt -hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz -0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn -ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT -d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 -4GGSt/M3mMS+lqO3ig== ------END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_empty_subject.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_empty_subject.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_empty_subject.crt 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_empty_subject.crt 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMzCCAhugAwIBAgIJANtVCnAolv4dMA0GCSqGSIb3DQEBDQUAMH4xCzAJBgNV -BAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcMCVN0 -dXR0Z2FydDEcMBoGA1UECgwTLi4udW5kIHVlYmVyaGF1cHQhPzEPMA0GA1UECwwG -dXVlIENBMQ8wDQYDVQQDDAZ1dWUgQ0EwHhcNMjAxMjIwMTYyNTM1WhcNMjExMjIw -MTYyNTM1WjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvlsqMXz -GDKdN0bochMAPx2/XTKxP4q8dsHqLnGGZ+VoNYecvJ/rXhvvWC9eeOknKZwaXe/H -tOyITCc/L/4lx0krlCGcLH7AkVijlrgZeWbE/Ia/OUPlHYiVcXV0Pw8Hzy/+JdU/ -BPkuCcxZhdwhB3k61HSdg8wAc/aJom9RveoI0dCweoeq7lHz5jv5Azjq5mK2rriB -4vMVTzzbLVAAQ451KrAkBNKaH+1Bvyn1S5SpMA+K4HnleBIGsc5ZnY03N2EAZq5h -NczSBpdwZRkCxDXHpv6F4FIF7RJwCqgCpPRPsVuSr/KXFRnsSxhQCDiB4i3dEAwn -iXJVHfHEmTe0UwIDAQABozIwMDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAWBgNV -HREEDzANggt3d3cudXVlLm9yZzANBgkqhkiG9w0BAQ0FAAOCAQEAdv5Z9KMWcItp -0ZsJlYEHmuHbw+lXvKzz11mY//D4HXSXthltc5dSW9wUJMWYiOJc8IoQnOOXo9Tx -Ye8JvK6gOhOE8RELPr0e4jmIBCYq02bMh6v82EoN0gzI4ZgTfkLYZtVSGhUHYA8K -0gsPUz88VmVLrcz/EhOhbLuxmgUJWjE3z48zD/QO6TQRjVtwql5Qc2iBq9ZnCNgZ -pf8r+/m561xMN5r3Jvp0+0xDM0gM5LigdObguUBzAhWExuHXHubcC0ovppSA5Qey -uoalFu8pQXRTSZ9tatP7mYERciMtW+fK/MDbMNNVMcDgQoOtPna1zDFgqyEygLXy -xZGfiGQBgw== ------END CERTIFICATE----- \ No newline at end of file diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_subject_without_cn.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_subject_without_cn.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_subject_without_cn.crt 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/cert_with_subject_without_cn.crt 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDdDCCAlygAwIBAgIJAL5rKAz6XKBNMA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV -BAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcMCVN0 -dXR0Z2FydDEcMBoGA1UECgwTLi4udW5kIHVlYmVyaGF1cHQhPzEUMBIGA1UEAwwL -dXVlIFJvb3QgQ0EwHhcNMjAxMjExMjAyNjI0WhcNMjExMjExMjAyNjI0WjBcMQsw -CQYDVQQGEwJERTEbMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQH -DAlTdHV0dGdhcnQxHDAaBgNVBAoMEy4uLnVuZCB1ZWJlcmhhdXB0IT8wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX7icpGipAoscdhSvgepldiBizkZXq -aM4KKdArbeG2SThiMuOqZesegKLI3oTcIfQA9Z1ZT0qk5XdN/uybTtkstGZduIr+ -ZgvGZ605VVdOzbX9gQJ8yCj6/yUT+PLLhZXoHVqh0t2nkxr9Ed97iDeCbnnqPuKB -tcdYrSIfxoPEonLiS0xVKb2qNBx2qfkseRkRBMYfh/1i9q29JoepkcUzqSH44Af/ -oGlVeAhVMgOF0MS8Qa7LM+jx6qF4RQPiaCIj/UaNvX7idewiNf4QmEgbAaEjGtuk -s92mHhze7IVleNjNTqVoLCfazLH2NLe51djfD8w60TlKRpD2Qt2aTOP9AgMBAAGj -IzAhMB8GA1UdEQQYMBaCB3V1ZS5vcmeCC3d3dy51dWUub3JnMA0GCSqGSIb3DQEB -BQUAA4IBAQBKdrw0i3npNbo80XDO0mHUuvsyBMTToaBL1F4SFtSauvtWaY9DF2RH -gazu79y7n85czl4Nr7g4/HtZm2/oCxD6YeZEt+pHbTCIH7FVyfl5NrAza+Zs4TMs -tujwB+JVsj9KD8MXEgBbohVYLMsA9vjVEA00I3hvro3rB/suvt4GnQyHHAsXrbuu -eenCXULd0B4onD4ki2cUDXy3hArkO8LIwQ8iu55wYIgDlIX00Q2oPZRP+ZYCKdUl -w5sjV1qPVtrDYzoeA5h/Ls5P0llZapnWGzJzmD6U6wk+zQAs+GgqlYrmEmNq97kL -iRuLlubcbMknF/JN5mLUvgYqf7M71nEe ------END CERTIFICATE----- Binary files /tmp/tmpbvznukrd/AR2TEg1FPo/nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/client.p12 and /tmp/tmpbvznukrd/rsuwgAjtog/nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/client.p12 differ Binary files /tmp/tmpbvznukrd/AR2TEg1FPo/nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/der.cer and /tmp/tmpbvznukrd/rsuwgAjtog/nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/der.cer differ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/unit_tests.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/unit_tests.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/test/unit_tests.sh 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/test/unit_tests.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,832 +0,0 @@ -#!/bin/sh - -# $SHUNIT2 should be defined as an environment variable before running the tests -# shellcheck disable=SC2154 -if [ -z "${SHUNIT2}" ] ; then - cat < /dev/null - - # check in OpenSSL supports dane checks - if openssl s_client -help 2>&1 | grep -q -- -dane_tlsa_rrdata || openssl s_client not_a_real_option 2>&1 | grep -q -- -dane_tlsa_rrdata; then - echo "dane checks supported" - DANE=1 - fi - -} - -testHoursUntilNow() { - # testing with perl - export DATETYPE='PERL' - hours_until "$( date )" - assertEquals "error computing the missing hours until now" 0 "${HOURS_UNTIL}" -} - -testHoursUntil5Hours() { - # testing with perl - export DATETYPE='PERL' - hours_until "$( perl -e '$x=localtime(time+(5*3600));print $x' )" - assertEquals "error computing the missing hours until now" 5 "${HOURS_UNTIL}" -} - -testHoursUntil42Hours() { - # testing with perl - export DATETYPE='PERL' - hours_until "$( perl -e '$x=localtime(time+(42*3600));print $x' )" - assertEquals "error computing the missing hours until now" 42 "${HOURS_UNTIL}" -} - -testOpenSSLVersion1() { - export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' - export REQUIRED_VERSION='1.2.0a' - OPENSSL=$( command -v openssl ) # needed by openssl_version - openssl_version "${REQUIRED_VERSION}" - RET=$? - assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 1 "${RET}" - export OPENSSL_VERSION= -} - -testOpenSSLVersion2() { - export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' - export REQUIRED_VERSION='1.1.1j' - OPENSSL=$( command -v openssl ) # needed by openssl_version - openssl_version "${REQUIRED_VERSION}" - RET=$? - assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" - export OPENSSL_VERSION= -} - -testOpenSSLVersion3() { - export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' - export REQUIRED_VERSION='1.0.0b' - OPENSSL=$( command -v openssl ) # needed by openssl_version - openssl_version "${REQUIRED_VERSION}" - RET=$? - assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" - export OPENSSL_VERSION= -} - -testOpenSSLVersion4() { - export OPENSSL_VERSION='OpenSSL 1.0.2k-fips 26 Jan 2017' - export REQUIRED_VERSION='1.0.0b' - OPENSSL=$( command -v openssl ) # needed by openssl_version - openssl_version "${REQUIRED_VERSION}" - RET=$? - assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" - export OPENSSL_VERSION= -} - -testOpenSSLVersion5() { - export OPENSSL_VERSION='OpenSSL 1.1.1h-freebsd 22 Sep 2020' - export REQUIRED_VERSION='1.0.0b' - OPENSSL=$( command -v openssl ) # needed by openssl_version - openssl_version "${REQUIRED_VERSION}" - RET=$? - assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" - export OPENSSL_VERSION= -} - -testDependencies() { - check_required_prog openssl - # $PROG is defined in the script - # shellcheck disable=SC2154 - assertNotNull 'openssl not found' "${PROG}" -} - -testSCT() { - OPENSSL=$( command -v openssl ) # needed by openssl_version - ${OPENSSL} version - if openssl_version '1.1.0' ; then - echo "OpenSSL >= 1.1.0: SCTs supported" - ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" - else - echo "OpenSSL < 1.1.0: SCTs not supported" - ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - fi -} - -testUsage() { - ${SCRIPT} > /dev/null 2>&1 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -} - -testMissingArgument() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical > /dev/null 2>&1 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -} - -testMissingArgument2() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical --warning 10 > /dev/null 2>&1 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -} - -testGroupedVariables() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvv > /dev/null 2>&1 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testGroupedVariablesError() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvxv > /dev/null 2>&1 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -} - -testETHZ() { - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ethz.ch --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testLetsEncrypt() { - ${SCRIPT} --rootcert-file cabundle.crt -H helloworld.letsencrypt.org --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testGoDaddy() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.godaddy.com --cn www.godaddy.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testETHZCaseInsensitive() { - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ETHZ.CH --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testETHZWildCard() { - # * should not match, see https://serverfault.com/questions/310530/should-a-wildcard-ssl-certificate-secure-both-the-root-domain-as-well-as-the-sub - # we ignore the altnames as sp.ethz.ch is listed - ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn sp.ethz.ch --ignore-altnames --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testETHZWildCardCaseInsensitive() { - # * should not match, see https://serverfault.com/questions/310530/should-a-wildcard-ssl-certificate-secure-both-the-root-domain-as-well-as-the-sub - # we ignore the altnames as sp.ethz.ch is listed - ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn SP.ETHZ.CH --ignore-altnames --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testETHZWildCardSub() { - ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn sub.sp.ethz.ch --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testETHZWildCardSubCaseInsensitive() { - ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --cn SUB.SP.ETHZ.CH --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testRootIssuer() { - ${SCRIPT} --rootcert-file cabundle.crt -H google.com --issuer 'GlobalSign' --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testValidity() { - # Tests bug #8 - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch -w 1000 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" -} - -testValidityWithPerl() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch -w 1000 --force-perl-date - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" -} - -testAltNames() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.inf.ethz.ch --cn www.inf.ethz.ch --altnames --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -#Do not require to match Alternative Name if CN already matched -testWildcardAltNames1() { - ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch --altnames --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -#Check for wildcard support in Alternative Names -testWildcardAltNames2() { - ${SCRIPT} --rootcert-file cabundle.crt -H sherlock.sp.ethz.ch \ - --cn somehost.spapps.ethz.ch \ - --cn otherhost.sPaPPs.ethz.ch \ - --cn spapps.ethz.ch \ - --critical 1 --warning 2 \ - --altnames \ - - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testAltNamesCaseInsensitve() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.inf.ethz.ch --cn WWW.INF.ETHZ.CH --altnames --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testMultipleAltNamesFailOne() { - # Test with wiltiple CN's but last one is wrong - ${SCRIPT} --rootcert-file cabundle.crt -H inf.ethz.ch -n www.ethz.ch -n wrong.ch --altnames --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testMultipleAltNamesFailTwo() { - # Test with multiple CN's but first one is wrong - ${SCRIPT} --rootcert-file cabundle.crt -H inf.ethz.ch -n wrong.ch -n www.ethz.ch --altnames --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testXMPPHost() { - out=$(${SCRIPT} --rootcert-file cabundle.crt -H prosody.xmpp.is --port 5222 --protocol xmpp --xmpphost xmpp.is --critical 1 --warning 2) - EXIT_CODE=$? - if echo "${out}" | grep -q "s_client' does not support '-xmpphost'" ; then - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" - else - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - fi -} - -testTimeOut() { - ${SCRIPT} --rootcert-file cabundle.crt -H gmail.com --protocol imap --port 993 --timeout 1 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testIMAP() { - # minimal critical and warning as they renew pretty late - ${SCRIPT} --rootcert-file cabundle.crt -H imap.gmx.com --port 143 --timeout 30 --protocol imap --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testIMAPS() { - ${SCRIPT} --rootcert-file cabundle.crt -H imap.gmail.com --port 993 --timeout 30 --protocol imaps --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testPOP3S() { - ${SCRIPT} --rootcert-file cabundle.crt -H pop.gmail.com --port 995 --timeout 30 --protocol pop3s --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - - -testSMTP() { - ${SCRIPT} --rootcert-file cabundle.crt -H smtp.gmail.com --protocol smtp --port 25 --timeout 60 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testSMTPSubmbission() { - ${SCRIPT} --rootcert-file cabundle.crt -H smtp.gmail.com --protocol smtp --port 587 --timeout 60 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testSMTPS() { - ${SCRIPT} --rootcert-file cabundle.crt -H smtp.gmail.com --protocol smtps --port 465 --timeout 60 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -# Disabled as test.rebex.net is currently not workin. Should find another public FTP server with TLS -#testFTP() { -# ${SCRIPT} --rootcert-file cabundle.crt -H test.rebex.net --protocol ftp --port 21 --timeout 60 -# EXIT_CODE=$? -# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -#} -# -#testFTPS() { -# ${SCRIPT} --rootcert-file cabundle.crt -H test.rebex.net --protocol ftps --port 990 --timeout 60 -# EXIT_CODE=$? -# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -#} - -################################################################################ -# From https://badssl.com - -testBadSSLExpired() { - ${SCRIPT} --rootcert-file cabundle.crt -H expired.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLExpiredAndWarnThreshold() { - ${SCRIPT} --rootcert-file cabundle.crt -H expired.badssl.com --warning 3000 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLWrongHost() { - ${SCRIPT} --rootcert-file cabundle.crt -H wrong.host.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLSelfSigned() { - ${SCRIPT} --rootcert-file cabundle.crt -H self-signed.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLUntrustedRoot() { - ${SCRIPT} --rootcert-file cabundle.crt -H untrusted-root.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLRevoked() { - ${SCRIPT} --rootcert-file cabundle.crt -H revoked.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLRevokedCRL() { - ${SCRIPT} --rootcert-file cabundle.crt -H revoked.badssl.com --crl --ignore-ocsp --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testGRCRevoked() { - ${SCRIPT} --rootcert-file cabundle.crt -H revoked.grc.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLIncompleteChain() { - ${SCRIPT} --rootcert-file cabundle.crt -H incomplete-chain.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLDH480(){ - ${SCRIPT} --rootcert-file cabundle.crt -H dh480.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLDH512(){ - ${SCRIPT} --rootcert-file cabundle.crt -H dh512.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLRC4MD5(){ - # older versions of OpenSSL validate RC4-MD5 - if ! openssl ciphers RC4-MD5 > /dev/null 2>&1 ; then - ${SCRIPT} --rootcert-file cabundle.crt -H rc4-md5.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" - else - echo "OpenSSL too old to test RC4-MD5 ciphers" - fi -} - -testBadSSLRC4(){ - # older versions of OpenSSL validate RC4 - if ! openssl ciphers RC4 > /dev/null 2>&1 ; then - ${SCRIPT} --rootcert-file cabundle.crt -H rc4.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" - else - echo "OpenSSL too old to test RC4-MD5 ciphers" - fi -} - -testBadSSL3DES(){ - # older versions of OpenSSL validate RC4 - if ! openssl ciphers 3DES > /dev/null 2>&1 ; then - ${SCRIPT} --rootcert-file cabundle.crt -H 3des.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" - else - echo "OpenSSL too old to test 3DES ciphers" - fi -} - -testBadSSLNULL(){ - ${SCRIPT} --rootcert-file cabundle.crt -H null.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLSHA256() { - ${SCRIPT} --rootcert-file cabundle.crt -H sha256.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testBadSSLEcc256() { - ${SCRIPT} --rootcert-file cabundle.crt -H ecc256.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testBadSSLEcc384() { - ${SCRIPT} --rootcert-file cabundle.crt -H ecc384.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testBadSSLRSA8192() { - ${SCRIPT} --rootcert-file cabundle.crt -H rsa8192.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testBadSSLLongSubdomainWithDashes() { - ${SCRIPT} --rootcert-file cabundle.crt -H long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testBadSSLLongSubdomain() { - ${SCRIPT} --rootcert-file cabundle.crt -H longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testBadSSLSHA12016() { - ${SCRIPT} --rootcert-file cabundle.crt -H sha1-2016.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testBadSSLSHA12017() { - ${SCRIPT} --rootcert-file cabundle.crt -H sha1-2017.badssl.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testMultipleOCSPHosts() { - ${SCRIPT} --rootcert-file cabundle.crt -H netlock.hu --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testRequireOCSP() { - ${SCRIPT} --rootcert-file cabundle.crt -H videolan.org --require-ocsp-stapling --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -# tests for -4 and -6 -testIPv4() { - if openssl s_client -help 2>&1 | grep -q -- -4 ; then - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -4 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - else - echo "Skipping forcing IPv4: no OpenSSL support" - fi -} - -testIPv6() { - if openssl s_client -help 2>&1 | grep -q -- -6 ; then - - IPV6= - if command -v ifconfig > /dev/null && ifconfig -a | grep -q -F inet6 ; then - IPV6=1 - elif command -v ip > /dev/null && ip addr | grep -q -F inet6 ; then - IPV6=1 - fi - - if [ -n "${IPV6}" ] ; then - - echo "IPv6 is configured" - - if ping -6 www.google.com > /dev/null 2>&1 ; then - - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -6 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - - else - echo "IPv6 is configured but not working: skipping test" - fi - - else - echo "Skipping forcing IPv6: not IPv6 configured locally" - fi - - else - echo "Skipping forcing IPv6: no OpenSSL support" - fi -} - -testFormatShort() { - OUTPUT=$( ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ethz.ch --critical 1 --warning 2 --format "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'" | cut '-d|' -f 1 ) - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - assertEquals "wrong output" "SSL_CERT OK ethz.ch from 'QuoVadis Global SSL ICA G2'" "${OUTPUT}" -} - -testMoreErrors() { - OUTPUT=$( ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --email doesnotexist --critical 1000 --warning 1001 --verbose | wc -l | sed 's/\ //g' ) - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - # we should get three lines: the plugin output and three errors - assertEquals "wrong number of errors" 5 "${OUTPUT}" -} - -testMoreErrors2() { - OUTPUT=$( ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --email doesnotexist --warning 1000 --warning 1001 --verbose | wc -l | sed 's/\ //g' ) - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - # we should get three lines: the plugin output and three errors - assertEquals "wrong number of errors" 5 "${OUTPUT}" -} - -# dane - -testDANE211() { - # dig is needed for DANE - if command -v dig > /dev/null ; then - - # on github actions the dig command produces no output - if dig +short TLSA _25._tcp.hummus.csx.cam.ac.uk | grep -q -f 'hummus' ; then - - # check if a connection is possible - if printf 'QUIT\\n' | openssl s_client -connect hummus.csx.cam.ac.uk:25 -starttls smtp > /dev/null 2>&1 ; then - ${SCRIPT} --rootcert-file cabundle.crt --dane 211 --port 25 -P smtp -H hummus.csx.cam.ac.uk --critical 1 --warning 2 - EXIT_CODE=$? - if [ -n "${DANE}" ] ; then - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - else - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" - fi - else - echo "connection to hummus.csx.cam.ac.uk:25 not possible: skipping test" - fi - else - echo "no TLSA entries in DNS: skipping DANE test" - fi - else - echo "dig not available: skipping DANE test" - fi -} - -# does not work anymore -#testDANE311SMTP() { -# ${SCRIPT} --rootcert-file cabundle.crt --dane 311 --port 25 -P smtp -H mail.ietf.org -# EXIT_CODE=$? -# if [ -n "${DANE}" ] ; then -# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -# else -# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -# fi -#} -# -#testDANE311() { -# ${SCRIPT} --rootcert-file cabundle.crt --dane 311 -H www.ietf.org -# EXIT_CODE=$? -# if [ -n "${DANE}" ] ; then -# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -# else -# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -# fi -#} - -testDANE301ECDSA() { - if command -v dig > /dev/null ; then - ${SCRIPT} --rootcert-file cabundle.crt --dane 301 --ecdsa -H mail.aegee.org --critical 1 --warning 2 - EXIT_CODE=$? - if [ -n "${DANE}" ] ; then - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - else - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" - fi - else - echo "dig not available: skipping DANE test" - fi -} - -testRequiredProgramFile() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --file-bin /doesnotexist --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -} - -testRequiredProgramPermissions() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --file-bin /etc/hosts --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" -} - -testSieveECDSA() { - if ! { openssl s_client -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || openssl s_client -starttls sieve 2>&1 | grep -F -q 'usage:' ; } ; then - ${SCRIPT} --rootcert-file cabundle.crt -P sieve -p 4190 -H mail.aegee.org --ecdsa --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - else - echo "Skipping sieve tests (not supported)" - fi -} - -testHTTP2() { - ${SCRIPT} --rootcert-file cabundle.crt -H rwserve.readwritetools.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testForceHTTP2() { - if openssl s_client -help 2>&1 | grep -q -F alpn ; then - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --protocol h2 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - else - echo "Skupping forced HTTP2 test as -alpn is not supported" - fi -} - -testNotLongerValidThan() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --not-valid-longer-than 2 --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testDERCert() { - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -f ./der.cer --ignore-sct --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testPKCS12Cert() { - export PASS= - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -f ./client.p12 --ignore-sct --password env:PASS --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testCertificsteWithoutCN() { - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -n www.uue.org -f ./cert_with_subject_without_cn.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testCertificsteWithEmptySubject() { - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -n www.uue.org -f ./cert_with_empty_subject.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testResolveSameName() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --resolve www.ethz.ch --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testResolveDifferentName() { - ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve www.google.com --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testResolveCorrectIP() { - ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve "$( dig +short corti.li )" --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -testResolveWrongIP() { - ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve "$( dig +short www.google.com )" --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" -} - -testCiphersOK() { - - # nmap ssl-enum-ciphers dumps core on CentOS 7 and RHEL 7 - if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release ; then - echo 'Skipping tests on CentOS and RedHat 7 since nmap is crashing (core dump)' - else - - # check if nmap is installed - if command -v nmap > /dev/null ; then - - # check if ssl-enum-ciphers is present - if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine' ; then - - ${SCRIPT} --rootcert-file cabundle.crt -H cloudflare.com --check-ciphers C --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - - else - echo "no ssl-enum-ciphers nmap script found: skipping ciphers test" - fi - - else - echo "no nmap found: skipping ciphers test" - fi - - fi - -} - -testCiphersError() { - - # nmap ssl-enum-ciphers dumps core on CentOS 7 and RHEL 7 - if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release ; then - echo 'Skipping tests on CentOS and RedHat 7 since nmap is crashing (core dump)' - else - - # check if nmap is installed - if command -v nmap > /dev/null ; then - - # check if ssl-enum-ciphers is present - if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine' ; then - - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --check-ciphers A --check-ciphers-warnings --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" - - else - echo "no ssl-enum-ciphers nmap script found: skipping ciphers test" - fi - - else - echo "no nmap found: skipping ciphers test" - fi - - fi - -} - -# SSL Labs (last one as it usually takes a lot of time - -testETHZWithSSLLabs() { - # we assume www.ethz.ch gets at least a B - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ethz.ch --check-ssl-labs B --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - -# the script will exit without executing main -export SOURCE_ONLY='test' - -# source the script. -# Do not follow -# shellcheck disable=SC1090 -. "${SCRIPT}" - -unset SOURCE_ONLY - -# run shUnit: it will execute all the tests in this file -# (e.g., functions beginning with 'test' -# -# We clone to output to pass it to grep as shunit does always return 0 -# We parse the output to check if a test failed -# - -# Do not follow -# shellcheck disable=SC1090 -. "${SHUNIT2}" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/VERSION nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/VERSION --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/check_ssl_cert_2.2.0/VERSION 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/check_ssl_cert_2.2.0/VERSION 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -2.2.0 \ No newline at end of file diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/control nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/control --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/control 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/control 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ Uploaders: Jan Wagner Recommends: curl, file, openssl -Suggests: expect -Version: 2.2.0 +Suggests: expect, iproute2, dnsutils +Version: 2.15.0 Homepage: https://github.com/matteocorti/check_ssl_cert Watch: https://github.com/matteocorti/check_ssl_cert/releases check_ssl_cert-([0-9.]+)\.tar\.gz Description: plugin to check the CA and validity of an diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/AUTHORS nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/AUTHORS --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/AUTHORS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/AUTHORS 2021-12-17 14:47:25.000000000 +0000 @@ -81,7 +81,7 @@ * Many thanks to Mathieu Simon (https://github.com/matsimon) for the IMAPS, POP3S and LDAP patches * Many thanks to Nico (https://github.com/nicox) for the SSLlabs patch * Many thanks to barakAtSoluto (https://github.com/barakAtSoluto) for the SSLlabs warning patch -* Many thanks to Valentin Heidelberger (https://github.com/va1entin) for the cURL user agent patch +* Many thanks to Valentin Heidelberger (https://github.com/va1entin) for the curl user agent patch * Many thanks to Tone (https://github.com/anthonyhaussman) for the warning message improvement patch * Many thanks to Michael Niewiara (https://github.com/mobitux) for the HTTPS/echo fix * Many thanks to Zadkiel (https://github.com/aslafy-z) for the extended regex patch and for the n-elementh check @@ -96,7 +96,7 @@ * Many thanks to Thomas Weißschuh (https://github.com/t-8ch) for the PostgreSQL patch * Many thanks to Jonathan Besanceney (https://github.com/jonathan-besanceney) for the proxy patch * Many thanks to grizzlydev-sarl (https://github.com/grizzlydev-sarl) for the - processing of all the certificate in the chain + processing of all the certificate in the chain, the verbose patch and the output cleanup patch * Many thanks to Claudio Kuenzler (https://github.com/Napsty) for the chain expiration output fix * Many thanks to jf-vf (https://github.com/jf-vf) for the MySQL support patch * Many thanks to skanx (https://github.com/skanx) for the --not-issued-by output patch @@ -113,5 +113,14 @@ * Many thanks to waja (https://github.com/waja) for the GitHub workflows * Many thanks to Tobias Grünewald (https://github.com/tobias-gruenewald) for the client certificate * Many thanks to chornberger-c2c (https://github.com/chornberger-c2c) for the critical and warning output fix -* Many thanks to Claus-Theodor Riegg (https://github.com/ctriegg-mak) for the domain with underscores fix -* Many thanks to Ed Sabol (https://github.com/esabol) for the FQDN patch \ No newline at end of file +* Many thanks to Claus-Theodor Riegg (https://github.com/ctriegg-mak) for the domain with + underscores and certificate chain fixes +* Many thanks to Ed Sabol (https://github.com/esabol) for the FQDN patch +* Many thanks to Igor Mironov (https://github.com/mcs6502) for the LibreSSL patch +* Many thanks to jalbstmeijer (https://github.com/jalbstmeijer) for the OpenSSL and INETPROTO patch +* Many thanks to Pim Rupert (https://github.com/prupert) for the file(1) patches +* Many thanks to Alexander AleksandroviÄ Klimov (https://github.com/Al2Klimov) for the DANE 312 patch +* Many thanks to Jaime Hablutzel (https://github.com/hablutzel1) for the --element fix +* Many thanks to Bernd Stroessenreuther for the CRL and IPv6 fixes and for the floating point patch +* Many thanks to Kim Jahn for the conversion typo and underscore fixes (https://github.com/mookie-) +* Many thanks to Bernd Strößenreuther (https://github.com/booboo-at-gluga-de) for the --help patch diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/ChangeLog nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/ChangeLog --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/ChangeLog 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/ChangeLog 2021-12-17 14:47:25.000000000 +0000 @@ -1,957 +1,1188 @@ +2021-12-15 Matteo Corti + + * check_ssl_cert (fetch_certificate): check if the used protocol was HTTP/2 (if requested) + +2021-12-10 Matteo Corti + + * check_ssl_cert (check_attr): using NMAP_BIN instead of nmap + * check_ssl_cert (main): fixed a bug causing an unnecessary scan when checking for disallowed protocols + * check_ssl_cert (main): (main): SSL 2.0 and SSL 3.0 disabled by --all and --all-local + +2021-12-08 Matteo Corti + + * Fixed several spelling mistakes + +2021-12-05 Bernd Stroessenreuther + + * check_ssl_cert: improve readability of --help by wrapping some very long lines + +2021-12-03 Matteo Corti + + * check_ssl_cert (main): IPv6 checks fixed if ipconfig is not available + +2021-11-26 Matteo Corti + + * check_ssl_cert (info): --info to print certificate information + +2021-11-24 Matteo Corti + + * check_ssl_cert (check_attr): Fixed a bug in the processing of error messages + * check_ssl_cert (main): Handle root certificates in DER format + * check_ssl_cert (check_attr): Fixed the nmap cipher check for hosts which are not discoverable + +2021-11-12 Matteo Corti + + * check_ssl_cert (main): Skipping the manual renegotiation test with OpenSSL > 3.0.0 + +2021-11-11 Matteo Corti + + * check_ssl_cert (main): Fixed a problem with newlines in variable on some systems (e.g., Fedora) + * check_ssl_cert (fetch_certificate): Fixed a problem with OpenSSL 3.0.0 and debug mode with certain servers + +2021-11-11 Matteo Corti + + * check_ssl_cert (main): Better extraction of the certificate issuers + +2021-11-09 Matteo Corti + + * check_ssl_cert (fetch_certificate): Parsing of OpenSSL 3 messages + * check_ssl_cert (fetch_certificate): Ignoring legacy renegotiation if --ignore-tls-renegotiation was specified + +2021-10-25 Matteo Corti + + * check_ssl_cert (debuglog): Better formatting of the elapsed time in the log output + +2021-10-22 Matteo Corti + + * check_ssl_cert (check_attr): Fixed the organization check + * check_ssl_cert (main): Check if -sigalgs is available + * check_ssl_cert (check_attr): check if nmap delivers cipher strengths + +2021-10-21 Matteo Corti + + * test/unit_tests.sh (testRSA): Added a test for RSA ciphers + * check_ssl_cert (main): Fixes --rsa on systems not supporting PSS + * check_ssl_cert (create_temporary_file): Uses mktemp if available (the workaround is only used if not available for speed reasons) + +2021-10-15 Matteo Corti + + * check_ssl_cert (create_temporary_file): AIX compatible temporary file creation + +2021-10-12 Matteo Corti + + * check_ssl_cert (fetch_certificate): using OpenSSL verify to verify a local chain + +2021-10-11 Matteo Corti + + * check_ssl_cert (main): Checks the certificate chain + +2021-10-08 Matteo Corti + + * test/unit_tests.sh (testSubdomainWithUnderscore): does not test with older OpenSSL versions not supporting _ + * check_ssl_cert (fetch_certificate): Fixed a typo + +2021-10-06 Matteo Corti + + * check_ssl_cert (check_ocsp): better handling of HTML pages instead of certificates + * check_ssl_cert (parse_command_line_options): a URL can be given as host (scheme and path will be stripped) + + * check_ssl_cert (check_attr): accepts certificates without subject alternative names + +2021-10-05 Matteo Corti + + * check_ssl_cert (debuglog): added an option (--debug-time) to print the elapsed time in the debugging output + +2021-10-01 Matteo Corti + + * check_ssl_cert (check_attr): --skip-element now skips a single element and can be specified multiple times + +2021-09-29 Matteo Corti + + * check_ssl_cert (main): Added an option to set a custom state by connection failures + +2021-09-27 Matteo Corti + + * check_ssl_cert (hours_until): supporting certificate expiration after 2038-01-19 on 32 bit systems + * check_ssl_cert (main): adds a check for acceptable client certificate CAs + * test/unit_tests.sh: added a routine to create a self-signed certificate expiring in a given number of days + * test/unit_tests.sh: added a test for a certificate expiring between 0.5 and 1.5 days + +2021-09-25 Bernd Stroessenreuther + + * test/unit_tests.sh: adding tests for using floating point numbers in thresholds + +2021-09-24 Bernd Stroessenreuther + + * check_ssl_cert: --warning and --critical now also accept floating point numbers + +2021-09-24 Matteo Corti + + * test/unit_tests.sh (oneTimeSetup): defining TMPDIR if not defined + +2021-09-24 Bernd Stroessenreuther + + * test/unit_tests.sh: adding a test for checking a local CRL file + +2021-09-22 Matteo Corti + + * Makefile (dist): make dist does not check the format (just builds the distribution) + +2021-09-21 Matteo Corti + + * check_ssl_cert (fetch_certificate): converts local CRLs from DER to PEM + * check_ssl_cert (main): does not check renegotiation when checking files + +2021-09-17 Bernd Stroessenreuther + + * test/unit_tests.sh: fixing error with endless ping if IPv6 enabled + +2021-09-17 Bernd Stroessenreuther + + * check_ssl_cert: fixing error with SCT when checking a CRL file + +2021-09-17 Matteo Corti + + * test/unit_tests.sh (testPrometheus): added test for --prometheus + + * check_ssl_cert: Adding output for Prometheus + +2021-09-16 Matteo Corti + + * check_ssl_cert (critical): Applied a patch to fix the output of multiple errors + * check_ssl_cert (main): Automatically assume localhost if --file is specified + +2021-09-15 Matteo Corti + + * check_ssl_cert (usage): Added an option to ignore OCSP server errors + * check_ssl_cert (check_ocsp): Fixed the detection of an internal error + +2021-09-02 Matteo Corti + + * check_ssl_cert (hours_until): computes the date with dconv if date -f is missing + +2021-09-01 Matteo Corti + + * check_ssl_cert (main): detects old BSD date without -f + +2021-08-31 Matteo Corti + + * check_ssl_cert (main): added -crlf to the connection for the renegotiation test + +2021-08-27 Matteo Corti + + * check_ssl_cert (check_attr): skipping the CN check on IP addresses + +2021-08-26 Matteo Corti + + * check_ssl_cert (check_attr): small improvement in the verbose output of SSL Labs + +2021-08-25 Matteo Corti + + * README.md: Info about quoting * + +2021-08-19 Matteo Corti + + * check_ssl_cert (parse_command_line_options): do not delete COMMON_NAME by --file + +2021-08-18 Matteo Corti + + * check_ssl_cert (parse_command_line_options): Fixed the debugging output by the command line arguments splitting + +2021-08-16 Matteo Corti + + * check_ssl_cert (main): Support DANE TLSA 312 + +2021-08-13 Matteo Corti + + * test/unit_tests.sh (testMultipleAltNamesOK): Added a test for multiple --cn and OK status + * check_ssl_cert (parse_command_line_options): Fixed the -n option (the old value was overwritten each time) + * check_ssl_cert (main): Better validation of the host command line argument + +2021-07-09 Matteo Corti + + * check_ssl_cert: performance data is no more shown by critical and warning message when --no-perf is specified + +2021-06-22 Matteo Corti + + * check_ssl_cert: removes the file name from file(1) output + +2021-06-18 Matteo Corti + + * check_ssl_cert (check_attr): stop the SSL Labs checks after an error + +2021-06-16 Matteo Corti + + * check_ssl_cert (check_attr): show the progress in % by SSL labs + * check_ssl_cert (check_attr): removing unnecessary port probing with nmap + +2021-05-31 Matteo Corti + + * check_ssl_cert (check_cert_end_date): Display since how many days the certificate was valid + +2021-05-28 Igor Mironov + + * check_ssl_cert: compatibility fixes for LibreSSL 2.8.3 on macOS Catalina + +2021-05-21 Matteo Corti + + * check_ssl_cert: added the --debug-file option + * check_ssl_cert(check_ocsp): append .crt to the debug certificates + * check_ssl_cert: sanity checks for file write operations + 2021-05-07 Matteo Corti - * check_ssl_cert (check_ocsp): Do not store the debugging copy of the certificate in the $TMPDIR + * check_ssl_cert (check_ocsp): Do not store the debugging copy of the certificate in the $TMPDIR 2021-05-06 Matteo Corti - * check_ssl_cert (main): Fixed an error in the parameter validation + * check_ssl_cert (main): Fixed an error in the parameter validation 2021-05-05 Matteo Corti - * check_ssl_cert (check_attr): do not wait if SSL Labs is giving an error + * check_ssl_cert (check_attr): do not wait if SSL Labs is giving an error 2021-04-30 Matteo Corti - * Makefile: avoid putting extended attribute files in the archives + * Makefile: avoid putting extended attribute files in the archives 2021-04-29 Matteo Corti - * check_ssl_cert (check_attr): Do not remove parenthesis from URI + * check_ssl_cert (check_attr): Do not remove parenthesis from URI 2021-04-29 Claus-Theodor Riegg (https://github.com/ctriegg-mak) - * check_ssl_cert: match underscores in subdomains when matching name to wildcard certs + * check_ssl_cert: match underscores in subdomains when matching name to wildcard certs 2021-04-28 Matteo Corti - * check_ssl_cert (check_attr): adds and option to remove performance data + * check_ssl_cert (check_attr): adds and option to remove performance data 2021-04-23 Matteo Corti - * check_ssl_cert (fetch_certificate): Better handling of timeouts + * check_ssl_cert (fetch_certificate): Better handling of timeouts 2021-04-12 Matteo Corti - * check_ssl_cert (critical): Fixed the output when the CN is not available + * check_ssl_cert (critical): Fixed the output when the CN is not available 2021-04-07 Matteo Corti - * check_ssl_cert (main): adding -starttls to the renegotiation check if needed + * check_ssl_cert (main): adding -starttls to the renegotiation check if needed 2021-04-01 Matteo Corti - * check_ssl_cert: The host name must now always match with the certificate - * check_ssl_cert: (fetch_certificate): Fixed the errors messages (and added a new one for missing STARTTLS) + * check_ssl_cert: The host name must now always match with the certificate + * check_ssl_cert: (fetch_certificate): Fixed the errors messages (and added a new one for missing STARTTLS) 2021-03-31 Matteo Corti - * check_ssl_cert (main): Added the --resolve option + * check_ssl_cert (main): Added the --resolve option 2021-03-29 Matteo Corti - * check_ssl_cert: All the verbose messages are not beginning with a lowercase letter - * check_ssl_cert: Added the possibility to have different verbose and debug levels - * check_ssl_cert: Cleaner verbose output - * check_ssl_cert: Short options can now be grouped + * check_ssl_cert: All the verbose messages are not beginning with a lowercase letter + * check_ssl_cert: Added the possibility to have different verbose and debug levels + * check_ssl_cert: Cleaner verbose output + * check_ssl_cert: Short options can now be grouped 2021-03-25 Matteo Corti - * check_ssl_cert (fetch_certificate): Better error handling in case a TLS connection is not possible + * check_ssl_cert (fetch_certificate): Better error handling in case a TLS connection is not possible 2021-03-22 Matteo Corti - * check_ssl_cert (usage): adds a --all option to allow all the optional checks at the maximum level + * check_ssl_cert (usage): adds a --all option to allow all the optional checks at the maximum level 2021-03-22 Matteo Corti - * check_ssl_cert (fetch_certificate): detecting a timeout on the OpenSSL level + * check_ssl_cert (fetch_certificate): detecting a timeout on the OpenSSL level 2021-03-15 Matteo Corti - * check_ssl_cert (openssl_version): works on systems which add a string to the OpenSSL version output (+ several fixes) + * check_ssl_cert (openssl_version): works on systems which add a string to the OpenSSL version output (+ several fixes) 2021-03-14 Matteo Corti - * check_ssl_cert (openssl_version): added a function to compare OpenSSL versions. Getting rid of the man dependency + * check_ssl_cert (openssl_version): added a function to compare OpenSSL versions. Getting rid of the man dependency 2021-03-12 Matteo Corti - * check_ssl_cert (exec_with_timeout): fixing timeout on systems using 'timeout' + * check_ssl_cert (exec_with_timeout): fixing timeout on systems using 'timeout' 2021-03-12 Matteo Corti - * check_ssl_cert (exec_with_timeout): reducing the total timeout by each execution - * check_ssl_cert (check_attr): check chiphers with nmap + * check_ssl_cert (exec_with_timeout): reducing the total timeout by each execution + * check_ssl_cert (check_attr): check ciphers with nmap - * check_ssl_cert (check_ocsp): looping over all the supplied URIs + * check_ssl_cert (check_ocsp): looping over all the supplied URIs 2021-03-11 Matteo Corti - * check_ssl_cert (check_attr): Setting GZIP to quiet (-q) before using man + * check_ssl_cert (check_attr): Setting GZIP to quiet (-q) before using man 2021-03-10 Matteo Corti - * check_ssl_cert (main): Improved renegotiation testing - * check_ssl_cert (fetch_certificate): Added --password to specify a password source for PCKS12 certificates + * check_ssl_cert (main): Improved renegotiation testing + * check_ssl_cert (fetch_certificate): Added --password to specify a password source for PCKS12 certificates 2021-03-09 Matteo Corti - * check_ssl_cert (main): Added missing processing of the --inetproto option - * check_ssl_cert (main): Added a sanity check for the protocol support of s_client - * check_ssl_cert (check_ocsp): skipping empty certificates - * check_ssl_cert (fetch_certificate): supporting local files in PKCS #12 and DER formats - * check_ssl_cert (main): Using grep -F when possible + * check_ssl_cert (main): Added missing processing of the --inetproto option + * check_ssl_cert (main): Added a sanity check for the protocol support of s_client + * check_ssl_cert (check_ocsp): skipping empty certificates + * check_ssl_cert (fetch_certificate): supporting local files in PKCS #12 and DER formats + * check_ssl_cert (main): Using grep -F when possible 2021-02-28 Matteo Corti - * check_ssl_cert (check_attr): Do not check SCTs if the certificate is self signed + * check_ssl_cert (check_attr): Do not check SCTs if the certificate is self signed 2021-02-25 Matteo Corti - * check_ssl_cert (check_attr): fixed the SCT check + * check_ssl_cert (check_attr): fixed the SCT check 2021-02-24 Matteo Corti - * check_ssl_cert (main): Check for TLS renegotiation + * check_ssl_cert (main): Check for TLS renegotiation 2021-02-19 Matteo Corti - * check_ssl_cert (main): Do not reset $OPENSSL so that a different + * check_ssl_cert (main): Do not reset $OPENSSL so that a different OpenSSL version can be specified with the environment variable 2021-02-17 Robin Pronk - * check_ssl_cert: Make HTTP request url configurable (default stays /) + * check_ssl_cert: Make HTTP request URL configurable (default stays /) 2021-02-05 Matteo Corti - * check_ssl_cert (main): Adds a check for grep (to check if basic utilities are in the PATH) + * check_ssl_cert (main): Adds a check for grep (to check if basic utilities are in the PATH) 2021-01-28 Matteo Corti - * check_ssl_cert (check_attr): Checks for signed certificate timestamps (SCTs) - * check_ssl_cert (fetch_certificate): Better error catching for s_client errors + * check_ssl_cert (check_attr): Checks for signed certificate timestamps (SCTs) + * check_ssl_cert (fetch_certificate): Better error catching for s_client errors 2021-01-26 Matteo Corti - * check_ssl_cert (hours_until): Warning about BusyBox date dropping the time zone + * check_ssl_cert (hours_until): Warning about BusyBox date dropping the time zone 2021-01-26 Matteo Corti - * check_ssl_cert: added --date to specify the date binary - * check_ssl_cert (hours_until): support for BusyBox date + * check_ssl_cert: added --date to specify the date binary + * check_ssl_cert (hours_until): support for BusyBox date 2021-01-25 Matteo Corti - * check_ssl_cert (exec_with_timeout): Better handling of wait and kill output + * check_ssl_cert (exec_with_timeout): Better handling of wait and kill output 2021-01-18 Matteo Corti - * check_ssl_cert (exec_with_timeout): Execute timeout in the background so that it can handle signals - * check_ssl_cert (fetch_certificate): Better error message for DH with a too small key and handshake failure - * check_ssl_cert (check_crl): Checks revokation via CRL + * check_ssl_cert (exec_with_timeout): Execute timeout in the background so that it can handle signals + * check_ssl_cert (fetch_certificate): Better error message for DH with a too small key and handshake failure + * check_ssl_cert (check_crl): Checks revocation via CRL 2021-01-15 Matteo Corti - * check_ssl_cert (check_ocsp): OCSP check on all the chain elements + * check_ssl_cert (check_ocsp): OCSP check on all the chain elements 2021-01-14 Matteo Corti - * check_ssl_cert (check_attr): retries when SSL Labs is running at full capacity + * check_ssl_cert (check_attr): retries when SSL Labs is running at full capacity 2020-12-23 Matteo Corti - * check_ssl_cert (main): - instead of _ to separate words in the command line options + * check_ssl_cert (main): - instead of _ to separate words in the command line options 2020-12-22 Matteo Corti - * check_ssl_cert (main): added the --no-proxy option + * check_ssl_cert (main): added the --no-proxy option 2020-12-21 Matteo Corti - * check_ssl_cert (main): added a sanity check for the -f option - * check_ssl_cert (main): better handling of certificates without CN + * check_ssl_cert (main): added a sanity check for the -f option + * check_ssl_cert (main): better handling of certificates without CN 2020-12-16 Matteo Corti - * check_ssl_cert (main): fixed the regex for the proxy cleanup for s_client + * check_ssl_cert (main): fixed the regex for the proxy cleanup for s_client 2020-12-15 Matteo Corti - * check_ssl_cert (require_s_client_option): Checks if s_client supports the -no_ssl[23] options - * check_ssl_cert (main): Better filtering of the nmap output + * check_ssl_cert (require_s_client_option): Checks if s_client supports the -no_ssl[23] options + * check_ssl_cert (main): Better filtering of the nmap output 2020-12-11 Matteo Corti - * check_ssl_cert: Corrected the handling of the issuer URI + * check_ssl_cert: Corrected the handling of the issuer URI 2020-12-01 Matteo Corti - * check_ssl_cert: Correct handling of -proxy by s_client and --proxy by cURL + * check_ssl_cert: Correct handling of -proxy by s_client and --proxy by curl 2020-11-30 Matteo Corti - * check_ssl_cert (create_temporary_file): bug fix: temp directory not used - * check_ssl_cert: patch for the --element option - * check_ssl_cert: bug fix: force -4 or -6 with cURL when specified + * check_ssl_cert (create_temporary_file): bug fix: temp directory not used + * check_ssl_cert: patch for the --element option + * check_ssl_cert: bug fix: force -4 or -6 with curl when specified 2020-08-07 Matteo Corti - * check_ssl_cert: Fixed a bug with the output of --version + * check_ssl_cert: Fixed a bug with the output of --version 2020-07-24 Matteo Corti - * check_ssl_cert (check_attr): Fixed a bug in the output with --not-issued-by + * check_ssl_cert (check_attr): Fixed a bug in the output with --not-issued-by 2020-07-02 Matteo Corti - * check_ssl_cert (fetch_certificate): MySQL support + * check_ssl_cert (fetch_certificate): MySQL support 2020-07-01 Matteo Corti - * check_ssl_cert: Adding support for better file(1) certificate parsing + * check_ssl_cert: Adding support for better file(1) certificate parsing 2020-06-12 Matteo Corti - * check_ssl_cert (main): Fixed a problem on BSD in the processing of the issuers - * check_ssl_cert (debuglog): [DBG] prefix for all the lines + * check_ssl_cert (main): Fixed a problem on BSD in the processing of the issuers + * check_ssl_cert (debuglog): [DBG] prefix for all the lines 2020-06-09 Matteo Corti - * check_ssl_cert: fixed a bug in the output (expiration date of chain elements) + * check_ssl_cert: fixed a bug in the output (expiration date of chain elements) 2020-06-05 Matteo Corti - * check_ssl_cert (fetch_certificate): support for s_client -proxy option + * check_ssl_cert (fetch_certificate): support for s_client -proxy option 2020-06-04 Matteo Corti - * check_ssl_cert: Processes all the certificates in the chain - * check_ssl_cert: New option to check that the issuer does not match a given pattern + * check_ssl_cert: Processes all the certificates in the chain + * check_ssl_cert: New option to check that the issuer does not match a given pattern 2020-05-18 Matteo Corti - * check_ssl_cert: Propagates the -6 switch to nmap + * check_ssl_cert: Propagates the -6 switch to nmap 2020-03-26 Matteo Corti - * check_ssl_cert (main): show command line arguments in debug mode + * check_ssl_cert (main): show command line arguments in debug mode 2020-03-09 Matteo Corti - * check_ssl_cert (check_attr): new option (--not-valid-longer-than) to check if a certificate is valid longer than the specified number of days + * check_ssl_cert (check_attr): new option (--not-valid-longer-than) to check if a certificate is valid longer than the specified number of days 2020-02-17 Matteo Corti - * check_ssl_cert (fetch_certificate): added support for xmpp-server in the STARTTLS negotiation + * check_ssl_cert (fetch_certificate): added support for xmpp-server in the STARTTLS negotiation 2020-01-07 Matteo Corti - * check_ssl_cert (fetch_certificate): option to force HTTP/2 + * check_ssl_cert (fetch_certificate): option to force HTTP/2 2019-12-23 Matteo Corti - * check_ssl_cert (fetch_certificate): better error message in case of connection refused + * check_ssl_cert (fetch_certificate): better error message in case of connection refused 2019-12-20 Matteo Corti - * check_ssl_cert: better error message in case of an invalid host + * check_ssl_cert: better error message in case of an invalid host 2019-11-04 Matteo Corti - * check_ssl_cert (fetch_certificate): fixed a bug in the SMTP connection (using s_client -name) - * check_ssl_cert (main): -name only used with OpenSSL versions which supports it + * check_ssl_cert (fetch_certificate): fixed a bug in the SMTP connection (using s_client -name) + * check_ssl_cert (main): -name only used with OpenSSL versions which supports it 2019-10-31 Matteo Corti - * check_ssl_cert (exec_with_timeout): the return value of the command is no more ignored from expect + * check_ssl_cert (exec_with_timeout): the return value of the command is no more ignored from expect 2019-10-29 Matteo Corti - * check_ssl_cert: Merged a patch fixing a copy and paste error with sieve + * check_ssl_cert: Merged a patch fixing a copy and paste error with sieve 2019-10-28 Matteo Corti - * check_ssl_cert (exec_with_timeout): Better handling of timeout return codes + * check_ssl_cert (exec_with_timeout): Better handling of timeout return codes 2019-10-28 Matteo Corti - * check_ssl_cert (main): Better error message for non matching DANE records - * check_ssl_cert (main): Default ports for other protocols + * check_ssl_cert (main): Better error message for non matching DANE records + * check_ssl_cert (main): Default ports for other protocols 2019-10-25 Matteo Corti - * check_ssl_cert (check_required_prog): fixed a couple of small issues and introduced a feature to specify the dig binary + * check_ssl_cert (check_required_prog): fixed a couple of small issues and introduced a feature to specify the dig binary 2019-10-22 Matteo Corti - * check_ssl_cert (main): Fixed a bug printing both a critical and a warning message when both condition match + * check_ssl_cert (main): Fixed a bug printing both a critical and a warning message when both condition match 2019-10-18 Matteo Corti - * check_ssl_cert (main): Fixed a bug ignoring --dane without parameters + * check_ssl_cert (main): Fixed a bug ignoring --dane without parameters 2019-10-16 Matteo Corti - * check_ssl_cert (main): Integrated the DANE checks + * check_ssl_cert (main): Integrated the DANE checks 2019-10-14 Matteo Corti - * check_ssl_cert (main): Remove RSA-PSS if not TLS 1.3 requested - * check_ssl_cert (check_attr): Write the OPSP issuer cert to the temporary directory + * check_ssl_cert (main): Remove RSA-PSS if not TLS 1.3 requested + * check_ssl_cert (check_attr): Write the OCSP issuer cert to the temporary directory 2019-10-10 Matteo Corti - * check_ssl_cert (main): do not disable TLS 1.3 if --rsa is specified + * check_ssl_cert (main): do not disable TLS 1.3 if --rsa is specified 2019-10-10 Matteo Corti - * check_ssl_cert (main): fixes the ciphers for --rsa and --ecdsa + * check_ssl_cert (main): fixes the ciphers for --rsa and --ecdsa 2019-10-10 Matteo Corti - * check_ssl_cert (check_attr): a wildcard certificate does not match the 'main' domain + * check_ssl_cert (check_attr): a wildcard certificate does not match the 'main' domain 2019-10-09 Matteo Corti - * check_ssl_cert: disables TLS 1.3 with --rsa - * check_ssl_cert: Validate OCSP stapling expiring date + * check_ssl_cert: disables TLS 1.3 with --rsa + * check_ssl_cert: Validate OCSP stapling expiring date 2019-09-26 Matteo Corti - * check_ssl_cert: stops if needed programs are not foud + * check_ssl_cert: stops if needed programs are not found 2019-09-24 Matteo Corti - * check_ssl_cert: Fixed a bug in the processing of the SSL Labs options - * check_ssl_cert: Fixed a bug with POP3S + * check_ssl_cert: Fixed a bug in the processing of the SSL Labs options + * check_ssl_cert: Fixed a bug with POP3S 2019-09-24 Matteo Corti - * check_ssl_cert: OCSP check does not trigger an additional s_client call + * check_ssl_cert: OCSP check does not trigger an additional s_client call 2019-09-19 Matteo Corti - * check_ssl_cert: Fixed a problem in the critical output + * check_ssl_cert: Fixed a problem in the critical output 2019-09-18 Matteo Corti - * check_ssl_cert: Consolidated the error messages in case of more than one error - * check_ssl_cert: Fixed a bug where the cypher was not forced by the OCSP checks + * check_ssl_cert: Consolidated the error messages in case of more than one error + * check_ssl_cert: Fixed a bug where the cipher was not forced by the OCSP checks 2019-08-09 Matteo Corti - * check_ssl_cert (ascii_grep): Removed NULL characters before 'grepping' a file - * check_ssl_cert (critical): Display the CN in a crical or warning message (if present) - * check_ssl_cert: merged patch to choose the IP protocol version + * check_ssl_cert (ascii_grep): Removed NULL characters before 'grepping' a file + * check_ssl_cert (critical): Display the CN in a critical or warning message (if present) + * check_ssl_cert: merged patch to choose the IP protocol version 2019-08-08 Matteo Corti - * check_ssl_cert: Applied patch to support LDAPS - * check_ssl_cert.1: Formatting and ordering + * check_ssl_cert: Applied patch to support LDAPS + * check_ssl_cert.1: Formatting and ordering 2019-07-26 Matteo Corti - * check_ssl_cert: Try to detect if LDAP is not supported + * check_ssl_cert: Try to detect if LDAP is not supported 2019-06-02 Matteo Corti - * check_ssl_cert: Return the filename when using --file by warnings + * check_ssl_cert: Return the filename when using --file by warnings 2019-03-28 Matteo Corti - * check_ssl_cert: added an option to specify a user agent for cURL + * check_ssl_cert: added an option to specify a user agent for curl 2019-02-27 Matteo Corti - * test/unit_tests.sh (testMultipleAltNamesFailTwo): removed outdated tests + * test/unit_tests.sh (testMultipleAltNamesFailTwo): removed outdated tests 2019-02-27 Matteo Corti - * check_ssl_cert: better error message in case of wrong intermediate certificate + * check_ssl_cert: better error message in case of wrong intermediate certificate 2019-02-19 Matteo Corti - * check_ssl_cert: Better error message in case of OCSP failure + * check_ssl_cert: Better error message in case of OCSP failure 2019-02-08 Matteo Corti - * check_ssl_cert: Check the readability of the certificate file + * check_ssl_cert: Check the readability of the certificate file 2019-02-01 Matteo Corti - * check_ssl_cert: applied patch for the SSLlabs warning + * check_ssl_cert: applied patch for the SSLlabs warning 2019-01-16 Matteo Corti - * check_ssl_cert: replaced echo -e with printf + * check_ssl_cert: replaced echo -e with printf 2018-12-24 Matteo Corti - * check_ssl_cert: Better output in case of errors while using SNI + * check_ssl_cert: Better output in case of errors while using SNI 2018-12-19 Matteo Corti - * check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S - * check_ssl_cert: Support for SNI and SSL Labs + * check_ssl_cert: Better help about IMAP IMAPS POP3 and POP3S + * check_ssl_cert: Support for SNI and SSL Labs 2018-12-11 Matteo Corti - * check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993 - * check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer + * check_ssl_cert: Differentiate IMAP with STARTTLS on port 143 and IMAPS on 993 + * check_ssl_cert: Fixed a vulnerability in the parsing of the certificate issuer 2018-11-07 Matteo Corti - * check_ssl_cert: Fixed a problem with IMAP on port 993 - * check_ssl_cert: fixed a problem with newlines in the HTTP request + * check_ssl_cert: Fixed a problem with IMAP on port 993 + * check_ssl_cert: fixed a problem with newlines in the HTTP request 2018-11-05 Matteo Corti - * check_ssl_cert: CA file and directory support + * check_ssl_cert: CA file and directory support 2018-10-19 Matteo Corti - * check_ssl_cert: Fixed the HTTP request string + * check_ssl_cert: Fixed the HTTP request string 2018-10-18 eimamagi - * check_ssl_cert: Allow to specify a client certificate key + * check_ssl_cert: Allow to specify a client certificate key 2018-10-15 Matteo Corti - * check_ssl_cert (exec_with_timeout): fixed the check on the the return value + * check_ssl_cert (exec_with_timeout): fixed the check on the the return value 2018-08-10 Matteo Corti - * check_ssl_cert: disabling OCSP checks if no OCSP host is found + * check_ssl_cert: disabling OCSP checks if no OCSP host is found 2018-07-20 Matteo Corti - * check_ssl_cert: Applied a patch from Markus Frosch to fix the cleanup of temporary files + * check_ssl_cert: Applied a patch from Markus Frosch to fix the cleanup of temporary files 2018-07-01 Matteo Corti - * check_ssl_cert: do not trap on EXIT - * check_ssl_cert: remove temporary file when no signals are trapped + * check_ssl_cert: do not trap on EXIT + * check_ssl_cert: remove temporary file when no signals are trapped 2018-06-28 Matteo Corti - * check_ssl_cert: fixed a bug in the deletion of temporary files when a signal is caught + * check_ssl_cert: fixed a bug in the deletion of temporary files when a signal is caught 2018-06-25 Matteo Corti - * check_ssl_cert: added a check to require OCSP stapling + * check_ssl_cert: added a check to require OCSP stapling 2018-04-29 Matteo Corti - * check_ssl_cert: Remooved the SNI name check patch (see #78) + * check_ssl_cert: Removed the SNI name check patch (see #78) 2018-04-19 Matteo Corti - * check_ssl_cert: Merged the SNI name check patch + * check_ssl_cert: Merged the SNI name check patch 2018-04-17 Matteo Corti - * check_ssl_cert: Merged the --terse patch, added performance data to the terse output and reordered the help + * check_ssl_cert: Merged the --terse patch, added performance data to the terse output and reordered the help 2018-04-12 Matteo Corti - * Makefile: Checks if the copyright year is correct. make test is now dependent on make dist + * Makefile: Checks if the copyright year is correct. make test is now dependent on make dist 2018-04-06 Matteo Corti - * check_ssl_cert: Added UTF8 output + * check_ssl_cert: Added UTF8 output 2018-04-05 Matteo Corti - * check_ssl_cert: Added debugging output for cURL + * check_ssl_cert: Added debugging output for curl 2018-03-29 Matteo Corti - * check_ssl_cert: Fixed a bug introduced in the last verstion + * check_ssl_cert: Fixed a bug introduced in the last version 2018-03-28 Matteo Corti - * check_ssl_cert: Removed cURL dependency when not checking SSL Labs + * check_ssl_cert: Removed curl dependency when not checking SSL Labs 2018-03-17 Matteo Corti - * check_ssl_cert: Added support for TLS 1.3 + * check_ssl_cert: Added support for TLS 1.3 2018-03-06 Matteo Corti - * check_ssl_cert: Fixed OCSP check with LibreSSL - * check_ssl_cert: Lists the number or default root certificates in debug mode + * check_ssl_cert: Fixed OCSP check with LibreSSL + * check_ssl_cert: Lists the number or default root certificates in debug mode 2018-01-19 Matteo Corti - * check_ssl_cert: Fixed a bug processing more than one OCSP host + * check_ssl_cert: Fixed a bug processing more than one OCSP host 2017-12-15 Matteo Corti - * check_ssl_cert: Fixed a bug in the specification of the xmpphost parameter + * check_ssl_cert: Fixed a bug in the specification of the xmpphost parameter 2017-12-14 Matteo Corti - * check_ssl_cert: Added an option to specify the 'to' attribute of the XMPP stream element + * check_ssl_cert: Added an option to specify the 'to' attribute of the XMPP stream element 2017-11-29 Wim van Ravesteijn https://github.com/wimvr - * check_ssl_cert: Support for DER encoded CRL files + * check_ssl_cert: Support for DER encoded CRL files 2017-11-28 Georg https://github.com/gbotti - * check_ssl_cert: added --fingerprint to check the SHA1 fingerprint of the certificate + * check_ssl_cert: added --fingerprint to check the SHA1 fingerprint of the certificate 2017-11-17 Matteo Corti - * check_ssl_cert (fetch_certificate): adding support for -xmpphost if available + * check_ssl_cert (fetch_certificate): adding support for -xmpphost if available 2017-11-16 Matteo Corti - * check_ssl_cert (fetch_certificate): fixing XMPP support + * check_ssl_cert (fetch_certificate): fixing XMPP support 2017-11-16 - * check_ssl_cert (fetch_certificate): adding support for IPv6 addresses + * check_ssl_cert (fetch_certificate): adding support for IPv6 addresses 2017-09-18 Bernd Stroessenreuther - * check_ssl_cert: with -f option you now can also pass a certificate revocation list (CRL) to check its validity period + * check_ssl_cert: with -f option you now can also pass a certificate revocation list (CRL) to check its validity period 2017-09-10 Matteo Corti - * check_ssl_cert: OCSP check is now terminated by a timeout + * check_ssl_cert: OCSP check is now terminated by a timeout 2017-09-09 Matteo Corti - * check_ssl_cert: The SAN requirement is now optional + * check_ssl_cert: The SAN requirement is now optional 2017-07-28 Matteo Corti - * check_ssl_cert: Use openssl s_client's -help option to test for SNI support (thanks to d7415) + * check_ssl_cert: Use openssl s_client's -help option to test for SNI support (thanks to d7415) 2017-07-24 Matteo Corti - * check_ssl_cert: Fix in the Common Name parsing + * check_ssl_cert: Fix in the Common Name parsing 2017-06-23 Matteo Corti - * check_ssl_cert: Checks for missing subjectAlternativeName extension + * check_ssl_cert: Checks for missing subjectAlternativeName extension 2017-06-15 Matteo Corti - * check_ssl_cert: Do not try to check OCSP if the protocol is not HTTP or HTTPS + * check_ssl_cert: Do not try to check OCSP if the protocol is not HTTP or HTTPS 2017-05-15 Matteo Corti - * check_ssl_cert: Fixed a problem with the detection of OCSP URLs + * check_ssl_cert: Fixed a problem with the detection of OCSP URLs 2017-05-02 Matteo Corti - * check_ssl_cert: Added --location to curl to follow redirects - * check_ssl_cert: Fixed the indentation of EOF in the embedded Perl script + * check_ssl_cert: Added --location to curl to follow redirects + * check_ssl_cert: Fixed the indentation of EOF in the embedded Perl script * check_ssl_cert: Added --force-date-perl to force the usage of Perl for date computations and a test to be sure no errors in Perl are left undetected 2017-04-28 Matteo Corti - * check_ssl_cert: Fixed a bug occurring when more than one issuNer URI is present + * check_ssl_cert: Fixed a bug occurring when more than one issuer URI is present 2017-03-07 Matteo Corti - * check_ssl_cert: Added LDAP support + * check_ssl_cert: Added LDAP support 2017-03-01 Matteo Corti - * check_ssl_cert: By errors it makes more sense to show the supplied host instead of the CN + * check_ssl_cert: By errors it makes more sense to show the supplied host instead of the CN 2017-02-16 Matteo Corti - * check_ssl_cert: Support for newer OpenSSL versions (1.1) + * check_ssl_cert: Support for newer OpenSSL versions (1.1) 2017-02-10 Matteo Corti - * check_ssl_cert: Added the --sni option + * check_ssl_cert: Added the --sni option 2017-02-08 Matteo Corti - * check_ssl_cert: Patch from Pavel Rochnyak: Changed the CN output when --altnames is used + * check_ssl_cert: Patch from Pavel Rochnyak: Changed the CN output when --altnames is used 2017-02-02 Matteo Corti - * check_ssl_cert: Fixed the command line argument parsing - * check_ssl_cert: Fixed -servername + * check_ssl_cert: Fixed the command line argument parsing + * check_ssl_cert: Fixed -servername 2017-01-29 Matteo Corti - * check_ssl_cert: Added patches from Pavel Rochnyak for the issuer certificate cache patch - and the wildcard support in alternative names + * check_ssl_cert: Added patches from Pavel Rochnyak for the issuer certificate cache patch + and the wildcard support in alternative names 2016-12-23 Matteo Corti - * check_ssl_cert: Added patch to specify multiple CNs (see https://github.com/matteocorti/check_ssl_cert/pull/35) + * check_ssl_cert: Added patch to specify multiple CNs (see https://github.com/matteocorti/check_ssl_cert/pull/35) 2016-12-13 Matteo Corti - * check_ssl_cert: fixed a minor problem with --debug + * check_ssl_cert: fixed a minor problem with --debug 2016-12-06 Matteo Corti - * check_ssl_cert: fixed a problem when specifying a CN beginnging with * + * check_ssl_cert: fixed a problem when specifying a CN beginning with * 2016-12-04 Matteo Corti - * check_ssl_cert: fixed problem when file is returning PEM certificate on newer Linux distributions + * check_ssl_cert: fixed problem when file is returning PEM certificate on newer Linux distributions 2016-09-19 Matteo Corti - * check_ssl_cert: enabling proxy support in the OCSP check (thanks to Leynos) + * check_ssl_cert: enabling proxy support in the OCSP check (thanks to Leynos) 2016-08-04 Matteo Corti - * check_ssl_cert: disabling OCSP checks when no issuer URI is found + * check_ssl_cert: disabling OCSP checks when no issuer URI is found 2016-07-29 Matteo Corti - * check_ssl_cert: fixed case insensitive comparison of CNs + * check_ssl_cert: fixed case insensitive comparison of CNs 2016-07-29 https://github.com/bb-Ricardo - * check_ssl_cert: calculate expiration primary with date + * check_ssl_cert: calculate expiration primary with date 2016-07-12 Matteo Corti - * check_ssl_cert: fixed the parsing of the CN field + * check_ssl_cert: fixed the parsing of the CN field 2016-06-25 Matteo Corti - * check_ssl_cert: fixed OSCP header on old OpenSSL versions + * check_ssl_cert: fixed OCSP header on old OpenSSL versions 2016-06-24 Matteo Corti - * check_ssl_cert: OCSP is now default + * check_ssl_cert: OCSP is now default - * check_ssl_certe: Fixed OCSP host + * check_ssl_certe: Fixed OCSP host 2016-06-15 Matteo Corti - * check_ssl_cert: Better curl error handling + * check_ssl_cert: Better curl error handling 2016-06-10 Matteo Corti - * check_ssl_cert: Added an option to clear the cached result at SSLLabs + * check_ssl_cert: Added an option to clear the cached result at SSLLabs 2016-06-01 juckerf (https://github.com/juckerf) - * check_ssl_cert: Increase control over which SSL/TLS versions to use + * check_ssl_cert: Increase control over which SSL/TLS versions to use 2016-05-17 Matteo Corti - * check_ssl_cert: added more debugging info (-v is automatic if -d is spefied, system info and cert written to a file) + * check_ssl_cert: added more debugging info (-v is automatic if -d is specified, system info and cert written to a file) 2016-04-27 Matteo Corti - * check_ssl_cert: Fixes a bug in the OpenSSL error parsing + * check_ssl_cert: Fixes a bug in the OpenSSL error parsing 2016-04-05 Matteo Corti - * check_ssl_cert: In case of an s_client error does not output the full (ugly) error. The error is shown in verbose mode + * check_ssl_cert: In case of an s_client error does not output the full (ugly) error. The error is shown in verbose mode 2016-03-29 Sergei Shmanko - * check_ssl_cert: Fix wildcard match regex, add additional unit tests + * check_ssl_cert: Fix wildcard match regex, add additional unit tests 2016-03-21 Matteo Corti - * check_ssl_cert (exec_with_timeout): issues a critical status - when using the 'timout' utility + * check_ssl_cert (exec_with_timeout): issues a critical status + when using the 'timeout' utility 2016-03-19 Matteo Corti - * check_ssl_cert: fixed CN parsing on non-GNU systems + * check_ssl_cert: fixed CN parsing on non-GNU systems 2016-03-19 Sergei https://github.com/sshmanko - * check_ssl_cert: handle wildcard certificates + * check_ssl_cert: handle wildcard certificates 2016-03-10 Matteo Corti - * check_ssl_cert (check_attr): Better handling of verification errors + * check_ssl_cert (check_attr): Better handling of verification errors 2016-03-09 Matteo Corti - * check_ssl_cert (convert_ssl_lab_grade): accepts lowercase letters for SSL Labs grades - * check_ssl_cert (check_attr): waits for SSL Labs results + * check_ssl_cert (convert_ssl_lab_grade): accepts lowercase letters for SSL Labs grades + * check_ssl_cert (check_attr): waits for SSL Labs results 2016-03-08 Matteo Corti - * check_ssl_cert: Tries to extract an error message from SSL Labs - if no status is returned + * check_ssl_cert: Tries to extract an error message from SSL Labs + if no status is returned 2016-03-07 Sam Richards - * check_ssl_cert: Support SNI even when we don't want to check cn + * check_ssl_cert: Support SNI even when we don't want to check cn 2016-03-07 Matteo Corti - * check_ssl_cert: DNS errors by SSL Labs are ignored (as they are just - a sign that the result is not cached) + * check_ssl_cert: DNS errors by SSL Labs are ignored (as they are just + a sign that the result is not cached) 2016-03-03 Matteo Corti - * check_ssl_cert: Initial support for SSL Labs checks + * check_ssl_cert: Initial support for SSL Labs checks 2016-03-01 Matteo Corti - * check_ssl_cert: Fixed a bug which prevented the check on the expiration + * check_ssl_cert: Fixed a bug which prevented the check on the expiration 2015-10-31 Matteo Corti - * check_ssl_cert: added a patch to check the certificate's serial number - (thanks to Milan Koudelka) + * check_ssl_cert: added a patch to check the certificate's serial number + (thanks to Milan Koudelka) 2015-10-20 Matteo Corti - * check_ssl_cert: fixex a problem with OCSP paths w/o URLs + * check_ssl_cert: fixed a problem with OCSP paths w/o URLs 2015-04-07 Matteo Corti - * check_ssl_cert: corrected some typos (thanks to Jérémy Lecour) - * check_ssl_cert: removed check on the openssl binary name + * check_ssl_cert: corrected some typos (thanks to Jérémy Lecour) + * check_ssl_cert: removed check on the openssl binary name 2014-10-21 Matteo Corti - * check_ssl_cert: added a patch to check revocation via OCSP (thanks - to Ryan Nowakowski) + * check_ssl_cert: added a patch to check revocation via OCSP (thanks + to Ryan Nowakowski) 2014-02-28 Matteo Corti - * Makefile: added a target to build an rpm + * Makefile: added a target to build an rpm 2013-12-23 Matteo Corti - * check_ssl_cert: added the --tls1 option to force TLS 1 + * check_ssl_cert: added the --tls1 option to force TLS 1 2013-10-09 Matteo Corti - * check_ssl_cert: whole script reviewed with shellcheck + * check_ssl_cert: whole script reviewed with shellcheck 2013-10-01 Matteo Corti - * check_ssl_cert: fixes with shellcheck (quoting) + * check_ssl_cert: fixes with shellcheck (quoting) 2013-07-29 Matteo Corti - * check_ssl_cert: Added an option to force a given SSL version + * check_ssl_cert: Added an option to force a given SSL version 2013-03-02 Matteo Corti - * check_ssl_cert: Fixed a bug occurring with TLS and multiple names in + * check_ssl_cert: Fixed a bug occurring with TLS and multiple names in the certificate 2012-12-07 Matteo Corti - * check_ssl_cert: removed "test -a/-o" (test has an undefined + * check_ssl_cert: removed "test -a/-o" (test has an undefined behavior with more than 4 elements) - * check_ssl_cert: fixed #122 (-N was always comparing the CN with 'localhost') + * check_ssl_cert: fixed #122 (-N was always comparing the CN with 'localhost') 2012-11-16 Matteo Corti - * simplified the sourcing of the script file for testing + * simplified the sourcing of the script file for testing 2012-10-11 Matteo Corti - * added some unit tests with shUnit2 + * added some unit tests with shUnit2 2012-09-19 Matteo Corti - * check_ssl_cert: improved the "No certificate returned" error message + * check_ssl_cert: improved the "No certificate returned" error message 2012-07-13 Matteo Corti - * check_ssl_cert: added the number of days from or to expiration in the - plugin output + * check_ssl_cert: added the number of days from or to expiration in the + plugin output 2012-07-11 Matteo Corti - * check_ssl_cert: fixed a bug with Perl date computation on some systems + * check_ssl_cert: fixed a bug with Perl date computation on some systems 2012-07-06 Matteo Corti - * check_ssl_cert: performance data in days - * check_ssl_cert: long output (certificate attributes) + * check_ssl_cert: performance data in days + * check_ssl_cert: long output (certificate attributes) 2012-04-05 Matteo Corti - * check_ssl_cert: handle broken OpenSSL clients (-servername not working) + * check_ssl_cert: handle broken OpenSSL clients (-servername not working) 2012-04-04 Matteo Corti - * check_ssl_cert: removed an hard coded reference to the error number by the - SSL chain verification + * check_ssl_cert: removed an hard coded reference to the error number by the + SSL chain verification 2011-10-22 Matteo Corti - * check_ssl_cert: added a --altnames option to match the CN to alternative + * check_ssl_cert: added a --altnames option to match the CN to alternative names 2011-09-01 Matteo Corti - * check_ssl_cert: applied a patch from Sven Nierlein - (certificate authentication) + * check_ssl_cert: applied a patch from Sven Nierlein + (certificate authentication) 2011-03-10 Matteo Corti - * check_ssl_cert: allows http to specified as protocol - (thanks to Raphael Thoma) - * check_ssl_cert: fixes the -N check for certs with wildcards - (thanks to Raphael Thoma) + * check_ssl_cert: allows http to specified as protocol + (thanks to Raphael Thoma) + * check_ssl_cert: fixes the -N check for certs with wildcards + (thanks to Raphael Thoma) 2011-01-24 Matteo Corti - * check_ssl_cert: added an option to specify the openssl executable + * check_ssl_cert: added an option to specify the openssl executable 2010-12-16 Dan Wallis - * check_ssl_cert: Sets $VERBOSE to avoid using value supplied by Nagios - * check_ssl_cert: Quotes regular expression for grep to avoid shell globbing + * check_ssl_cert: Sets $VERBOSE to avoid using value supplied by Nagios + * check_ssl_cert: Quotes regular expression for grep to avoid shell globbing 2010-12-09 Matteo Corti - * check_ssl_cert.spec: standardized the RPM package name + * check_ssl_cert.spec: standardized the RPM package name - * check_ssl_cert: added support for the TLS servername extension + * check_ssl_cert: added support for the TLS servername extension (thanks to Matthias Fuhrmeister) 2010-11-02 Matteo Corti - * INSTALL: specifies that expect is needed for timeouts + * INSTALL: specifies that expect is needed for timeouts 2010-10-29 Matteo Corti - * README: specifies that expect is needed for timeouts + * README: specifies that expect is needed for timeouts 2010-10-28 Matteo Corti - * check_ssl_cert: trap on more signals (thanks to Lawren Quigley-Jones) + * check_ssl_cert: trap on more signals (thanks to Lawren Quigley-Jones) 2010-10-14 Matteo Corti - * check_ssl_cert: added a patch from Yannick Gravel putting the + * check_ssl_cert: added a patch from Yannick Gravel putting the chain verification at the end of the tests 2010-10-01 Matteo Corti - * check_ssl_cert: added a patch from Lawren Quigley-Jones which + * check_ssl_cert: added a patch from Lawren Quigley-Jones which implements a new command line argument (-A) to disable the certificate chain check 2010-09-15 Matteo Corti - * check_ssl_cert: fixed option processing (bug #78) + * check_ssl_cert: fixed option processing (bug #78) 2010-08-26 Dan Wallis - * check_ssl_cert: overloads --rootcert for use with directories as + * check_ssl_cert: overloads --rootcert for use with directories as well as files (-CApath versus -CAfile) 2010-07-21 Matteo Corti - * check_ssl_cert: added a patch from Marc Fournier to check the creation of the temporary files - * check_ssl_cert: added the --temp option to specify where to store the temporary files + * check_ssl_cert: added a patch from Marc Fournier to check the creation of the temporary files + * check_ssl_cert: added the --temp option to specify where to store the temporary files 2010-07-10 Matteo Corti - * check_ssl_cert: improved the error messages - * check_ssl_cert: checks for certificates without email addresses (if -e is specified) + * check_ssl_cert: improved the error messages + * check_ssl_cert: checks for certificates without email addresses (if -e is specified) 2010-07-09 Matteo Corti - * check_ssl_cert: added a "long" version for all the command line options - * check_ssl_cert: added a critical and warning option for the certificate validity (in days) - * check_ssl_cert: the plugin always issues a critical warning if the certificate is expired - * check_ssl_cert: added a man page + * check_ssl_cert: added a "long" version for all the command line options + * check_ssl_cert: added a critical and warning option for the certificate validity (in days) + * check_ssl_cert: the plugin always issues a critical warning if the certificate is expired + * check_ssl_cert: added a man page 2010-07-07 Matteo Corti - * check_ssl_cert: [Wolfgang Schricker patch] Add -f to check local files + * check_ssl_cert: [Wolfgang Schricker patch] Add -f to check local files 2010-07-01 Matteo Corti - * check_ssl_cert: [Yannick Gravel patch] Restore displaying the CN in every messages: - a previous patch changed something and only - critical were adjusted. - * check_ssl_cert: [Yannick Gravel patch] Adjust what is displayed after the from in - the OK message to display the matched ISSUER - (CN or O). + * check_ssl_cert: [Yannick Gravel patch] Restore displaying the CN in every messages: + a previous patch changed something and only + critical were adjusted. + * check_ssl_cert: [Yannick Gravel patch] Adjust what is displayed after the from in + the OK message to display the matched ISSUER + (CN or O). 2010-06-08 Matteo Corti - * check_ssl_cert: added the -s option to allow self signed certificates + * check_ssl_cert: added the -s option to allow self signed certificates 2010-03-11 Matteo Corti - * check_ssl_cert: fixed the == bashism + * check_ssl_cert: fixed the == bashism 2010-03-08 Matteo Corti - * check_ssl_cert: applied patch from Marcus RejÃ¥s with the -n and -N options + * check_ssl_cert: applied patch from Marcus RejÃ¥s with the -n and -N options 2009-12-02 Matteo Corti - * check_ssl_cert: check if the issuer matches the O= or the CN= field of the Root Cert + * check_ssl_cert: check if the issuer matches the O= or the CN= field of the Root Cert 2009-11-30 Matteo Corti - * check_ssl_cert: cleaned up error messages if the CN is not yet known - * check_ssl_cert: added certificate chain verification - * check_ssl_cert: allow backslashes escaped in the error messages (e.g., for \n used by Nagios 3) - * check_ssl_cert: -r can be used to specify a root certificate to be used for the verification + * check_ssl_cert: cleaned up error messages if the CN is not yet known + * check_ssl_cert: added certificate chain verification + * check_ssl_cert: allow backslashes escaped in the error messages (e.g., for \n used by Nagios 3) + * check_ssl_cert: -r can be used to specify a root certificate to be used for the verification 2009-03-31 Matteo Corti - * check_ssl_cert: standard timeout of 15 seconds (can be set with the -t option) + * check_ssl_cert: standard timeout of 15 seconds (can be set with the -t option) 2009-03-30 Matteo Corti - * check_ssl_cert: -P option to specify the protocol + * check_ssl_cert: -P option to specify the protocol 2008-05-13 Matteo Corti - * check_ssl_cert: applied a patch from Dan Wallis to output the CN + * check_ssl_cert: applied a patch from Dan Wallis to output the CN in all the messages 2008-02-28 Matteo Corti - * check_ssl_cert: shortened the error message in case of no connection - (only the first line is reported) + * check_ssl_cert: shortened the error message in case of no connection + (only the first line is reported) 2008-02-25 Matteo Corti - * check_ssl_cert: [Dan Wallis patch] removed nmap dependency - * check_ssl_cert: [Dan Wallis patch] mktemp for the temporaries - * check_ssl_cert: [Dan Wallis patch] using trap to cleanup temporaries - * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup - * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup - * check_ssl_cert: [Dan Wallis patch] better handling of missing - certificate and non resolvable host - * check_ssl_cert: [Dan Wallis patch] stricter check for "notAfter" in the - certificate analysis + * check_ssl_cert: [Dan Wallis patch] removed nmap dependency + * check_ssl_cert: [Dan Wallis patch] mktemp for the temporaries + * check_ssl_cert: [Dan Wallis patch] using trap to cleanup temporaries + * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup + * check_ssl_cert: [Dan Wallis patch] POSIX compliance and cleanup + * check_ssl_cert: [Dan Wallis patch] better handling of missing + certificate and non resolvable host + * check_ssl_cert: [Dan Wallis patch] stricter check for "notAfter" in the + certificate analysis 2007-09-04 Matteo Corti - * check_ssl_cert: better error messages (both the actual and the - expected values are displayed) + * check_ssl_cert: better error messages (both the actual and the + expected values are displayed) 2007-08-31 Matteo Corti - * check_ssl_cert: new options to enforce email and - organization. Temporary files are now removed before termination + * check_ssl_cert: new options to enforce email and + organization. Temporary files are now removed before termination 2007-08-15 Matteo Corti - * check_ssl_cert: openssl s_client closes the connection cleanly + * check_ssl_cert: openssl s_client closes the connection cleanly 2007-08-10 Matteo Corti - * check_ssl_cert: initial release + * check_ssl_cert: initial release diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert 2021-12-17 14:47:25.000000000 +0000 @@ -19,7 +19,7 @@ ################################################################################ # Constants -VERSION=2.2.0 +VERSION=2.15.0 SHORTNAME="SSL_CERT" VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint," @@ -40,171 +40,283 @@ WARNING_MSG="" CRITICAL_MSG="" ALL_MSG="" +EARLIEST_VALIDITY_HOURS="" DEBUG=0 +DEBUG_FILE="" ################################################################################ # Functions ################################################################################ +# To set a variable with an HEREDOC in a POSIX compliant way +# see: https://unix.stackexchange.com/questions/340718/how-do-i-bring-heredoc-text-into-a-shell-script-variable +# Usage: +# set_variable variablename<<'HEREDOC' +# ... +# HEREDOC +set_variable() { + # shellcheck disable=SC2016 + eval "$1"'=$(cat)' +} + +################################################################################ # Prints usage information # Params # $1 error message (optional) usage() { - if [ -n "$1" ] ; then + if [ -n "$1" ]; then echo "Error: $1" 1>&2 fi - #### The following line is 80 characters long (helps to fit the help text in a standard terminal) - ######-------------------------------------------------------------------------------- - echo echo "Usage: check_ssl_cert -H host [OPTIONS]" + echo " check_ssl_cert -f file [OPTIONS]" echo echo "Arguments:" + echo " -f,--file file local file path (works with -H localhost" + echo " only) with -f you can not only pass a x509" + echo " certificate file but also a certificate" + echo " revocation list (CRL) to check the" + echo " validity period" echo " -H,--host host server" echo echo "Options:" - echo " -A,--noauth ignore authority warnings (expiration only)" - echo " --all enables all the possible optional checks at the maximum level" - echo " --check-ciphers grade checks the offered ciphers" - echo " --check-ciphers-warnings critical if nmap reports a warning for an offered cipher" + # Delimiter at 78 chars ############################################################ + echo " -A,--noauth ignore authority warnings (expiration" + echo " only)" + echo " --all enables all the possible optional checks" + echo " at the maximum level" + echo " --all-local enables all the possible optional checks" + echo " at the maximum level (without SSL-Labs)" + echo " --allow-empty-san allow certificates without Subject" + echo " Alternative Names (SANs)" + # Delimiter at 78 chars ############################################################ echo " -C,--clientcert path use client certificate to authenticate" + echo " -c,--critical days minimum number of days a certificate has" + echo " to be valid to issue a critical status." + echo " Can be a floating point number, e.g., 0.5" + echo " Default: ${CRITICAL_DAYS}" + echo " --check-ciphers grade checks the offered ciphers" + echo " --check-ciphers-warnings critical if nmap reports a warning for an" + echo " offered cipher" + echo " --check-ssl-labs-warn grade SSL Labs grade on which to warn" echo " --clientpass phrase set passphrase for client certificate." - echo " -c,--critical days minimum number of days a certificate has to" - echo " be valid to issue a critical status. Default: ${CRITICAL_DAYS}" - echo " --crl checks revokation via CRL (requires --rootcert-file)" + echo " --crl checks revocation via CRL (requires" + echo " --rootcert-file)" echo " --curl-bin path path of the curl binary to be used" - echo " --curl-user-agent string user agent that curl shall use to obtain the" - echo " issuer cert" - echo " --custom-http-header string custom HTTP header sent when getting the cert" - echo " example: 'X-Check-Ssl-Cert: Foobar=1'" - echo " --dane verify that valid DANE records exist (since OpenSSL 1.1.0)" - echo " --dane 211 verify that a valid DANE-TA(2) SPKI(1) SHA2-256(1) TLSA record exists" - echo " --dane 301 verify that a valid DANE-EE(3) Cert(0) SHA2-256(1) TLSA record exists" - echo " --dane 302 verify that a valid DANE-EE(3) Cert(0) SHA2-512(2) TLSA record exists" - echo " --dane 311 verify that a valid DANE-EE(3) SPKI(1) SHA2-256(1) TLSA record exists" + echo " --curl-user-agent string user agent that curl shall use to obtain" + echo " the issuer cert" + echo " --custom-http-header string custom HTTP header sent when getting the" + echo " cert example: 'X-Check-Ssl-Cert: Foobar=1'" + # Delimiter at 78 chars ############################################################ + echo " -d,--debug produces debugging output (can be" + echo " specified more than once)" + echo " --dane verify that valid DANE records exist" + echo " (since OpenSSL 1.1.0)" + echo " --dane 211 verify that a valid DANE-TA(2) SPKI(1)" + echo " SHA2-256(1) TLSA record exists" + echo " --dane 301 verify that a valid DANE-EE(3) Cert(0)" + echo " SHA2-256(1) TLSA record exists" + echo " --dane 302 verify that a valid DANE-EE(3) Cert(0)" + echo " SHA2-512(2) TLSA record exists" + echo " --dane 311 verify that a valid DANE-EE(3) SPKI(1)" + echo " SHA2-256(1) TLSA record exists" + echo " --dane 312 verify that a valid DANE-EE(3)" + echo " SPKI(1) SHA2-512(1) TLSA record exists" echo " --date path path of the date binary to be used" - echo " -d,--debug produces debugging output (can be specified more than once)" - echo " --debug-cert stores the retrieved certificates in the current directory" + echo " --debug-cert stores the retrieved certificates in the" + echo " current directory" + echo " --debug-file file writes the debug messages to file" + echo " --debug-time writes timing information in the" + echo " debugging output" echo " --dig-bin path path of the dig binary to be used" - echo " --ecdsa signature algorithm selection: force ECDSA certificate" - echo " --element number checks N cert element from the begining of the chain" - echo " -e,--email address pattern to match the email address contained" - echo " in the certificate" - echo " -f,--file file local file path (works with -H localhost only)" - echo " with -f you can not only pass a x509" - echo " certificate file but also a certificate" - echo " revocation list (CRL) to check the validity" - echo " period" + # Delimiter at 78 chars ############################################################ + echo " -e,--email address pattern to match the email address" + echo " contained in the certificate" + echo " --ecdsa signature algorithm selection: force ECDSA" + echo " certificate" + echo " --element number checks up to the N cert element from the" + echo " beginning of the chain" + # Delimiter at 78 chars ############################################################ echo " --file-bin path path of the file binary to be used" echo " --fingerprint SHA1 pattern to match the SHA1-Fingerprint" - echo " --first-element-only verify just the first cert element, not the whole chain" - echo " --force-perl-date force the usage of Perl for date computations" - echo " --format FORMAT format output template on success, for example" - echo " \"%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'\"" + echo " --first-element-only verify just the first cert element, not" + echo " the whole chain" + echo " --force-dconv-date force the usage of dconv for date" + echo " computations" + echo " --force-perl-date force the usage of Perl for date" + echo " computations" + echo " --format FORMAT format output template on success, for" + echo " example: %SHORTNAME% OK %CN% from" + echo " %CA_ISSUER_MATCHED%" + # Delimiter at 78 chars ############################################################ echo " -h,--help,-? this help message" - echo " --http-use-get use GET instead of HEAD (default) for the HTTP" - echo " related checks" - echo " --ignore-altnames ignores alternative names when matching pattern specified in -n (or the host name)" + echo " --http-use-get use GET instead of HEAD (default) for the" + echo " HTTP related checks" + # Delimiter at 78 chars ############################################################ + echo " -i,--issuer issuer pattern to match the issuer of the" + echo " certificate" + echo " --ignore-altnames ignores alternative names when matching" + echo " pattern specified in -n (or the host name)" + echo " --ignore-connection-problems [state] in case of connection problems" + echo " returns OK or the optional state" echo " --ignore-exp ignore expiration date" - echo " --ignore-host-cn do not complain if the CN does not match the host name" + echo " --ignore-host-cn do not complain if the CN does not match" + echo " the host name" + echo " --ignore-incomplete-chain does not check chain integrity" echo " --ignore-ocsp do not check revocation with OCSP" - echo " --ignore-ocsp-timeout ignore OCSP result when timeout occurs while checking" - echo " --ignore-sig-alg do not check if the certificate was signed with SHA1" - echo " or MD5" - echo " --ignore-sct do not check for signed certificate timestamps (SCT)" + echo " --ignore-ocsp-errors continue if the OCSP status cannot be" + echo " checked" + echo " --ignore-ocsp-timeout ignore OCSP result when timeout occurs" + echo " while checking" + echo " --ignore-sct do not check for signed certificate" + echo " timestamps (SCT)" + echo " --ignore-sig-alg do not check if the certificate was signed" + echo " with SHA1 or MD5" echo " --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L)" echo " --ignore-tls-renegotiation Ignores the TLS renegotiation check" echo " --inetproto protocol Force IP version 4 or 6" - echo " -i,--issuer issuer pattern to match the issuer of the certificate" - echo " --issuer-cert-cache dir directory where to store issuer certificates cache" + echo " --info Prints certificate information" + echo " --issuer-cert-cache dir directory where to store issuer" + echo " certificates cache" + # Delimiter at 78 chars ############################################################ echo " -K,--clientkey path use client certificate key to authenticate" - echo " -L,--check-ssl-labs grade SSL Labs assessment" - echo " (please check https://www.ssllabs.com/about/terms.html)" - echo " --check-ssl-labs-warn grade SSL-Labs grade on which to warn" - echo " --long-output list append the specified comma separated (no spaces) list" - echo " of attributes to the plugin output on additional lines" + # Delimiter at 78 chars ############################################################ + echo " -L,--check-ssl-labs grade SSL Labs assessment (please check " + echo " https://www.ssllabs.com/about/terms.html)" + echo " --long-output list append the specified comma separated (no" + echo " spaces) list of attributes to the plugin" + echo " output on additional lines" echo " Valid attributes are:" - echo " enddate, startdate, subject, issuer, modulus," - echo " serial, hash, email, ocsp_uri and fingerprint." - echo " 'all' will include all the available attributes." - echo " -n,--cn name pattern to match the CN of the certificate (can be" - echo " specified multiple times)" + echo " enddate, startdate, subject, issuer," + echo " modulus, serial, hash, email, ocsp_uri" + echo " and fingerprint." + echo " 'all' will include all the available" + echo " attributes." + # Delimiter at 78 chars ############################################################ + echo " -n,--cn name pattern to match the CN of the certificate" + echo " (can be specified multiple times)" echo " --nmap-bin path path of the nmap binary to be used" echo " --no-perf do not show performance data" - echo " --no-proxy ignores the http_proxy and https_proxy environment variables" + echo " --no-proxy ignores the http_proxy and https_proxy" + echo " environment variables" + echo " --no-proxy-curl ignores the http_proxy and https_proxy" + echo " environment variables for curl" + echo " --no-proxy-s_client ignores the http_proxy and https_proxy" + echo " environment variables for openssl s_client" echo " --no-ssl2 disable SSL version 2" echo " --no-ssl3 disable SSL version 3" echo " --no-tls1 disable TLS version 1" echo " --no-tls1_1 disable TLS version 1.1" echo " --no-tls1_2 disable TLS version 1.2" echo " --no-tls1_3 disable TLS version 1.3" - echo " --not-issued-by issuer check that the issuer of the certificate does not match" - echo " the given pattern" - echo " --not-valid-longer-than days critical if the certificate validity is longer than" - echo " the specified period" - echo " --ocsp-critical hours minimum number of hours an OCSP response has to be valid to" - echo " issue a critical status" - echo " --ocsp-warning hours minimum number of hours an OCSP response has to be valid to" - echo " issue a warning status" - echo " -o,--org org pattern to match the organization of the certificate" + echo " --not-issued-by issuer check that the issuer of the certificate" + echo " does not match the given pattern" + echo " --not-valid-longer-than days critical if the certificate validity is" + echo " longer than the specified period" + # Delimiter at 78 chars ############################################################ + echo " -o,--org org pattern to match the organization of the" + echo " certificate" + echo " --ocsp-critical hours minimum number of hours an OCSP response" + echo " has to be valid to issue a critical status" + echo " --ocsp-warning hours minimum number of hours an OCSP response" + echo " has to be valid to issue a warning status" echo " --openssl path path of the openssl binary to be used" - echo " --password source password source for a local certificate, see the PASS PHRASE ARGUMENTS section" - echo " openssl(1)" + # Delimiter at 78 chars ############################################################ echo " -p,--port port TCP port" - echo " -P,--protocol protocol use the specific protocol" - echo " {ftp|ftps|http|https|h2|imap|imaps|irc|ircs|ldap|ldaps|mysql|pop3|pop3s|" - echo " postgres|sieve|smtp|smtps|xmpp|xmpp-server}" - echo " https: default" - echo " h2: forces HTTP/2" - echo " ftp,imap,irc,ldap,pop3,postgres,sieve,smtp: switch to" - echo " TLS using StartTLS" - echo " --proxy proxy sets http_proxy and the s_client -proxy option" + echo " -P,--protocol protocol use the specific protocol:" + echo " ftp, ftps, http, https (default)," + echo " h2 (HTTP/2), imap, imaps, irc, ircs, ldap," + echo " ldaps, mysql, pop3, pop3s, postgres," + echo " sieve, smtp, smtps, xmpp, xmpp-server." + echo " ftp, imap, irc, ldap, pop3, postgres," + echo " sieve, smtp: switch to TLS using StartTLS" + echo " --password source password source for a local certificate," + echo " see the PASS PHRASE ARGUMENTS section" + echo " openssl(1)" + echo " --prometheus generates Prometheus/OpenMetrics output" + echo " --proxy sets http_proxy and the s_client -proxy" + # Delimiter at 78 chars ############################################################ + echo " -r,--rootcert path root certificate or directory to be used" + echo " for certificate validation" + echo " --require-client-cert [list] the server must accept a client" + echo " certificate. 'list' is an optional comma" + echo " separated list of expected client" + echo " certificate CAs" echo " --require-no-ssl2 critical if SSL version 2 is offered" echo " --require-no-ssl3 critical if SSL version 3 is offered" echo " --require-no-tls1 critical if TLS 1 is offered" echo " --require-no-tls1_1 critical if TLS 1.1 is offered" - echo " --resolve ip provides a custom IP address for the specified host" - echo " -s,--selfsigned allows self-signed certificates" - echo " --serial serialnum pattern to match the serial number" - echo " --skip-element number skip checks on N cert element from the begining of the chain" - echo " --sni name sets the TLS SNI (Server Name Indication) extension" - echo " in the ClientHello message to 'name'" - echo " --ssl2 forces SSL version 2" - echo " --ssl3 forces SSL version 3" echo " --require-ocsp-stapling require OCSP stapling" - echo " --require-san require the presence of a Subject Alternative Name" - echo " extension" - echo " -r,--rootcert path root certificate or directory to be used for" + echo " --resolve ip provides a custom IP address for the" + echo " specified host" + echo " --rootcert-dir path root directory to be used for certificate" + echo " validation" + echo " --rootcert-file path root certificate to be used for" echo " certificate validation" - echo " --rootcert-dir path root directory to be used for certificate validation" - echo " --rootcert-file path root certificate to be used for certificate validation" - echo " --rsa signature algorithm selection: force RSA certificate" - echo " --temp dir directory where to store the temporary files" - echo " --terse terse output" + echo " --rsa signature algorithm selection: force RSA" + echo " certificate" + # Delimiter at 78 chars ############################################################ + echo " -s,--selfsigned allows self-signed certificates" + echo " --serial serialnum pattern to match the serial number" + echo " --skip-element number skips checks on the Nth cert element (can" + echo " be specified multiple times)" + echo " --sni name sets the TLS SNI (Server Name Indication)" + echo " extension in the ClientHello message to" + echo " 'name'" + echo " --ssl2 force SSL version 2" + echo " --ssl3 force SSL version 3" + # Delimiter at 78 chars ############################################################ echo " -t,--timeout seconds timeout after the specified time" echo " (defaults to ${TIMEOUT} seconds)" + echo " --temp dir directory where to store the temporary" + echo " files" + echo " --terse terse output" echo " --tls1 force TLS version 1" echo " --tls1_1 force TLS version 1.1" echo " --tls1_2 force TLS version 1.2" echo " --tls1_3 force TLS version 1.3" + # Delimiter at 78 chars ############################################################ echo " -u,--url URL HTTP request URL" - echo " -v,--verbose verbose output (can be specified more than once)" + # Delimiter at 78 chars ############################################################ + echo " -v,--verbose verbose output (can be specified more than" + echo " once)" echo " -V,--version version" - echo " -w,--warning days minimum number of days a certificate has to be valid" - echo " to issue a warning status. Default: ${WARNING_DAYS}" - echo " --xmpphost name specifies the host for the 'to' attribute of the stream element" + # Delimiter at 78 chars ############################################################ + echo " -w,--warning days minimum number of days a certificate has" + echo " to be valid to issue a warning status." + echo " Can be a floating point number, e.g., 0.5" + echo " Default: ${WARNING_DAYS}" + # Delimiter at 78 chars ############################################################ + echo " --xmpphost name specifies the host for the 'to' attribute" + echo " of the stream element" + # Delimiter at 78 chars ############################################################ echo " -4 force IPv4" echo " -6 force IPv6" echo echo "Deprecated options:" echo " --altnames matches the pattern specified in -n with" echo " alternate names too (enabled by default)" - echo " --days days minimum number of days a certificate has to be valid" + echo " --days days minimum number of days a certificate has" + echo " to be valid" echo " (see --critical and --warning)" - echo " -N,--host-cn match CN with the host name (enabled by default)" - echo " --ocsp check revocation via OCSP (enabled by default)" + echo " -N,--host-cn match CN with the host name" + echo " (enabled by default)" + echo " --no_ssl2 disable SSLv2 (deprecated use --no-ssl2)" + echo " --no_ssl3 disable SSLv3 (deprecated use --no-ssl3)" + echo " --no_tls1 disable TLSv1 (deprecated use --no-tls1)" + echo " --no_tls1_1 disable TLSv1.1 (deprecated use" + echo " --no-tls1_1)" + echo " --no_tls1_2 disable TLSv1.1 (deprecated use" + echo " --no-tls1_2)" + echo " --no_tls1_3 disable TLSv1.1 (deprecated use" + echo " --no-tls1_3)" + echo " --ocsp check revocation via OCSP (enabled by" + echo " default)" + echo " --require-san require the presence of a Subject" + echo " Alternative Name" + echo " extension" echo " -S,--ssl version force SSL version (2,3)" echo " (see: --ssl2 or --ssl3)" echo @@ -225,19 +337,116 @@ MESSAGE=$1 LEVEL=$2 - if [ -z "${LEVEL}" ] ; then + if [ -n "${DEBUG_TIME}" ]; then + NOW=$(date +%s) + ELAPSED=$((NOW - DEBUG_TIME)) + ELAPSED=$(printf "%04d" "${ELAPSED}") + fi + + if [ -z "${LEVEL}" ]; then #default LEVEL=1 fi - if [ "${LEVEL}" -le "${DEBUG}" ] ; then - echo "${1}" | sed 's/^/[DBG] /' >&2 + if [ "${LEVEL}" -le "${DEBUG}" ]; then + if [ -n "${ELAPSED}" ]; then + echo "${1}" | sed "s/^/[DBG ${ELAPSED}s] /" >&2 + else + echo "${1}" | sed "s/^/[DBG] /" >&2 + fi + fi + + # debuglog is also called during the --debug-file sanity checks: we have + # to check if the file exists + if [ -n "${DEBUG_FILE}" ] && [ -e "${DEBUG_FILE}" ] && ! [ -d "${DEBUG_FILE}" ] && [ -w "${DEBUG_FILE}" ]; then + if [ -n "${ELAPSED}" ]; then + echo "+${ELAPSED}s ${1}" >>"${DEBUG_FILE}" + else + echo "${1}" >>"${DEBUG_FILE}" + fi + fi + +} + +############################################################################## +# Prints nicely certificate information +info() { + + LABEL=$1 + VALUE=$2 + + if [ -n "${INFO}" ] && [ -n "${VALUE}" ]; then + printf "%s\\t%s\\n" "${LABEL}" "${VALUE}" | expand -t 32 + fi + +} + +################################################################################ +# Checks if the given file can be created and written +# $1: file name +open_for_appending() { + + FILE_TO_OPEN=$1 + + if [ -d "${FILE_TO_OPEN}" ]; then + + unknown "${FILE_TO_OPEN} is a directory" + + elif [ -e "${FILE_TO_OPEN}" ]; then + + # file already exists + if [ ! -w "${FILE_TO_OPEN}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + + else + + FILE_TO_OPEN_DIRECTORY=$(dirname "${FILE_TO_OPEN}") + if [ ! -w "${FILE_TO_OPEN_DIRECTORY}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + + # clear / create the file + true >"${FILE_TO_OPEN}" + + fi + +} + +################################################################################ +# Checks if the given file can be created and written +# $1: file name +open_for_writing() { + + FILE_TO_OPEN=$1 + + if [ -d "${FILE_TO_OPEN}" ]; then + + unknown "${FILE_TO_OPEN} is a directory" + + elif [ -e "${FILE_TO_OPEN}" ]; then + + # file already exists + if [ ! -w "${FILE_TO_OPEN}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + + else + + FILE_TO_OPEN_DIRECTORY=$(dirname "${FILE_TO_OPEN}") + if [ ! -w "${FILE_TO_OPEN_DIRECTORY}" ]; then + unknown "Cannot write to ${FILE_TO_OPEN}" + fi + fi + # clear / create the file + true >"${FILE_TO_OPEN}" + } ################################################################################ -# Prints the given message to STDOUT if the verbose command line opttion was +# Prints the given message to STDOUT if the verbose command line option was # specified # $1: string # $2: level (optional default 1) @@ -246,12 +455,12 @@ MESSAGE=$1 LEVEL=$2 - if [ -z "${LEVEL}" ] ; then + if [ -z "${LEVEL}" ]; then #default LEVEL=1 fi - if [ "${LEVEL}" -le "${VERBOSE}" ] ; then + if [ "${LEVEL}" -le "${VERBOSE}" ]; then echo "${MESSAGE}" >&2 fi @@ -261,8 +470,9 @@ # trap passing the signal name # see https://stackoverflow.com/questions/2175647/is-it-possible-to-detect-which-trap-signal-in-bash/2175751#2175751 trap_with_arg() { - func="$1" ; shift - for sig ; do + func="$1" + shift + for sig; do # shellcheck disable=SC2064 trap "${func} ${sig}" "${sig}" done @@ -274,7 +484,8 @@ debuglog "cleaning up temporary files" # shellcheck disable=SC2086 if [ -n "${TEMPORARY_FILES}" ]; then - debuglog "$(echo "${TEMPORARY_FILES}" | tr '\ ' '\n')" + TEMPORARY_FILES_TMP="$(echo "${TEMPORARY_FILES}" | tr '\ ' '\n')" + debuglog "${TEMPORARY_FILES_TMP}" rm -f ${TEMPORARY_FILES} fi } @@ -293,8 +504,18 @@ create_temporary_file() { # create a temporary file - TEMPFILE="$( mktemp "${TMPDIR}/XXXXXX" 2> /dev/null )" - if [ -z "${TEMPFILE}" ] || [ ! -w "${TEMPFILE}" ] ; then + # mktemp is not always available (e.g., on AIX) + # we could use https://stackoverflow.com/questions/10224921/how-to-create-a-temporary-file-with-portable-shell-in-a-secure-way + # but on some systems od -N4 -tu /dev/random takes seconds (?) to execute + + if [ -n "${MKTEMP}" ]; then + TEMPFILE="$(mktemp "${TMPDIR}/XXXXXX" 2>/dev/null)" + else + TEMPFILE=${TMPDIR}/XXX-$(od -N4 -tu /dev/random | head -n 1 | sed 's/\ *$//' | sed 's/.*\ //') + touch "${TEMPFILE}" + fi + + if [ -z "${TEMPFILE}" ] || [ ! -w "${TEMPFILE}" ]; then unknown 'temporary file creation failure.' fi @@ -315,49 +536,135 @@ DATE=$1 debuglog "Date computations: ${DATETYPE}" + + # we check if we are on a 32 bit system and if the date is beyond the max date + # we simplify and consider a date invalid after 1.1.2038 instead of 19.1.2038 + # since date is not able to parse the date we do it manually with a little bit of heuristics ... + LONG_BIT_TMP="$(getconf LONG_BIT)" + if [ "${LONG_BIT_TMP}" -eq 32 ]; then + debuglog "32 bit system" + CERT_YEAR=$(echo "${DATE}" | sed 's/.*\ \(2[0-9][0-9][0-9]\).*/\1/') + debuglog "Checking if the year ${CERT_YEAR} is beyond the max date for the system 2038-01-19" + if [ "${CERT_YEAR}" -gt 2038 ]; then + verboselog "${DATE} is beyond the maximum date on a 32 bit system: we consider 2038-01-19" + DATE='Jan 19 00:00:00 2038 GMT' + fi + fi + debuglog "Computing number of hours until '${DATE}'" case "${DATETYPE}" in - "BSD") - HOURS_UNTIL=$(( ( $(${DATEBIN} -jf "%b %d %T %Y %Z" "${DATE}" +%s) - $(${DATEBIN} +%s) ) / 3600 )) - ;; - "BUSYBOX") - BUSYBOX_DATE=$( echo "${DATE}" | sed 's/[ ][^ ]*$//' ) - debuglog "Computing number of hours until '${BUSYBOX_DATE}' (BusyBox compatible format)" - verboselog "warning: BusyBox date does not support time zones. Using ${BUSYBOX_DATE} in the current zone instead of ${DATE}" - HOURS_UNTIL=$(( ( $(${DATEBIN} -d "${BUSYBOX_DATE}" +%s) - $(${DATEBIN} +%s) ) / 3600 )) - ;; - "GNU") - HOURS_UNTIL=$(( ( $(${DATEBIN} -d "${DATE}" +%s) - $(${DATEBIN} +%s) ) / 3600 )) - ;; - "PERL") - # Warning: some shell script formatting tools will indent the EOF! (should be at position 0) - if ! HOURS_UNTIL=$(perl - "${DATE}" <<-"EOF" - use strict; - use warnings; - use Date::Parse; - my $cert_date = str2time( $ARGV[0] ); - my $hours = int (( $cert_date - time ) / 3600 + 0.5); - print "$hours\n"; -EOF - ) ; then - # something went wrong with the embedded Perl code: check the indentation of EOF - unknown "Error computing the certificate validity with Perl" - fi - ;; + "BSD") + + # new BSD date + HOURS_UNTIL=$((($(${DATEBIN} -jf "%b %d %T %Y %Z" "${DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + + ;; + + "DCONV") + + debuglog "Computing date with dconv" + + # detect the date -j required format + if date --help 2>&1 | grep -q '\[\[\[mm\]dd]HH\]MM\[\[cc\]yy\]\[\.ss\]\]'; then + + # e.g., macOS + + debuglog "date -j format [[[mm]dd]HH]MM[[cc]yy][.ss]]" + debuglog "executing: echo '${DATE}' | sed 's/ / /g' | ${DCONV_BIN} -f \"%m%d%H%M%Y.%S\" -i \"%b %d %H:%M:%S %Y %Z\"" + + CONVERTED_DATE=$(echo "${DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%m%d%H%M%Y.%S" -i "%b %d %H:%M:%S %Y %Z") + debuglog "date converted with dconv: ${CONVERTED_DATE}" + + HOURS_UNTIL=$((($(${DATEBIN} -j "${CONVERTED_DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + + debuglog "hours computed with ${DCONV_BIN}: ${HOURS_UNTIL}" + + elif date --help 2>&1 | grep -q '\[\[\[\[\[\[cc\]yy\]mm\]dd\]HH\]MM\[\.SS\]\]'; then + + # e.g., old BSD + + debuglog "date -j format [[[[[[cc]yy]mm]dd]HH]MM[.SS]]" + + CONVERTED_DATE=$(echo "${DATE}" | sed 's/ / /g' | ${DCONV_BIN} -f "%Y%m%d%H%M.%S" -i "%b %d %H:%M:%S %Y %Z") + debuglog "date converted with ${DCONV_BIN}: ${CONVERTED_DATE}" + + HOURS_UNTIL=$((($(${DATEBIN} -j +%s "${CONVERTED_DATE}") - $(${DATEBIN} +%s)) / 3600)) + + else + unknown "Unknown date(1) input format" + fi + + ;; + + "BUSYBOX") + BUSYBOX_DATE=$(echo "${DATE}" | sed 's/[ ][^ ]*$//') + debuglog "Computing number of hours until '${BUSYBOX_DATE}' (BusyBox compatible format)" + verboselog "Warning: BusyBox date does not support time zones. Using ${BUSYBOX_DATE} in the current zone instead of ${DATE}" + HOURS_UNTIL=$((($(${DATEBIN} -d "${BUSYBOX_DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + ;; + "GNU") + HOURS_UNTIL=$((($(${DATEBIN} -d "${DATE}" +%s) - $(${DATEBIN} +%s)) / 3600)) + ;; + "PERL") + # Warning: some shell script formatting tools will indent the EOF! (should be at position 0) + if ! HOURS_UNTIL=$( + perl - "${DATE}" <<-"EOF" + use strict; + use warnings; + use Date::Parse; + my $cert_date = str2time( $ARGV[0] ); + my $hours = int (( $cert_date - time ) / 3600 + 0.5); + print "$hours\n"; + EOF + ); then + # something went wrong with the embedded Perl code: check the indentation of EOF + unknown "Error computing the certificate validity with Perl" + fi + ;; *) unknown "Internal error: unknown date type" + ;; esac debuglog "Hours until ${DATE}: ${HOURS_UNTIL}" + echo "${HOURS_UNTIL}" } ################################################################################ +# Convert a number of days into according number of seconds +# Params +# $1 NUMBER_OF_DAYS +# return NUMBER_OF_SECONDS +days_to_seconds() { + + NUMBER_OF_DAYS=$1 + + if echo "${NUMBER_OF_DAYS}" | grep -q '^[0-9][0-9]*$'; then + debuglog "Converting ${NUMBER_OF_DAYS} days into seconds by shell function" + NUMBER_OF_SECONDS=$((NUMBER_OF_DAYS * 86400)) + else + if command -v perl >/dev/null; then + debuglog "Converting ${NUMBER_OF_DAYS} days into seconds with perl" + NUMBER_OF_SECONDS=$(perl -E "say ${NUMBER_OF_DAYS}*86400") + else + debuglog "Converting ${NUMBER_OF_DAYS} days into seconds with awk" + NUMBER_OF_SECONDS=$(awk "BEGIN {print ${NUMBER_OF_DAYS} * 86400}") + fi + fi + + debuglog "Converted ${NUMBER_OF_DAYS} days into seconds: ${NUMBER_OF_SECONDS}" + + echo "${NUMBER_OF_SECONDS}" + +} + +################################################################################ # checks if OpenSSL version is at least the given parameter # Params -# $1 minumum version +# $1 minimum version openssl_version() { # See https://wiki.openssl.org/index.php/Versioning @@ -371,52 +678,52 @@ ${MIN_VERSION} EOF - if echo "${MIN_MINOR}" | grep -q '[[:alpha:]]' ; then - MIN_FIX=$( echo "${MIN_MINOR}" | sed 's/[[:digit:]][[:digit:]]*//' ) - MIN_MINOR=$( echo "${MIN_MINOR}" | sed 's/[[:alpha:]][[:alpha:]]*//' ) + if echo "${MIN_MINOR}" | grep -q '[[:alpha:]]'; then + MIN_FIX=$(echo "${MIN_MINOR}" | sed 's/[[:digit:]][[:digit:]]*//') + MIN_MINOR=$(echo "${MIN_MINOR}" | sed 's/[[:alpha:]][[:alpha:]]*//') fi - if [ -n "${MIN_FIX}" ] ; then MIN_FIX_NUM=$( printf '%d' "'${MIN_FIX}" ) ; else MIN_FIX_NUM=0 ; fi + if [ -n "${MIN_FIX}" ]; then MIN_FIX_NUM=$(printf '%d' "'${MIN_FIX}"); else MIN_FIX_NUM=0; fi debuglog "Checking if OpenSSL version is at least ${MIN_VERSION} ( '${MIN_MAJOR1}' '${MIN_MAJOR2}' '${MIN_MINOR}' '${MIN_FIX}:${MIN_FIX_NUM}' )" # current version # the OPENSSL_VERSION can be set externally to be able to test - if [ -z "${OPENSSL_VERSION}" ] ; then - OPENSSL_VERSION=$( ${OPENSSL} version ) + if [ -z "${OPENSSL_VERSION}" ]; then + OPENSSL_VERSION=$(${OPENSSL} version) fi debuglog "openssl version: ${OPENSSL_VERSION}" - OPENSSL_VERSION=$( echo "${OPENSSL_VERSION}" | sed 's/^OpenSSL\ \([^ \-]*\).*/\1/' ) + OPENSSL_VERSION=$(echo "${OPENSSL_VERSION}" | sed -E 's/^(Libre|Open)SSL\ ([^ \-]*).*/\2/') IFS='.' read -r MAJOR1 MAJOR2 MINOR <>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" debuglog "prepend_critical_message: new message = $1" - debuglog "prepend_critical_message: HOST_NAME = ${HOST_NAME}" - debuglog "prepend_critical_message: HOST_ADDR = ${HOST_ADDR}" - debuglog "prepend_critical_message: CN = ${CN}" - debuglog "prepend_critical_message: SNI = ${SNI}" - debuglog "prepend_critical_message: FILE = ${FILE}" - debuglog "prepend_critical_message: SHORTNAME = ${SHORTNAME}" - debuglog "prepend_critical_message: MSG = ${MSG}" debuglog "prepend_critical_message: CRITICAL_MSG = ${CRITICAL_MSG}" debuglog "prepend_critical_message: ALL_MSG 1 = ${ALL_MSG}" - if [ -n "${CN}" ] ; then - if echo "${CN}" | grep -q -F 'unavailable' ; then + if [ -n "${CN}" ]; then + if echo "${CN}" | grep -q -F 'unavailable'; then tmp=" ${SUBJECT_ALTERNATIVE_NAME}" else tmp=" ${CN}" fi else - if [ -n "${HOST_NAME}" ] ; then - if [ -n "${SNI}" ] ; then + if [ -n "${HOST_NAME}" ]; then + if [ -n "${SNI}" ]; then tmp=" ${SNI}" - elif [ -n "${FILE}" ] ; then + elif [ -n "${FILE}" ]; then tmp=" ${FILE}" else tmp=" ${HOST_NAME}" @@ -476,7 +779,7 @@ MSG="${SHORTNAME} CRITICAL${tmp}: ${1}${LONG_OUTPUT}" - if [ "${CRITICAL_MSG}" = "" ]; then + if [ "${CRITICAL_MSG}" = "" ] || [ -n "${2-}" ]; then CRITICAL_MSG="${MSG}" fi @@ -490,6 +793,102 @@ } ################################################################################ +# Adds a line to the prometheus status output +# Params +# $1 line to be added +add_prometheus_status_output_line() { + + PROMETHEUS_LINE=$1 + + debuglog "Adding line to prometheus status output: ${PROMETHEUS_LINE}" + + if [ -n "${PROMETHEUS}" ]; then + + if [ -n "${PROMETHEUS_OUTPUT_STATUS}" ]; then + PROMETHEUS_OUTPUT_STATUS="${PROMETHEUS_OUTPUT_STATUS}\\n${PROMETHEUS_LINE}" + else + PROMETHEUS_OUTPUT_STATUS="${PROMETHEUS_LINE}" + fi + + fi + +} + +################################################################################ +# Dada a line to the prometheus validity output +# Params +# $1 line to be added +add_prometheus_valid_output_line() { + + PROMETHEUS_LINE=$1 + + debuglog "Adding line to prometheus validity output: ${PROMETHEUS_LINE}" + + if [ -n "${PROMETHEUS}" ]; then + + if [ -n "${PROMETHEUS_OUTPUT_VALID}" ]; then + PROMETHEUS_OUTPUT_VALID="${PROMETHEUS_OUTPUT_VALID}\\n${PROMETHEUS_LINE}" + else + PROMETHEUS_OUTPUT_VALID="${PROMETHEUS_LINE}" + fi + + fi + +} + +################################################################################ +# Dada a line to the prometheus days output +# Params +# $1 line to be added +add_prometheus_days_output_line() { + + PROMETHEUS_LINE=$1 + + debuglog "Adding line to prometheus days output: ${PROMETHEUS_LINE}" + + if [ -n "${PROMETHEUS}" ]; then + + if [ -n "${PROMETHEUS_OUTPUT_DAYS}" ]; then + PROMETHEUS_OUTPUT_DAYS="${PROMETHEUS_OUTPUT_DAYS}\\n${PROMETHEUS_LINE}" + else + PROMETHEUS_OUTPUT_DAYS="${PROMETHEUS_LINE}" + fi + + fi +} + +################################################################################ +# Prometheus output +prometheus_output() { + + if [ -n "${PROMETHEUS_OUTPUT_STATUS}" ]; then + echo "# HELP cert_valid If cert is ok (0), warning (1) or critical (2)" + echo "# TYPE cert_valid gauge" + echo "${PROMETHEUS_OUTPUT_STATUS}" + NL=1 + fi + + if [ -n "${PROMETHEUS_OUTPUT_VALID}" ]; then + if [ -n "${NL}" ]; then + echo + fi + echo "# HELP cert_valid_chain_elem If chain element is ok (0), warning (1) or critical (2)" + echo "# TYPE cert_valid_chain_elem gauge" + echo "${PROMETHEUS_OUTPUT_VALID}" + NL=1 + fi + + if [ -n "${PROMETHEUS_OUTPUT_DAYS}" ]; then + if [ -n "${NL}" ]; then + echo + fi + echo "# HELP cert_days_chain_elem Days until chain element expires" + echo "# TYPE cert_days_chain_elem gauge" + echo "${PROMETHEUS_OUTPUT_DAYS}" + fi +} + +################################################################################ # Exits with a critical message # Params # $1 error message @@ -500,14 +899,32 @@ debuglog 'exiting with CRITICAL' debuglog "ALL_MSG = ${ALL_MSG}" - NUMBER_OF_ERRORS=$( printf '%b' "${ALL_MSG}" | wc -l ) + NUMBER_OF_ERRORS=$(printf '%b' "${ALL_MSG}" | wc -l) debuglog "number of errors = ${NUMBER_OF_ERRORS}" - if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ -n "${VERBOSE}" ] ; then - printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" + if [ -n "${NO_PERF}" ]; then + PERFORMANCE_DATA= + fi + + if [ -z "${PROMETHEUS}" ]; then + + if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ "${VERBOSE}" -gt 0 ]; then + printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" + else + printf '%s%s \n' "$1" "${PERFORMANCE_DATA}" + fi + else - printf '%s%s \n' "$1" "${PERFORMANCE_DATA}" + + if [ -n "${CN}" ]; then + add_prometheus_status_output_line "cert_valid{cn=\"${CN}\"} 2" + else + add_prometheus_status_output_line "cert_valid 2" + fi + + prometheus_output + fi exit "${STATUS_CRITICAL}" @@ -517,8 +934,11 @@ # append all warning messages to list of all messages # Params # $1 warning message +# $2 replace current warning message append_warning_message() { + verboselog "Warning: $1" + debuglog "WARNING >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" debuglog "append_warning_message: HOST_NAME = ${HOST_NAME}" debuglog "append_warning_message: HOST_ADDR = ${HOST_ADDR}" @@ -530,33 +950,32 @@ debuglog "prepend_warning_message: WARNING_MSG = ${WARNING_MSG}" debuglog "prepend_warning_message: ALL_MSG 1 = ${ALL_MSG}" - if [ -n "${CN}" ] ; then - if echo "${CN}" | grep -q -F 'unavailable' ; then + if [ -n "${CN}" ]; then + if echo "${CN}" | grep -q -F 'unavailable'; then tmp=" ${SUBJECT_ALTERNATIVE_NAME}" else tmp=" ${CN}" fi else - if [ -n "${HOST_NAME}" ] ; then - if [ -n "${SNI}" ] ; then + if [ -n "${HOST_NAME}" ]; then + if [ -n "${SNI}" ]; then tmp=" ${SNI}" - elif [ -n "${FILE}" ] ; then + elif [ -n "${FILE}" ]; then tmp=" ${FILE}" else - tmp=" ${HOST_NAME}" + tmp=" ${HOST_NAME}" fi fi fi MSG="${SHORTNAME} WARN${tmp}: ${1}${LONG_OUTPUT}" - if [ "${WARNING_MSG}" = "" ]; then + if [ "${WARNING_MSG}" = "" ] || [ -n "${2-}" ]; then WARNING_MSG="${MSG}" fi ALL_MSG="${ALL_MSG}\\n ${MSG}" - debuglog "prepend_warning_message: MSG 2 = ${MSG}" debuglog "prepend_warning_message: WARNING_MSG 2 = ${WARNING_MSG}" debuglog "prepend_warning_message: ALL_MSG 2 = ${ALL_MSG}" @@ -564,21 +983,38 @@ } - ################################################################################ # Exits with a warning message -# Param +# Params # $1 warning message warning() { remove_temporary_files - NUMBER_OF_ERRORS=$( printf '%b' "${ALL_MSG}" | wc -l ) + NUMBER_OF_ERRORS=$(printf '%b' "${ALL_MSG}" | wc -l) + + if [ -n "${NO_PERF}" ]; then + PERFORMANCE_DATA= + fi + + if [ -z "${PROMETHEUS}" ]; then + + if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ "${VERBOSE}" -gt 0 ]; then + printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" + else + printf '%s %s\n' "$1" "${PERFORMANCE_DATA}" + fi - if [ "${NUMBER_OF_ERRORS}" -ge 2 ] && [ -n "${VERBOSE}" ]; then - printf '%s%s\nError(s):%b\n' "$1" "${PERFORMANCE_DATA}" "${ALL_MSG}" else - printf '%s %s\n' "$1" "${PERFORMANCE_DATA}" + + if [ -n "${CN}" ]; then + add_prometheus_status_output_line "cert_valid{cn=\"${CN}\"} 1" + else + add_prometheus_status_output_line "cert_valid 1" + fi + + prometheus_output + fi exit "${STATUS_WARNING}" @@ -586,13 +1022,13 @@ ################################################################################ # Exits with an 'unknown' status -# Param +# Params # $1 message unknown() { - if [ -n "${HOST_NAME}" ] ; then - if [ -n "${SNI}" ] ; then + if [ -n "${HOST_NAME}" ]; then + if [ -n "${SNI}" ]; then tmp=" ${SNI}" - elif [ -n "${FILE}" ] ; then + elif [ -n "${FILE}" ]; then tmp=" ${FILE}" else tmp=" ${HOST_NAME}" @@ -603,7 +1039,6 @@ exit "${STATUS_UNKNOWN}" } - ################################################################################ # Exits with unknown if s_client does not support the given option # @@ -612,21 +1047,129 @@ # require_s_client_option() { debuglog "Checking if s_client supports the $1 option" - if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "$1" ; then + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "$1"; then unknown "s_client does not support the $1 option" fi } ################################################################################ -# To set a variable with an HEREDOC in a POSIX compliant way -# see: https://unix.stackexchange.com/questions/340718/how-do-i-bring-heredoc-text-into-a-shell-script-variable -# Usage: -# set_variable variablename<<'HEREDOC' -# ... -# HEREDOC -set_variable() { - # shellcheck disable=SC2016 - eval "$1"'=$(cat)' +# Extract specific attributes from a certificate +# $1 attribute name +# $2 cert file or cert content +extract_cert_attribute() { + + debuglog "extracting cert attribute ${1}" + + if [ -f "${2}" ]; then + cert_content="$(cat "${2}")" + else + cert_content="${2}" + fi + + # shellcheck disable=SC2086,SC2016 + case $1 in + cn) + if echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject 2>/dev/null | grep -F -q 'CN' >/dev/null; then + echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject | + sed -e "s/^.*[[:space:]]*CN[[:space:]]=[[:space:]]//" -e 's/\/[[:alpha:]][[:alpha:]]*=.*$//' -e "s/,.*//" + else + echo 'CN unavailable' + return 1 + fi + ;; + subject) + echo "${cert_content}" | "${OPENSSL}" x509 -noout ${OPENSSL_PARAMS} -subject + ;; + serial) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -serial | sed -e "s/^serial=//" + ;; + fingerprint) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -fingerprint -sha1 | sed -e "s/^SHA1 Fingerprint=//" + ;; + oscp_uri) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -ocsp_uri + ;; + oscp_uri_single) + extract_cert_attribute 'oscp_uri' "${cert_content}" | head -n 1 + ;; + hash) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -hash + ;; + modulus) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -modulus + ;; + issuer) + # see https://unix.stackexchange.com/questions/676776/parse-comma-separated-string-ignoring-commas-between-quotes + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout -nameopt sep_multiline,utf8,esc_ctrl -issuer | + tail -n +2 | + sed 's/^\ *//' + ;; + issuer_uri) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | grep -F "CA Issuers" | grep -F -i "http" | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;${}<>`&' + ;; + issuer_uri_single) + extract_cert_attribute 'issuer_uri' "${cert_content}" | head -n 1 + ;; + issuer_hash) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -issuer_hash + ;; + org) + cert_subject=$(echo "${cert_content}" | "${OPENSSL}" x509 -noout -subject) + + # on older systems the fields where separated by /, e.g., + # subject= /C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com + # on newer systems the fields are separated by , and are sometimes quoted (if they contain a comma), e.g., + # subject=C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = github.com + # subject=C = ES, ST = Madrid, L = Madrid, jurisdictionC = ES, O = Ibermutua Mutua Colaboradora con la Seguridad Social N\C3\BAmero 274, businessCategory = Private Organization, serialNumber = 1998-02-18, CN = www.ibermutua.es + + if echo "${cert_subject}" | grep -q '^subject=\ \/'; then + # old format + echo "${cert_subject}" | sed -e 's/.*\/O=//' -e 's/\/.*//' + else + # new format + if echo "${cert_subject}" | grep -q 'O\ =\ "'; then + # quotes + echo "${cert_subject}" | sed -e 's/.*O\ =\ "//' -e 's/".*//' + else + # no quotes + echo "${cert_subject}" | sed -e 's/.*O\ =\ //' -e 's/\,\ .*//' + fi + fi + ;; + email) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -email + ;; + crl_uri) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -text | + grep -F -A 4 'X509v3 CRL Distribution Points' | + grep -F URI | + sed 's/^.*URI://' + ;; + sig_algo) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -text | grep -m 1 -F 'Signature Algorithm' + ;; + startdate) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} -startdate | sed -e "s/^notBefore=//" + ;; + enddate) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" -noout ${OPENSSL_PARAMS} "${OPENSSL_ENDDATE_OPTION}" | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//" + ;; + sct) + echo "${cert_content}" | "${OPENSSL}" x509 -noout -text | grep -E -q 'SCTs|1\.3\.6\.1\.4\.1\.11129\.2\.4\.2' + ;; + subjectAlternativeName) + echo "${cert_content}" | "${OPENSSL}" "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -text | + grep -F -A 1 "509v3 Subject Alternative Name:" | + tail -n 1 | + sed -e "s/DNS://g" | + sed -e "s/,//g" | + sed -e 's/^\ *//' + ;; + *) + return 1 + ;; + esac + } ################################################################################ @@ -645,61 +1188,61 @@ command="/bin/sh -c \"$1\"" OUTFILE=/dev/null - if [ -n "$2" ] ; then + if [ -n "$2" ]; then OUTFILE=$2 fi ERRFILE=/dev/null - if [ -n "$3" ] ; then + if [ -n "$3" ]; then ERRFILE=$3 fi - start_time=$( date +%s ) + start_time=$(date +%s) debuglog "executing with timeout (${time}s): $1" debuglog " start time = ${start_time}" - if [ -n "${TIMEOUT_BIN}" ] ; then + if [ -n "${TIMEOUT_BIN}" ]; then - debuglog "$(printf "%s %s %s\\n" "${TIMEOUT_BIN}" "${time}" "${command}")" + debuglog "$(printf '%s %s %s\n' "${TIMEOUT_BIN}" "${time}" "${command}")" - # We execute timeout in the backgroud so that it can be relay a signal to 'timeout' + # We execute timeout in the background so that it can be relay a signal to 'timeout' # https://unix.stackexchange.com/questions/57667/why-cant-i-kill-a-timeout-called-from-a-bash-script-with-a-keystroke/57692#57692 - eval "${TIMEOUT_BIN} ${time} ${command} &" > "${OUTFILE}" 2> "${ERRFILE}" + eval "${TIMEOUT_BIN} ${time} ${command} &" >"${OUTFILE}" 2>"${ERRFILE}" TIMEOUT_PID=$! - wait "${TIMEOUT_PID}" > /dev/null 2>&1 + wait "${TIMEOUT_PID}" >/dev/null 2>&1 RET=$? # return codes # https://www.gnu.org/software/coreutils/manual/coreutils.html#timeout-invocation - # because of the execution in the backgroud we get a 137 for a timeout - if [ "${RET}" -eq 137 ] || [ "${RET}" -eq 124 ] ; then + # because of the execution in the background we get a 137 for a timeout + if [ "${RET}" -eq 137 ] || [ "${RET}" -eq 124 ]; then prepend_critical_message "Timeout after ${time} seconds" critical "${SHORTNAME} CRITICAL: Timeout after ${time} seconds" - elif [ "${RET}" -eq 125 ] ; then + elif [ "${RET}" -eq 125 ]; then prepend_critical_message "execution of ${command} failed" - elif [ "${RET}" -eq 126 ] ; then + elif [ "${RET}" -eq 126 ]; then prepend_critical_message "${command} is found but cannot be invoked" - elif [ "${RET}" -eq 127 ] ; then + elif [ "${RET}" -eq 127 ]; then prepend_critical_message "${command} cannot be found" fi - end_time=$( date +%s ) - TIMEOUT=$(( TIMEOUT - end_time + start_time )) - debuglog " end time = ${end_time}" - debuglog " new timeout = ${TIMEOUT}" - if [ "${TIMEOUT}" -lt 1 ] ; then TIMEOUT=1; fi + end_time=$(date +%s) + TIMEOUT=$((TIMEOUT - end_time + start_time)) + debuglog " end time = ${end_time}" + debuglog " new timeout = ${TIMEOUT}" + if [ "${TIMEOUT}" -lt 1 ]; then TIMEOUT=1; fi return "${RET}" - elif [ -n "${EXPECT}" ] ; then + elif [ -n "${EXPECT}" ]; then # just to tell shellcheck that the variable is assigned # (in fact the value is assigned with the function set_value) EXPECT_SCRIPT='' TIMEOUT_ERROR_CODE=42 - set_variable EXPECT_SCRIPT << EOT + set_variable EXPECT_SCRIPT < "${OUTFILE}" 2> "${ERRFILE}" + eval "${command}" >"${OUTFILE}" 2>"${ERRFILE}" RET=$? - end_time=$( date +%s ) + end_time=$(date +%s) # we deduce the command duration from the total specified timeout - TIMEOUT=$(( TIMEOUT - end_time + start_time )) - debuglog " end time = ${end_time}" - debuglog " new timeout = ${TIMEOUT}" - if [ "${TIMEOUT}" -lt 1 ] ; then TIMEOUT=1; fi + TIMEOUT=$((TIMEOUT - end_time + start_time)) + debuglog " end time = ${end_time}" + debuglog " new timeout = ${TIMEOUT}" + if [ "${TIMEOUT}" -lt 1 ]; then TIMEOUT=1; fi return "${RET}" fi - } ################################################################################ @@ -772,21 +1314,20 @@ # Returns 1 if the program exists and is executable check_required_prog() { - PROG=$(command -v "$1" 2> /dev/null) + PROG=$(command -v "$1" 2>/dev/null) - if [ -z "${PROG}" ] ; then + if [ -z "${PROG}" ]; then unknown "cannot find program: $1" fi - if [ ! -x "${PROG}" ] ; then + if [ ! -x "${PROG}" ]; then unknown "${PROG} is not executable" fi } - ################################################################################ -# Checks cert revokation via CRL +# Checks cert revocation via CRL # Params # $1 cert # $2 element number @@ -796,9 +1337,10 @@ el_number=$2 fi - create_temporary_file; CERT_ELEMENT=${TEMPFILE} + create_temporary_file + CERT_ELEMENT=${TEMPFILE} debuglog "Storing the chain element in ${CERT_ELEMENT}" - echo "${1}" > "${CERT_ELEMENT}" + echo "${1}" >"${CERT_ELEMENT}" # We check all the elements of the chain (but the root) for revocation # If any element is revoked, the certificate should not be trusted @@ -808,18 +1350,14 @@ # See https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html - CRL_URI=$( "${OPENSSL}" x509 -noout -text -in "${CERT_ELEMENT}" | - grep -F -A 4 'X509v3 CRL Distribution Points' | - grep -F URI | - sed 's/^.*URI://' - ) - if [ -n "${CRL_URI}" ] ; then + CRL_URI="$(extract_cert_attribute 'crl_uri' "${CERT_ELEMENT}")" + if [ -n "${CRL_URI}" ]; then - debuglog "Certificate revokation list available (${CRL_URI})" + debuglog "Certificate revocation list available (${CRL_URI})." debuglog "CRL: fetching CRL ${CRL_URI} to ${CRL_TMP_DER}" - if [ -n "${CURL_USER_AGENT}" ] ; then + if [ -n "${CURL_USER_AGENT}" ]; then exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --user-agent '${CURL_USER_AGENT}' --location \\\"${CRL_URI}\\\" > ${CRL_TMP_DER}" else exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --location \\\"${CRL_URI}\\\" > ${CRL_TMP_DER}" @@ -832,31 +1370,32 @@ # combine the certificate and the CRL debuglog "Combining the certificate, the CRL and the root cert" debuglog "cat ${CRL_TMP_PEM} ${CERT} ${ROOT_CA_FILE} > ${CRL_TMP_CHAIN}" - cat "${CRL_TMP_PEM}" "${CERT}" "${ROOT_CA_FILE}" > "${CRL_TMP_CHAIN}" + cat "${CRL_TMP_PEM}" "${CERT}" "${ROOT_CA_FILE}" >"${CRL_TMP_CHAIN}" debuglog "${OPENSSL} verify -crl_check -CRLfile ${CRL_TMP_PEM} ${CERT_ELEMENT}" - CRL_RESULT=$( "${OPENSSL}" verify -crl_check -CAfile "${CRL_TMP_CHAIN}" -CRLfile "${CRL_TMP_PEM}" "${CERT_ELEMENT}" 2>&1 | - grep -F ':' | - head -n 1 | - sed 's/^.*:\ //' - ) + CRL_RESULT=$( + "${OPENSSL}" verify -crl_check -CAfile "${CRL_TMP_CHAIN}" -CRLfile "${CRL_TMP_PEM}" "${CERT_ELEMENT}" 2>&1 | + grep -F ':' | + head -n 1 | + sed 's/^.*:\ //' + ) debuglog " result: ${CRL_RESULT}" - if ! [ "${CRL_RESULT}" = 'OK' ] ; then + if ! [ "${CRL_RESULT}" = 'OK' ]; then prepend_critical_message "certificate element ${el_number} is revoked (CRL)" fi else - debuglog "Certificate revokation list not available" + debuglog "Certificate revocation list not available" fi } ################################################################################ -# Checks cert revokation via OCSP +# Checks cert revocation via OCSP # Params # $1 cert # $2 element number @@ -873,25 +1412,26 @@ debuglog "Checking OCSP status of element ${el_number}" - create_temporary_file; CERT_ELEMENT=${TEMPFILE} + create_temporary_file + CERT_ELEMENT=${TEMPFILE} debuglog "Storing the chain element in ${CERT_ELEMENT}" - echo "${1}" > "${CERT_ELEMENT}" + echo "${1}" >"${CERT_ELEMENT}" ################################################################################ # Check revocation via OCSP if [ -n "${OCSP}" ]; then - debuglog "Checking revokation via OCSP" + debuglog "Checking revocation via OCSP" - ISSUER_HASH="$(${OPENSSL} x509 -in "${CERT_ELEMENT}" -noout -issuer_hash)" + ISSUER_HASH="$(extract_cert_attribute 'issuer_hash' "${CERT_ELEMENT}")" debuglog "Issuer hash: ${ISSUER_HASH}" - if [ -z "${ISSUER_HASH}" ] ; then + if [ -z "${ISSUER_HASH}" ]; then unknown 'unable to find issuer certificate hash.' fi ISSUER_CERT= - if [ -n "${ISSUER_CERT_CACHE}" ] ; then + if [ -n "${ISSUER_CERT_CACHE}" ]; then if [ -r "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" ]; then @@ -903,69 +1443,78 @@ debuglog "Not found cached Issuer Certificate: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" - fi fi - # shellcheck disable=SC2086,SC2016 - ELEMENT_ISSUER_URIS="$( ${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -text -noout -in ${CERT_ELEMENT} | grep -F "CA Issuers" | grep -F -i "http" | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;${}<>`&')" + ELEMENT_ISSUER_URIS="$(extract_cert_attribute 'issuer_uri' "${CERT_ELEMENT}")" - if [ -z "${ELEMENT_ISSUER_URIS}" ] ; then - verboselog "cannot find the CA Issuers in the certificate: disabling OCSP checks on element ${el_number}" + if [ -z "${ELEMENT_ISSUER_URIS}" ]; then + verboselog "Warning cannot find the CA Issuers in the certificate chain element ${el_number}: disabling OCSP checks on chain element ${el_number}" return fi debuglog "Chain element issuer URIs: ${ELEMENT_ISSUER_URIS}" - for ELEMENT_ISSUER_URI in ${ELEMENT_ISSUER_URIS} ; do + for ELEMENT_ISSUER_URI in ${ELEMENT_ISSUER_URIS}; do + debuglog "checking issuer URIs: ${ELEMENT_ISSUER_URI}" # shellcheck disable=SC2021 - if [ "${ELEMENT_ISSUER_URI}" != "$(echo "${ELEMENT_ISSUER_URI}" | tr -d '[[:space:]]')" ]; then - verboselog "unable to fetch the CA issuer certificate (spaces in URI): skipping" + ELEMENT_ISSUER_URI_WO_SPACES_TMP="$(echo "${ELEMENT_ISSUER_URI}" | tr -d '[[:space:]]')" + if [ "${ELEMENT_ISSUER_URI}" != "${ELEMENT_ISSUER_URI_WO_SPACES_TMP}" ]; then + verboselog "Warning: unable to fetch the CA issuer certificate (spaces in URI): skipping" continue - elif ! echo "${ELEMENT_ISSUER_URI}" | grep -q -i '^http' ; then - verboselog "unable to fetch the CA issuer certificate (unsupported protocol): skipping" + elif ! echo "${ELEMENT_ISSUER_URI}" | grep -q -i '^http'; then + verboselog "Warning: unable to fetch the CA issuer certificate (unsupported protocol): skipping" continue fi - - if [ -z "${ISSUER_CERT}" ] ; then + if [ -z "${ISSUER_CERT}" ]; then debuglog "OCSP: fetching issuer certificate ${ELEMENT_ISSUER_URI} to ${ISSUER_CERT_TMP}" - if [ -n "${CURL_USER_AGENT}" ] ; then + if [ -n "${CURL_USER_AGENT}" ]; then exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --user-agent '${CURL_USER_AGENT}' --location \\\"${ELEMENT_ISSUER_URI}\\\" > ${ISSUER_CERT_TMP}" else exec_with_timeout "${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent --location \\\"${ELEMENT_ISSUER_URI}\\\" > ${ISSUER_CERT_TMP}" fi - debuglog "OCSP: issuer certificate type (1): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )" + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}" | sed 's/.*://')" + debuglog "OCSP: issuer certificate type (1): ${TYPE_TMP}" - if echo "${ELEMENT_ISSUER_URI}" | grep -F -q 'p7c' ; then + if echo "${ELEMENT_ISSUER_URI}" | grep -F -q 'p7c'; then debuglog "OCSP: converting issuer certificate from PKCS #7 to PEM" + open_for_writing "${ISSUER_CERT_TMP2}" cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}" ${OPENSSL} pkcs7 -print_certs -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}" fi - debuglog "OCSP: issuer certificate type (2): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )" + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}" | sed 's/.*://')" + debuglog "OCSP: issuer certificate type (2): ${TYPE_TMP}" + + # check for errors + if "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q HTML; then + debuglog "OCSP: HTML page returned instead of a certificate" + unknown "Unable to fetch a valid certificate issuer certificate (HTML page returned)." + fi # check the result - if ! "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q ': (ASCII|PEM)' ; then + if ! "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q '(ASCII|PEM)'; then - if "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q '(data|Certificate)' ; then + if "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q '(data|Certificate)'; then debuglog "OCSP: converting issuer certificate from DER to PEM" + open_for_writing "${ISSUER_CERT_TMP2}" cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_TMP2}" ${OPENSSL} x509 -inform DER -outform PEM -in "${ISSUER_CERT_TMP2}" -out "${ISSUER_CERT_TMP}" - elif "${FILE_BIN}" "${ISSUER_CERT_TMP}" | grep -E -q 'empty' ; then + elif "${FILE_BIN}" -L -b "${ISSUER_CERT_TMP}" | grep -E -q 'empty'; then # empty certs are allowed debuglog "OCSP empty certificate detected: skipping" @@ -973,7 +1522,8 @@ else - debuglog "OCSP: complete issuer certificate type $( ${FILE_BIN} "${ISSUER_CERT_TMP}" )" + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}")" + debuglog "OCSP: complete issuer certificate type ${TYPE_TMP}" unknown "Unable to fetch a valid certificate issuer certificate." @@ -981,30 +1531,33 @@ fi - debuglog "OCSP: issuer certificate type (3): $(${FILE_BIN} "${ISSUER_CERT_TMP}" | sed 's/.*://' )" + TYPE_TMP="$(${FILE_BIN} -L -b "${ISSUER_CERT_TMP}" | sed 's/.*://')" + debuglog "OCSP: issuer certificate type (3): ${TYPE_TMP}" - if [ -n "${DEBUG_CERT}" ] ; then + if [ -n "${DEBUG_CERT}" ]; then # remove trailing / FILE_NAME=${ELEMENT_ISSUER_URI%/} # remove everything up to the last slash - FILE_NAME="${FILE_NAME##*/}" + FILE_NAME="${FILE_NAME##*/}".crt debuglog "OCSP: storing a copy of the retrieved issuer certificate to ${FILE_NAME} for debugging purposes" + open_for_writing "${FILE_NAME}" cp "${ISSUER_CERT_TMP}" "${FILE_NAME}" fi - if [ -n "${ISSUER_CERT_CACHE}" ] ; then + if [ -n "${ISSUER_CERT_CACHE}" ]; then if [ ! -w "${ISSUER_CERT_CACHE}" ]; then - unknown "Issuer certificates cache ${ISSUER_CERT_CACHE} is not writeable!" + unknown "Issuer certificates cache ${ISSUER_CERT_CACHE} is not writable!" fi debuglog "Storing Issuer Certificate to cache: ${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" + open_for_writing "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" cp "${ISSUER_CERT_TMP}" "${ISSUER_CERT_CACHE}/${ISSUER_HASH}.crt" fi @@ -1013,36 +1566,35 @@ fi - done - # shellcheck disable=SC2086 - OCSP_URIS="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT_ELEMENT}" -ocsp_uri -noout)" + OCSP_URIS="$(extract_cert_attribute 'oscp_uri' "${CERT_ELEMENT}")" debuglog "OCSP: URIs = ${OCSP_URIS}" - for OCSP_URI in ${OCSP_URIS} ; do + for OCSP_URI in ${OCSP_URIS}; do debuglog "OCSP: URI = ${OCSP_URI}" - OCSP_HOST="$(echo "${OCSP_URI}" | sed -e "s@.*//\\([^/]\\+\\)\\(/.*\\)\\?\$@\\1@g" | sed 's/^http:\/\///' | sed 's/\/.*//' )" + OCSP_HOST="$(echo "${OCSP_URI}" | sed -e 's@.*//\([^/]\+\)\(/.*\)\?$@\1@g' | sed 's/^http:\/\///' | sed 's/\/.*//')" debuglog "OCSP: host = ${OCSP_HOST}" - if [ -n "${OCSP_HOST}" ] ; then + if [ -n "${OCSP_HOST}" ]; then # check if -header is supported OCSP_HEADER="" # ocsp -header is supported in OpenSSL versions from 1.0.0, but not documented until 1.1.0 # so we check if the major version is greater than 0 - if "${OPENSSL}" version | grep -q '^LibreSSL' || [ "$( ${OPENSSL} version | sed -e 's/OpenSSL \([0-9]\).*/\1/g' )" -gt 0 ] ; then + OPENSSL_VERSION_TMP="$(${OPENSSL} version | sed -e 's/OpenSSL \([0-9]\).*/\1/g')" + if "${OPENSSL}" version | grep -q '^LibreSSL' || [ "${OPENSSL_VERSION_TMP}" -gt 0 ]; then debuglog "openssl ocsp supports the -header option" # the -header option was first accepting key and value separated by space. The newer versions are using key=value KEYVALUE="" - if ${OPENSSL} ocsp -help 2>&1 | grep -F header | grep -F -q 'key=value' ; then + if ${OPENSSL} ocsp -help 2>&1 | grep -F header | grep -F -q 'key=value'; then debuglog "${OPENSSL} ocsp -header requires 'key=value'" KEYVALUE=1 else @@ -1051,96 +1603,100 @@ # http_proxy is sometimes lower- and sometimes uppercase. Programs usually check both # shellcheck disable=SC2154 - if [ -n "${http_proxy}" ] ; then + if [ -n "${http_proxy}" ]; then HTTP_PROXY="${http_proxy}" fi - if [ -n "${HTTP_PROXY:-}" ] ; then - OCSP_PROXY_ARGUMENT="$( echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//' )" + if [ -n "${HTTP_PROXY:-}" ]; then + OCSP_PROXY_ARGUMENT="$(echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//')" - if [ -n "${KEYVALUE}" ] ; then + if [ -n "${KEYVALUE}" ]; then debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -host \"${OCSP_PROXY_ARGUMENT}\" -path ${OCSP_URI} -header HOST=${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1 )" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST="${OCSP_HOST}" 2>&1)" else debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -host \"${OCSP_PROXY_ARGUMENT}\" -path ${OCSP_URI} -header HOST ${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${OCSP_PROXY_ARGUMENT}" -path "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1)" fi else - if [ -n "${KEYVALUE}" ] ; then + if [ -n "${KEYVALUE}" ]; then debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST=${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1 )" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header "HOST=${OCSP_HOST}" 2>&1)" else debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer ${ISSUER_CERT} -cert ${CERT_ELEMENT} -url ${OCSP_URI} ${OCSP_HEADER} -header HOST ${OCSP_HOST}" - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1 )" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" -header HOST "${OCSP_HOST}" 2>&1)" fi fi - debuglog "$(echo "${OCSP_RESP}" | sed 's/^/OCSP: response = /')" + MESSAGE_TMP="$(echo "${OCSP_RESP}" | sed 's/^/OCSP: response = /')" + debuglog "${MESSAGE_TMP}" - if [ -n "${OCSP_IGNORE_TIMEOUT}" ] && echo "${OCSP_RESP}" | grep -F -q -i "timeout on connect" ; then + if [ -n "${OCSP_IGNORE_TIMEOUT}" ] && echo "${OCSP_RESP}" | grep -F -q -i "timeout on connect"; then debuglog 'OCSP: Timeout on connect' - elif echo "${OCSP_RESP}" | grep -F -q -i "revoked" ; then + elif echo "${OCSP_RESP}" | grep -F -q -i "revoked"; then debuglog 'OCSP: revoked' prepend_critical_message "certificate element ${el_number} is revoked (OCSP)" - elif ! echo "${OCSP_RESP}" | grep -F -q -i "good" ; then + elif echo "${OCSP_RESP}" | grep -F -q -i "internalerror" && [ -n "${OCSP_IGNORE_ERRORS}" ]; then + + verbose 'warning: the OCSP server returned an internal error' + + elif ! echo "${OCSP_RESP}" | grep -F -q -i "good"; then debuglog "OCSP: not good. HTTP_PROXY = ${HTTP_PROXY}" - if [ -n "${HTTP_PROXY:-}" ] ; then + if [ -n "${HTTP_PROXY:-}" ]; then debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT_ELEMENT}]\" -host \"${HTTP_PROXY#*://}\" -path \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1" - if [ -n "${OCSP_HEADER}" ] ; then - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" + if [ -n "${OCSP_HEADER}" ]; then + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" "${OCSP_HEADER}" 2>&1)" else - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" 2>&1 )" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -host "${HTTP_PROXY#*://}" -path "${OCSP_URI}" 2>&1)" fi else debuglog "executing ${OPENSSL} ocsp -timeout \"${TIMEOUT}\" -no_nonce -issuer \"${ISSUER_CERT}\" -cert \"${CERT_ELEMENT}\" -url \"${OCSP_URI}\" \"${OCSP_HEADER}\" 2>&1" - if [ -n "${OCSP_HEADER}" ] ; then - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1 )" + if [ -n "${OCSP_HEADER}" ]; then + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" "${OCSP_HEADER}" 2>&1)" else - OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" 2>&1 )" + OCSP_RESP="$(${OPENSSL} ocsp -timeout "${TIMEOUT}" -no_nonce -issuer "${ISSUER_CERT}" -cert "${CERT_ELEMENT}" -url "${OCSP_URI}" 2>&1)" fi fi - verboselog "OCSP Error: ${OCSP_RESP}" - prepend_critical_message "OCSP error (-v for details)" fi else - verboselog "openssl ocsp does not support the -header option: disabling OCSP checks" + verboselog "Warning: openssl ocsp does not support the -header option: disabling OCSP checks" fi else - verboselog "no OCSP host found: disabling OCSP checks" + verboselog "Warning: no OCSP host found: disabling OCSP checks" fi done + verboselog "OCSP check for element ${el_number} OK" + fi } - ################################################################################ # Checks cert end date validity # Params @@ -1148,19 +1704,36 @@ # $2 element number # Returns number of days check_cert_end_date() { + el_number=1 if [ -n "$2" ]; then el_number=$2 + else + debuglog "No certificate element specified: default 1" fi - debuglog "Checking expiration date of element ${el_number}" + replace_current_message='' - # shellcheck disable=SC2086 - ELEM_END_DATE=$(echo "${1}" | "${OPENSSL}" "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -noout "${OPENSSL_ENDDATE_OPTION}" | sed -e "s/.*=//") - debuglog "Validity date on cert element ${el_number} is ${ELEM_END_DATE}" + element_cn=$(extract_cert_attribute 'cn' "${1}") + debuglog "Checking expiration date of element ${el_number} (${element_cn})" + + ELEM_END_DATE="$(extract_cert_attribute 'enddate' "$1")" + debuglog "Validity date on cert element ${el_number} (${element_cn}) is ${ELEM_END_DATE}" HOURS_UNTIL=$(hours_until "${ELEM_END_DATE}") - ELEM_DAYS_VALID=$(( HOURS_UNTIL / 24 )) + + ELEM_DAYS_VALID=$((HOURS_UNTIL / 24)) + ELEM_SECONDS_VALID=$((HOURS_UNTIL * 3600)) + + add_prometheus_days_output_line "cert_days_chain_elem{cn=\"${CN}\", element=${el_number}} ${ELEM_DAYS_VALID}" + + debuglog " valid for ${ELEM_DAYS_VALID} days" + + if [ -z "${EARLIEST_VALIDITY_HOURS}" ] || [ "${HOURS_UNTIL}" -lt "${EARLIEST_VALIDITY_HOURS}" ]; then + EARLIEST_VALIDITY_HOURS="${HOURS_UNTIL}" + replace_current_message='yes' + fi + if [ -z "${DAYS_VALID}" ] || [ "${ELEM_DAYS_VALID}" -lt "${DAYS_VALID}" ]; then DAYS_VALID="${ELEM_DAYS_VALID}" fi @@ -1170,39 +1743,59 @@ if [ "${OPENSSL_COMMAND}" = "x509" ]; then # x509 certificates (default) # We always check expired certificates - debuglog "executing: ${OPENSSL} x509 -noout -checkend 0 on cert element ${el_number}" - if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend 0 > /dev/null ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} is expired (was valid until ${ELEM_END_DATE})" + debuglog "executing: ${OPENSSL} x509 -noout -checkend 0 on cert element ${el_number} (${element_cn})" + if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend 0 >/dev/null; then + if [ "${ELEM_DAYS_VALID}" -eq 0 ]; then + DAYS_AGO='today' + elif [ "${ELEM_DAYS_VALID}" -eq -1 ]; then + DAYS_AGO='yesterday' + else + DAYS_AGO="$((-ELEM_DAYS_VALID)) days ago" + fi + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) is expired (was valid until ${ELEM_END_DATE}, ${DAYS_AGO})" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" return 2 fi - if [ -n "${CRITICAL_DAYS}" ] ; then + if [ -n "${CRITICAL_DAYS}" ] && [ -n "${CRITICAL_SECONDS}" ]; then - debuglog "executing: ${OPENSSL} x509 -noout -checkend $(( CRITICAL_DAYS * 86400 )) on cert element ${el_number}" + debuglog "executing: ${OPENSSL} x509 -noout -checkend ${CRITICAL_SECONDS} on cert element ${el_number} (${element_cn})" - if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend $(( CRITICAL_DAYS * 86400 )) > /dev/null ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" + if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend "${CRITICAL_SECONDS}" >/dev/null; then + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" return 2 fi fi - if [ -n "${WARNING_DAYS}" ] ; then + if [ -n "${WARNING_DAYS}" ] && [ -n "${WARNING_SECONDS}" ]; then - debuglog "executing: ${OPENSSL} x509 -noout -checkend $(( WARNING_DAYS * 86400 )) on cert element ${el_number}" + debuglog "executing: ${OPENSSL} x509 -noout -checkend ${WARNING_SECONDS} on cert element ${el_number}" - if ! echo "$1" | ${OPENSSL} x509 -noout -checkend $(( WARNING_DAYS * 86400 )) > /dev/null ; then - append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" + if ! echo "${1}" | ${OPENSSL} x509 -noout -checkend "${WARNING_SECONDS}" >/dev/null; then + append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 1" return 1 fi fi - if [ -n "${NOT_VALID_LONGER_THAN}" ] ; then + if [ -n "${NOT_VALID_LONGER_THAN}" ]; then debuglog "checking if the certificate is valid longer than ${NOT_VALID_LONGER_THAN} days" debuglog " valid for ${DAYS_VALID} days" - if [ "${DAYS_VALID}" -gt "${NOT_VALID_LONGER_THAN}" ] ; then + if [ "${DAYS_VALID}" -gt "${NOT_VALID_LONGER_THAN}" ]; then debuglog "Certificate expires in ${DAYS_VALID} days which is more than ${NOT_VALID_LONGER_THAN} days" - prepend_critical_message "Certificate expires in ${DAYS_VALID} days which is more than ${NOT_VALID_LONGER_THAN} days" + prepend_critical_message "Certificate expires in ${DAYS_VALID} days which is more than ${NOT_VALID_LONGER_THAN} days" "${replace_current_message}" + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" return 2 fi fi @@ -1210,29 +1803,46 @@ # CRL certificates # We always check expired certificates - if [ "${ELEM_DAYS_VALID}" -lt 1 ] ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} is expired (was valid until ${ELEM_END_DATE})" + if [ "${ELEM_SECONDS_VALID}" -lt 1 ]; then + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) is expired (was valid until ${ELEM_END_DATE})" "${replace_current_message}" + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" return 2 fi - if [ -n "${CRITICAL_DAYS}" ] ; then - if [ "${ELEM_DAYS_VALID}" -lt "${CRITICAL_DAYS}" ] ; then - prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" + if [ -n "${CRITICAL_DAYS}" ] && [ -n "${CRITICAL_SECONDS}" ]; then + # When comparing, always use values in seconds, because values in days might be floating point numbers + if [ "${ELEM_SECONDS_VALID}" -lt "${CRITICAL_SECONDS}" ]; then + prepend_critical_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 2" return 2 fi fi - if [ -n "${WARNING_DAYS}" ] ; then - if [ "${ELEM_DAYS_VALID}" -lt "${WARNING_DAYS}" ] ; then - append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" + if [ -n "${WARNING_DAYS}" ] && [ -n "${WARNING_SECONDS}" ]; then + # When comparing, always use values in seconds, because values in days might be floating point numbers + if [ "${ELEM_SECONDS_VALID}" -lt "${WARNING_SECONDS}" ]; then + append_warning_message "${OPENSSL_COMMAND} certificate element ${el_number} (${element_cn}) will expire in ${ELEM_DAYS_VALID} day(s) on ${ELEM_END_DATE}" "${replace_current_message}" + if [ -z "${CN}" ]; then + CN='unavailable' + fi + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 1" return 1 fi fi fi -} + if [ -z "${CN}" ]; then + CN='unavailable' + fi + verboselog "Certificate element ${el_number} (${element_cn}) is valid for ${ELEM_DAYS_VALID} days" + add_prometheus_valid_output_line "cert_valid_chain_elem{cn=\"${CN}\", element=${el_number}} 0" + +} ################################################################################ # Converts SSL Labs or nmap grades to a numeric value @@ -1248,58 +1858,76 @@ unset NUMERIC_SSL_LAB_GRADE case "${GRADE}" in - 'A+'|'a+') - # Value not in documentation - NUMERIC_SSL_LAB_GRADE=85 - shift - ;; - A|a|strong|Strong) - NUMERIC_SSL_LAB_GRADE=80 - shift - ;; - 'A-'|'a-') - # Value not in documentation - NUMERIC_SSL_LAB_GRADE=75 - shift - ;; - B|b) - NUMERIC_SSL_LAB_GRADE=65 - shift - ;; - C|c|weak|Weak) - NUMERIC_SSL_LAB_GRADE=50 - shift - ;; - D|d) - NUMERIC_SSL_LAB_GRADE=35 - shift - ;; - E|e) - NUMERIC_SSL_LAB_GRADE=20 - shift - ;; - F|f) - NUMERIC_SSL_LAB_GRADE=0 - shift - ;; - T|t|unknown|Unknown) - # No trust: value not in documentation - NUMERIC_SSL_LAB_GRADE=0 - shift - ;; - M|m) - # Certificate name mismatch: value not in documentation - NUMERIC_SSL_LAB_GRADE=0 - shift - ;; - *) - unknown "Cannot convert SSL Lab grade ${GRADE}" - ;; + 'A+' | 'a+') + # Value not in documentation + NUMERIC_SSL_LAB_GRADE=85 + shift + ;; + A | a | strong | Strong) + NUMERIC_SSL_LAB_GRADE=80 + shift + ;; + 'A-' | 'a-') + # Value not in documentation + NUMERIC_SSL_LAB_GRADE=75 + shift + ;; + B | b) + NUMERIC_SSL_LAB_GRADE=65 + shift + ;; + C | c | weak | Weak) + NUMERIC_SSL_LAB_GRADE=50 + shift + ;; + D | d) + NUMERIC_SSL_LAB_GRADE=35 + shift + ;; + E | e) + NUMERIC_SSL_LAB_GRADE=20 + shift + ;; + F | f) + NUMERIC_SSL_LAB_GRADE=0 + shift + ;; + T | t | unknown | Unknown) + # No trust: value not in documentation + NUMERIC_SSL_LAB_GRADE=0 + shift + ;; + M | m) + # Certificate name mismatch: value not in documentation + NUMERIC_SSL_LAB_GRADE=0 + shift + ;; + *) + unknown "Cannot convert SSL Lab grade ${GRADE}" + ;; esac } ################################################################################ +# Check if the specified host is an IP (does not check the validity +# $1 string to check +is_ip() { + ARGUMENT=$1 + debuglog "Checking if ${ARGUMENT} is an IP address" + if [ "${ARGUMENT}" != "${ARGUMENT#*[0-9].[0-9]}" ]; then + debuglog "${ARGUMENT} is an IPv4 address" + echo '1' + elif [ "${ARGUMENT}" != "${ARGUMENT#*:[0-9a-fA-F]}" ]; then + debuglog "${ARGUMENT} is an IPv6 address" + echo '1' + else + debuglog "${ARGUMENT} is not an IP address" + echo '0' + fi +} + +################################################################################ # Tries to fetch the certificate fetch_certificate() { @@ -1308,125 +1936,187 @@ # IPv6 addresses need brackets in a URI if [ "${HOST_ADDR}" != "${HOST_ADDR#*[0-9].[0-9]}" ]; then - debuglog "${HOST_ADDR} is an IPv4 address" + debuglog "${HOST_ADDR} is an IPv4 address" elif [ "${HOST_ADDR}" != "${HOST_ADDR#*:[0-9a-fA-F]}" ]; then - debuglog "${HOST_ADDR} is an IPv6 address" - if [ -z "${HOST_ADDR##*\[*}" ] ; then - debuglog "${HOST_ADDR} is already specified with brackets" - else - debuglog "adding brackets to ${HOST_ADDR}" - HOST="[${HOST_ADDR}]" - fi + debuglog "${HOST_ADDR} is an IPv6 address" + if [ -z "${HOST_ADDR##*\[*}" ]; then + debuglog "${HOST_ADDR} is already specified with brackets" + else + debuglog "adding brackets to ${HOST_ADDR}" + HOST="[${HOST_ADDR}]" + fi else debuglog "${HOST_ADDR} is not an IP address" fi - if [ -n "${REQUIRE_OCSP_STAPLING}" ] ; then + if [ -n "${REQUIRE_OCSP_STAPLING}" ]; then STATUS='-status' fi - if [ "${DEBUG}" -ge 1 ] ; then - debuglog "Adding -ign_eof to the options" - IGN_EOF='-ign_eof' - fi + debuglog "fetch_certificate: PROTOCOL = ${PROTOCOL}" # Check if a protocol was specified (if not HTTP switch to TLS) - if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" != 'http' ] && [ "${PROTOCOL}" != 'https' ] && [ "${PROTOCOL}" != 'h2' ] ; then + if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" != 'http' ] && [ "${PROTOCOL}" != 'https' ] && [ "${PROTOCOL}" != 'h2' ]; then case "${PROTOCOL}" in - pop3|ftp) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - pop3s|ftps) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - smtp) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - smtps) - exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - irc|ldap) - exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - ircs|ldaps) - exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - imap) - exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - imaps) - exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - postgres) - exec_with_timeout "printf 'X\\0\\0\\0\\4' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - sieve) - exec_with_timeout "echo 'LOGOUT' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - xmpp|xmpp-server) - exec_with_timeout "echo 'Q' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${XMPPPORT} ${XMPPHOST} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - mysql) - exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" - RET=$? - ;; - *) - unknown "Error: unsupported protocol ${PROTOCOL}" - ;; + pop3 | ftp) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + pop3s | ftps) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + smtp) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + smtps) + exec_with_timeout "printf 'QUIT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} ${S_CLIENT_NAME} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + irc | ldap) + exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + ircs | ldaps) + exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + imap) + exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + imaps) + exec_with_timeout "printf 'A01 LOGOUT\\n' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + postgres) + exec_with_timeout "printf 'X\\0\\0\\0\\4' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + sieve) + exec_with_timeout "echo 'LOGOUT' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + xmpp | xmpp-server) + exec_with_timeout "echo 'Q' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${XMPPPORT} ${XMPPHOST} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + mysql) + exec_with_timeout "echo | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -starttls ${PROTOCOL} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" + RET=$? + ;; + *) + unknown "Error: unsupported protocol ${PROTOCOL}" + ;; esac - elif [ -n "${FILE}" ] ; then + elif [ -n "${FILE}" ]; then - if [ "${HOST_NAME}" = "localhost" ] ; then + if [ "${HOST_NAME}" = "localhost" ]; then debuglog "check if we have to convert the file ${FILE} to PEM" - debuglog "certificate type (1): $(${FILE_BIN} "${FILE}" | sed 's/.*://' )" + TYPE_TMP="$(${FILE_BIN} -L -b "${FILE}" | sed 's/.*://')" + debuglog "certificate type (1): ${TYPE_TMP}" + create_temporary_file + CONVERSION_ERROR=${TEMPFILE} - if echo "${FILE}" | grep -q -E '[.](p12|pfx)$' ; then + if echo "${FILE}" | grep -q -E '[.](p12|pfx)$'; then debuglog 'converting PKCS #12 to PEM' - create_temporary_file; PKCS12_ERROR=${TEMPFILE} - - if [ -n "${PASSWORD_SOURCE}" ] ; then - debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys -passin ${PASSWORD_SOURCE}" - "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys -passin "${PASSWORD_SOURCE}" 2> "${PKCS12_ERROR}" + if [ -n "${PASSWORD_SOURCE}" ]; then + debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys -passin ${PASSWORD_SOURCE}" + "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys -passin "${PASSWORD_SOURCE}" 2>"${CONVERSION_ERROR}" else - debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys" - "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys 2> "${PKCS12_ERROR}" + debuglog "executing ${OPENSSL} pkcs12 -in ${FILE} -out ${CERT} -nokeys" + "${OPENSSL}" pkcs12 -in "${FILE}" -out "${CERT}" -nokeys 2>"${CONVERSION_ERROR}" fi - if [ $? -eq 1 ] ; then - unknown "Error converting ${FILE}: $( head -n 1 "${PKCS12_ERROR}" ) " + if [ $? -eq 1 ]; then + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + unknown "Error converting ${FILE}: ${CONVERSION_ERROR_TMP}" fi - elif "${FILE_BIN}" "${FILE}" | grep -q -E '(data|Certificate)' ; then + elif "${FILE_BIN}" -L -b "${FILE}" | grep -q -E '(data|Certificate)'; then debuglog 'converting DER to PEM' - "${OPENSSL}" x509 -inform der -in "${FILE}" -out "${CERT}" + "${OPENSSL}" x509 -inform der -in "${FILE}" -out "${CERT}" 2>"${CONVERSION_ERROR}" + + if [ $? -eq 1 ]; then + + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + debuglog "Error converting ${FILE}: ${CONVERSION_ERROR_TMP}" + debuglog "Checking if ${FILE} is DER encoded CRL" + + if "${OPENSSL}" crl -in "${FILE}" -inform DER 2>/dev/null | grep -F -q "BEGIN X509 CRL"; then + + debuglog "The input file is a CRL in DER format: converting to PEM" + + debuglog "Executing ${OPENSSL} crl -inform der -in ${FILE} -out ${CERT} 2> /dev/null" + "${OPENSSL}" crl -inform der -in "${FILE}" -out "${CERT}" 2>"${CONVERSION_ERROR}" + + if [ $? -eq 1 ]; then + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + unknown "Error converting CRL ${FILE}: ${CONVERSION_ERROR_TMP}" + fi + + else + CONVERSION_ERROR_TMP="$(head -n 1 "${CONVERSION_ERROR}")" + unknown "Error converting ${FILE}: ${CONVERSION_ERROR_TMP}" + fi + + fi else debuglog "Copying the certificate to ${CERT}" - /bin/cat "${FILE}" > "${CERT}" + /bin/cat "${FILE}" >"${CERT}" RET=$? fi debuglog "storing the certificate to ${CERT}" - debuglog "certificate type (2): $(${FILE_BIN} "${CERT}" | sed 's/.*://' )" + TYPE_TMP="$(${FILE_BIN} -L -b "${CERT}" | sed 's/.*://')" + debuglog "certificate type (2): ${TYPE_TMP}" + + if ! grep -q -F 'CRL' "${CERT}"; then + + NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") + + if [ "${NUM_CERTIFICATES}" -gt 1 ]; then + debuglog "Certificate seems to be ca ca-bundle, splitting it" + + create_temporary_file + USER_CERTIFICATE=${TEMPFILE} + sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="1" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}' >"${USER_CERTIFICATE}" + + create_temporary_file + INTERMEDIATE_CERTIFICATES=${TEMPFILE} + sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="2" '/-BEGIN CERTIFICATE-/{l++} (l>=n) {print}' >"${INTERMEDIATE_CERTIFICATES}" + VERIFY_COMMAND="${OPENSSL} verify ${ROOT_CA} -untrusted ${INTERMEDIATE_CERTIFICATES} ${USER_CERTIFICATE}" + else + debuglog "Certificate does not contain any intermediates, checking the chain will probably fail." + VERIFY_COMMAND="${OPENSSL} verify ${ROOT_CA} ${CERT}" + fi + + # verify the local certificate + debuglog "verifying the certificate" + debuglog " ${VERIFY_COMMAND} 2> ${ERROR} 1>&2" + + # on older versions of OpenSSL write the error on standard input + # shellcheck disable=SC2086 + ${VERIFY_COMMAND} 2>"${ERROR}" 1>&2 + RET=$? + + else + + debuglog "skipping verification on CRL" + + fi else unknown "Error: option 'file' works with -H localhost only" @@ -1434,95 +2124,133 @@ else - if [ "${PROTOCOL}" = 'h2' ] ; then - ALPN='-alpn h2' - fi + if [ "${PROTOCOL}" = 'h2' ]; then + ALPN="-alpn h2" + fi - exec_with_timeout "printf '${HTTP_REQUEST}' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${IGN_EOF} ${ALPN} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -showcerts -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} 2> ${ERROR} 1> ${CERT}" + exec_with_timeout "printf '${HTTP_REQUEST}' | ${OPENSSL} s_client ${INETPROTO} ${CLIENT} ${CLIENTPASS} -crlf ${ALPN} -connect ${HOST_ADDR}:${PORT} ${SERVERNAME} ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT} -showcerts -verify 6 ${ROOT_CA} ${SSL_VERSION} ${SSL_VERSION_DISABLED} ${SSL_AU} ${STATUS} ${DANE} ${RENEGOTIATION} 2> ${ERROR} 1> ${CERT}" RET=$? fi - if [ -n "${DEBUG_CERT}" ] ; then + debuglog "Return value of the command = ${RET}" + + if [ -n "${DEBUG_CERT}" ]; then debuglog "storing a copy of the retrieved certificate in ${HOST_NAME}.crt for debugging purposes" + open_for_writing "${HOST_NAME}.crt" cp "${CERT}" "${HOST_NAME}.crt" debuglog "storing a copy of the OpenSSL errors in ${HOST_NAME}.error for debugging purposes" + open_for_writing "${HOST_NAME}.error" cp "${ERROR}" "${HOST_NAME}.error" fi - debuglog "Return value of the command = ${RET}" - - if [ "${RET}" -ne 0 ] ; then + if [ "${RET}" -ne 0 ]; then - debuglog "$(sed 's/^/SSL error: /' "${ERROR}")" + MESSAGE_TMP="$(sed 's/^/SSL error: /' "${ERROR}")" + debuglog "${MESSAGE_TMP}" # s_client could verify the server certificate because the server requires a client certificate - if ascii_grep '^Client Certificate Types' "${CERT}" ; then + if ascii_grep '^Client Certificate Types' "${CERT}"; then - verboselog "the server requires a client certificate" + verboselog "Warning: the server requires a client certificate" elif ascii_grep 'nodename\ nor\ servname\ provided,\ or\ not\ known' "${ERROR}" || - ascii_grep 'connect\ argument\ or\ target\ parameter\ malformed\ or\ ambiguous' "${ERROR}" ; then + ascii_grep 'Name or service not known' "${ERROR}" || + ascii_grep 'connect\ argument\ or\ target\ parameter\ malformed\ or\ ambiguous' "${ERROR}"; then ERROR="${HOST_ADDR} is not a valid hostname" prepend_critical_message "${ERROR}" critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - elif ascii_grep 'Connection\ refused' "${ERROR}" ; then + elif ascii_grep 'Connection\ refused' "${ERROR}"; then ERROR='Connection refused' prepend_critical_message "${ERROR}" critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - elif ascii_grep 'Connection timed out' "${ERROR}" ; then + elif ascii_grep 'Connection timed out' "${ERROR}"; then - ERROR='OpenSSL connection timed out' - prepend_critical_message "${ERROR}" + ERROR='OpenSSL connection timed out' + prepend_critical_message "${ERROR}" critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - elif ascii_grep 'dh\ key\ too\ small' "${ERROR}" ; then + elif ascii_grep 'unable to get local issuer certificate' "${ERROR}"; then + + if [ -z "${IGNORE_INCOMPLETE_CHAIN}" ]; then + prepend_critical_message 'Error verifying the certificate chain' + fi + + elif ascii_grep 'self[ -]signed certificate' "${ERROR}"; then + + if [ -z "${SELFSIGNED}" ]; then + prepend_critical_message 'Self signed certificate' + fi + + elif ascii_grep 'dh\ key\ too\ small' "${ERROR}"; then prepend_critical_message 'DH with a key too small' - elif ascii_grep 'alert\ handshake\ failure' "${ERROR}" ; then + elif ascii_grep 'alert\ handshake\ failure' "${ERROR}"; then prepend_critical_message 'Handshake failure' - elif ascii_grep 'wrong\ version\ number' "${ERROR}" ; then + elif ascii_grep 'wrong\ version\ number' "${ERROR}"; then prepend_critical_message 'No TLS connection possible' - elif ascii_grep 'Operation\ timed\ out' "${ERROR}" ; then + elif ascii_grep 'tlsv1 alert decode error' "${ERROR}"; then + + prepend_critical_message 'Error decoding certificate' + + elif ascii_grep 'gethostbyname failure' "${ERROR}"; then + + ERROR='Invalid host name' + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep 'Operation\ timed\ out' "${ERROR}"; then ERROR='OpenSSL timed out' prepend_critical_message "${ERROR}" critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - elif ascii_grep 'write:errno=54' "${ERROR}" ; then + elif ascii_grep 'write:errno=54' "${ERROR}"; then - ERROR='No certificate returned (SNI reqired?)' + ERROR='No certificate returned (SNI required?)' prepend_critical_message "${ERROR}" critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" - elif ascii_grep "Didn't find STARTTLS in server response, trying anyway..." "${ERROR}" ; then + elif ascii_grep "Didn't find STARTTLS in server response, trying anyway..." "${ERROR}"; then ERROR="Didn't find STARTTLS in server response" prepend_critical_message "${ERROR}" critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + elif ascii_grep "unsafe legacy renegotiation disabled" "${ERROR}"; then + + ERROR="The server does not support the Renegotiation Indication Extension" + prepend_critical_message "${ERROR}" + critical "SSL_CERT CRITICAL ${HOST_NAME}: ${ERROR}" + + elif ascii_grep "no certificate or crl found" "${ERROR}"; then + + ERROR="Cannot read or parse the supplied certificate (e.g., root certificate)" + prepend_critical_message "${ERROR}" + critical "SSL_CERT_CRITICAL ${HOST_NAME}: ${ERROR}" + else # Try to clean up the error message # Remove the 'verify and depth' lines # Take the 1st line (seems OK with the use cases I tested) ERROR_MESSAGE=$( - grep -v '^depth' "${ERROR}" \ - | grep -v '^verify' \ - | head -n 1 - ) + grep -v '^depth' "${ERROR}" | + grep -v '^verify' | + head -n 1 + ) debuglog "Unknown error: ${ERROR_MESSAGE}" @@ -1532,10 +2260,20 @@ else - if ascii_grep usage "${ERROR}" && [ "${PROTOCOL}" = "ldap" ] ; then + if ascii_grep usage "${ERROR}" && [ "${PROTOCOL}" = "ldap" ]; then unknown "it seems that OpenSSL -starttls does not support yet LDAP" fi + NEGOTIATED_PROTOCOL=$( grep -F 'ALPN protocol' "${CERT}" | sed 's/^ALPN protocol:\ //' ) + debuglog "Negotiated protocol: ${NEGOTIATED_PROTOCOL}" + + # check if the protocol was really HTTP/2 + if [ "${PROTOCOL}" = 'h2' ]; then + if ! grep -q -F 'ALPN protocol: h2' "${CERT}"; then + prepend_critical_message 'The server does not support HTTP/2' + fi + fi + fi } @@ -1543,7 +2281,7 @@ ################################################################################ # Adds metric to performance data # Params -# $1 performance data in nagios plugin format, +# $1 performance data in Nagios plugin format, # see https://nagios-plugins.org/doc/guidelines.html#AEN200 add_performance_data() { if [ -z "${PERFORMANCE_DATA}" ]; then @@ -1559,7 +2297,8 @@ # $1 variable name (e.g. SHORTNAME) # $2 variable value (e.g. SSL_CERT) var_for_sed() { - echo "s|%$1%|$( echo "$2" | sed -e 's#|#\\\\|#g' )|g" + VALUE_TMP="$(echo "$2" | sed -e 's#|#\\\\|#g')" + echo "s|%$1%|${VALUE_TMP}|g" } ################################################################################ @@ -1573,18 +2312,19 @@ # $2 file # ascii_grep() { - tr -d '\000' < "$2" | grep -q "$1" + tr -d '\000' <"$2" | grep -q "$1" } ################################################################################ # Checks if there is an option argument (should not begin with -) # # Params -# $1 name of the option (e.g., '-w,--waring') to be used in the error message +# $1 name of the option (e.g., '-w,--warning') to be used in the error message # $2 next command line parameter check_option_argument() { - if [ -z "$2" ] || [ "${2%${2#?}}"x = '-x' ] ; then + # shellcheck disable=SC2295 + if [ -z "$2" ] || [ "${2%${2#?}}"x = '-x' ]; then unknown "'${1}' requires an argument" fi @@ -1597,584 +2337,705 @@ # $* options parse_command_line_options() { - COMMAND_LINE_ARGUMENTS=$* + COMMAND_LINE_ARGUMENTS=$* - while true; do + while true; do - case "$1" in + case "$1" in - ######################################## - # Options without arguments - - -A|--noauth) - NOAUTH=1 - shift - ;; - --all) - ALL=1 - shift - ;; - --altnames) - ALTNAMES=1 - shift - ;; - --check-ciphers-warnings) - CHECK_CIPHERS_WARNINGS=1 - shift - ;; - --crl) - CRL=1 - shift - ;; - -d|--debug) - DEBUG=$(( DEBUG + 1 )) - shift - ;; - --debug-cert) - DEBUG_CERT=1 - shift - ;; - -h|--help|-\?) - usage - ;; - --first-element-only) - FIRST_ELEMENT_ONLY=1 - shift - ;; - --force-perl-date) - FORCE_PERL_DATE=1 - shift - ;; - --http-use-get) - HTTP_METHOD="GET" - shift - ;; - --ignore-exp) - NOEXP=1 - shift - ;; - --ignore-altnames) - ALTNAMES= - shift - ;; - --ignore-host-cn) - COMMON_NAME= - ALTNAMES= - shift - ;; - --ignore-sig-alg) - NOSIGALG=1 - shift - ;; - --ignore-sct) - SCT= - shift - ;; - --ignore-ssl-labs-cache) - IGNORE_SSL_LABS_CACHE="&startNew=on" - shift - ;; - --ignore-tls-renegotiation) - IGNORE_TLS_RENEGOTIATION='1' - shift - ;; - --no-perf) - NO_PERF=1 - shift - ;; - --no-proxy) - NO_PROXY=1 - shift - ;; - --no-ssl2|--no_ssl2) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl2" - shift - ;; - --no-ssl3|--no_ssl3) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl3" - shift - ;; - --no-tls1|--no_tls1) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1" - shift - ;; - --no-tls1_1|--no_tls1_1) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_1" - shift - ;; - --no-tls1_2|--no_tls1_2) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_2" - shift - ;; - --no-tls1_3|--no_tls1_3) # we keep the old variant for compatibility - SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_3" - shift - ;; - -N|--host-cn) - COMMON_NAME="__HOST__" - shift - ;; - -s|--selfsigned) - SELFSIGNED=1 - shift - ;; - --rsa) - RSA=1 - shift - ;; - --require-no-ssl2) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv2" - shift - ;; - --require-no-ssl3) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv3" - shift - ;; - --require-no-tls1) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.0" - shift - ;; - --require-no-tls1_1) - DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.1" - shift - ;; - --require-ocsp-stapling) - REQUIRE_OCSP_STAPLING=1 - shift - ;; - --require-san) - REQUIRE_SAN=1 - shift - ;; - --ecdsa) - ECDSA=1 - shift - ;; - --ssl2) - SSL_VERSION="-ssl2" - shift - ;; - --ssl3) - SSL_VERSION="-ssl3" - shift - ;; - --tls1) - SSL_VERSION="-tls1" - shift - ;; - --tls1_1) - SSL_VERSION="-tls1_1" - shift - ;; - --tls1_2) - SSL_VERSION="-tls1_2" - shift - ;; - --tls1_3) - SSL_VERSION="-tls1_3" - shift - ;; - --ocsp) - # deprecated - shift - ;; - --ignore-ocsp) - OCSP="" - shift - ;; - --ignore-ocsp-timeout) - OCSP_IGNORE_TIMEOUT=1 - shift - ;; - --terse) - TERSE=1 - shift - ;; - -v|--verbose) - VERBOSE=$((VERBOSE+1)) - shift - ;; - -V|--version) - echo "check_ssl_cert version ${VERSION}" - exit "${STATUS_UNKNOWN}" - ;; - -4) - INETPROTO="-4" - shift - ;; - -6) - INETPROTO="-6" - shift - ;; + ######################################## + # Options without arguments + -A | --noauth) + NOAUTH=1 + shift + ;; + --all) + ALL=1 + shift + ;; + --all-local) + ALL_LOCAL=1 + shift + ;; + --allow-empty-san) + REQUIRE_SAN="" + shift + ;; + --altnames) + ALTNAMES=1 + shift + ;; + --check-ciphers-warnings) + CHECK_CIPHERS_WARNINGS=1 + shift + ;; + --crl) + CRL=1 + shift + ;; + -d | --debug) + DEBUG=$((DEBUG + 1)) + shift + ;; + --debug-cert) + DEBUG_CERT=1 + shift + ;; + --debug-time) + # start time + DEBUG_TIME=$(date +%s) + shift + ;; + -h | --help | -\?) + usage + ;; + --first-element-only) + FIRST_ELEMENT_ONLY=1 + shift + ;; + --force-dconv-date) + FORCE_DCONV_DATE=1 + shift + ;; + --force-perl-date) + FORCE_PERL_DATE=1 + shift + ;; + --http-use-get) + HTTP_METHOD="GET" + shift + ;; + --ignore-exp) + NOEXP=1 + shift + ;; + --ignore-altnames) + ALTNAMES= + shift + ;; + --ignore-host-cn) + COMMON_NAME= + ALTNAMES= + shift + ;; + --ignore-sig-alg) + NOSIGALG=1 + shift + ;; + --ignore-sct) + SCT= + shift + ;; + --ignore-ssl-labs-cache) + IGNORE_SSL_LABS_CACHE="&startNew=on" + shift + ;; + --ignore-tls-renegotiation) + IGNORE_TLS_RENEGOTIATION='1' + shift + ;; + --info) + INFO='1' + shift + ;; + --no-perf) + NO_PERF=1 + shift + ;; + --no-proxy) + NO_PROXY=1 + shift + ;; + --no-proxy-s_client) + NO_PROXY_S_CLIENT=1 + shift + ;; + --no-proxy-curl) + NO_PROXY_CURL=1 + shift + ;; + --no-ssl2 | --no_ssl2) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl2" + shift + ;; + --no-ssl3 | --no_ssl3) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl3" + shift + ;; + --no-tls1 | --no_tls1) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1" + shift + ;; + --no-tls1_1 | --no_tls1_1) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_1" + shift + ;; + --no-tls1_2 | --no_tls1_2) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_2" + shift + ;; + --no-tls1_3 | --no_tls1_3) + # we keep the old variant for compatibility + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_tls1_3" + shift + ;; + -N | --host-cn) + COMMON_NAME="__HOST__" + shift + ;; + --prometheus) + PROMETHEUS=1 + shift + ;; + --rsa) + RSA=1 + shift + ;; + --require-no-ssl2) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv2" + shift + ;; + --require-no-ssl3) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} SSLv3" + shift + ;; + --require-no-tls1) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.0" + shift + ;; + --require-no-tls1_1) + DISALLOWED_PROTOCOLS="${DISALLOWED_PROTOCOLS} TLSv1.1" + shift + ;; + --require-ocsp-stapling) + REQUIRE_OCSP_STAPLING=1 + shift + ;; + --require-san) + REQUIRE_SAN=1 + shift + ;; + -s | --selfsigned) + SELFSIGNED=1 + shift + ;; + --ecdsa) + ECDSA=1 + shift + ;; + --ssl2) + SSL_VERSION="-ssl2" + shift + ;; + --ssl3) + SSL_VERSION="-ssl3" + shift + ;; + --tls1) + SSL_VERSION="-tls1" + shift + ;; + --tls1_1) + SSL_VERSION="-tls1_1" + shift + ;; + --tls1_2) + SSL_VERSION="-tls1_2" + shift + ;; + --tls1_3) + SSL_VERSION="-tls1_3" + shift + ;; + --ocsp) + # deprecated + shift + ;; + --ignore-incomplete-chain) + IGNORE_INCOMPLETE_CHAIN=1 + shift + ;; + --ignore-ocsp) + OCSP="" + shift + ;; + --ignore-ocsp-errors) + OCSP_IGNORE_ERRORS=1 + shift + ;; + --ignore-ocsp-timeout) + OCSP_IGNORE_TIMEOUT=1 + shift + ;; + --terse) + TERSE=1 + shift + ;; + -v | --verbose) + VERBOSE=$((VERBOSE + 1)) + shift + ;; + -V | --version) + echo "check_ssl_cert version ${VERSION}" + exit "${STATUS_UNKNOWN}" + ;; + -4) + INETPROTO="-4" + shift + ;; + -6) + INETPROTO="-6" + shift + ;; - ######################################## - # Options with one argument + ######################################## + # Options with one argument - -c|--critical) - check_option_argument '-c,--critical' "$2" - CRITICAL_DAYS="$2" - shift 2 - ;; - --check-ciphers) - check_option_argument '--check-ciphers' "$2" - CHECK_CIPHERS="$2" - shift 2 - ;; - --curl-bin) - check_option_argument '--curl-bin' "$2" - CURL_BIN="$2" - shift 2 - ;; - --curl-user-agent) - check_option_argument '--curl-user-agent' "$2" - CURL_USER_AGENT="$2" - shift 2 - ;; - --custom-http-header) - check_option_argument '--custom-http-header' "$2" - CUSTOM_HTTP_HEADER="$2" - shift 2 - ;; - --date) - check_option_argument '--date' "$2" - DATEBIN="$2" - shift 2 - ;; - # Deprecated option: used to be as --warning - --days) - check_option_argument '--days' "$2" - WARNING_DAYS="$2" - shift 2 - ;; - --dig-bin) - check_option_argument '--dig-bin' "$2" - DIG_BIN="$2" - shift 2 - ;; - --inetproto) - check_option_argument '--inetproto' "$2" - INETPROTO="-$2" - shift 2 - ;; - --nmap-bin) - check_option_argument '--nmap-bin' "$2" - NMAP_BIN="$2" - ;; - -e|--email) - check_option_argument 'e|--email' "$2" - ADDR="$2" - shift 2 - ;; - -f|--file) - check_option_argument ' -f|--file' "$2" - FILE="$2" - COMMON_NAME= - ALTNAMES= - shift 2 - ;; - --file-bin) - check_option_argument '--file-bin' "$2" - FILE_BIN="$2" - shift 2 - ;; - --format) - check_option_argument '--format' "$2" - FORMAT="$2" - shift 2 - ;; - -H|--host) - check_option_argument '-H|--host' "$2" - HOST="$2" - shift 2 - ;; - -i|--issuer) - check_option_argument '-i|--issuer' "$2" - ISSUER="$2" - shift 2 - ;; - --issuer-cert-cache) - check_option_argument '--issuer-cert-cache' "$2" - ISSUER_CERT_CACHE="$2" - shift 2 - ;; - -L|--check-ssl-labs) - check_option_argument '-L|--check-ssl-labs' "$2" - SSL_LAB_CRIT_ASSESSMENT="$2" - shift 2 - ;; - --check-ssl-labs-warn) - check_option_argument '--check-ssl-labs-warn' "$2" - SSL_LAB_WARN_ASSESTMENT="$2" - shift 2 - ;; - --serial) - check_option_argument '--serial' "$2" - SERIAL_LOCK="$2" - shift 2 - ;; - --element) - check_option_argument '--element' "$2" - ELEMENT="$2" - shift 2 - ;; - --skip-element) - check_option_argument '--skip-element' "$2" + -c | --critical) + check_option_argument '-c,--critical' "$2" + CRITICAL_DAYS="$2" + CRITICAL_SECONDS=$(days_to_seconds "${CRITICAL_DAYS}") + shift 2 + ;; + --check-ciphers) + check_option_argument '--check-ciphers' "$2" + CHECK_CIPHERS="$2" + shift 2 + ;; + --curl-bin) + check_option_argument '--curl-bin' "$2" + CURL_BIN="$2" + shift 2 + ;; + --curl-user-agent) + check_option_argument '--curl-user-agent' "$2" + CURL_USER_AGENT="$2" + shift 2 + ;; + --custom-http-header) + check_option_argument '--custom-http-header' "$2" + CUSTOM_HTTP_HEADER="$2" + shift 2 + ;; + --date) + check_option_argument '--date' "$2" + DATEBIN="$2" + shift 2 + ;; + # Deprecated option: used to be as --warning + --days) + check_option_argument '--days' "$2" + WARNING_DAYS="$2" + WARNING_SECONDS=$(days_to_seconds "${WARNING_DAYS}") + shift 2 + ;; + --debug-file) + check_option_argument '--debug-file' "$2" + DEBUG_FILE="$2" + shift 2 + ;; + --dig-bin) + check_option_argument '--dig-bin' "$2" + DIG_BIN="$2" + shift 2 + ;; + --inetproto) + check_option_argument '--inetproto' "$2" + INETPROTO="-$2" + shift 2 + ;; + --nmap-bin) + check_option_argument '--nmap-bin' "$2" + NMAP_BIN="$2" + ;; + -e | --email) + check_option_argument 'e|--email' "$2" + ADDR="$2" + shift 2 + ;; + -f | --file) + check_option_argument ' -f|--file' "$2" + FILE="$2" + # remove _HOST_ from COMMON_NAME + COMMON_NAME=$(echo "${COMMON_NAME}" | sed 's/__HOST__\ *//') + ALTNAMES= + shift 2 + ;; + --file-bin) + check_option_argument '--file-bin' "$2" + FILE_BIN="$2" + shift 2 + ;; + --format) + check_option_argument '--format' "$2" + FORMAT="$2" + shift 2 + ;; + -H | --host) + check_option_argument '-H|--host' "$2" + HOST="$2" + # remove http[s] from the input + if echo "${HOST}" | grep -F -q '://'; then + # try to remove the protocol (we do not consider URLs without + # an authority (https://en.wikipedia.org/wiki/URL) + debuglog "Stripping protocol and path from URL" + HOST=$(echo "${HOST}" | sed 's/^[a-z]*:\/\///' | sed 's/\/.*//') + fi + shift 2 + ;; + -i | --issuer) + check_option_argument '-i|--issuer' "$2" + ISSUER="$2" + shift 2 + ;; + --issuer-cert-cache) + check_option_argument '--issuer-cert-cache' "$2" + ISSUER_CERT_CACHE="$2" + shift 2 + ;; + -L | --check-ssl-labs) + check_option_argument '-L|--check-ssl-labs' "$2" + SSL_LAB_CRIT_ASSESSMENT="$2" + shift 2 + ;; + --check-ssl-labs-warn) + check_option_argument '--check-ssl-labs-warn' "$2" + SSL_LAB_WARN_ASSESTMENT="$2" + shift 2 + ;; + --serial) + check_option_argument '--serial' "$2" + SERIAL_LOCK="$2" + shift 2 + ;; + --element) + check_option_argument '--element' "$2" + ELEMENT="$2" + shift 2 + ;; + --skip-element) + check_option_argument '--skip-element' "$2" + if [ -z "${SKIP_ELEMENT}" ]; then SKIP_ELEMENT="$2" - shift 2 - ;; - --fingerprint) - check_option_argument '--fingerprint' "$2" - FINGERPRINT_LOCK="$2" - shift 2 - ;; - --long-output) - check_option_argument '--long-output' "$2" - LONG_OUTPUT_ATTR="$2" - shift 2 - ;; - -n|--cn) - check_option_argument ' -n|--cn' "$2" + else + SKIP_ELEMENT="${SKIP_ELEMENT}\\n$2" + fi + shift 2 + ;; + --fingerprint) + check_option_argument '--fingerprint' "$2" + FINGERPRINT_LOCK="$2" + shift 2 + ;; + --long-output) + check_option_argument '--long-output' "$2" + LONG_OUTPUT_ATTR="$2" + shift 2 + ;; + -n | --cn) + check_option_argument ' -n|--cn' "$2" + if [ -z "${COMMON_NAME}" ]; then COMMON_NAME="${2}" + else + COMMON_NAME="${COMMON_NAME} ${2}" + fi + debuglog "--cn specified: COMMON_MANE = ${COMMON_NAME}" + shift 2 + ;; + --not-issued-by) + check_option_argument '--not-issued-by' "$2" + NOT_ISSUED_BY="$2" + shift 2 + ;; + --not-valid-longer-than) + check_option_argument '--not-valid-longer-than' "$2" + NOT_VALID_LONGER_THAN=$2 + shift 2 + ;; + --ocsp-critical) + check_option_argument '--ocsp-critical' "$2" + OCSP_CRITICAL="$2" + shift 2 + ;; + --ocsp-warning) + check_option_argument '--ocsp-warning' "$2" + OCSP_WARNING="$2" + shift 2 + ;; + -o | --org) + check_option_argument '-o|--org' "$2" + ORGANIZATION="$2" + shift 2 + ;; + --openssl) + check_option_argument '--openssl' "$2" + OPENSSL="$2" + shift 2 + ;; + --password) + check_option_argument '--password' "$2" + PASSWORD_SOURCE="$2" + shift 2 + ;; + -p | --port) + check_option_argument '-p|--port' "$2" + PORT="$2" + XMPPPORT="$2" + shift 2 + ;; + -P | --protocol) + check_option_argument '-P|--protocol' "$2" + PROTOCOL="$2" + shift 2 + ;; + --proxy) + check_option_argument '--proxy' "$2" + PROXY="$2" + export http_proxy="$2" + shift 2 + ;; + --resolve) + check_option_argument '--resolve' "$2" + RESOLVE="$2" + shift 2 + ;; + -r | --rootcert) + check_option_argument '-r|--rootcert' "$2" + ROOT_CA="$2" + shift 2 + ;; + --rootcert-dir) + check_option_argument '--rootcert-dir' "$2" + ROOT_CA_DIR="$2" + shift 2 + ;; + --rootcert-file) + check_option_argument '--rootcert-file' "$2" + ROOT_CA_FILE="$2" + shift 2 + ;; + -C | --clientcert) + check_option_argument '-C|--clientcert' "$2" + CLIENT_CERT="$2" + shift 2 + ;; + -K | --clientkey) + check_option_argument '-K|--clientkey' "$2" + CLIENT_KEY="$2" + shift 2 + ;; + --clientpass) + if [ $# -gt 1 ]; then + CLIENT_PASS="$2" shift 2 - ;; - --not-issued-by) - check_option_argument '--not-issued-by' "$2" - NOT_ISSUED_BY="$2" - shift 2 - ;; - --not-valid-longer-than) - check_option_argument '--not-valid-longer-than' "$2" - NOT_VALID_LONGER_THAN=$2 - shift 2 - ;; - --ocsp-critical) - check_option_argument '--ocsp-critical' "$2" - OCSP_CRITICAL="$2" - shift 2 - ;; - --ocsp-warning) - check_option_argument '--ocsp-warning' "$2" - OCSP_WARNING="$2" - shift 2 - ;; - -o|--org) - check_option_argument '-o|--org' "$2" - ORGANIZATION="$2" - shift 2 - ;; - --openssl) - check_option_argument '--openssl' "$2" - OPENSSL="$2" - shift 2 - ;; - --password) - check_option_argument '--password' "$2" - PASSWORD_SOURCE="$2" - shift 2 - ;; - -p|--port) - check_option_argument '-p|--port' "$2" - PORT="$2" - XMPPPORT="$2" - shift 2 - ;; - -P|--protocol) - check_option_argument '-P|--protocol' "$2" - PROTOCOL="$2" - shift 2 - ;; - --proxy) - check_option_argument '--proxy' "$2" - PROXY="$2" - export http_proxy="$2" - shift 2 - ;; - --resolve) - check_option_argument '--resolve' "$2" - RESOLVE="$2" - shift 2 - ;; - -r|--rootcert) - check_option_argument '-r|--rootcert' "$2" - ROOT_CA="$2" - shift 2 - ;; - --rootcert-dir) - check_option_argument '--rootcert-dir' "$2" - ROOT_CA_DIR="$2" - shift 2 - ;; - --rootcert-file) - check_option_argument '--rootcert-file' "$2" - ROOT_CA_FILE="$2" - shift 2 - ;; - -C|--clientcert) - check_option_argument '-C|--clientcert' "$2" - CLIENT_CERT="$2" - shift 2 - ;; - -K|--clientkey) - check_option_argument '-K|--clientkey' "$2" - CLIENT_KEY="$2" + else + unknown "--clientpass requires an argument" + fi + ;; + --sni) + check_option_argument '--sni' "$2" + SNI="$2" + shift 2 + ;; + -S | --ssl) + check_option_argument '' "$2" + if [ "$2" = "2" ] || [ "$2" = "3" ]; then + SSL_VERSION="-ssl${2}" shift 2 - ;; - --clientpass) - if [ $# -gt 1 ]; then - CLIENT_PASS="$2" - shift 2 + else + unknown "invalid argument for --ssl" + fi + ;; + -t | --timeout) + check_option_argument '-t|--timeout' "$2" + TIMEOUT="$2" + shift 2 + ;; + --temp) + check_option_argument '--temp' "$2" + TMPDIR="$2" + shift 2 + ;; + -u | --url) + check_option_argument '-u|--url' "$2" + HTTP_REQUEST_URL="$2" + shift 2 + ;; + -w | --warning) + check_option_argument '-w|--warning' "$2" + WARNING_DAYS="$2" + WARNING_SECONDS=$(days_to_seconds "${WARNING_DAYS}") + shift 2 + ;; + --xmpphost) + check_option_argument '--xmpphost' "$2" + XMPPHOST="$2" + shift 2 + ;; + + ############################## + # Variable number of arguments + --dane) + + if [ -n "${DANE}" ]; then + unknown "--dane can be specified only once" + fi + + # check the second parameter if it exist + if [ $# -gt 1 ]; then + + # shellcheck disable=SC2295 + if [ "${2%${2#?}}"x = '-x' ]; then + DANE=1 + shift else - unknown "--clientpass requires an argument" - fi - ;; - --sni) - check_option_argument '--sni' "$2" - SNI="$2" - shift 2 - ;; - -S|--ssl) - check_option_argument '' "$2" - if [ "$2" = "2" ] || [ "$2" = "3" ] ; then - SSL_VERSION="-ssl${2}" + DANE=$2 shift 2 - else - unknown "invalid argument for --ssl" fi - ;; - -t|--timeout) - check_option_argument '-t|--timeout' "$2" - TIMEOUT="$2" - shift 2 - ;; - --temp) - check_option_argument '--temp' "$2" - TMPDIR="$2" - shift 2 - ;; - -u|--url) - check_option_argument '-u|--url' "$2" - HTTP_REQUEST_URL="$2" - shift 2 - ;; - -w|--warning) - check_option_argument '-w|--warning' "$2" - WARNING_DAYS="$2" - shift 2 - ;; - --xmpphost) - check_option_argument '--xmpphost' "$2" - XMPPHOST="$2" - shift 2 - ;; - ############################## - # Variable number of arguments - --dane) + else - if [ -n "${DANE}" ]; then - unknown "--dane can be specified only once" - fi + DANE=1 + shift - # check the second parameter if it exist - if [ $# -gt 1 ] ; then + fi - if [ "${2%${2#?}}"x = '-x' ] ; then - DANE=1 - shift - else - DANE=$2 - shift 2 - fi + ;; - else + --require-client-cert) - DANE=1 - shift + REQUIRE_CLIENT_CERT=1 + # check the second optional parameter if it exist + if [ $# -gt 1 ]; then + # shellcheck disable=SC2295 + if [ "${2%${2#?}}"x = '-x' ]; then + shift + else + REQUIRE_CLIENT_CERT_CAS=$2 + shift 2 fi - - ;; - ######################################## - # Special - --) + else shift - break - ;; - -*) - # we try to check for grouped variables - OPTION="${1}" - # if the option begins with a single dash and it's longer than one character - if ! echo "${OPTION}" | grep -q -- '^--' && - [ "$( echo "${OPTION}" | wc -c | sed 's/\ //g' )" -gt 3 ] ; then - if [ -n "${DEBUG}" ] ; then - echo "[DBG] unknown option ${OPTION}: splitting since it could be an option group" - fi - for letter in $( echo "${OPTION}" | sed 's/^-//' | grep -o . ) ; do - parse_command_line_options "-${letter}" - done + fi + + ;; + + --ignore-connection-problems) + + # default OK + IGNORE_CONNECTION_STATE="${STATUS_OK}" + + # check the second optional parameter if it exist + if [ $# -gt 1 ]; then + # shellcheck disable=SC2295 + if [ "${2%${2#?}}"x = '-x' ]; then shift else - unknown "invalid option: ${1}" + IGNORE_CONNECTION_STATE=$2 + shift 2 fi - ;; - *) - if [ -n "$1" ] ; then - unknown "invalid option: ${1}" + else + shift + fi + + ;; + + ######################################## + # Special + --) + shift + break + ;; + -*) + # we try to check for grouped variables + OPTION="${1}" + # if the option begins with a single dash and it's longer than one character + OPTION_TMP="$(echo "${OPTION}" | wc -c | sed 's/\ //g')" + if ! echo "${OPTION}" | grep -q -- '^--' && + [ "${OPTION_TMP}" -gt 3 ]; then + if [ "${DEBUG}" -gt 0 ]; then + echo "[DBG] unknown option ${OPTION}: splitting since it could be an option group" fi - break - ;; + for letter in $(echo "${OPTION}" | sed 's/^-//' | grep -o .); do + parse_command_line_options "-${letter}" + done + shift + else + unknown "invalid option: ${1}" + fi + ;; + *) + if [ -n "$1" ]; then + unknown "invalid option: ${1}" + fi + break + ;; esac done } - ################################################################################ # Main ################################################################################ main() { # Default values - DEBUG="0" - FILE_BIN="" + + ALTNAMES=1 # enabled by default + COMMON_NAME="__HOST__" # enabled by default + CRITICAL_DAYS=15 + CRITICAL_SECONDS=$(days_to_seconds "${CRITICAL_DAYS}") + CRL="" CURL_BIN="" CURL_PROXY="" CURL_USER_AGENT="" CUSTOM_HTTP_HEADER="" + DANE="" + DEBUG="0" DIG_BIN="" - NMAP_BIN="" - IGNORE_SSL_LABS_CACHE="" - PORT="" - XMPPPORT="5222" - XMPPHOST="" - SNI="" - TIMEOUT="120" - VERBOSE="0" + DISALLOWED_PROTOCOLS="" + ECDSA="" + ELEMENT=0 + FILE_BIN="" + FORCE_DCONV_DATE="" FORCE_PERL_DATE="" - REQUIRE_SAN="" - REQUIRE_OCSP_STAPLING="" - OCSP="1" # enabled by default - OCSP_IGNORE_TIMEOUT="" FORMAT="" HTTP_METHOD="HEAD" - RSA="" - ECDSA="" - DANE="" - DISALLOWED_PROTOCOLS="" - WARNING_DAYS=20 - CRITICAL_DAYS=15 - ELEMENT=0 - SKIP_ELEMENT=0 + HTTP_REQUEST_URL="/" + IGNORE_SSL_LABS_CACHE="" + NMAP_BIN="" NO_PROXY="" + NO_PROXY_CURL="" + NO_PROXY_S_CLIENT="" + OCSP="1" # enabled by default + OCSP_IGNORE_ERRORS="" + OCSP_IGNORE_TIMEOUT="" + PORT="" + PROMETHEUS_OUTPUT_STATUS="" + PROMETHEUS_OUTPUT_VALID="" + PROMETHEUS_OUTPUT_DAYS="" PROXY="" - CRL="" + REQUIRE_OCSP_STAPLING="" + REQUIRE_SAN=1 + RSA="" SCT="1" # enabled by default - HTTP_REQUEST_URL="/" - - COMMON_NAME="__HOST__" # enabled by default - ALTNAMES=1 # enabled by default + SKIP_ELEMENT="" + SNI="" + TIMEOUT="120" + VERBOSE="0" + WARNING_DAYS=20 + WARNING_SECONDS=$(days_to_seconds "${WARNING_DAYS}") + XMPPHOST="" + XMPPPORT="5222" # after 2020-09-01 we could set the default to 398 days because of Apple # https://support.apple.com/en-us/HT211025 @@ -2182,7 +3043,7 @@ FIRST_ELEMENT_ONLY="" # Set the default temp dir if not set - if [ -z "${TMPDIR}" ] ; then + if [ -z "${TMPDIR}" ]; then TMPDIR="/tmp" fi @@ -2215,13 +3076,13 @@ pop3) PORT=110 ;; - ftp|ftps) + ftp | ftps) PORT=21 ;; pop3s) PORT=995 ;; - irc|ircs) + irc | ircs) PORT=6667 ;; ldap) @@ -2245,7 +3106,7 @@ http) PORT=80 ;; - https|h2) + https | h2) PORT=443 ;; mysql) @@ -2256,13 +3117,26 @@ ;; esac - fi + + fi + + if [ -n "${DEBUG_FILE}" ]; then + open_for_appending "${DEBUG_FILE}" + date >>"${DEBUG_FILE}" fi debuglog "Command line arguments: ${COMMAND_LINE_ARGUMENTS}" + debuglog " TMPDIR = ${TMPDIR}" + + if [ -n "${ALL}" ]; then + + # enable ciphers checks (level A) + SSL_LAB_CRIT_ASSESSMENT='A' + + fi - if [ -n "${ALL}" ] ; then + if [ -n "${ALL_LOCAL}" ] || [ -n "${ALL}" ]; then # enable ciphers checks (level A) CHECK_CIPHERS='A' @@ -2270,24 +3144,31 @@ # enable ciphers warnings CHECK_CIPHERS_WARNINGS=1 - # enable ciphers checks (level A) - SSL_LAB_CRIT_ASSESSMENT='A' - - REQUIRE_SAN=1 + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- '-no_ssl2'; then + debuglog "s_client supports -no_ssl2: disabling" + # disable SSL 2.0 and SSL 3.0 + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl2 -no_ssl3" + else + # disable SSL 3.0 (SSL 2.0 is not supported anymore) + SSL_VERSION_DISABLED="${SSL_VERSION_DISABLED} -no_ssl3" + fi fi - ############### - # Check options - if [ -z "${HOST}" ] ; then + ############################## + # Check options: sanity checks + + if [ -z "${HOST}" ] && [ -z "${FILE}" ]; then usage "No host specified" + elif [ -z "${HOST}" ] && [ -n "${FILE}" ]; then + HOST='localhost' fi # we need the FQDN of an host to check the CN - if ! echo "${HOST}" | grep -q '[.]' && [ -z "${FILE}" ] && [ "${HOST}" != 'localhost' ] ; then + if ! echo "${HOST}" | grep -q '[.]' && [ -z "${FILE}" ] && [ "${HOST}" != 'localhost' ]; then debuglog "Domain for ${HOST} missing" - DOMAIN=$( nslookup "${HOST}" | grep ^Name: | head -n 1 | cut -d. -f2- ) - if [ -z "${DOMAIN}" ] ; then + DOMAIN=$(nslookup "${HOST}" | grep ^Name: | head -n 1 | cut -d. -f2-) + if [ -z "${DOMAIN}" ]; then unknown "Cannot resolve ${HOST}" fi debuglog "Adding domain ${DOMAIN} to ${HOST}" @@ -2296,7 +3177,7 @@ fi ################################################################################ - # Ususally SERVERADDR and SERVERNAME both contain the fully qualified domain name + # Usually SERVERADDR and SERVERNAME both contain the fully qualified domain name # (FQDN) or IP address of the host to check # # If --resolve is specified (defining an alternative IP address for the HOST @@ -2307,7 +3188,7 @@ # connecting with the IP address the server will be able to deliver the # correct certificate # - if [ -n "${RESOLVE}" ] ; then + if [ -n "${RESOLVE}" ]; then debuglog "Forcing ${HOST} to resolve to ${RESOLVE}" @@ -2322,198 +3203,288 @@ fi - debuglog "SNI = ${SNI}" - debuglog "HOST_NAME = ${HOST_NAME}" - debuglog "HOST_ADDR = ${HOST_ADDR}" + debuglog "SNI = ${SNI}" + debuglog "HOST_NAME = ${HOST_NAME}" + debuglog "HOST_ADDR = ${HOST_ADDR}" + debuglog "COMMON_NAME = ${COMMON_NAME}" + + # if the host name contains a / (e.g., a URL) the regex for COMMON_NAME substitution fails + # we check that only allowed characters are present + # we don't need a complete validation since a wrong host name will fail anyway + if ! echo "${HOST_NAME}" | grep -q '^[.a-zA-Z0-9\_\-]*$'; then + unknown "Invalid host name: ${HOST_NAME}" + fi + # we accept underscores since some hosts with an underscore exist but these names + # are invalid: we issue a small warning + if echo "${HOST_NAME}" | grep -q '[\_]' && [ -n "${VERBOSE}" ]; then + verboselog "Warning: ${HOST_NAME} contains an underscore (invalid)" + fi ################################################################################ # Set COMMON_NAME to hostname if -N was given as argument. # COMMON_NAME may be a space separated list of hostnames. case ${COMMON_NAME} in - *__HOST__*) - # localhost is used for files to be checked: we ignore it - if [ "${HOST_NAME}" != 'localhost' ] ; then - COMMON_NAME=$(echo "${COMMON_NAME}" | sed "s/__HOST__/${HOST_NAME}/") - fi - ;; - *) ;; + *__HOST__*) + # localhost is used for files to be checked: we ignore it + if [ "${HOST_NAME}" != 'localhost' ]; then + COMMON_NAME=$(echo "${COMMON_NAME}" | sed "s/__HOST__/${HOST_NAME}/") + fi + ;; + *) ;; esac debuglog "COMMON_NAME = ${COMMON_NAME}" - if [ -n "${ALTNAMES}" ] && [ -z "${COMMON_NAME}" ] ; then + if [ -n "${ALTNAMES}" ] && [ -z "${COMMON_NAME}" ]; then unknown "--altnames requires a common name to match (--cn or --host-cn)" fi - if [ -n "${ROOT_CA}" ] ; then + ############################################################################## + # file + if [ -z "${FILE_BIN}" ]; then + FILE_BIN='file' + fi + check_required_prog "${FILE_BIN}" + FILE_BIN=${PROG} + + ############################################################################## + # OpenSSL + if [ -n "${OPENSSL}" ]; then + if [ ! -x "${OPENSSL}" ]; then + unknown "${OPENSSL} is not an executable" + fi + else + OPENSSL='openssl' + fi + check_required_prog "${OPENSSL}" + OPENSSL=${PROG} + + ############################################################################## + # Root certificate + if [ -n "${ROOT_CA}" ]; then - if [ ! -r "${ROOT_CA}" ] ; then + if [ ! -r "${ROOT_CA}" ]; then unknown "Cannot read root certificate ${ROOT_CA}" fi - if [ -d "${ROOT_CA}" ] ; then + if [ -d "${ROOT_CA}" ]; then ROOT_CA="-CApath ${ROOT_CA}" - elif [ -f "${ROOT_CA}" ] ; then - ROOT_CA="-CAfile ${ROOT_CA}" + elif [ -f "${ROOT_CA}" ]; then + + # check if the file is in DER format and has to be converted + if "${FILE_BIN}" -L -b "${ROOT_CA}" | grep -E -q '(data|Certificate)'; then + + create_temporary_file + ROOT_CA_PEM=${TEMPFILE} + debuglog "Converting ${ROOT_CA} (DER) to PEM: ${ROOT_CA_PEM}" + + create_temporary_file + CONVERT_ERROR=${TEMPFILE} + if ! ${OPENSSL} x509 -inform DER -outform PEM -in "${ROOT_CA}" -out "${ROOT_CA_PEM}" 2> "${CONVERT_ERROR}"; then + + CONVERT_ERROR=$( head -n 1 "${CONVERT_ERROR}" ) + prepend_critical_message "Error converting ${ROOT_CA} to PEM: ${CONVERT_ERROR}" + critical "${SHORTNAME} CRITICAL: Error converting ${ROOT_CA} to PEM: ${CONVERT_ERROR}" + + fi + + ROOT_CA="-CAfile ${ROOT_CA_PEM}" + + else + + ROOT_CA="-CAfile ${ROOT_CA}" + + fi + else - unknown "Root certificate of unknown type $(file "${ROOT_CA}" 2> /dev/null)" + FILE_TMP="$(file "${ROOT_CA}" 2>/dev/null)" + unknown "Root certificate of unknown type ${FILE_TMP}" fi + debuglog "Root CA option = ${ROOT_CA}" + + fi + + if [ -n "${REQUIRE_CLIENT_CERT}" ]; then + debuglog "Check if at at least one client certificate is accepted" + if [ -n "${REQUIRE_CLIENT_CERT_CAS}" ]; then + debuglog " from the following CAs: ${REQUIRE_CLIENT_CERT_CAS}" + fi fi - if [ -n "${ROOT_CA_DIR}" ] ; then + if [ -n "${ROOT_CA_DIR}" ]; then - if [ ! -d "${ROOT_CA_DIR}" ] ; then - unknown "${ROOT_CA_DIR} is not a directory"; + if [ ! -d "${ROOT_CA_DIR}" ]; then + unknown "${ROOT_CA_DIR} is not a directory" fi - if [ ! -r "${ROOT_CA_DIR}" ] ; then + if [ ! -r "${ROOT_CA_DIR}" ]; then unknown "Cannot read root directory ${ROOT_CA_DIR}" fi ROOT_CA_DIR="-CApath ${ROOT_CA_DIR}" fi - if [ -n "${ROOT_CA_FILE}" ] ; then + if [ -n "${ROOT_CA_FILE}" ]; then - if [ ! -r "${ROOT_CA_FILE}" ] ; then + if [ ! -r "${ROOT_CA_FILE}" ]; then unknown "Cannot read root certificate ${ROOT_CA_FILE}" fi fi if [ -n "${ROOT_CA_DIR}" ] || [ -n "${ROOT_CA_FILE}" ]; then - if [ -n "${ROOT_CA_FILE}" ] ; then + if [ -n "${ROOT_CA_FILE}" ]; then ROOT_CA="${ROOT_CA_DIR} -CAfile ${ROOT_CA_FILE}" else ROOT_CA="${ROOT_CA_DIR}" fi fi - if [ -n "${CLIENT_CERT}" ] ; then + if [ -n "${CLIENT_CERT}" ]; then - if [ ! -r "${CLIENT_CERT}" ] ; then + if [ ! -r "${CLIENT_CERT}" ]; then unknown "Cannot read client certificate ${CLIENT_CERT}" fi fi - if [ -n "${CLIENT_KEY}" ] ; then + if [ -n "${CLIENT_KEY}" ]; then - if [ ! -r "${CLIENT_KEY}" ] ; then + if [ ! -r "${CLIENT_KEY}" ]; then unknown "Cannot read client certificate key ${CLIENT_KEY}" fi fi - if [ -n "${FILE}" ] ; then - if [ ! -r "${FILE}" ] ; then + if [ -n "${FILE}" ]; then + if [ ! -r "${FILE}" ]; then unknown "Cannot read file ${FILE}" fi fi # check if grep is in the path (see #244) - if ! echo 0 | grep 0 > /dev/null 2>&1 ; then + if ! echo 0 | grep 0 >/dev/null 2>&1; then unknown "cannot execute grep: please check the PATH variable (${PATH})" fi - if [ -n "${CRITICAL_DAYS}" ] ; then + if [ -n "${CRITICAL_DAYS}" ]; then debuglog "-c specified: ${CRITICAL_DAYS}" - if ! echo "${CRITICAL_DAYS}" | grep -q '^[0-9][0-9]*$' ; then + if ! echo "${CRITICAL_DAYS}" | grep -E -q '^[0-9][0-9]*(\.[0-9][0-9]*)?$'; then unknown "invalid number of days '${CRITICAL_DAYS}'" fi fi - if [ -n "${WARNING_DAYS}" ] ; then + if [ -n "${WARNING_DAYS}" ]; then - if ! echo "${WARNING_DAYS}" | grep -q '^[0-9][0-9]*$' ; then + debuglog "-w specified: ${WARNING_DAYS}" + + if ! echo "${WARNING_DAYS}" | grep -E -q '^[0-9][0-9]*(\.[0-9][0-9]*)?$'; then unknown "invalid number of days '${WARNING_DAYS}'" fi fi - if [ -n "${CRITICAL_DAYS}" ] && [ -n "${WARNING_DAYS}" ] ; then + if [ -n "${CRITICAL_DAYS}" ] && [ -n "${WARNING_DAYS}" ] && [ -n "${CRITICAL_SECONDS}" ] && [ -n "${WARNING_SECONDS}" ]; then - if [ "${WARNING_DAYS}" -le "${CRITICAL_DAYS}" ] ; then + # When comparing, always use values in seconds, because values in days might be floating point numbers + if [ "${WARNING_SECONDS}" -le "${CRITICAL_SECONDS}" ]; then unknown "--warning (${WARNING_DAYS}) is less than or equal to --critical (${CRITICAL_DAYS})" fi fi - if [ -n "${NOT_VALID_LONGER_THAN}" ] ; then + if [ -n "${NOT_VALID_LONGER_THAN}" ]; then debuglog "--not-valid-longer-than specified: ${NOT_VALID_LONGER_THAN}" - if ! echo "${NOT_VALID_LONGER_THAN}" | grep -q '^[0-9][0-9]*$' ; then + if ! echo "${NOT_VALID_LONGER_THAN}" | grep -q '^[0-9][0-9]*$'; then unknown "invalid number of days '${NOT_VALID_LONGER_THAN}'" fi fi - if [ -n "${CRL}" ] && [ -z "${ROOT_CA_FILE}" ] ; then + if [ -n "${CRL}" ] && [ -z "${ROOT_CA_FILE}" ]; then unknown "To be able to check CRL we need the Root Cert. Please specify it with the --rootcert-file option" fi - if [ -n "${TMPDIR}" ] ; then - - if [ ! -d "${TMPDIR}" ] ; then - unknown "${TMPDIR} is not a directory"; - fi - - if [ ! -w "${TMPDIR}" ] ; then - unknown "${TMPDIR} is not writable"; - fi - - fi - - if [ -n "${OPENSSL}" ] ; then + if [ -n "${TMPDIR}" ]; then - if [ ! -x "${OPENSSL}" ] ; then - unknown "${OPENSSL} is not an executable" + if [ ! -d "${TMPDIR}" ]; then + unknown "${TMPDIR} is not a directory" + fi + + if [ ! -w "${TMPDIR}" ]; then + unknown "${TMPDIR} is not writable" fi fi - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ]; then convert_grade "${SSL_LAB_CRIT_ASSESSMENT}" SSL_LAB_CRIT_ASSESSMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" fi - if [ -n "${SSL_LAB_WARN_ASSESTMENT}" ] ; then + if [ -n "${SSL_LAB_WARN_ASSESTMENT}" ]; then convert_grade "${SSL_LAB_WARN_ASSESTMENT}" SSL_LAB_WARN_ASSESTMENT_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ]; then if [ "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ]; then - unknown '--check-ssl-labs-warn must be greater than -L|--check-ssl-labs' + unknown '--check-ssl-labs-warn must be greater than -L|--check-ssl-labs' fi fi fi - if [ -n "${CHECK_CIPHERS}" ] ; then + if [ -n "${CHECK_CIPHERS}" ]; then convert_grade "${CHECK_CIPHERS}" CHECK_CIPHERS_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" fi debuglog "ROOT_CA = ${ROOT_CA}" + if [ -n "${IGNORE_CONNECTION_STATE}" ]; then + if ! echo "${IGNORE_CONNECTION_STATE}" | grep -q '^[0-3]$'; then + unknown "The specified state (${IGNORE_CONNECTION_STATE}) is not valid (must be 0,1,2 or 3)" + fi + fi + + ####################### + # Check needed programs + # Signature algorithms - if [ -n "${RSA}" ] && [ -n "${ECDSA}" ] ; then + if [ -n "${RSA}" ] && [ -n "${ECDSA}" ]; then unknown 'both --rsa and --ecdsa specified: cannot force both ciphers at the same time' fi - if [ -n "${ECDSA}" ] ; then + + # check if -sigalgs is available + if [ -n "${RSA}" ] || [ -n "${ECDSA}" ]; then + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -F -- -sigalgs; then + unknown '--rsa or --ecdsa specified but OpenSSL does not support the -sigalgs option' + fi + fi + + if [ -n "${ECDSA}" ]; then # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 SSL_AU="ECDSA+SHA1:ECDSA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512" fi - if [ -n "${RSA}" ] ; then + + if [ -n "${RSA}" ]; then + + # check if ciphers with PSS are available + if ! "${OPENSSL}" ciphers | grep -q -F 'PSS'; then + NO_PSS=1 + fi + if echo "${SSL_VERSION_DISABLED}" | grep -F -q -- '-no_tls1_3' || - [ "${SSL_VERSION}" = '-tls1' ] || - [ "${SSL_VERSION}" = '-tls1_1' ] || - [ "${SSL_VERSION}" = '-tls1_2' ] ; then + [ "${SSL_VERSION}" = '-tls1' ] || + [ "${SSL_VERSION}" = '-tls1_1' ] || + [ "${SSL_VERSION}" = '-tls1_2' ] || + [ -n "${NO_PSS}" ]; then # see https://github.com/matteocorti/check_ssl_cert/issues/164#issuecomment-540623344 # see https://github.com/matteocorti/check_ssl_cert/issues/167 SSL_AU="RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" @@ -2522,52 +3493,48 @@ SSL_AU="RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" fi fi - if [ -n "${SSL_AU}" ] ; then - if "${OPENSSL}" ciphers "${SSL_AU}" > /dev/null 2>&1 ; then - unknown "OpenSSL does not support cipher ${SSL_AU}" + if [ -n "${SSL_AU}" ]; then + if ! "${OPENSSL}" ciphers "${SSL_AU}" >/dev/null 2>&1; then + unknown "OpenSSL does not support cipher '${SSL_AU}'" fi SSL_AU="-sigalgs '${SSL_AU}'" fi - ####################### - # Check needed programs - - # OpenSSL - if [ -z "${OPENSSL}" ] ; then - OPENSSL='openssl' - fi - check_required_prog "${OPENSSL}" - OPENSSL=${PROG} - - # file - if [ -z "${FILE_BIN}" ] ; then - FILE_BIN='file' + # mktemp + MKTEMP=$(command -v mktemp 2>/dev/null) + if [ -z "${MKTEMP}" ]; then + debuglog "mktemp not available" + else + debuglog "mktemp available: ${MKTEMP}" fi - check_required_prog "${FILE_BIN}" - FILE_BIN=${PROG} # date - if [ -z "${DATEBIN}" ] ; then + if [ -z "${DATEBIN}" ]; then check_required_prog 'date' DATEBIN=${PROG} fi - debuglog "file version: $( "${FILE_BIN}" --version 2>&1 )" + FILE_BIN_VERSION="$("${FILE_BIN}" --version 2>&1)" + debuglog "file version: ${FILE_BIN_VERSION}" - # cURL - if [ -z "${CURL_BIN}" ] ; then - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ] || [ -n "${CRL}" ] ; then - debuglog "cURL binary needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}, CURL = ${CRL}" - debuglog "cURL binary not specified" + # curl + if [ -z "${CURL_BIN}" ]; then + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || + [ -n "${OCSP}" ] || + [ -n "${CRL}" ] || + [ -n "${IGNORE_CONNECTION_STATE}" ]; then + debuglog "curl binary needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}, CURL = ${CRL}, IGNORE_CONNECTION_STATE=${IGNORE_CONNECTION_STATE}" + debuglog "curl binary not specified" check_required_prog curl CURL_BIN=${PROG} - debuglog "cURL available: ${CURL_BIN}" - debuglog "$( ${CURL_BIN} --version )" + debuglog "curl available: ${CURL_BIN}" + CURL_BIN_VERSION_TMP="$(${CURL_BIN} --version)" + debuglog "${CURL_BIN_VERSION_TMP}" else - debuglog "cURL binary not needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}" + debuglog "curl binary not needed. SSL Labs = ${SSL_LAB_CRIT_ASSESSMENT}, OCSP = ${OCSP}" fi else # we check if the provided binary actually works @@ -2575,13 +3542,13 @@ fi # nmap - if [ -z "${NMAP_BIN}" ] ; then + if [ -z "${NMAP_BIN}" ]; then - if [ -n "${DISALLOWED_PROTOCOLS}" ] || [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then + if [ -n "${DISALLOWED_PROTOCOLS}" ] || [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then - if [ -n "${DISALLOWED_PROTOCOLS}" ] ; then debuglog "nmap binary needed. DISALLOWED_PROTOCOLS = ${DISALLOWED_PROTOCOLS}" ; fi - if [ -n "${CHECK_CIPHERS}" ] ; then debuglog "nmap binary needed. CHECK_CIPHERS = ${CHECK_CIPHERS}" ; fi - if [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then debuglog "nmap binary needed. CHECK_CIPHERS_WARNINGS" ; fi + if [ -n "${DISALLOWED_PROTOCOLS}" ]; then debuglog "nmap binary needed. DISALLOWED_PROTOCOLS = ${DISALLOWED_PROTOCOLS}"; fi + if [ -n "${CHECK_CIPHERS}" ]; then debuglog "nmap binary needed. CHECK_CIPHERS = ${CHECK_CIPHERS}"; fi + if [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then debuglog "nmap binary needed. CHECK_CIPHERS_WARNINGS"; fi debuglog "nmap binary not specified" check_required_prog nmap @@ -2599,50 +3566,51 @@ fi # Expect (optional) - EXPECT="$(command -v expect 2> /dev/null)" + EXPECT="$(command -v expect 2>/dev/null)" test -x "${EXPECT}" || EXPECT="" - if [ -z "${EXPECT}" ] ; then + if [ -z "${EXPECT}" ]; then verboselog "expect not available" 2 else verboselog "expect available (${EXPECT})" 2 fi # Timeout (optional) - TIMEOUT_BIN="$(command -v timeout 2> /dev/null)" + TIMEOUT_BIN="$(command -v timeout 2>/dev/null)" test -x "${TIMEOUT_BIN}" || TIMEOUT_BIN="" - if [ -z "${TIMEOUT_BIN}" ] ; then + if [ -z "${TIMEOUT_BIN}" ]; then verboselog "timeout not available" 2 else + verboselog "timeout available (${TIMEOUT_BIN})" 2 fi - if [ -z "${TIMEOUT_BIN}" ] && [ -z "${EXPECT}" ] ; then - verboselog "disabling timeouts" + if [ -z "${TIMEOUT_BIN}" ] && [ -z "${EXPECT}" ]; then + verboselog "disabling timeouts" 2 fi - PERL="$(command -v perl 2> /dev/null)" + PERL="$(command -v perl 2>/dev/null)" - if [ -n "${PERL}" ] ; then + if [ -n "${PERL}" ]; then debuglog "perl available: ${PERL}" fi - if [ -n "${DATEBIN}" ] ; then + if [ -n "${DATEBIN}" ]; then debuglog "date available: ${DATEBIN}" fi DATETYPE="" - if ! "${DATEBIN}" +%s >/dev/null 2>&1 ; then + if ! "${DATEBIN}" +%s >/dev/null 2>&1; then debuglog "no date binary available" # Perl with Date::Parse (optional) test -x "${PERL}" || PERL="" - if [ -z "${PERL}" ] ; then - verboselog "Perl not found: disabling date computations" + if [ -z "${PERL}" ]; then + verboselog "Warning: Perl not found: disabling date computations" fi - if ! ${PERL} -e "use Date::Parse;" > /dev/null 2>&1 ; then + if ! ${PERL} -e "use Date::Parse;" >/dev/null 2>&1; then verboselog "Perl module Date::Parse not installed: disabling date computations" @@ -2660,44 +3628,71 @@ debuglog 'checking date version' - if "${DATEBIN}" --version 2>&1 | grep -F -q GNU ; then + if "${DATEBIN}" --version 2>&1 | grep -F -q GNU; then DATETYPE='GNU' - elif "${DATEBIN}" --version 2>&1 | grep -F -q BusyBox ; then + elif "${DATEBIN}" --version 2>&1 | grep -F -q BusyBox; then DATETYPE='BUSYBOX' - else + else DATETYPE='BSD' + if "${DATEBIN}" -f "%b %d %T %Y %Z" '' 2>&1 | grep -q -F 'date: unknown option -- f'; then + debuglog "Old BSD date without -f: checking for dconv" + + DCONV_BIN=$(command -v dconv) + if [ -z "${DCONV_BIN}" ]; then + unknown "Old version of date without the -f option detected and no dconv installed" + else + debuglog "dconv detected: ${DCONV_BIN}" + DATETYPE='DCONV' + fi + fi fi - verboselog "found ${DATETYPE} date with timestamp support: enabling date computations" 2 + debuglog "date computation type: ${DATETYPE}" + verboselog "Found ${DATETYPE} date with timestamp support: enabling date computations" 2 fi - if [ -n "${FORCE_PERL_DATE}" ] ; then + if [ -n "${FORCE_DCONV_DATE}" ] && [ -n "${FORCE_PERL_DATE}" ]; then + unknown "--force-dconv-date and --force-perl-date cannot be specified at the same time" + fi + if [ -n "${FORCE_PERL_DATE}" ]; then DATETYPE="PERL" fi + if [ -n "${FORCE_DCONV_DATE}" ]; then + + debuglog "Forcing date computations with dconv" + + DATETYPE="DCONV" + check_required_prog dconv + DCONV_BIN=${PROG} + debuglog "dconv binary: ${DCONV_BIN}" + + fi - if [ "${DEBUG}" -ge 1 ] ; then + if [ "${DEBUG}" -ge 1 ]; then debuglog "check_ssl_cert version: ${VERSION}" debuglog "OpenSSL binary: ${OPENSSL}" - if [ "${DEBUG}" -ge 1 ] ; then + if [ "${DEBUG}" -ge 1 ]; then debuglog "OpenSSL info:" - ${OPENSSL} version -a | sed 's/^/[DBG]/' + ${OPENSSL} version -a | sed 's/^/[DBG] /' fi - OPENSSL_DIR="$( ${OPENSSL} version -d | sed -E 's/OPENSSLDIR: "([^"]*)"/\1/' )" + OPENSSL_DIR="$(${OPENSSL} version -d | sed -E 's/OPENSSLDIR: "([^"]*)"/\1/')" debuglog "OpenSSL configuration directory: ${OPENSSL_DIR}" DEFAULT_CA=0 - if [ -f "${OPENSSL_DIR}"/cert.pem ] ; then - DEFAULT_CA="$( grep -c BEGIN "${OPENSSL_DIR}"/cert.pem )" - elif [ -f "${OPENSSL_DIR}"/certs ] ; then - DEFAULT_CA="$( grep -c BEGIN "${OPENSSL_DIR}"/certs )" + if [ -f "${OPENSSL_DIR}"/cert.pem ]; then + DEFAULT_CA="$(grep -c BEGIN "${OPENSSL_DIR}"/cert.pem)" + elif [ -f "${OPENSSL_DIR}"/certs ]; then + DEFAULT_CA="$(grep -c BEGIN "${OPENSSL_DIR}"/certs)" fi debuglog "${DEFAULT_CA} root certificates installed by default" - debuglog " System info: $( uname -a )" - debuglog "Date computation: ${DATETYPE}" + UNAME_TMP="$(uname -a)" + debuglog " System info: ${UNAME_TMP}" + debuglog "Date computation: ${DATETYPE}" + fi ################################################################################ @@ -2727,19 +3722,30 @@ ################################################################################ # Check if openssl s_client supports the specified protocol - if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" = 'sieve' ] ; then - if ${OPENSSL} s_client -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || ${OPENSSL} s_client -starttls sieve 2>&1 | grep -F -q 'error: usage:' ; then + if [ -n "${PROTOCOL}" ] && [ "${PROTOCOL}" = 'sieve' ]; then + if ${OPENSSL} s_client "${INETPROTO}" -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || ${OPENSSL} s_client -starttls sieve 2>&1 | grep -F -q 'error: usage:'; then unknown "OpenSSL does not support the protocol sieve" fi fi - if [ -n "${PROXY}" ] && [ -n "${NO_PROXY}" ] ; then - unknown "Only one of --proxy or --no_proxy can be specfied" + if [ -n "${PROXY}" ] && + { + [ -n "${NO_PROXY}" ] || + [ -n "${NO_PROXY_CURL}" ] || + [ -n "${NO_PROXY_S_CLIENT}" ] + }; then + unknown "Only one of --proxy or --no_proxy can be specified" fi + debuglog "Proxy settings (before):" + debuglog " http_proxy = ${http_proxy}" + debuglog " https_proxy = ${https_proxy}" + debuglog " HTTP_PROXY = ${HTTP_PROXY}" + debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" + ################################################################################ # If --no-proxy was specified unset the http_proxy variables - if [ -n "${NO_PROXY}" ] ; then + if [ -n "${NO_PROXY}" ]; then debuglog "Disabling the proxy" unset http_proxy unset https_proxy @@ -2754,37 +3760,31 @@ SCLIENT_PROXY_ARGUMENT= CURL_PROXY= CURL_PROXY_ARGUMENT= - if [ -n "${http_proxy}" ] || [ -n "${HTTP_PROXY}" ] ; then - - debuglog "Proxy settings (before):" - debuglog " http_proxy = ${http_proxy}" - debuglog " https_proxy = ${https_proxy}" - debuglog " HTTP_PROXY = ${HTTP_PROXY}" - debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" + if [ -n "${http_proxy}" ] || [ -n "${HTTP_PROXY}" ]; then - if [ -n "${http_proxy}" ] ; then + if [ -n "${http_proxy}" ]; then HTTP_PROXY="${http_proxy}" fi - if [ -z "${https_proxy}" ] ; then + if [ -z "${https_proxy}" ]; then # try to set https_proxy https_proxy="${http_proxy}" fi - if [ -z "${HTTPS_PROXY}" ] ; then + if [ -z "${HTTPS_PROXY}" ]; then # try to set HTTPS_proxy HTTPS_PROXY="${HTTP_PROXY}" fi - if ${CURL_BIN} --manual | grep -F -q -- --proxy ; then - debuglog "Adding --proxy ${HTTP_PROXY} to the cURL options" + if ${CURL_BIN} --manual | grep -F -q -- --proxy; then + debuglog "Adding --proxy ${HTTP_PROXY} to the curl options" CURL_PROXY="--proxy" CURL_PROXY_ARGUMENT="${HTTP_PROXY}" fi if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -proxy || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -proxy; then SCLIENT_PROXY="-proxy" - SCLIENT_PROXY_ARGUMENT="$( echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//' )" + SCLIENT_PROXY_ARGUMENT="$(echo "${HTTP_PROXY}" | sed 's/.*:\/\///' | sed 's/\/$//')" debuglog "Adding -proxy ${SCLIENT_PROXY_ARGUMENT} to the s_client options" @@ -2794,23 +3794,33 @@ fi - debuglog "Proxy settings (after):" - debuglog " http_proxy = ${http_proxy}" - debuglog " https_proxy = ${https_proxy}" - debuglog " HTTP_PROXY = ${HTTP_PROXY}" - debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" - debuglog " s_client = ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT}" - debuglog " cURL = ${CURL_PROXY} ${CURL_PROXY_ARGUMENT}" - fi + if [ -n "${NO_PROXY_CURL}" ]; then + CURL_PROXY='' + CURL_PROXY_ARGUMENT='' + fi + + if [ -n "${NO_PROXY_S_CLIENT}" ]; then + SCLIENT_PROXY='' + SCLIENT_PROXY_ARGUMENT='' + fi + + debuglog "Proxy settings (after):" + debuglog " http_proxy = ${http_proxy}" + debuglog " https_proxy = ${https_proxy}" + debuglog " HTTP_PROXY = ${HTTP_PROXY}" + debuglog " HTTPS_PROXY = ${HTTPS_PROXY}" + debuglog " s_client = ${SCLIENT_PROXY} ${SCLIENT_PROXY_ARGUMENT}" + debuglog " curl = ${CURL_PROXY} ${CURL_PROXY_ARGUMENT}" + ################################################################################ # Check if openssl s_client supports the -name option # S_CLIENT_NAME= if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -name || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -name; then - CURRENT_HOSTNAME=$( hostname ) + CURRENT_HOSTNAME=$(hostname) S_CLIENT_NAME="-name ${CURRENT_HOSTNAME}" debuglog "'${OPENSSL} s_client' supports '-name': using ${CURRENT_HOSTNAME}" @@ -2824,11 +3834,11 @@ ################################################################################ # Check if openssl s_client supports the -xmpphost option # - if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -xmpphost ; then + if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -xmpphost; then XMPPHOST="-xmpphost ${XMPPHOST:-${HOST_NAME}}" debuglog "'${OPENSSL} s_client' supports '-xmpphost': using ${XMPPHOST}" else - if [ -n "${XMPPHOST}" ] ; then + if [ -n "${XMPPHOST}" ]; then unknown " s_client' does not support '-xmpphost'" fi XMPPHOST= @@ -2837,53 +3847,63 @@ ################################################################################ # check if openssl s_client supports the SSL TLS version - if [ -n "${SSL_VERSION}" ] ; then - if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${SSL_VERSION}" ; then + if [ -n "${SSL_VERSION}" ]; then + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${SSL_VERSION}"; then unknown "OpenSSL does not support the ${SSL_VERSION} version" fi fi ################################################################################ # --inetproto validation - if [ -n "${INETPROTO}" ] ; then + if [ -n "${INETPROTO}" ]; then # validate the arguments - if [ "${INETPROTO}" != "-4" ] && [ "${INETPROTO}" != "-6" ] ; then - VERSION=$(echo "${INETPROTO}" | awk '{ string=substr($0, 2); print string; }' ) + if [ "${INETPROTO}" != "-4" ] && [ "${INETPROTO}" != "-6" ]; then + VERSION=$(echo "${INETPROTO}" | awk '{ string=substr($0, 2); print string; }') unknown "Invalid argument '${VERSION}': the value must be 4 or 6" fi # Check if openssl s_client supports the -4 or -6 option - if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${INETPROTO}" ; then + if ! "${OPENSSL}" s_client -help 2>&1 | grep -q -- "${INETPROTO}"; then unknown "OpenSSL does not support the ${INETPROTO} option" fi - # Check if cURL is needed and if it supports the -4 and -6 options - if [ -z "${CURL_BIN}" ] ; then - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ] ; then - if ! "${CURL_BIN}" --manual | grep -F -q -- -6 && [ -n "${INETPROTO}" ] ; then - unknown "cURL does not support the ${INETPROTO} option" + # Check if curl is needed and if it supports the -4 and -6 options + if [ -z "${CURL_BIN}" ]; then + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] || [ -n "${OCSP}" ]; then + if ! "${CURL_BIN}" --manual | grep -F -q -- -6 && [ -n "${INETPROTO}" ]; then + unknown "curl does not support the ${INETPROTO} option" fi fi fi # check if IPv6 is available locally - if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" -eq "-6" ] && ! ifconfig -a | grep -F -q inet6 ; then - unknown "cannot connect using IPv6 as no local interface has IPv6 configured" + if command -v ifconfig > /dev/null; then + ifconfig -a | grep -F -q inet6 + IPV6_INTERFACE=$? + elif command -v ip > /dev/null; then + ip addr | grep -F -q inet6 + IPV6_INTERFACE=$? + else + unknown "cannot determine if a network interface has IPv6 configured" + fi + + + if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" -eq "-6" ] && [ "${IPV6_INTERFACE}" -ne 0 ]; then + unknown "cannot connect using IPv6 as no local interface has IPv6 configured" fi # nmap does not have a -4 switch NMAP_INETPROTO='' - if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" = '-6' ] ; then + if [ -n "${INETPROTO}" ] && [ "${INETPROTO}" = '-6' ]; then NMAP_INETPROTO='-6' fi - fi ################################################################################ # Check if s_client supports the no_ssl options - for S_CLIENT_OPTION in ${SSL_VERSION_DISABLED} ; do + for S_CLIENT_OPTION in ${SSL_VERSION_DISABLED}; do require_s_client_option "${S_CLIENT_OPTION}" done @@ -2894,77 +3914,93 @@ else HOST_HEADER="${HOST_NAME}" fi + debuglog "HOST_HEADER = ${HOST_HEADER}" # add newline if custom HTTP header is defined if [ -n "${CUSTOM_HTTP_HEADER}" ]; then CUSTOM_HTTP_HEADER="${CUSTOM_HTTP_HEADER}\\n" fi - HTTP_REQUEST="${HTTP_METHOD} ${HTTP_REQUEST_URL} HTTP/1.1\\nHost: ${HOST_HEADER}\\nUser-Agent: check_ssl_cert/${VERSION}\\n${CUSTOM_HTTP_HEADER}Connection: close\\n\\n" + # HTTP version + if [ "${PROTOCOL}" = 'h2' ]; then + HTTP_VERSION="2" + else + HTTP_VERSION="1.1" + fi + + HTTP_REQUEST="${HTTP_METHOD} ${HTTP_REQUEST_URL} HTTP/${HTTP_VERSION}\\nHost: ${HOST_HEADER}\\nUser-Agent: check_ssl_cert/${VERSION}\\n${CUSTOM_HTTP_HEADER}Connection: close\\n\\n" ############################################################################## # Check for disallowed protocols - if [ -n "${DISALLOWED_PROTOCOLS}" ] ; then - - # check if the host has an IPv6 address only (as nmap is not able to resolve without the -6 switch - if ${NMAP_BIN} "${HOST_ADDR}" 2>&1 | grep -F -q 'Failed to resolve' ; then - debuglog "nmap is not able to resolve the host name (${HOST_ADDR}). Trying with -6 to force IPv6 for an IPv6-only host" + if [ -n "${DISALLOWED_PROTOCOLS}" ]; then + # check if the host has an IPv6 address only (as nmap is not able to resolve without the -6 switch) + if ! host "${HOST_ADDR}" | grep -F -q ' has address ' ; then + debuglog "the host does not have an IPv4 address. Trying nmap with -6 to force IPv6 for an IPv6-only host" NMAP_INETPROTO='-6' fi debuglog "Executing ${NMAP_BIN} -Pn -p \"${PORT}\" \"${NMAP_INETPROTO}\" --script ssl-enum-ciphers \"${HOST_ADDR}\" 2>&1 | grep '^|'" - OFFERED_PROTOCOLS=$( ${NMAP_BIN} -Pn -p "${PORT}" "${NMAP_INETPROTO}" --script ssl-enum-ciphers "${HOST_ADDR}" 2>&1 | grep '^|' ) + OFFERED_PROTOCOLS=$(${NMAP_BIN} -Pn -p "${PORT}" "${NMAP_INETPROTO}" --script ssl-enum-ciphers "${HOST_ADDR}" 2>&1 | grep '^|') - debuglog "offered cyphers and protocols:" + debuglog "offered ciphers and protocols:" debuglog "${OFFERED_PROTOCOLS}" | sed 's/^|/[DBG] /' - for protocol in ${DISALLOWED_PROTOCOLS} ; do + DISALLOWED_PROTOCOLS_FAIL= + for protocol in ${DISALLOWED_PROTOCOLS}; do debuglog "Checking if '${protocol}' is offered" - if echo "${OFFERED_PROTOCOLS}" | grep -F -v 'No supported ciphers found' | grep -q "${protocol}" ; then + if echo "${OFFERED_PROTOCOLS}" | grep -F -v 'No supported ciphers found' | grep -q "${protocol}"; then debuglog "'${protocol}' is offered" + DISALLOWED_PROTOCOLS_FAIL=1 prepend_critical_message "${protocol} is offered" fi - done + if [ -z "${DISALLOWED_PROTOCOLS_FAIL}" ] ; then + verboselog "no disallowed protocols offered" + fi + fi ############################################################################## # DANE - if [ -n "${DANE}" ] ; then + if [ -n "${DANE}" ]; then debuglog 'checking DANE' - if [ -z "${DIG_BIN}" ] ; then + if [ -z "${DIG_BIN}" ]; then DIG_BIN='dig' fi check_required_prog "${DIG_BIN}" DIG_BIN=${PROG} # check if OpenSSL supports -dane_tlsa_rrdata if ${OPENSSL} s_client -help 2>&1 | grep -F -q -- -dane_tlsa_rrdata || ${OPENSSL} s_client not_a_real_option 2>&1 | grep -F -q -- -dane_tlsa_rrdata; then - DIG_RESULT=$( "${DIG_BIN}" +short TLSA "_${PORT}._tcp.${HOST_ADDR}" |while read -r L; do echo " -dane_tlsa_rrdata '${L}' "; done ) + DIG_RESULT=$("${DIG_BIN}" +short TLSA "_${PORT}._tcp.${HOST_ADDR}" | while read -r L; do echo " -dane_tlsa_rrdata '${L}' "; done) debuglog "Checking DANE (${DANE})" debuglog "$(printf '%s\n' "${DIG_BIN} +short TLSA _${PORT}._tcp.${HOST_ADDR} =")" debuglog "${DIG_RESULT}" case ${DANE} in 1) - DANE=$( echo "${DIG_RESULT}" | tr -d '\n') + DANE=$(echo "${DIG_RESULT}" | tr -d '\n') ;; 211) - DANE=$( echo "${DIG_RESULT}" | grep -F '2 1 1' | tr -d '\n') + DANE=$(echo "${DIG_RESULT}" | grep -F '2 1 1' | tr -d '\n') ;; 301) - DANE=$( echo "${DIG_RESULT}" | grep -F '3 0 1' | tr -d '\n') + DANE=$(echo "${DIG_RESULT}" | grep -F '3 0 1' | tr -d '\n') ;; 311) - DANE=$( echo "${DIG_RESULT}" | grep -F '3 1 1' | tr -d '\n') + DANE=$(echo "${DIG_RESULT}" | grep -F '3 1 1' | tr -d '\n') + ;; + 312) + DANE=$(echo "${DIG_RESULT}" | grep -F '3 1 2' | tr -d '\n') ;; 302) - DANE=$( echo "${DIG_RESULT}" | grep -F '3 0 2' | tr -d '\n') + DANE=$(echo "${DIG_RESULT}" | grep -F '3 0 2' | tr -d '\n') ;; *) unknown "Internal error: unknown DANE check type ${DANE}" + ;; esac debuglog "${#DANE} DANE =" debuglog "${DANE}" @@ -2972,6 +4008,8 @@ if [ ${#DANE} -lt 5 ]; then prepend_critical_message "No matching TLSA records found at _${PORT}._tcp.${HOST_ADDR}" critical "${SHORTNAME} CRITICAL: No matching TLSA records found at _${PORT}._tcp.${HOST_ADDR}" + else + verboselog "DANE OK" fi DANE="${DANE} -dane_tlsa_domain ${HOST_ADDR} " debuglog "DBG] DANE = ${DANE}" @@ -2979,40 +4017,113 @@ unknown 'OpenSSL s_client does not support DNS-based Authentication of Named Entities' fi fi + + # OpenSSL 3.0.0 gives an error for legacy renegotiation: ignore the error if --ignore-tls-renegotiation was specified + if [ -n "${IGNORE_TLS_RENEGOTIATION}" ]; then + debuglog "--ignore-tls-renegotiation specified: checking OpenSSL version and -legacy_renegotiation support" + if "${OPENSSL}" s_client -help 2>&1 | grep -q -F -- "-legacy_renegotiation"; then + debuglog "OpenSSL s_client supports the -legacy_renegotiation option" + RENEGOTIATION="-legacy_renegotiation" + fi + fi + + ################################################################################ + # Connection check + if [ -n "${IGNORE_CONNECTION_STATE}" ]; then + + debuglog "Testing connection with ${HOST}:${PORT} with timeout ${TIMEOUT}" + + # we check with curl if a connection is possible + debuglog "Executing: ${CURL_BIN} --silent --connect-timeout ${TIMEOUT} ${HOST}:${PORT}" + + "${CURL_BIN}" --silent --connect-timeout "${TIMEOUT}" "${HOST}":"${PORT}" >/dev/null + CURL_EXIT_STATUS=$? + + debuglog " curl exited with status ${CURL_EXIT_STATUS}" + + # curl exit codes + # - 7 Failed to connect to host + # - 28 Timeout + if [ "${CURL_EXIT_STATUS}" -eq 28 ] || + [ "${CURL_EXIT_STATUS}" -eq 7 ]; then + + debuglog " connection timed out: exiting with code ${IGNORE_CONNECTION_STATE}" + + case "${IGNORE_CONNECTION_STATE}" in + "${STATUS_OK}") + echo "${SHORTNAME} OK: Cannot connect to ${HOST}:${PORT}" + exit "${STATUS_OK}" + ;; + "${STATUS_WARNING}") + echo "${SHORTNAME} WARNING: Cannot connect to ${HOST}:${PORT}" + exit "${STATUS_WARNING}" + ;; + "${STATUS_CRITICAL}") + echo "${SHORTNAME} CRITICAL: Cannot connect to ${HOST}:${PORT}" + exit "${STATUS_CRITICAL}" + ;; + "${STATUS_UNKNOWN}") + unknown "Cannot connect to ${HOST}:${PORT}" + ;; + *) + unknown "Wrong exit code () specified for --ignore-connection-problem" + ;; + esac + + exit + + fi + + fi + + debuglog "Sanity checks: OK" + ################################################################################ # Fetch the X.509 certificate # Temporary storage for the certificate and the errors - create_temporary_file; CERT=${TEMPFILE} - create_temporary_file; ERROR=${TEMPFILE} - - create_temporary_file; CRL_TMP_DER=${TEMPFILE} - create_temporary_file; CRL_TMP_PEM=${TEMPFILE} - create_temporary_file; CRL_TMP_CHAIN=${TEMPFILE} + create_temporary_file + CERT=${TEMPFILE} + create_temporary_file + ERROR=${TEMPFILE} + + create_temporary_file + CRL_TMP_DER=${TEMPFILE} + create_temporary_file + CRL_TMP_PEM=${TEMPFILE} + create_temporary_file + CRL_TMP_CHAIN=${TEMPFILE} - if [ -n "${OCSP}" ] ; then + if [ -n "${OCSP}" ]; then - create_temporary_file; ISSUER_CERT_TMP=${TEMPFILE} - create_temporary_file; ISSUER_CERT_TMP2=${TEMPFILE} + create_temporary_file + ISSUER_CERT_TMP=${TEMPFILE} + create_temporary_file + ISSUER_CERT_TMP2=${TEMPFILE} fi - if [ -n "${REQUIRE_OCSP_STAPLING}" ] ; then - create_temporary_file; OCSP_RESPONSE_TMP=${TEMPFILE} + if [ -n "${REQUIRE_OCSP_STAPLING}" ]; then + create_temporary_file + OCSP_RESPONSE_TMP=${TEMPFILE} fi - verboselog "downloading certificate to ${TMPDIR}" + debuglog "Temporary files created" + + if [ -z "${FILE}" ]; then + verboselog "Downloading certificate to ${TMPDIR}" 2 + fi CLIENT="" - if [ -n "${CLIENT_CERT}" ] ; then + if [ -n "${CLIENT_CERT}" ]; then CLIENT="-cert ${CLIENT_CERT}" fi - if [ -n "${CLIENT_KEY}" ] ; then + if [ -n "${CLIENT_KEY}" ]; then CLIENT="${CLIENT} -key ${CLIENT_KEY}" fi CLIENTPASS="" - if [ -n "${CLIENT_PASS}" ] ; then + if [ -n "${CLIENT_PASS}" ]; then CLIENTPASS="-pass pass:${CLIENT_PASS}" fi @@ -3023,9 +4134,9 @@ fetch_certificate - if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}" ; then + if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}"; then - if [ -n "${SERVERNAME}" ] ; then + if [ -n "${SERVERNAME}" ]; then verboselog "'${OPENSSL} s_client' returned an error: trying without '-servername'" @@ -3034,7 +4145,7 @@ fi - if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}" ; then + if ascii_grep 'sslv3\ alert\ unexpected\ message' "${ERROR}"; then prepend_critical_message 'cannot fetch certificate: OpenSSL got an unexpected message' @@ -3043,46 +4154,82 @@ fi # check for TLS renegotiation - if [ -z "${IGNORE_TLS_RENEGOTIATION}" ] ; then + if openssl_version '3.0.0' ; then + debuglog 'Skipping TLS renegotiation check as OpenSSL 3.0.0 enforces it by default' - verboselog "checking TLS renegotiation" + else - # see https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/ + if [ -z "${IGNORE_TLS_RENEGOTIATION}" ] && [ -z "${FILE}" ]; then - case "${PROTOCOL}" in - pop3|ftp|smtp|irc|ldap|imap|postgres|sieve|xmpp|xmpp-server|mysql) - exec_with_timeout "printf 'R\\n' | openssl s_client -connect ${HOST_ADDR}:${PORT} -starttls ${PROTOCOL} 2>&1 | grep -F -q err" - RET=$? - ;; - *) - exec_with_timeout "printf 'R\\n' | openssl s_client -connect ${HOST_ADDR}:${PORT} 2>&1 | grep -F -q err" - RET=$? - ;; - esac + debuglog "checking TLS renegotiation" + + # see https://www.mcafee.com/blogs/enterprise/tips-securing-ssl-renegotiation/ + + case "${PROTOCOL}" in + pop3 | ftp | smtp | irc | ldap | imap | postgres | sieve | xmpp | xmpp-server | mysql) + exec_with_timeout "printf 'R\\n' | ${OPENSSL} s_client ${INETPROTO} -crlf -connect ${HOST_ADDR}:${PORT} -starttls ${PROTOCOL} 2>&1 | grep -F -q err" + RET=$? + ;; + *) + exec_with_timeout "printf 'R\\n' | ${OPENSSL} s_client ${INETPROTO} -crlf -connect ${HOST_ADDR}:${PORT} 2>&1 | grep -F -q err" + RET=$? + ;; + esac + + if [ "${RET}" -eq 1 ]; then + + if ascii_grep '^Secure\ Renegotiation\ IS\ NOT' "${CERT}" && ! ascii_grep 'TLSv1.3' "${CERT}"; then + prepend_critical_message 'TLS renegotiation is supported but not secure' + else + verboselog "TLS renegotiation OK" + fi - if [ "${RET}" -eq 1 ] ; then + else + verboselog "TLS renegotiation OK" - if ascii_grep '^Secure\ Renegotiation\ IS\ NOT' "${CERT}" && ! ascii_grep 'TLSv1.3' "${CERT}" ; then - prepend_critical_message 'TLS renegotiation is supported but not secure' fi fi fi - if ascii_grep "BEGIN X509 CRL" "${CERT}" ; then + # check client certificates + if [ -n "${REQUIRE_CLIENT_CERT}" ]; then + + debuglog "Checking required client cert CAs" + + if ascii_grep "No client certificate CA names sent" "${CERT}"; then + prepend_critical_message "Did not return any client certificate CA names" + else + + for ca in $(echo "${REQUIRE_CLIENT_CERT_CAS}" | tr ',' '\n'); do + + debuglog " checking ${ca}" + + if ! grep "${ca}" "${CERT}" | grep -q '^C\ =\ ' && + ! grep "${ca}" "${CERT}" | grep -q '^\/C='; then + prepend_critical_message "${ca} is not listed as an acceptable client certificate CA" + fi + + done + + fi + + fi + + if ascii_grep "BEGIN X509 CRL" "${CERT}"; then # we are dealing with a CRL file OPENSSL_COMMAND="crl" OPENSSL_PARAMS="-nameopt utf8,oneline,-esc_msb" OPENSSL_ENDDATE_OPTION="-nextupdate" else # look if we are dealing with a regular certificate file (x509) - if ! ascii_grep "CERTIFICATE" "${CERT}" ; then - if [ -n "${FILE}" ] ; then + if ! ascii_grep "CERTIFICATE" "${CERT}"; then + if [ -n "${FILE}" ]; then - if [ -r "${FILE}" ] ; then + if [ -r "${FILE}" ]; then - if "${OPENSSL}" crl -in "${CERT}" -inform DER | grep -F -q "BEGIN X509 CRL" ; then + if "${OPENSSL}" crl -in "${CERT}" -inform DER | grep -F -q "BEGIN X509 CRL"; then debuglog "File is DER encoded CRL" OPENSSL_COMMAND="crl" @@ -3123,12 +4270,17 @@ fi - verboselog "parsing the ${OPENSSL_COMMAND} certificate file" + verboselog "Parsing the ${OPENSSL_COMMAND} certificate file" 2 ################################################################################ # Parse the X.509 certificate or crl - # shellcheck disable=SC2086 - DATE="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" "${OPENSSL_ENDDATE_OPTION}" -noout | sed -e "s/^notAfter=//" -e "s/^nextUpdate=//")" + DATE="$(extract_cert_attribute 'enddate' "${CERT}")" + info "Valid until" "${DATE}" + + if [ "${OPENSSL_COMMAND}" != 'crl' ]; then + START_DATE="$(extract_cert_attribute 'startdate' "${CERT}")" + info "Valid from" "${START_DATE}" + fi if [ "${OPENSSL_COMMAND}" = "crl" ]; then CN="" @@ -3136,107 +4288,125 @@ SERIAL=0 OCSP_URI="" VALID_ATTRIBUTES=",lastupdate,nextupdate,issuer," - # shellcheck disable=SC2086 - ISSUERS="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -issuer -noout)" + ISSUERS="$(extract_cert_attribute 'issuer' "${CERT}")" else - # we need to remove everything before 'CN = ', to remove an eventual email supplied with / and additional elements (after ', ') - # shellcheck disable=SC2086 - if ${OPENSSL} x509 -in "${CERT}" -subject -noout ${OPENSSL_PARAMS} | grep -F -q 'CN' ; then - CN="$(${OPENSSL} x509 -in "${CERT}" -subject -noout ${OPENSSL_PARAMS} | - sed -e "s/^.*[[:space:]]*CN[[:space:]]=[[:space:]]//" -e "s/\\/[[:alpha:]][[:alpha:]]*=.*\$//" -e "s/,.*//" )" - else - CN='CN unavailable' - if [ -z "${ALTNAMES}" ] ; then + + # we need to remove everything before 'CN = ', to remove an eventual email + # supplied with / and additional elements (after ', ') + + if ! CN="$(extract_cert_attribute 'cn' "${CERT}")"; then + if [ -z "${ALTNAMES}" ]; then + debuglog "certificate without common name (CN), enabling altername names" verboselog "certificate without common name (CN), enabling altername names" ALTNAMES=1 fi fi - # shellcheck disable=SC2086 - SUBJECT="$(${OPENSSL} x509 -in "${CERT}" -subject -noout ${OPENSSL_PARAMS})" + SUBJECT="$(extract_cert_attribute 'subject' "${CERT}")" + debuglog "SUBJECT = ${SUBJECT}" + + info "Subject" "${CN}" + + SERIAL="$(extract_cert_attribute 'serial' "${CERT}")" + debuglog "SERIAL = ${SERIAL}" - SERIAL="$(${OPENSSL} x509 -in "${CERT}" -serial -noout | sed -e "s/^serial=//")" + info "Serial Number" "${SERIAL}" - FINGERPRINT="$(${OPENSSL} x509 -in "${CERT}" -fingerprint -sha1 -noout | sed -e "s/^SHA1 Fingerprint=//")" + FINGERPRINT="$(extract_cert_attribute 'fingerprint' "${CERT}")" + debuglog "FINGERPRINT = ${FINGERPRINT}" + + FINGERPRINT_INFO="$( echo "${FINGERPRINT}" | sed 's/Fingerprint=//' )" + info "Fingerprint" "${FINGERPRINT_INFO}" # TO DO: we just take the first result: a loop over all the hosts should - # shellcheck disable=SC2086 - OCSP_URI="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -ocsp_uri -noout | head -n 1)" + # be implemented + OCSP_URI="$(extract_cert_attribute 'oscp_uri_single' "${CERT}")" + debuglog "OCSP_URI = ${OCSP_URI}" + + info "Revocation information" "OCSP: ${OCSP_URI}" + + # Extract the issuers + debuglog "Extracting issuers" # count the certificates in the chain NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") + debuglog " Number of certificates in the chain: ${NUM_CERTIFICATES}" - # start with first certificate - debuglog "Skipping ${SKIP_ELEMENT} element of the chain" - CERT_IN_CHAIN=$(( SKIP_ELEMENT + 1 )) + debuglog "Checking certificate chain" - # shellcheck disable=SC2086 + # start with first certificate + CERT_IN_CHAIN=1 while [ "${CERT_IN_CHAIN}" -le "${NUM_CERTIFICATES}" ]; do + + debuglog " extracting issuer for element ${CERT_IN_CHAIN}" + if echo "${SKIP_ELEMENT}" | grep -q "${CERT_IN_CHAIN}"; then + debuglog " skipping element ${CERT_IN_CHAIN}" + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + continue + fi + if [ -n "${ISSUERS}" ]; then - ISSUERS="${ISSUERS}\\n" + # add a newline + ISSUERS="${ISSUERS} +" fi - # shellcheck disable=SC2086 - ISSUERS="${ISSUERS}$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | \ - awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}' | \ - ${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -issuer -noout)" + CERT_ELEMENT="$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}')" + + # get the organization and common name + + ELEMENT_ISSUER="$(extract_cert_attribute 'issuer' "${CERT_ELEMENT}" | grep -E "^(O|CN) ?= ?" | sed 's/^[^=]*=//' )" + + MESSAGE="$( echo "${ELEMENT_ISSUER}" | sed 's/^/ELEMENT_ISSUER=/' )" + debuglog "${MESSAGE}" - CERT_IN_CHAIN=$(( CERT_IN_CHAIN + 1 )) - if ! [ "${ELEMENT}" -eq 0 ] && [ $(( CERT_IN_CHAIN - ELEMENT )) -lt 0 ]; then + ISSUERS="${ISSUERS}${ELEMENT_ISSUER}" + MESSAGE="$( echo "${ISSUERS}" | sed 's/^/ISSUERS=/' )" + debuglog "${MESSAGE}" + + + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + if ! [ "${ELEMENT}" -eq 0 ] && [ $((ELEMENT - CERT_IN_CHAIN)) -lt 0 ]; then break fi done - fi - debuglog 'ISSUERS = ' - debuglog "${ISSUERS}" + debuglog "Certificate chain check finished" - # Handle properly openssl x509 -issuer -noout output format differences: - # OpenSSL 1.1.0: issuer=C = XY, ST = Alpha, L = Bravo, O = Charlie, CN = Charlie SSL CA - # OpenSSL 1.0.2: issuer= /C=XY/ST=Alpha/L=Bravo/O=Charlie/CN=Charlie SSL CA 3 - # shellcheck disable=SC2086 - ISSUERS=$(echo "${ISSUERS}" | sed 's/\\n/\n/g' | sed -E -e "s/^issuer=( \\/)?//" | awk '{gsub(", ","\n")};1' | grep -E "^(O|CN) ?= ?") + fi debuglog 'ISSUERS = ' debuglog "${ISSUERS}" # we just consider the first HTTP(S) URI - # TODO check SC2016 - # shellcheck disable=SC2086,SC2016 - - ISSUER_URI="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep -F "CA Issuers" | grep -F -i "http" | head -n 1 | sed -e "s/^.*CA Issuers - URI://" | tr -d '"!|;$(){}<>`&')" + ISSUER_URI="$(extract_cert_attribute 'issuer_uri_single' "${CERT}")" # Check OCSP stapling - if [ -n "${REQUIRE_OCSP_STAPLING}" ] ; then - - verboselog "checking OCSP stapling" + if [ -n "${REQUIRE_OCSP_STAPLING}" ]; then - grep -F -A 17 'OCSP response:' "${CERT}" > "${OCSP_RESPONSE_TMP}" + grep -F -A 17 'OCSP response:' "${CERT}" >"${OCSP_RESPONSE_TMP}" debuglog "${OCSP_RESPONSE_TMP}" - if ! ascii_grep 'Next Update' "${OCSP_RESPONSE_TMP}" ; then + if ! ascii_grep 'Next Update' "${OCSP_RESPONSE_TMP}"; then prepend_critical_message "OCSP stapling not enabled" else - verboselog " OCSP stapling enabled" NEXT_UPDATE=$(grep -o 'Next Update: .*$' "${OCSP_RESPONSE_TMP}" | cut -b14-) - - - OCSP_EXPIRES_IN_HOURS=$(hours_until "${NEXT_UPDATE}") - verboselog " OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours" - if [ -n "${OCSP_CRITICAL}" ] && [ "${OCSP_CRITICAL}" -ge "${OCSP_EXPIRES_IN_HOURS}" ] ; then + verboselog "OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours" + if [ -n "${OCSP_CRITICAL}" ] && [ "${OCSP_CRITICAL}" -ge "${OCSP_EXPIRES_IN_HOURS}" ]; then prepend_critical_message "${OPENSSL_COMMAND} OCSP stapling will expire in ${OCSP_EXPIRES_IN_HOURS} hour(s) on ${NEXT_UPDATE}" - elif [ -n "${OCSP_WARNING}" ] && [ "${OCSP_WARNING}" -ge "${OCSP_EXPIRES_IN_HOURS}" ] ; then + elif [ -n "${OCSP_WARNING}" ] && [ "${OCSP_WARNING}" -ge "${OCSP_EXPIRES_IN_HOURS}" ]; then append_warning_message "${OPENSSL_COMMAND} OCSP stapling will expire in ${OCSP_EXPIRES_IN_HOURS} hour(s) on ${NEXT_UPDATE}" fi fi fi - # shellcheck disable=SC2086 - SIGNATURE_ALGORITHM="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text -noout | grep -m 1 -F 'Signature Algorithm')" + SIGNATURE_ALGORITHM="$(extract_cert_attribute 'sig_algo' "${CERT}" | sed 's/.*:\ //' )" + info "Signature algorithm" "${SIGNATURE_ALGORITHM}" - if [ "${DEBUG}" -ge 1 ] ; then + if [ "${DEBUG}" -ge 1 ]; then debuglog "${SUBJECT}" debuglog "CN = ${CN}" # shellcheck disable=SC2162 @@ -3250,9 +4420,14 @@ debuglog "${SIGNATURE_ALGORITHM}" fi - if echo "${SIGNATURE_ALGORITHM}" | grep -F -q "sha1" ; then + info "Issuer URI" "${ISSUER_URI}" + # shellcheck disable=SC2116,SC2086 + ISSUER_INFO="$( echo ${ISSUERS} )" + info "Issuers" "${ISSUER_INFO}" - if [ -n "${NOSIGALG}" ] ; then + if echo "${SIGNATURE_ALGORITHM}" | grep -F -q "sha1"; then + + if [ -n "${NOSIGALG}" ]; then verboselog "${OPENSSL_COMMAND} Certificate is signed with SHA-1" @@ -3264,9 +4439,9 @@ fi - if echo "${SIGNATURE_ALGORITHM}" | grep -F -qi "md5" ; then + if echo "${SIGNATURE_ALGORITHM}" | grep -F -qi "md5"; then - if [ -n "${NOSIGALG}" ] ; then + if [ -n "${NOSIGALG}" ]; then verboselog "${OPENSSL_COMMAND} Certificate is signed with MD5" @@ -3280,26 +4455,26 @@ ################################################################################ # Generate the long output - if [ -n "${LONG_OUTPUT_ATTR}" ] ; then + if [ -n "${LONG_OUTPUT_ATTR}" ]; then check_attr() { ATTR="$1" - if ! echo "${VALID_ATTRIBUTES}" | grep -q ",${ATTR}," ; then + if ! echo "${VALID_ATTRIBUTES}" | grep -q ",${ATTR},"; then unknown "Invalid certificate attribute: ${ATTR}" else # shellcheck disable=SC2086 - value="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -noout -nameopt utf8,oneline,-esc_msb -"${ATTR}" | sed -e "s/.*=//")" + value="$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -noout -nameopt utf8,oneline,-esc_msb -"${ATTR}" | sed -e "s/.*=//")" LONG_OUTPUT="${LONG_OUTPUT}\\n${ATTR}: ${value}" fi } # Split on comma - if [ "${LONG_OUTPUT_ATTR}" = "all" ] ; then + if [ "${LONG_OUTPUT_ATTR}" = "all" ]; then LONG_OUTPUT_ATTR="${VALID_ATTRIBUTES}" fi - attributes=$( echo "${LONG_OUTPUT_ATTR}" | tr ',' "\\n" ) - for attribute in ${attributes} ; do + attributes=$(echo "${LONG_OUTPUT_ATTR}" | tr ',' '\n') + for attribute in ${attributes}; do check_attr "${attribute}" done @@ -3312,127 +4487,163 @@ # Do not use grep --after-context=NUM but -A NUM so that it works on BusyBox - # shellcheck disable=SC2086 - SUBJECT_ALTERNATIVE_NAME=$(${OPENSSL} "${OPENSSL_COMMAND}" ${OPENSSL_PARAMS} -in "${CERT}" -text | - grep -F -A 1 "509v3 Subject Alternative Name:" | - tail -n 1 | - sed -e "s/DNS://g" | - sed -e "s/,//g" | - sed -e "s/^\\ *//" - ) + SUBJECT_ALTERNATIVE_NAME="$(extract_cert_attribute 'subjectAlternativeName' "${CERT}")" debuglog "subjectAlternativeName = ${SUBJECT_ALTERNATIVE_NAME}" - if [ -n "${REQUIRE_SAN}" ] && [ -z "${SUBJECT_ALTERNATIVE_NAME}" ] && [ "${OPENSSL_COMMAND}" != "crl" ] ; then + if [ -n "${REQUIRE_SAN}" ] && [ -z "${SUBJECT_ALTERNATIVE_NAME}" ] && [ "${OPENSSL_COMMAND}" != "crl" ]; then prepend_critical_message "The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address." + else + verboselog "The certificate for this site contains a Subject Alternative Name extension" fi + for san in ${SUBJECT_ALTERNATIVE_NAME}; do + info "Subject Alternative Name" "${san}" + done + ################################################################################ # Check the CN - if [ -n "${COMMON_NAME}" ] ; then + if [ -n "${COMMON_NAME}" ]; then ok="" - debuglog "check CN: ${CN}" - debuglog "COMMON_NAME = ${COMMON_NAME}" - debuglog "ALTNAMES = ${ALTNAMES}" + debuglog "check CN ${CN}" + debuglog "COMMON_NAME = ${COMMON_NAME}" + debuglog "ALTNAMES = ${ALTNAMES}" + debuglog "SUBJECT_ALTERNATIVE_NAME = ${SUBJECT_ALTERNATIVE_NAME}" + + IS_IP_TMP="$(is_ip "${COMMON_NAME}")" + if [ "${IS_IP_TMP}" -eq 0 ]; then + + # Common name is case insensitive: using grep for comparison (and not 'case' with 'shopt -s nocasematch' as not defined in POSIX + if echo "${CN}" | grep -q -i '^\*\.'; then + + # Or the literal with the wildcard + CN_TMP="$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/')" + debuglog "checking if the common name matches ^${CN_TMP}\$" + if echo "${COMMON_NAME}" | grep -q -i "^${CN_TMP}\$"; then + debuglog "the common name ${COMMON_NAME} matches ^${CN_TMP}\$" + ok="true" + fi - # Common name is case insensitive: using grep for comparison (and not 'case' with 'shopt -s nocasematch' as not defined in POSIX + # Or if both are exactly the same + debuglog "checking if the common name matches ^${CN}\$" - if echo "${CN}" | grep -q -i "^\\*\\." ; then + if echo "${COMMON_NAME}" | grep -q -i "^${CN}\$"; then + debuglog "the common name ${COMMON_NAME} matches ^${CN}\$" + ok="true" + fi - # Or the literal with the wildcard - debuglog "checking if the common name matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" - if echo "${COMMON_NAME}" | grep -q -i "^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" ; then - debuglog "the common name ${COMMON_NAME} matches ^$(echo "${CN}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" - ok="true" - fi + else - # Or if both are exactly the same - debuglog "checking if the common name matches ^${CN}\$" + if echo "${COMMON_NAME}" | grep -q -i "^${CN}$"; then + ok="true" + fi - if echo "${COMMON_NAME}" | grep -q -i "^${CN}\$" ; then - debuglog "the common name ${COMMON_NAME} matches ^${CN}\$" - ok="true" fi else - if echo "${COMMON_NAME}" | grep -q -i "^${CN}$" ; then - ok="true" - fi + verboselog "Skipping the matching of the host name (${COMMON_NAME}) as it is an IP address" + COMMON_NAME_IS_AN_IP=1 fi - # Check alternate names - if [ -n "${ALTNAMES}" ] && [ -z "${ok}" ]; then + if [ -n "${REQUIRE_SAN}" ] && [ -z "${SUBJECT_ALTERNATIVE_NAME}" ]; then - for cn in ${COMMON_NAME} ; do + prepend_critical_message "The certificate does not have any Subject Alternative Names" - ok="" - - debuglog '===============================' - debuglog "checking altnames against ${cn}" + else - for alt_name in ${SUBJECT_ALTERNATIVE_NAME} ; do + # Check alternate names + # SUBJECT_ALTERNATIVE_NAME can also be empty - debuglog "check Altname: ${alt_name}" + if [ -n "${SUBJECT_ALTERNATIVE_NAME}" ]; then - if echo "${alt_name}" | grep -q -i "^\\*\\." ; then + if [ -n "${ALTNAMES}" ] && [ -z "${ok}" ]; then - # Match the domain - debuglog "the altname ${alt_name} begins with a '*'" - debuglog "checking if the common name matches ^$(echo "${alt_name}" | cut -c 3-)\$" + debuglog "Checking alternate names" - if echo "${cn}" | grep -q -i "^$(echo "${alt_name}" | cut -c 3-)\$" ; then - debuglog "the common name ${cn} matches ^$( echo "${alt_name}" | cut -c 3- )\$" - ok="true" + for cn in ${COMMON_NAME}; do + IS_IP_TMP="$(is_ip "${cn}")" + if [ "${IS_IP_TMP}" -eq 1 ]; then + verboselog "Skipping the matching of ${cn} as it is an IP address" + continue fi - # Or the literal with the wildcard - debuglog "checking if the common name matches ^$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" + ok="" - if echo "${cn}" | grep -q -i "^$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" ; then - debuglog "the common name ${cn} matches ^$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/' )\$" - ok="true" - fi + debuglog '===============================' + debuglog "checking altnames against ${cn}" + debuglog " SUBJECT_ALTERNATIVE_NAME = ${SUBJECT_ALTERNATIVE_NAME}" - # Or if both are exactly the same - debuglog "checking if the common name matches ^${alt_name}\$" + for alt_name in ${SUBJECT_ALTERNATIVE_NAME}; do - if echo "${cn}" | grep -q -i "^${alt_name}\$" ; then - debuglog "the common name ${cn} matches ^${alt_name}\$" - ok="true" - fi + debuglog "check Altname: ${alt_name}" - else + if echo "${alt_name}" | grep -q -i '^\*\.'; then - if echo "${cn}" | grep -q -i "^${alt_name}$" ; then - ok="true" - fi + # Match the domain + debuglog "the altname ${alt_name} begins with a '*'" + ALT_NAME_TMP="$(echo "${alt_name}" | cut -c 3-)" + debuglog "checking if the common name matches ^${ALT_NAME_TMP}\$" - fi + if echo "${cn}" | grep -q -i "^${ALT_NAME_TMP}\$"; then + debuglog "the common name ${cn} matches ^${ALT_NAME_TMP}\$" + ok="true" - if [ -n "${ok}" ] ; then - break; - fi + fi - done + # Or the literal with the wildcard + ALT_NAME_TMP="$(echo "${alt_name}" | sed -e 's/[.]/[.]/g' -e 's/[*]/[A-Za-z0-9_\-]*/')" + debuglog "checking if the common name matches ^${ALT_NAME_TMP}\$" + + if echo "${cn}" | grep -q -i "^${ALT_NAME_TMP}\$"; then + debuglog "the common name ${cn} matches ^${ALT_NAME_TMP}\$" + ok="true" + fi - if [ -z "${ok}" ] ; then - fail="${cn}" - break; - fi + # Or if both are exactly the same + debuglog "checking if the common name matches ^${alt_name}\$" - done + if echo "${cn}" | grep -q -i "^${alt_name}\$"; then + debuglog "the common name ${cn} matches ^${alt_name}\$" + ok="true" + fi - fi + else + + if echo "${cn}" | grep -q -i "^${alt_name}$"; then + ok="true" + fi + + fi + + if [ -n "${ok}" ]; then + break + fi + + done + + if [ -z "${ok}" ]; then + fail="${cn}" + break + fi + + done + + fi + + CN_TMP="$(echo "${CN}" | sed "s/|/ PIPE /g")" + if [ -n "${fail}" ]; then + prepend_critical_message "invalid CN ('${CN_TMP}' does not match '${fail}')" + else + if [ -z "${ok}" ] && [ -z "${COMMON_NAME_IS_AN_IP}" ]; then + prepend_critical_message "invalid CN ('${CN_TMP}' does not match '${COMMON_NAME}')" + fi + fi - if [ -n "${fail}" ] ; then - prepend_critical_message "invalid CN ('$(echo "${CN}" | sed "s/|/ PIPE /g")' does not match '${fail}')" - else - if [ -z "${ok}" ] ; then - prepend_critical_message "invalid CN ('$(echo "${CN}" | sed "s/|/ PIPE /g")' does not match '${COMMON_NAME}')" fi + fi debuglog " CN check finished" @@ -3441,27 +4652,30 @@ ################################################################################ # Check the issuer - if [ -n "${ISSUER}" ] ; then + if [ -n "${ISSUER}" ]; then debuglog "check ISSUER: ${ISSUER}" ok="" - CA_ISSUER_MATCHED=$(echo "${ISSUERS}" | grep -E "^(O|CN) ?= ?${ISSUER}\$" | sed -E -e "s/^(O|CN) ?= ?//" | head -n1) + CA_ISSUER_MATCHED=$(echo "${ISSUERS}" | grep -E "^${ISSUER}\$" | head -n1) debuglog " issuer matched = ${CA_ISSUER_MATCHED}" if [ -n "${CA_ISSUER_MATCHED}" ]; then + verboselog "The certificate issuer matches ${ISSUER}" ok="true" else # this looks ugly but preserves spaces in CA name - prepend_critical_message "invalid CA ('$(echo "${ISSUER}" | sed "s/|/ PIPE /g")' does not match '$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | tr '\n' '|' | sed "s/|\$//g" | sed "s/|/\\' or \\'/g")')" + ISSUER_TMP="$(echo "${ISSUER}" | sed "s/|/ PIPE /g")" + ISSUERS_TMP="$(echo "${ISSUERS}" | tr '\n' '|' | sed 's/|$//g' | sed "s/|/\\' or \\'/g")" + prepend_critical_message "invalid CA ('${ISSUER_TMP}' does not match '${ISSUERS_TMP}')" fi fi ################################################################################ # Check if not issued by - if [ -n "${NOT_ISSUED_BY}" ] ; then + if [ -n "${NOT_ISSUED_BY}" ]; then debuglog "check NOT_ISSUED_BY: ${NOT_ISSUED_BY}" @@ -3474,7 +4688,9 @@ if [ -n "${CA_ISSUER_MATCHED}" ]; then # this looks ugly but preserves spaces in CA name - prepend_critical_message "invalid CA ('$(echo "${NOT_ISSUED_BY}" | sed "s/|/ PIPE /g")' matches '$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | tr '\n' '|' | sed "s/|\$//g" | sed "s/|/\\' or \\'/g")')" + NOT_ISSUED_BY_TMP="$(echo "${NOT_ISSUED_BY}" | sed "s/|/ PIPE /g")" + ISSUERS_TMP="$(echo "${ISSUERS}" | sed -E -e "s/^(O|CN) ?= ?//" | tr '\n' '|' | sed 's/|$//g' | sed "s/|/\\' or \\'/g")" + prepend_critical_message "invalid CA ('${NOT_ISSUED_BY_TMP}' matches '${ISSUERS_TMP}')" else ok="true" CA_ISSUER_MATCHED="$(echo "${ISSUERS}" | grep -E "^CN ?= ?" | sed -E -e "s/^CN ?= ?//" | head -n1)" @@ -3482,158 +4698,195 @@ else - CA_ISSUER_MATCHED="$(echo "${ISSUERS}" | grep -E "^CN ?= ?" | sed -E -e "s/^CN ?= ?//" | head -n1)" + CA_ISSUER_MATCHED="$(echo "${ISSUERS}" | head -n1)" fi ################################################################################ # Check the serial number - if [ -n "${SERIAL_LOCK}" ] ; then + if [ -n "${SERIAL_LOCK}" ]; then ok="" - if echo "${SERIAL}" | grep -q "^${SERIAL_LOCK}\$" ; then + if echo "${SERIAL}" | grep -q "^${SERIAL_LOCK}\$"; then ok="true" fi - if [ -z "${ok}" ] ; then - prepend_critical_message "invalid serial number ('$(echo "${SERIAL_LOCK}" | sed "s/|/ PIPE /g")' does not match '${SERIAL}')" + if [ -z "${ok}" ]; then + SERIAL_LOCK_TMP="$(echo "${SERIAL_LOCK}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid serial number ('${SERIAL_LOCK_TMP}' does not match '${SERIAL}')" + else + verboselog "Valid serial number (${SERIAL})" fi fi ################################################################################ # Check the Fingerprint - if [ -n "${FINGERPRINT_LOCK}" ] ; then + if [ -n "${FINGERPRINT_LOCK}" ]; then ok="" - if echo "${FINGERPRINT}" | grep -q -E "^${FINGERPRINT_LOCK}\$" ; then + if echo "${FINGERPRINT}" | grep -q -E "^${FINGERPRINT_LOCK}\$"; then ok="true" fi - if [ -z "${ok}" ] ; then - prepend_critical_message "invalid SHA1 Fingerprint ('$(echo "${FINGERPRINT_LOCK}" | sed "s/|/ PIPE /g")' does not match '${FINGERPRINT}')" + if [ -z "${ok}" ]; then + FINGERPRINT_LOCK_TMP="$(echo "${FINGERPRINT_LOCK}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid SHA1 Fingerprint ('${FINGERPRINT_LOCK_TMP}' does not match '${FINGERPRINT}')" + else + verboselog "Valid SHA1 fingerprint (${FINGERPRINT})" fi fi ################################################################################ # Check the validity - if [ -z "${NOEXP}" ] ; then + if [ -z "${NOEXP}" ]; then debuglog "Checking expiration date" if [ -n "${FIRST_ELEMENT_ONLY}" ] || [ "${OPENSSL_COMMAND}" = "crl" ]; then - check_cert_end_date "$(cat "${CERT}")" + debuglog "Only one element or CRL" + DATE_TMP="$(cat "${CERT}")" + check_cert_end_date "${DATE_TMP}" else # count the certificates in the chain NUM_CERTIFICATES=$(grep -F -c -- "-BEGIN CERTIFICATE-" "${CERT}") debuglog "Number of certificates in CA chain: $((NUM_CERTIFICATES))" - debuglog "Skipping ${SKIP_ELEMENT} element of the chain" - CERT_IN_CHAIN=$(( SKIP_ELEMENT + 1 )) + CERT_IN_CHAIN=1 while [ "${CERT_IN_CHAIN}" -le "${NUM_CERTIFICATES}" ]; do - elem_number=$((CERT_IN_CHAIN)) - chain_element=$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | \ - awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}') debuglog '------------------------------------------------------------------------------' + debuglog "-- Checking element ${CERT_IN_CHAIN}" + + if echo "${SKIP_ELEMENT}" | grep -q "${CERT_IN_CHAIN}"; then + debuglog " skipping element ${CERT_IN_CHAIN}" + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + continue + fi + + elem_number=$((CERT_IN_CHAIN)) + chain_element=$(sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "${CERT}" | + awk -v n="${CERT_IN_CHAIN}" '/-BEGIN CERTIFICATE-/{l++} (l==n) {print}') + check_cert_end_date "${chain_element}" "${elem_number}" debuglog '------------------------------------------------------------------------------' check_ocsp "${chain_element}" "${elem_number}" - if [ -n "${CRL}" ] ; then + if [ -n "${CRL}" ]; then debuglog '------------------------------------------------------------------------------' check_crl "${chain_element}" "${elem_number}" fi - CERT_IN_CHAIN=$(( CERT_IN_CHAIN + 1 )) - if ! [ "${ELEMENT}" -eq 0 ] && [ $(( CERT_IN_CHAIN - ELEMENT )) -lt 0 ]; then + CERT_IN_CHAIN=$((CERT_IN_CHAIN + 1)) + if ! [ "${ELEMENT}" -eq 0 ] && [ $((ELEMENT - CERT_IN_CHAIN)) -lt 0 ]; then break fi + done + + debuglog '------------------------------------------------------------------------------' + fi fi ################################################################################ - # Check SSL Labs - if [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then + # Check nmap + if [ -n "${CHECK_CIPHERS}" ] || [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then - verboselog "checking offered ciphers with nmap" - - if [ -n "${CHECK_CIPHERS}" ] ; then + if [ -n "${CHECK_CIPHERS}" ]; then debuglog "Checking offered ciphers (minimum level ${CHECK_CIPHERS}: ${CHECK_CIPHERS_NUMERIC})" fi - create_temporary_file; NMAP_OUT=${TEMPFILE} - create_temporary_file; NMAP_ERR=${TEMPFILE} + create_temporary_file + NMAP_OUT=${TEMPFILE} + create_temporary_file + NMAP_ERR=${TEMPFILE} - exec_with_timeout "nmap -sV --script ssl-enum-ciphers ${HOST_ADDR} -p ${PORT}" "${NMAP_OUT}" "${NMAP_ERR}" + # -Pn is needed even if we specify a port + exec_with_timeout "${NMAP_BIN} -Pn --script ssl-enum-ciphers ${HOST_ADDR} -p ${PORT}" "${NMAP_OUT}" "${NMAP_ERR}" - if [ "${DEBUG}" -ge 1 ] ; then + if [ "${DEBUG}" -ge 1 ]; then debuglog 'nmap output:' while read -r LINE; do debuglog "${LINE}" - done < "${NMAP_OUT}" + done <"${NMAP_OUT}" debuglog 'nmap errors:' - if [ -s "${NMAP_ERR}" ] ; then + if [ -s "${NMAP_ERR}" ]; then while read -r LINE; do debuglog "${LINE}" - done < "${NMAP_ERR}" + done <"${NMAP_ERR}" fi fi - if [ -s "${NMAP_ERR}" ] ; then - NMAP_ERROR=$( head -n 1 "${NMAP_ERR}" ) - unknown "nmap exited with error: ${NMAP_ERROR}" + if [ -s "${NMAP_ERR}" ]; then + + NMAP_ERROR=$(head -n 1 "${NMAP_ERR}") + + # check for -Pn warning + if ! grep -q "Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower." "${NMAP_ERR}"; then + unknown "nmap exited with error: ${NMAP_ERROR}" + fi + fi - if ! grep -F -q '| ssl-enum-ciphers' "${NMAP_OUT}" ; then + + if ! grep -F -q '| ssl-enum-ciphers' "${NMAP_OUT}"; then unknown "empty nmap result while checking ciphers" fi - if [ -n "${CHECK_CIPHERS}" ] ; then + if [ -n "${CHECK_CIPHERS}" ]; then + + if ! grep -q -F 'least strength' "${NMAP_OUT}"; then + unknown 'nmap does not deliver cipher strength' + fi - NMAP_GRADE=$( grep -F 'least strength' "${NMAP_OUT}" | sed 's/.*\ //' ) + NMAP_GRADE=$(grep -F 'least strength' "${NMAP_OUT}" | sed 's/.*\ //') convert_grade "${NMAP_GRADE}" NMAP_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - verboselog "nmap cipher grade ${NMAP_GRADE}: ${NMAP_GRADE_NUMERIC}" + verboselog "Cipher grade ${NMAP_GRADE_NUMERIC}: ${NMAP_GRADE}" # Check the grade - if [ "${NMAP_GRADE_NUMERIC}" -lt "${CHECK_CIPHERS_NUMERIC}" ] ; then + if [ "${NMAP_GRADE_NUMERIC}" -lt "${CHECK_CIPHERS_NUMERIC}" ]; then prepend_critical_message "${HOST_ADDR} offers ciphers with grade ${NMAP_GRADE} (instead of ${CHECK_CIPHERS})" fi fi - if [ -n "${CHECK_CIPHERS_WARNINGS}" ] ; then + if [ -n "${CHECK_CIPHERS_WARNINGS}" ]; then - if grep -F -q 'warnings:' "${NMAP_OUT}" ; then + if grep -F -q 'warnings:' "${NMAP_OUT}"; then PARSING_WARNINGS= WARNINGS= while IFS= read -r line; do - if echo "${line}" | grep -q -F 'warnings:' ; then + if echo "${line}" | grep -q -F 'warnings:'; then PARSING_WARNINGS=1 - elif echo "${line}" | grep -q -F ':' ; then + elif echo "${line}" | grep -q -F ':'; then PARSING_WARNINGS= - elif [ -n "${PARSING_WARNINGS}" ] ; then - WARNING=$( echo "${line}" | sed 's/|\ *//' ) - if [ -n "${WARNINGS}" ] ; then + elif [ -n "${PARSING_WARNINGS}" ]; then + WARNING=$(echo "${line}" | sed 's/|\ *//') + if [ -n "${WARNINGS}" ]; then debuglog "Cipher warning '${WARNING}'" - WARNINGS="${WARNINGS}\\n${WARNING}" + WARNINGS="${WARNINGS} +${WARNING}" else WARNINGS="${WARNING}" fi fi - done < "${NMAP_OUT}" + done <"${NMAP_OUT}" + + WARNINGS="$( echo "${WARNINGS}" | sort | uniq | tr '\n' ',' | sed -e 's/,/,\ /g' -e 's/,\ $//' )" + prepend_critical_message "${HOST_ADDR} offers ciphers with warnings: ${WARNINGS}" + + else - WARNINGS=$( echo "${WARNINGS}" | sort | uniq | tr '\n' ',' | sed 's/,/,\ /g' | sed 's/,\ $//' ) - prepend_critical_message "${HOST_ADDR} offers ciphers with warning: ${WARNINGS}" + verboselog "No ciphers with warnings are offered" fi @@ -3643,9 +4896,7 @@ ################################################################################ # Check SSL Labs - if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ] ; then - - verboselog "checking SSL Labs assessment" + if [ -n "${SSL_LAB_CRIT_ASSESSMENT}" ]; then while true; do @@ -3653,7 +4904,7 @@ debuglog "HTTPS_PROXY = ${HTTPS_PROXY}" debuglog "executing ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}\"" - if [ -n "${SNI}" ] ; then + if [ -n "${SNI}" ]; then JSON="$(${CURL_BIN} "${CURL_PROXY}" "${CURL_PROXY_ARGUMENT}" "${INETPROTO}" --silent "https://api.ssllabs.com/api/v2/analyze?host=${SNI}${IGNORE_SSL_LABS_CACHE}")" CURL_RETURN_CODE=$? else @@ -3661,7 +4912,7 @@ CURL_RETURN_CODE=$? fi - if [ "${CURL_RETURN_CODE}" -ne 0 ] ; then + if [ "${CURL_RETURN_CODE}" -ne 0 ]; then debuglog "curl returned ${CURL_RETURN_CODE}: ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}${IGNORE_SSL_LABS_CACHE}\"" @@ -3669,7 +4920,7 @@ fi - JSON="$(printf '%s' "${JSON}" | tr '\n' ' ' )" + JSON="$(printf '%s' "${JSON}" | tr '\n' ' ')" debuglog "Checking SSL Labs: ${CURL_BIN} ${CURL_PROXY} ${CURL_PROXY_ARGUMENT} ${INETPROTO} --silent \"https://api.ssllabs.com/api/v2/analyze?host=${HOST_NAME}\"" debuglog "SSL Labs JSON: ${JSON}" @@ -3677,83 +4928,90 @@ # We clear the cache only on the first run IGNORE_SSL_LABS_CACHE="" - if echo "${JSON}" | grep -F -q 'Running\ at\ full\ capacity.\ Please\ try\ again\ later' ; then - verboselog 'SSL Labs running at full capacity' + if echo "${JSON}" | grep -F -q 'Running\ at\ full\ capacity.\ Please\ try\ again\ later'; then + verboselog ' SSL Labs running at full capacity' else - SSL_LABS_HOST_STATUS=$(echo "${JSON}" \ - | sed 's/.*"status":[ ]*"\([^"]*\)".*/\1/') + SSL_LABS_HOST_STATUS=$(echo "${JSON}" | + sed 's/.*"status":[ ]*"\([^"]*\)".*/\1/') debuglog "SSL Labs status: ${SSL_LABS_HOST_STATUS}" case "${SSL_LABS_HOST_STATUS}" in - 'ERROR') - SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" \ - | sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') - prepend_critical_message "Error checking SSL Labs: ${SSL_LABS_STATUS_MESSAGE}" - ;; - 'READY') - if ! echo "${JSON}" | grep -F -q "grade" ; then - - # Something went wrong - SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" \ - | sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') - prepend_critical_message "SSL Labs error: ${SSL_LABS_STATUS_MESSAGE}" - break + 'ERROR') + SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" | + sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') + prepend_critical_message "Error checking SSL Labs: ${SSL_LABS_STATUS_MESSAGE}" + break + ;; + 'READY') + if ! echo "${JSON}" | grep -F -q "grade"; then + + # Something went wrong + SSL_LABS_STATUS_MESSAGE=$(echo "${JSON}" | + sed 's/.*"statusMessage":[ ]*"\([^"]*\)".*/\1/') + prepend_critical_message "SSL Labs error: ${SSL_LABS_STATUS_MESSAGE}" + break - else + else - SSL_LABS_HOST_GRADE=$(echo "${JSON}" \ - | sed 's/.*"grade":[ ]*"\([^"]*\)".*/\1/') + SSL_LABS_HOST_GRADE=$(echo "${JSON}" | + sed 's/.*"grade":[ ]*"\([^"]*\)".*/\1/') - debuglog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" + debuglog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" - verboselog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" + verboselog "SSL Labs grade: ${SSL_LABS_HOST_GRADE}" - convert_grade "${SSL_LABS_HOST_GRADE}" - SSL_LABS_HOST_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" + convert_grade "${SSL_LABS_HOST_GRADE}" + SSL_LABS_HOST_GRADE_NUMERIC="${NUMERIC_SSL_LAB_GRADE}" - add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" + add_performance_data "ssllabs=${SSL_LABS_HOST_GRADE_NUMERIC}%;;${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" - # Check the grade - if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ] ; then - prepend_critical_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_CRIT_ASSESSMENT})" - elif [ -n "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then - if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ] ; then - append_warning_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_WARN_ASSESTMENT})" - fi + # Check the grade + if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_CRIT_ASSESSMENT_NUMERIC}" ]; then + prepend_critical_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_CRIT_ASSESSMENT})" + elif [ -n "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then + if [ "${SSL_LABS_HOST_GRADE_NUMERIC}" -lt "${SSL_LAB_WARN_ASSESTMENT_NUMERIC}" ]; then + append_warning_message "SSL Labs grade is ${SSL_LABS_HOST_GRADE} (instead of ${SSL_LAB_WARN_ASSESTMENT})" fi + fi - debuglog "SSL Labs grade (converted): ${SSL_LABS_HOST_GRADE_NUMERIC}" + debuglog "SSL Labs grade (converted): ${SSL_LABS_HOST_GRADE_NUMERIC}" - # We have a result: exit - break + # We have a result: exit + break - fi - ;; - 'IN_PROGRESS') - # Data not yet available: warn and continue - verboselog "warning: no cached data by SSL Labs, check initiated" - ;; - 'DNS') - verboselog "SSL Labs cannot resolve the domain name" - ;; - *) - # Try to extract a message - SSL_LABS_ERROR_MESSAGE=$(echo "${JSON}" \ - | sed 's/.*"message":[ ]*"\([^"]*\)".*/\1/') + fi + ;; + 'IN_PROGRESS') + # Data not yet available: warn and continue + PROGRESS=$(echo "${JSON}" | sed 's/.*progress"://' | sed 's/,.*//') + if [ "${PROGRESS}" -eq -1 ]; then + verboselog " warning: no cached data by SSL Labs, check in progress" 2 + else + verboselog " warning: no cached data by SSL Labs, check in progress ${PROGRESS}%" 2 + fi + ;; + 'DNS') + verboselog " SSL Labs resolving the domain name" 2 + ;; + *) + # Try to extract a message + SSL_LABS_ERROR_MESSAGE=$(echo "${JSON}" | + sed 's/.*"message":[ ]*"\([^"]*\)".*/\1/') - if [ -z "${SSL_LABS_ERROR_MESSAGE}" ] ; then - SSL_LABS_ERROR_MESSAGE="${JSON}" - fi + if [ -z "${SSL_LABS_ERROR_MESSAGE}" ]; then + SSL_LABS_ERROR_MESSAGE="${JSON}" + fi - prepend_critical_message "Cannot check status on SSL Labs: ${SSL_LABS_ERROR_MESSAGE}" + prepend_critical_message "Cannot check status on SSL Labs: ${SSL_LABS_ERROR_MESSAGE}" + ;; esac fi WAIT_TIME=60 - verboselog "waiting ${WAIT_TIME} seconds" + verboselog " waiting ${WAIT_TIME} seconds" 2 sleep "${WAIT_TIME}" @@ -3763,27 +5021,32 @@ ################################################################################ # Check the organization - if [ -n "${ORGANIZATION}" ] ; then + if [ -n "${ORGANIZATION}" ]; then debuglog "Checking organization ${ORGANIZATION}" - ORG=$(${OPENSSL} x509 -in "${CERT}" -subject -noout | sed -e "s/.*\\/O=//" -e "s/\\/.*//") + ORG="$(extract_cert_attribute 'org' "${CERT}")" + debuglog " ORG = ${ORG}" + debuglog " ORGANIZATION = ${ORGANIZATION}" - if ! echo "${ORG}" | grep -q -E "^${ORGANIZATION}" ; then - prepend_critical_message "invalid organization ('$(echo "${ORGANIZATION}" | sed "s/|/ PIPE /g")' does not match '${ORG}')" + if ! echo "${ORG}" | grep -q -E "^${ORGANIZATION}"; then + ORGANIZATION_TMP="$(echo "${ORGANIZATION}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid organization ('${ORGANIZATION_TMP}' does not match '${ORG}')" fi fi - ################################################################################ - # Check the organization - if [ -n "${ADDR}" ] ; then - - EMAIL=$(${OPENSSL} x509 -in "${CERT}" -email -noout) + if [ "${OPENSSL_COMMAND}" != 'crl' ]; then + EMAIL="$(extract_cert_attribute 'email' "${CERT}")" + debuglog "EMAIL = ${EMAIL}" + info "Email" "${EMAIL}" + fi - verboselog "checking email (${ADDR}): ${EMAIL}" + ################################################################################ + # Check the email + if [ -n "${ADDR}" ]; then - if [ -z "${EMAIL}" ] ; then + if [ -z "${EMAIL}" ]; then debuglog "no email in certificate" @@ -3791,8 +5054,11 @@ else - if ! echo "${EMAIL}" | grep -q -E "^${ADDR}" ; then - prepend_critical_message "invalid email ('$(echo "${ADDR}" | sed "s/|/ PIPE /g")' does not match ${EMAIL})" + if ! echo "${EMAIL}" | grep -q -E "^${ADDR}"; then + EMAIL_TMP="$(echo "${ADDR}" | sed "s/|/ PIPE /g")" + prepend_critical_message "invalid email ('${EMAIL_TMP}' does not match ${EMAIL})" + else + verboselog "email ${ADDR} is OK" fi fi @@ -3801,58 +5067,69 @@ ################################################################################ # Check if the certificate was verified - if [ -z "${NOAUTH}" ] && ascii_grep '^verify\ error:' "${ERROR}" ; then + if [ -z "${NOAUTH}" ] && ascii_grep '^verify\ error:' "${ERROR}"; then debuglog 'Checking if the certificate was self signed' - if ascii_grep '^verify\ error:num=[0-9][0-9]*:self\ signed\ certificate' "${ERROR}" ; then + if ascii_grep '^verify\ error:num=[0-9][0-9]*:self\ signed\ certificate' "${ERROR}"; then - if [ -z "${SELFSIGNED}" ] ; then + debuglog 'Self signed certificate' + + if [ -z "${SELFSIGNED}" ]; then prepend_critical_message "Cannot verify certificate, self signed certificate" else SELFSIGNEDCERT="self signed " fi - elif ascii_grep '^verify\ error:num=[0-9][0-9]*:certificate\ has\ expired' "${ERROR}" ; then + elif ascii_grep '^verify\ error:num=[0-9][0-9]*:certificate\ has\ expired' "${ERROR}"; then debuglog 'Cannot verify since the certificate has expired.' else - debuglog "$(sed 's/^/Error: /' "${ERROR}")" + DEBUG_MESSAGE="$(sed 's/^/Error: /' "${ERROR}")" + debuglog "${DEBUG_MESSAGE}" # Process errors - details=$( grep '^verify\ error:' "${ERROR}" | sed 's/verify\ error:num=[0-9]*://' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/, /g' ) + # details=$(grep '^verify\ error:' "${ERROR}" | sed 's/verify\ error:num=[0-9]*://' | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/, /g') + details=$(grep '^verify\ error:' "${ERROR}" | sed 's/verify\ error:num=[0-9]*://' ) prepend_critical_message "Cannot verify certificate: ${details}" fi + else + + verboselog "The certificate was successfully verified" + fi ############################################################################## # Check for Signed Certificate Timestamps (SCT) - if [ -z "${SELFSIGNED}" ] ; then + if [ -z "${SELFSIGNED}" ] && [ "${OPENSSL_COMMAND}" != "crl" ]; then - # check if OpenSSL supoort SCTs - if openssl_version '1.1.0' ; then + # check if OpenSSL supports SCTs + if openssl_version '1.1.0'; then debuglog 'Checking Signed Certificate Timestamps (SCTs)' - if [ -n "${SCT}" ] && ! "${OPENSSL}" x509 -in "${CERT}" -text -noout | grep -F -q 'SCTs' ; then + if [ -n "${SCT}" ] && ! extract_cert_attribute 'sct' "${CERT}"; then prepend_critical_message "Cannot find Signed Certificate Timestamps (SCT)" + else + info "SCT" "yes" + verboselog "The certificate contains signed certificate timestamps (SCT)" fi else - verboselog 'Skipping SCTs check as not supported by OpenSSL' - fi + verboselog 'warning: Skipping SCTs check as not supported by OpenSSL' + fi fi # if errors exist at this point return - if [ "${CRITICAL_MSG}" != "" ] ; then + if [ "${CRITICAL_MSG}" != "" ]; then critical "${CRITICAL_MSG}" fi - if [ "${WARNING_MSG}" != "" ] ; then + if [ "${WARNING_MSG}" != "" ]; then warning "${WARNING_MSG}" fi @@ -3864,41 +5141,41 @@ CHECKEDNAMES="" if [ -n "${ALTNAMES}" ] && [ -n "${COMMON_NAME}" ] && [ "${CN}" != "${COMMON_NAME}" ]; then CHECKEDNAMES="(${COMMON_NAME}) " - elif [ -n "${COMMON_NAME}" ] && echo "${CN}" | grep -q -i "^\\*\\." ; then + elif [ -n "${COMMON_NAME}" ] && echo "${CN}" | grep -q -i '^\*\.'; then CHECKEDNAMES="(${COMMON_NAME}) " fi - if [ -n "${DAYS_VALID}" ] ; then + if [ -n "${DAYS_VALID}" ]; then # nicer formatting - if [ "${DAYS_VALID}" -gt 1 ] ; then + if [ "${DAYS_VALID}" -gt 1 ]; then DAYS_VALID=" (expires in ${DAYS_VALID} days)" - elif [ "${DAYS_VALID}" -eq 1 ] ; then + elif [ "${DAYS_VALID}" -eq 1 ]; then DAYS_VALID=" (expires tomorrow)" - elif [ "${DAYS_VALID}" -eq 0 ] ; then + elif [ "${DAYS_VALID}" -eq 0 ]; then DAYS_VALID=" (expires today)" - elif [ "${DAYS_VALID}" -eq -1 ] ; then + elif [ "${DAYS_VALID}" -eq -1 ]; then DAYS_VALID=" (expired yesterday)" else DAYS_VALID=" (expired ${DAYS_VALID} days ago)" fi fi - if [ -n "${OCSP_EXPIRES_IN_HOURS}" ] ; then + if [ -n "${OCSP_EXPIRES_IN_HOURS}" ]; then # nicer formatting - if [ "${OCSP_EXPIRES_IN_HOURS}" -gt 1 ] ; then + if [ "${OCSP_EXPIRES_IN_HOURS}" -gt 1 ]; then OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires in ${OCSP_EXPIRES_IN_HOURS} hours)" - elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 1 ] ; then + elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 1 ]; then OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires in one hour)" - elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 0 ] ; then + elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq 0 ]; then OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expires now)" - elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq -1 ] ; then + elif [ "${OCSP_EXPIRES_IN_HOURS}" -eq -1 ]; then OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expired one hour ago)" else OCSP_EXPIRES_IN_HOURS=" (OCSP stapling expired ${OCSP_EXPIRES_IN_HOURS} hours ago)" fi fi - if [ -n "${SSL_LABS_HOST_GRADE}" ] ; then + if [ -n "${SSL_LABS_HOST_GRADE}" ]; then SSL_LABS_HOST_GRADE=", SSL Labs grade: ${SSL_LABS_HOST_GRADE}" fi @@ -3917,11 +5194,11 @@ fi # long output - if [ -z "${TERSE}" ] ; then - EXTRA_OUTPUT="${LONG_OUTPUT}" + if [ -z "${TERSE}" ]; then + EXTRA_OUTPUT="${LONG_OUTPUT}" fi # performance - if [ -z "${NO_PERF}" ] ; then + if [ -z "${NO_PERF}" ]; then EXTRA_OUTPUT="${EXTRA_OUTPUT}${PERFORMANCE_DATA}" fi @@ -3937,18 +5214,39 @@ debuglog "output parameters: OCSP_EXPIRES_IN_HOURS = ${OCSP_EXPIRES_IN_HOURS}" debuglog "output parameters: SSL_LABS_HOST_GRADE = ${SSL_LABS_HOST_GRADE}" - echo "${FORMAT}${EXTRA_OUTPUT}" | sed \ - -e "$( var_for_sed CA_ISSUER_MATCHED "${CA_ISSUER_MATCHED}" )" \ - -e "$( var_for_sed CHECKEDNAMES "${CHECKEDNAMES}" )" \ - -e "$( var_for_sed CN "${CN}" )" \ - -e "$( var_for_sed DATE "${DATE}" )" \ - -e "$( var_for_sed DAYS_VALID "${DAYS_VALID}" )" \ - -e "$( var_for_sed DISPLAY_CN "${DISPLAY_CN}" )" \ - -e "$( var_for_sed OPENSSL_COMMAND "${OPENSSL_COMMAND}" )" \ - -e "$( var_for_sed SELFSIGNEDCERT "${SELFSIGNEDCERT}" )" \ - -e "$( var_for_sed SHORTNAME "${SHORTNAME}" )" \ - -e "$( var_for_sed OCSP_EXPIRES_IN_HOURS "${OCSP_EXPIRES_IN_HOURS}" )" \ - -e "$( var_for_sed SSL_LABS_HOST_GRADE "${SSL_LABS_HOST_GRADE}" )" + if [ -z "${PROMETHEUS}" ]; then + + CA_ISSUER_MATCHED_TMP="$(var_for_sed CA_ISSUER_MATCHED "${CA_ISSUER_MATCHED}")" + CHECKEDNAMES_TMP="$(var_for_sed CHECKEDNAMES "${CHECKEDNAMES}")" + CN_TMP="$(var_for_sed CN "${CN}")" + DATE_TMP="$(var_for_sed DATE "${DATE}")" + DAYS_VALID_TMP="$(var_for_sed DAYS_VALID "${DAYS_VALID}")" + DISPLAY_CN_TMP="$(var_for_sed DISPLAY_CN "${DISPLAY_CN}")" + OPENSSL_COMMAND_TMP="$(var_for_sed OPENSSL_COMMAND "${OPENSSL_COMMAND}")" + SELFSIGNEDCERT_TMP="$(var_for_sed SELFSIGNEDCERT "${SELFSIGNEDCERT}")" + SHORTNAME_TMP="$(var_for_sed SHORTNAME "${SHORTNAME}")" + OCSP_EXPIRES_IN_HOURS_TMP="$(var_for_sed OCSP_EXPIRES_IN_HOURS "${OCSP_EXPIRES_IN_HOURS}")" + SSL_LABS_HOST_GRADE_TMP="$(var_for_sed SSL_LABS_HOST_GRADE "${SSL_LABS_HOST_GRADE}")" + + echo "${FORMAT}${EXTRA_OUTPUT}" | sed \ + -e "${CA_ISSUER_MATCHED_TMP}" \ + -e "${CHECKEDNAMES_TMP}" \ + -e "${CN_TMP}" \ + -e "${DATE_TMP}" \ + -e "${DAYS_VALID_TMP}" \ + -e "${DISPLAY_CN_TMP}" \ + -e "${OPENSSL_COMMAND_TMP}" \ + -e "${SELFSIGNEDCERT_TMP}" \ + -e "${SHORTNAME_TMP}" \ + -e "${OCSP_EXPIRES_IN_HOURS_TMP}" \ + -e "${SSL_LABS_HOST_GRADE_TMP}" + + else + + add_prometheus_status_output_line "cert_valid{cn=\"${CN}\"} 0" + prometheus_output + + fi remove_temporary_files diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert.1 nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert.1 --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert.1 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert.1 2021-12-17 14:47:25.000000000 +0000 @@ -1,19 +1,21 @@ .\" Process this file with .\" groff -man -Tascii check_ssl_cert.1 .\" -.TH "check_ssl_cert" 1 "May, 2021" "2.2.0" "USER COMMANDS" +.TH "check_ssl_cert" 1 "December, 2021" "2.15.0" "USER COMMANDS" .SH NAME check_ssl_cert \- checks the validity of X.509 certificates .SH SYNOPSIS .BR "check_ssl_cert " "-H host [OPTIONS]" +.br +.BR "check_ssl_cert " "-f file [OPTIONS]" .SH DESCRIPTION .B check_ssl_cert -A Nagios plugin to check an X.509 certificate: - - checks if the server is running and delivers a valid certificate - - checks if the CA matches a given pattern - - checks the validity +A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection .SH ARGUMENTS .TP +.BR "-f,--file" " file" +local file path (works with -H localhost only) with -f you can not only pass a x509 certificate file but also a certificate revocation list (CRL) to check the validity period +.TP .BR "-H,--host" " host" server .SH OPTIONS @@ -24,8 +26,17 @@ .BR " --all" enables all the possible optional checks at the maximum level .TP -.BR " --altnames" -matches the pattern specified in -n with alternate names too +.BR " --all-local" +enables all the possible optional checks at the maximum level (without SSL-Labs) +.TP +.BR " --allow-empty-san" +allow certificates without Subject Alternative Names (SANs) +.TP +.BR "-C,--clientcert" " path" +use client certificate to authenticate +.TP +.BR "-c,--critical" " days" +minimum number of days a certificate has to be valid to issue a critical status. Can be a floating point number, e.g., 0.5. Default: 15 .TP .BR " --check-ciphers" " grade" checks the offered ciphers @@ -33,17 +44,14 @@ .BR " --check-ciphers-warnings" critical if nmap reports a warning for an offered cipher .TP -.BR "-C,--clientcert" " path" -use client certificate to authenticate +.BR " --check-ssl-labs-warn grade" +SSL Labs grade on which to warn .TP .BR " --clientpass" " phrase" set passphrase for client certificate. .TP -.BR "-c,--critical" " days" -minimum number of days a certificate has to be valid to issue a critical status -.TP .BR " --crl" -checks revokation via CRL (requires --rootcert-file) +checks revocation via CRL (requires --rootcert-file) .TP .BR " --curl-bin" " path" path of the curl binary to be used @@ -52,10 +60,13 @@ user agent that curl shall use to obtain the issuer cert .TP .BR " --custom-http-header" " string" -custom HTTP header sent when getting the cert +custom HTTP header sent when getting the cert example: 'X-Check-Ssl-Cert: Foobar=1' +.TP +.BR "-d,--debug" +produces debugging output (can be specified more than once) .TP .BR " --dane" -verifies there are valid TLSA records for the returned certificate, requires OpenSSL 1.1.0 or later +verify that valid DANE records exist (since OpenSSL 1.1.0) .TP .BR " --dane 211" verify that a valid DANE-TA(2) SPKI(1) SHA2-256(1) TLSA record exists @@ -69,29 +80,32 @@ .BR " --dane 311" verify that a valid DANE-EE(3) SPKI(1) SHA2-256(1) TLSA record exists .TP +.BR " --dane 312" +'verify that a valid DANE-EE(3) SPKI(1) SHA2-512(1) TLSA record exists +.TP .BR " --date" " path" path of the date binary to be used .TP -.BR "-d,--debug" -produces debugging output (can be specified more than once) -.TP .BR " --debug-cert" stores the retrieved certificates in the current directory .TP +.BR " --debug-file" " file" +writes the debug messages to file +.TP +.BR " --debug-time" +writes timing information in the debugging output +.TP .BR " --dig-bin" " path" path of the dig binary to be used .TP +.BR "-e,--email" " address" +pattern to match the email address contained in the certificate +.TP .BR " --ecdsa" signature algorithm selection: force ECDSA certificate .TP .BR " --element" " number" -checks N cert element from the begining of the chain -.TP -.BR "-e,--email" " address" -pattern to match the email address contained in the certificate -.TP -.BR "-f,--file" " file" -local file path (works with -H localhost only) with -f you can not only pass a x509 certificate file but also a certificate revocation list (CRL) to check the validity period +checks up to the N cert element from the beginning of the chain .TP .BR " --file-bin" " path" path of the file binary to be used @@ -102,11 +116,14 @@ .BR " --first-element-only" verify just the first cert element, not the whole chain .TP +.BR " --force-dconv-date" +force the usage of dconv for date computations +.TP .BR " --force-perl-date" force the usage of Perl for date computations .TP .BR " --format" " FORMAT" -custom output format (e.g. "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'") +format output template on success, for example: %SHORTNAME% OK %CN% from %CA_ISSUER_MATCHED% .TP .BR "-h,--help,-?" this help message @@ -114,27 +131,39 @@ .BR " --http-use-get" use GET instead of HEAD (default) for the HTTP related checks .TP +.BR "-i,--issuer" " issuer" +pattern to match the issuer of the certificate +.TP .BR " --ignore-altnames" ignores alternative names when matching pattern specified in -n (or the host name) .TP +.BR " --ignore-connection-problems" " [state]" +in case of connection problems returns OK or the optional state +.TP .BR " --ignore-exp" ignore expiration date .TP .BR " --ignore-host-cn" do not complain if the CN does not match the host name .TP +.BR " --ignore-incomplete-chain" +does not check chain integrity +.TP .BR " --ignore-ocsp" do not check revocation with OCSP .TP -.BR " --ignore-ocsp-timeout" -ignore OCSP result when timeout occurs while checking +.BR " --ignore-ocsp-errors" +continue if the OCSP status cannot be checked .TP -.BR " --ignore-sig-alg" -do not check if the certificate was signed with SHA1 or MD5 +.BR " --ignore-ocsp-timeout" +ignore OCSP result when timeout occurs while checking .TP .BR " --ignore-sct" do not check for signed certificate timestamps (SCT) .TP +.BR " --ignore-sig-alg" +do not check if the certificate was signed with SHA1 or MD5 +.TP .BR " --ignore-ssl-labs-cache" Forces a new check by SSL Labs (see -L) .TP @@ -144,20 +173,17 @@ .BR " --inetproto protocol" Force IP version 4 or 6 .TP +.BR " --info" +Prints certificate information +.TP .BR " --issuer-cert-cache" " dir" directory where to store issuer certificates cache .TP -.BR "-i,--issuer" " issuer" -pattern to match the issuer of the certificate -.TP .BR "-K,--clientkey" " path" use client certificate key to authenticate .TP .BR "-L,--check-ssl-labs grade" -SSL Labs assestment (please check https://www.ssllabs.com/about/terms.html). Critical if the grade is lower than specified. -.TP -.BR " --check-ssl-labs-warn grade" -SSL Labs grade on which to warn +SSL Labs assessment (please check https://www.ssllabs.com/about/terms.html). Critical if the grade is lower than specified. .TP .BR " --long-output" " list" append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines. @@ -175,6 +201,12 @@ .BR " --no-proxy" ignores the http_proxy and https_proxy environment variables .TP +.BR " --no-proxy-curl" +ignores the http_proxy and https_proxy environment variables for curl +.TP +.BR " --no-proxy-s_client" +ignores the http_proxy and https_proxy environment variables for openssl s_client +.TP .BR " --no-ssl2" disable SSL version 2 .TP @@ -199,8 +231,8 @@ .BR " --not-valid-longer-than" " days" critical if the certificate validity is longer than the specified period .TP -.BR "-N,--host-cn" -match CN with the host name +.BR "-o,--org" " org" +pattern to match the organization of the certificate .TP .BR " --ocsp-critical" " hours" minimum number of hours an OCSP response has to be valid to issue a critical status @@ -208,25 +240,31 @@ .BR " --ocsp-warning" " hours" minimum number of hours an OCSP response has to be valid to issue a warning status .TP -.BR "-o,--org" " org" -pattern to match the organization of the certificate -.TP .BR " --openssl" " path" path of the openssl binary to be used .TP -.BR " --password" " source" -password source for a local certificate, see the PASS PHRASE ARGUMENTS section openssl(1) -.TP .BR "-p,--port" " port" TCP port .TP .BR "-P,--protocol" " protocol" -use the specific protocol: ftp, ftps, http, https (default), h2 (http/2), imap, imaps, irc, ircs, ldap, ldaps, mysql, pop3, pop3s, postgres, sieve, smtp, smtps, xmpp, xmpp-server. +use the specific protocol: ftp, ftps, http, https (default), h2 (HTTP/2), imap, imaps, irc, ircs, ldap, ldaps, mysql, pop3, pop3s, postgres, sieve, smtp, smtps, xmpp, xmpp-server, ftp, imap, irc, ldap, pop3, postgres, sieve, smtp: switch to TLS using StartTLS. .br These protocols switch to TLS using StartTLS: ftp, imap, irc, ldap, mysql, pop3, smtp. .TP +.BR " --password" " source" +password source for a local certificate, see the PASS PHRASE ARGUMENTS section openssl(1) +.TP +.BR " --prometheus" +generates Prometheus/OpenMetrics output +.TP .BR " --proxy" " proxy" -sets http_proxy +sets http_proxy and the s_client -proxy option +.TP +.BR "-r,--rootcert" " cert" +root certificate or directory to be used for certificate validation (passed to openssl's -CAfile or -CApath) +.TP +.BR " --require-client-cert" " [list]" +the server must accept a client certificate. 'list' is an optional comma separated list of expected client certificate CAs .TP .BR " --require-no-ssl2" critical if SSL version 2 is offered @@ -240,9 +278,23 @@ .BR " --require-no-tls1_1" critical if TLS 1.1 is offered .TP +.BR " --require-ocsp-stapling" +require OCSP stapling +.TP .BR " --resolve" " ip" provides a custom IP address for the specified host .TP +.BR " --rootcert-dir" " dir" +root directory to be used for certificate validation (passed to openssl's -CApath) +overrides option -r,--rootcert +.TP +.BR " --rootcert-file" " cert" +root certificate to be used for certificate validation (passed to openssl's -CAfile) +overrides option -r,--rootcert +.TP +.BR " --rsa" +signature algorithm selection: force RSA certificate +.TP .BR "-s,--selfsigned" allows self-signed certificates .TP @@ -250,7 +302,7 @@ pattern to match the serial number .TP .BR "--skip-element" " number" -skip checks on N cert element from the begining of the chain +skips checks on the Nth cert element (can be specified multiple times) .TP .BR " --sni name" sets the TLS SNI (Server Name Indication) extension in the ClientHello message to 'name' @@ -261,25 +313,8 @@ .BR " --ssl3" force SSL version 3 .TP -.BR " --require-ocsp-stapling" -require OCSP stapling -.TP -.BR " --require-san" -require the presence of a Subject Alternative Name extension -.TP -.BR "-r,--rootcert" " cert" -root certificate or directory to be used for certificate validation (passed to openssl's -CAfile or -CApath) -.TP -.BR " --rootcert-dir" " dir" -root directory to be used for certificate validation (passed to openssl's -CApath) -overrides option -r,--rootcert -.TP -.BR " --rootcert-file" " cert" -root certificate to be used for certificate validation (passed to openssl's -CAfile) -overrides option -r,--rootcert -.TP -.BR " --rsa" -signature algorithm selection: force RSA certificate +.BR "-t,--timeout" +seconds timeout after the specified time (defaults to 120 seconds) .TP .BR " --temp" " dir" directory where to store the temporary files @@ -287,9 +322,6 @@ .BR " --terse" terse output (also see --verbose) .TP -.BR "-t,--timeout" -seconds timeout after the specified time (defaults to 120 seconds) -.TP .BR " --tls1" force TLS version 1 .TP @@ -312,39 +344,65 @@ version .TP .BR "-w,--warning" " days" -minimum number of days a certificate has to be valid to issue a warning status +minimum number of days a certificate has to be valid to issue a warning status. Might be a floating point number, e.g., 0.5. Default: 20 .TP .BR " --xmpphost" " name" -specifies the host for the "to" attribute of the stream element +specifies the host for the 'to' attribute of the stream element .TP .BR "-4" -forces IPv4 +force IPv4 .TP .BR "-6" -forces IPv6 +force IPv6 .SH DEPRECATED OPTIONS .TP +.BR " --altnames" +matches the pattern specified in -n with alternate names too (enabled by default) +.TP .BR "-d,--days" " days" minimum number of days a certificate has to be valid (see --critical and --warning) .TP +.BR "-N,--host-cn" +match CN with the host name (enabled by default) +.TP +.BR "--no_ssl2" +disable SSLv2 (deprecated use --no-ssl2) +.TP +.BR "--no_ssl3" +disable SSLv3 (deprecated use --no-ssl3) +.TP +.BR "--no_tls1" +disable TLSv1 (deprecated use --no-tls1) +.TP +.BR "--no_tls1_1" +disable TLSv1.1 (deprecated use --no-tls1_1) +.TP +.BR "--no_tls1_2" +disable TLSv1.1 (deprecated use --no-tls1_2) +.TP +.BR "--no_tls1_3" +disable TLSv1.1 (deprecated use --no-tls1_3) +.TP .BR " --ocsp" -check revocation via OCSP +check revocation via OCSP (enabled by default) +.TP +.BR " --require-san" +require the presence of a Subject Alternative Name extension .TP .BR "-S,--ssl" " version" force SSL version (2,3) (see: --ssl2 or --ssl3) -.SH MULTIPLE CERTIFICATES -If the host has multiple certificates and the installed openssl version supports the -servername option it is possible to specify the TLS SNI (Server Name Idetificator) with the -N (or --host-cn) option. +.SH NOTES +If the host has multiple certificates and the installed openssl version supports the -servername option it is possible to specify the TLS SNI (Server Name Identificator) with the -N (or --host-cn) option. -.SH "SEE ALSO" -x509(1), openssl(1), expect(1), timeout(1) .SH "EXIT STATUS" check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems .SH BUGS Please report bugs to: - https://github.com/matteocorti/check_ssl_cert/issues -.SH AUTHOR -Matteo Corti (matteo (at) corti.li ) -See the AUTHORS file for the complete list of contributors +.SH "EXAMPLE" +check_ssl_cert --host github.com --all-local + +.SH "SEE ALSO" +openssl(1), openssl-x509(1) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert.completion nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert.completion --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert.completion 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert.completion 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,6 @@ +#/usr/bin/env bash + +_check_ssl_cert() { +} + +complete -F _check_ssl_cert check_ssl_cert diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert.spec nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert.spec --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/check_ssl_cert.spec 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/check_ssl_cert.spec 2021-12-17 14:47:25.000000000 +0000 @@ -1,4 +1,4 @@ -%define version 2.2.0 +%define version 2.15.0 %define release 0 %define sourcename check_ssl_cert %define packagename nagios-plugins-check_ssl_cert @@ -42,6 +42,102 @@ %{_mandir}/man1/%{sourcename}.1* %changelog +* Wed Dec 15 2021 Matteo Corti - 2.15.0-0 +- Updated to 2.15.0 + +* Fri Dec 10 2021 Matteo Corti - 2.14.0-0 +- Updated to 2.14.0 + +* Wed Nov 24 2021 Matteo Corti - 2.13.0-0 +- Updated to 2.13.0 + +* Tue Nov 16 2021 Matteo Corti - 2.12.0-0 +- Updated to 2.12.0 + +* Thu Nov 11 2021 Matteo Corti - 2.11.0-0 +- Updated to 2.11.0 + +* Fri Oct 22 2021 Matteo Corti - 2.10.4-0 +- Updated to 2.10.4 + +* Thu Oct 21 2021 Matteo Corti - 2.10.3-0 +- Updated to 2.10.3 + +* Thu Oct 14 2021 Matteo Corti - 2.10.2-0 +- Updated to 2.10.2 + +* Tue Oct 12 2021 Matteo Corti - 2.10.1-0 +- Updated to 2.10.1 + +* Mon Oct 11 2021 Matteo Corti - 2.10.0-0 +- Updated to 2.10.0 + +* Wed Oct 6 2021 Matteo Corti - 2.9.1-0 +- Updated to 2.9.1 + +* Fri Oct 1 2021 Matteo Corti - 2.9.0-0 +- Updated to 2.9.0 + +* Wed Sep 29 2021 Matteo Corti - 2.8.0-0 +- Updated to 2.8.0 + +* Fri Sep 24 2021 Matteo Corti - 2.7.0-0 +- Updated to 2.7.0 + +* Tue Sep 21 2021 Matteo Corti - 2.6.1-0 +- Updated to 2.6.1 + +* Fri Sep 17 2021 Matteo Corti - 2.6.0-0 +- Updated to 2.6.0 + +* Thu Sep 16 2021 Matteo Corti - 2.5.2-0 +- Updated to 2.5.2 + +* Wed Sep 15 2021 Matteo Corti - 2.5.1-0 +- Updated to 2.5.1 + +* Wed Sep 15 2021 Matteo Corti - 2.5.0-0 +- Updated to 2.5.0 + +* Wed Sep 1 2021 Matteo Corti - 2.4.3-0 +- Updated to 2.4.3 + +* Thu Aug 27 2021 Matteo Corti - 2.4.2-0 +- Updated to 2.4.2 + +* Thu Aug 19 2021 Matteo Corti - 2.4.1-0 +- Updated to 2.4.1 + +* Mon Aug 16 2021 Matteo Corti - 2.4.0-0 +- Updated to 2.4.0 + +* Fri Aug 13 2021 Matteo Corti - 2.3.8-0 +- Updated to 2.3.8 + +* Fri Jul 9 2021 Matteo Corti - 2.3.7-0 +- Updated to 2.3.7 + +* Wed Jun 23 2021 Matteo Corti - 2.3.6-0 +- Updated to 2.3.6 + +* Tue Jun 22 2021 Matteo Corti - 2.3.5-0 +- Updated to 2.3.5 + +* Fri Jun 18 2021 Matteo Corti - 2.3.4-0 +- Updated to 2.3.4 + +* Wed Jun 16 2021 Matteo Corti - 2.3.3-0 +- Updated to 2.3.3 + +* Thu Jun 3 2021 Matteo Corti - 2.3.2-0 +- Updated to 2.3.2 + +* Fri May 28 2021 Matteo Corti - 2.3.1-0 +- Updated to 2.3.1 + +* Fri May 21 2021 Matteo Corti - 2.3.0-0 +- Updated to 2.3.0 + * Fri May 7 2021 Matteo Corti - 2.2.0-0 - Updated to 2.2.0 @@ -488,7 +584,7 @@ - Updated to 1.16.1 (rpm make target) * Mon Dec 23 2013 Matteo Corti - 1.16.0-0 -- Udated to 1.16.0 (force TLS) +- Updated to 1.16.0 (force TLS) * Mon Jul 29 2013 Matteo Corti - 1.15.0-0 - Updated to 1.15.0 (force SSL version) @@ -521,7 +617,7 @@ - updated to 1.12.0 (bug fix release) * Sat Oct 22 2011 Matteo Corti - 1.11.0-0 -- ipdated to 1.10.1 (--altnames option) +- updated to 1.10.1 (--altnames option) * Thu Sep 1 2011 Matteo Corti - 1.10.0-0 - applied patch from Sven Nierlein for client certificate authentication @@ -605,4 +701,3 @@ * Mon Sep 24 2007 Matteo Corti - 1.1.0-0 - first RPM package - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/CODE_OF_CONDUCT.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/CODE_OF_CONDUCT.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/CODE_OF_CONDUCT.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/CODE_OF_CONDUCT.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at matteo@corti.li. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +[https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/CONTRIBUTING.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/CONTRIBUTING.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/CONTRIBUTING.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/CONTRIBUTING.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,16 @@ +# How to contribute + +## Submitting bugs + +When reporting a bug please include as much information as possible. Include the output of the plugin with the `-verbose` and `-debug` options. + +If possible give a real-life example that can be tested (e.g., a public host) + +## Submitting changes + + * Always write clear log messages for your commits + * Check the code with [ShellCheck](https://www.shellcheck.net) + * Always format the code with [shfmt](https://github.com/mvdan/sh) + * Always log your changes in the ChangeLog file + * Always test the changes `make test` and be sure that all the tests are passed + * If possible write some tests to validate the changes you did to the plugin diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/COPYING nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/COPYING --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/COPYING 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/COPYING 2021-12-17 14:47:25.000000000 +0000 @@ -1,16 +1,16 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 +GNU GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. +Copyright (C) 2007 Free Software Foundation, Inc. +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. - Preamble +Preamble - The GNU General Public License is a free, copyleft license for +The GNU General Public License is a free, copyleft license for software and other kinds of works. - The licenses for most software and other practical works are designed +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free @@ -19,35 +19,35 @@ any other work released this way by its authors. You can apply it to your programs, too. - When we speak of free software, we are referring to freedom, not +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. - To protect your rights, we need to prevent others from denying you +To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. - For example, if you distribute copies of such a program, whether +For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. - Developers that use the GNU GPL protect your rights with two steps: +Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. - For the developers' and authors' protection, the GPL clearly explains +For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. - Some devices are designed to deny users access to install or run +Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic @@ -58,49 +58,49 @@ stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. - Finally, every program is threatened constantly by software patents. +Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. - The precise terms and conditions for copying, distribution and +The precise terms and conditions for copying, distribution and modification follow. - TERMS AND CONDITIONS +TERMS AND CONDITIONS - 0. Definitions. +0. Definitions. - "This License" refers to version 3 of the GNU General Public License. +"This License" refers to version 3 of the GNU General Public License. - "Copyright" also means copyright-like laws that apply to other kinds of +"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. - "The Program" refers to any copyrightable work licensed under this +"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. - To "modify" a work means to copy from or adapt all or part of the work +To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. - A "covered work" means either the unmodified Program or a work based +A "covered work" means either the unmodified Program or a work based on the Program. - To "propagate" a work means to do anything with it that, without +To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. - To "convey" a work means any kind of propagation that enables other +To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. - An interactive user interface displays "Appropriate Legal Notices" +An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the @@ -109,18 +109,18 @@ the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. - 1. Source Code. +1. Source Code. - The "source code" for a work means the preferred form of the work +The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. - A "Standard Interface" means an interface that either is an official +A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. - The "System Libraries" of an executable work include anything, other +The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that @@ -131,7 +131,7 @@ (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. - The "Corresponding Source" for a work in object code form means all +The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's @@ -144,16 +144,16 @@ such as by intimate data communication or control flow between those subprograms and other parts of the work. - The Corresponding Source need not include anything that users +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. - The Corresponding Source for a work in source code form is that +The Corresponding Source for a work in source code form is that same work. - 2. Basic Permissions. +2. Basic Permissions. - All rights granted under this License are granted for the term of +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a @@ -161,7 +161,7 @@ content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. - You may make, run and propagate covered works that you do not +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you @@ -172,19 +172,19 @@ and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. - Conveying under any other circumstances is permitted solely under +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. +3. Protecting Users' Legal Rights From Anti-Circumvention Law. - No covered work shall be deemed part of an effective technological +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. - When you convey a covered work, you waive any legal power to forbid +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or @@ -192,9 +192,9 @@ users, your or third parties' legal rights to forbid circumvention of technological measures. - 4. Conveying Verbatim Copies. +4. Conveying Verbatim Copies. - You may convey verbatim copies of the Program's source code as you +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any @@ -202,37 +202,37 @@ keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. - You may charge any price or no price for each copy that you convey, +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. - 5. Conveying Modified Source Versions. +5. Conveying Modified Source Versions. - You may convey a work based on the Program, or the modifications to +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. +a) The work must carry prominent notices stating that you modified +it, and giving a relevant date. - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. +b) The work must carry prominent notices stating that it is +released under this License and any conditions added under section +7. This requirement modifies the requirement in section 4 to +"keep intact all notices". + +c) You must license the entire work, as a whole, under this +License to anyone who comes into possession of a copy. This +License will therefore apply, along with any applicable section 7 +additional terms, to the whole of the work, and all its parts, +regardless of how they are packaged. This License gives no +permission to license the work in any other way, but it does not +invalidate such permission if you have separately received it. + +d) If the work has interactive user interfaces, each must display +Appropriate Legal Notices; however, if the Program has interactive +interfaces that do not display Appropriate Legal Notices, your +work need not make them do so. - A compilation of a covered work with other separate and independent +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an @@ -242,59 +242,59 @@ in an aggregate does not cause this License to apply to the other parts of the aggregate. - 6. Conveying Non-Source Forms. +6. Conveying Non-Source Forms. - You may convey a covered work in object code form under the terms +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. +a) Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by the +Corresponding Source fixed on a durable physical medium +customarily used for software interchange. + +b) Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by a +written offer, valid for at least three years and valid for as +long as you offer spare parts or customer support for that product +model, to give anyone who possesses the object code either (1) a +copy of the Corresponding Source for all the software in the +product that is covered by this License, on a durable physical +medium customarily used for software interchange, for a price no +more than your reasonable cost of physically performing this +conveying of source, or (2) access to copy the +Corresponding Source from a network server at no charge. + +c) Convey individual copies of the object code with a copy of the +written offer to provide the Corresponding Source. This +alternative is allowed only occasionally and noncommercially, and +only if you received the object code with such an offer, in accord +with subsection 6b. + +d) Convey the object code by offering access from a designated +place (gratis or for a charge), and offer equivalent access to the +Corresponding Source in the same way through the same place at no +further charge. You need not require recipients to copy the +Corresponding Source along with the object code. If the place to +copy the object code is a network server, the Corresponding Source +may be on a different server (operated by you or a third party) +that supports equivalent copying facilities, provided you maintain +clear directions next to the object code saying where to find the +Corresponding Source. Regardless of what server hosts the +Corresponding Source, you remain obligated to ensure that it is +available for as long as needed to satisfy these requirements. + +e) Convey the object code using peer-to-peer transmission, provided +you inform other peers where the object code and Corresponding +Source of the work are being offered to the general public at no +charge under subsection 6d. - A separable portion of the object code, whose source code is excluded +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. - A "User Product" is either (1) a "consumer product", which means any +A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, @@ -307,7 +307,7 @@ commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. - "Installation Information" for a User Product means any methods, +"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must @@ -315,7 +315,7 @@ code is in no case prevented or interfered with solely because modification has been made. - If you convey an object code work under this section in, or with, or +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a @@ -326,7 +326,7 @@ modified object code on the User Product (for example, the work has been installed in ROM). - The requirement to provide Installation Information does not include a +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a @@ -334,15 +334,15 @@ adversely affects the operation of the network or violates the rules and protocols for communication across the network. - Corresponding Source conveyed, and Installation Information provided, +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. - 7. Additional Terms. +7. Additional Terms. - "Additional permissions" are terms that supplement the terms of this +"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent @@ -351,41 +351,41 @@ under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. - When you convey a copy of a covered work, you may at your option +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. - Notwithstanding any other provision of this License, for material you +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or +a) Disclaiming warranty or limiting liability differently from the +terms of sections 15 and 16 of this License; or - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. +b) Requiring preservation of specified reasonable legal notices or +author attributions in that material or in the Appropriate Legal +Notices displayed by works containing it; or + +c) Prohibiting misrepresentation of the origin of that material, or +requiring that modified versions of such material be marked in +reasonable ways as different from the original version; or + +d) Limiting the use for publicity purposes of names of licensors or +authors of the material; or + +e) Declining to grant rights under trademark law for use of some +trade names, trademarks, or service marks; or + +f) Requiring indemnification of licensors and authors of that +material by anyone who conveys the material (or modified versions of +it) with contractual assumptions of liability to the recipient, for +any liability that these contractual assumptions directly impose on +those licensors and authors. - All other non-permissive additional terms are considered "further +All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further @@ -395,46 +395,46 @@ of that license document, provided that the further restriction does not survive such relicensing or conveying. - If you add terms to a covered work in accord with this section, you +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. - Additional terms, permissive or non-permissive, may be stated in the +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. - 8. Termination. +8. Termination. - You may not propagate or modify a covered work except as expressly +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). - However, if you cease all violation of this License, then your +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. - Moreover, your license from a particular copyright holder is +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. - Termination of your rights under this section does not terminate the +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. - 9. Acceptance Not Required for Having Copies. +9. Acceptance Not Required for Having Copies. - You are not required to accept this License in order to receive or +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, @@ -443,14 +443,14 @@ not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. - 10. Automatic Licensing of Downstream Recipients. +10. Automatic Licensing of Downstream Recipients. - Each time you convey a covered work, the recipient automatically +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. - An "entity transaction" is a transaction transferring control of an +An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that @@ -460,7 +460,7 @@ Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. - You may not impose any further restrictions on the exercise of the +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation @@ -468,13 +468,13 @@ any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. - 11. Patents. +11. Patents. - A "contributor" is a copyright holder who authorizes use under this +A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". - A contributor's "essential patent claims" are all patent claims +A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, @@ -484,19 +484,19 @@ patent sublicenses in a manner consistent with the requirements of this License. - Each contributor grants you a non-exclusive, worldwide, royalty-free +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. - In the following three paragraphs, a "patent license" is any express +In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. - If you convey a covered work, knowingly relying on a patent license, +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, @@ -510,7 +510,7 @@ in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. - If, pursuant to or in connection with a single transaction or +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify @@ -518,7 +518,7 @@ you grant is automatically extended to all recipients of the covered work and works based on it. - A patent license is "discriminatory" if it does not include within +A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered @@ -533,13 +533,13 @@ contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. - Nothing in this License shall be construed as excluding or limiting +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. - 12. No Surrender of Others' Freedom. +12. No Surrender of Others' Freedom. - If conditions are imposed on you (whether by court order, agreement or +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this @@ -549,9 +549,9 @@ the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. - 13. Use with the GNU Affero General Public License. +13. Use with the GNU Affero General Public License. - Notwithstanding any other provision of this License, you have +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this @@ -560,14 +560,14 @@ section 13, concerning interaction through a network will apply to the combination as such. - 14. Revised Versions of this License. +14. Revised Versions of this License. - The Free Software Foundation may publish revised and/or new versions of +The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. - Each version is given a distinguishing version number. If the +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered @@ -576,19 +576,19 @@ GNU General Public License, you may choose any version ever published by the Free Software Foundation. - If the Program specifies that a proxy can decide which future +If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. - Later license versions may give you additional or different +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. - 15. Disclaimer of Warranty. +15. Disclaimer of Warranty. - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, @@ -597,9 +597,9 @@ IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - 16. Limitation of Liability. +16. Limitation of Liability. - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE @@ -609,64 +609,64 @@ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - 17. Interpretation of Sections 15 and 16. +17. Interpretation of Sections 15 and 16. - If the disclaimer of warranty and limitation of liability provided +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. - END OF TERMS AND CONDITIONS +END OF TERMS AND CONDITIONS - How to Apply These Terms to Your New Programs +How to Apply These Terms to Your New Programs - If you develop a new program, and you want it to be of the greatest +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. - To do so, attach the following notices to the program. It is safest +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. - - Copyright (C) + +Copyright (C) - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program. If not, see . +You should have received a copy of the GNU General Public License +along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. - If the program does terminal interaction, make it output a short +If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. + Copyright (C) +This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. +This is free software, and you are welcome to redistribute it +under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". - You should also get your employer (if you work as a programmer) or school, +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . - The GNU General Public License does not permit incorporating your program +The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/COPYRIGHT nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/COPYRIGHT --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/COPYRIGHT 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/COPYRIGHT 2021-12-17 14:47:25.000000000 +0000 @@ -69,6 +69,36 @@ Andre Klärner (https://github.com/klaernie) ДилÑн Палаузов (https://github.com/dilyanpalauzov) dupondje (https://github.com/dupondje) + Jörg Thalheim (https://github.com/Mic92) + Arkadiusz MiÅ›kiewicz (https://github.com/arekm) + Thomas Weißschuh (https://github.com/t-8ch) + Jonathan Besanceney (https://github.com/jonathan-besanceney) + grizzlydev-sarl (https://github.com/grizzlydev-sarl) + processing of all the certificate in the chain, the verbose patch and the output cleanup patch + Claudio Kuenzler (https://github.com/Napsty) + jf-vf (https://github.com/jf-vf) + skanx (https://github.com/skanx) + Zadkiel (https://github.com/aslafy-z) + Marcel Burkhalter (https://github.com/explorer69) the custom HTTP header patch. + Peter Newmann (https://github.com/peternewman) + cbiedl (https://github.com/cbiedl) + Robin Schneider (https://github.com/ypid-geberit) + Robin Pronk (https://github.com/rfpronk) + tunnelpr0 (https://github.com/tunnelpr0) + Christoph Moench-Tegeder (https://github.com/moench-tegeder) + waja (https://github.com/waja) + Tobias Grünewald (https://github.com/tobias-gruenewald) + chornberger-c2c (https://github.com/chornberger-c2c) + Claus-Theodor Riegg (https://github.com/ctriegg-mak) + Ed Sabol (https://github.com/esabol) + Igor Mironov (https://github.com/mcs6502) + jalbstmeijer (https://github.com/jalbstmeijer) + Pim Rupert (https://github.com/prupert) + Alexander AleksandroviÄ Klimov (https://github.com/Al2Klimov) + Jaime Hablutzel (https://github.com/hablutzel1) + Bernd Stroessenreuther + Kim Jahn + Bernd Strößenreuther (https://github.com/booboo-at-gluga-de) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/help.txt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/help.txt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/help.txt 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/help.txt 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,226 @@ +-H,--host host;server +-A,--noauth;ignore authority warnings (expiration +-A,--noauth;only) +--all;enables all the possible optional checks +--all;at the maximum level +--all-local;enables all the possible optional checks +--all-local;at the maximum level +--all-local;(without SSL-Labs) +--allow-empty-san;allow certificates without Subject +--allow-empty-san;Alternative Names (SANs) +--check-ciphers grade;checks the offered ciphers +--check-ciphers-warnings;critical if nmap reports a warning for an +--check-ciphers-warnings;offered cipher +-C,--clientcert path;use client certificate to authenticate +--clientpass phrase;set passphrase for client certificate. +-c,--critical days;minimum number of days a certificate has +-c,--critical days;to be valid to issue a critical status. +-c,--critical days;Can be a floating point number, e.g., 0.5 +-c,--critical days;Default: ${CRITICAL_DAYS} +--crl;checks revocation via CRL (requires +--crl;--rootcert-file) +--curl-bin path;path of the curl binary to be used +--curl-user-agent string;user agent that curl shall use to obtain +--curl-user-agent string;the issuer cert +--custom-http-header string;custom HTTP header sent when getting the +--custom-http-header string;cert example: 'X-Check-Ssl-Cert: Foobar=1' +--dane;verify that valid DANE records exist +--dane;(since OpenSSL 1.1.0) +--dane 211;verify that a valid DANE-TA(2) SPKI(1) +--dane 211;SHA2-256(1) TLSA record exists +--dane 301;verify that a valid DANE-EE(3) Cert(0) +--dane 301;SHA2-256(1) TLSA record exists +--dane 302;verify that a valid DANE-EE(3) Cert(0) +--dane 302;SHA2-512(2) TLSA record exists +--dane 311;verify that a valid DANE-EE(3) SPKI(1) +--dane 311;SHA2-256(1) TLSA record exists +--dane 312;verify that a valid DANE-EE(3) SPKI(1) +--dane 312;SHA2-512(1) TLSA record exists +--date path;path of the date binary to be used +-d,--debug;produces debugging output (can be +-d,--debug;specified more than once) +--debug-cert;stores the retrieved certificates in the +--debug-cert;current directory +--debug-file file;writes the debug messages to file +--debug-time;writes timing information in the +--debug-time;debugging output +--dig-bin path;path of the dig binary to be used +--ecdsa;signature algorithm selection: force ECDSA +--ecdsa;certificate +--element number;checks up to the N cert element from the +--element number;beginning of the chain +-e,--email address;pattern to match the email address +-e,--email address;contained in the certificate +-f,--file file;local file path (works with -H localhost +-f,--file file; only) with -f you can not only pass a x509 +-f,--file file;certificate file but also a certificate +-f,--file file;revocation list (CRL) to check the +-f,--file file;validity period +--file-bin path;path of the file binary to be used +--fingerprint SHA1;pattern to match the SHA1-Fingerprint +--first-element-only;verify just the first cert element, not +--first-element-only;the whole chain +--force-dconv-date;force the usage of dconv for date +--force-dconv-date;computations +--force-perl-date;force the usage of Perl for date +--force-perl-date;computations +--format FORMAT;format output template on success, for +--format FORMAT;example: %SHORTNAME% OK %CN% from +--format FORMAT;%CA_ISSUER_MATCHED% +-h,--help,-?;this help message +--http-use-get;use GET instead of HEAD (default) for the +--http-use-get;HTTP related checks +--ignore-altnames;ignores alternative names when matching +--ignore-altnames;pattern specified in -n (or the host name) +--ignore-connection-problems [state];in case of connection problems +--ignore-connection-problems [state];returns OK or the optional state +--ignore-exp;ignore expiration date +--ignore-host-cn;do not complain if the CN does not match +--ignore-host-cn;the host name +--ignore-incomplete-chain;does not check chain integrity +--ignore-ocsp;do not check revocation with OCSP +--ignore-ocsp-errors;continue if the OCSP status cannot be +--ignore-ocsp-errors;checked +--ignore-ocsp-timeout;ignore OCSP result when timeout occurs +--ignore-ocsp-timeout;while checking +--ignore-sig-alg;do not check if the certificate was signed +--ignore-sig-alg;with SHA1 or MD5 +--ignore-sct;do not check for signed certificate +--ignore-sct;timestamps (SCT) +--ignore-ssl-labs-cache;Forces a new check by SSL Labs (see -L) +--ignore-tls-renegotiation;Ignores the TLS renegotiation check +--inetproto protocol;Force IP version 4 or 6 +--info;Prints certificate information +-i,--issuer issuer;pattern to match the issuer of the +-i,--issuer issuer;certificate +--issuer-cert-cache dir;directory where to store issuer +--issuer-cert-cache dir;certificates cache +-K,--clientkey path;use client certificate key to authenticate +-L,--check-ssl-labs grade;SSL Labs assessment +-L,--check-ssl-labs grade;(please check +-L,--check-ssl-labs grade;https://www.ssllabs.com/about/terms.html) +--check-ssl-labs-warn grade;SSL Labs grade on which to warn +--long-output list;append the specified comma separated (no +--long-output list;spaces) list of attributes to the plugin +--long-output list;output on additional lines +--long-output list;Valid attributes are: +--long-output list;enddate, startdate, subject, issuer, +--long-output list;modulus, serial, hash, email, ocsp_uri +--long-output list;and fingerprint. +--long-output list;'all' will include all the available +--long-output list;attributes. +-n,--cn name;pattern to match the CN of the certificate +-n,--cn name;(can be specified multiple times) +--nmap-bin path;path of the nmap binary to be used +--no-perf;do not show performance data +--no-proxy;ignores the http_proxy and https_proxy +--no-proxy;environment variables +--no-proxy-curl;ignores the http_proxy and https_proxy +--no-proxy-curl;environment variables +--no-proxy-curl;for curl +--no-proxy-s_client;ignores the http_proxy and https_proxy +--no-proxy-s_client;environment variables +--no-proxy-s_client;for openssl s_client +--no-ssl2;disable SSL version 2 +--no-ssl3;disable SSL version 3 +--no-tls1;disable TLS version 1 +--no-tls1_1;disable TLS version 1.1 +--no-tls1_2;disable TLS version 1.2 +--no-tls1_3;disable TLS version 1.3 +--not-issued-by issuer;check that the issuer of the certificate +--not-issued-by issuer;does not match the given pattern +--not-valid-longer-than days;critical if the certificate validity is +--not-valid-longer-than days;longer than the specified period +--ocsp-critical hours;minimum number of hours an OCSP response +--ocsp-critical hours;has to be valid to issue a critical status +--ocsp-warning hours;minimum number of hours an OCSP response +--ocsp-warning hours;has to be valid to issue a warning status +-o,--org org;pattern to match the organization of the +-o,--org org;certificate +--openssl path;path of the openssl binary to be used +--password source;password source for a local certificate, +--password source;see the PASS PHRASE ARGUMENTS section +--password source;openssl(1) +-p,--port port;TCP port +--prometheus;generates Prometheus/OpenMetrics output +-P,--protocol protocol;use the specific protocol: +-P,--protocol protocol;ftp, ftps, http, https (default), +-P,--protocol protocol;h2 (HTTP/2), imap, imaps, irc, ircs, ldap, +-P,--protocol protocol;ldaps, mysql, pop3, pop3s, postgres, +-P,--protocol protocol;sieve, smtp, smtps, xmpp, xmpp-server. +-P,--protocol protocol;ftp, imap, irc, ldap, pop3, postgres, +-P,--protocol protocol;sieve, smtp: switch to TLS using StartTLS +--proxy proxy;sets http_proxy and the s_client -proxy +--proxy proxy;option +--require-client-cert [list];the server must accept a client +--require-client-cert [list];certificate. 'list' is an optional comma +--require-client-cert [list];separated list of expected client +--require-client-cert [list]; certificate CAs +--require-no-ssl2;critical if SSL version 2 is offered +--require-no-ssl3;critical if SSL version 3 is offered +--require-no-tls1;critical if TLS 1 is offered +--require-no-tls1_1;critical if TLS 1.1 is offered +--resolve ip;provides a custom IP address for the +--resolve ip;specified host +-s,--selfsigned;allows self-signed certificates +--serial serialnum;pattern to match the serial number +--skip-element number;skips checks on the Nth cert element (can +--skip-element number;be specified multiple times) +--sni name;sets the TLS SNI (Server Name Indication) +--sni name;extension in the ClientHello message to +--sni name;'name' +--ssl2;force SSL version 2 +--ssl3;force SSL version 3 +--require-ocsp-stapling;require OCSP stapling +-r,--rootcert path;root certificate or directory to be used +-r,--rootcert path;for certificate validation +--rootcert-dir path;root directory to be used for +--rootcert-dir path;certificate validation +--rootcert-file path;root certificate to be used for +--rootcert-file path;certificate validation +--rsa;signature algorithm selection: force RSA +--rsa;certificate +--temp dir;directory where to store the temporary +--temp dir;files +--terse;terse output +-t,--timeout;seconds timeout after the specified time +-t,--timeout;(defaults to ${TIMEOUT} seconds) +--tls1;force TLS version 1 +--tls1_1;force TLS version 1.1 +--tls1_2;force TLS version 1.2 +--tls1_3;force TLS version 1.3 +-u,--url URL;HTTP request URL +-v,--verbose;verbose output (can be specified more than +-v,--verbose;once) +-V,--version;version +-w,--warning days;minimum number of days a certificate has +-w,--warning days;to be valid to issue a warning status. +-w,--warning days;Can be a floating point number, e.g., 0.5 +-w,--warning days;Default: ${WARNING_DAYS}" +--xmpphost name;specifies the host for the 'to' attribute +--xmpphost name;of the stream element +-4;force IPv4 +-6;force IPv6 +--altnames;matches the pattern specified in -n with +--altnames;alternate names too (enabled by default) +--days days;minimum number of days a certificate has +--days days;to be valid +--days days;(see --critical and --warning) +-N,--host-cn;match CN with the host name +-N,--host-cn;(enabled by default) +--no_ssl2;disable SSLv2 (deprecated use --no-ssl2) +--no_ssl3;disable SSLv3 (deprecated use --no-ssl3) +--no_tls1;disable TLSv1 (deprecated use --no-tls1) +--no_tls1_1;disable TLSv1.1 (deprecated use +--no_tls1_1;--no-tls1_1) +--no_tls1_2;disable TLSv1.1 (deprecated use +--no_tls1_2;--no-tls1_2) +--no_tls1_3;disable TLSv1.1 (deprecated use +--no_tls1_3;--no-tls1_3) +--ocsp;check revocation via OCSP (enabled by +--ocsp;default) +--require-san;require the presence of a Subject +--require-san;Alternative Name +--require-san;extension +-S,--ssl version;force SSL version (2,3) +-S,--ssl version;(see: --ssl2 or --ssl3) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/INSTALL nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/INSTALL --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/INSTALL 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/INSTALL 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -Requirements -============ - -- OpenSSL - -Optional dependencies -===================== - -- In order to use timeouts the plugin needs 'expect' in the current PATH - See: http://en.wikipedia.org/wiki/Expect or 'timeout' - -- In order to use the SSL Lab Assessment 'curl' is required to reside in the - current PATH. - -Installation -============ - -Simply copy the plugin to your nagios plugin directory - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/INSTALL.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/INSTALL.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/INSTALL.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/INSTALL.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,30 @@ +# check\_ssl\_check + +## Requirements + +* [OpenSSL](https://www.openssl.org) +* [curl](https://curl.se) +* ```date``` +* ```file``` + +## Optional dependencies + +* check\_ssl\_cert requires [```expect```](http://en.wikipedia.org/wiki/Expect) or [```timeout```](https://man7.org/linux/man-pages/man1/timeout.1.html) to enable timeouts. If ```expect``` or ```timeout``` are not present on your system timeouts will be disabled. +* ```dig``` for DANE checks +* [nmap](https://nmap.org) for the disallowed protocols and cyphers checks +* ```expand`` for ```--info``` +* ```tar``` and ```bzip2``` to build release packages +* ```ip``` or ```ifconfig``` to be able to use the ```-4``` and ```-6``` options + +## Development + +Following tools are required for development: + +* [shUnit2](https://github.com/kward/shunit2) for the tests +* [shfmt](https://github.com/mvdan/sh) to format the source files +* [ShellCheck](https://www.shellcheck.net) for the code quality checks + +## Installation + +* Simply copy the plugin to your Nagios/Icinga plugin directory +* Use ```make install``` by defining the ```DESTDIR``` and ```MANDIR``` variables with the installation targets. E.g, ```make DESTDIR=/nagios/plugins/dir MANDIR=/nagios/plugins/man/dir install``` diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/Makefile nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/Makefile --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/Makefile 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/Makefile 2021-12-17 14:47:25.000000000 +0000 @@ -1,46 +1,64 @@ PLUGIN=check_ssl_cert VERSION=`cat VERSION` DIST_DIR=$(PLUGIN)-$(VERSION) -DIST_FILES=AUTHORS COPYING ChangeLog INSTALL Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 test +DIST_FILES=AUTHORS COPYING ChangeLog INSTALL.md Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 YEAR=`date +"%Y"` -MONTH_YEAR=`date +"%B, %Y"` -FORMATTED_FILES=test/unit_tests.sh AUTHORS COPYING ChangeLog INSTALL Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 .github/workflows/* +FORMATTED_FILES=test/unit_tests.sh AUTHORS COPYING ChangeLog INSTALL.md Makefile NEWS README.md VERSION $(PLUGIN) $(PLUGIN).spec COPYRIGHT ${PLUGIN}.1 .github/workflows/* utils/*.sh +SCRIPTS=check_ssl_cert test/*.sh -dist: version_check formatting_check copyright_check shellcheck +dist: version_check rm -rf $(DIST_DIR) $(DIST_DIR).tar.gz mkdir $(DIST_DIR) cp -r $(DIST_FILES) $(DIST_DIR) # avoid to include extended attribute data files # see https://superuser.com/questions/259703/get-mac-tar-to-stop-putting-filenames-in-tar-archives - env COPYFILE_DISABLE=1 tar cfz $(DIST_DIR).tar.gz $(DIST_DIR) - env COPYFILE_DISABLE=1 tar cfj $(DIST_DIR).tar.bz2 $(DIST_DIR) + export COPY_EXTENDED_ATTRIBUTES_DISABLE=1; \ + export COPYFILE_DISABLE=1; \ + tar -c -z -f $(DIST_DIR).tar.gz $(DIST_DIR) && \ + tar -c -j -f $(DIST_DIR).tar.bz2 $(DIST_DIR) install: +ifndef DESTDIR + echo "Please define DESTDIR and MANDIR variables with the installation targets" + echo "e.g, make DESTDIR=/nagios/plugins/dir MANDIR=/nagios/plugins/man/dir install" +else mkdir -p $(DESTDIR) install -m 755 $(PLUGIN) $(DESTDIR) mkdir -p ${MANDIR}/man1 install -m 644 ${PLUGIN}.1 ${MANDIR}/man1/ +endif version_check: grep -q "VERSION\ *=\ *[\'\"]*$(VERSION)" $(PLUGIN) grep -q "^%define\ version\ *$(VERSION)" $(PLUGIN).spec - grep -q -- "- $(VERSION)-" $(PLUGIN).spec + grep -q -F -- "- $(VERSION)-" $(PLUGIN).spec grep -q "\"$(VERSION)\"" $(PLUGIN).1 - grep -q "${VERSION}" NEWS - grep -q "$(MONTH_YEAR)" $(PLUGIN).1 + grep -q -F "${VERSION}" NEWS echo "Version check: OK" # we check for tabs # and remove trailing blanks formatting_check: - ! grep -q '\\t' check_ssl_cert test/unit_tests.sh ! grep -q '[[:blank:]]$$' $(FORMATTED_FILES) remove_blanks: - sed -i '' 's/[[:blank:]]*$$//' $(FORMATTED_FILES) + ./utils/format_files.sh $(FORMATTED_FILES) + +SHFMT= := $(shell command -v shfmt 2> /dev/null) +format: +ifndef SHFMT + echo "No shfmt installed" +else +# -p POSIX +# -w write to file +# -s simplify +# -i 4 indent with 4 spaces + shfmt -p -w -s -i 4 $(SCRIPTS) +endif clean: rm -f *~ + rm -f *.bak rm -rf rpmroot distclean: clean @@ -48,24 +66,32 @@ rm -f *.crt rm -f *.error -test: dist - ( export SHUNIT2="$$(pwd)/shunit2/shunit2" && cd test && ./unit_tests.sh ) +check: test SHELLCHECK := $(shell command -v shellcheck 2> /dev/null) +SHUNIT := $(shell command -v shunit2 2> /dev/null || if [ -x /usr/share/shunit2/shunit2 ] ; then echo /usr/share/shunit2/shunit2 ; fi ) + +distcheck: disttest +disttest: dist formatting_check shellcheck + ./utils/check_documentation.sh + man ./check_ssl_cert.1 > /dev/null + +test: disttest +ifndef SHUNIT + echo "No shUnit2 installed: see README.md" + exit 1 +else + ( export SHUNIT2=$(SHUNIT) && export LC_ALL=C && cd test && ./unit_tests.sh ) +endif + shellcheck: ifndef SHELLCHECK - echo "No shellcheck installed: skipping test" + echo "No shellcheck installed: skipping check" else - if shellcheck --help 2>&1 | grep -q -- '-o\ ' ; then shellcheck -o all check_ssl_cert test/unit_tests.sh prepare_rpm.sh publish_release.sh ; else shellcheck check_ssl_cert test/unit_tests.sh prepare_rpm.sh publish_release.sh ; fi + if shellcheck --help 2>&1 | grep -q -- '-o\ ' ; then shellcheck -o all $(SCRIPTS) ; else shellcheck $(SCRIPTS) ; fi endif -copyright_check: - grep -q "© Matteo Corti, 2007-$(YEAR)" README.md - grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti" COPYRIGHT - grep -q "Copyright (c) 2007-$(YEAR) Matteo Corti " $(PLUGIN) - echo "Copyright year check: OK" - rpm: dist mkdir -p rpmroot/SOURCES rpmroot/BUILD cp $(DIST_DIR).tar.gz rpmroot/SOURCES @@ -73,4 +99,4 @@ -.PHONY: install clean test rpm distclean +.PHONY: install clean test rpm distclean check diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/NEWS nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/NEWS --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/NEWS 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/NEWS 2021-12-17 14:47:25.000000000 +0000 @@ -1,3 +1,60 @@ +2021-12-15 Version 2.15.0: Error if HTTP/2 is requested but not offered by the server + SSL 2.0 and SSL 3.0 disabled by --all and --all-local +2021-12-10 Version 2.14.0: Added an option --info to print certificate information + Fixed the IPv6 checks when ipconfig is not available + Fixed a bug causing an unnecessary scan when checking for disallowed protocols +2021-11-24 Version 2.13.0: Fixed a bug in the processing of error messages + Handling of root certificates in DER format +2021-11-16 Version 2.12.0: Improved verbose messages +2021-11-11 Version 2.11.0: Several fixes in the documentation + Works with OpenSSL 3.0.0 + Fixes a bug in the processing of certificate issuers containing commas +2021-10-22 Version 2.10.4: Fixes the organization check +2021-10-21 Version 2.10.3: Fixes --rsa on systems not supporting PSS + Uses mktemp if available (the workaround is only used if not available for speed reasons) +2021-10-14 Version 2.10.2: Improved the certificate chain check of local bundles +2021-10-12 Version 2.10.1: Fixed the certificate chain check +2021-10-11 Version 2.10.0: Checks the certificate chain integrity + Does not accept certificates without SANs (use --allow-empty-san to ignore) + Bug fix in the handling of errors while fetching certificates + Allows a check on invalid FQDNs containing an underscore +2021-10-06 Version 2.9.1: Accepts certificates without subject alternative names + Added an option (--debug-time) to print the elapsed time in the debugging output +2021-10-01 Version 2.9.0: The --skip-element option can now be specified multiple times and specifies to skip a single + element of the certificate chain +2021-09-29 Version 2.8.0: Adds a check for acceptable client certificate CAs (--require-client-cert [list]) + Supporting certificate expiration after 2038-01-19 on 32 bit systems + Adds an option (--ignore-connection-problem) to set a custom state in case of connection failures + Adds two options to selectively disable proxy setting for curl and s_client + (--no-proxy-curl and --no-proxy-s_client) +2021-09-24 Version 2.7.0: Critical and warning can now be floating point numbers +2021-09-21 Version 2.6.1: Fixed the output of several messages + Fixed the order of the critical messages + Fixed a problem when checking a local CRL (no STC checks and automatic conversion from DER format) + Fixed a problem with the tests with IPv6 + Fixed a problem when checking a local certificate (does not try to connect to localhost to check for renegotiation) +2021-09-17 Version 2.6.0: Added the --prometheus command line option to generate output for Prometheus/OpenMetrics + Automatically assume localhost if --file is specified +2021-09-16 Version 2.5.2: Bug fix: fixed the output in case or multiple errors +2021-09-15 Version 2.5.1: Bug fix: fixed the detection of server internal errors by OCSP checks +2021-09-15 Version 2.5.0: Added the --ignore-ocsp-errors command line option + Bug fix: fixed the behavior of the --element command line option +2021-08-31 Version 2.4.3: Fixed the connection to the TLS renegotiation on FreeBSD + Detects old BSD date without -f and computes the date with dconv +2021-08-27 Version 2.4.2: Fixed the handling of IP addresses +2021-08-19 Version 2.4.1: Fixed the handling of --file and --cn +2021-08-16 Version 2.4.0: Support DANE TLSA 312 +2021-08-13 Version 2.3.8: Bug fix: fixed the parsing of the --cn command line option + Bug fix: better validation of the host command line argument +2021-07-09 Version 2.3.7: Bug fix: performance data is no more shown by critical and warning message when --no-perf is specified +2021-06-23 Version 2.3.6: Bug fix: follows symbolic links +2021-06-22 Version 2.3.5: Bug fix: correct parsing of file(1) ou +2021-06-18 Version 2.3.4: Stop the SSL Labs checks after an error +2021-06-16 Version 2.3.3: Speedup the offered ciphers check +2021-06-03 Version 2.3.2: Bug fix: always uses the specifies OpenSSL binary and respects the specified IP version +2021-05-28 Version 2.3.1: Compatibility fixes for LibreSSL on macOS + Added sanity checks for file write operations +2021-05-21 Version 2.3.0: Added the --debug-file option 2021-05-07 Version 2.2.0: Bug fix: --debug does not store any information in $TMPDIR anymore To locally store the retrieved certificates in debug mode the option --debug-cert has to be specified 2021-05-06 Version 2.1.4: Bug fix in the handling of Qualy's SSL Lab command line options @@ -12,14 +69,14 @@ Short options can be grouped (e.g., -vs -c 10 -w 15) Different verbosity levels can now be specified (-v can be used more than once) Added the --resolve option to specify a custom IP for the checked host -2021-03-25 Version 1.146.0: Added --all to enable oll the optional checks +2021-03-25 Version 1.146.0: Added --all to enable all the optional checks Fixed a bug in the processing of client certificate requirements Improved the error handling in case a TLS connection is not possible 2021-03-15 Version 1.145-0: Fix in the parsing of OpenSSL version 2021-03-14 Version 1.144.0: Getting rid of the man dependency 2021-03-12 Version 1.143.0: Better handling of the timeout Checks ciphers with nmap (--check-ciphers and --check-ciphers-warnings) - Checks oll the supplied OCSP URIs + Checks all the supplied OCSP URIs 2021-03-10 Version 1.142.0: Improved the TLS renegotiation check Added --password to specify a password source for PCKS12 certificates 2021-03-09 Version 1.141.0: Do not check SCTs if the certificate is self signed @@ -27,15 +84,15 @@ Supports local PCKS #12 and DER formatted certificates 2021-02-25 Version 1.140.0: Fixed a bug in the SCT check 2021-02-24 Version 1.139.0: Fixed a bug in the TLS renegotiation check -2021-02-24 Version 1.138.0: Checks for TLS renegotiation +2021-02-24 Version 1.138.0: Checks for TLS renegotiation< 2021-02-18 Version 1.137.0: Added the --url option to specify the URL for the HTTP request 2021-02-16 Version 1.136.0: Fixed the signed certificate timestamps spelling (command line option) 2021-01-28 Version 1.135.0: Checks for signed certificate timestamps (SCTs) 2021-01-27 Version 1.134.0: Complete support for Alpine Linux and BusyBox 2021-01-26 Version 1.133.0: Added the --date option to specify the date binary support for BusyBox date -2021-01-18 Version 1.132.0: Timeouted subprocesses can now be interrupted - Revokation via CRL can be checked with the --crl option +2021-01-18 Version 1.132.0: Time-outed sub-processes can now be interrupted + Revocation via CRL can be checked with the --crl option Better error messages for DH with small keys and handshake failures 2021-01-15 Version 1.131.0: OCSP check on all the chain elements 2021-01-14 Version 1.130.0: Retries when SSL Labs has no available slot @@ -86,7 +143,7 @@ 2019-08-08 Version 1.87.0: LDAPS support 2019-07-21 Version 1.86.0: Fixed a bug and enabled extended regex search 2019-06-02 Version 1.85.0: Improved the warnings when using the --file option -2019-03-28 Version 1.84.0: Added an option to specify the cURL user agent +2019-03-28 Version 1.84.0: Added an option to specify the curl user agent 2019-03-01 Version 1.83.0: Spelling corrections 2019-02-08 Version 1.82.0: Added a check on the readability of the certificate file 2019-02-01 Version 1.81.0: Added an option to specify a warning level with SSL Labs @@ -112,7 +169,7 @@ 2018-04-17 Version 1.67.0: Terse output, warning if the specified server name is not found in the certificate and --format option 2018-04-06 Version 1.66.0: UTF-8 output 2018-03-29 Version 1.65.0: Bug fix release -2018-03-28 Version 1.64.0: Remove cURL dependency +2018-03-28 Version 1.64.0: Remove curl dependency 2018-03-17 Version 1.63.0: Support for TLS 1.3 2018-03-06 Version 1.62.0: Support for LibreSSL 2018-01-19 Version 1.61.0: Fixed a bug handling more than one OCSP host @@ -193,17 +250,17 @@ the certificate download 2012-07-13 Version 1.14.2 Added the name since or to expiration in the plugin output. -2012-07-11 Version 1.14.1 FIxed a bug with Perl date computation on some systems +2012-07-11 Version 1.14.1 Fixed a bug with Perl date computation on some systems 2012-07-06 Version 1.14.0 The status now includes performance data in days until - expiration (requires perl with Date::Parse). + expiration (requires Perl with Date::Parse). It is now possible to print additional information in - the plugins long output (multiline, Nagios 3 only) + the plugins long output (multi-line, Nagios 3 only) 2012-04-05 Version 1.13.0 The plugin will now try to fetch the certificate without without TLS extensions in case of error 2012-04-04 Version 1.12.0 Fixed a bug in the chain verification (hard coded error number) 2011-10-22 Version 1.11.0 --altname option -2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenicate +2011-09-01 Version 1.10.0 Applied a patch from Sven Nierlein to authenticate using a client certificate 2011-03-10 Version 1.9.1 Allows HTTP as protocol and fixes -N with wildcards 2011-01-24 Version 1.9.0 Added an option to specify the openssl executable @@ -244,8 +301,8 @@ 2008-02-25 Version 1.2.1 better error handling 2008-02-25 Version 1.2.0 general cleanup (POSIX compliance, removed nmap dependency, ...) from Dan Wallis -2007-08-31 Version 1.1.0 - option to enforce a given email address +2007-08-31 Version 1.1.0 - option to enforce a given email address - option to enforce a given organization - temporary files cleanup upon exit -2007-08-15 Bug fix: openssl did not close the connection cleanly -2007-08-10 First release (1.0) +2007-08-15 Version 1.0.1 Bug fix: openssl did not close the connection cleanly +2007-08-10 Version 1.0.0 First release (1.0) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/pull_request_template.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/pull_request_template.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/pull_request_template.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/pull_request_template.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,7 @@ +Fixes # + +## Proposed Changes + + - + - + - diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/README.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/README.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/README.md 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/README.md 2021-12-17 14:47:25.000000000 +0000 @@ -6,198 +6,272 @@ # check\_ssl\_cert -A shell script (that can be used as a Nagios plugin) to check an SSL/TLS connection +A shell script (that can be used as a Nagios/Icinga plugin) to check an SSL/TLS connection ## Usage ``` - Usage: check_ssl_cert -H host [OPTIONS] + check_ssl_cert -f file [OPTIONS] Arguments: + -f,--file file local file path (works with -H localhost + only) with -f you can not only pass a x509 + certificate file but also a certificate + revocation list (CRL) to check the + validity period -H,--host host server Options: - -A,--noauth ignore authority warnings (expiration only) - --all enables all the possible optional checks at the maximum level - --altnames matches the pattern specified in -n with - alternate names too - --check-ciphers grade checks the offered ciphers - --check-ciphers-warnings critical if nmap reports a warning for an offered cipher + -A,--noauth ignore authority warnings (expiration + only) + --all enables all the possible optional checks + at the maximum level + --all-local enables all the possible optional checks + at the maximum level (without SSL-Labs) + --allow-empty-san allow certificates without Subject + Alternative Names (SANs) -C,--clientcert path use client certificate to authenticate + -c,--critical days minimum number of days a certificate has + to be valid to issue a critical status. + Can be a floating point number, e.g., 0.5 + Default: 15 + --check-ciphers grade checks the offered ciphers + --check-ciphers-warnings critical if nmap reports a warning for an + offered cipher + --check-ssl-labs-warn grade SSL Labs grade on which to warn --clientpass phrase set passphrase for client certificate. - -c,--critical days minimum number of days a certificate has to - be valid to issue a critical status. Default: 15 - --crl checks revokation via CRL (requires --rootcert-file) + --crl checks revocation via CRL (requires + --rootcert-file) --curl-bin path path of the curl binary to be used - --curl-user-agent string user agent that curl shall use to obtain the - issuer cert - --custom-http-header string custom HTTP header sent when getting the cert - example: 'X-Check-Ssl-Cert: Foobar=1' - --dane verify that valid DANE records exist (since OpenSSL 1.1.0) - --dane 211 verify that a valid DANE-TA(2) SPKI(1) SHA2-256(1) TLSA record exists - --dane 301 verify that a valid DANE-EE(3) Cert(0) SHA2-256(1) TLSA record exists - --dane 302 verify that a valid DANE-EE(3) Cert(0) SHA2-512(2) TLSA record exists - --dane 311 verify that a valid DANE-EE(3) SPKI(1) SHA2-256(1) TLSA record exists + --curl-user-agent string user agent that curl shall use to obtain + the issuer cert + --custom-http-header string custom HTTP header sent when getting the + cert example: 'X-Check-Ssl-Cert: Foobar=1' + -d,--debug produces debugging output (can be + specified more than once) + --dane verify that valid DANE records exist + (since OpenSSL 1.1.0) + --dane 211 verify that a valid DANE-TA(2) SPKI(1) + SHA2-256(1) TLSA record exists + --dane 301 verify that a valid DANE-EE(3) Cert(0) + SHA2-256(1) TLSA record exists + --dane 302 verify that a valid DANE-EE(3) Cert(0) + SHA2-512(2) TLSA record exists + --dane 311 verify that a valid DANE-EE(3) SPKI(1) + SHA2-256(1) TLSA record exists + --dane 312 verify that a valid DANE-EE(3) + SPKI(1) SHA2-512(1) TLSA record exists --date path path of the date binary to be used - -d,--debug produces debugging output (can be specified more than once) - --debug-cert stores the retrieved certificates in the current directory + --debug-cert stores the retrieved certificates in the + current directory + --debug-file file writes the debug messages to file + --debug-time writes timing information in the + debugging output --dig-bin path path of the dig binary to be used - --ecdsa signature algorithm selection: force ECDSA certificate - --element number checks N cert element from the begining of the chain - -e,--email address pattern to match the email address contained - in the certificate - -f,--file file local file path (works with -H localhost only) - with -f you can not only pass a x509 - certificate file but also a certificate - revocation list (CRL) to check the validity - period + -e,--email address pattern to match the email address + contained in the certificate + --ecdsa signature algorithm selection: force ECDSA + certificate + --element number checks up to the N cert element from the + beginning of the chain --file-bin path path of the file binary to be used --fingerprint SHA1 pattern to match the SHA1-Fingerprint - --first-element-only verify just the first cert element, not the whole chain - --force-perl-date force the usage of Perl for date computations - --format FORMAT format output template on success, for example - "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'" + --first-element-only verify just the first cert element, not + the whole chain + --force-dconv-date force the usage of dconv for date + computations + --force-perl-date force the usage of Perl for date + computations + --format FORMAT format output template on success, for + example: %SHORTNAME% OK %CN% from + %CA_ISSUER_MATCHED% -h,--help,-? this help message - --http-use-get use GET instead of HEAD (default) for the HTTP - related checks - --ignore-altnames ignores alternative names when matching pattern specified in -n (or the host name) + --http-use-get use GET instead of HEAD (default) for the + HTTP related checks + -i,--issuer issuer pattern to match the issuer of the + certificate + --ignore-altnames ignores alternative names when matching + pattern specified in -n (or the host name) + --ignore-connection-problems [state] in case of connection problems + returns OK or the optional state --ignore-exp ignore expiration date - --ignore-host-cn do not complain if the CN does not match the host name + --ignore-host-cn do not complain if the CN does not match + the host name + --ignore-incomplete-chain does not check chain integrity --ignore-ocsp do not check revocation with OCSP - --ignore-ocsp-timeout ignore OCSP result when timeout occurs while checking - --ignore-sig-alg do not check if the certificate was signed with SHA1 - or MD5 - --ignore-sct do not check for signed certificate timestamps (SCT) + --ignore-ocsp-errors continue if the OCSP status cannot be + checked + --ignore-ocsp-timeout ignore OCSP result when timeout occurs + while checking + --ignore-sct do not check for signed certificate + timestamps (SCT) + --ignore-sig-alg do not check if the certificate was signed + with SHA1 or MD5 --ignore-ssl-labs-cache Forces a new check by SSL Labs (see -L) --ignore-tls-renegotiation Ignores the TLS renegotiation check --inetproto protocol Force IP version 4 or 6 - -i,--issuer issuer pattern to match the issuer of the certificate - --issuer-cert-cache dir directory where to store issuer certificates cache + --info Prints certificate information + --issuer-cert-cache dir directory where to store issuer + certificates cache -K,--clientkey path use client certificate key to authenticate - -L,--check-ssl-labs grade SSL Labs assessment - (please check https://www.ssllabs.com/about/terms.html) - --check-ssl-labs-warn grade SSL-Labs grade on which to warn - --long-output list append the specified comma separated (no spaces) list - of attributes to the plugin output on additional lines + -L,--check-ssl-labs grade SSL Labs assessment (please check + https://www.ssllabs.com/about/terms.html) + --long-output list append the specified comma separated (no + spaces) list of attributes to the plugin + output on additional lines Valid attributes are: - enddate, startdate, subject, issuer, modulus, - serial, hash, email, ocsp_uri and fingerprint. - 'all' will include all the available attributes. - -n,--cn name pattern to match the CN of the certificate (can be - specified multiple times) + enddate, startdate, subject, issuer, + modulus, serial, hash, email, ocsp_uri + and fingerprint. + 'all' will include all the available + attributes. + -n,--cn name pattern to match the CN of the certificate + (can be specified multiple times) --nmap-bin path path of the nmap binary to be used --no-perf do not show performance data - --no-proxy ignores the http_proxy and https_proxy environment variables - --no_ssl2 disable SSL version 2 - --no_ssl3 disable SSL version 3 - --no_tls1 disable TLS version 1 - --no_tls1_1 disable TLS version 1.1 - --no_tls1_2 disable TLS version 1.2 - --no_tls1_3 disable TLS version 1.3 - --not-issued-by issuer check that the issuer of the certificate does not match - the given pattern - --not-valid-longer-than days critical if the certificate validity is longer than - the specified period - -N,--host-cn match CN with the host name - --ocsp-critical hours minimum number of hours an OCSP response has to be valid to - issue a critical status - --ocsp-warning hours minimum number of hours an OCSP response has to be valid to - issue a warning status - -o,--org org pattern to match the organization of the certificate + --no-proxy ignores the http_proxy and https_proxy + environment variables + --no-proxy-curl ignores the http_proxy and https_proxy + environment variables for curl + --no-proxy-s_client ignores the http_proxy and https_proxy + environment variables for openssl s_client + --no-ssl2 disable SSL version 2 + --no-ssl3 disable SSL version 3 + --no-tls1 disable TLS version 1 + --no-tls1_1 disable TLS version 1.1 + --no-tls1_2 disable TLS version 1.2 + --no-tls1_3 disable TLS version 1.3 + --not-issued-by issuer check that the issuer of the certificate + does not match the given pattern + --not-valid-longer-than days critical if the certificate validity is + longer than the specified period + -o,--org org pattern to match the organization of the + certificate + --ocsp-critical hours minimum number of hours an OCSP response + has to be valid to issue a critical status + --ocsp-warning hours minimum number of hours an OCSP response + has to be valid to issue a warning status --openssl path path of the openssl binary to be used - --password source password source for a local certificate, see the PASS PHRASE ARGUMENTS section - openssl(1) -p,--port port TCP port - -P,--protocol protocol use the specific protocol - {ftp|ftps|http|https|h2|imap|imaps|irc|ircs|ldap|ldaps|pop3|pop3s| - postgres|sieve|smtp|smtps|xmpp|xmpp-server} - https: default - h2: forces HTTP/2 - ftp,imap,irc,ldap,pop3,postgres,sieve,smtp: switch to - TLS using StartTLS - --proxy proxy sets http_proxy and the s_client -proxy option + -P,--protocol protocol use the specific protocol: + ftp, ftps, http, https (default), + h2 (HTTP/2), imap, imaps, irc, ircs, ldap, + ldaps, mysql, pop3, pop3s, postgres, + sieve, smtp, smtps, xmpp, xmpp-server. + ftp, imap, irc, ldap, pop3, postgres, + sieve, smtp: switch to TLS using StartTLS + --password source password source for a local certificate, + see the PASS PHRASE ARGUMENTS section + openssl(1) + --prometheus generates Prometheus/OpenMetrics output + --proxy sets http_proxy and the s_client -proxy + -r,--rootcert path root certificate or directory to be used + for certificate validation + --require-client-cert [list] the server must accept a client + certificate. 'list' is an optional comma + separated list of expected client + certificate CAs --require-no-ssl2 critical if SSL version 2 is offered --require-no-ssl3 critical if SSL version 3 is offered --require-no-tls1 critical if TLS 1 is offered --require-no-tls1_1 critical if TLS 1.1 is offered - --resolve ip provides a custom IP address for the specified host - -s,--selfsigned allows self-signed certificates - --serial serialnum pattern to match the serial number - --skip-element number skip checks on N cert element from the begining of the chain - --sni name sets the TLS SNI (Server Name Indication) extension - in the ClientHello message to 'name' - --ssl2 forces SSL version 2 - --ssl3 forces SSL version 3 --require-ocsp-stapling require OCSP stapling - --require-san require the presence of a Subject Alternative Name - extension - -r,--rootcert path root certificate or directory to be used for + --resolve ip provides a custom IP address for the + specified host + --rootcert-dir path root directory to be used for certificate + validation + --rootcert-file path root certificate to be used for certificate validation - --rootcert-dir path root directory to be used for certificate validation - --rootcert-file path root certificate to be used for certificate validation - --rsa signature algorithm selection: force RSA certificate - --temp dir directory where to store the temporary files - --terse terse output + --rsa signature algorithm selection: force RSA + certificate + -s,--selfsigned allows self-signed certificates + --serial serialnum pattern to match the serial number + --skip-element number skips checks on the Nth cert element (can + be specified multiple times) + --sni name sets the TLS SNI (Server Name Indication) + extension in the ClientHello message to + 'name' + --ssl2 force SSL version 2 + --ssl3 force SSL version 3 -t,--timeout seconds timeout after the specified time (defaults to 120 seconds) + --temp dir directory where to store the temporary + files + --terse terse output --tls1 force TLS version 1 --tls1_1 force TLS version 1.1 --tls1_2 force TLS version 1.2 --tls1_3 force TLS version 1.3 -u,--url URL HTTP request URL - -v,--verbose verbose output (can be specified more than once) + -v,--verbose verbose output (can be specified more than + once) -V,--version version - -w,--warning days minimum number of days a certificate has to be valid - to issue a warning status. Default: 20 - --xmpphost name specifies the host for the 'to' attribute of the stream element + -w,--warning days minimum number of days a certificate has + to be valid to issue a warning status. + Can be a floating point number, e.g., 0.5 + Default: 20 + --xmpphost name specifies the host for the 'to' attribute + of the stream element -4 force IPv4 -6 force IPv6 Deprecated options: - --days days minimum number of days a certificate has to be valid + --altnames matches the pattern specified in -n with + alternate names too (enabled by default) + --days days minimum number of days a certificate has + to be valid (see --critical and --warning) - --ocsp check revocation via OCSP + -N,--host-cn match CN with the host name + (enabled by default) + --no_ssl2 disable SSLv2 (deprecated use --no-ssl2) + --no_ssl3 disable SSLv3 (deprecated use --no-ssl3) + --no_tls1 disable TLSv1 (deprecated use --no-tls1) + --no_tls1_1 disable TLSv1.1 (deprecated use + --no-tls1_1) + --no_tls1_2 disable TLSv1.1 (deprecated use + --no-tls1_2) + --no_tls1_3 disable TLSv1.1 (deprecated use + --no-tls1_3) + --ocsp check revocation via OCSP (enabled by + default) + --require-san require the presence of a Subject + Alternative Name + extension -S,--ssl version force SSL version (2,3) (see: --ssl2 or --ssl3) Report bugs to https://github.com/matteocorti/check_ssl_cert/issues - ``` ## Expect & timeout -check\_ssl\_cert requires 'expect' or 'timeout' to enable timeouts. If 'expect' or 'timeout' is not -present on your system timeouts will be disabled. - -See: [http://en.wikipedia.org/wiki/Expect](http://en.wikipedia.org/wiki/Expect) and [https://man7.org/linux/man-pages/man1/timeout.1.html](https://man7.org/linux/man-pages/man1/timeout.1.html) - +check\_ssl\_cert requires [```expect```](http://en.wikipedia.org/wiki/Expect) or [```timeout```](https://man7.org/linux/man-pages/man1/timeout.1.html) to enable timeouts. If ```expect``` or ```timeout``` are not present on your system timeouts will be disabled. ## Virtual servers check\_ssl\_cert supports the servername TLS extension in ClientHello -if the installed openssl version provides it. This is needed if you -are checking a machine with virtual hosts. +if the installed OpenSSL version provides it. This is needed if you +are checking a server with virtual hosts. ## SSL Labs If `-L` or `--check-ssl-labs` are specified the plugin will check the -cached status using the SSL Labs Assessment API (see -https://www.ssllabs.com/about/terms.html). +cached status using the [SSL Labs Assessment API](https://www.ssllabs.com/about/terms.html). The plugin will ask for a cached result (maximum age 1 day) to avoid -to many checks. The first time you issue the check you could therefore +too many checks. The first time you issue the check you could therefore get an outdated result. -## Notes +## Root Certificate The root certificate corresponding to the checked certificate must be -available to openssl or specified with the `-r cabundle` or -`--rootcert cabundle` option, where cabundle is either a file for `-CAfile` +available to OpenSSL or specified with the `-r cabundle` or +`--rootcert cabundle` option, where ```cabundle``` is either a file for `-CAfile` or a directory for `-CApath`. On macOS the root certificates bundle is stored in the Keychain and -openssl will complain with: +OpenSSL will complain with: ``` verification error: unable to get local issuer certificate @@ -216,8 +290,31 @@ ./check_ssl_cert -H www.google.com -r ./cabundle.crt ``` -## Bugs +## Quoting in Nagios + +An asterisk ```*``` is automatically escaped by nagios. If you need to specify an option (e.g., ```--cn```) with an argument containing an asterisk you need to enclose it in double quotes (e.g., ```''*.github.com''```) + +## Development -The timeout is applied to each action involving a download. +### Testing + +To run the test suite you will need [shUnit2](https://github.com/kward/shunit2) + + * Manual install: [github](https://github.com/kward/shunit2) + * macOS with [Homebrew](https://brew.sh): ```brew install shunit2``` + * Debian, Ubuntu: ```apt-get install shunit2``` + * Fedora: ```dnf install shunit2``` + +Run ```make test``` to execute the whole test suite. + +With ```make disttest``` you can check the formatting of the files (e.g. tabs and blanks at the end of the lines) and run ShellCheck to lint the scripts. + +To run a single test: + + * set the ```SHUNIT2``` environment variable with the location of the shUnit2 binary + * change the directory to the test suite: ```cd test``` + * execute the test suite with the tests to be run as argument after ```--```. For example ```./unit_tests.sh -- testName``` + +## Bugs Report bugs to [https://github.com/matteocorti/check_ssl_cert/issues](https://github.com/matteocorti/check_ssl_cert/issues) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/RELEASE_NOTES.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/RELEASE_NOTES.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/RELEASE_NOTES.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/RELEASE_NOTES.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,2 @@ + * Error if HTTP/2 is requested but not offered by the server + * SSL 2.0 and SSL 3.0 disabled by ```--all``` and ```--all-local``` diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/SECURITY.md nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/SECURITY.md --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/SECURITY.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/SECURITY.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +Please contact the [matteo@corti.li](mailto:matteo@corti.li) directly diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/cabundle.crt nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/cabundle.crt --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/cabundle.crt 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/cabundle.crt 2021-12-17 14:47:25.000000000 +0000 @@ -3656,6 +3656,38 @@ +tb5evosFeo2gkO3t7jj83EB7UNDogVFwygFBzXjAaU4HoDU18PZ3g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx +MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET +MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI +xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k +ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD +aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw +LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw +1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX +k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 +SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h +bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n +WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY +rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce +MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu +bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt +Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 +55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj +vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf +cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz +oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp +nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs +pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v +JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R +8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 +5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg Binary files /tmp/tmpbvznukrd/AR2TEg1FPo/nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/derlink.cer and /tmp/tmpbvznukrd/rsuwgAjtog/nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/derlink.cer differ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/fullchain.pem nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/fullchain.pem --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/fullchain.pem 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/fullchain.pem 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,140 @@ +-----BEGIN CERTIFICATE----- +MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw +MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl/ejLa6T/belaI+KZ9hzp +kgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsX +lOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu/t/bgRQIh4JZCF8/ZK2VWNAcm +BA2o/X3KLu/qSHw3TT8An4Pf73WELnlXXPxXbhqW//yMmqaZviXZf5YsBvcRKgKA +gOtjGDxQSYflispfGStZloEAoPtR28p3CwvJlk/vcEnHXG0g/Zm0tOLKLnf9LdwL +tmsTDIwZKxeWmLnwi/agJ7u2441Rj72ux5uxiZ0CAwEAAaOCAYAwggF8MA4GA1Ud +DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T +AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUinR/r4XN7pXNPZzQ4kYU83E1HScwHwYD +VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG +CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw +AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt +MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsMFcG +A1UdIARQME4wOAYKKwYBBAHWeQIFAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Br +aS5nb29nL3JlcG9zaXRvcnkvMAgGBmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcN +AQELBQADggIBAIl9rCBcDDy+mqhXlRu0rvqrpXJxtDaV/d9AEQNMwkYUuxQkq/BQ +cSLbrcRuf8/xam/IgxvYzolfh2yHuKkMo5uhYpSTld9brmYZCwKWnvy15xBpPnrL +RklfRuFBsdeYTWU0AIAaP0+fbH9JAIFTQaSSIYKCGvGjRFsqUBITTcFTNvNCCK9U ++o53UxtkOCcXCb1YyRt8OS1b887U7ZfbFAO/CVMkH8IMBHmYJvJh8VNS/UKMG2Yr +PxWhu//2m+OBmgEGcYk1KCTd4b3rGS3hSMs9WYNRtHTGnXzGsYZbr8w0xNPM1IER +lQCh9BIiAfq0g3GvjLeMcySsN1PCAJA/Ef5c7TaUEDu9Ka7ixzpiO2xj2YC/WXGs +Yye5TBeg2vZzFb8q3o/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjO +z23HFtz30dZGm6fKa+l3D/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJG +AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw +juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl +1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBX +MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE +CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYx +OTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT +GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIx +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63 +ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwS +iV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351k +KSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZ +DrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zk +j5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5 +cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esW +CruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499 +iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35Ei +Eua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbap +sZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b +9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAf +BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIw +JQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUH +MAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6Al +oCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAy +MAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIF +AwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9 +NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9 +WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw +9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy ++qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvi +d0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIINxDCCDKygAwIBAgIQaczIXdXLFjQKAAAAAP9gXDANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMTA5MTMwMTM4MzdaFw0yMTExMjAw +MTM4MzZaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABF63ur9oci8z3kct0yU6SdxiU/D5SpKsSUTOWT5uRIUFtE4ZP6dI +fhoZP3ZzJDGVHirnokMh3VxZaLZQMInFMDGjggumMIILojAOBgNVHQ8BAf8EBAMC +B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +9X1jQB4WTJwnDM6S2qCd08XH8VowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU +83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w +a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv +L2NlcnRzL2d0czFjMy5kZXIwgglWBgNVHREEgglNMIIJSYIMKi5nb29nbGUuY29t +ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tggkqLmJkbi5kZXaCEiouY2xvdWQuZ29v +Z2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5nb29nbGUuY29tghgqLmRhdGFjb21wdXRl +Lmdvb2dsZS5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUu +Y28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUu +Y29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29n +bGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5n +b29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xl +LmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29n +bGVhcGlzLmNughEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNughAqLmdz +dGF0aWMtY24uY29tghIqLmdzdGF0aWNjbmFwcHMuY26CD2dvb2dsZWNuYXBwcy5j +boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds +ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n +bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu +bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CC3dpZGV2aW5lLmNugg0qLndpZGV2 +aW5lLmNughFhbXBwcm9qZWN0Lm9yZy5jboITKi5hbXBwcm9qZWN0Lm9yZy5jboIR +YW1wcHJvamVjdC5uZXQuY26CEyouYW1wcHJvamVjdC5uZXQuY26CF2dvb2dsZS1h +bmFseXRpY3MtY24uY29tghkqLmdvb2dsZS1hbmFseXRpY3MtY24uY29tghdnb29n +bGVhZHNlcnZpY2VzLWNuLmNvbYIZKi5nb29nbGVhZHNlcnZpY2VzLWNuLmNvbYIR +Z29vZ2xldmFkcy1jbi5jb22CEyouZ29vZ2xldmFkcy1jbi5jb22CEWdvb2dsZWFw +aXMtY24uY29tghMqLmdvb2dsZWFwaXMtY24uY29tghVnb29nbGVvcHRpbWl6ZS1j +bi5jb22CFyouZ29vZ2xlb3B0aW1pemUtY24uY29tghJkb3VibGVjbGljay1jbi5u +ZXSCFCouZG91YmxlY2xpY2stY24ubmV0ghgqLmZscy5kb3VibGVjbGljay1jbi5u +ZXSCFiouZy5kb3VibGVjbGljay1jbi5uZXSCDmRvdWJsZWNsaWNrLmNughAqLmRv +dWJsZWNsaWNrLmNughQqLmZscy5kb3VibGVjbGljay5jboISKi5nLmRvdWJsZWNs +aWNrLmNughFkYXJ0c2VhcmNoLWNuLm5ldIITKi5kYXJ0c2VhcmNoLWNuLm5ldIId +Z29vZ2xldHJhdmVsYWRzZXJ2aWNlcy1jbi5jb22CHyouZ29vZ2xldHJhdmVsYWRz +ZXJ2aWNlcy1jbi5jb22CGGdvb2dsZXRhZ3NlcnZpY2VzLWNuLmNvbYIaKi5nb29n +bGV0YWdzZXJ2aWNlcy1jbi5jb22CF2dvb2dsZXRhZ21hbmFnZXItY24uY29tghkq +Lmdvb2dsZXRhZ21hbmFnZXItY24uY29tghhnb29nbGVzeW5kaWNhdGlvbi1jbi5j +b22CGiouZ29vZ2xlc3luZGljYXRpb24tY24uY29tgiQqLnNhZmVmcmFtZS5nb29n +bGVzeW5kaWNhdGlvbi1jbi5jb22CFmFwcC1tZWFzdXJlbWVudC1jbi5jb22CGCou +YXBwLW1lYXN1cmVtZW50LWNuLmNvbYILZ3Z0MS1jbi5jb22CDSouZ3Z0MS1jbi5j +b22CC2d2dDItY24uY29tgg0qLmd2dDItY24uY29tggsybWRuLWNuLm5ldIINKi4y +bWRuLWNuLm5ldIIUZ29vZ2xlZmxpZ2h0cy1jbi5uZXSCFiouZ29vZ2xlZmxpZ2h0 +cy1jbi5uZXSCDGFkbW9iLWNuLmNvbYIOKi5hZG1vYi1jbi5jb22CDSouZ3N0YXRp +Yy5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggoqLmd2dDEuY29tghEqLmdjcGNk +bi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIOKi5nY3AuZ3Z0Mi5jb22CECoudXJsLmdv +b2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CCyoueXRpbWcuY29tggth +bmRyb2lkLmNvbYINKi5hbmRyb2lkLmNvbYITKi5mbGFzaC5hbmRyb2lkLmNvbYIE +Zy5jboIGKi5nLmNuggRnLmNvggYqLmcuY2+CBmdvby5nbIIKd3d3Lmdvby5nbIIU +Z29vZ2xlLWFuYWx5dGljcy5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv +b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIUKi5nb29nbGVjb21tZXJjZS5j +b22CCGdncGh0LmNuggoqLmdncGh0LmNuggp1cmNoaW4uY29tggwqLnVyY2hpbi5j +b22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHVi +ZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVr +aWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRy +b2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xl +LmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9p +ZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvUU92 +SjBOMXNUMkEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcARJRlLrDuzq/E +QAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAF73QViLQAABAMASDBGAiEArWffq368 +tzMiCHLl+A1BFjfaVIJORVMn4o43ejqiCToCIQC2XB2yUfqlhx8t70bRv9PsrATA +VJeG4w1NoCvspRpCnAB1APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTj +AAABe90FYRMAAAQDAEYwRAIgAZcPBI5OJaZQHgCD2qkmRAWyE3G60hQklI3psMyA +yaICIAvd8zNVImiwu5RRhKkJ2c6sI9RABL43P9+cj0Qxddk8MA0GCSqGSIb3DQEB +CwUAA4IBAQCTyIgyrPBdskJmSjsTLl6Dbe8Z9NuUCsqlL4t2L6MrZECzMxKag2H9 +pFdhSbQxjwdySgTwXWfVcAfuWxOw3qIrClr47G//aBN1m+Q35I73V3Ya16LKdoNm +3CLGe6qMArlBAg86q0Sr72OeZVKRuTya7l7wHRAMK1+nGCv5Acc+75q/HKj1OkVV +njIG2whCZ+G5LmYZmKroEXIBUna3MGijHrlq58tFgQUSVQqVQzU2tseLIBvz284r +iarLqQ7sR3xVM76Qgl+Be4A4z4fE7Dz1zRIbnetKn8YO5SO/B/H91EeIB4q+nmRO +tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/incomplete_chain.pem nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/incomplete_chain.pem --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/incomplete_chain.pem 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/incomplete_chain.pem 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,76 @@ +-----BEGIN CERTIFICATE----- +MIINxDCCDKygAwIBAgIQaczIXdXLFjQKAAAAAP9gXDANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMTA5MTMwMTM4MzdaFw0yMTExMjAw +MTM4MzZaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABF63ur9oci8z3kct0yU6SdxiU/D5SpKsSUTOWT5uRIUFtE4ZP6dI +fhoZP3ZzJDGVHirnokMh3VxZaLZQMInFMDGjggumMIILojAOBgNVHQ8BAf8EBAMC +B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +9X1jQB4WTJwnDM6S2qCd08XH8VowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU +83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w +a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv +L2NlcnRzL2d0czFjMy5kZXIwgglWBgNVHREEgglNMIIJSYIMKi5nb29nbGUuY29t +ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tggkqLmJkbi5kZXaCEiouY2xvdWQuZ29v +Z2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5nb29nbGUuY29tghgqLmRhdGFjb21wdXRl +Lmdvb2dsZS5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUu +Y28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUu +Y29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29n +bGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5n +b29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xl +LmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29n +bGVhcGlzLmNughEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNughAqLmdz +dGF0aWMtY24uY29tghIqLmdzdGF0aWNjbmFwcHMuY26CD2dvb2dsZWNuYXBwcy5j +boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds +ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n +bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu +bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CC3dpZGV2aW5lLmNugg0qLndpZGV2 +aW5lLmNughFhbXBwcm9qZWN0Lm9yZy5jboITKi5hbXBwcm9qZWN0Lm9yZy5jboIR +YW1wcHJvamVjdC5uZXQuY26CEyouYW1wcHJvamVjdC5uZXQuY26CF2dvb2dsZS1h +bmFseXRpY3MtY24uY29tghkqLmdvb2dsZS1hbmFseXRpY3MtY24uY29tghdnb29n +bGVhZHNlcnZpY2VzLWNuLmNvbYIZKi5nb29nbGVhZHNlcnZpY2VzLWNuLmNvbYIR +Z29vZ2xldmFkcy1jbi5jb22CEyouZ29vZ2xldmFkcy1jbi5jb22CEWdvb2dsZWFw +aXMtY24uY29tghMqLmdvb2dsZWFwaXMtY24uY29tghVnb29nbGVvcHRpbWl6ZS1j +bi5jb22CFyouZ29vZ2xlb3B0aW1pemUtY24uY29tghJkb3VibGVjbGljay1jbi5u +ZXSCFCouZG91YmxlY2xpY2stY24ubmV0ghgqLmZscy5kb3VibGVjbGljay1jbi5u +ZXSCFiouZy5kb3VibGVjbGljay1jbi5uZXSCDmRvdWJsZWNsaWNrLmNughAqLmRv +dWJsZWNsaWNrLmNughQqLmZscy5kb3VibGVjbGljay5jboISKi5nLmRvdWJsZWNs +aWNrLmNughFkYXJ0c2VhcmNoLWNuLm5ldIITKi5kYXJ0c2VhcmNoLWNuLm5ldIId +Z29vZ2xldHJhdmVsYWRzZXJ2aWNlcy1jbi5jb22CHyouZ29vZ2xldHJhdmVsYWRz +ZXJ2aWNlcy1jbi5jb22CGGdvb2dsZXRhZ3NlcnZpY2VzLWNuLmNvbYIaKi5nb29n +bGV0YWdzZXJ2aWNlcy1jbi5jb22CF2dvb2dsZXRhZ21hbmFnZXItY24uY29tghkq +Lmdvb2dsZXRhZ21hbmFnZXItY24uY29tghhnb29nbGVzeW5kaWNhdGlvbi1jbi5j +b22CGiouZ29vZ2xlc3luZGljYXRpb24tY24uY29tgiQqLnNhZmVmcmFtZS5nb29n +bGVzeW5kaWNhdGlvbi1jbi5jb22CFmFwcC1tZWFzdXJlbWVudC1jbi5jb22CGCou +YXBwLW1lYXN1cmVtZW50LWNuLmNvbYILZ3Z0MS1jbi5jb22CDSouZ3Z0MS1jbi5j +b22CC2d2dDItY24uY29tgg0qLmd2dDItY24uY29tggsybWRuLWNuLm5ldIINKi4y +bWRuLWNuLm5ldIIUZ29vZ2xlZmxpZ2h0cy1jbi5uZXSCFiouZ29vZ2xlZmxpZ2h0 +cy1jbi5uZXSCDGFkbW9iLWNuLmNvbYIOKi5hZG1vYi1jbi5jb22CDSouZ3N0YXRp +Yy5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggoqLmd2dDEuY29tghEqLmdjcGNk +bi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIOKi5nY3AuZ3Z0Mi5jb22CECoudXJsLmdv +b2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CCyoueXRpbWcuY29tggth +bmRyb2lkLmNvbYINKi5hbmRyb2lkLmNvbYITKi5mbGFzaC5hbmRyb2lkLmNvbYIE +Zy5jboIGKi5nLmNuggRnLmNvggYqLmcuY2+CBmdvby5nbIIKd3d3Lmdvby5nbIIU +Z29vZ2xlLWFuYWx5dGljcy5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv +b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIUKi5nb29nbGVjb21tZXJjZS5j +b22CCGdncGh0LmNuggoqLmdncGh0LmNuggp1cmNoaW4uY29tggwqLnVyY2hpbi5j +b22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHVi +ZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVr +aWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRy +b2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xl +LmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9p +ZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvUU92 +SjBOMXNUMkEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcARJRlLrDuzq/E +QAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAF73QViLQAABAMASDBGAiEArWffq368 +tzMiCHLl+A1BFjfaVIJORVMn4o43ejqiCToCIQC2XB2yUfqlhx8t70bRv9PsrATA +VJeG4w1NoCvspRpCnAB1APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTj +AAABe90FYRMAAAQDAEYwRAIgAZcPBI5OJaZQHgCD2qkmRAWyE3G60hQklI3psMyA +yaICIAvd8zNVImiwu5RRhKkJ2c6sI9RABL43P9+cj0Qxddk8MA0GCSqGSIb3DQEB +CwUAA4IBAQCTyIgyrPBdskJmSjsTLl6Dbe8Z9NuUCsqlL4t2L6MrZECzMxKag2H9 +pFdhSbQxjwdySgTwXWfVcAfuWxOw3qIrClr47G//aBN1m+Q35I73V3Ya16LKdoNm +3CLGe6qMArlBAg86q0Sr72OeZVKRuTya7l7wHRAMK1+nGCv5Acc+75q/HKj1OkVV +njIG2whCZ+G5LmYZmKroEXIBUna3MGijHrlq58tFgQUSVQqVQzU2tseLIBvz284r +iarLqQ7sR3xVM76Qgl+Be4A4z4fE7Dz1zRIbnetKn8YO5SO/B/H91EeIB4q+nmRO +tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/unit_tests.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/unit_tests.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/unit_tests.sh 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/unit_tests.sh 2021-12-17 14:47:25.000000000 +0000 @@ -2,27 +2,130 @@ # $SHUNIT2 should be defined as an environment variable before running the tests # shellcheck disable=SC2154 -if [ -z "${SHUNIT2}" ] ; then - cat <&1 | grep -q 'TEMPLATE must end with XXXXXX'; then + # no suffix possible + SUFFIX= + fi + + # create a temporary file + TEMPFILE="$(mktemp "${TMPDIR}/XXXXXX${SUFFIX}" 2>/dev/null)" + + if [ -z "${TEMPFILE}" ] || [ ! -w "${TEMPFILE}" ]; then + fail 'temporary file creation failure.' + fi + + # add the file to the list of temporary files + TEMPORARY_FILES="${TEMPORARY_FILES} ${TEMPFILE}" + +} + +remove_temporary_test_files() { + # shellcheck disable=SC2086 + if [ -n "${TEMPORARY_FILES}" ]; then + rm -f ${TEMPORARY_FILES} + fi +} + +cleanup_temporary_test_files() { + SIGNALS=$1 + remove_temporary_test_files + # shellcheck disable=SC2086 + trap - ${SIGNALS} +} + +createSelfSignedCertificate() { + + DAYS=$1 + + if [ -z "${DAYS}" ]; then + DAYS=30 # default + fi + + create_temporary_test_file + CONFIGURATION=${TEMPFILE} + create_temporary_test_file + KEY=${TEMPFILE} + create_temporary_test_file + CERTIFICATE=${TEMPFILE} + + cat <<'EOT' >"${CONFIGURATION}" +[ req ] +default_bits = 2048 + +prompt = no +distinguished_name=req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +countryName=CH +stateOrProvinceName=ZH +localityName=Zurich +organizationName=Matteo Corti +organizationalUnitName=None +commonName=localhost +emailAddress=matteo@corti.li + +[ alternate_names ] +DNS.1 = localhost + +[ v3_req ] +keyUsage=digitalSignature +subjectKeyIdentifier = hash +subjectAltName = @alternate_names +EOT + + ${OPENSSL} genrsa -out "${KEY}" 2048 >/dev/null 2>&1 + + ${OPENSSL} req -new -x509 -key "${KEY}" -out "${CERTIFICATE}" -days "${DAYS}" -config "${CONFIGURATION}" + + echo "${CERTIFICATE}" + +} + +############################################################################## +# Initial setup + oneTimeSetUp() { # constants @@ -31,43 +134,86 @@ NAGIOS_CRITICAL=2 NAGIOS_UNKNOWN=3 + if [ -z "${TMPDIR}" ]; then + TMPDIR=/tmp + fi + + # Cleanup before program termination + # Using named signals to be POSIX compliant + # shellcheck disable=SC2086 + trap_with_arg cleanup ${SIGNALS} + # we trigger a test by Qualy's SSL so that when the last test is run the result will be cached echo 'Starting SSL Lab test (to cache the result)' - curl --silent 'https://www.ssllabs.com/ssltest/analyze.html?d=ethz.ch&latest' > /dev/null + curl --silent 'https://www.ssllabs.com/ssltest/analyze.html?d=ethz.ch&latest' >/dev/null # check in OpenSSL supports dane checks - if openssl s_client -help 2>&1 | grep -q -- -dane_tlsa_rrdata || openssl s_client not_a_real_option 2>&1 | grep -q -- -dane_tlsa_rrdata; then + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -dane_tlsa_rrdata || "${OPENSSL}" s_client not_a_real_option 2>&1 | grep -q -- -dane_tlsa_rrdata; then echo "dane checks supported" DANE=1 fi + # print the openssl version + echo 'OpenSSL version' + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi + "${OPENSSL}" version + } +oneTimeTearDown() { + # Cleanup before program termination + # Using named signals to be POSIX compliant + # shellcheck disable=SC2086 + cleanup_temporary_test_files ${SIGNALS} +} + +############################################################################## +# Tests + testHoursUntilNow() { # testing with perl - export DATETYPE='PERL' - hours_until "$( date )" - assertEquals "error computing the missing hours until now" 0 "${HOURS_UNTIL}" + if perl -e 'use Date::Parse;' >/dev/null 2>&1 ; then + export DATETYPE='PERL' + DATE_TMP="$(date)" + hours_until "${DATE_TMP}" + assertEquals "error computing the missing hours until now" 0 "${HOURS_UNTIL}" + else + echo "Date::Parse not installed: skipping Perl date computation tests" + fi } testHoursUntil5Hours() { # testing with perl - export DATETYPE='PERL' - hours_until "$( perl -e '$x=localtime(time+(5*3600));print $x' )" - assertEquals "error computing the missing hours until now" 5 "${HOURS_UNTIL}" + if perl -e 'use Date::Parse;' >/dev/null 2>&1 ; then + export DATETYPE='PERL' + DATE_TMP="$(perl -e '$x=localtime(time+(5*3600));print $x')" + hours_until "${DATE_TMP}" + assertEquals "error computing the missing hours until now" 5 "${HOURS_UNTIL}" + else + echo "Date::Parse not installed: skipping Perl date computation tests" + fi } testHoursUntil42Hours() { # testing with perl - export DATETYPE='PERL' - hours_until "$( perl -e '$x=localtime(time+(42*3600));print $x' )" - assertEquals "error computing the missing hours until now" 42 "${HOURS_UNTIL}" + if perl -e 'use Date::Parse;' >/dev/null 2>&1 ; then + export DATETYPE='PERL' + DATE_TMP="$(perl -e '$x=localtime(time+(42*3600));print $x')" + hours_until "${DATE_TMP}" + assertEquals "error computing the missing hours until now" 42 "${HOURS_UNTIL}" + else + echo "Date::Parse not installed: skipping Perl date computation tests" + fi } testOpenSSLVersion1() { export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' export REQUIRED_VERSION='1.2.0a' - OPENSSL=$( command -v openssl ) # needed by openssl_version + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi openssl_version "${REQUIRED_VERSION}" RET=$? assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 1 "${RET}" @@ -77,7 +223,9 @@ testOpenSSLVersion2() { export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' export REQUIRED_VERSION='1.1.1j' - OPENSSL=$( command -v openssl ) # needed by openssl_version + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi openssl_version "${REQUIRED_VERSION}" RET=$? assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" @@ -87,7 +235,9 @@ testOpenSSLVersion3() { export OPENSSL_VERSION='OpenSSL 1.1.1j 16 Feb 2021' export REQUIRED_VERSION='1.0.0b' - OPENSSL=$( command -v openssl ) # needed by openssl_version + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi openssl_version "${REQUIRED_VERSION}" RET=$? assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" @@ -97,7 +247,9 @@ testOpenSSLVersion4() { export OPENSSL_VERSION='OpenSSL 1.0.2k-fips 26 Jan 2017' export REQUIRED_VERSION='1.0.0b' - OPENSSL=$( command -v openssl ) # needed by openssl_version + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi openssl_version "${REQUIRED_VERSION}" RET=$? assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" @@ -107,7 +259,9 @@ testOpenSSLVersion5() { export OPENSSL_VERSION='OpenSSL 1.1.1h-freebsd 22 Sep 2020' export REQUIRED_VERSION='1.0.0b' - OPENSSL=$( command -v openssl ) # needed by openssl_version + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi openssl_version "${REQUIRED_VERSION}" RET=$? assertEquals "error comparing required version ${REQUIRED_VERSION} to current version ${OPENSSL_VERSION}" 0 "${RET}" @@ -121,54 +275,69 @@ assertNotNull 'openssl not found' "${PROG}" } +testInfo() { + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --info +} + testSCT() { - OPENSSL=$( command -v openssl ) # needed by openssl_version + if [ -z "${OPENSSL}" ]; then + OPENSSL=$(command -v openssl) # needed by openssl_version + fi ${OPENSSL} version - if openssl_version '1.1.0' ; then - echo "OpenSSL >= 1.1.0: SCTs supported" - ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com + if openssl_version '1.1.0'; then + echo "OpenSSL >= 1.1.0: SCTs supported" + ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com -c 1 -w 2 --ignore-exp EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" else - echo "OpenSSL < 1.1.0: SCTs not supported" - ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com + echo "OpenSSL < 1.1.0: SCTs not supported" + ${SCRIPT} --rootcert-file cabundle.crt -H no-sct.badssl.com -c 1 -w 2 --ignore-exp EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" fi } testUsage() { - ${SCRIPT} > /dev/null 2>&1 + ${SCRIPT} >/dev/null 2>&1 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" } testMissingArgument() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical > /dev/null 2>&1 + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical >/dev/null 2>&1 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" } testMissingArgument2() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical --warning 10 > /dev/null 2>&1 + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --critical --warning 10 >/dev/null 2>&1 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" } testGroupedVariables() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvv > /dev/null 2>&1 + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvv >/dev/null 2>&1 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } testGroupedVariablesError() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvxv > /dev/null 2>&1 + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -vvxv >/dev/null 2>&1 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" } -testETHZ() { - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ethz.ch --critical 1 --warning 2 +testPrometheus() { + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H github.com --prometheus --critical 1000 --warning 1100) + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + assertContains "wrong output" "${OUTPUT}" '# HELP cert_valid ' + assertContains "wrong output" "${OUTPUT}" 'cert_valid_chain_elem{cn="github.com", element=1} 2' + assertContains "wrong output" "${OUTPUT}" 'cert_days_chain_elem{cn="github.com", element=1}' +} + +testGitHub() { + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn github.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } @@ -185,12 +354,30 @@ assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } -testETHZCaseInsensitive() { - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ETHZ.CH --critical 1 --warning 2 +testGITHUBCaseInsensitive() { + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn GITHUB.COM --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIPOK() { + ${SCRIPT} --rootcert-file cabundle.crt -H 138.201.94.172 --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIPOKAltName() { + ${SCRIPT} --rootcert-file cabundle.crt -H 138.201.94.172 --cn pasi.corti.li --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } +testIPFailAltName() { + ${SCRIPT} --rootcert-file cabundle.crt -H 138.201.94.172 --cn bogus.corti.li --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + testETHZWildCard() { # * should not match, see https://serverfault.com/questions/310530/should-a-wildcard-ssl-certificate-secure-both-the-root-domain-as-well-as-the-sub # we ignore the altnames as sp.ethz.ch is listed @@ -220,26 +407,26 @@ } testRootIssuer() { - ${SCRIPT} --rootcert-file cabundle.crt -H google.com --issuer 'GlobalSign' --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --issuer 'DigiCert Inc' --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } testValidity() { # Tests bug #8 - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch -w 1000 + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -w 1000 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" } testValidityWithPerl() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch -w 1000 --force-perl-date + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -w 1000 --force-perl-date EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" } testAltNames() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.inf.ethz.ch --cn www.inf.ethz.ch --altnames --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --cn www.github.com --altnames --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } @@ -257,45 +444,53 @@ --cn somehost.spapps.ethz.ch \ --cn otherhost.sPaPPs.ethz.ch \ --cn spapps.ethz.ch \ - --critical 1 --warning 2 \ - --altnames \ + --critical 1 --warning 2 \ + --altnames EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } testAltNamesCaseInsensitve() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.inf.ethz.ch --cn WWW.INF.ETHZ.CH --altnames --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --cn WWW.GITHUB.COM --altnames --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testMultipleAltNamesOK() { + # Test with multiple CN's + ${SCRIPT} --rootcert-file cabundle.crt -H corti.li -n www.corti.li -n rpm.corti.li --altnames --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } testMultipleAltNamesFailOne() { - # Test with wiltiple CN's but last one is wrong - ${SCRIPT} --rootcert-file cabundle.crt -H inf.ethz.ch -n www.ethz.ch -n wrong.ch --altnames --critical 1 --warning 2 + # Test with multiple CN's but last one is wrong + ${SCRIPT} --rootcert-file cabundle.crt -H github.com -n www.github.com -n wrong.com --altnames --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } testMultipleAltNamesFailTwo() { # Test with multiple CN's but first one is wrong - ${SCRIPT} --rootcert-file cabundle.crt -H inf.ethz.ch -n wrong.ch -n www.ethz.ch --altnames --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -H github.com -n wrong.ch -n www.github.com --altnames --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } -testXMPPHost() { - out=$(${SCRIPT} --rootcert-file cabundle.crt -H prosody.xmpp.is --port 5222 --protocol xmpp --xmpphost xmpp.is --critical 1 --warning 2) - EXIT_CODE=$? - if echo "${out}" | grep -q "s_client' does not support '-xmpphost'" ; then - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" - else - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - fi -} +# not working +# testXMPPHost() { +# out=$(${SCRIPT} --rootcert-file cabundle.crt -H prosody.xmpp.is --port 5222 --protocol xmpp --xmpphost xmpp.is --critical 1 --warning 2) +# EXIT_CODE=$? +# if echo "${out}" | grep -q "s_client' does not support '-xmpphost'"; then +# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +# else +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# fi +# } testTimeOut() { - ${SCRIPT} --rootcert-file cabundle.crt -H gmail.com --protocol imap --port 993 --timeout 1 --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -H gmail.com --protocol imap --port 993 --timeout 1 --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } @@ -319,7 +514,6 @@ assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } - testSMTP() { ${SCRIPT} --rootcert-file cabundle.crt -H smtp.gmail.com --protocol smtp --port 25 --timeout 60 --critical 1 --warning 2 EXIT_CODE=$? @@ -338,7 +532,7 @@ assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } -# Disabled as test.rebex.net is currently not workin. Should find another public FTP server with TLS +# Disabled as test.rebex.net is currently not working. Should find another public FTP server with TLS #testFTP() { # ${SCRIPT} --rootcert-file cabundle.crt -H test.rebex.net --protocol ftp --port 21 --timeout 60 # EXIT_CODE=$? @@ -408,21 +602,21 @@ assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } -testBadSSLDH480(){ +testBadSSLDH480() { ${SCRIPT} --rootcert-file cabundle.crt -H dh480.badssl.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } -testBadSSLDH512(){ +testBadSSLDH512() { ${SCRIPT} --rootcert-file cabundle.crt -H dh512.badssl.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } -testBadSSLRC4MD5(){ +testBadSSLRC4MD5() { # older versions of OpenSSL validate RC4-MD5 - if ! openssl ciphers RC4-MD5 > /dev/null 2>&1 ; then + if ! "${OPENSSL}" ciphers RC4-MD5 >/dev/null 2>&1; then ${SCRIPT} --rootcert-file cabundle.crt -H rc4-md5.badssl.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" @@ -431,9 +625,9 @@ fi } -testBadSSLRC4(){ +testBadSSLRC4() { # older versions of OpenSSL validate RC4 - if ! openssl ciphers RC4 > /dev/null 2>&1 ; then + if ! "${OPENSSL}" ciphers RC4 >/dev/null 2>&1; then ${SCRIPT} --rootcert-file cabundle.crt -H rc4.badssl.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" @@ -442,18 +636,18 @@ fi } -testBadSSL3DES(){ +testBadSSL3DES() { # older versions of OpenSSL validate RC4 - if ! openssl ciphers 3DES > /dev/null 2>&1 ; then + if ! "${OPENSSL}" ciphers 3DES >/dev/null 2>&1; then ${SCRIPT} --rootcert-file cabundle.crt -H 3des.badssl.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" - else + else echo "OpenSSL too old to test 3DES ciphers" fi } -testBadSSLNULL(){ +testBadSSLNULL() { ${SCRIPT} --rootcert-file cabundle.crt -H null.badssl.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" @@ -507,12 +701,6 @@ assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } -testMultipleOCSPHosts() { - ${SCRIPT} --rootcert-file cabundle.crt -H netlock.hu --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" -} - testRequireOCSP() { ${SCRIPT} --rootcert-file cabundle.crt -H videolan.org --require-ocsp-stapling --critical 1 --warning 2 EXIT_CODE=$? @@ -521,7 +709,7 @@ # tests for -4 and -6 testIPv4() { - if openssl s_client -help 2>&1 | grep -q -- -4 ; then + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -4; then ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -4 --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" @@ -531,20 +719,20 @@ } testIPv6() { - if openssl s_client -help 2>&1 | grep -q -- -6 ; then + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -6; then - IPV6= - if command -v ifconfig > /dev/null && ifconfig -a | grep -q -F inet6 ; then - IPV6=1 - elif command -v ip > /dev/null && ip addr | grep -q -F inet6 ; then - IPV6=1 - fi + IPV6= + if command -v ifconfig >/dev/null && ifconfig -a | grep -q -F inet6; then + IPV6=1 + elif command -v ip >/dev/null && ip addr | grep -q -F inet6; then + IPV6=1 + fi - if [ -n "${IPV6}" ] ; then + if [ -n "${IPV6}" ]; then - echo "IPv6 is configured" + echo "IPv6 is configured" - if ping -6 www.google.com > /dev/null 2>&1 ; then + if ping -c 3 -6 www.google.com >/dev/null 2>&1; then ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com -6 --critical 1 --warning 2 EXIT_CODE=$? @@ -564,42 +752,42 @@ } testFormatShort() { - OUTPUT=$( ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ethz.ch --critical 1 --warning 2 --format "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'" | cut '-d|' -f 1 ) + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn github.com --critical 1 --warning 2 --format "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'" | cut '-d|' -f 1) EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - assertEquals "wrong output" "SSL_CERT OK ethz.ch from 'QuoVadis Global SSL ICA G2'" "${OUTPUT}" + assertEquals "wrong output" "SSL_CERT OK github.com from 'DigiCert, Inc.'" "${OUTPUT}" } testMoreErrors() { - OUTPUT=$( ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --email doesnotexist --critical 1000 --warning 1001 --verbose | wc -l | sed 's/\ //g' ) + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -v --email doesnotexist --critical 1000 --warning 1001 | wc -l | sed 's/\ //g') EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" # we should get three lines: the plugin output and three errors - assertEquals "wrong number of errors" 5 "${OUTPUT}" + assertEquals "wrong number of errors" 4 "${OUTPUT}" } testMoreErrors2() { - OUTPUT=$( ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --email doesnotexist --warning 1000 --warning 1001 --verbose | wc -l | sed 's/\ //g' ) + OUTPUT=$(${SCRIPT} --rootcert-file cabundle.crt -H www.github.com -v --email doesnotexist --warning 1000 --warning 1001 --verbose | wc -l | sed 's/\ //g') EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" # we should get three lines: the plugin output and three errors - assertEquals "wrong number of errors" 5 "${OUTPUT}" + assertEquals "wrong number of errors" 4 "${OUTPUT}" } # dane testDANE211() { # dig is needed for DANE - if command -v dig > /dev/null ; then + if command -v dig >/dev/null; then # on github actions the dig command produces no output - if dig +short TLSA _25._tcp.hummus.csx.cam.ac.uk | grep -q -f 'hummus' ; then + if dig +short TLSA _25._tcp.hummus.csx.cam.ac.uk | grep -q -f 'hummus'; then # check if a connection is possible - if printf 'QUIT\\n' | openssl s_client -connect hummus.csx.cam.ac.uk:25 -starttls smtp > /dev/null 2>&1 ; then - ${SCRIPT} --rootcert-file cabundle.crt --dane 211 --port 25 -P smtp -H hummus.csx.cam.ac.uk --critical 1 --warning 2 + if printf 'QUIT\\n' | "${OPENSSL}" s_client -connect hummus.csx.cam.ac.uk:25 -starttls smtp >/dev/null 2>&1; then + ${SCRIPT} --rootcert-file cabundle.crt --dane 211 --port 25 -P smtp -H hummus.csx.cam.ac.uk --critical 1 --warning 2 EXIT_CODE=$? - if [ -n "${DANE}" ] ; then + if [ -n "${DANE}" ]; then assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" else assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" @@ -635,20 +823,20 @@ # assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" # fi #} - -testDANE301ECDSA() { - if command -v dig > /dev/null ; then - ${SCRIPT} --rootcert-file cabundle.crt --dane 301 --ecdsa -H mail.aegee.org --critical 1 --warning 2 - EXIT_CODE=$? - if [ -n "${DANE}" ] ; then - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" - else - assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" - fi - else - echo "dig not available: skipping DANE test" - fi -} +# +#testDANE301ECDSA() { +# if command -v dig > /dev/null ; then +# ${SCRIPT} --rootcert-file cabundle.crt --dane 301 --ecdsa -H mail.aegee.org --critical 1 --warning 2 +# EXIT_CODE=$? +# if [ -n "${DANE}" ] ; then +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# else +# assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +# fi +# else +# echo "dig not available: skipping DANE test" +# fi +#} testRequiredProgramFile() { ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --file-bin /doesnotexist --critical 1 --warning 2 @@ -663,7 +851,7 @@ } testSieveECDSA() { - if ! { openssl s_client -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || openssl s_client -starttls sieve 2>&1 | grep -F -q 'usage:' ; } ; then + if ! { "${OPENSSL}" s_client -starttls sieve 2>&1 | grep -F -q 'Value must be one of:' || "${OPENSSL}" s_client -starttls sieve 2>&1 | grep -F -q 'usage:'; }; then ${SCRIPT} --rootcert-file cabundle.crt -P sieve -p 4190 -H mail.aegee.org --ecdsa --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" @@ -679,48 +867,54 @@ } testForceHTTP2() { - if openssl s_client -help 2>&1 | grep -q -F alpn ; then - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --protocol h2 --critical 1 --warning 2 + if "${OPENSSL}" s_client -help 2>&1 | grep -q -F alpn; then + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --protocol h2 --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" else - echo "Skupping forced HTTP2 test as -alpn is not supported" + echo "Skipping forced HTTP2 test as -alpn is not supported" fi } testNotLongerValidThan() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --not-valid-longer-than 2 --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --not-valid-longer-than 2 --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } testDERCert() { - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -f ./der.cer --ignore-sct --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -f ./der.cer --ignore-sct --critical 1 --warning 2 --allow-empty-san -s + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testDERCertSymbolicLink() { + ${SCRIPT} --rootcert-file cabundle.crt -f ./derlink.cer --ignore-sct --critical 1 --warning 2 --allow-empty-san -s EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } testPKCS12Cert() { export PASS= - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -f ./client.p12 --ignore-sct --password env:PASS --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -f ./client.p12 --ignore-sct --password env:PASS --critical 1 --warning 2 --allow-empty-san -s EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } -testCertificsteWithoutCN() { - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -n www.uue.org -f ./cert_with_subject_without_cn.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 +testCertificateWithoutCN() { + ${SCRIPT} --rootcert-file cabundle.crt -n www.uue.org -f ./cert_with_subject_without_cn.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 --ignore-incomplete-chain --ignore-exp EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } testCertificsteWithEmptySubject() { - ${SCRIPT} --rootcert-file cabundle.crt -H localhost -n www.uue.org -f ./cert_with_empty_subject.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -n www.uue.org -f ./cert_with_empty_subject.crt --force-perl-date --ignore-sig-alg --ignore-sct --critical 1 --warning 2 --ignore-incomplete-chain EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } testResolveSameName() { - ${SCRIPT} --rootcert-file cabundle.crt -H www.ethz.ch --resolve www.ethz.ch --critical 1 --warning 2 + ${SCRIPT} --rootcert-file cabundle.crt -H www.github.com --resolve www.github.com --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } @@ -731,30 +925,50 @@ assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" } +#testNewQuoVadis() { +# ${SCRIPT} --rootcert-file cabundle.crt -H matteo.github.com +# EXIT_CODE=$? +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +#} + testResolveCorrectIP() { - ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve "$( dig +short corti.li )" --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + # dig is needed to resolve the IP address + if command -v dig >/dev/null; then + RESOLVED_IP="$(dig +short github.com)" + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --resolve "${RESOLVED_IP}" --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + echo 'dig missing: skipping test' + fi } testResolveWrongIP() { - ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve "$( dig +short www.google.com )" --critical 1 --warning 2 - EXIT_CODE=$? - assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + # dig is needed to resolve the IP address + if command -v dig >/dev/null; then + RESOLVED_IP="$(dig +short www.google.com)" + ${SCRIPT} --rootcert-file cabundle.crt -H corti.li --resolve "${RESOLVED_IP}" --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + else + echo 'dig missing: skipping test' + fi } testCiphersOK() { # nmap ssl-enum-ciphers dumps core on CentOS 7 and RHEL 7 - if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release ; then + if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release; then echo 'Skipping tests on CentOS and RedHat 7 since nmap is crashing (core dump)' + elif [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 6\.' /etc/redhat-release; then + echo 'Skipping tests on CentOS and RedHat 6 since nmap is not delivering cipher strengths' else # check if nmap is installed - if command -v nmap > /dev/null ; then + if command -v nmap >/dev/null; then # check if ssl-enum-ciphers is present - if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine' ; then + if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine'; then ${SCRIPT} --rootcert-file cabundle.crt -H cloudflare.com --check-ciphers C --critical 1 --warning 2 EXIT_CODE=$? @@ -775,17 +989,18 @@ testCiphersError() { # nmap ssl-enum-ciphers dumps core on CentOS 7 and RHEL 7 - if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release ; then + if [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 7\.' /etc/redhat-release; then echo 'Skipping tests on CentOS and RedHat 7 since nmap is crashing (core dump)' + elif [ -f /etc/redhat-release ] && grep -q '.*Linux.*release\ 6\.' /etc/redhat-release; then + echo 'Skipping tests on CentOS and RedHat 6 since nmap is not delivering cipher strengths' else # check if nmap is installed - if command -v nmap > /dev/null ; then + if command -v nmap >/dev/null; then # check if ssl-enum-ciphers is present - if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine' ; then - - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --check-ciphers A --check-ciphers-warnings --critical 1 --warning 2 + if ! nmap --script ssl-enum-ciphers 2>&1 | grep -q -F 'NSE: failed to initialize the script engine'; then + ${SCRIPT} --rootcert-file cabundle.crt -H www.google.com --check-ciphers A --check-ciphers-warnings --critical 1 --warning 2 EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" @@ -803,9 +1018,204 @@ # SSL Labs (last one as it usually takes a lot of time -testETHZWithSSLLabs() { - # we assume www.ethz.ch gets at least a B - ${SCRIPT} --rootcert-file cabundle.crt -H ethz.ch --cn ethz.ch --check-ssl-labs B --critical 1 --warning 2 +testGitHubWithSSLLabs() { + # we assume www.github.com gets at least a B + ${SCRIPT} --rootcert-file cabundle.crt -H github.com --cn github.com --check-ssl-labs B --critical 1 --warning 2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testGithubComCRL() { + + # get current certificate of github.com, download the CRL named in that certificate + # and use it for local CRL check + + create_temporary_test_file + TEMPFILE_GITHUB_CERT=${TEMPFILE} + + echo Q | "${OPENSSL}" s_client -connect github.com:443 2>/dev/null | sed -n '/-----BEGIN/,/-----END/p' >"${TEMPFILE_GITHUB_CERT}" + + GITHUB_CRL_URI=$(${OPENSSL} x509 -in "${TEMPFILE_GITHUB_CERT}" -noout -text | grep -A 6 "X509v3 CRL Distribution Points" | grep "http://" | head -1 | sed -e "s/.*URI://") + + create_temporary_test_file '.crl' + TEMPFILE_CRL=${TEMPFILE} + + echo "${GITHUB_CRL_URI}" + curl --silent "${GITHUB_CRL_URI}" >"${TEMPFILE_CRL}" + + ${SCRIPT} --file "${TEMPFILE_CRL}" --warning 2 --critical 1 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + +} + +testFloatingPointThresholds() { + + ${SCRIPT} -H github.com --warning 2.5 --critical 1.5 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + +} + +testFloatingPointThresholdsWrongUsage() { + + ${SCRIPT} -H github.com --warning 1.5 --critical 2.5 + EXIT_CODE=$? + assertEquals "expecting error message about --warning is less or equal --critical, but got wrong exit code, " "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" + +} + +testCertExpiringInLessThanOneDay() { + + CERT=$(createSelfSignedCertificate 1) + + ${SCRIPT} -f "${CERT}" --warning 1.5 --critical 0.5 --selfsigned --allow-empty-san --ignore-sig-alg + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" + +} + +testAcceptableClientCertCAMissing() { + + ${SCRIPT} -H www.github.com --require-client-cert + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + +} + +# not responding: should find something new + +# testAcceptableClientCertCAGeneric() { +# +# ${SCRIPT} -H klik.nlb.si --require-client-cert +# EXIT_CODE=$? +# +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# +# } + +# testAcceptableClientCertCAList() { +# +# ${SCRIPT} -H klik.nlb.si --require-client-cert ACNLB,NLB +# EXIT_CODE=$? +# +# assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +# +# } + +testAcceptableClientCertCAListWrong() { + + ${SCRIPT} -H klik.nlb.si --require-client-cert ACNLB,NLB,fake + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" + +} + +testMaxDateOn32BitSystems() { + + # generate a cert expiring after 2038-01-19 + CERT=$(createSelfSignedCertificate 7000) + + ${SCRIPT} -f "${CERT}" --warning 2 --critical 1 --selfsigned --allow-empty-san --ignore-sig-alg + EXIT_CODE=$? + + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + + ${SCRIPT} -f "${CERT}" --warning 2 --critical 1 --selfsigned --allow-empty-san --ignore-sig-alg 2>&1 | grep -q 'invalid\ date' + EXIT_CODE=$? + + assertEquals "Invalid date" 1 "${EXIT_CODE}" + +} + +testIgnoreConnectionStateOK() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_OK}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateWARNING() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_WARNING}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateCRITICAL() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_CRITICAL}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateWARNING() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-problems "${NAGIOS_WARNING}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_WARNING}" "${EXIT_CODE}" +} + +testIgnoreConnectionStateError() { + ${SCRIPT} -H www.google.com --port 444 --timeout 1 --ignore-connection-state 4 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_UNKNOWN}" "${EXIT_CODE}" +} + +testSubdomainWithUnderscore() { + TEST_HOST=_test.github.com + OUTPUT=$(echo Q | "${OPENSSL}" s_client -connect "${TEST_HOST}":443 2>&1) + if [ $? -eq 1 ]; then + # there was an error: check if it's due to the _ + if echo "${OUTPUT}" | grep -q -F 'gethostbyname failure' || + echo "${OUTPUT}" | grep -q -F 'ame or service not known'; then + # older versions of OpenSSL are not able to connect + echo "OpenSSL does not support underscores in the host name: disabling test" + else + fail "error connecting to ${TEST_HOST}" + fi + else + ${SCRIPT} -H "${TEST_HOST}" + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + fi +} + +testChainOK() { + ${SCRIPT} -f ./fullchain.pem --allow-empty-san --ignore-sct --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testChainFail() { + ${SCRIPT} -f ./incomplete_chain.pem --allow-empty-san --ignore-sct --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testChainFailIgnored() { + ${SCRIPT} -f ./incomplete_chain.pem --ignore-incomplete-chain --allow-empty-san --ignore-sct --ignore-exp + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" +} + +testRSA() { + if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -sigalgs; then + ${SCRIPT} -H github.com --rsa --tls1_2 + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" + else + echo "Skipping forcing RSA: no OpenSSL support" + fi +} + +testOrganizationFail() { + ${SCRIPT} -H github.com -o 'SomeOrg' + EXIT_CODE=$? + assertEquals "wrong exit code" "${NAGIOS_CRITICAL}" "${EXIT_CODE}" +} + +testOrganizationOK() { + ${SCRIPT} -H github.com -o 'GitHub,\ Inc.' EXIT_CODE=$? assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}" } diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/wrong_chain.pem nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/wrong_chain.pem --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/test/wrong_chain.pem 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/test/wrong_chain.pem 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,106 @@ +-----BEGIN CERTIFICATE----- +MIIFADCCA+igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAw +MFoXDTMxMDUwMzA3MDAwMFowgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxk +dGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUg +Q2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDlkGZL7PlGcakgg77pbL9KyUhpgXVObST2yxcT+LBxWYR6ayuF +pDS1FuXLzOlBcCykLtb6Mn3hqN6UEKwxwcDYav9ZJ6t21vwLdGu4p64/xFT0tDFE +3ZNWjKRMXpuJyySDm+JXfbfYEh/JhW300YDxUJuHrtQLEAX7J7oobRfpDtZNuTlV +Bv8KJAV+L8YdcmzUiymMV33a2etmGtNPp99/UsQwxaXJDgLFU793OGgGJMNmyDd+ +MB5FcSM1/5DYKp2N57CSTTx/KgqT3M0WRmX3YISLdkuRJ3MUkuDq7o8W6o0OPnYX +v32JgIBEQ+ct4EMJddo26K3biTr1XRKOIwSDAgMBAAGjggEsMIIBKDAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJUWBaFAmOD07LSy+ +zWrZtj2zZmMwHwYDVR0jBBgwFoAUfAwyH6fZMH/EfWijYqihzqsHWycwOgYIKwYB +BQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNo +LmNvbS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmllbGR0ZWNo +LmNvbS9zZnJvb3QtZzIuY3JsMEwGA1UdIARFMEMwQQYEVR0gADA5MDcGCCsGAQUF +BwIBFitodHRwczovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv +MA0GCSqGSIb3DQEBCwUAA4IBAQBWZcr+8z8KqJOLGMfeQ2kTNCC+Tl94qGuc22pN +QdvBE+zcMQAiXvcAngzgNGU0+bE6TkjIEoGIXFs+CFN69xpk37hQYcxTUUApS8L0 +rjpf5MqtJsxOYUPl/VemN3DOQyuwlMOS6eFfqhBJt2nk4NAfZKQrzR9voPiEJBjO +eT2pkb9UGBOJmVQRDVXFJgt5T1ocbvlj2xSApAer+rKluYjdkf5lO6Sjeb6JTeHQ +sPTIFwwKlhR8Cbds4cLYVdQYoKpBaXAko7nv6VrcPuuUSvC33l8Odvr7+2kDRUBQ +7nIMpBKGgc0T0U7EPMpODdIm8QC3tKai4W56gf0wrHofx1l7 +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIINxDCCDKygAwIBAgIQaczIXdXLFjQKAAAAAP9gXDANBgkqhkiG9w0BAQsFADBG +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMTA5MTMwMTM4MzdaFw0yMTExMjAw +MTM4MzZaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABF63ur9oci8z3kct0yU6SdxiU/D5SpKsSUTOWT5uRIUFtE4ZP6dI +fhoZP3ZzJDGVHirnokMh3VxZaLZQMInFMDGjggumMIILojAOBgNVHQ8BAf8EBAMC +B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU +9X1jQB4WTJwnDM6S2qCd08XH8VowHwYDVR0jBBgwFoAUinR/r4XN7pXNPZzQ4kYU +83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5w +a2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBv +L2NlcnRzL2d0czFjMy5kZXIwgglWBgNVHREEgglNMIIJSYIMKi5nb29nbGUuY29t +ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tggkqLmJkbi5kZXaCEiouY2xvdWQuZ29v +Z2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5nb29nbGUuY29tghgqLmRhdGFjb21wdXRl +Lmdvb2dsZS5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUu +Y28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUu +Y29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29n +bGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5n +b29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xl +LmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucHSCEiouZ29vZ2xlYWRhcGlzLmNvbYIPKi5nb29n +bGVhcGlzLmNughEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNughAqLmdz +dGF0aWMtY24uY29tghIqLmdzdGF0aWNjbmFwcHMuY26CD2dvb2dsZWNuYXBwcy5j +boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds +ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n +bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu +bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CC3dpZGV2aW5lLmNugg0qLndpZGV2 +aW5lLmNughFhbXBwcm9qZWN0Lm9yZy5jboITKi5hbXBwcm9qZWN0Lm9yZy5jboIR +YW1wcHJvamVjdC5uZXQuY26CEyouYW1wcHJvamVjdC5uZXQuY26CF2dvb2dsZS1h +bmFseXRpY3MtY24uY29tghkqLmdvb2dsZS1hbmFseXRpY3MtY24uY29tghdnb29n +bGVhZHNlcnZpY2VzLWNuLmNvbYIZKi5nb29nbGVhZHNlcnZpY2VzLWNuLmNvbYIR +Z29vZ2xldmFkcy1jbi5jb22CEyouZ29vZ2xldmFkcy1jbi5jb22CEWdvb2dsZWFw +aXMtY24uY29tghMqLmdvb2dsZWFwaXMtY24uY29tghVnb29nbGVvcHRpbWl6ZS1j +bi5jb22CFyouZ29vZ2xlb3B0aW1pemUtY24uY29tghJkb3VibGVjbGljay1jbi5u +ZXSCFCouZG91YmxlY2xpY2stY24ubmV0ghgqLmZscy5kb3VibGVjbGljay1jbi5u +ZXSCFiouZy5kb3VibGVjbGljay1jbi5uZXSCDmRvdWJsZWNsaWNrLmNughAqLmRv +dWJsZWNsaWNrLmNughQqLmZscy5kb3VibGVjbGljay5jboISKi5nLmRvdWJsZWNs +aWNrLmNughFkYXJ0c2VhcmNoLWNuLm5ldIITKi5kYXJ0c2VhcmNoLWNuLm5ldIId +Z29vZ2xldHJhdmVsYWRzZXJ2aWNlcy1jbi5jb22CHyouZ29vZ2xldHJhdmVsYWRz +ZXJ2aWNlcy1jbi5jb22CGGdvb2dsZXRhZ3NlcnZpY2VzLWNuLmNvbYIaKi5nb29n +bGV0YWdzZXJ2aWNlcy1jbi5jb22CF2dvb2dsZXRhZ21hbmFnZXItY24uY29tghkq +Lmdvb2dsZXRhZ21hbmFnZXItY24uY29tghhnb29nbGVzeW5kaWNhdGlvbi1jbi5j +b22CGiouZ29vZ2xlc3luZGljYXRpb24tY24uY29tgiQqLnNhZmVmcmFtZS5nb29n +bGVzeW5kaWNhdGlvbi1jbi5jb22CFmFwcC1tZWFzdXJlbWVudC1jbi5jb22CGCou +YXBwLW1lYXN1cmVtZW50LWNuLmNvbYILZ3Z0MS1jbi5jb22CDSouZ3Z0MS1jbi5j +b22CC2d2dDItY24uY29tgg0qLmd2dDItY24uY29tggsybWRuLWNuLm5ldIINKi4y +bWRuLWNuLm5ldIIUZ29vZ2xlZmxpZ2h0cy1jbi5uZXSCFiouZ29vZ2xlZmxpZ2h0 +cy1jbi5uZXSCDGFkbW9iLWNuLmNvbYIOKi5hZG1vYi1jbi5jb22CDSouZ3N0YXRp +Yy5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggoqLmd2dDEuY29tghEqLmdjcGNk +bi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIOKi5nY3AuZ3Z0Mi5jb22CECoudXJsLmdv +b2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CCyoueXRpbWcuY29tggth +bmRyb2lkLmNvbYINKi5hbmRyb2lkLmNvbYITKi5mbGFzaC5hbmRyb2lkLmNvbYIE +Zy5jboIGKi5nLmNuggRnLmNvggYqLmcuY2+CBmdvby5nbIIKd3d3Lmdvby5nbIIU +Z29vZ2xlLWFuYWx5dGljcy5jb22CFiouZ29vZ2xlLWFuYWx5dGljcy5jb22CCmdv +b2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIUKi5nb29nbGVjb21tZXJjZS5j +b22CCGdncGh0LmNuggoqLmdncGh0LmNuggp1cmNoaW4uY29tggwqLnVyY2hpbi5j +b22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHVi +ZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVr +aWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRy +b2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xl +LmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9p +ZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvUU92 +SjBOMXNUMkEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcARJRlLrDuzq/E +QAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAF73QViLQAABAMASDBGAiEArWffq368 +tzMiCHLl+A1BFjfaVIJORVMn4o43ejqiCToCIQC2XB2yUfqlhx8t70bRv9PsrATA +VJeG4w1NoCvspRpCnAB1APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTj +AAABe90FYRMAAAQDAEYwRAIgAZcPBI5OJaZQHgCD2qkmRAWyE3G60hQklI3psMyA +yaICIAvd8zNVImiwu5RRhKkJ2c6sI9RABL43P9+cj0Qxddk8MA0GCSqGSIb3DQEB +CwUAA4IBAQCTyIgyrPBdskJmSjsTLl6Dbe8Z9NuUCsqlL4t2L6MrZECzMxKag2H9 +pFdhSbQxjwdySgTwXWfVcAfuWxOw3qIrClr47G//aBN1m+Q35I73V3Ya16LKdoNm +3CLGe6qMArlBAg86q0Sr72OeZVKRuTya7l7wHRAMK1+nGCv5Acc+75q/HKj1OkVV +njIG2whCZ+G5LmYZmKroEXIBUna3MGijHrlq58tFgQUSVQqVQzU2tseLIBvz284r +iarLqQ7sR3xVM76Qgl+Be4A4z4fE7Dz1zRIbnetKn8YO5SO/B/H91EeIB4q+nmRO +tYxFcW8qt9iyYP/rqp2q6lBmzkPLEpJH +-----END CERTIFICATE----- diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/check_documentation.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/check_documentation.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/check_documentation.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/check_documentation.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,92 @@ +#!/bin/sh + +ERROR=0 + +# get the help +HELP=$( ./check_ssl_cert --help ) + +# check for lines that are too long (78 chars) +LONG_LINES=$( echo "${HELP}" | perl -ne 'length ($_) > 78 && print' ) + +if [ -n "${LONG_LINES}" ]; then + echo "Help lines are too long (>78 chars)" + echo "${LONG_LINES}" + ERROR=1 +fi + +# list all the command line options + +for option in $( grep '^[ ]*-.*)$' check_ssl_cert | sed -e 's/^[ ]*//' -e 's/)//' ) ; do + + case "${option}" in + '|'|'--'|'-*') + continue + ;; + *) + + # check if the option is documented in the help.txt file + if ! grep -q -- "${option}" help.txt ; then + echo "Error: ${option} is not documented in help.txt" + ERROR=1 + fi + + # check if the option is documented in check_ssl_cert + + if ! echo "${HELP}" | grep -q -- "${option}" ; then + echo "Error: ${option} is not documented in the help (--help)" + ERROR=1 + fi + + # check if the option is documented in README.md + + if ! grep -q -- "${option}" README.md ; then + echo "Error: ${option} is not documented in README.md" + ERROR=1 + fi + + # check if the option is documented in the man page + + if ! grep -q -- "${option}" check_ssl_cert.1 ; then + echo "Error: ${option} is not documented in check_ssl_cert.1" + ERROR=1 + fi + + + ;; + + esac + +done + +# check if the option descriptions are present in all the files + +while read line; do + + option=$( echo "${line}" | sed 's/;.*//' ) + description=$( echo "${line}" | sed 's/[^;]*;//' ) + + if ! grep -q -- "${description}" check_ssl_cert ; then + echo "Error: the description of option '${option}' '${description}' is not present in check_ssl_cert" + ERROR=1 + fi + + if ! grep -q -- "${description}" check_ssl_cert.1 ; then + # check for automatically generated options + if ! echo "${description}" | grep -q '${' ; then + echo "Error: the description of option '${option}' '${description}' is not present in check_ssl_cert.1" + ERROR=1 + fi + fi + + if ! grep -q -- "${description}" README.md ; then + # check for automatically generated options + if ! echo "${description}" | grep -q '${' ; then + echo "Error: the description of option '${option}' '${description}' is not present in README.md" + ERROR=1 + fi + fi + +done < help.txt + + +exit "${ERROR}" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/format_files.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/format_files.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/format_files.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/format_files.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,11 @@ +#!/bin/sh + +# Remove trailing spaces (see https://unix.stackexchange.com/questions/92895/how-can-i-achieve-portability-with-sed-i-in-place-editing) +case $(sed --help 2>&1) in +*GNU*) + sed -i'' 's/[[:blank:]]*$//' "$@" + ;; +*) + sed -i '' 's/[[:blank:]]*$//' "$@" + ;; +esac diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/prepare_rpm.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/prepare_rpm.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/prepare_rpm.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/prepare_rpm.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,88 @@ +#!/bin/sh + +echo "Building the RPMs" +OUT=$(make rpm 2>&1 | grep ^Wrote) + +echo "${OUT}" + +RPM=$(echo "${OUT}" | grep /RPMS | grep -v debug | sed 's/.*\ //') +SRPM=$(echo "${OUT}" | grep SRPMS | sed 's/.*\ //') + +echo "RPM: ${RPM}" +echo "SRPM: ${SRPM}" + +ARCH=$(echo "${RPM}" | sed 's/\.rpm$//' | sed 's/.*\.//') +DIST=$(echo "${SRPM}" | sed 's/\.src\.rpm$//' | sed 's/.*\.//') + +echo "arch: ${ARCH}" +echo "dist: ${DIST}" + +WEBROOT=/var/www/rpm +case ${DIST} in +fc30) + RPMDIR="${WEBROOT}/fedora/30/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/30/SRPMS" + DIST='fedora' + RELEASE='30' + ;; +fc31) + RPMDIR="${WEBROOT}/fedora/31/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/31/SRPMS" + DIST='fedora' + RELEASE='31' + ;; +fc32) + RPMDIR="${WEBROOT}/fedora/32/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/32/SRPMS" + DIST='fedora' + RELEASE='32' + ;; +fc33) + RPMDIR="${WEBROOT}/fedora/33/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/33/SRPMS" + DIST='fedora' + RELEASE='33' + ;; +fc34) + RPMDIR="${WEBROOT}/fedora/34/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/34/SRPMS" + DIST='fedora' + RELEASE='34' + ;; +fc35) + RPMDIR="${WEBROOT}/fedora/35/${ARCH}" + SRPMDIR="${WEBROOT}/fedora/35/SRPMS" + DIST='fedora' + RELEASE='35' + ;; +el7) + RPMDIR="${WEBROOT}/epel/7/${ARCH}" + SRPMDIR="${WEBROOT}/epel/7/SRPMS" + DIST='epel' + RELEASE='7' + ;; +el8) + RPMDIR="${WEBROOT}/epel/8/${ARCH}" + SRPMDIR="${WEBROOT}/epel/8/SRPMS" + DIST='epel' + RELEASE='8' + ;; +*) + echo "Unknown distribution ${DIST}" 1>&2 + exit 1 + ;; +esac + +echo "RPMDIR: ${RPMDIR}" +echo "SRPMDIR: ${SRPMDIR}" +echo "RPM: ${RPM}" +echo "SRPM: ${SRPM}" +echo "DIST: ${DIST}" +echo "RELEASE: ${RELEASE}" + +export RPMDIR +export SRPMDIR +export RPM +export SRPM +export DIST +export RELEASE diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/publish_release.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/publish_release.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/publish_release.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/publish_release.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,46 @@ +#!/bin/sh + +VERSION=$(head -n 1 VERSION) + +echo "Publishing release ${VERSION}" + +echo + +echo 'Checking release date' + +MONTH_YEAR=$( date +"%B, %Y" ) +YEAR=$( date +"%Y" ) + +if ! grep -q "${MONTH_YEAR}" check_ssl_cert.1 ; then + echo "Please update the date in check_ssl_cert.1" + exit 1 +fi +if ! grep -q "© Matteo Corti, 2007-${YEAR}" README.md ; then + echo "Please update the copyright year in README.md" + exit 1 +fi +if ! grep -q "Copyright (c) 2007-${YEAR} Matteo Corti" COPYRIGHT ; then + echo "Please update the copyright year in COPYRIGHT" + exit 1 +fi +if ! grep -q "Copyright (c) 2007-${YEAR} Matteo Corti " check_ssl_cert ; then + echo "Please update the copyright year in check_ssl_cert" + exit 1 +fi +echo "Copyright year check: OK" + +echo +echo 'RELEASE_NOTES.md:' +echo '------------------------------------------------------------------------------' + +cat RELEASE_NOTES.md + +echo '------------------------------------------------------------------------------' + +echo 'Did you update the RELEASE_NOTES.md file? ' +read -r ANSWER +if [ "${ANSWER}" = "y" ]; then + make + gh release create "v${VERSION}" --title "check_ssl_cert-${VERSION}" --notes-file RELEASE_NOTES.md "check_ssl_cert-${VERSION}.tar.gz" "check_ssl_cert-${VERSION}.tar.bz2" + +fi diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/stats.sh nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/stats.sh --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/utils/stats.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/utils/stats.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,52 @@ +#!/bin/sh + +# authors +authors=$( grep -c 'Many thanks' AUTHORS ) + +# versions +versions=$( grep -c Version NEWS ) + +version=$( head -n 1 VERSION ) + +echo +printf "\tcheck_ssl_cert version ${version}\n" +echo + +echo "------------------------------------------------------------------------------" +echo "-- Version History and Authors" +echo + +printf "Authors:\\t\\t%'10d\\n" "${authors}" +printf "Versions:\\t\\t%'10d\\n" "${versions}" +echo + +echo "------------------------------------------------------------------------------" +echo "-- Code" +echo + +tests=$( grep -c '^test' test/unit_tests.sh ) +loc=$( grep -c '.' check_ssl_cert ) + +printf "LoC:\\t\\t\\t%'10d\\n" "${loc}" +printf "Tests:\\t\\t\\t%'10d\\n" "${tests}" +echo + +echo "------------------------------------------------------------------------------" +echo "-- Repository" +echo + +commits=$( git log --oneline | wc -l ) + +printf "Commits:\\t\\t%'10d\\n" "${commits}" +git log --numstat --format="" | awk '{files += 1}{ins += $1}{del += $2} END{printf "File changes:\t\t%10'"'"'d\nInsertions:\t\t%10'"'"'d\nDeletions:\t\t%10'"'"'d\n", files, ins, del}' + +echo + +echo "------------------------------------------------------------------------------" +echo "-- Features" +echo + +command_line_options=$( sed 's/;.*//' help.txt | sort | uniq | wc -l ) +printf "Command line options:\\t%'10d\\n" "${command_line_options}" + +echo diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/VERSION nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/VERSION --- nagios-plugins-contrib-35.20210511ubuntu2/check_ssl_cert/src/VERSION 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/check_ssl_cert/src/VERSION 2021-12-17 14:47:25.000000000 +0000 @@ -1 +1 @@ -2.2.0 \ No newline at end of file +2.15.0 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/changelog nagios-plugins-contrib-37.20211217ubuntu1/debian/changelog --- nagios-plugins-contrib-35.20210511ubuntu2/debian/changelog 2021-09-26 11:34:03.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/changelog 2022-02-24 08:54:00.000000000 +0000 @@ -1,3 +1,50 @@ +nagios-plugins-contrib (37.20211217ubuntu1) jammy; urgency=medium + + * Merge from Debian unstable, remaining changes: + + check_ssl_cert: use host launchpad.net and ignore expiration date + + -- Graham Inggs Thu, 24 Feb 2022 08:54:00 +0000 + +nagios-plugins-contrib (37.20211217) unstable; urgency=high + + * [44721bb] check_ssl_cert: Update to 2.2.0 + * [39c799b] check_ssl_cert: Update to 2.15.0 + * [cca89a8] check_ssl_cert: Add missing suggests + * [b3528f1] Fix path for madrisan plugins + * [19aff19] check_rbl: Update to 1.6.3 + * [ccd16ec] Auto update of debian/control + + -- Jan Wagner Fri, 17 Dec 2021 15:47:25 +0100 + +nagios-plugins-contrib (36.20211207) unstable; urgency=medium + + [ Jan Wagner ] + * [144807b] New changelog + + [ Bas Couwenberg ] + * [8d4c239] Bump Standards-Version to 4.6.0, no changes. + + [ Peter Palfrader ] + * [44c2d26] Initial adding of madrisan's nagios-plugins-linux + * [464e8f4] update of debian/{control,copyright} + * [eadc785] Retire old check_memory in favour of + madrisan-nagios-plugins-linux's version + * [a9685a4] Add descriptions for madrisan checks + * [3324825] madrisan: install symlinks as symlinks + + [ Bernd Zeimetz ] + * [72be8a7] Updating changelog + * [e63adfa] Updating check_haproxy_stats. + * [c9622bb] update check_haproxy location + * [4a61139] Updating check_rbl + * [f142170] Use timeouts on url requests in our helper. + * [26af399] Auto update of debian/control + * [cfbbc92] Auto update of debian/copyright + * [3b7609a] Override lintian error. + * [3a7e9f4] Refreshing patches + + -- Bernd Zeimetz Tue, 07 Dec 2021 15:21:53 +0100 + nagios-plugins-contrib (35.20210511ubuntu2) impish; urgency=medium * Ignore expiration date in check_ssl_cert test diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/control nagios-plugins-contrib-37.20211217ubuntu1/debian/control --- nagios-plugins-contrib-35.20210511ubuntu2/debian/control 2021-08-31 12:55:35.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/control 2022-02-24 08:54:00.000000000 +0000 @@ -3,14 +3,14 @@ Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Nagios Maintainer Group -Uploaders: Bernd Zeimetz , Jan Wagner , Stefan Schoerghofer , Petter Reinholdtsen , Leo Antunes +Uploaders: Bernd Zeimetz , Jan Wagner , Stefan Schoerghofer , Petter Reinholdtsen , Leo Antunes , Peter Palfrader Build-Depends: debhelper (>= 8.0.0), dh-autoreconf, dh-python, python3:any, python3-debian:native, quilt (>= 0.46-7), autotools-dev, flex, libmemcached-dev [!hurd-i386], pkg-config -Standards-Version: 4.5.1 +Standards-Version: 4.6.0 Vcs-Git: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib.git Vcs-Browser: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib @@ -24,7 +24,7 @@ Provides: nagios-plugins-contrib Replaces: nagios-plugins-contrib (<< 26) Breaks: nagios-plugins-contrib (<< 26) -Suggests: backuppc, perl-doc, libsys-virt-perl, cciss-vol-status (>= 1.10), mpt-status, smstools (>= 3~), expect, nagios-plugin-check-multi, moreutils, percona-toolkit, python3, python3-pymongo, python3-boto +Suggests: backuppc, perl-doc, libsys-virt-perl, cciss-vol-status (>= 1.10), mpt-status, smstools (>= 3~), expect, iproute2, dnsutils, nagios-plugin-check-multi, moreutils, percona-toolkit, python3, python3-pymongo, python3-boto Enhances: monitoring-plugins, monitoring-plugins-basic, monitoring-plugins-standard Description: Plugins for nagios compatible monitoring systems This package provides various plugins for Nagios compatible monitoring @@ -75,7 +75,7 @@ working. It will ignore entries with '# NAGIOSIGNORE' at the end. * check_graphite: Plugin to monitor graphite metrics * check_haproxy (rev135): plugin to check the HAProxy statistics url - * check_haproxy_stats (1.0.1): check haproxy via admin socket + * check_haproxy_stats (1.1.3): check haproxy via admin socket Different from check_haproxy this plugin is able to check haproxy via the unix admin socket. * check_hp_bladechassis (1.0.1): plugin to check the hardware health of @@ -110,10 +110,6 @@ limit. Hit/miss and evictions are measured over a 30 minute interval, using a memcached object to store the earlier statistics. - * check_memory (1.0.1): plugin to check for free memory - This plugin excludes the system cache and buffer, because - on some system with very stable memory usage it is perfectly - normal for system cache to fill in all available memory. * check_mongodb (b33e763): Plugin script to monitor your MongoDB server(s) * check_multipath (0.4.11): plugin to monitor the number of available and failed paths of multipath devices @@ -148,7 +144,7 @@ - Solaris software RAID via metastat - Areca SATA RAID Support via cli64/cli32 - Detecting SCSI devices or hosts with lsscsi - * check_rbl (1.5.7): plugin to check if a server is blacklisted + * check_rbl (1.6.3): plugin to check if a server is blacklisted * check_redis (0.73): Redis Server check plugin This plugin checks Redis NoSQL database status variables, measures its response time and if specified allows one to set thresholds @@ -174,7 +170,7 @@ HOST-RESOURCES-MIB::hrSystemDate.0 used here returns 8 or 11 byte octets. SNMP translation needs to be switched off and to be converted the received SNMP data into readable strings. - * check_ssl_cert (2.2.0): plugin to check the CA and validity of an + * check_ssl_cert (2.15.0): plugin to check the CA and validity of an X.509 certificate * check_uptime (0.521): check_uptime returns uptime of a system in text (readable) format as well as in minutes for performance graphing. @@ -220,6 +216,27 @@ * extras (1): various scripts and extras Not a plugin, but a collection of various useful event/obsession handlers and similar scripts. + * madrisan-nagios-plugins-linux (bbbdc5279cd2569d4c6b5e0ed19d12c082e322ad): Nagios-compatible Plugins for Linux + Various binary plugins for monitoring (physical and virtual) Linux hosts with + Nagios and Nagios-compatible monitoring systems like Icinga and Naemon: + * check_clock: returns the number of seconds elapsed between + the host local time and Nagios time. + * check_cpu: checks the CPU (user mode) utilization + * check_cpufreq: displays the CPU frequency characteristics. + * check_cswch: monitors the total number of context switches across all CPUs. + * check_fc: monitors the status of the fiber status ports. + * check_ifmountfs: checks whether the given filesystems are mounted. + * check_intr: monitors the total number of system interrupts. + * check_iowait: checks I/O wait bottlenecks + * check_memory: checks the system memory utilization. + * check_nbprocs: displays the number of running processes per user. + * check_network: displays some network interfaces statistics, including: + check_network_collisions, check_network_dropped, check_network_errors, check_network_multicast + * check_paging: checks the memory and swap paging. + * check_pressure: checks Linux Pressure Stall Information (PSI) data. + * check_readonlyfs: checks for readonly filesystems. + * check_tcpcount: displays TCP network and socket informations. + * check_temperature: monitors the hardware's temperature. * percona-nagios-plugins (1.1.8): Percona Monitoring Plugins (nagios) Nagios MySQL Monitoring plugins writting/provided by Percona. . diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/control.in nagios-plugins-contrib-37.20211217ubuntu1/debian/control.in --- nagios-plugins-contrib-35.20210511ubuntu2/debian/control.in 2021-08-31 12:55:35.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/control.in 2022-02-24 08:54:00.000000000 +0000 @@ -10,7 +10,7 @@ python3:any, python3-debian:native, quilt (>= 0.46-7), #AUTO_UPDATE_Build-Depends# -Standards-Version: 4.5.1 +Standards-Version: 4.6.0 Vcs-Git: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib.git Vcs-Browser: https://salsa.debian.org/nagios-team/pkg-nagios-plugins-contrib diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/copyright nagios-plugins-contrib-37.20211217ubuntu1/debian/copyright --- nagios-plugins-contrib-35.20210511ubuntu2/debian/copyright 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/copyright 2021-12-17 14:47:25.000000000 +0000 @@ -296,7 +296,7 @@ check_haproxy: The plugin was downloaded from: -http://cvs.orion.education.fr/viewvc/viewvc.cgi/nagios-plugins-perl/trunk/plugins/check_haproxy.pl?view=log +https://github.com/polymorf/check_haproxy/blob/master/check_haproxy.pl 2010 Stéphane Urbanovski @@ -313,7 +313,7 @@ check_haproxy_stats: The plugin was downloaded from: -http://exchange.nagios.org/directory/Plugins/Clustering-and-High-2DAvailability/check_haproxy_stats-2Epl/details +https://github.com/skyscrapers/monitoring-plugins/blob/master/check_haproxy_stats.pl Copyright (C) 2012, Giacomo Montagner @@ -549,31 +549,6 @@ ------------------------------------------------------------------------------ -check_memory: - -The plugin was downloaded from: -https://github.com/dermoth/misc-code/blob/master/nagios/plugins/check_memory - - Copyright (C) 2007 Thomas Guyot-Sionnest - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - MA 02110-1301 USA. - - ------------------------------------------------------------------------------- - check_mongodb: The plugin was downloaded from: @@ -1122,6 +1097,26 @@ ------------------------------------------------------------------------------ + +madrisan-nagios-plugins-linux: + +The plugin was downloaded from: +https://github.com/madrisan/nagios-plugins-linux + + Copyright (c) 2013-2021 Davide Madrisan + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + +------------------------------------------------------------------------------ percona-nagios-plugins: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/monitoring-plugins-contrib.lintian-overrides nagios-plugins-contrib-37.20211217ubuntu1/debian/monitoring-plugins-contrib.lintian-overrides --- nagios-plugins-contrib-35.20210511ubuntu2/debian/monitoring-plugins-contrib.lintian-overrides 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/monitoring-plugins-contrib.lintian-overrides 2021-12-17 14:47:25.000000000 +0000 @@ -1,3 +1,4 @@ # as mentioned in the description people need to # install whats mentioned in recommends. monitoring-plugins-contrib: missing-depends-line +monitoring-plugins-contrib: ruby-script-but-no-ruby-dep usr/lib/nagios/plugins/check_soas /usr/bin/ruby diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/packaging-helper.py nagios-plugins-contrib-37.20211217ubuntu1/debian/packaging-helper.py --- nagios-plugins-contrib-35.20210511ubuntu2/debian/packaging-helper.py 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/packaging-helper.py 2021-12-17 14:47:25.000000000 +0000 @@ -222,7 +222,7 @@ print('WARNING: %s - failed to parse Watch line!' %(plugin,)) continue try: - f=url_opener.open(url) + f=url_opener.open(url, timeout=2) content = f.read().decode('utf-8') f.close() except IOError: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_ajp/return_critical_on_failed_connection nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_ajp/return_critical_on_failed_connection --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_ajp/return_critical_on_failed_connection 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_ajp/return_critical_on_failed_connection 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_ajp/check_ajp -+++ b/check_ajp/check_ajp +Index: pkg-nagios-plugins-contrib/check_ajp/check_ajp +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_ajp/check_ajp ++++ pkg-nagios-plugins-contrib/check_ajp/check_ajp @@ -7,6 +7,7 @@ # # check_ajp - nagios plugin for jboss monitoring diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_backuppc/fix_filter nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_backuppc/fix_filter --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_backuppc/fix_filter 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_backuppc/fix_filter 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_backuppc/src/check_backuppc -+++ b/check_backuppc/src/check_backuppc -@@ -171,7 +171,7 @@ +Index: pkg-nagios-plugins-contrib/check_backuppc/src/check_backuppc +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_backuppc/src/check_backuppc ++++ pkg-nagios-plugins-contrib/check_backuppc/src/check_backuppc +@@ -171,7 +171,7 @@ my @notTooOld; foreach my $host (@hostsDesired, @hostsExcluded) { @@ -9,7 +11,7 @@ { print("BACKUPPC UNKNOWN - Unknown host ($host)\n"); exit $ERRORS{'UNKNOWN'}; -@@ -182,8 +182,8 @@ +@@ -182,8 +182,8 @@ foreach my $host (@hostsDesired, @hostsE foreach my $host (sort(keys(%Status))) { next if $host =~ /^ /; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_backuppc/use_nagios_plugins nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_backuppc/use_nagios_plugins --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_backuppc/use_nagios_plugins 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_backuppc/use_nagios_plugins 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_backuppc/check_backuppc-1.1.0/check_backuppc b/check_backuppc/check_backuppc-1.1.0/check_backuppc -index d8ea383..c994c20 100755 ---- a/check_backuppc/check_backuppc-1.1.0/check_backuppc -+++ b/check_backuppc/check_backuppc-1.1.0/check_backuppc +Index: pkg-nagios-plugins-contrib/check_backuppc/check_backuppc-1.1.0/check_backuppc +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_backuppc/check_backuppc-1.1.0/check_backuppc ++++ pkg-nagios-plugins-contrib/check_backuppc/check_backuppc-1.1.0/check_backuppc @@ -32,7 +32,28 @@ no utf8; # Nagios diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_bgpstate/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_bgpstate/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_bgpstate/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_bgpstate/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_bgpstate/check_bgpstate b/check_bgpstate/check_bgpstate -index 645d750..6ddf8bf 100644 ---- a/check_bgpstate/check_bgpstate -+++ b/check_bgpstate/check_bgpstate +Index: pkg-nagios-plugins-contrib/check_bgpstate/check_bgpstate +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_bgpstate/check_bgpstate ++++ pkg-nagios-plugins-contrib/check_bgpstate/check_bgpstate @@ -1,4 +1,5 @@ #!/usr/bin/perl -w +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_clamav/clamav_locations nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_clamav/clamav_locations --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_clamav/clamav_locations 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_clamav/clamav_locations 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_clamav/check_clamav -+++ b/check_clamav/check_clamav +Index: pkg-nagios-plugins-contrib/check_clamav/check_clamav +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_clamav/check_clamav ++++ pkg-nagios-plugins-contrib/check_clamav/check_clamav @@ -16,18 +16,18 @@ # ################################################################################ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_cups/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_cups/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_cups/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_cups/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_cups/check_cups -+++ b/check_cups/check_cups +Index: pkg-nagios-plugins-contrib/check_cups/check_cups +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_cups/check_cups ++++ pkg-nagios-plugins-contrib/check_cups/check_cups @@ -1,4 +1,5 @@ #!/usr/bin/perl +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_cups/monitoring-plugin nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_cups/monitoring-plugin --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_cups/monitoring-plugin 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_cups/monitoring-plugin 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_cups/check_cups -+++ b/check_cups/check_cups -@@ -39,13 +39,33 @@ +Index: pkg-nagios-plugins-contrib/check_cups/check_cups +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_cups/check_cups ++++ pkg-nagios-plugins-contrib/check_cups/check_cups +@@ -39,13 +39,33 @@ use warnings; # http://search.cpan.org/~rgarcia/perl-5.6.2/pod/perllexwarn.pod no warnings qw( redefine prototype ); @@ -35,7 +37,7 @@ use Data::Dumper; -@@ -95,7 +115,7 @@ +@@ -95,7 +115,7 @@ General Public Licence (see http://www.f This plugin was written at The Harvard-MIT Data Center (http://www.hmdc.harvard.edu) by Steve Huff (). LICENSE diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_cups/ParseDateDelta nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_cups/ParseDateDelta --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_cups/ParseDateDelta 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_cups/ParseDateDelta 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_cups/check_cups -+++ b/check_cups/check_cups -@@ -395,7 +395,7 @@ +Index: pkg-nagios-plugins-contrib/check_cups/check_cups +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_cups/check_cups ++++ pkg-nagios-plugins-contrib/check_cups/check_cups +@@ -395,7 +395,7 @@ elsif ( scalar( keys( %warning ) ) ) { my( $age, $jobs ) = ( $warning{$queue}->{age}, $warning{$queue}->{jobs} ); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_drbd/fix_for_oos_and_cosmetic nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_drbd/fix_for_oos_and_cosmetic --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_drbd/fix_for_oos_and_cosmetic 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_drbd/fix_for_oos_and_cosmetic 2021-12-17 14:47:25.000000000 +0000 @@ -7,8 +7,10 @@ 1) add check for out of sync sectors (report WARNING for non-zero value) 2) cosmetic: sort device list while processing ---- a/check_drbd/check_drbd -+++ b/check_drbd/check_drbd +Index: pkg-nagios-plugins-contrib/check_drbd/check_drbd +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_drbd/check_drbd ++++ pkg-nagios-plugins-contrib/check_drbd/check_drbd @@ -12,7 +12,7 @@ use Getopt::Long; my $drbd_proc='/proc/drbd'; my $drbd_devices=0; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/check_smtp_send-hello nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/check_smtp_send-hello --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/check_smtp_send-hello 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/check_smtp_send-hello 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_email_delivery/src/check_smtp_send -+++ b/check_email_delivery/src/check_smtp_send -@@ -46,6 +46,9 @@ +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_smtp_send +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_smtp_send ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_smtp_send +@@ -46,6 +46,9 @@ my $password = ""; my $time_hires = ""; my $mx_lookup = 0; my $ok; @@ -10,7 +12,7 @@ $ok = Getopt::Long::GetOptions( "V|version"=>\$show_version, "v|verbose+"=>\$verbose,"h|help"=>\$help,"usage"=>\$help_usage, -@@ -62,6 +65,8 @@ +@@ -62,6 +65,8 @@ $ok = Getopt::Long::GetOptions( "E|expect-response=s"=>\$expect_response, # Time "hires"=>\$time_hires, @@ -19,7 +21,7 @@ ); if( $show_version ) { -@@ -103,7 +108,7 @@ +@@ -103,7 +108,7 @@ if( $help_usage || ($smtp_server eq "" && !$mx_lookup) || scalar(@mailto)==0 || $mailfrom eq "" ) ) { @@ -28,7 +30,7 @@ exit $status{UNKNOWN}; } -@@ -148,29 +153,29 @@ +@@ -148,29 +153,29 @@ my $smtp; eval { if( $tls and $auth_method ) { $smtp_port = $default_smtp_tls_port unless $smtp_port; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_email_delivery/src/check_email_delivery -+++ b/check_email_delivery/src/check_email_delivery +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_email_delivery +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_email_delivery ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_email_delivery @@ -1,4 +1,6 @@ #!/usr/bin/perl +# nagios: -epn @@ -7,8 +9,10 @@ use strict; my $VERSION = '0.7.1'; my $COPYRIGHT = 'Copyright (C) 2005-2011 Jonathan Buhacoff '; ---- a/check_email_delivery/src/check_imap_quota -+++ b/check_email_delivery/src/check_imap_quota +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_imap_quota +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_imap_quota ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_imap_quota @@ -1,4 +1,6 @@ #!/usr/bin/perl +# nagios: -epn @@ -16,8 +20,10 @@ use strict; my $VERSION = '0.2'; my $COPYRIGHT = 'Copyright (C) 2005-2011 Jonathan Buhacoff '; ---- a/check_email_delivery/src/check_imap_receive -+++ b/check_email_delivery/src/check_imap_receive +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_imap_receive +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_imap_receive ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_imap_receive @@ -1,4 +1,6 @@ #!/usr/bin/perl +# nagios: -epn @@ -25,8 +31,10 @@ use strict; my $VERSION = '0.7.5'; my $COPYRIGHT = 'Copyright (C) 2005-2011 Jonathan Buhacoff '; ---- a/check_email_delivery/src/check_smtp_send -+++ b/check_email_delivery/src/check_smtp_send +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_smtp_send +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_smtp_send ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_smtp_send @@ -1,4 +1,6 @@ #!/usr/bin/perl +# nagios: -epn @@ -34,8 +42,10 @@ use strict; use POSIX qw(strftime); my $VERSION = '0.7.3'; ---- a/check_email_delivery/src/imap_ssl_cert -+++ b/check_email_delivery/src/imap_ssl_cert +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/imap_ssl_cert +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/imap_ssl_cert ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/imap_ssl_cert @@ -1,4 +1,6 @@ #!/usr/bin/perl +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/fix_tls nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/fix_tls --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/fix_tls 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/fix_tls 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_email_delivery/src/check_smtp_send -+++ b/check_email_delivery/src/check_smtp_send -@@ -149,26 +149,16 @@ +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_smtp_send +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_smtp_send ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_smtp_send +@@ -149,26 +149,16 @@ eval { if( $tls and $auth_method ) { $smtp_port = $default_smtp_tls_port unless $smtp_port; $smtp = TLS_auth->new($smtp_server, Timeout=>$timeout, Port=>$smtp_port, User=>$username, Password=>$password, Auth_Method=>$auth_method); @@ -27,7 +29,7 @@ } } elsif( $auth_method ) { -@@ -176,8 +166,6 @@ +@@ -176,8 +166,6 @@ eval { $smtp = Net::SMTP_auth->new($smtp_server, Port=>$smtp_port, Timeout=>$timeout,Debug=>$smtp_debug); if( $smtp ) { $smtp->auth($auth_method, $username, $password); @@ -36,7 +38,7 @@ } } else { -@@ -185,8 +173,6 @@ +@@ -185,8 +173,6 @@ eval { $smtp = Net::SMTP->new($smtp_server, Port=>$smtp_port, Timeout=>$timeout,Debug=>$smtp_debug); if( $smtp && $username ) { $smtp->auth($username, $password); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/paths nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/paths --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_email_delivery/paths 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_email_delivery/paths 2021-12-17 14:47:25.000000000 +0000 @@ -3,8 +3,10 @@ Patches check_email_delivery and check_email_delivery_epn to use debian specific paths. ---- a/check_email_delivery/src/check_email_delivery -+++ b/check_email_delivery/src/check_email_delivery +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_email_delivery +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_email_delivery ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_email_delivery @@ -63,7 +63,7 @@ my $default_warn = 15; my $default_wait = 5; my $default_timeout = 60; @@ -14,8 +16,10 @@ my $ok; $ok = Getopt::Long::GetOptions( "V|version"=>\$show_version, ---- a/check_email_delivery/src/check_email_delivery_epn -+++ b/check_email_delivery/src/check_email_delivery_epn +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_email_delivery_epn +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_email_delivery_epn ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_email_delivery_epn @@ -61,7 +61,7 @@ my $default_warn = 15; my $default_wait = 5; my $default_timeout = 60; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_haproxy/check_haproxy -+++ b/check_haproxy/check_haproxy +Index: pkg-nagios-plugins-contrib/check_haproxy/check_haproxy +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_haproxy/check_haproxy ++++ pkg-nagios-plugins-contrib/check_haproxy/check_haproxy @@ -1,4 +1,5 @@ #!/usr/bin/perl -w +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy/monitoring-plugin nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy/monitoring-plugin --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy/monitoring-plugin 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy/monitoring-plugin 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_haproxy/check_haproxy -+++ b/check_haproxy/check_haproxy -@@ -31,7 +31,28 @@ +Index: pkg-nagios-plugins-contrib/check_haproxy/check_haproxy +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_haproxy/check_haproxy ++++ pkg-nagios-plugins-contrib/check_haproxy/check_haproxy +@@ -31,7 +31,28 @@ use POSIX qw(setlocale); use Time::HiRes qw(time); # get microtime use POSIX qw(mktime); @@ -30,7 +32,7 @@ use LWP::UserAgent; # http client use HTTP::Request; # used by LWP::UserAgent -@@ -53,7 +74,7 @@ +@@ -53,7 +74,7 @@ setlocale(LC_MESSAGES, ''); textdomain('nagios-plugins-perl'); @@ -39,7 +41,7 @@ version => $VERSION, blurb => _gt('Plugin to check HAProxy stats url'), usage => "Usage: %s [ -v|--verbose ] -u [-t ] [-U ] [-P ] [ -c|--critical= ] [ -w|--warning= ]", -@@ -319,4 +340,4 @@ +@@ -319,4 +340,4 @@ In F you just have to add Stéphane Urbanovski diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy_stats/interpreter nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy_stats/interpreter --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy_stats/interpreter 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy_stats/interpreter 2021-12-17 14:47:25.000000000 +0000 @@ -4,12 +4,12 @@ Fixing interpreter -diff --git a/check_haproxy_stats/check_haproxy_stats.pl b/check_haproxy_stats/check_haproxy_stats.pl -index 9698f78..f776bf6 100644 ---- a/check_haproxy_stats/check_haproxy_stats.pl -+++ b/check_haproxy_stats/check_haproxy_stats.pl +Index: pkg-nagios-plugins-contrib/check_haproxy_stats/check_haproxy_stats.pl +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_haproxy_stats/check_haproxy_stats.pl ++++ pkg-nagios-plugins-contrib/check_haproxy_stats/check_haproxy_stats.pl @@ -1,4 +1,4 @@ --#!/usr/bin/env perl +-#!/usr/bin/env perl +#!/usr/bin/perl # vim: se et ts=4: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy_stats/socket nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy_stats/socket --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_haproxy_stats/socket 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_haproxy_stats/socket 2021-12-17 14:47:25.000000000 +0000 @@ -1,20 +1,22 @@ ---- a/check_haproxy_stats/check_haproxy_stats.pl -+++ b/check_haproxy_stats/check_haproxy_stats.pl -@@ -57,7 +57,7 @@ - in list. +Index: pkg-nagios-plugins-contrib/check_haproxy_stats/check_haproxy_stats.pl +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_haproxy_stats/check_haproxy_stats.pl ++++ pkg-nagios-plugins-contrib/check_haproxy_stats/check_haproxy_stats.pl +@@ -84,7 +84,7 @@ DESCRIPTION + Do not check named proxies. Use comma to separate proxies in list. -s, --sock, --socket - Use named UNIX socket instead of default (/var/run/haproxy.sock) + Use named UNIX socket instead of default (/run/haproxy/admin.sock) - -w, --warning - Set warning threshold for sessions number to the specified percentage (see -c) -@@ -114,7 +114,7 @@ + -U, --url + Use HTTP URL instead of socket. The LWP::Simple perl module is used if +@@ -151,7 +151,7 @@ my @status_names = (qw/OK WARNING CRITIC # Defaults my $swarn = 80.0; my $scrit = 90.0; -my $sock = "/var/run/haproxy.sock"; +my $sock = "/run/haproxy/admin.sock"; - my $dump; - my $proxy; - my $help; + my $url; + my $user = ''; + my $pass = ''; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_httpd_status/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_httpd_status/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_httpd_status/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_httpd_status/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_httpd_status/check_httpd_status -+++ b/check_httpd_status/check_httpd_status +Index: pkg-nagios-plugins-contrib/check_httpd_status/check_httpd_status +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_httpd_status/check_httpd_status ++++ pkg-nagios-plugins-contrib/check_httpd_status/check_httpd_status @@ -1,4 +1,6 @@ #!/usr/bin/perl -w +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_httpd_status/htdigest_auth nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_httpd_status/htdigest_auth --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_httpd_status/htdigest_auth 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_httpd_status/htdigest_auth 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_httpd_status/check_httpd_status -+++ b/check_httpd_status/check_httpd_status -@@ -213,7 +213,13 @@ +Index: pkg-nagios-plugins-contrib/check_httpd_status/check_httpd_status +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_httpd_status/check_httpd_status ++++ pkg-nagios-plugins-contrib/check_httpd_status/check_httpd_status +@@ -213,7 +213,13 @@ $ua->agent($PROGNAME.'-'.$VERSION); logD("Web URL : $url"); my $req = HTTP::Request->new( GET => $url ); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_httpd_status/monitoring-plugin nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_httpd_status/monitoring-plugin --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_httpd_status/monitoring-plugin 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_httpd_status/monitoring-plugin 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_httpd_status/check_httpd_status -+++ b/check_httpd_status/check_httpd_status -@@ -34,8 +34,28 @@ +Index: pkg-nagios-plugins-contrib/check_httpd_status/check_httpd_status +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_httpd_status/check_httpd_status ++++ pkg-nagios-plugins-contrib/check_httpd_status/check_httpd_status +@@ -34,8 +34,28 @@ use File::Basename; # get basename() use POSIX qw(setlocale); use Locale::gettext; @@ -31,7 +33,7 @@ use LWP::UserAgent; use HTTP::Status; # get status_message() use Time::HiRes qw(gettimeofday tv_interval); -@@ -92,7 +112,7 @@ +@@ -92,7 +112,7 @@ my %TranslationTable = ( ); @@ -40,7 +42,7 @@ version => $VERSION, blurb => _gt('Apache / Lighthttpd server status monitor for Nagios'), usage => "Usage: %s [ -H [-p ] [-t ] [-w -c ] [-V] [-u ] [-U user -P pass -r realm]", -@@ -438,4 +458,4 @@ +@@ -443,4 +463,4 @@ Note : Warn if less than 100 workers are available Crit if less than 10 workers are available EOT diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_imap_quota/syntax_error_fix nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_imap_quota/syntax_error_fix --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_imap_quota/syntax_error_fix 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_imap_quota/syntax_error_fix 2021-12-17 14:47:25.000000000 +0000 @@ -4,8 +4,10 @@ - fixed syntax error by added missing closing bracket as mentioned in issue #44 ---- a/check_email_delivery/src/check_imap_quota -+++ b/check_email_delivery/src/check_imap_quota +Index: pkg-nagios-plugins-contrib/check_email_delivery/src/check_imap_quota +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_email_delivery/src/check_imap_quota ++++ pkg-nagios-plugins-contrib/check_email_delivery/src/check_imap_quota @@ -153,7 +153,7 @@ eval { } if (!length($quotaUsed) && !length($quotaLimit)) { diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_libvirt/fix_cache_path nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_libvirt/fix_cache_path --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_libvirt/fix_cache_path 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_libvirt/fix_cache_path 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_libvirt/check_libvirt -+++ b/check_libvirt/check_libvirt -@@ -56,7 +56,7 @@ +Index: pkg-nagios-plugins-contrib/check_libvirt/check_libvirt +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_libvirt/check_libvirt ++++ pkg-nagios-plugins-contrib/check_libvirt/check_libvirt +@@ -56,7 +56,7 @@ BEGIN { $PROGNAME = basename($0); $VERSION = '0.1.0'; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_libvirt/fix_uom nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_libvirt/fix_uom --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_libvirt/fix_uom 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_libvirt/fix_uom 2021-12-17 14:47:25.000000000 +0000 @@ -13,9 +13,11 @@ check_libvirt/check_libvirt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/check_libvirt/check_libvirt -+++ b/check_libvirt/check_libvirt -@@ -246,7 +246,7 @@ +Index: pkg-nagios-plugins-contrib/check_libvirt/check_libvirt +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_libvirt/check_libvirt ++++ pkg-nagios-plugins-contrib/check_libvirt/check_libvirt +@@ -246,7 +246,7 @@ eval chop($output); chop($output); $output = $up . "/" . $cnt . " VMs up: " . $output; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_libvirt/monitoring-plugin nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_libvirt/monitoring-plugin --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_libvirt/monitoring-plugin 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_libvirt/monitoring-plugin 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_libvirt/check_libvirt b/check_libvirt/check_libvirt -index 2029c9e..618d1ac 100755 ---- a/check_libvirt/check_libvirt -+++ b/check_libvirt/check_libvirt +Index: pkg-nagios-plugins-contrib/check_libvirt/check_libvirt +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_libvirt/check_libvirt ++++ pkg-nagios-plugins-contrib/check_libvirt/check_libvirt @@ -27,11 +27,33 @@ use strict; use warnings; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_lm_sensors/interpreter nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_lm_sensors/interpreter --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_lm_sensors/interpreter 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_lm_sensors/interpreter 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_lm_sensors/src/check_lm_sensors -+++ b/check_lm_sensors/src/check_lm_sensors +Index: pkg-nagios-plugins-contrib/check_lm_sensors/src/check_lm_sensors +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_lm_sensors/src/check_lm_sensors ++++ pkg-nagios-plugins-contrib/check_lm_sensors/src/check_lm_sensors @@ -1,4 +1,4 @@ -#!perl +#!/usr/bin/perl diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_lm_sensors/manpage_whatis_fix nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_lm_sensors/manpage_whatis_fix --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_lm_sensors/manpage_whatis_fix 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_lm_sensors/manpage_whatis_fix 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_lm_sensors/src/check_lm_sensors.pod -+++ b/check_lm_sensors/src/check_lm_sensors.pod +Index: pkg-nagios-plugins-contrib/check_lm_sensors/src/check_lm_sensors.pod +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_lm_sensors/src/check_lm_sensors.pod ++++ pkg-nagios-plugins-contrib/check_lm_sensors/src/check_lm_sensors.pod @@ -2,8 +2,7 @@ =head1 NAME diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_lm_sensors/spelling_errors nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_lm_sensors/spelling_errors --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_lm_sensors/spelling_errors 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_lm_sensors/spelling_errors 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_lm_sensors/src/check_lm_sensors.pod -+++ b/check_lm_sensors/src/check_lm_sensors.pod +Index: pkg-nagios-plugins-contrib/check_lm_sensors/src/check_lm_sensors.pod +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_lm_sensors/src/check_lm_sensors.pod ++++ pkg-nagios-plugins-contrib/check_lm_sensors/src/check_lm_sensors.pod @@ -49,7 +49,7 @@ verbosity. =head1 EXIT STATUS diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_memory/force_locale nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_memory/force_locale --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_memory/force_locale 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_memory/force_locale 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ -diff --git a/check_memory/check_memory b/check_memory/check_memory -index bf46711..fa2c47c 100644 ---- a/check_memory/check_memory -+++ b/check_memory/check_memory -@@ -27,7 +27,7 @@ use Nagios::Plugin; - - $PROGNAME = "check_memory"; - $VERSION = '1.0.1'; --$FREECMD = '/usr/bin/free'; -+$FREECMD = 'LANG=C /usr/bin/free'; - $UNIT = 'M'; - - my $np = Nagios::Plugin->new( diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_memory/monitoring-plugin nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_memory/monitoring-plugin --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_memory/monitoring-plugin 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_memory/monitoring-plugin 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -diff --git a/check_memory/check_memory b/check_memory/check_memory -index bf46711..4f272d1 100644 ---- a/check_memory/check_memory -+++ b/check_memory/check_memory -@@ -23,14 +23,36 @@ - use strict; - use warnings; - use vars qw($PROGNAME $VERSION $FREECMD $UNIT); --use Nagios::Plugin; -+ -+sub load_module { -+ my @names = @_; -+ my $module; -+ for my $name (@names) { -+ my $file = $name; -+ # requires need either a bare word or a file name -+ $file =~ s{::}{/}gsxm; -+ $file .= '.pm'; -+ eval { -+ require $file; -+ $name->import(); -+ $module = $name; -+ }; -+ last if $module; -+ } -+ return $module; -+} -+ -+my $plugin_module; -+BEGIN { -+ $plugin_module = load_module( 'Monitoring::Plugin', 'Nagios::Plugin' ); -+} - - $PROGNAME = "check_memory"; - $VERSION = '1.0.1'; - $FREECMD = 'LANG=C /usr/bin/free'; - $UNIT = 'M'; - --my $np = Nagios::Plugin->new( -+my $np = $plugin_module->new( - usage => "Usage: %s [ -w ] [ -c ]\n" - . ' [ -u ]', - version => $VERSION, diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_memory/new_free nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_memory/new_free --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_memory/new_free 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_memory/new_free 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -From df189de31d33f40b894c33482dbdf9f61eaf1177 Mon Sep 17 00:00:00 2001 -From: Simon Ruderich -Date: Tue, 26 Jul 2016 18:50:38 +0200 -Subject: [PATCH] Fixing for new free output. - -The output of free doesn't anymore contain the "buffers/cache" -line breaking the check_memory plugin. The attached patch uses -instead the new "available" column to calculate the free memory -as it seems to be a better estimation of free (usable) memory. ---- - check_memory/check_memory | 20 +++++++++++++++----- - 1 file changed, 15 insertions(+), 5 deletions(-) - -diff --git a/check_memory/check_memory b/check_memory/check_memory -index 8369a9e..70d0514 100755 ---- a/check_memory/check_memory -+++ b/check_memory/check_memory -@@ -104,12 +104,23 @@ open(RESULT, "$FREECMD -b |") - or $np->nagios_exit('CRITICAL', "Could not run $FREECMD"); - - warn("Output from $FREECMD:\n") if ($verbose > 1); --my ($used, $free); -+my $new_format = 0; -+my ($total, $used, $free); - while () { - warn(" $_") if ($verbose > 1); -- next unless (m#^\-/\+\ buffers/cache:\s*(\d+)\s+(\d+)#); -- $used = $1; -- $free = $2; -+ # New `free` output from procps doesn't provide "buffers/cache" anymore, but -+ # provides a better estimate of available memory ("available" column). -+ $new_format = 1 if m{^\s+total\s+used\s+free\s+shared\s+buff/cache\s+available$}; -+ -+ if ($new_format and /^Mem:\s+(\d+)\s+\d+\s+\d+\s+\d+\s+\d+\s+(\d+)$/) { -+ $total = $1; -+ $free = $2; # available column -+ $used = $total - $free; # used is everything which is not available -+ } elsif (m#^\-/\+\ buffers/cache:\s*(\d+)\s+(\d+)#) { -+ $used = $1; -+ $free = $2; -+ $total = $used + $free; -+ } - } - - close(RESULT); -@@ -117,7 +128,6 @@ alarm(0); - - $np->nagios_exit('CRITICAL', "Unable to interpret $FREECMD output") if (!defined($free)); - --my $total = $used + $free; - if (defined($warning) && $warning =~ /^\d+%$/) { - if ($warning) { - $warning =~ s/%//; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_nfsmounts/nfs4_support nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_nfsmounts/nfs4_support --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_nfsmounts/nfs4_support 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_nfsmounts/nfs4_support 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_nfsmounts/check_nfsmounts -+++ b/check_nfsmounts/check_nfsmounts -@@ -101,7 +101,7 @@ +Index: pkg-nagios-plugins-contrib/check_nfsmounts/check_nfsmounts +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_nfsmounts/check_nfsmounts ++++ pkg-nagios-plugins-contrib/check_nfsmounts/check_nfsmounts +@@ -101,7 +101,7 @@ if(!open MTAB,"< /etc/mtab") { my @dirs=(); my %mountmodes=(); while(my $line=) { diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_nfsmounts/nfs_write_location nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_nfsmounts/nfs_write_location --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_nfsmounts/nfs_write_location 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_nfsmounts/nfs_write_location 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_nfsmounts/check_nfsmounts -+++ b/check_nfsmounts/check_nfsmounts -@@ -45,6 +45,7 @@ +Index: pkg-nagios-plugins-contrib/check_nfsmounts/check_nfsmounts +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_nfsmounts/check_nfsmounts ++++ pkg-nagios-plugins-contrib/check_nfsmounts/check_nfsmounts +@@ -45,6 +45,7 @@ BEGIN { } use Time::HiRes qw{time alarm}; @@ -8,7 +10,7 @@ use Getopt::Long; use strict; -@@ -129,7 +130,8 @@ +@@ -129,7 +130,8 @@ foreach $dir (@dirs) { if($pid==0) { chdir $dir or &bad_mount($dir,$!); if($writemode and exists($mountmodes{$dir}->{"rw"})) { diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_nfsmounts/perl_module nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_nfsmounts/perl_module --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_nfsmounts/perl_module 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_nfsmounts/perl_module 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_nfsmounts/check_nfsmounts b/check_nfsmounts/check_nfsmounts -index fbfb1f8..51ed625 100644 ---- a/check_nfsmounts/check_nfsmounts -+++ b/check_nfsmounts/check_nfsmounts +Index: pkg-nagios-plugins-contrib/check_nfsmounts/check_nfsmounts +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_nfsmounts/check_nfsmounts ++++ pkg-nagios-plugins-contrib/check_nfsmounts/check_nfsmounts @@ -21,14 +21,36 @@ # along with this program. If not, see . # diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/debian_bts nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/debian_bts --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/debian_bts 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/debian_bts 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_printer/check_printer -+++ b/check_printer/check_printer -@@ -267,10 +267,10 @@ +Index: pkg-nagios-plugins-contrib/check_printer/check_printer +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_printer/check_printer ++++ pkg-nagios-plugins-contrib/check_printer/check_printer +@@ -267,10 +267,10 @@ while (my($key, $value) = each(%status)) if ($debug){ print Dumper(\%status); print "\n\n############ ATTENTION ############\n"; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_printer/check_printer -+++ b/check_printer/check_printer +Index: pkg-nagios-plugins-contrib/check_printer/check_printer +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_printer/check_printer ++++ pkg-nagios-plugins-contrib/check_printer/check_printer @@ -1,4 +1,5 @@ #!/usr/bin/perl +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/use_data_dumper_if_needed nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/use_data_dumper_if_needed --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/use_data_dumper_if_needed 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/use_data_dumper_if_needed 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_printer/check_printer -+++ b/check_printer/check_printer +Index: pkg-nagios-plugins-contrib/check_printer/check_printer +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_printer/check_printer ++++ pkg-nagios-plugins-contrib/check_printer/check_printer @@ -40,7 +40,6 @@ if ($OS =~ m/^\wBSD/){ use lib "/usr/local/nagios/libexec"; } diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/use_nagios_plugin nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/use_nagios_plugin --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_printer/use_nagios_plugin 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_printer/use_nagios_plugin 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_printer/check_printer b/check_printer/check_printer -index 6d801de..da8e099 100644 ---- a/check_printer/check_printer -+++ b/check_printer/check_printer +Index: pkg-nagios-plugins-contrib/check_printer/check_printer +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_printer/check_printer ++++ pkg-nagios-plugins-contrib/check_printer/check_printer @@ -33,11 +33,27 @@ use strict; use warnings; @@ -35,4 +35,3 @@ } use Getopt::Long; - use Pod::Usage; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/fix_unparsed_error_cciss nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/fix_unparsed_error_cciss --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/fix_unparsed_error_cciss 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/fix_unparsed_error_cciss 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,9 @@ Incorporate changes from https://github.com/glensc/nagios-plugin-check_raid/pull/200/commits/12186c44c51941a16f82d23ee9c5fbd212a2c315 ---- a/check_raid/check_raid -+++ b/check_raid/check_raid -@@ -1831,6 +1831,8 @@ +Index: pkg-nagios-plugins-contrib/check_raid/check_raid +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_raid/check_raid ++++ pkg-nagios-plugins-contrib/check_raid/check_raid +@@ -1831,6 +1831,8 @@ $fatpacked{"App/Monitoring/Plugin/CheckR my $cache = $c{$cdev}{cache}; my %map = ( configured => qr/Cache configured: (.+)/, diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/hpacucli_cache_fail nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/hpacucli_cache_fail --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/hpacucli_cache_fail 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/hpacucli_cache_fail 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,9 @@ Incorporate chanegs from https://github.com/glensc/nagios-plugin-check_raid/commit/4a6e9fa15fe1f1e940637f048e86dedc607b1596 ---- a/check_raid/check_raid -+++ b/check_raid/check_raid -@@ -3164,11 +3164,11 @@ +Index: pkg-nagios-plugins-contrib/check_raid/check_raid +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_raid/check_raid ++++ pkg-nagios-plugins-contrib/check_raid/check_raid +@@ -3164,11 +3164,11 @@ $fatpacked{"App/Monitoring/Plugin/CheckR # print those only if not ok and configured if (($s = $c->{'Cache Status'}) && $s !~ /^(OK|Not Configured)/) { push(@s, "Cache: $s"); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/no_epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/no_epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/no_epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/no_epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_raid/check_raid -+++ b/check_raid/check_raid +Index: pkg-nagios-plugins-contrib/check_raid/check_raid +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_raid/check_raid ++++ pkg-nagios-plugins-contrib/check_raid/check_raid @@ -1,4 +1,5 @@ #!/usr/bin/perl +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/sort_megacli_numerical nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/sort_megacli_numerical --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_raid/sort_megacli_numerical 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_raid/sort_megacli_numerical 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,9 @@ Incorporate changes from https://github.com/glensc/nagios-plugin-check_raid/commit/2a05ecb2b219a5f102acb81d9bd6aeabb664d434 ---- a/check_raid/check_raid -+++ b/check_raid/check_raid -@@ -4057,7 +4057,7 @@ +Index: pkg-nagios-plugins-contrib/check_raid/check_raid +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_raid/check_raid ++++ pkg-nagios-plugins-contrib/check_raid/check_raid +@@ -4057,7 +4057,7 @@ $fatpacked{"App/Monitoring/Plugin/CheckR } my %dstatus; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_rbl/additional_rbls nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_rbl/additional_rbls --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_rbl/additional_rbls 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_rbl/additional_rbls 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/check_rbl/src/check_rbl.ini -+++ b/check_rbl/src/check_rbl.ini -@@ -91,6 +91,40 @@ +Index: pkg-nagios-plugins-contrib/check_rbl/src/check_rbl.ini +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_rbl/src/check_rbl.ini ++++ pkg-nagios-plugins-contrib/check_rbl/src/check_rbl.ini +@@ -89,6 +89,40 @@ server=singular.ttk.pte.hu server=spam.dnsbl.anonmails.de server=spambot.bls.digibase.ca server=z.mailspike.net diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_rbl/interpreter nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_rbl/interpreter --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_rbl/interpreter 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_rbl/interpreter 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_rbl/src/check_rbl -+++ b/check_rbl/src/check_rbl +Index: pkg-nagios-plugins-contrib/check_rbl/src/check_rbl +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_rbl/src/check_rbl ++++ pkg-nagios-plugins-contrib/check_rbl/src/check_rbl @@ -1,4 +1,4 @@ -#!perl +#!/usr/bin/perl diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_smstools/monitoring-plugin nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_smstools/monitoring-plugin --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_smstools/monitoring-plugin 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_smstools/monitoring-plugin 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_smstools/bin/check_smstools b/check_smstools/bin/check_smstools -index a7a0336..707d289 100755 ---- a/check_smstools/bin/check_smstools -+++ b/check_smstools/bin/check_smstools +Index: pkg-nagios-plugins-contrib/check_smstools/bin/check_smstools +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_smstools/bin/check_smstools ++++ pkg-nagios-plugins-contrib/check_smstools/bin/check_smstools @@ -13,9 +13,31 @@ use strict; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_smstools/operator_siglvl nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_smstools/operator_siglvl --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_smstools/operator_siglvl 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_smstools/operator_siglvl 2021-12-17 14:47:25.000000000 +0000 @@ -9,9 +9,11 @@ check_smstools/bin/check_smstools | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---- a/check_smstools/bin/check_smstools -+++ b/check_smstools/bin/check_smstools -@@ -191,6 +191,7 @@ +Index: pkg-nagios-plugins-contrib/check_smstools/bin/check_smstools +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_smstools/bin/check_smstools ++++ pkg-nagios-plugins-contrib/check_smstools/bin/check_smstools +@@ -191,6 +191,7 @@ sub process_statusfile { if ($result{'cmd'} =~ /$operator_command/) { $operator = $result{'answer'}; $operator =~ s/0,0,"//g; @@ -19,7 +21,7 @@ } } # No need to parse the rest of the file, if signal -@@ -218,7 +219,7 @@ +@@ -218,7 +219,7 @@ sub check_signal { $np->nagios_die("Unable to determine the modem signal strength."); } diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_snmp_environment/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_snmp_environment/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_snmp_environment/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_snmp_environment/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_snmp_environment/check_snmp_environment.pl b/check_snmp_environment/check_snmp_environment.pl -index 2be3fc0..6022fcb 100644 ---- a/check_snmp_environment/check_snmp_environment.pl -+++ b/check_snmp_environment/check_snmp_environment.pl +Index: pkg-nagios-plugins-contrib/check_snmp_environment/check_snmp_environment.pl +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_snmp_environment/check_snmp_environment.pl ++++ pkg-nagios-plugins-contrib/check_snmp_environment/check_snmp_environment.pl @@ -1,4 +1,5 @@ #!/usr/bin/perl +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_snmp_time/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_snmp_time/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_snmp_time/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_snmp_time/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_snmp_time/check_snmp_time -+++ b/check_snmp_time/check_snmp_time +Index: pkg-nagios-plugins-contrib/check_snmp_time/check_snmp_time +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_snmp_time/check_snmp_time ++++ pkg-nagios-plugins-contrib/check_snmp_time/check_snmp_time @@ -1,4 +1,5 @@ #!/usr/bin/perl -w +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_uptime/missing_backslash nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_uptime/missing_backslash --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_uptime/missing_backslash 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_uptime/missing_backslash 2021-12-17 14:47:25.000000000 +0000 @@ -1,7 +1,7 @@ -diff --git a/check_uptime/check_uptime b/check_uptime/check_uptime -index e1e5b99..41b7f26 100644 ---- a/check_uptime/check_uptime -+++ b/check_uptime/check_uptime +Index: pkg-nagios-plugins-contrib/check_uptime/check_uptime +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_uptime/check_uptime ++++ pkg-nagios-plugins-contrib/check_uptime/check_uptime @@ -540,7 +540,7 @@ if ($check_type==1) { # local elsif ($uptime_output =~ /up\s+(\d+)\s+min/) { ($days, $hrs, $mins) = (0,0,$1); @@ -11,6 +11,3 @@ ($days, $hrs, $mins) = ($1,0,$2); } else { -diff --git a/dsa/checks/dsa-check-cert-expire-dir b/dsa/checks/dsa-check-cert-expire-dir -old mode 100755 -new mode 100644 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_v46/no_epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_v46/no_epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_v46/no_epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_v46/no_epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_v46/check_v46 -+++ b/check_v46/check_v46 +Index: pkg-nagios-plugins-contrib/check_v46/check_v46 +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_v46/check_v46 ++++ pkg-nagios-plugins-contrib/check_v46/check_v46 @@ -1,4 +1,6 @@ #!/usr/bin/perl +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_webinject/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_webinject/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/check_webinject/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/check_webinject/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/check_webinject/check_webinject -+++ b/check_webinject/check_webinject +Index: pkg-nagios-plugins-contrib/check_webinject/check_webinject +=================================================================== +--- pkg-nagios-plugins-contrib.orig/check_webinject/check_webinject ++++ pkg-nagios-plugins-contrib/check_webinject/check_webinject @@ -1,5 +1,5 @@ #!/usr/bin/perl -# nagios: +epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_cert_expire_dir_check_name_fix nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_cert_expire_dir_check_name_fix --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_cert_expire_dir_check_name_fix 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_cert_expire_dir_check_name_fix 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/dsa/checks/dsa-check-cert-expire-dir -+++ b/dsa/checks/dsa-check-cert-expire-dir +Index: pkg-nagios-plugins-contrib/dsa/checks/dsa-check-cert-expire-dir +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/checks/dsa-check-cert-expire-dir ++++ pkg-nagios-plugins-contrib/dsa/checks/dsa-check-cert-expire-dir @@ -26,9 +26,9 @@ sn="$0" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_packages_,_fix nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_packages_,_fix --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_packages_,_fix 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_packages_,_fix 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/dsa/checks/dsa-check-packages -+++ b/dsa/checks/dsa-check-packages +Index: pkg-nagios-plugins-contrib/dsa/checks/dsa-check-packages +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/checks/dsa-check-packages ++++ pkg-nagios-plugins-contrib/dsa/checks/dsa-check-packages @@ -334,7 +334,7 @@ for my $form (@reportform) { push @perfout, sprintf($form->{'perf'}, $num); next unless ($num > 0); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_packages-inifile nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_packages-inifile --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_packages-inifile 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_packages-inifile 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/dsa/checks/dsa-check-packages -+++ b/dsa/checks/dsa-check-packages +Index: pkg-nagios-plugins-contrib/dsa/checks/dsa-check-packages +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/checks/dsa-check-packages ++++ pkg-nagios-plugins-contrib/dsa/checks/dsa-check-packages @@ -37,8 +37,8 @@ use strict; use warnings; use English; diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_packages_location nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_packages_location --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_packages_location 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_packages_location 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/dsa/sbin/dsa-update-apt-status -+++ b/dsa/sbin/dsa-update-apt-status -@@ -78,7 +78,7 @@ fi +Index: pkg-nagios-plugins-contrib/dsa/sbin/dsa-update-apt-status +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/sbin/dsa-update-apt-status ++++ pkg-nagios-plugins-contrib/dsa/sbin/dsa-update-apt-status +@@ -81,7 +81,7 @@ fi tmp=`tempfile` trap "rm -f '$tmp'" exit #/usr/share/dsa/apt-status-check --noupdate --timeout=600 > "$tmp" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_running_kernel_focal_fix nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_running_kernel_focal_fix --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_running_kernel_focal_fix 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_running_kernel_focal_fix 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/dsa/checks/dsa-check-running-kernel -+++ b/dsa/checks/dsa-check-running-kernel -@@ -132,7 +132,7 @@ +Index: pkg-nagios-plugins-contrib/dsa/checks/dsa-check-running-kernel +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/checks/dsa-check-running-kernel ++++ pkg-nagios-plugins-contrib/dsa/checks/dsa-check-running-kernel +@@ -132,7 +132,7 @@ cat_vmlinux() { filter="$3" hdroff="$4" @@ -9,7 +11,7 @@ echo "UNKNOWN: filter command '$filter' missing, perhaps install xz-utils, lz4 or lzop?" >&2 exit $UNKNOWN fi -@@ -157,7 +157,11 @@ +@@ -157,7 +157,11 @@ get_image_linux() { cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1 cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1 # xz compressed image diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_running_kernel_jessie_centos_fix nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_running_kernel_jessie_centos_fix --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/check_running_kernel_jessie_centos_fix 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/check_running_kernel_jessie_centos_fix 2021-12-17 14:47:25.000000000 +0000 @@ -1,6 +1,8 @@ ---- a/dsa/checks/dsa-check-running-kernel -+++ b/dsa/checks/dsa-check-running-kernel -@@ -132,6 +132,11 @@ +Index: pkg-nagios-plugins-contrib/dsa/checks/dsa-check-running-kernel +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/checks/dsa-check-running-kernel ++++ pkg-nagios-plugins-contrib/dsa/checks/dsa-check-running-kernel +@@ -132,6 +132,11 @@ cat_vmlinux() { filter="$3" hdroff="$4" @@ -12,7 +14,7 @@ get_offset "$image" $header | head -n 5 | while read off; do (if [ "$off" != 0 ]; then dd ibs="$((off+hdroff))" skip=1 count=0 -@@ -183,9 +188,8 @@ +@@ -183,9 +188,8 @@ fi searched="" for on_disk in \ @@ -24,7 +26,7 @@ if [ -e "$on_disk" ]; then if [ -z "$STRINGS" ]; then -@@ -197,12 +201,12 @@ +@@ -197,12 +201,12 @@ for on_disk in \ if [ -x /usr/bin/lsb_release ] ; then vendor=$(lsb_release -i -s) if [ -n "$vendor" ] && [ "xDebian" != "x$vendor" ] ; then diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/epn nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/epn --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/epn 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/epn 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/dsa/checks/dsa-check-packages -+++ b/dsa/checks/dsa-check-packages +Index: pkg-nagios-plugins-contrib/dsa/checks/dsa-check-packages +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/checks/dsa-check-packages ++++ pkg-nagios-plugins-contrib/dsa/checks/dsa-check-packages @@ -1,4 +1,5 @@ #!/usr/bin/perl +# nagios: -epn diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/status_directory nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/status_directory --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/dsa/status_directory 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/dsa/status_directory 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/dsa/sbin/dsa-update-apt-status -+++ b/dsa/sbin/dsa-update-apt-status +Index: pkg-nagios-plugins-contrib/dsa/sbin/dsa-update-apt-status +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/sbin/dsa-update-apt-status ++++ pkg-nagios-plugins-contrib/dsa/sbin/dsa-update-apt-status @@ -22,7 +22,7 @@ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. @@ -9,8 +11,10 @@ STATUS="${STATUSDIR}"/apt SLEEP_MAX=$(( 15 * 60 )) MAX_AGE=$(( 23 * 60 * 60 )) ---- a/dsa/sbin/dsa-update-unowned-file-status -+++ b/dsa/sbin/dsa-update-unowned-file-status +Index: pkg-nagios-plugins-contrib/dsa/sbin/dsa-update-unowned-file-status +=================================================================== +--- pkg-nagios-plugins-contrib.orig/dsa/sbin/dsa-update-unowned-file-status ++++ pkg-nagios-plugins-contrib/dsa/sbin/dsa-update-unowned-file-status @@ -22,7 +22,7 @@ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/percona-nagios-plugins/fix_bashism nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/percona-nagios-plugins/fix_bashism --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/percona-nagios-plugins/fix_bashism 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/percona-nagios-plugins/fix_bashism 2021-12-17 14:47:25.000000000 +0000 @@ -1,5 +1,7 @@ ---- a/percona-nagios-plugins/nagios/bin/pmp-check-mysql-ts-count -+++ b/percona-nagios-plugins/nagios/bin/pmp-check-mysql-ts-count +Index: pkg-nagios-plugins-contrib/percona-nagios-plugins/nagios/bin/pmp-check-mysql-ts-count +=================================================================== +--- pkg-nagios-plugins-contrib.orig/percona-nagios-plugins/nagios/bin/pmp-check-mysql-ts-count ++++ pkg-nagios-plugins-contrib/percona-nagios-plugins/nagios/bin/pmp-check-mysql-ts-count @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/series nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/series --- nagios-plugins-contrib-35.20210511ubuntu2/debian/patches/series 2021-05-11 20:01:33.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/patches/series 2021-12-17 14:47:25.000000000 +0000 @@ -25,9 +25,6 @@ check_lm_sensors/manpage_whatis_fix check_lm_sensors/spelling_errors check_lm_sensors/interpreter -check_memory/force_locale -check_memory/new_free -check_memory/monitoring-plugin check_nfsmounts/perl_module check_nfsmounts/nfs_write_location check_printer/use_data_dumper_if_needed diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/debian/tests/control nagios-plugins-contrib-37.20211217ubuntu1/debian/tests/control --- nagios-plugins-contrib-35.20210511ubuntu2/debian/tests/control 2021-09-26 11:34:03.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/debian/tests/control 2022-02-24 08:54:00.000000000 +0000 @@ -30,3 +30,4 @@ Depends: @ Test-Command: /usr/lib/nagios/plugins/check_entropy -w 1 + diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/control nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/control --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/control 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/control 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,31 @@ +Watch: https://github.com/madrisan/nagios-plugins-linux/commit/master >commit <[^>]*>([0-9a-f]+)< +Version: bbbdc5279cd2569d4c6b5e0ed19d12c082e322ad +Homepage: https://github.com/madrisan/nagios-plugins-linux +Uploaders: Peter Palfrader +Description: Nagios-compatible Plugins for Linux + Various binary plugins for monitoring (physical and virtual) Linux hosts with + Nagios and Nagios-compatible monitoring systems like Icinga and Naemon: + * check_clock: returns the number of seconds elapsed between + the host local time and Nagios time. + * check_cpu: checks the CPU (user mode) utilization + * check_cpufreq: displays the CPU frequency characteristics. + * check_cswch: monitors the total number of context switches across all CPUs. + * check_fc: monitors the status of the fiber status ports. + * check_ifmountfs: checks whether the given filesystems are mounted. + * check_intr: monitors the total number of system interrupts. + * check_iowait: checks I/O wait bottlenecks + * check_memory: checks the system memory utilization. + * check_nbprocs: displays the number of running processes per user. + * check_network: displays some network interfaces statistics, including: + check_network_collisions, check_network_dropped, check_network_errors, check_network_multicast + * check_paging: checks the memory and swap paging. + * check_pressure: checks Linux Pressure Stall Information (PSI) data. + * check_readonlyfs: checks for readonly filesystems. + * check_tcpcount: displays TCP network and socket informations. + * check_temperature: monitors the hardware's temperature. + + * check_load: checks the current system load average. + * check_multipath: checks the multipath topology status. + * check_swap: checks the swap utilization. + * check_uptime: checks how long the system has been running. + * check_users: displays the number of users that are currently logged on. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/copyright nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/copyright --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/copyright 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/copyright 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,11 @@ +Copyright (c) 2013-2021 Davide Madrisan + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/Makefile nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/Makefile --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/Makefile 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,53 @@ + +PD = nagios-plugins-linux + +PLUGINS += check_clock +PLUGINS += check_cpu +PLUGINS += check_cpufreq +PLUGINS += check_cswch +PLUGINS += check_fc +PLUGINS += check_ifmountfs +PLUGINS += check_intr +PLUGINS += check_iowait +PLUGINS += check_memory +PLUGINS += check_nbprocs +PLUGINS += check_network +PLUGINS += check_network_collisions +PLUGINS += check_network_dropped +PLUGINS += check_network_errors +PLUGINS += check_network_multicast +PLUGINS += check_paging +PLUGINS += check_pressure +PLUGINS += check_readonlyfs +PLUGINS += check_tcpcount +PLUGINS += check_temperature + +PLUGINS_RENAME += check_load +PLUGINS_RENAME += check_multipath +PLUGINS_RENAME += check_swap +PLUGINS_RENAME += check_uptime +PLUGINS_RENAME += check_users + +all: + cd ${PD} && dh_autoreconf + mkdir build-tree + cd build-tree && \ + ../${PD}/configure --prefix=/usr --libexecdir=/usr/lib/nagios/plugins && \ + $(MAKE) + +install: + install -d $(DESTDIR)/usr/lib/nagios + for check in $(PLUGINS); do \ + if [ -h build-tree/plugins/$${check} ]; then \ + ln -s $$(readlink build-tree/plugins/$${check}) ${DESTDIR}/usr/lib/nagios/plugins/$${check} || exit 1; \ + else \ + install -m 755 -o root -g root build-tree/plugins/$${check} ${DESTDIR}/usr/lib/nagios/plugins || exit 1; \ + fi; \ + done; true + + for check in $(PLUGINS_RENAME); do \ + install -m 755 -o root -g root build-tree/plugins/$${check} ${DESTDIR}/usr/lib/nagios/plugins/check_madrisan_$${check#check_} || exit 1; \ + done; true + +clean: + rm -rf build-tree diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/AUTHORS nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/AUTHORS --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/AUTHORS 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/AUTHORS 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,49 @@ +Author: + Davide Madrisan + +External libraries: + Jsmn (pronounced like 'jasmine'), a world fastest JSON parser/tokenizer + * Author: Serge Zaitsev + * Git repository: https://github.com/zserge/jsmn + * Files: include/jsmn.h + * SPDX-License-Identifier: MIT + +Contributors: + flexdev - https://github.com/flexdev + Bug report and patch (several plugins) + chr15p - https://github.com/chr15p + Bug report and patch (check_multipath) + +Some code and coding styles/ideas belong to the following open source projects: + + * cpufrequtils https://www.kernel.org/pub/linux/utils/kernel/cpufreq/ + SPDX-License-Identifier: GPL-2.0-only + + * gnulib http://git.savannah.gnu.org/gitweb/?p=gnulib.git + SPDX-License-Identifier: GPL-3.0-or-later / LGPL-3.0-or-later + + * kmod http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git + SPDX-License-Identifier: GPL-2.0-only + + * libabc https://git.kernel.org/cgit/linux/kernel/git/kay/libabc.git + SPDX-License-Identifier: GPL-2.0-only (with an unrestricted usage clause) + + * libvirt http://libvirt.org/ + SPDX-License-Identifier: GPL-2.1-only / LGPL-2.1-only + + * nagios plugins https://github.com/nagios-plugins/nagios-plugins + SPDX-License-Identifier: GPL-3.0-or-later + + * procps https://gitlab.com/procps-ng/procps/ + SPDX-License-Identifier: GPL-2.0-only / LGPL-2.0-only (libprocps) + + * util-linux https://github.com/karelzak/util-linux + SPDX-License-Identifier: GPL-2.0-only + + * pcp https://github.com/performancecopilot/pcp + SPDX-License-Identifier: LGPL-2.1-or-later + +and also to Mickael Kerrisk of "The Linux Programming Interface": + + * tlpi http://man7.org/tlpi/code/ + SPDX-License-Identifier: AGPL-3.0 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/ChangeLog nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/ChangeLog --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/ChangeLog 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/ChangeLog 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,2 @@ +See GitHub: +https://github.com/madrisan/nagios-plugins-linux/commits/master diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/check_skel.c.sample nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/check_skel.c.sample --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/check_skel.c.sample 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/check_skel.c.sample 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,126 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A Nagios plugin that do something .... + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" + +static const char *program_copyright = + "Copyright (C) 2020 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin ... .\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s -w COUNTER|PERC -c COUNTER|PERC\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s ... -w ... -c ...\n", + program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +int +main (int argc, char **argv) +{ + int c; + bool verbose = false; + char *critical = NULL, *warning = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (verbose) + /*ADDME*/; + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + status = get_status (0/*FIXME*/, my_threshold); + free (my_threshold); + + printf ("%s %s - | \n", + program_name_short, state_text (status)); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.codeclimate.yml nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.codeclimate.yml --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.codeclimate.yml 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.codeclimate.yml 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,28 @@ +version: "2" +plugins: + duplication: + enabled: true + config: + languages: + - c + fixme: + enabled: true + config: + strings: + - FIXME + gnu-complexity: + enabled: true + config: + threshold: 30 + shellcheck: + enabled: true +exclude_patterns: +- "**.sample" +- compile +- config.sub +- depcomp +- install-sh +- libtool +- ltmain.sh +- m4/ +- packages/ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/config.sub nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/config.sub --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/config.sub 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/config.sub 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,1807 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright 1992-2014 Free Software Foundation, Inc. + +timestamp='2014-12-03' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches to . +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2014 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + android-linux) + os=-linux-android + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ + | bfin \ + | c4x | c8051 | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 | nios2eb | nios2el \ + | ns16k | ns32k \ + | open8 | or1k | or1knd | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ + | riscv32 | riscv64 \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | k1om-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | or1k*-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | visium-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze*) + basic_machine=microblaze-xilinx + ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i686-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc | ppcbe) basic_machine=powerpc-unknown + ;; + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh5el) + basic_machine=sh5le-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tile*) + basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* | -plan9* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + c8051-*) + os=-elf + ;; + hexagon-*) + os=-elf + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + ;; + m68*-cisco) + os=-aout + ;; + mep-*) + os=-elf + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -cnk*|-aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/configure.ac nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/configure.ac --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/configure.ac 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/configure.ac 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,584 @@ +dnl Process this file with autoconf to produce a configure script. + +AC_PREREQ([2.59]) + +AC_INIT(nagios-plugins-linux, + m4_normalize(m4_include([VERSION])), + [davide.madrisan@gmail.com]) + +AC_MSG_CHECKING([for $PACKAGE_NAME version]) +AC_MSG_RESULT([$PACKAGE_VERSION]) + +AC_CANONICAL_TARGET + +AM_INIT_AUTOMAKE([ + check-news + gnu + 1.11 + silent-rules + tar-pax + no-dist-gzip + dist-bzip2 + dist-xz + subdir-objects + -Wno-portability +]) + +AC_CONFIG_SRCDIR([plugins/check_cpu.c]) +AC_CONFIG_HEADERS(config.h:config.hin) +AC_CONFIG_LIBOBJ_DIR([lib]) +AC_CONFIG_MACRO_DIR([m4]) + +AM_MAINTAINER_MODE +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + +#AC_USE_SYSTEM_EXTENSIONS(_GNU_SOURCE) + +dnl Checks for the compiler features + +AC_C_CONST +AC_C_PROTOTYPES +AC_C_INLINE + +m4_ifndef([LT_INIT], [ + AM_PROG_LIBTOOL +], [ + LT_INIT([shared disable-static]) +]) + +# 'AC_PROG_CC_C99' unfortunately requires autoconf 2.60+ +#AC_PROG_CC_C99 +AM_PROG_CC_C_O +AC_PROG_CC_STDC + +if test "$cross_compiling" = no; then + if test "x$ac_cv_prog_cc_c99" = "xno" || test "x$ac_cv_prog_cc_c99" = "x"; then + # Check if CC is gcc and if it bails when given -std=gnu99. + # If not, use that. Yuck. + if test "x$ac_cv_c_compiler_gnu" = "xyes"; then + CC="$CC -std=gnu99" + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([],[[return 0;]])], + [], + [AC_MSG_ERROR([Could not find a C99 compatible compiler])], + [AC_MSG_ERROR([Internal error: not reached in cross-compile])]) + else + AC_MSG_ERROR([Could not find a C99 compatible compiler]) + fi + fi +fi + +# Linux Alpine shipis with musl libc +AC_MSG_CHECKING(for musl libc) +dumpmachine=`$CC -dumpmachine` +case "$dumpmachine" in +*-musl) + AC_MSG_RESULT([yes]) + AC_DEFINE([LIBC_MUSL], [1], [Define to 1 if libc is musl]) + ;; +*) + AC_MSG_RESULT([no]) ;; +esac + +dnl Check for variable-length arrays support +AC_MSG_CHECKING(for variable-lenght arrays) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]],[[ + int foo; + foo = 10; + int array[foo];]])], + [AC_MSG_RESULT([yes]) + AC_DEFINE([VARIABLE_LENGTH_ARRAYS], [], + [Define this if the compiler supports variable-length arrays])], + [AC_MSG_RESULT([no]) + AC_MSG_ERROR([The compiler does not support variable-length arrays]) + ]) + +dnl Add the option '--disable-hardening' +AC_ARG_ENABLE([hardening], + [AS_HELP_STRING([--disable-hardening], + [do not attempt to harden the resulting executables (default is to harden)])], + [use_hardening=$enableval], + [use_hardening=yes]) + +dnl Turn warnings into errors: '--enable-werror' +AC_ARG_ENABLE([werror], + AS_HELP_STRING([--enable-werror], + [make all warnings as errors (default is no)]), + [enable_werror=$enableval], + [enable_werror=no]) +AS_IF([test "x$enable_werror" = "xyes"], [ + cc_TRY_CFLAGS([-Werror]) + case "$SUPPORTED_CFLAGS" in + *-Werror*) ;; + *) + AC_MSG_ERROR([enable-werror set but -Werror is not usable]) + ;; + esac]) + +dnl Checks for some compiler warning flags + +cc_TRY_CFLAGS([-Wall]) +cc_TRY_CFLAGS([-Wformat]) +cc_TRY_CFLAGS([-Wformat -Wformat-security]) +cc_TRY_CFLAGS([-Wformat-signedness]) +cc_TRY_CFLAGS([-Wimplicit-fallthrough=2]) +cc_TRY_CFLAGS([-Wmissing-noreturn]) +cc_TRY_CFLAGS([-Wmissing-format-attribute]) +cc_TRY_CFLAGS([-Wredundant-decls]) +cc_TRY_CFLAGS([-Wshadow]) +cc_TRY_CFLAGS([-Wsign-compare]) +cc_TRY_CFLAGS([-Wstrict-aliasing=2]) +cc_TRY_CFLAGS([-Wstringop-truncation]) +cc_TRY_CFLAGS([-Wunused]) +# The gcc compiler shipped by RHEL5 (gcc-4.1.2) does not recognize it +#cc_TRY_CFLAGS([-Warray-bounds]) + +if test x$use_hardening != xno; then + cc_TRY_CFLAGS([-Wstack-protector]) + cc_TRY_CFLAGS([-D_FORTIFY_SOURCE=2]) + cc_TRY_CFLAGS([-fstack-protector-strong]) + cc_TRY_CFLAGS([-fpie -fPIE]) + case "$SUPPORTED_CFLAGS" in + *-fstack-protector-strong*) ;; + *) + cc_TRY_CFLAGS([-fstack-protector-all]) + ;; + esac + cc_TRY_LDFLAGS([-Wl,-z,relro]) + cc_TRY_LDFLAGS([-Wl,-z,now]) +fi + +dnl Checks whether the compiler supports the +dnl __attribute__((__malloc__)) feature +ac_save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_CACHE_CHECK( + [whether compiler supports __attribute__((__malloc__))], + [cc_cv_attribute_malloc], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]],[[ + void *fooalloc(int size) __attribute__((__malloc__));]])], + [cc_cv_attribute_malloc=yes], + [cc_cv_attribute_malloc=no]) + ]) +CFLAGS="$ac_save_CFLAGS" +if test "x$cc_cv_attribute_malloc" = "xyes"; then + ac_cc_attribute_malloc='__attribute__((__malloc__))' +fi +AC_DEFINE_UNQUOTED( + [_attribute_malloc_], [$ac_cc_attribute_malloc], + [Define this if the compiler supports the malloc attribute]) + +dnl Check whether the compiler supports the +dnl __attribute__((__noreturn__)) feature +ac_cc_attribute_noreturn= +ac_save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_CACHE_CHECK( + [whether compiler supports the noreturn feature], + [cc_cv_attribute_noreturn], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]],[[ + void _Noreturn f(void *foo);]])], + [cc_cv_attribute_noreturn="_Noreturn"], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]],[[ + void f(void *foo) __attribute__((__noreturn__));]])], + [cc_cv_attribute_noreturn="using __attribute__"], + [cc_cv_attribute_noreturn=no]) + ]) + ]) +CFLAGS="$ac_save_CFLAGS" +case "$cc_cv_attribute_noreturn" in + "using __attribute__") + AC_DEFINE_UNQUOTED( + [_Noreturn], [__attribute__((__noreturn__))], + [Define this if the compiler supports the noreturn __attribute__]) + ;; + "no") + AC_DEFINE_UNQUOTED([_Noreturn], [], + [Define this if the compiler does not supports any noreturn attribute]) + ;; +esac + +dnl Check whether the compiler supports the +dnl __attribute__((__format__ (__printf__, x,y))) feature +ac_cc_attribute_format_printf= +ac_save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_CACHE_CHECK( + [whether compiler supports __attribute__((__format__ (__printf__, x,y))], + [cc_cv_attribute_format_printf], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]],[[ + void f(const char *fmt, ...) + __attribute__((__format__ (__printf__, 1,2)));]])], + [cc_cv_attribute_format_printf=yes], + [cc_cv_attribute_format_printf=no]) + ]) +CFLAGS="$ac_save_CFLAGS" +if test "x$cc_cv_attribute_format_printf" = "xyes"; then + ac_cc_attribute_format_printf='__attribute__((__format__ (__printf__, X,Y)))' +fi +AC_DEFINE_UNQUOTED( + [_attribute_format_printf_(X,Y)], [$ac_cc_attribute_format_printf], + [Define this if the compiler supports the format printf attribute]) + +dnl Checks for header files +AC_HEADER_STDC +AC_HEADER_STDBOOL +AC_CHECK_HEADERS([ \ + arpa/inet.h \ + fcntl.h \ + limits.h \ + mntent.h \ + netinet/in.h \ + sys/mount.h \ + sys/param.h \ + sys/resource.h \ + sys/socket.h \ + sys/sysctl.h \ + sys/sysinfo.h \ + sys/types.h \ + sys/time.h \ + sys/swap.h \ + utmpx.h]) + +AC_CHECK_HEADERS([ \ + linux/if_link.h \ + linux/if.h \ + linux/wireless.h], [], [], +[ +#if HAVE_SYS_TYPES_H +# include +#endif +#if HAVE_SYS_SOCKET_H +# include +#endif +]) + +dnl check for headers required by the netinfo* libraries +AC_CHECK_HEADERS([ \ + linux/ethtool.h \ + linux/netlink.h \ + linux/rtnetlink.h \ + linux/sockios.h], [], + [AC_MSG_ERROR([please install linux network headers])]) + +dnl Checks for functions and libraries + +AC_CHECK_FUNCS([asprintf]) + +AC_CHECK_FUNCS([ \ + __secure_getenv \ + secure_getenv\ +]) + +dnl Check for ceil (some platforms use libm for the math functions +dnl instead of the C library +dnl wanted by lib/netinfo.c + +LIBS_SAVE="$LIBS" +AC_SEARCH_LIBS([ceil], [m], [], [ + AC_MSG_ERROR([unable to find the ceil() function]) +]) +CEIL_LIBS="$LIBS" +AC_SUBST([CEIL_LIBS]) +LIBS="$LIBS_SAVE" + +dnl Check for clock_gettime CLOCK_MONOTONIC +dnl wanted by: plugins/check_uptime.c +LIBS_SAVE="$LIBS" +AC_CHECK_LIB([rt], [clock_gettime]) +AC_MSG_CHECKING([for clock_gettime with clock CLOCK_MONOTONIC]) +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include ]], + [[struct timespec ts; + clock_gettime (CLOCK_MONOTONIC, &ts);]])], + [ac_cv_clock_gettime_monotonic=yes + AC_DEFINE_UNQUOTED(HAVE_CLOCK_GETTIME_MONOTONIC, 1, + [Define to 1 if you have clock_gettime(CLOCK_MONOTONIC).]) + ], + [ac_cv_clock_gettime_monotonic=no]) +AC_MSG_RESULT([$ac_cv_clock_gettime_monotonic]) +CLOCK_LIBS="$LIBS" +AC_SUBST([CLOCK_LIBS]) +LIBS="$LIBS_SAVE" + +dnl suggestions from autoscan +AC_CHECK_FUNCS([getmntent]) dnl wanted by: lib/mountlist.c +AC_CHECK_FUNCS([hasmntopt]) dnl wanted by: lib/mountlist.c +AC_CHECK_FUNCS([memset]) dnl wanted by: lib/cpustats.c +AC_CHECK_FUNCS([regcomp]) dnl wanted by: plugins/check_multipath.c +AC_CHECK_FUNCS([socket]) dnl wanted by: plugins/check_multipath.c +AC_CHECK_FUNCS([strchr]) dnl wanted by: lib/interrupts.c +AC_CHECK_FUNCS([strerror]) dnl wanted by: lib/thresholds.c +AC_CHECK_FUNCS([strrchr]) dnl wanted by: lib/progname.c +AC_CHECK_FUNCS([strstr]) dnl wanted by: lib/cpudesc.c +AC_CHECK_FUNCS([strtol]) dnl wanted by: lib/processes.c +AC_CHECK_FUNCS([strtoul]) dnl wanted by: lib/interrupts.c +AC_CHECK_FUNCS([strtoull]) dnl wanted by: lib/procparser.c +AC_CHECK_FUNCS([sysinfo]) dnl wanted by: plugins/check_uptime.c +AC_CHECK_FUNCS([uname]) dnl wanted by: lib/cpudesc.c +AC_CHECK_FUNCS([realpath]) dnl wanted by: plugins/check_fc.c +AC_CHECK_FUNCS([strtoull]) dnl wanted by: plugins/check_fc.c + +AC_FUNC_GETMNTENT +AC_FUNC_MALLOC +AC_FUNC_REALLOC +AC_FUNC_STRTOD + +dnl sched.h: check for the macros CPU_* +AC_CHECK_TYPES([cpu_set_t], [have_cpu_set_t=yes], [], [[#include ]]) +AM_CONDITIONAL([HAVE_CPU_SET_T], [test "x$have_cpu_set_t" = xyes]) +AC_CHECK_DECLS([CPU_ALLOC], [], [], + [[#define _GNU_SOURCE + #include ]]) + +dnl Check for libcurl +AC_ARG_ENABLE([libcurl], + AS_HELP_STRING([--disable-libcurl], [Disable libcurl])) +AS_IF([test "x$enable_libcurl" != "xno"], [ + LIBCURL_CHECK_CONFIG([], 7.40.0, [], + [AC_MSG_WARN([Missing required libcurl >= 7.40.0])]) + AC_SUBST([LIBCURL_CPPFLAGS]) + AC_SUBST([LIBCURL]) + AM_CONDITIONAL(HAVE_LIBCURL, [test "$libcurl_cv_lib_curl_usable" = "yes"]) +], [AM_CONDITIONAL(HAVE_LIBCURL, false)]) + +dnl Check for libvarlink +AC_ARG_ENABLE([libvarlink], + AS_HELP_STRING([--disable-libvarlink], [Disable libvarlink])) +AS_IF([test "x$enable_libvarlink" != "xno"], [ + PKG_CHECK_EXISTS([libvarlink], + [PKG_CHECK_MODULES(LIBVARLINK, [libvarlink >= 18], + [AC_DEFINE(HAVE_LIBVARLINK, 1, [Define if libvarlink is available]) + have_libvarlink=yes], + AC_MSG_ERROR([*** libvarlink version 18 or better not found]))]) +]) +AM_CONDITIONAL(HAVE_LIBVARLINK, [test "$have_libvarlink" = "yes"]) + +dnl Check for the procps newlib +have_libprocps=no +AC_ARG_ENABLE([libprocps], + AS_HELP_STRING([--enable-libprocps], [enable optional LIBPROCPS support]), + [enable_libprocps=$enableval],[enable_libprocps=no]) +AS_IF([test "x$enable_libprocps" = "xyes"], [ + PKG_CHECK_EXISTS([libprocps], + [PKG_CHECK_MODULES(LIBPROCPS, [libprocps >= 3.3.11], + [AC_DEFINE(HAVE_LIBPROCPS, 1, [Define if libprocps is available]) + have_libprocps=yes], + AC_MSG_ERROR([*** libprocps version >= 3.3.11 not found]))]) + AC_SUBST(LIBPROCPS_LIBS) + AC_SUBST(LIBPROCPS_CFLAGS) + AS_IF([test "x$have_libprocps" = "xno" -a "x$enable_libprocps" = "xyes"], + [AC_MSG_ERROR([*** LIBPROCPS support requested, but libraries not found])]) +]) +AM_CONDITIONAL(HAVE_LIBPROCPS, [test "$have_libprocps" = "yes"]) + +dnl Add the option '--with-proc-meminfo=PATH' +AC_ARG_WITH(proc-meminfo, + AS_HELP_STRING([--with-proc-meminfo=PATH], + [path to /proc/meminfo or equivalent]), + [] + [with_procmeminfo=$withval]) +AC_MSG_CHECKING([for /proc/meminfo]) +if test x${with_procmeminfo+set} = xset; then + AC_MSG_RESULT([(command line) $with_procmeminfo]) +elif [cat /proc/meminfo > /dev/null 2>&1]; then + AC_MSG_RESULT([found /proc/meminfo]) + with_procmeminfo="/proc/meminfo" +else + AC_MSG_RESULT([no]) +fi +if test x${with_procmeminfo+set} = xset; then + AC_DEFINE_UNQUOTED(PROC_MEMINFO,"$with_procmeminfo",[path to /proc/meminfo if name changes]) +fi +AM_CONDITIONAL([HAVE_PROC_MEMINFO], [test x${with_procmeminfo+set} = xset]) + +dnl Add the option: '--enable-debug' +AC_ARG_ENABLE([debug], + AS_HELP_STRING([--enable-debug], + [enable debug messages @<:@default=disabled@:>@]), + [], [enable_debug=no]) +AS_IF([test "x$enable_debug" = "xyes"], [ + AC_DEFINE(ENABLE_DEBUG, [1], [Debug messages.])]) + +dnl Add the option: '--with-docker-socket' +DOCKER_SOCKET="/var/run/docker.sock" +AC_ARG_WITH( + [dockersocket], + [AS_HELP_STRING( + [--with-docker-socket], + [use a different socket file for docker + (default is /var/run/docker.sock)])], + [DOCKER_SOCKET="$with_dockersocket"]) +AC_SUBST(DOCKER_SOCKET) + +dnl Add the option: '--with-varlink-address' +VARLINK_ADDRESS="unix:/run/podman/io.podman" +AC_ARG_WITH( + [varlinkaddress], + [AS_HELP_STRING( + [--with-varlink-address], + [use a different address for varlink socket + (default is unix:/run/podman/io.podman)])], + [VARLINK_ADDRESS="$with_varlinkaddress"]) +AC_SUBST(VARLINK_ADDRESS) + +dnl Add the option: '--with-socketfile' +MULTIPATHD_SOCKET="@/org/kernel/linux/storage/multipathd" +AC_ARG_WITH( + [socketfile], + [AS_HELP_STRING( + [--with-socketfile], + [use a different socket file + (default is @/org/kernel/linux/storage/multipathd)])], + [MULTIPATHD_SOCKET="$with_socketfile"]) +AC_SUBST(MULTIPATHD_SOCKET) + +dnl Add the option: '--with-tests' +AC_ARG_WITH( + [test-suite], + [AS_HELP_STRING( + [--with-test-suite], + [build test suite by default @<:@default=check@:>@])], + [case "${with_test_suite}" in + yes|no|check) ;; + *) AC_MSG_ERROR([bad value ${with_test_suite} for tests option]) ;; + esac], + [with_test_suite=check]) +AC_MSG_CHECKING([Whether to build test suite by default]) +if test "$with_test_suite" = "check" ; then + if test -d $srcdir/.git ; then + with_test_suite=yes + else + with_test_suite=no + fi +fi +AC_MSG_RESULT([$with_test_suite]) +AM_CONDITIONAL([WITH_TESTS], [test "$with_test_suite" = "yes"]) + +dnl Check whether we can get the number of CPU +AC_CHECK_FUNCS([get_nprocs_conf get_nprocs], [], + [AC_MSG_CHECKING([for number of online cpus]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include ]],[[ + sysconf(_SC_NPROCESSORS_ONLN) > 0;]])], + [AC_MSG_RESULT([sysconf(_SC_NPROCESSORS_ONLN)]) + AC_DEFINE(HAVE_SYSCONF__SC_NPROCESSORS_ONLN, 1, + [Define if sysconf returns number of online cpus])], + [AC_MSG_RESULT([not available])]) + AC_MSG_CHECKING([for number of available cpus]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include ]],[[ + sysconf(_SC_NPROCESSORS_CONF) > 0;]])], + [AC_MSG_RESULT([sysconf(_SC_NPROCESSORS_CONF)]) + AC_DEFINE(HAVE_SYSCONF__SC_NPROCESSORS_CONF, 1, + [Define if sysconf returns number of available cpus])], + [AC_MSG_RESULT([not available])] + )]) + +dnl Checks for the function getloadavg +have_func_getloadavg=false +AC_CHECK_FUNC([getloadavg], [have_func_getloadavg=true]) +AM_CONDITIONAL([HAVE_GETLOADAVG], [test x$have_func_getloadavg = xtrue]) + +dnl Checks for struct sockaddr_in6 +AC_CHECK_TYPES([struct sockaddr_in6], + [AC_DEFINE(HAVE_AFINET6, 1, + [Define to 1 if struct sockaddr_in6 is available])], + [working_ipv6=no], + [#include + #include ]) + +dnl Check for some Linux types +AC_TYPE_SIZE_T +# 'AC_TYPE_SSIZE_T' unfortunately requires autoconf 2.60+ +#AC_TYPE_SSIZE_T +# Define to `int' if does not define +AC_CHECK_TYPES([ssize_t]) +AC_TYPE_UID_T +AC_TYPE_UINT64_T + +dnl Checks for programs +LT_INIT + +dnl Check the support for soft links +AC_PROG_LN_S + +dnl Set the default --prefix +AC_PREFIX_DEFAULT(/usr/local/nagios) + +dnl Checks whether the compiler supports the +dnl __attribute__((__alloc_size__ args)) feature +ac_save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -Werror" +AC_CACHE_CHECK( + [whether compiler supports __attribute__((__alloc_size__ args))], + [cc_cv_attribute_alloc_size], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]],[[ + void *fooalloc(int n, int s) __attribute__((__alloc_size__(1, 2)));]])], + [cc_cv_attribute_alloc_size=yes], + [cc_cv_attribute_alloc_size=no]) + ]) +CFLAGS="$ac_save_CFLAGS" +if test "x$cc_cv_attribute_alloc_size" = "xyes"; then + ac_cc_attribute_alloc_size='__attribute__((__alloc_size__ args))' +fi +AC_DEFINE_UNQUOTED( + [_attribute_alloc_size_(args)], [$ac_cc_attribute_alloc_size], + [Define this if the compiler supports the alloc_size attribute]) + +AC_SUBST([CFLAGS], ["$SUPPORTED_CFLAGS $CFLAGS"]) +AC_SUBST([LDFLAGS], ["$SUPPORTED_LDFLAGS $LDFLAGS"]) +AC_SUBST([LIBTOOL_DEPS]) + +AC_CONFIG_FILES([\ + Makefile \ + debian/Makefile \ + include/Makefile \ + lib/Makefile \ + packages/Makefile \ + packages/specs/Makefile \ + plugins/Makefile \ + tests/Makefile]) + +AC_OUTPUT + +echo +echo "Options used to compile and link:" +echo " debug enabled = $enable_debug" +echo " hardening enabled = $use_hardening" +echo " werror enabled = $enable_werror" +echo " with docker socket = $DOCKER_SOCKET" +echo " with libprocps = $enable_libprocps" +echo " with socketfile = $MULTIPATHD_SOCKET" +echo " with test suite = $with_test_suite" +echo +echo " target os = $target_os" +echo " build os = $build_os" +echo +echo " CC = $CC" +echo " CFLAGS = $CFLAGS" +echo " LDFLAGS = $LDFLAGS" +echo + +if test "$have_libprocps" = "yes"; then + echo " LIBPROCPS_CFLAGS = $LIBPROCPS_CFLAGS" + echo " LIBPROCPS_LIBS = $LIBPROCPS_LIBS" + echo +fi + +if test "$libcurl_cv_lib_curl_usable" = "yes"; then + echo " LIBCURL_CPPFLAGS = $LIBCURL_CPPFLAGS" + echo " LIBCURL = $LIBCURL" + echo +fi + +if test "$have_libvarlink" = "yes"; then + echo " VARLINK_ADDRESS = $VARLINK_ADDRESS" + echo +fi diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/COPYING nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/COPYING --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/COPYING 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/COPYING 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/changelog nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/changelog --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/changelog 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/changelog 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,111 @@ +nagios-plugins-linux (28-2) stable; urgency=low + * Rework packaging framework for Debian + - Build a Debian multi-package + - Build the (optional) plugin check_docker + + -- Davide Madrisan Sun, 11 Jul 2021 12:44:55 +0200 + +nagios-plugins-linux (28-1) stable; urgency=low + * Release 28 "Alpine Hike": + - New plugin check_pressure for checking Linux PSI. + - Sparse Clang and GCC warning fixes. + + -- Davide Madrisan Sat, 12 Dec 2020 14:14:00 +0200 + +nagios-plugins-linux (27-1) stable; urgency=low + * Release 27 "Polish Landscapes": + - Enhanced plugin check_network (using rtnetlink). + - Fixed experimental support to libprocps-ng:newlib. + + -- Davide Madrisan Sat, 8 Aug 2020 10:45:45 +0200 + +nagios-plugins-linux (26-1) stable; urgency=low + * Release 26 "Lockdown release": + - Fix build with musl by including limits.h when PATH_MAX is used. + - Fix build when '-fno-common' is added to CFLAGS. + - Fix travis CI build. + - New plugin check_podman for checking some runtime metrics of podman + containers. + - Add Fedora 32 and CentOS 8 to the supported distributions. + + -- Davide Madrisan Tue, 5 May 2020 18:33:03 +0200 + +nagios-plugins-linux (25-1) stable; urgency=low + * Release 25 "Gentoo release": + - sysfsparser lib: fix debug messages in + sysfsparser_thermal_get_temperature(). + - Fix compilation when libcurl headers are not installed. + - Fix two security issues reported by lgtm analyzer, an issue + reported by the clang static analyser v8, and some issues reported + by Codacy. + - check_memory: add perfdata to mem_available and mem_used. + Minor code cleanup and fixes. + + -- Davide Madrisan Thu, 22 Aug 2019 07:10:52 +0200 + +nagios-plugins-linux (24-1) stable; urgency=low + * Release 24: + - check_cpufreq: the frequences returned by sysfs are in KHz. + - check_uptime: add warn, crit, and min values to perfdata. + - check_cpufreq: make it possible to output the values in Hz/kHz/mHz/gHz. + - Remove some unsupported warning options for clang (7.0.0). + + -- Davide Madrisan Sun, 13 Jan 2019 23:38:01 +0200 + +nagios-plugins-linux (23-1) stable; urgency=low + + * Release "Korbielow.pl 2018": + - New plugin 'check_docker' + - Build the sources with the available compiler's hardening flags. + - Some new unit tests have been added. + - Fix some issues reported by Codacy and Coverity. + + -- Davide Madrisan Sat, 4 Aug 2018 08:56:16 +0200 + +nagios-plugins-linux (22-1) stable; urgency=low + + * Release "Commit #600": + - Add the items /proc/vmstat/vm_*dma32 to the vminfo library parser. + - Fix several warnings reported by Codacy and Codeclimate. + + -- Davide Madrisan Tue, 20 Sep 2017 22:38:56 +0000 + +nagios-plugins-linux (21-1) stable; urgency=low + + * Update from upstream stable branch: + - The command-line option --swapping-only has been added to check_paging. + - The Docker-based framework for packaging the Nagios Plugins for Linux + (test-build) now supports also Debian 9 (Stretch) and Fedora 26. + - The test framework has been reworked and enriched in new modules. + - Use secure_getenv() (or __secure_getenv()) instead of getenv() to + improve security. + + -- Davide Madrisan Tue, 6 Aug 2017 22:18:30 +0000 + +nagios-plugins-linux (20-1) stable; urgency=low + + * Release "Commit #500": + - Some insecure data handling issues discovered by Coverity in the new test + framework have been fixed. + - A new Docker-based framework for packaging the Nagios Plugins for Linux + (rpm and deb packages) is now available. Supported Linux distributions: + CentOS 5/6/7, Debian 6/7/8, Fedora 24/25/rawhide, and RHEL 5/6/7 + - The messages displayed in case of a too large "count" or "delay" error + have been improved. + + -- Davide Madrisan Tue, 14 Mar 2017 18:41:42 +0000 + +nagios-plugins-linux (19-1) stable; urgency=low + + * Initial Debian release: + - check_multipath: recent versions of multipath no longer open a multipathd + socket file in the file system, but instead use an abstract namespace + socket (@/org/kernel/linux/storage/multipathd). + Thanks to Chris Procter "chr15p" for reporting the issue and creating a + pull request. + - check_multipath: use a larger buffer for queries to make this plugin + working with systems that have lots of mapped disks. + - A framework for testing the code (make check) has been added and some + tests are now available. + + -- Davide Madrisan Sat, 19 Nov 2016 21:44:49 +0000 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/compat nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/compat --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/compat 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/compat 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +10 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/control nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/control --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/control 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/control 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,264 @@ +Source: nagios-plugins-linux +Section: net +Priority: optional +Maintainer: Davide Madrisan +Build-Depends: autotools-dev, + debhelper (>= 10), + libcurl4-gnutls-dev, + make (>= 3.81), + pkg-config +Homepage: https://github.com/madrisan/nagios-plugins-linux +Standards-Version: 4.3.0 + +Package: nagios-plugins-linux +Architecture: any +Depends: ${misc:Depends}, + nagios-plugins-linux-clock, + nagios-plugins-linux-cpufreq, + nagios-plugins-linux-cpu, + nagios-plugins-linux-cswch, + nagios-plugins-linux-fc, + nagios-plugins-linux-ifmountfs, + nagios-plugins-linux-intr, + nagios-plugins-linux-iowait, + nagios-plugins-linux-load, + nagios-plugins-linux-memory, + nagios-plugins-linux-multipath, + nagios-plugins-linux-nbprocs, + nagios-plugins-linux-network, + nagios-plugins-linux-paging, + nagios-plugins-linux-pressure, + nagios-plugins-linux-readonlyfs, + nagios-plugins-linux-swap, + nagios-plugins-linux-tcpcount, + nagios-plugins-linux-temperature, + nagios-plugins-linux-uptime, + nagios-plugins-linux-users +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + Plugins for nagios compatible monitoring systems like Naemon and Icinga. It + contains the following plugins: + . + check_clock, check_cpufreq, check_cpu, check_cswch, check_fc, check_ifmountfs, + check_intr, check_iowait, check_load, check_memory, check_multipath, + check_nbprocs, check_network, check_paging, check_pressure, check_readonlyfs, + check_swap, check_tcpcount, check_temperature, check_uptime, check_users + . + This package provides the suite of plugins that are most likely to be + useful on a central monitoring host. + +Package: nagios-plugins-linux-experimental +Architecture: any +Depends: ${misc:Depends}, + nagios-plugins-linux-docker +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + Experimental plugins for nagios compatible monitoring systems like Naemon and + Icinga. It contains the following plugins: + . + check_docker + . + This package provides some experimental plugins that are most likely to be + useful on a central monitoring host. + +Package: nagios-plugins-linux-clock +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin returns the number of seconds elapsed between local time and + central monitoring host time. + +Package: nagios-plugins-linux-cpu +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the CPU (user mode) utilization. + +Package: nagios-plugins-linux-cpufreq +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin displays the CPU frequency characteristics. + +Package: nagios-plugins-linux-cswch +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin monitors the total number of context switches per second across all CPUs. + +Package: nagios-plugins-linux-docker +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the number of running docker containers. + +Package: nagios-plugins-linux-fc +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin monitors the status of the fiber status ports. + +Package: nagios-plugins-linux-ifmountfs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks whether the given filesystems are mounted. + +Package: nagios-plugins-linux-intr +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin monitors the interrupts serviced per second, including unnumbered + architecture specific interrupts. + +Package: nagios-plugins-linux-iowait +Architecture: any +Depends: ${misc:Depends}, + nagios-plugins-linux-cpu +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin monitors the I/O wait bottlenecks. + +Package: nagios-plugins-linux-load +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the current system load average. + +Package: nagios-plugins-linux-memory +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the memory usage. + +Package: nagios-plugins-linux-multipath +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the multipath topology status. + +Package: nagios-plugins-linux-nbprocs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin displays the number of running processes per user. + +Package: nagios-plugins-linux-network +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin displays some network interfaces statistics. + +Package: nagios-plugins-linux-paging +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the memory and swap paging. + +Package: nagios-plugins-linux-pressure +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the Linux Pressure Stall Information (PSI) data. + +Package: nagios-plugins-linux-readonlyfs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks for readonly filesystems. + +Package: nagios-plugins-linux-swap +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the swap usage. + +Package: nagios-plugins-linux-tcpcount +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks the tcp network usage. + +Package: nagios-plugins-linux-temperature +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin monitors the hardware's temperature. + +Package: nagios-plugins-linux-uptime +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin checks how long the system has been running. + +Package: nagios-plugins-linux-users +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Suggests: nagios3 | icinga | icinga2 +Description: Linux plugins for nagios compatible monitoring systems + A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + . + This plugin displays the number of users that are currently logged on. + diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/copyright nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/copyright --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/copyright 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/copyright 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,26 @@ +This package was debianized by Davide Madrisan on +Sat, 19 Nov 2016 21:44:49 +0000 + +It was downloaded from https://github.com/madrisan/nagios-plugins-linux/ + +Upstream Authors: Davide Madrisan + +Copyright: + +Copyright (C) 2014, 2019 Davide Madrisan + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,19 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2016 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +EXTRA_DIST = changelog compat control copyright rules \ + source/format diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-clock.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-clock.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-clock.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-clock.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_clock diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpufreq.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpufreq.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpufreq.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpufreq.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_cpufreq diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpu.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpu.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpu.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cpu.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_cpu diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cswch.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cswch.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cswch.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-cswch.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_cswch diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux.dirs nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux.dirs --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux.dirs 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux.dirs 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-docker.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-docker.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-docker.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-docker.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_docker diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-fc.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-fc.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-fc.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-fc.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_fc diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-ifmountfs.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-ifmountfs.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-ifmountfs.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-ifmountfs.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_ifmountfs diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-intr.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-intr.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-intr.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-intr.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_intr diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-iowait.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-iowait.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-iowait.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-iowait.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_iowait diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-load.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-load.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-load.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-load.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_load diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-memory.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-memory.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-memory.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-memory.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_memory diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-multipath.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-multipath.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-multipath.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-multipath.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_multipath diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-nbprocs.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-nbprocs.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-nbprocs.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-nbprocs.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_nbprocs diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-network.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-network.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-network.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-network.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_network diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-paging.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-paging.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-paging.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-paging.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_paging diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-pressure.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-pressure.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-pressure.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-pressure.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_pressure diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-readonlyfs.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-readonlyfs.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-readonlyfs.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-readonlyfs.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_readonlyfs diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-swap.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-swap.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-swap.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-swap.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_swap diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-tcpcount.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-tcpcount.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-tcpcount.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-tcpcount.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_tcpcount diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-temperature.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-temperature.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-temperature.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-temperature.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_temperature diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-uptime.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-uptime.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-uptime.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-uptime.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_uptime diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-users.install nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-users.install --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-users.install 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/nagios-plugins-linux-users.install 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/nagios/plugins/check_users diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/rules nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/rules --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/rules 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/rules 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,9 @@ +#!/usr/bin/make -f + +NP_LIBEXEC:=/usr/lib/nagios/plugins + +%: + dh $@ --with autoreconf + +override_dh_auto_configure: + dh_auto_configure -- --libexecdir=${NP_LIBEXEC} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/source/format nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/source/format --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/source/format 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/debian/source/format 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +1.0 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/depcomp nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/depcomp --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/depcomp 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/depcomp 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,791 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2013-05-30.07; # UTC + +# Copyright (C) 1999-2014 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Avoid interferences from the environment. +gccflag= dashmflag= + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The second -e expression handles DOS-style file names with drive + # letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the "deleted header file" problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. +## Some versions of gcc put a space before the ':'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts '$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" + rm -f "$tmpdepfile" + ;; + +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using '\' : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi + + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for ':' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. + "$@" $dashmflag | + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/DEVELOPERS.md nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/DEVELOPERS.md --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/DEVELOPERS.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/DEVELOPERS.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,68 @@ +# Extra informations for developers + +## Link to procps-ng newlib + +### Get, configure, compile, and install procps-ng newlib + +These instructions install a temporary copy of `procps-ng newlib` in the `/tmp` folder. +``` +sudo dnf install gettext-devel + +cd /var/tmp +git clone --single-branch --branch newlib https://gitlab.com/procps-ng/procps procps-ng-newlib +cd procps-ng-newlib/ + +PROCPSNG_VERSION="$(misc/git-version-gen .tarball-version)" + +cat </tmp/libprocps-newlib.pc +prefix=/usr +exec_prefix=/ +libdir=/tmp/procps-ng-newlib/usr/lib64 +includedir=/tmp/procps-ng-newlib/usr/include + +Name: libprocps +Description: Library to control and query process state +Version: $PROCPSNG_VERSION +Libs: -L\${libdir} -lprocps +Libs.private: +Cflags: -I\${includedir} +EOF + +sudo mv /tmp/libprocps-newlib.pc \ + /usr/lib64/pkgconfig/libprocps.pc + +autoreconf --install +./configure --prefix=/usr --without-ncurses \ + --disable-static --disable-pidof --disable-kill + +# do not build the man related stuff +for d in po man-po; do + echo "\ +all: +install:" > $d/Makefile +done + +make +make install DESTDIR=/tmp/procps-ng-newlib + +rm -fr /tmp/procps-ng-newlib/usr/share +rm -fr /tmp/procps-ng-newlib/usr/sbin +rm -fr /tmp/procps-ng-newlib/usr/bin + +sudo rm -f /usr/lib64/pkgconfig/libprocps.pc + +find /tmp/procps-ng-newlib/ -type f +``` + +### Build `nagios-plugins-linux` + +Build `nagios-plugins-linux` with `--enable-libprocps`. + +``` +git clone https://github.com/madrisan/nagios-plugins-linux.git +cd nagios-plugins-linux +./configure --enable-libprocps \ + CFLAGS="-O -I/tmp/procps-ng-newlib/usr/include" \ + LIBPROCPS_LIBS="-L/tmp/procps-ng-newlib/usr/lib64/ -lproc-2" +make +``` diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/bug_report.md nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/bug_report.md --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/bug_report.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/bug_report.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,27 @@ +--- +name: "\U0001F41B Bug report" +about: Create a report to help us improve +title: "[Bug]" +labels: bug +assignees: '' + +--- + +# 🛠Bug +## Describe the bug +A clear and concise description of what the bug is. + +## How to reproduce +Steps to reproduce the behaviour: +1. Options passed to ./configure at build time (if applicable) +2. A way to recreate the problem +3. Command line to enter +4. The exact output printed by the plugin + +## Expected behaviour +A clear and concise description of what you expected to happen. + +## Additional context + - Linux distribution + - Version [e.g. 27] + - Add any other context about the problem here. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/feature_request.md nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/feature_request.md --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/feature_request.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/ISSUE_TEMPLATE/feature_request.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,22 @@ +--- +name: "\U0001F680 Feature request" +about: Suggest an idea for a new feature in Nagios Plugins for Linux +title: "[Feature Request]" +labels: enhancement +assignees: '' + +--- + +# 🚀 Feature Request + +## Is your feature request related to a problem? Please describe. +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +## Describe the solution you'd like +A clear and concise description of what you want to happen. + +## Describe alternatives you've considered +A clear and concise description of any alternative solutions or features you've considered. + +## Additional context +Add any other context or screenshots about the feature request here. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/workflows/build-checks.yml nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/workflows/build-checks.yml --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/workflows/build-checks.yml 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.github/workflows/build-checks.yml 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,59 @@ +name: Build check + +on: + push: + paths-ignore: + - '**.md' + pull_request: + types: [assigned, edited, opened, synchronize, reopened] + +jobs: + build: + runs-on: ubuntu-latest + container: ${{ matrix.container }} + + strategy: + fail-fast: false + matrix: + container: + - 'alpine:3.14' + - 'centos:8' + - 'debian:buster' + - 'fedora:34' + - 'ubuntu:21.04' + + steps: + - uses: actions/checkout@v2 + + - id: install_deps + run: | + case "${{ matrix.container }}" in + alpine*) + apk update + apk add autoconf automake bzip2 curl-dev file gcc libtool linux-headers make m4 musl-dev tar xz + ;; + debian*|ubuntu*) + export DEBIAN_FRONTEND=noninteractive + apt-get update -q + apt-get install -q -y --no-install-recommends autoconf automake bzip2 gcc libcurl4-gnutls-dev libtool m4 make pkg-config xz-utils + ;; + centos*) + dnf -y update + dnf -y install autoconf automake bzip2 gcc glibc-devel libcurl-devel libtool make m4 xz + ;; + fedora*) + dnf -y update + dnf -y install autoconf automake bzip2 gcc glibc-devel libcurl-devel libvarlink-devel libtool make m4 xz + ;; + esac + + - id: configure + run: | + autoreconf --install + ./configure --enable-debug + + - id: make + run: | + make + make check + make distcheck diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/collection.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/collection.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/collection.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/collection.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* collection.h -- dictionary for counting hashable objects (strings) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _COLLECTION_H_ +#define _COLLECTION_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + + typedef struct hashable + { /* table entry: */ + struct hashable *next; /* next element in case of a collision */ + char *key; + unsigned long count; + } hashable_t; + + typedef struct hashtable + { + unsigned int capacity; /* hashtable capacity */ + unsigned int elements; /* number of elements stored */ + unsigned int uniq; /* number of unique keys */ + hashable_t **table; + char **keys; /* array containing the ptrs to the keys */ + } hashtable_t; + + hashtable_t *counter_create (void); + void counter_free (hashtable_t * hashtable); + + hashable_t *counter_lookup (const hashtable_t * hashtable, const char *key); + hashable_t *counter_put (hashtable_t * hashtable, const char *key, + unsigned long increment); + unsigned int counter_get_elements (const hashtable_t * hashtable); + unsigned int counter_get_unique_elements (const hashtable_t * hashtable); + char **counter_keys (hashtable_t * hashtable); + +#ifdef __cplusplus +} +#endif + +#endif /* _COLLECTION_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/common.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/common.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/common.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/common.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,80 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* common.h -- set of common macros and definitions + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _COMMON_H_ +# define _COMMON_H_ 1 + +#define GPLv3_DISCLAIMER \ + "\ +License (SPDX ID): GPL-3.0-or-later \ +\n\ +This is free software; you are free to change and redistribute it.\n\ +There is NO WARRANTY, to the extent permitted by law.\n" + +#define GETOPT_HELP_CHAR 'h' +#define GETOPT_VERSION_CHAR 'V' +#define GETOPT_HELP_VERSION_STRING "hV" + +#define USAGE_HEADER "Usage:\n" +#define USAGE_OPTIONS "Options:\n" +#define USAGE_EXAMPLES "Examples:\n" +#define USAGE_NOTE "Note:\n" +#define USAGE_SEPARATOR "\n" +#define USAGE_HELP \ + " -h, --help display this help and exit\n" +#define USAGE_VERSION \ + " -V, --version output version information and exit\n" +#define USAGE_THRESHOLDS \ + "\ +See the Nagios Developer Guidelines for range format:\n\ +\n" + +#define GETOPT_HELP_OPTION_DECL \ + "help", no_argument, NULL, GETOPT_HELP_CHAR +#define GETOPT_VERSION_OPTION_DECL \ + "version", no_argument, NULL, GETOPT_VERSION_CHAR + +#define case_GETOPT_HELP_CHAR \ + case GETOPT_HELP_CHAR: \ + usage (stdout); \ + break; + +#define case_GETOPT_VERSION_CHAR \ + case GETOPT_VERSION_CHAR: \ + print_version (); \ + printf (GPLv3_DISCLAIMER); \ + exit (EXIT_SUCCESS); \ + break; + +/* One iteration with 1sec delay by default, + for plugins that support iterations */ +#define DELAY_DEFAULT 1 +#define COUNT_DEFAULT 2 +#define DELAY_MAX 60 +#define COUNT_MAX 100 + +/* Nagios Plugins error codes */ + +typedef enum nagstatus +{ + STATE_OK, + STATE_WARNING, + STATE_CRITICAL, + STATE_UNKNOWN, + STATE_DEPENDENT +} nagstatus; + +#endif /* _COMMON_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_docker.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_docker.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_docker.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_docker.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* container_docker.h -- a library for checking sysfs for Docker exposed metrics + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _CONTAINER_DOCKER_H +#define _CONTAINER_DOCKER_H + +#include "system.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + typedef struct chunk + { + char *memory; + size_t size; + } chunk_t; + + struct docker_memory_desc; + + /* Allocates space for a new docker_memory_desc object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + int docker_memory_desc_new (struct docker_memory_desc **memdesc); + + /* Fill the docker_memory_desc structure pointed with the values found in the + * sysfs filesystem. */ + void docker_memory_desc_read (struct docker_memory_desc *__restrict + memdesc); + + /* Drop a reference of the docker_memory_desc library context. If the refcount + * of reaches zero, the resources of the context will be released. */ + struct docker_memory_desc + *docker_memory_desc_unref (struct docker_memory_desc *memdesc); + + /* Accessing the values from docker_memory_desc */ + + /* Return the number of bytes of page cache memory. */ + long long docker_memory_get_total_cache ( + struct docker_memory_desc *memdesc); + + /* Return the number of bytes of anonymous and swap cache memory + * (includes transparent hugepages). */ + long long docker_memory_get_total_rss ( + struct docker_memory_desc *memdesc); + + /* Return the number of bytes of swap usage. */ + long long docker_memory_get_total_swap ( + struct docker_memory_desc *memdesc); + + /* Return the number of bytes of bytes of memory that cannot be reclaimed + * (mlocked etc). */ + long long docker_memory_get_total_unevictable ( + struct docker_memory_desc *memdesc); + + /* Additional metrics that may be valuable in investigating performance or + * stability issues include page faults, which can represent either + * segmentation faults or fetching data from disk instead of memory + * (pgfault and pgmajfault, respectively). */ + long long docker_memory_get_total_pgfault ( + struct docker_memory_desc *memdesc); + long long docker_memory_get_total_pgmajfault ( + struct docker_memory_desc *memdesc); + + long long docker_memory_get_total_pgpgin ( + struct docker_memory_desc *memdesc); + long long docker_memory_get_total_pgpgout ( + struct docker_memory_desc *memdesc); + + int docker_running_containers (unsigned int *count, const char *image, + char **perfdata, bool verbose); + +#ifdef __cplusplus +} +#endif + +#endif /* _CONTAINER_DOCKER_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_podman.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_podman.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_podman.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/container_podman.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* container_podman.h -- a library for checking Podman containes via varlink + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _CONTAINER_PODMAN_H +#define _CONTAINER_PODMAN_H + +#include + +#include "units.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + enum + { + PODMAN_SHORTID_LEN = 13 + }; + + typedef struct container_stats + { + int64_t block_input; + int64_t block_output; + double cpu; + int64_t mem_limit; + int64_t mem_usage; + int64_t net_input; + int64_t net_output; + int64_t pids; + char *name; + } container_stats_t; + + typedef union total + { + unsigned long long llu; + double lf; + } total_t; + + typedef enum + { + unknown = -1, + /* these enum variables must be non negative */ + block_in_stats = 0, + block_out_stats, + cpu_stats, + memory_stats, + network_in_stats, + network_out_stats, + pids_stats, + last_stats = pids_stats + } stats_type; + +#ifndef NPL_TESTING + + typedef struct podman_varlink + { + int epoll_fd; + int signal_fd; + VarlinkConnection *connection; + VarlinkObject *parameters; + } podman_varlink_t; + + long podman_varlink_callback (VarlinkConnection * connection, + const char *error, VarlinkObject * parameters, + uint64_t flags, void *userdata); + long podman_varlink_check_event (podman_varlink_t * pv); + long podman_varlink_list (podman_varlink_t *pv, VarlinkArray **list, + char **err); + long podman_varlink_stats (podman_varlink_t *pv, const char *shortid, + container_stats_t *stats, char **err); +#else + + struct podman_varlink; + +#endif + + /* Allocates space for a new varlink object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + int podman_varlink_new (podman_varlink_t **pv, char *varlinkaddr); + + /* Drop a reference of the varlink library context. If the refcount of + * reaches zero, the resources of the context will be released. */ + podman_varlink_t *podman_varlink_unref (podman_varlink_t *pv); + + int podman_running_containers (podman_varlink_t *pv, unsigned int *count, + const char *image, char **perfdata); + + /* Report the containers statistics. */ + void podman_stats (podman_varlink_t *pv, stats_type which_stats, + bool report_perc, total_t *total, unit_shift shift, + const char *image_name, char **status, char **perfdata); + + /* Return a string valid for Nagios performance data output. */ + char* podman_image_name_normalize (const char *image); + + /* Return the short ID in the 'shortid' buffer. This buffer must have a size + * PODMAN_SHORTID_LEN. */ + void podman_shortid (const char *id, char *shortid); + +#ifdef __cplusplus +} +#endif + +#endif /* _CONTAINER_PODMAN_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpudesc.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpudesc.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpudesc.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpudesc.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* cpudesc.h -- a library for checking the CPU features + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _CPUDESC_H +#define _CPUDESC_H + +#include "system.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + /* Processor characteristics */ + bool get_processor_is_hot_pluggable (unsigned int cpu); + int get_processor_is_online (unsigned int cpu); + + struct cpu_desc; + + /* Allocates space for a new cpu_desc object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + int cpu_desc_new (struct cpu_desc **cpudesc); + + /* Fill the cpu_desc structure pointed with the values found in the + * proc filesystem */ + void cpu_desc_read (struct cpu_desc * __restrict cpudesc); + + /* Drop a reference of the cpu_desc library context. If the refcount of + * reaches zero, the resources of the context will be released. */ + struct cpu_desc *cpu_desc_unref (struct cpu_desc *cpudesc); + + /* Accessing the values from cpu_desc */ + char *cpu_desc_get_architecture (struct cpu_desc *cpudesc); + char *cpu_desc_get_vendor (struct cpu_desc *cpudesc); + char *cpu_desc_get_family (struct cpu_desc *cpudesc); + char *cpu_desc_get_model (struct cpu_desc *cpudesc); + char *cpu_desc_get_model_name (struct cpu_desc *cpudesc); + char *cpu_desc_get_virtualization_flag (struct cpu_desc *cpudesc); + char *cpu_desc_get_mhz (struct cpu_desc *cpudesc); + char *cpu_desc_get_flags (struct cpu_desc *cpudesc); + + enum /* CPU modes */ + { + MODE_32BIT = (1 << 1), + MODE_64BIT = (1 << 2) + }; + int cpu_desc_get_mode (struct cpu_desc *cpudesc); + + int cpu_desc_get_ncpus (struct cpu_desc *cpudesc); + int cpu_desc_get_ncpuspos (struct cpu_desc *cpudesc); + int cpu_desc_get_nthreads (struct cpu_desc *cpudesc); + +#ifdef __cplusplus +} +#endif + +#endif /* _CPUDESC_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpufreq.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpufreq.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpufreq.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpufreq.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* cpufreq.h -- a library for checking the CPU frequency configuration + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _CPUFREQ_H +#define _CPUFREQ_H + +struct cpufreq_available_frequencies; + +#ifdef __cplusplus +extern "C" +{ +#endif + + int cpufreq_get_hardware_limits (unsigned int cpu, + unsigned long *min, unsigned long *max); + unsigned long cpufreq_get_transition_latency (unsigned int cpu); + unsigned long cpufreq_get_freq_kernel (unsigned int cpu); + + struct cpufreq_available_frequencies * + cpufreq_get_available_freqs (unsigned int cpu); + struct cpufreq_available_frequencies * + cpufreq_get_available_freqs_next ( + struct cpufreq_available_frequencies *curr); + unsigned long cpufreq_get_available_freqs_value ( + struct cpufreq_available_frequencies *curr); + void cpufreq_available_frequencies_unref( + struct cpufreq_available_frequencies *first); + + char *cpufreq_get_driver (unsigned int cpu); + char *cpufreq_get_governor (unsigned int cpu); + char *cpufreq_get_available_governors (unsigned int cpu); + + char *cpufreq_freq_to_string (unsigned long freq); + char *cpufreq_duration_to_string (unsigned long duration); + +#ifdef __cplusplus +} +#endif + +#endif /* _CPUFREQ_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpustats.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpustats.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpustats.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cpustats.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* cpustats.h -- a library for checking the CPU utilization + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _CPUSTATS_H +#define _CPUSTATS_H + +#include + +#ifdef __cplusplus +extern "C" +{ +#endif + + typedef unsigned long long jiff; + + struct cpu_time + { + /* The name of the cpu found in /proc/stat: cpu, cpu0, cpu1, ... */ + const char *cpuname; + /* Time spent running non-kernel code. (user time, including nice time) */ + jiff user; + /* Time spent in user mode with low priority (nice) */ + jiff nice; + /* Time spent running kernel code. (system time) */ + jiff system; + /* Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time */ + jiff idle; + /* Time spent waiting for IO. Prior to Linux 2.5.41, included in idle */ + jiff iowait; + /* Time servicing interrupts. (since Linux 2.6.0-test4) */ + jiff irq; + /* Time servicing softirqs.i (since Linux 2.6.0-test4) */ + jiff softirq; + /* Stolen time, which is the time spent in other operating systems + * when running in a virtualized environment. (since Linux 2.6.11) */ + jiff steal; + /* Time spent running a virtual CPU for guest operating systems + * under the control of the Linux kernel. (since Linux 2.6.24) */ + jiff guest; + /* Time spent running a niced guest (virtual CPU for guest + * operating systems under the control of the Linux kernel). + * (since Linux 2.6.33) */ + jiff guestn; + }; + + /* Return the PATH of the proc stat filesystem ("/proc/stat"), or the content + of the environment variable "NPL_TESTING_PATH_PROC_STAT" if set */ + const char *get_path_proc_stat (); + + /* Get the cpu time statistics + * lines = 1 --> 'cpu' only + * lines = 3 --> 'cpu', 'cpu0', 'cpu1' + * and so on */ + void cpu_stats_get_time (struct cpu_time * __restrict cputime, + unsigned int lines); + + /* Get the number of context switches that the system underwent */ + unsigned long long cpu_stats_get_cswch (); + + /* Get the number of interrupts serviced since boot time, for each of the + * possible system interrupts, including unnumbered architecture specific + * interrupts (since Linux 2.6.0-test4) */ + unsigned long long cpu_stats_get_intr (); + + /* Get the total of softirqs the system has experienced + * (since Linux 2.6.0-test4) */ + unsigned long long cpu_stats_get_softirq (); + +#ifdef __cplusplus +} +#endif + +#endif /* _CPUSTATS_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cputopology.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cputopology.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cputopology.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/cputopology.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,81 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* cputopology.h -- a library for checking the CPU topology + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _CPUTOPOLOGY_H +#define _CPUTOPOLOGY_H + +#include + +#ifdef __cplusplus +extern "C" +{ +#endif + + /* + * Fallback for old or obscure libcs without dynamically allocated cpusets + * + * The following macros are based on code from glibc. + * + * The GNU C Library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + */ + #if !HAVE_DECL_CPU_ALLOC + + # define CPU_ZERO_S(setsize, cpusetp) \ + do { \ + size_t __i; \ + size_t __imax = (setsize) / sizeof (__cpu_mask); \ + __cpu_mask *__bits = (cpusetp)->__bits; \ + for (__i = 0; __i < __imax; ++__i) \ + __bits[__i] = 0; \ + } while (0) + + # define CPU_SET_S(cpu, setsize, cpusetp) \ + ({ size_t __cpu = (cpu); \ + __cpu < 8 * (setsize) \ + ? (((__cpu_mask *) ((cpusetp)->__bits))[__CPUELT (__cpu)] \ + |= __CPUMASK (__cpu)) \ + : 0; }) + + int __cpuset_count_s(size_t setsize, const cpu_set_t *set); + # define CPU_COUNT_S(setsize, cpusetp) __cpuset_count_s(setsize, cpusetp) + + # define CPU_ALLOC_SIZE(count) \ + ((((count) + __NCPUBITS - 1) / __NCPUBITS) * sizeof (__cpu_mask)) + # define CPU_ALLOC(count) (malloc(CPU_ALLOC_SIZE(count))) + # define CPU_FREE(cpuset) (free(cpuset)) + + #endif /* !HAVE_DECL_CPU_ALLOC */ + + /* Get the number of total and active cpus. */ + int get_processor_number_total (); + int get_processor_number_online (); + + /* Get the maximum cpu index allowed by the kernel configuration. */ + int get_processor_number_kernel_max (); + + /* Get the number of sockets, cores, and threads. */ + int get_cputopology_nthreads (); + void get_cputopology_read (unsigned int *nsockets, unsigned int *ncores, + unsigned int *nthreads); + +#ifdef __cplusplus +} +#endif + +#endif /* _CPUTOPOLOGY_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/getenv.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/getenv.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/getenv.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/getenv.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* getenv.h -- this header file just provides an alias for getenv_secure () + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _GETENV_H +#define _GETENV_H + +#include "common.h" + +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE___SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# error neither secure_getenv nor __secure_getenv is available +# endif +#endif + +#endif /* _GETENV_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/interrupts.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/interrupts.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/interrupts.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/interrupts.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* interrupts.h -- a library for checking the system interrupts + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _INTERRUPTS_H +#define _INTERRUPTS_H + +#ifdef __cplusplus +extern "C" +{ +#endif + + /* Return an array containing the number of interrupts per cpu per IO device + * Since Linux 2.6.24, for the i386 and x86_64 architectures, at least, this + * also includes interrupts internal to the system (that is, not associated + * with a device as such). */ + unsigned long *proc_interrupts_get_nintr_per_cpu (unsigned int *ncpus); + +#ifdef __cplusplus +} +#endif + +#endif /* _INTERRUPTS_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/jsmn.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/jsmn.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/jsmn.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/jsmn.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,534 @@ +// SPDX-License-Identifier: MIT +/* + * MIT License + * + * Copyright (c) 2010 Serge Zaitsev + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +#ifndef JSMN_H +#define JSMN_H + +#include + +#ifdef __cplusplus +extern "C" +{ +#endif + +#ifdef JSMN_STATIC +#define JSMN_API static +#else +#define JSMN_API extern +#endif + +/** + * JSON type identifier. Basic types are: + * o Object + * o Array + * o String + * o Other primitive: number, boolean (true/false) or null + */ + typedef enum + { + JSMN_UNDEFINED = 0, + JSMN_OBJECT = 1, + JSMN_ARRAY = 2, + JSMN_STRING = 3, + JSMN_PRIMITIVE = 4 + } jsmntype_t; + + enum jsmnerr + { + /* Not enough tokens were provided */ + JSMN_ERROR_NOMEM = -1, + /* Invalid character inside JSON string */ + JSMN_ERROR_INVAL = -2, + /* The string is not a full JSON packet, more bytes expected */ + JSMN_ERROR_PART = -3 + }; + +/** + * JSON token description. + * type type (object, array, string etc.) + * start start position in JSON data string + * end end position in JSON data string + */ + typedef struct + { + jsmntype_t type; + int start; + int end; + int size; +#ifdef JSMN_PARENT_LINKS + int parent; +#endif + } jsmntok_t; + +/** + * JSON parser. Contains an array of token blocks available. Also stores + * the string being parsed now and current position in that string. + */ + typedef struct + { + unsigned int pos; /* offset in the JSON string */ + unsigned int toknext; /* next token to allocate */ + int toksuper; /* superior token node, e.g. parent object or array */ + } jsmn_parser; + +/** + * Create JSON parser over an array of tokens + */ + JSMN_API void jsmn_init (jsmn_parser * parser); + +/** + * Run JSON parser. It parses a JSON data string into and array of tokens, each + * describing + * a single JSON object. + */ + JSMN_API int jsmn_parse (jsmn_parser * parser, const char *js, + const size_t len, jsmntok_t * tokens, + const unsigned int num_tokens); + +#ifndef JSMN_HEADER +/** + * Allocates a fresh unused token from the token pool. + */ + static jsmntok_t *jsmn_alloc_token (jsmn_parser * parser, + jsmntok_t * tokens, + const size_t num_tokens) + { + jsmntok_t *tok; + if (parser->toknext >= num_tokens) + { + return NULL; + } + tok = &tokens[parser->toknext++]; + tok->start = tok->end = -1; + tok->size = 0; +#ifdef JSMN_PARENT_LINKS + tok->parent = -1; +#endif + return tok; + } + +/** + * Fills token type and boundaries. + */ + static void jsmn_fill_token (jsmntok_t * token, const jsmntype_t type, + const int start, const int end) + { + token->type = type; + token->start = start; + token->end = end; + token->size = 0; + } + +/** + * Fills next available token with JSON primitive. + */ + static int jsmn_parse_primitive (jsmn_parser * parser, const char *js, + const size_t len, jsmntok_t * tokens, + const size_t num_tokens) + { + jsmntok_t *token; + int start; + + start = parser->pos; + + for (; parser->pos < len && js[parser->pos] != '\0'; parser->pos++) + { + switch (js[parser->pos]) + { +#ifndef JSMN_STRICT + /* In strict mode primitive must be followed by "," or "}" or "]" */ + case ':': +#endif + case '\t': + case '\r': + case '\n': + case ' ': + case ',': + case ']': + case '}': + goto found; + default: + /* to quiet a warning from gcc */ + break; + } + if (js[parser->pos] < 32 || js[parser->pos] >= 127) + { + parser->pos = start; + return JSMN_ERROR_INVAL; + } + } +#ifdef JSMN_STRICT + /* In strict mode primitive must be followed by a comma/object/array */ + parser->pos = start; + return JSMN_ERROR_PART; +#endif + + found: + if (tokens == NULL) + { + parser->pos--; + return 0; + } + token = jsmn_alloc_token (parser, tokens, num_tokens); + if (token == NULL) + { + parser->pos = start; + return JSMN_ERROR_NOMEM; + } + jsmn_fill_token (token, JSMN_PRIMITIVE, start, parser->pos); +#ifdef JSMN_PARENT_LINKS + token->parent = parser->toksuper; +#endif + parser->pos--; + return 0; + } + +/** + * Fills next token with JSON string. + */ + static int jsmn_parse_string (jsmn_parser * parser, const char *js, + const size_t len, jsmntok_t * tokens, + const size_t num_tokens) + { + jsmntok_t *token; + + int start = parser->pos; + + parser->pos++; + + /* Skip starting quote */ + for (; parser->pos < len && js[parser->pos] != '\0'; parser->pos++) + { + char c = js[parser->pos]; + + /* Quote: end of string */ + if (c == '\"') + { + if (tokens == NULL) + { + return 0; + } + token = jsmn_alloc_token (parser, tokens, num_tokens); + if (token == NULL) + { + parser->pos = start; + return JSMN_ERROR_NOMEM; + } + jsmn_fill_token (token, JSMN_STRING, start + 1, parser->pos); +#ifdef JSMN_PARENT_LINKS + token->parent = parser->toksuper; +#endif + return 0; + } + + /* Backslash: Quoted symbol expected */ + if (c == '\\' && parser->pos + 1 < len) + { + int i; + parser->pos++; + switch (js[parser->pos]) + { + /* Allowed escaped symbols */ + case '\"': + case '/': + case '\\': + case 'b': + case 'f': + case 'r': + case 'n': + case 't': + break; + /* Allows escaped symbol \uXXXX */ + case 'u': + parser->pos++; + for (i = 0; + i < 4 && parser->pos < len && js[parser->pos] != '\0'; + i++) + { + /* If it isn't a hex character we have an error */ + if (!((js[parser->pos] >= 48 && js[parser->pos] <= 57) || /* 0-9 */ + (js[parser->pos] >= 65 && js[parser->pos] <= 70) || /* A-F */ + (js[parser->pos] >= 97 && js[parser->pos] <= 102))) + { /* a-f */ + parser->pos = start; + return JSMN_ERROR_INVAL; + } + parser->pos++; + } + parser->pos--; + break; + /* Unexpected symbol */ + default: + parser->pos = start; + return JSMN_ERROR_INVAL; + } + } + } + parser->pos = start; + return JSMN_ERROR_PART; + } + +/** + * Parse JSON string and fill tokens. + */ + JSMN_API int jsmn_parse (jsmn_parser * parser, const char *js, + const size_t len, jsmntok_t * tokens, + const unsigned int num_tokens) + { + int r; + int i; + jsmntok_t *token; + int count = parser->toknext; + + for (; parser->pos < len && js[parser->pos] != '\0'; parser->pos++) + { + char c; + jsmntype_t type; + + c = js[parser->pos]; + switch (c) + { + case '{': + case '[': + count++; + if (tokens == NULL) + { + break; + } + token = jsmn_alloc_token (parser, tokens, num_tokens); + if (token == NULL) + { + return JSMN_ERROR_NOMEM; + } + if (parser->toksuper != -1) + { + jsmntok_t *t = &tokens[parser->toksuper]; +#ifdef JSMN_STRICT + /* In strict mode an object or array can't become a key */ + if (t->type == JSMN_OBJECT) + { + return JSMN_ERROR_INVAL; + } +#endif + t->size++; +#ifdef JSMN_PARENT_LINKS + token->parent = parser->toksuper; +#endif + } + token->type = (c == '{' ? JSMN_OBJECT : JSMN_ARRAY); + token->start = parser->pos; + parser->toksuper = parser->toknext - 1; + break; + case '}': + case ']': + if (tokens == NULL) + { + break; + } + type = (c == '}' ? JSMN_OBJECT : JSMN_ARRAY); +#ifdef JSMN_PARENT_LINKS + if (parser->toknext < 1) + { + return JSMN_ERROR_INVAL; + } + token = &tokens[parser->toknext - 1]; + for (;;) + { + if (token->start != -1 && token->end == -1) + { + if (token->type != type) + { + return JSMN_ERROR_INVAL; + } + token->end = parser->pos + 1; + parser->toksuper = token->parent; + break; + } + if (token->parent == -1) + { + if (token->type != type || parser->toksuper == -1) + { + return JSMN_ERROR_INVAL; + } + break; + } + token = &tokens[token->parent]; + } +#else + for (i = parser->toknext - 1; i >= 0; i--) + { + token = &tokens[i]; + if (token->start != -1 && token->end == -1) + { + if (token->type != type) + { + return JSMN_ERROR_INVAL; + } + parser->toksuper = -1; + token->end = parser->pos + 1; + break; + } + } + /* Error if unmatched closing bracket */ + if (i == -1) + { + return JSMN_ERROR_INVAL; + } + for (; i >= 0; i--) + { + token = &tokens[i]; + if (token->start != -1 && token->end == -1) + { + parser->toksuper = i; + break; + } + } +#endif + break; + case '\"': + r = jsmn_parse_string (parser, js, len, tokens, num_tokens); + if (r < 0) + { + return r; + } + count++; + if (parser->toksuper != -1 && tokens != NULL) + { + tokens[parser->toksuper].size++; + } + break; + case '\t': + case '\r': + case '\n': + case ' ': + break; + case ':': + parser->toksuper = parser->toknext - 1; + break; + case ',': + if (tokens != NULL && parser->toksuper != -1 && + tokens[parser->toksuper].type != JSMN_ARRAY && + tokens[parser->toksuper].type != JSMN_OBJECT) + { +#ifdef JSMN_PARENT_LINKS + parser->toksuper = tokens[parser->toksuper].parent; +#else + for (i = parser->toknext - 1; i >= 0; i--) + { + if (tokens[i].type == JSMN_ARRAY + || tokens[i].type == JSMN_OBJECT) + { + if (tokens[i].start != -1 && tokens[i].end == -1) + { + parser->toksuper = i; + break; + } + } + } +#endif + } + break; +#ifdef JSMN_STRICT + /* In strict mode primitives are: numbers and booleans */ + case '-': + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + case 't': + case 'f': + case 'n': + /* And they must not be keys of the object */ + if (tokens != NULL && parser->toksuper != -1) + { + const jsmntok_t *t = &tokens[parser->toksuper]; + if (t->type == JSMN_OBJECT || + (t->type == JSMN_STRING && t->size != 0)) + { + return JSMN_ERROR_INVAL; + } + } +#else + /* In non-strict mode every unquoted value is a primitive */ + default: +#endif + r = jsmn_parse_primitive (parser, js, len, tokens, num_tokens); + if (r < 0) + { + return r; + } + count++; + if (parser->toksuper != -1 && tokens != NULL) + { + tokens[parser->toksuper].size++; + } + break; + +#ifdef JSMN_STRICT + /* Unexpected char in strict mode */ + default: + return JSMN_ERROR_INVAL; +#endif + } + } + + if (tokens != NULL) + { + for (i = parser->toknext - 1; i >= 0; i--) + { + /* Unmatched opened object or array */ + if (tokens[i].start != -1 && tokens[i].end == -1) + { + return JSMN_ERROR_PART; + } + } + } + + return count; + } + +/** + * Creates a new parser based over a given buffer with an array of tokens + * available. + */ + JSMN_API void jsmn_init (jsmn_parser * parser) + { + parser->pos = 0; + parser->toknext = 0; + parser->toksuper = -1; + } + +#endif /* JSMN_HEADER */ + +#ifdef __cplusplus +} +#endif + +#endif /* JSMN_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/json_helpers.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/json_helpers.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/json_helpers.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/json_helpers.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* json_helpers.h -- Helper function for parsing data in JSON format + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef JSON_HELPERS_H_ +#define JSON_HELPERS_H_ + +#define JSMN_HEADER +#include "jsmn.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + int json_token_streq (const char *json, jsmntok_t * tok, const char *s); + char *json_token_tostr (char *json, jsmntok_t * t); + jsmntok_t *json_tokenise (const char *json, size_t *ntoken); + +#ifdef __cplusplus +} +#endif + +#endif /* JSON_HELPERS_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/kernelver.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/kernelver.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/kernelver.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/kernelver.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* kernelver.h -- get the version of a running Linux kernel + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _KERNELVER_H_ +#define _KERNELVER_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + + unsigned int linux_version (void); + +#ifdef __cplusplus +} +#endif + +#endif /* _KERNELVER_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/logging.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/logging.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/logging.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/logging.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* logging.h -- logging facilities + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _LOGGING_H_ +#define _LOGGING_H_ + +#include + +void logging (const char *format, ...); + +static inline void __attribute__ ((always_inline, format (printf, 1, 2))) +logging_null (const char *format, ...) {} + +#ifdef ENABLE_DEBUG +# define dbg(format, ...) fprintf (stdout, "DEBUG: " format, ##__VA_ARGS__) +#else +# define dbg(args...) logging_null(args) +#endif + +#endif /* _LOGGING_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,57 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2014-2016 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +AM_CPPFLAGS = -include $(top_builddir)/config.h + +noinst_HEADERS = \ + collection.h \ + common.h \ + container_docker.h \ + container_podman.h \ + cpudesc.h \ + cpufreq.h \ + cpustats.h \ + cputopology.h \ + getenv.h \ + kernelver.h \ + interrupts.h \ + jsmn.h \ + json_helpers.h \ + logging.h \ + meminfo.h \ + mountlist.h \ + messages.h \ + netinfo.h \ + netinfo-private.h \ + perfdata.h \ + pressure.h \ + processes.h \ + procparser.h \ + progname.h \ + progversion.h \ + string-macros.h \ + sysfsparser.h \ + system.h \ + tcpinfo.h \ + testutils.h \ + thresholds.h \ + units.h \ + url_encode.h \ + vminfo.h \ + xalloc.h \ + xasprintf.h \ + xstrton.h diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/meminfo.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/meminfo.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/meminfo.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/meminfo.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,71 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* meminfo.h -- a library for getting system memory informations + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _MEMINFO_H_ +#define _MEMINFO_H_ + +#include "system.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + struct proc_sysmem; + + /* Return the PATH of the proc meminfo filesystem ("/proc/meminfo"), or the + content of the environment variable "NPL_TESTING_PATH_PROC_MEMINFO" + if set */ + const char *get_path_proc_meminfo (); + + /* Allocates space for a new sysmem object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + int proc_sysmem_new (struct proc_sysmem **sysmem); + + /* Fill the proc_sysmem structure pointed with the values found in the + * proc filesystem. */ + void proc_sysmem_read (struct proc_sysmem *sysmem); + + /* Drop a reference of the memory library context. If the refcount of + * reaches zero, the resources of the context will be released. */ + struct proc_sysmem *proc_sysmem_unref (struct proc_sysmem *sysmem); + + /* Accessing the values from proc_sysmem */ + + unsigned long proc_sysmem_get_active (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_anon_pages (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_committed_as (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_dirty (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_inactive (struct proc_sysmem *sysmem); + + unsigned long proc_sysmem_get_main_available (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_main_buffers (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_main_cached (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_main_free (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_main_shared (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_main_total (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_main_used (struct proc_sysmem *sysmem); + + unsigned long proc_sysmem_get_swap_cached (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_swap_free (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_swap_total (struct proc_sysmem *sysmem); + unsigned long proc_sysmem_get_swap_used (struct proc_sysmem *sysmem); + +#ifdef __cplusplus +} +#endif + +#endif /* _MEMINFO_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/messages.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/messages.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/messages.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/messages.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* messages.h -- a library for uniform output and error messages + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _MESSAGES_H +#define _MESSAGES_H 1 + +#include "common.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + /* Print a message with 'fprintf (stderr, FORMAT, ...)'; + if ERRNUM is nonzero, follow it with ": " and strerror (ERRNUM). + If STATUS is nonzero, terminate the program with 'exit (STATUS)'. */ + _Noreturn void plugin_error (nagstatus status, int errnum, + const char *message, ...) + _attribute_format_printf_ (3, 4); + + /* This variable is incremented each time 'error' is called. */ + extern unsigned int error_message_count; + + const char *state_text (nagstatus status); + +#ifdef __cplusplus +} +#endif + +#endif /* _MESSAGES_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/mountlist.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/mountlist.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/mountlist.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/mountlist.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* mountlist.h -- a library for getting informations about filesystems + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _MOUNTLIST_H +#define _MOUNTLIST_H 1 + +#include +#include "system.h" + +/* A mount table entry. */ +struct mount_entry +{ + char *me_devname; /* Device node name, including "/dev/". */ + char *me_mountdir; /* Mount point directory name. */ + char *me_type; /* "nfs", "4.2", etc. */ + char *me_opts; /* Comma-separated options for fs. */ + dev_t me_dev; /* Device number of me_mountdir. */ + unsigned int me_dummy : 1; /* Nonzero for dummy file systems. */ + unsigned int me_remote : 1; /* Nonzero for remote fileystems. */ + unsigned int me_readonly : 1; /* Nonzero for readonly fileystems. */ + unsigned int me_type_malloced : 1; /* Nonzero if me_type was malloced. */ + unsigned int me_opts_malloced : 1; /* Nonzero if me_opts was malloced. */ + struct mount_entry *me_next; +}; + +struct mount_entry *read_file_system_list (bool need_fs_type); + +#endif /* mountlist.h */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* netinfo.h -- a library foe getting network interfaces statistics + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _NETINFO_H +#define _NETINFO_H + +#include +#include + +#include "netinfo-private.h" +#include "system.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + enum + { + /* list of address families */ + IF_AF_PACKET = (1 << 0), + IF_AF_INET = (1 << 1), + IF_AF_INET6 = (1 << 2), + /* command-line options */ + CHECK_LINK = (1 << 0), + NO_LOOPBACK = (1 << 1), + NO_WIRELESS = (1 << 2), + NO_BYTES = (1 << 3), + NO_COLLISIONS = (1 << 4), + NO_DROPS = (1 << 4), + NO_ERRORS = (1 << 5), + NO_MULTICAST = (1 << 6), + NO_PACKETS = (1 << 7), + RX_ONLY = (1 << 8), + TX_ONLY = (1 << 9) + }; + + enum duplex + { + DUP_HALF = DUPLEX_HALF, + DUP_FULL = DUPLEX_FULL, + _DUP_MAX, + _DUP_UNKNOWN = DUPLEX_UNKNOWN + }; + + struct iflist *netinfo (unsigned int options, const char *ifname_regex, + unsigned int seconds, unsigned int *ninterfaces); + struct iflist *iflist_get_next (struct iflist *ifentry); +#define iflist_foreach(list_entry, list) \ + for (list_entry = list; list_entry != NULL; \ + list_entry = iflist_get_next(list_entry)) + + /* Accessing the values from struct iflist */ + const char *iflist_get_ifname (struct iflist *ifentry); + uint8_t iflist_get_duplex (struct iflist *ifentry); + uint32_t iflist_get_speed (struct iflist *ifentry); + unsigned int iflist_get_tx_packets (struct iflist *ifentry); + unsigned int iflist_get_rx_packets (struct iflist *ifentry); + unsigned int iflist_get_tx_bytes (struct iflist *ifentry); + unsigned int iflist_get_rx_bytes (struct iflist *ifentry); + unsigned int iflist_get_tx_errors (struct iflist *ifentry); + unsigned int iflist_get_rx_errors (struct iflist *ifentry); + unsigned int iflist_get_tx_dropped (struct iflist *ifentry); + unsigned int iflist_get_rx_dropped (struct iflist *ifentry); + unsigned int iflist_get_collisions (struct iflist *ifentry); + unsigned int iflist_get_flags (struct iflist *ifentry); + unsigned int iflist_get_multicast (struct iflist *ifentry); + + void print_ifname_debug (struct iflist *iflhead, unsigned int options); + void freeiflist (struct iflist *iflhead); + + /* helper functions for parsing and priting interface flags */ + bool if_flags_LOOPBACK (unsigned int flags); + bool if_flags_RUNNING (unsigned int flags); + bool if_flags_UP (unsigned int flags); + +#ifdef __cplusplus +} +#endif + +#endif /* _NETINFO_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo-private.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo-private.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo-private.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/netinfo-private.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* netinfo-private.h -- a library foe getting network interfaces statistics + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _NETINFO_PRIVATE_H +#define _NETINFO_PRIVATE_H + +#include +#include "netinfo.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + typedef struct ifstats + { + unsigned int tx_packets; + unsigned int rx_packets; + unsigned int tx_bytes; + unsigned int rx_bytes; + unsigned int tx_errors; + unsigned int rx_errors; + unsigned int tx_dropped; + unsigned int rx_dropped; + unsigned int collisions; + unsigned int multicast; + } ifstats_t; + + typedef struct iflist + { + char *ifname; + uint8_t duplex; /* the duplex as defined in */ + uint32_t speed; /* the link speed in Mbps */ + unsigned int flags; + struct ifstats *stats; + struct iflist *next; + } iflist_t; + + struct iflist *get_netinfo_snapshot (unsigned int options, + const regex_t *iface_regex); + +#ifdef __cplusplus +} +#endif + +#endif /* _NETINFO_PRIVATE_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/perfdata.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/perfdata.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/perfdata.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/perfdata.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* perfdata.h -- a library for managing the Nagios perfdata + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _PERFDATA_H_ +#define _PERFDATA_H_ + +#include "system.h" +#include "thresholds.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + int get_perfdata_limit (range * threshold, unsigned long base, + unsigned long long *limit, bool percent); + int get_perfdata_limit_converted (range * threshold, unsigned long base, + int shift, unsigned long long *limit, + bool percent); + +#ifdef __cplusplus +} +#endif + +#endif /* _PERFDATA_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/pressure.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/pressure.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/pressure.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/pressure.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* pressure.h -- Linux Pressure Stall Information (PSI) parser + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _PRESSURE_H_ +#define _PRESSURE_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +#define PATH_PROC_PRESSURE "/proc/pressure" +#define PATH_PSI_PROC_CPU PATH_PROC_PRESSURE "/cpu" +#define PATH_PSI_PROC_IO PATH_PROC_PRESSURE "/io" +#define PATH_PSI_PROC_MEMORY PATH_PROC_PRESSURE "/memory" + + enum linux_psi_id /* Linux PSI modes */ + { + LINUX_PSI_NONE = 0, + LINUX_PSI_CPU, + LINUX_PSI_IO, + LINUX_PSI_MEMORY + }; + + /* Structure for pressure-stall cpu statistics. + * - avg* fields: percentage of time in the last 10, 60 and 300 seconds + * respectively that processes were starved of CPU, + * - total: total time in microseconds that processes were starved of CPU. + */ + struct proc_psi_oneline + { + unsigned long long total; + double avg10; + double avg60; + double avg300; + }; + + /* Structure for pressure-stall io and memory statistics + * + * For memory, large numbers in 'full' means no runnable/non-idle process + * was able to run and the CPU was busy doing housekeeping work related + * to paging. Even small numbers clearly indicate workloads that are + * being starved of RAM. So, while the numbers in 'some' indicate that + * while the system is strained of resources and some runnable processes + * are starved, it does mean that other processes continue to run and + * real work is getting done. + */ + struct proc_psi_twolines + { + unsigned long long some_total; + unsigned long long full_total; + double some_avg10; + double some_avg60; + double some_avg300; + double full_avg10; + double full_avg60; + double full_avg300; + }; + + int proc_psi_read_cpu (struct proc_psi_oneline **psi_cpu, + unsigned long long *starvation, unsigned long delay); + int proc_psi_read_io (struct proc_psi_twolines **psi_io, + unsigned long long *starvation, unsigned long delay); + int proc_psi_read_memory (struct proc_psi_twolines **psi_memory, + unsigned long long *starvation, + unsigned long delay); + +#ifdef __cplusplus +} +#endif + +#endif /* pressure.h */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/processes.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/processes.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/processes.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/processes.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* processes.h -- get informations about running processes + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _PROCESSES_H_ +#define _PROCESSES_H_ + +#include +#include + +#define NBPROCS_NONE 0x00 +#define NBPROCS_VERBOSE 0x01 +#define NBPROCS_THREADS 0x02 + +#ifdef __cplusplus +extern "C" +{ +#endif + + struct procs_list_node; + + /* Return name corresponding to 'uid', or NULL on error */ + char *uid_to_username (uid_t uid); + + /* Return the list of the users with running processes */ + struct procs_list_node *procs_list_getall (unsigned int flags); + + /* Access to procs generated lists */ + char *procs_list_node_get_username (struct procs_list_node *node); + long procs_list_node_get_nbr (struct procs_list_node *node); + +#ifdef RLIMIT_NPROC + unsigned long procs_list_node_get_rlimit_nproc_soft (struct procs_list_node + *node); + unsigned long procs_list_node_get_rlimit_nproc_hard (struct procs_list_node + *node); +#endif + struct procs_list_node * procs_list_node_get_next (struct procs_list_node + *node); + long procs_list_node_get_total_procs_nbr (struct procs_list_node *list); + +#define proc_list_node_foreach(list_entry, list) \ + for (list_entry = procs_list_node_get_next (list); \ + list_entry != procs_list_node_get_next(list_entry); \ + list_entry = procs_list_node_get_next(list_entry)) + +#ifdef __cplusplus +} +#endif + +#endif /* _PROCESSES_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/procparser.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/procparser.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/procparser.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/procparser.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* procparser.h -- a parser for /proc files, /proc/meminfo, and /proc/vmstat + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _PROCPARSER_H_ +#define _PROCPARSER_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + + typedef struct proc_table_struct + { + const char *name; /* proc type name */ + unsigned long *slot; /* slot in return struct */ + } proc_table_struct; + + void procparser (const char *filename, const proc_table_struct * proc_table, + int proc_table_count, char separator); + + /* Lookup a pattern and get the value from line + * Format is: + * " : " + */ + int linelookup (char *line, char *pattern, char **value); + +#ifdef __cplusplus +} +#endif + +#endif /* _PROCPARSER_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progname.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progname.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progname.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progname.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* progname.h -- a library for setting the name of each plugin module + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _PROGNAME_H +#define _PROGNAME_H + +/* Programs using this file should do the following in main(): + set_program_name (argv[0]); + */ + +#ifdef __cplusplus +extern "C" { +#endif + + /* String containing name the program is called with. */ + extern const char *program_name; + + /* String containing a short version of 'program_name'. */ + extern const char *program_name_short; + + /* Set program_name, based on argv[0]. + argv0 must be a string allocated with indefinite extent, and must not be + modified after this call. */ + void set_program_name (const char *argv0); + +#ifdef __cplusplus +} +#endif + +#endif /* _PROGNAME_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progversion.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progversion.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progversion.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/progversion.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* progversion.h -- version number of the nagios-plugins-linux + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _PROGVERSION_H +#define _PROGVERSION_H + +#ifdef __cplusplus +extern "C" { +#endif + +static const char *program_version = PACKAGE_VERSION; + +#ifdef __cplusplus +} +#endif + +#endif /* _PROGVERSION_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/string-macros.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/string-macros.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/string-macros.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/string-macros.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* string-macros.h -- a collection of macros for checking strings + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _STRING_MACROS_H +# define _STRING_MACROS_H 1 + +#include "system.h" + +# define STRCONTAINS(a, b) (NULL != strpbrk(a, b)) +# define STREQ(a, b) (strcmp(a, b) == 0) +# define STRNEQ(a, b) (strcmp(a, b) != 0) +# define STREQLEN(a, b, n) (strncmp(a, b, n) == 0) +# define STRNEQLEN(a, b, n) (strncmp(a, b, n) != 0) +# define STRPREFIX(a, b) (strncmp(a, b, strlen(b)) == 0) + +# define STRTRIMPREFIX(a, b) STRPREFIX(a, b) ? a + strlen(b) : a + +/* Use strncpy with N-1 and ensure the string is terminated. */ +#define STRNCPY_TERMINATED(DEST, SRC, N) \ + do { \ + strncpy (DEST, SRC, N - 1); \ + DEST[N - 1] = '\0'; \ + } while (false) + +#endif /* _STRING_MACROS_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/sysfsparser.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/sysfsparser.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/sysfsparser.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/sysfsparser.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* sysfsparser -- get informations from sysfs + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _SYSFSPARSER_H +#define _SYSFSPARSER_H + +#include +#include +#include "system.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + /* generic functions */ + + bool sysfsparser_path_exist (const char *path, ...) + _attribute_format_printf_(1, 2); + void sysfsparser_opendir(DIR **dirp, const char *path, ...) + _attribute_format_printf_(2, 3); + void sysfsparser_closedir(DIR *dirp); + struct dirent *sysfsparser_readfilename(DIR *dirp, unsigned int flags); + + char *sysfsparser_getline (const char *filename, ...) + _attribute_format_printf_(1, 2); + unsigned long long sysfsparser_getvalue (const char *filename, ...) + _attribute_format_printf_(1, 2); + + /* Lookup a pattern and get the value from line + * Format is: + * " " + */ + int sysfsparser_linelookup_numeric (char *line, char *pattern, + long long *value); + + /* cpufreq */ + + int sysfsparser_cpufreq_get_hardware_limits (unsigned int cpu, + unsigned long *min, + unsigned long *max); + unsigned long sysfsparser_cpufreq_get_freq_kernel (unsigned int cpu); + unsigned long sysfsparser_cpufreq_get_transition_latency (unsigned int cpu); + + char *sysfsparser_cpufreq_get_available_freqs (unsigned int cpu); + char *sysfsparser_cpufreq_get_driver (unsigned int cpu); + char *sysfsparser_cpufreq_get_governor (unsigned int cpu); + char *sysfsparser_cpufreq_get_available_governors (unsigned int cpu); + + /* thermal sensors */ + +# define ALL_THERMAL_ZONES UINT_MAX + + bool sysfsparser_thermal_kernel_support (void); + const char *sysfsparser_thermal_sysfs_path (); + int sysfsparser_thermal_get_temperature (unsigned int selected_zone, + unsigned int *zone, char **type); + int sysfsparser_thermal_get_critical_temperature (unsigned int thermal_zone); + const char *sysfsparser_thermal_get_device (unsigned int thermal_zone); + void sysfsparser_thermal_listall (); + +#ifdef __cplusplus +} +#endif + +#endif /* _SYSFSPARSER_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/system.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/system.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/system.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/system.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* system.h -- system and compiler specific stuff + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _NPL_SYSTEM_H_ +#define _NPL_SYSTEM_H_ + +#include "common.h" + +#ifdef HAVE_STDBOOL_H +# include +#else +# ifndef HAVE__BOOL +# define _Bool signed char +# endif +# define bool _Bool +# define false 0 +# define true 1 +# define __bool_true_false_are_defined 1 +#endif + +#endif /* _NPL_SYSTEM_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/tcpinfo.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/tcpinfo.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/tcpinfo.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/tcpinfo.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* tcpinfo -- library for getting TCP network and socket informations + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _TCPINFO_H_ +#define _TCPINFO_H_ + +#define TCP_UNSET 0 +#define TCP_VERBOSE (1 << 1) +#define TCP_v4 (1 << 2) +#define TCP_v6 (1 << 3) + +#ifdef __cplusplus +extern "C" +{ +#endif + + struct proc_tcptable; + + /* Allocates space for a new tcptable object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + int proc_tcptable_new (struct proc_tcptable **tcptable); + + /* Fill the proc_tcptable structure pointed with the values found in the + * proc filesystem. */ + void proc_tcptable_read (struct proc_tcptable *tcptable, int flags); + + /* Drop a reference of the tcptable library context. If the refcount of + * reaches zero, the resources of the context will be released. */ + struct proc_cputable *proc_tcptable_unref (struct proc_tcptable *tcptable); + + /* Accessing the values from proc_tcptable */ + + unsigned long proc_tcp_get_tcp_established (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_syn_sent (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_syn_recv (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_fin_wait1 (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_fin_wait2 (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_time_wait (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_close (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_close_wait (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_last_ack (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_listen (struct proc_tcptable *tcptable); + unsigned long proc_tcp_get_tcp_closing (struct proc_tcptable *tcptable); + +#ifdef __cplusplus +} +#endif + +#endif /* _TCPINFO_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/testutils.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/testutils.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/testutils.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/testutils.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,132 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* testutils.h -- a simple framework for unit testing + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _TESTUTILS_H +#define _TESTUTILS_H + +#include +#include +#include +#include +#include + +#include "getenv.h" +#include "string-macros.h" + +#define EXIT_AM_SKIP 77 /* tell Automake we're skipping a test */ +#define EXIT_AM_HARDFAIL 99 /* tell Automake that the framework is broken */ + +#define TEST_KERNEL_VERSION_MAJOR 2 +#define TEST_KERNEL_VERSION_MINOR 6 +#define TEST_KERNEL_VERSION_PATCH 27 +#define TEST_KERNEL_VERSION "2.6.27" + +/* environment variables to allow testing via static proc and sysfs files; + note that 'abs_srcdir' seems the only way to make 'make distcheck' happy + (we cannot use 'abs_builddir' because the *.data files are not copied to + /nagios-plugins-linux-/_build/sub/tests/) */ +#define NPL_TEST_PATH_PROCSTAT abs_srcdir "/ts_procstat.data" +#define NPL_TEST_PATH_PROCMEMINFO abs_srcdir "/ts_procmeminfo.data" +#define NPL_TEST_PATH_PROCVMSTAT abs_srcdir "/ts_procvmstat.data" +#define NPL_TEST_PATH_SYSDOCKERMEMSTAT abs_srcdir "/ts_sysdockermemstat.data" +#define NPL_TEST_PATH_PROCPRESSURE_CPU abs_srcdir "/ts_procpressurecpu.data" +#define NPL_TEST_PATH_PROCPRESSURE_IO abs_srcdir "/ts_procpressureio.data" + +/* simulate the test of a query to the docker rest API */ +#define NPL_TEST_PATH_CONTAINER_JSON abs_srcdir "/ts_container_docker.data" + +/* simulate the test of a query to varlink */ +#define NPL_TEST_PATH_PODMAN_GETCONTAINERSBYSTATUS_JSON \ + abs_srcdir "/ts_container_podman_GetContainersByStatus.data" +#define NPL_TEST_PATH_PODMAN_GETCONTAINERSTATS_JSON \ + abs_srcdir "/ts_container_podman_GetContainerStats.data" +#define NPL_TEST_PATH_PODMAN_LISTCONTAINERS_JSON \ + abs_srcdir "/ts_container_podman_ListContainers.data" + +#define TEST_ASSERT_EQUAL_NUMERIC(A, B) \ + do { if ((A) != (B)) ret = -1; } while (0) + +#define TEST_ASSERT_EQUAL_STRING(A, B) \ + do { if (STRNEQ (A, B)) ret = -1; } while (0) + +#ifdef __cplusplus +extern "C" +{ +#endif + + char * test_fstringify (const char * filename); + int test_main (int argc, char **argv, int (*func) (void), ...); + +# define TEST_MAIN(func) \ + int main (int argc, char **argv) \ + { \ + return test_main (argc, argv, func, NULL); \ + } + +# define TEST_PRELOAD(lib) \ + do \ + { \ + const char *preload = secure_getenv ("LD_PRELOAD"); \ + if (preload == NULL || strstr (preload, lib) == NULL) \ + { \ + char *newenv; \ + if (!test_file_is_executable (lib)) \ + { \ + perror (lib); \ + return EXIT_FAILURE; \ + } \ + if (!preload) \ + { \ + newenv = (char *) lib; \ + } \ + else if (asprintf (&newenv, "%s:%s", lib, preload) < 0) \ + { \ + perror ("asprintf"); \ + return EXIT_FAILURE; \ + } \ + if (setenv ("LD_PRELOAD", newenv, 1) < 0) \ + { \ + perror ("setenv"); \ + return EXIT_FAILURE; \ + } \ + char *argv0 = realpath (argv[0], NULL); \ + if (!argv0) \ + { \ + perror ("realpath"); \ + return EXIT_FAILURE; \ + } \ + execv (argv0, argv); \ + free (argv0); \ + } \ + } \ + while (0) + +# define TEST_MAIN_PRELOAD(func, ...) \ + int main (int argc, char **argv) \ + { \ + return test_main (argc, argv, func, __VA_ARGS__, NULL); \ + } + + /* Runs test. + returns: -1 = error, 0 = success */ + int test_run (const char *title, + int (*body) (const void *data), const void *data); + +#ifdef __cplusplus +} +#endif + +#endif /* _TESTUTILS_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/thresholds.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/thresholds.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/thresholds.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/thresholds.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* thresholds.h -- nagios thresholds + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#pragma once + +#include "system.h" + +/* Return codes for _set_thresholds */ +#define NP_RANGE_UNPARSEABLE 1 +#define NP_WARN_WITHIN_CRIT 2 + +#define NP_RANGE_OUTSIDE 0 +#define NP_RANGE_INSIDE 1 + +/* see: nagios-plugins-1.4.15/lib/utils_base.h */ +typedef struct range_struct +{ + double start; + double end; + bool start_infinity; /* false (default) or true */ + bool end_infinity; + int alert_on; /* NP_RANGE_OUTSIDE (default) or NP_RANGE_INSIDE */ +} range; + +typedef struct thresholds_struct +{ + range *warning; + range *critical; +} thresholds; + +int get_status (double, thresholds *); +int set_thresholds (thresholds **, char *, char *); +bool thresholds_expressed_as_percentages (char *warn_string, + char *critical_string); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/units.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/units.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/units.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/units.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* units.h -- a library for converting between memory units + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _UNITS_H_ +#define _UNITS_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + + typedef enum unit_shift + { + b_shift = 0, k_shift = 10, m_shift = 20, g_shift = 30 + } unit_shift; + +#define UNIT_CONVERT(X, shift) (((unsigned long long)(X) << k_shift) >> shift) +#define UNIT_STR(X) UNIT_CONVERT(X, shift), units + +#ifdef __cplusplus +} +#endif + +#endif /* _UNITS_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/url_encode.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/url_encode.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/url_encode.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/url_encode.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* url_encode.h -- encode a string representing an URL + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _URL_ENCODE_H_ +#define _URL_ENCODE_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + + char * url_encode (char *str); + +#ifdef __cplusplus +} +#endif + +#endif /* _URL_ENCODE_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/vminfo.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/vminfo.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/vminfo.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/vminfo.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* vminfo.h -- library for getting virtual memory informations + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _VMINFO_H_ +#define _VMINFO_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + + struct proc_vmem; + + /* Return the PATH of the proc vmstat filesystem ("/proc/vmstat"), or the + content of the environment variable "NPL_TESTING_PATH_PROC_VMSTAT" + if set */ + const char *get_path_proc_vmstat (); + + /* Allocates space for a new vmem object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + int proc_vmem_new (struct proc_vmem **vmem); + + /* Fill the proc_vmem structure pointed with the values found in the + * proc filesystem. */ + void proc_vmem_read (struct proc_vmem *vmem); + + /* Drop a reference of the virtual memory library context. If the refcount + * of reaches zero, the resources of the context will be released. */ + struct proc_vmem *proc_vmem_unref (struct proc_vmem *vmem); + + /* Accessing the values from proc_vmem */ + + unsigned long proc_vmem_get_pgalloc (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgfault (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgfree (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgmajfault (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgpgin (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgpgout (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgrefill (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgscan (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgscand (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgscank (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pgsteal (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pswpin (struct proc_vmem *vmem); + unsigned long proc_vmem_get_pswpout (struct proc_vmem *vmem); + +#ifdef __cplusplus +} +#endif + +#endif /* _VMINFO_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xalloc.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xalloc.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xalloc.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xalloc.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* xalloc.h -- malloc with out-of-memory checking + + Copyright (C) 1990-2000, 2003-2004, 2006-2012 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef XALLOC_H_ +# define XALLOC_H_ + +# ifdef __cplusplus +extern "C" { +# endif + + void *xmalloc (const size_t s) + _attribute_malloc_ _attribute_alloc_size_ ((1)); + void *xmemdup (void const *p, const size_t s) + _attribute_malloc_ _attribute_alloc_size_ ((2)); + char *xstrdup (char const *str) + _attribute_malloc_; + char *xsubstrdup (char const *start, const size_t s) + _attribute_malloc_; + void *xnmalloc (const size_t n, const size_t s) + _attribute_malloc_ _attribute_alloc_size_ ((1, 2)); + void *xrealloc (void *p, const size_t s) + _attribute_malloc_ _attribute_alloc_size_ ((2)); + +#ifdef __cplusplus +} +#endif + +#endif /* XALLOC_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xasprintf.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xasprintf.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xasprintf.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xasprintf.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* xasprintf.h -- asprintf with out-of-memory checking. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _XASPRINTF_H +#define _XASPRINTF_H 1 + +#ifdef __cplusplus +extern "C" { +#endif + + /* Write formatted output to a string dynamically allocated with malloc(), + and return it. On error exit with the STATE_UNKNOWN status */ + char *xasprintf (const char *format, ...) + _attribute_format_printf_(1, 2); + +#ifdef __cplusplus +} +#endif + +#endif /* _XASPRINTF_H */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xstrton.h nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xstrton.h --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xstrton.h 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/include/xstrton.h 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* xstrton.h -- string to double and long conversion with error checking + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef XSTRTON_H_ +# define XSTRTON_H_ + +# ifdef __cplusplus +extern "C" { +# endif + + double strtod_or_err (const char *str, const char *errmesg); + long strtol_or_err (const char *str, const char *errmesg); + +#ifdef __cplusplus +} +#endif + +#endif /* XSTRTON_H_ */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/INSTALL nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/INSTALL --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/INSTALL 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/INSTALL 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,370 @@ +Installation Instructions +************************* + +Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, +Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + +Basic Installation +================== + + Briefly, the shell command `./configure && make && make install' +should configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. Caching is +disabled by default to prevent problems with accidental use of stale +cache files. + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. + + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. + + The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. + + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + + 4. Type `make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. + + You can give `configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here +is an example: + + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you can use GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. + + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. + +Installation Names +================== + + By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like `--bindir=DIR' to specify different values for particular +kinds of files. Run `configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + HP-UX `make' updates targets which have the same time stamps as +their prerequisites, which makes it generally unusable when shipped +generated files such as `configure' are involved. Use GNU `make' +instead. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + +Specifying the System Type +========================== + + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + + CPU-COMPANY-SYSTEM + +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +use the option `--target=TYPE' to select the type of system they will +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with `--host=TYPE'. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Defining Variables +================== + + Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified `gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf limitation. Until the limitation is lifted, you can use +this workaround: + + CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash + +`configure' Invocation +====================== + + `configure' recognizes the following options to control how it +operates. + +`--help' +`-h' + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. + +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. + +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/install-sh nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/install-sh --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/install-sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/install-sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,501 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2013-12-25.23; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# 'make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +tab=' ' +nl=' +' +IFS=" $tab$nl" + +# Set DOITPROG to "echo" to test this script. + +doit=${DOITPROG-} +doit_exec=${doit:-exec} + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +is_target_a_directory=possibly + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) is_target_a_directory=never;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + dstdir=`dirname "$dst"` + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + oIFS=$IFS + IFS=/ + set -f + set fnord $dstdir + shift + set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + set +f && + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/collection.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/collection.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/collection.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/collection.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,165 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2018 Davide Madrisan + * + * A simple dictionary for counting hashable objects (strings) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include + +#include "collection.h" +#include "logging.h" +#include "string-macros.h" +#include "xalloc.h" + +#define HASHSIZE 101 + +/* hash: form hash value for string s */ + +static unsigned +hash (const char *s) +{ + unsigned hashval; + + for (hashval = 0; *s != '\0'; s++) + hashval = *s + 31 * hashval; + + return hashval % HASHSIZE; +} + +/* initialize the hash pointer table */ + +hashtable_t * +counter_create (void) +{ + hashtable_t *hashtable = xmalloc (sizeof (hashtable_t)); + hashable_t **table = xnmalloc (HASHSIZE, sizeof (hashable_t *)); + + hashtable->capacity = HASHSIZE; + hashtable->elements = hashtable->uniq = 0; + hashtable->table = table; + hashtable->keys = xmalloc (sizeof (*(hashtable->keys))); + + return hashtable; +} + +/* lookup: look for a key in hash table */ + +hashable_t * +counter_lookup (const hashtable_t * hashtable, const char *key) +{ + hashable_t *np; + + for (np = hashtable->table[hash (key)]; np != NULL; np = np->next) + if (STREQ (key, np->key)) + { + dbg ("hashtable lookup: found key \"%s\"\n", key); + return np; + } + + dbg ("hashtable lookup: key \"%s\" not found\n", key); + return NULL; +} + +/* Insert the element 'key' into the hash table. + * Set count to 'increment' if 'key' was not present in the table or + * increment the counter by 'increment' otherwise. */ + +hashable_t * +counter_put (hashtable_t * hashtable, const char *key, unsigned long increment) +{ + hashable_t *np; + + if ((np = counter_lookup (hashtable, key)) == NULL) + { /* not found */ + dbg ("hashtable: adding a new key \"%s\"\n", key); + np = xmalloc (sizeof (*np)); + np->key = xstrdup (key); + + unsigned int hashval = hash (key); + np->count = increment; + np->next = hashtable->table[hashval]; + hashtable->table[hashval] = np; + + unsigned long new_size = + sizeof (*(hashtable->keys)) * (hashtable->uniq + 1); + hashtable->keys = xrealloc (hashtable->keys, new_size); + dbg ("xrealloc'ed hashtable->keys to %lu bytes\n", new_size); + + (hashtable->keys)[hashtable->uniq] = np->key; + dbg ("(hashtable->keys)[%u] = \"%s\"\n", hashtable->uniq, + (hashtable->keys)[hashtable->uniq]); + + hashtable->uniq++; + } + else + { + /* already there */ + dbg ("hashtable: the key \"%s\" is already present, " + "counter incremented: %lu\n", key, np->count); + np->count += increment; + } + + hashtable->elements++; + + return np; +} + +/* Return the number of elements stored in the hash table */ + +unsigned int +counter_get_elements (const hashtable_t * hashtable) +{ + return hashtable->elements; +} + +/* Return the number if unique elements stored in the hash table */ + +unsigned int +counter_get_unique_elements (const hashtable_t * hashtable) +{ + return hashtable->uniq; +} + +/* Return an array containing the pointers to all the keys stored + in the hash table */ + +char ** +counter_keys (hashtable_t * hashtable) +{ + return (hashtable->uniq < 1) ? NULL : hashtable->keys; +} + +void +counter_free (hashtable_t * hashtable) +{ + hashable_t *np, *np2; + + for (int i = 0; i < HASHSIZE; i++) + { + np = hashtable->table[i]; + while (np != NULL) + { + np2 = np; + np = np->next; + free (np2); + } + } + free (hashtable->table); + free (hashtable->keys); + free (hashtable); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_count.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_count.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_count.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_count.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,256 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2018 Davide Madrisan + * + * A library for checking for Docker exposed metrics. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#ifndef NPL_TESTING +static const char *docker_socket = DOCKER_SOCKET; +#endif + +#include +#include +#include +#include +#include +#include + +#if HAVE_LIBCURL +#include +#endif + +#include "common.h" +#include "collection.h" +#include "container_docker.h" +#include "json_helpers.h" +#include "logging.h" +#include "messages.h" +#include "string-macros.h" +#include "system.h" +#include "url_encode.h" +#include "xalloc.h" +#include "xasprintf.h" + +/* Hide all jsmn API symbols by making them static */ +#define JSMN_STATIC +#include "jsmn.h" + +#define DOCKER_CONTAINERS_JSON 0x01 + +/* parse the json stream returned by Docker and return a pointer to the + hashtable containing the values of the discovered 'tokens'. + return NULL if the data cannot be parsed. */ + +static hashtable_t * +docker_json_parser (const char *json, const char *token, unsigned long increment) +{ + size_t i, ntoken; + hashtable_t *hashtable = NULL; + + jsmntok_t *buffer = json_tokenise (json, &ntoken); + hashtable = counter_create (); + + for (i = 1; i < ntoken; i++) + { + if (0 == json_token_streq (json, &buffer[i], token)) + { + size_t strsize = buffer[i + 1].end - buffer[i + 1].start; + char *value = xmalloc (strsize + 1); + memcpy (value, json + buffer[i + 1].start, strsize); + + dbg ("found token \"%s\" with value \"%s\" at position %d\n", + token, value, buffer[i].start); + counter_put (hashtable, value, increment); + free (value); + } + } + + free (buffer); + return hashtable; +} + +#if !defined NPL_TESTING && defined HAVE_LIBCURL + +static size_t +write_memory_callback (void *contents, size_t size, size_t nmemb, void *userp) +{ + size_t realsize = size * nmemb; + chunk_t *mem = (chunk_t *) userp; + + mem->memory = realloc (mem->memory, mem->size + realsize + 1); + if (NULL == mem->memory) + plugin_error (STATE_UNKNOWN, errno, "memory exhausted"); + + memcpy (&(mem->memory[mem->size]), contents, realsize); + mem->size += realsize; + mem->memory[mem->size] = 0; + + return realsize; +} + +static void +docker_init (CURL ** curl_handle, chunk_t * chunk) +{ + chunk->memory = malloc (1); /* will be grown as needed by the realloc above */ + chunk->size = 0; /* no data at this point */ + + curl_global_init (CURL_GLOBAL_ALL); + + /* init the curl session */ + *curl_handle = curl_easy_init (); + if (NULL == (*curl_handle)) + plugin_error (STATE_UNKNOWN, errno, + "cannot start a libcurl easy session"); + + curl_easy_setopt (*curl_handle, CURLOPT_UNIX_SOCKET_PATH, docker_socket); + dbg ("CURLOPT_UNIX_SOCKET_PATH is set to \"%s\"\n", docker_socket); + + /* send all data to this function */ + curl_easy_setopt (*curl_handle, CURLOPT_WRITEFUNCTION, + write_memory_callback); + curl_easy_setopt (*curl_handle, CURLOPT_WRITEDATA, (void *) chunk); + + /* some servers don't like requests that are made without a user-agent + field, so we provide one */ + curl_easy_setopt (*curl_handle, CURLOPT_USERAGENT, "libcurl-agent/1.0"); +} + +static CURLcode +docker_get (CURL * curl_handle, const int query) +{ + CURLcode res; + char *api_version, *class, *url, *filter = NULL; + + switch (query) + { + default: + plugin_error (STATE_UNKNOWN, 0, "unknown docker query"); + case DOCKER_CONTAINERS_JSON: + api_version = "1.18"; + filter = url_encode ("{\"status\":{\"running\":true}}"); + class = "containers/json"; + url = filter ? + xasprintf ("http://v%s/%s?filters=%s", api_version, class, filter) : + xasprintf ("http://v%s/%s", api_version, class); + break; + } + + dbg ("docker rest url: %s\n", url); + + curl_easy_setopt (curl_handle, CURLOPT_URL, url); + res = curl_easy_perform (curl_handle); + + free (filter); + free (url); + + return res; +} + +static void +docker_close (CURL * curl_handle, chunk_t * chunk) +{ + /* cleanup curl stuff */ + curl_easy_cleanup (curl_handle); + + free (chunk->memory); + + /* we're done with libcurl, so clean it up */ + curl_global_cleanup (); +} + +#endif /* NPL_TESTING */ + +/* Returns the number of running Docker containers */ + +int +docker_running_containers (unsigned int *count, const char *image, + char **perfdata, bool verbose) +{ + chunk_t chunk; + hashtable_t *hashtable; + unsigned int running_containers = 0; + +#ifndef NPL_TESTING + + CURL *curl_handle = NULL; + CURLcode res; + + docker_init (&curl_handle, &chunk); + res = docker_get (curl_handle, DOCKER_CONTAINERS_JSON); + if (CURLE_OK != res) + { + docker_close (curl_handle, &chunk); + plugin_error (STATE_UNKNOWN, errno, "%s", curl_easy_strerror (res)); + } + +#else + + int err; + if ((err = docker_get (&chunk, DOCKER_CONTAINERS_JSON)) != 0) + return err; + +#endif /* NPL_TESTING */ + + assert (chunk.memory); + dbg ("%lu bytes retrieved\n", chunk.size); + dbg ("json data: %s", chunk.memory); + + hashtable = docker_json_parser (chunk.memory, "Image", 1); + if (NULL == hashtable) + plugin_error (STATE_UNKNOWN, 0, + "unable to parse the json data for \"Image\"s"); + dbg ("number of docker unique images: %u\n", + counter_get_unique_elements (hashtable)); + + if (image) + { + hashable_t *np = counter_lookup (hashtable, image); + assert (NULL != np); + running_containers = np ? np->count : 0; + *perfdata = xasprintf ("containers_%s=%u", image, running_containers); + } + else + { + running_containers = counter_get_elements (hashtable); + size_t size; + FILE *stream = open_memstream (perfdata, &size); + for (unsigned int j = 0; j < hashtable->uniq; j++) + { + hashable_t *np = counter_lookup (hashtable, hashtable->keys[j]); + assert (NULL != np); + fprintf (stream, "containers_%s=%lu ", + hashtable->keys[j], np->count); + } + fprintf (stream, "containers_total=%u", hashtable->elements); + fclose (stream); + } + + *count = running_containers; + + counter_free (hashtable); + docker_close ( +#ifndef NPL_TESTING + curl_handle, +#endif + &chunk); + + return 0; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_memory.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_memory.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_memory.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_docker_memory.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,175 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2018 Davide Madrisan + * + * A library for checking sysfs for Docker exposed metrics for memory. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include +#include +#include "sysfsparser.h" + +#include "common.h" +#include "container_docker.h" +#include "logging.h" +#include "messages.h" +#include "xasprintf.h" + +#ifndef NPL_TESTING + +#define PATH_SYS_CGROUP "/sys/fs/cgroup" +#define PATH_SYS_DOCKER_MEM PATH_SYS_CGROUP "/memory/docker" + +static char * +get_docker_memory_stat_path () +{ + char *syspath = NULL; + + /* Debian 8.10 and 9.4, Fedora 28 */ + if (sysfsparser_path_exist (PATH_SYS_DOCKER_MEM "/memory.stat")) + syspath = xasprintf ("%s/memory.stat", PATH_SYS_DOCKER_MEM); + + return syspath; +} + +#endif /* NPL_TESTING */ + +struct docker_memory_desc +{ + int refcount; + + long long b_total_cache; + long long b_total_rss; + long long b_total_swap; + long long b_total_unevictable; + long long c_total_pgfault; + long long c_total_pgmajfault; + long long c_total_pgpgin; + long long c_total_pgpgout; +}; + +/* Allocates space for a new docker_memory_desc object. + * Returns 0 if all went ok. Errors are returned as negative values. */ +int +docker_memory_desc_new (struct docker_memory_desc **memdesc) +{ + struct docker_memory_desc *d; + + d = calloc (1, sizeof (struct docker_memory_desc)); + if (!d) + return -ENOMEM; + + d->refcount = 1; + + *memdesc = d; + return 0; +} + +/* Fill the docker_memory_desc structure pointed with the values found in the + * sysfs filesystem */ +void +docker_memory_desc_read (struct docker_memory_desc *__restrict memdesc) +{ + char *line = NULL; + FILE *fp; + size_t len = 0; + ssize_t chread; + + char *syspath = get_docker_memory_stat_path (); + + if (NULL == syspath) + plugin_error (STATE_UNKNOWN, errno, "sysfs file not found: memory.stat"); + + if ((fp = fopen (syspath, "r")) == NULL) + plugin_error (STATE_UNKNOWN, errno, "error opening %s", syspath); + + dbg ("parsing the file \"%s\"...\n", syspath); + while ((chread = getline (&line, &len, fp)) != -1) + { + dbg ("line: %s", line); + + if (sysfsparser_linelookup_numeric + (line, "total_cache", &memdesc->b_total_cache)); + else + if (sysfsparser_linelookup_numeric + (line, "total_rss", &memdesc->b_total_rss)); + else + if (sysfsparser_linelookup_numeric + (line, "total_swap", &memdesc->b_total_swap)); + else + if (sysfsparser_linelookup_numeric + (line, "total_unevictable", &memdesc->b_total_unevictable)); + else + if (sysfsparser_linelookup_numeric + (line, "total_pgfault", &memdesc->c_total_pgfault)); + else + if (sysfsparser_linelookup_numeric + (line, "total_pgmajfault", &memdesc->c_total_pgmajfault)); + else + if (sysfsparser_linelookup_numeric + (line, "total_pgpgin", &memdesc->c_total_pgpgin)); + else + if (sysfsparser_linelookup_numeric + (line, "total_pgpgout", &memdesc->c_total_pgpgout)); + else + continue; + } + + fclose (fp); +} + +/* Accessing the values from docker_memory_desc */ + +#define docker_memory_desc_get(arg, prefix) \ + long long docker_memory_get_ ## arg (struct docker_memory_desc *p) \ + { \ + dbg(" -> %s: %lld\n", #arg, (p == NULL) ? 0 : p->prefix ## _ ## arg); \ + return (p == NULL) ? 0 : p->prefix ## _ ## arg; \ + } +#define docker_memory_desc_get_bytes(arg) \ + docker_memory_desc_get(arg, b) +#define docker_memory_desc_get_count(arg) \ + docker_memory_desc_get(arg, c) + + docker_memory_desc_get_bytes (total_cache); + docker_memory_desc_get_bytes (total_rss); + docker_memory_desc_get_bytes (total_swap); + docker_memory_desc_get_bytes (total_unevictable); + docker_memory_desc_get_count (total_pgfault); + docker_memory_desc_get_count (total_pgmajfault); + docker_memory_desc_get_count (total_pgpgin); + docker_memory_desc_get_count (total_pgpgout); + +#undef docker_memory_desc_get_count +#undef docker_memory_desc_get_bytes +#undef docker_memory_desc_get + +/* Drop a reference of the docker_memory_desc library context. If the refcount + * of reaches zero, the resources of the context will be released. */ +struct docker_memory_desc * +docker_memory_desc_unref (struct docker_memory_desc *memdesc) +{ + if (memdesc == NULL) + return NULL; + + memdesc->refcount--; + if (memdesc->refcount > 0) + return memdesc; + + free (memdesc); + return NULL; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,374 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A library for checking for Podman metrics via varlink calls. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "container_podman.h" +#include "logging.h" +#include "messages.h" +#include "xalloc.h" +#include "xasprintf.h" + +static inline int +epoll_control (int epfd, int op, int fd, uint32_t events, void *ptr) +{ + struct epoll_event event = { + .data = {.ptr = ptr}, + .events = events + }; + + return epoll_ctl (epfd, op, fd, &event); +} + +long +podman_varlink_error (long ret, const char *funcname, char **err) +{ + if (ret < 0) + { + const char *varlink_err = varlink_error_string (labs (ret)); + *err = + funcname ? xasprintf ("%s: %s", funcname, + varlink_err) : xasprintf ("%s", varlink_err); + return ret; + } + return 0; +} + +long +podman_varlink_check_event (podman_varlink_t *pv) +{ + int ret, timeout = -1; + struct epoll_event event; + + dbg ("executing varlink_connection_get_events...\n"); + if ((ret = varlink_connection_get_events (pv->connection)) < 0) + return ret; + + dbg ("executing epoll_control...\n"); + ret = epoll_control (pv->epoll_fd, EPOLL_CTL_ADD, + varlink_connection_get_fd (pv->connection), + varlink_connection_get_events (pv->connection), + pv->connection); + if (ret < 0 && errno != EEXIST) + return ret; + + dbg ("executing epoll wait loop...\n"); + for (;;) + { + ret = epoll_wait (pv->epoll_fd, &event, 1, timeout); + if (ret < 0) + { + if (EINTR == errno) + continue; + return -errno; + } + if (ret == 0) + return -ETIMEDOUT; + + if (event.data.ptr == pv->connection) + { + epoll_control (pv->epoll_fd, EPOLL_CTL_MOD, + varlink_connection_get_fd (pv->connection), + varlink_connection_get_events (pv->connection), + pv->connection); + break; /* ready */ + } + if (NULL == event.data.ptr) + { + struct signalfd_siginfo info; + long size; + + size = read (pv->signal_fd, &info, sizeof (info)); + if (size != sizeof (info)) + continue; + return -EINTR; + } + } + + dbg ("processing varlink pending events...\n"); + if ((ret = varlink_connection_process_events (pv->connection, 0)) != 0) + return ret; + + return 0; +} + +long +podman_varlink_callback (VarlinkConnection * connection, + const char *error, + VarlinkObject * parameters, + uint64_t flags, void *userdata) +{ + VarlinkObject **out = userdata; + long ret = 0; + + if (error) + ret = -1; + else + *out = varlink_object_ref (parameters); + + return ret; +} + +/* Allocates space for a new varlink object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + +int +podman_varlink_new (podman_varlink_t **pv, char *varlinkaddr) +{ + long ret; + sigset_t mask; + podman_varlink_t *v; + + if (NULL == varlinkaddr) + varlinkaddr = VARLINK_ADDRESS; + dbg ("varlink address is \"%s\"\n", varlinkaddr); + + dbg ("allocating memory for the \"podman_varlink_t\" structure...\n"); + v = calloc (1, sizeof (podman_varlink_t)); + if (!v) + plugin_error (STATE_UNKNOWN, 0, "podman_varlink_new: memory exhausted"); + + v->parameters = NULL; + + dbg ("opening an epoll file descriptor and set the close-on-exec flag...\n"); + if ((v->epoll_fd = epoll_create1 (EPOLL_CLOEXEC)) < 0) + plugin_error (STATE_UNKNOWN, errno, "epoll_create1: %s (errno: %d)", + strerror (errno), errno); + + dbg ("setting POSIX signals...\n"); + sigemptyset (&mask); + sigaddset (&mask, SIGTERM); + sigaddset (&mask, SIGINT); + sigaddset (&mask, SIGPIPE); + sigprocmask (SIG_BLOCK, &mask, NULL); + + dbg ("creating a file descriptor for accepting signals...\n"); + v->signal_fd = signalfd (-1, &mask, SFD_NONBLOCK | SFD_CLOEXEC); + if (v->signal_fd < 0) + plugin_error (STATE_UNKNOWN, errno, "signalfd: %s (errno: %d)", + strerror (errno), errno); + + dbg ("add signal_fd to the interest list of the epoll...\n"); + epoll_control (v->epoll_fd, EPOLL_CTL_ADD, v->signal_fd, EPOLLIN, NULL); + + dbg ("create a new varlink client connection...\n"); + ret = varlink_connection_new (&v->connection, varlinkaddr); + if (ret < 0) + plugin_error (STATE_UNKNOWN, errno, "varlink_connection_new: %s", + varlink_error_string (labs (ret))); + + *pv = v; + dbg ("the varlink resources have been successfully initialized\n"); + return 0; +} + +podman_varlink_t * +podman_varlink_unref (podman_varlink_t *pv) +{ + if (pv == NULL) + return NULL; + + epoll_control (pv->epoll_fd, EPOLL_CTL_DEL, + varlink_connection_get_fd (pv->connection), 0, NULL); + + varlink_connection_close (pv->connection); + varlink_connection_free (pv->connection); + pv->connection = NULL; + + if (pv->parameters) + varlink_object_unref (pv->parameters); + free (pv); + + return NULL; +} + +/* Return the list of podman containers. + * The format of the data in JSON format follows: + * + * { + * "containers": [ + * { + * "command": [ + * ... + * ], + * "containerrunning": true, + * "createdat": "2020-04-06T00:22:29+02:00", + * "id": "3b395e067a3071ba77b2b44999235589a0957c72e99d1186ff1e53a0069da727", + * "image": "docker.io/library/redis:latest", + * "imageid": "f0453552d7f26fc38ffc05fa034aa7a7bc6fbb01bc7bc5a9e4b3c0ab87068627", + * "mounts": [ + * ... + * ], + * "names": "srv-redis-1", + * "namespaces": { + * ... + * }, + * "ports": [ + * ... + * ], + * "rootfssize": 98203942, + * "runningfor": "52.347336247s", + * "rwsize": 0, + * "status": "running" + * }, + * { + * ... + * } + * ] + * } + */ + +long +podman_varlink_list (podman_varlink_t *pv, VarlinkArray **list, char **err) +{ + const char *varlinkmethod = "io.podman.ListContainers"; + long ret; + VarlinkObject *reply; + + assert (NULL != pv->connection); + + dbg ("executing varlink_connection_call with method set to \"%s\"...\n", + varlinkmethod); + ret = varlink_connection_call (pv->connection, varlinkmethod, pv->parameters, + 0, podman_varlink_callback, &reply); + if (ret < 0) + return podman_varlink_error (ret, "varlink_connection_call", err); + + if ((ret = podman_varlink_check_event (pv)) < 0) + return podman_varlink_error (ret, NULL, err); + + ret = varlink_object_get_array (reply, "containers", list); + if (ret < 0) + return podman_varlink_error (ret, "varlink_object_get_array", err); + + return 0; +} + +/* Get the statistics for a running container. + * The format of the data follows: + * + * { + * "container": { + * "block_input": 16601088, + * "block_output": 16384, + * "cpu": 1.0191267811342149e-07, + * "cpu_nano": 1616621000, + * "id": "e15712d1db8f92b3a00be9649345856da53ab22abcc8b22e286c5cd8fbf08c36", + * "mem_limit": 8232525824, + * "mem_perc": 0.10095059739468847, + * "mem_usage": 8310784, + * "name": "srv-redis-1", + * "net_input": 1048, + * "net_output": 7074, + * "pids": 4, + * "system_nano": 1586280558931850500 + * } + */ + +long +podman_varlink_stats (podman_varlink_t *pv, const char *shortid, + container_stats_t *cp, char **err) +{ + const char *temp; + char *varlinkmethod = "io.podman.GetContainerStats"; + long ret; + VarlinkObject *reply, *stats; + + assert (NULL != pv->connection); + + dbg ("%s: parameter built from \"%s\" will be passed to varlink_call()\n", + __func__, shortid); + varlink_object_new (&(pv->parameters)); + ret = varlink_object_set_string (pv->parameters, "name", shortid); + if (ret < 0) + return podman_varlink_error (ret, "varlink_object_set_string", err); + + dbg ("varlink method \"%s\"\n", varlinkmethod); + ret = varlink_connection_call (pv->connection, varlinkmethod, + pv->parameters, 0, podman_varlink_callback, + &reply); + if (ret < 0) + return podman_varlink_error (ret, "varlink_connection_call", err); + + varlink_object_unref (pv->parameters); + + if ((ret = podman_varlink_check_event (pv)) < 0) + return podman_varlink_error (ret, NULL, err); + + ret = varlink_object_get_object (reply, "container", &stats); + if (ret < 0) + return podman_varlink_error (ret, "varlink_object_get_object", err); + + varlink_object_get_int (stats, "block_input", &cp->block_input); + varlink_object_get_int (stats, "block_output", &cp->block_output); + varlink_object_get_int (stats, "net_input", &cp->net_input); + varlink_object_get_int (stats, "net_output", &cp->net_output); + varlink_object_get_float (stats, "cpu", &cp->cpu); + varlink_object_get_int (stats, "mem_usage", &cp->mem_usage); + varlink_object_get_int (stats, "mem_limit", &cp->mem_limit); + varlink_object_get_int (stats, "pids", &cp->pids); + varlink_object_get_string (stats, "name", &temp); + cp->name = xstrdup (temp); + + dbg ("%s: block I/O = %ld/%ld\n", __func__, cp->block_input, + cp->block_output); + dbg ("%s: cpu = %.2lf%%\n", __func__, cp->cpu); + dbg ("%s: network I/O = %ld/%ld\n", __func__, cp->net_input, cp->net_output); + dbg ("%s: memory usage = %ld/%ld\n", __func__, cp->mem_usage, cp->mem_limit); + dbg ("%s: pids = %ld\n", __func__, cp->pids); + dbg ("%s: name = %s\n", __func__, cp->name); + + varlink_object_unref (reply); + return 0; +} + +/* Return a string valid for Nagios performance data output */ + +char* +podman_image_name_normalize (const char *image) +{ + char *nstring = xstrdup (basename (image)); + for (size_t i = 0; i < strlen (nstring); i++) + if (nstring[i] == ':') + nstring[i] = '_'; + return nstring; +} + +/* Return the short ID in the 'shortid' buffer. This buffer must have a size + PODMAN_SHORTID_LEN */ + +void +podman_shortid (const char *id, char *shortid) +{ + memcpy (shortid, id, PODMAN_SHORTID_LEN - 1); + shortid[PODMAN_SHORTID_LEN - 1] = '\0'; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_count.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_count.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_count.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_count.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,115 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A library for checking for Podman metrics via varlink calls. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include +#include + +#include "collection.h" +#include "common.h" +#include "container_podman.h" +#include "logging.h" +#include "messages.h" +#include "string-macros.h" + +int +podman_running_containers (struct podman_varlink *pv, unsigned int *count, + const char *image, char **perfdata) +{ + char *errmsg = NULL; + long ret; + size_t size; + unsigned int configured_containers, exited_containers, + running_containers; + unsigned long elements, i; + + FILE *stream = open_memstream (perfdata, &size); + hashtable_t *ht_running; + VarlinkArray *list; + + ht_running = counter_create (); + + ret = podman_varlink_list (pv, &list, &errmsg); + if (ret < 0) + plugin_error (STATE_UNKNOWN, 0, "varlink_varlink_list: %s", errmsg); + + elements = varlink_array_get_n_elements (list); + dbg ("varlink has detected %lu containers\n", elements); + + configured_containers = exited_containers = running_containers = 0; + for (i = 0; i < elements; i++) + { + bool cnt_running; + const char *cnt_id, *cnt_image, *cnt_status; + VarlinkObject *state; + + varlink_array_get_object (list, i, &state); + varlink_object_get_string (state, "id", &cnt_id); + varlink_object_get_string (state, "image", &cnt_image); + varlink_object_get_bool (state, "containerrunning", &cnt_running); + varlink_object_get_string (state, "status", &cnt_status); + + dbg ("podman container %s\n", cnt_id); + dbg (" * container image: %s\n", cnt_image); + dbg (" * container is running: %s (status: %s)\n", + cnt_running ? "yes" : "no", cnt_status); + + /* discard containers non running the selected image, + * when ahs been specified at command-line */ + if (image && STRNEQ (cnt_image, image)) + continue; + + if (cnt_running) + { + counter_put (ht_running, cnt_image, 1); + running_containers++; + } + else if (STREQ (cnt_status, "configured")) + configured_containers++; + else if (STREQ (cnt_status, "exited")) + exited_containers++; + } + + dbg ("running containers: %u, configured: %u, exited: %u\n", + running_containers, configured_containers, exited_containers); + + if (image) + fprintf (stream, "configured=%u exited=%u running=%u", + configured_containers, exited_containers, + running_containers); + else + for (unsigned int j = 0; j < ht_running->uniq; j++) + { + char *image_norm = + podman_image_name_normalize (ht_running->keys[j]); + hashable_t *np = counter_lookup (ht_running, ht_running->keys[j]); + assert (NULL != np); + fprintf (stream, "%s=%lu ", image_norm, np->count); + free (image_norm); + } + + *count = running_containers; + + fclose (stream); + counter_free (ht_running); + free (errmsg); + + return 0; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_stats.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_stats.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_stats.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/container_podman_stats.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,180 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A library for checking for Podman metrics via varlink calls. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include +#include +#include + +#include "common.h" +#include "container_podman.h" +#include "logging.h" +#include "messages.h" +#include "string-macros.h" +#include "xasprintf.h" + +void +podman_stats (podman_varlink_t *pv, stats_type which_stats, + bool report_perc, total_t *total, unit_shift shift, + const char *image, char **status, char **perfdata) +{ + char *errmsg = NULL, *total_str; + long ret; + size_t size; + unsigned long containers = 0, count, i; + VarlinkArray *list; + + /* see the enum type 'stats_type' declared in container_podman.h */ + char const * which_stats_str[] = { + "block input", + "block output", + "cpu", + "memory", + "network input", + "network output", + "pids" + }; + assert (sizeof (which_stats_str) / sizeof (char *) != last_stats); + + FILE *stream = open_memstream (perfdata, &size); + + if (which_stats == cpu_stats) + total->lf = 0.0; + else + total->llu = 0; + + ret = podman_varlink_list (pv, &list, &errmsg); + if (ret < 0) + plugin_error (STATE_UNKNOWN, 0, "varlink_varlink_list: %s", errmsg); + + count = varlink_array_get_n_elements (list); + dbg ("varlink has detected %lu containers\n", count); + + for (i = 0; i < count; i++) + { + bool cnt_running; + char shortid[PODMAN_SHORTID_LEN]; + const char *cnt_id, *cnt_image, *cnt_status; + container_stats_t stats; + VarlinkObject *state; + + varlink_array_get_object (list, i, &state); + varlink_object_get_string (state, "id", &cnt_id); + varlink_object_get_string (state, "image", &cnt_image); + varlink_object_get_bool (state, "containerrunning", &cnt_running); + varlink_object_get_string (state, "status", &cnt_status); + + podman_shortid (cnt_id, shortid); + + dbg ("podman container %s (%s)\n", cnt_id, shortid); + dbg (" * container image: %s\n", cnt_image); + dbg (" * container is running: %s (status: %s)\n", + cnt_running ? "yes" : "no", cnt_status); + + /* discard non running containers */ + if (!cnt_running) + continue; + /* discard containers non running the selected image if any */ + if (image && STRNEQ (cnt_image, image)) + continue; + + containers++; + + ret = podman_varlink_stats (pv, shortid, &stats, &errmsg); + if (ret < 0) + plugin_error (STATE_UNKNOWN, 0, "varlink_varlink_stats: %s", errmsg); + + switch (which_stats) + { + default: + /* this should never happen */ + plugin_error (STATE_UNKNOWN, 0, "unknown podman container metric"); + break; + case block_in_stats: + fprintf (stream, "%s=%ldkB ", stats.name, (stats.block_input / 1000)); + total->llu += stats.block_input; + break; + case block_out_stats: + fprintf (stream, "%s=%ldkB ", + stats.name, (stats.block_output / 1000)); + total->llu += stats.block_output; + break; + case cpu_stats: + fprintf (stream, "%s=%.2lf%% ", stats.name, stats.cpu); + total->lf += stats.cpu; + break; + case memory_stats: + if (report_perc) + fprintf + (stream, "%s=%.2f%% ", stats.name, + ((double)(stats.mem_usage) / (double)(stats.mem_limit)) * 100); + else + fprintf (stream, "%s=%ldkB;;;0;%ld ", stats.name, + (stats.mem_usage / 1000), (stats.mem_limit / 1000)); + total->llu += stats.mem_usage; + break; + case network_in_stats: + fprintf (stream, "%s=%ldB ", stats.name, stats.net_input); + total->llu += stats.net_input; + break; + case network_out_stats: + fprintf (stream, "%s=%ldB ", stats.name, stats.net_output); + total->llu += stats.net_output; + break; + case pids_stats: + fprintf (stream, "%s=%ld ", stats.name, stats.pids); + total->llu += stats.pids; + break; + } + + free (stats.name); + } + + fclose (stream); + + if ((which_stats != pids_stats) && (which_stats != cpu_stats)) + switch (shift) + { + default: + case b_shift: + total_str = xasprintf ("%lluB", total->llu); + break; + case k_shift: + total_str = xasprintf ("%llukB", total->llu / 1000); + break; + case m_shift: + total_str = xasprintf ("%gMB", total->llu / 1000000.0); + break; + case g_shift: + total_str = xasprintf ("%gGB", total->llu / 1000000000.0); + break; + } + else if (which_stats == pids_stats) + total_str = xasprintf ("%llu", total->llu); + else + total_str = xasprintf ("%.2lf%%", total->lf); + + *status = + xasprintf ("%s of %s used by %lu running container%s", total_str, + which_stats_str[which_stats], containers, + (containers > 1) ? "s" : ""); + + free (total_str); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpudesc.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpudesc.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpudesc.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpudesc.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,266 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014-2015 Davide Madrisan + * + * A library for checking the CPU features + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "cputopology.h" +#include "string-macros.h" +#include "messages.h" +#include "procparser.h" +#include "sysfsparser.h" +#include "system.h" +#include "xalloc.h" + +#define PATH_PROC_CPUINFO "/proc/cpuinfo" + +#define PATH_SYS_SYSTEM "/sys/devices/system" +#define PATH_SYS_CPU PATH_SYS_SYSTEM "/cpu" + +bool +get_processor_is_hot_pluggable (unsigned int cpu) +{ + return sysfsparser_path_exist (PATH_SYS_CPU "/cpu%u/online", cpu); +} + +int +get_processor_is_online (unsigned int cpu) +{ + bool path_exist = + sysfsparser_path_exist (PATH_SYS_CPU "/cpu%u/online", cpu); + + if (false == path_exist) + return -1; + + return sysfsparser_getvalue (PATH_SYS_CPU "/cpu%u/online", cpu); +} + +enum /* CPU modes */ +{ + MODE_32BIT = (1 << 1), + MODE_64BIT = (1 << 2) +}; + +struct cpu_desc +{ + int refcount; + + char *arch; + char *vendor; + char *family; + char *model; + char *modelname; + char *virtflag; /* virtualization flag (vmx, svm) */ + char *mhz; + char *flags; /* x86 */ + int mode; + int ncpus; /* number of present CPUs */ + int ncpuspos; /* maximal possible CPUs */ +}; + +/* Allocates space for a new cpu_desc object. + * Returns 0 if all went ok. Errors are returned as negative values. */ +int +cpu_desc_new (struct cpu_desc **cpudesc) +{ + struct cpu_desc *d; + + d = calloc (1, sizeof (struct cpu_desc)); + if (!d) + return -ENOMEM; + + d->refcount = 1; + + *cpudesc = d; + return 0; +} + +/* Fill the cpu_desc structure pointed with the values found in the + * proc and sysfs filesystems */ + +void +cpu_desc_read (struct cpu_desc *cpudesc) +{ + char *line = NULL; + FILE *fp; + size_t len = 0; + ssize_t chread; + struct utsname utsbuf; + + if (cpudesc == NULL) + return; + + if ((fp = fopen (PATH_PROC_CPUINFO, "r")) == NULL) + plugin_error (STATE_UNKNOWN, errno, "error opening %s", PATH_PROC_CPUINFO); + + if (uname (&utsbuf) == -1) + plugin_error (STATE_UNKNOWN, errno, "uname() failed"); + cpudesc->arch = xstrdup (utsbuf.machine); + + cpudesc->ncpus = get_processor_number_total (); + cpudesc->ncpuspos = get_processor_number_kernel_max (); + + cpudesc->mode = 0; +#if defined(__alpha__) || defined(__ia64__) + cpudesc->mode |= MODE_64BIT; /* 64bit platforms only */ +#endif + /* platforms with 64bit flag in /proc/cpuinfo, define + * 32bit default here */ +#if defined(__i386__) || defined(__x86_64__) || \ + defined(__s390x__) || defined(__s390__) || defined(__sparc_v9__) + cpudesc->mode |= MODE_32BIT; +#endif + + while ((chread = getline (&line, &len, fp)) != -1) + { + if (linelookup (line, "vendor", &cpudesc->vendor)); + else if (linelookup (line, "vendor_id", &cpudesc->vendor)); + else if (linelookup (line, "family", &cpudesc->family)); + else if (linelookup (line, "cpu family", &cpudesc->family)); + else if (linelookup (line, "model", &cpudesc->model)); + else if (linelookup (line, "model name", &cpudesc->modelname)) ; + else if (linelookup (line, "cpu MHz", &cpudesc->mhz)) ; + else if (linelookup (line, "flags", &cpudesc->flags)) ; /* x86 */ + else + continue; + } + + if (cpudesc->flags) + { + size_t buflen = strlen (cpudesc->flags) + 2; + char *buf = xmalloc (buflen); + + snprintf (buf, buflen, " %s ", cpudesc->flags); + if (strstr (buf, " svm ")) + cpudesc->virtflag = xstrdup ("svm"); + else if (strstr (buf, " vmx ")) + cpudesc->virtflag = xstrdup ("vmx"); + if (strstr (buf, " lm ")) + cpudesc->mode |= MODE_32BIT | MODE_64BIT; /* x86_64 */ + if (strstr (buf, " zarch ")) + cpudesc->mode |= MODE_32BIT | MODE_64BIT; /* s390x */ + if (strstr (buf, " sun4v ") || strstr (buf, " sun4u ")) + cpudesc->mode |= MODE_32BIT | MODE_64BIT; /* sparc64 */ + + free (buf); + } + + free (line); +} + +/* Drop a reference of the cpu_desc library context. If the refcount of + * reaches zero, the resources of the context will be released. */ +struct cpu_desc * +cpu_desc_unref (struct cpu_desc *cpudesc) +{ + if (cpudesc == NULL) + return NULL; + + cpudesc->refcount--; + if (cpudesc->refcount > 0) + return cpudesc; + + free (cpudesc); + return NULL; +} + +char * +cpu_desc_get_architecture (struct cpu_desc *cpudesc) +{ + return cpudesc->arch; +} + +char * +cpu_desc_get_vendor (struct cpu_desc *cpudesc) +{ + return cpudesc->vendor; +} + +char * +cpu_desc_get_family (struct cpu_desc *cpudesc) +{ + return cpudesc->family; +} + +char * +cpu_desc_get_model (struct cpu_desc *cpudesc) +{ + return cpudesc->model; +} + +char * +cpu_desc_get_model_name (struct cpu_desc *cpudesc) +{ + return cpudesc->modelname; +} + +char * +cpu_desc_get_virtualization_flag (struct cpu_desc *cpudesc) +{ + if (cpudesc->virtflag == NULL) + return NULL; + + if (STREQ (cpudesc->virtflag, "svm")) + return "AMD-V"; + else if (STREQ (cpudesc->virtflag, "vmx")) + return "VT-x"; + /* should never been reached */ + else + return cpudesc->virtflag; +} + +char * +cpu_desc_get_mhz (struct cpu_desc *cpudesc) +{ + return cpudesc->mhz; +} + +char * +cpu_desc_get_flags (struct cpu_desc *cpudesc) +{ + return cpudesc->flags; +} + +int +cpu_desc_get_mode (struct cpu_desc *cpudesc) +{ + return cpudesc->mode; +} + +int +cpu_desc_get_ncpus (struct cpu_desc *cpudesc) +{ + return cpudesc->ncpus; +} + +int +cpu_desc_get_ncpuspos (struct cpu_desc *cpudesc) +{ + return cpudesc->ncpuspos; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpufreq.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpufreq.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpufreq.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpufreq.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,196 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A library for checking the CPU frequency configuration + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include +#include +#include + +#include "common.h" +#include "cpufreq.h" +#include "sysfsparser.h" +#include "xalloc.h" +#include "xasprintf.h" + +struct cpufreq_available_frequencies +{ + unsigned long value; + struct cpufreq_available_frequencies *next; +}; + +unsigned long +cpufreq_get_freq_kernel (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_freq_kernel (cpu); +} + +struct cpufreq_available_frequencies * +cpufreq_get_available_freqs (unsigned int cpu) +{ + char *freqs = + sysfsparser_cpufreq_get_available_freqs (cpu); + + if (NULL == freqs) + return NULL; + + struct cpufreq_available_frequencies *first = NULL, *curr = NULL; + char *str, *saveptr; + + for (str = freqs; ; str = NULL) + { + char *token = strtok_r (str, " ", &saveptr); + if (token == NULL) + break; + + if (curr) + { + curr->next = xmalloc (sizeof (*curr)); + curr = curr->next; + } + else + { + first = xmalloc (sizeof (*first)); + curr = first; + } + curr->next = NULL; + curr->value = strtoul (token, NULL, 10); + } + + return first; +} + +struct cpufreq_available_frequencies * +cpufreq_get_available_freqs_next (struct cpufreq_available_frequencies *curr) +{ + return curr->next; +} + +unsigned long +cpufreq_get_available_freqs_value (struct cpufreq_available_frequencies *curr) +{ + return curr->value; +} + +void +cpufreq_available_frequencies_unref(struct cpufreq_available_frequencies *first) +{ + struct cpufreq_available_frequencies *curr = first; + while (curr) + { + struct cpufreq_available_frequencies *tmp = curr; + curr = curr->next; + free(tmp); + } +} + +int +cpufreq_get_hardware_limits (unsigned int cpu, + unsigned long *min, unsigned long *max) +{ + return sysfsparser_cpufreq_get_hardware_limits (cpu, min, max); +} + +unsigned long +cpufreq_get_transition_latency (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_transition_latency (cpu); +} + +char * +cpufreq_get_driver (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_driver (cpu); +} + +char * +cpufreq_get_governor (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_governor (cpu); +} + +char * +cpufreq_get_available_governors (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_available_governors (cpu); +} + +char * +cpufreq_freq_to_string (unsigned long freq) +{ + unsigned long tmp; + + if (freq > 1000000) + { + tmp = freq % 10000; + if (tmp >= 5000) + freq += 10000; + return xasprintf ("%u.%02uGHz", ((unsigned int) freq / 1000000), + ((unsigned int) (freq % 1000000) / 10000)); + } + else if (freq > 100000) + { + tmp = freq % 1000; + if (tmp >= 500) + freq += 1000; + return xasprintf ("%uMHz", ((unsigned int) freq / 1000)); + } + else if (freq > 1000) + { + tmp = freq % 100; + if (tmp >= 50) + freq += 100; + return xasprintf ("%u.%01uMHz", ((unsigned int) freq / 1000), + ((unsigned int) (freq % 1000) / 100)); + } + else + return xasprintf ("%lukHz", freq); +} + +char * +cpufreq_duration_to_string (unsigned long duration) +{ + unsigned long tmp; + + if (duration > 1000000) + { + tmp = duration % 10000; + if (tmp >= 5000) + duration += 10000; + return xasprintf ("%u.%02ums", ((unsigned int) duration / 1000000), + ((unsigned int) (duration % 1000000) / 10000)); + } + else if (duration > 100000) + { + tmp = duration % 1000; + if (tmp >= 500) + duration += 1000; + return xasprintf ("%uus", ((unsigned int) duration / 1000)); + } + else if (duration > 1000) + { + tmp = duration % 100; + if (tmp >= 50) + duration += 100; + return xasprintf ("%u.%01uus", ((unsigned int) duration / 1000), + ((unsigned int) (duration % 1000) / 100)); + } + else + return xasprintf ("%luns", duration); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpustats.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpustats.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpustats.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cpustats.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,180 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A library for checking the CPU utilization + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "cpustats.h" +#include "getenv.h" +#include "logging.h" +#include "messages.h" +#include "procparser.h" +#include "system.h" +#include "xalloc.h" +#include "xasprintf.h" + +const char * +get_path_proc_stat () +{ + const char *env_procstat = secure_getenv ("NPL_TEST_PATH_PROCSTAT"); + if (env_procstat) + return env_procstat; + + return "/proc/stat"; +} + +/* Fill the cpu_stats structure pointed with the values found in the + * proc filesystem */ + +void +cpu_stats_get_time (struct cpu_time * __restrict cputime, unsigned int lines) +{ + FILE *fp; + size_t len = 0; + ssize_t chread; + char *line = NULL; + bool found; + const char *procpath = get_path_proc_stat (); + + if ((fp = fopen (procpath, "r")) == NULL) + plugin_error (STATE_UNKNOWN, errno, "error opening %s", procpath); + + memset (cputime, '\0', lines * sizeof (struct cpu_time)); + + found = false; + while ((chread = getline (&line, &len, fp)) != -1) + { + if (!strncmp (line, "cpu ", 4)) + { + cputime->cpuname = xstrdup ("cpu"); + sscanf (line, + "cpu %llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", + &cputime->user, &cputime->nice, &cputime->system, + &cputime->idle, &cputime->iowait, &cputime->irq, + &cputime->softirq, &cputime->steal, &cputime->guest, + &cputime->guestn); + dbg ("line: %s", line); + dbg (" \\ %s >> [1]user:%llu ... [5]iowait:%llu ...\n", + cputime->cpuname, cputime->user, cputime->iowait); + found = true; + if (lines == 1) + break; + } + else if (!strncmp (line, "cpu", 3)) + { + char *endptr; + unsigned int cpunum = strtol (line + 3, &endptr, 10); + if (lines <= cpunum + 1) + plugin_error (STATE_UNKNOWN, 0, + "BUG: %s(): lines(%u) <= cpunum(%u) + 1", + __FUNCTION__, lines, cpunum); + + unsigned int i = cpunum + 1; + cputime[i].cpuname = xasprintf ("cpu%u", cpunum); + sscanf (endptr, + "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", + &cputime[i].user, &cputime[i].nice, + &cputime[i].system, &cputime[i].idle, + &cputime[i].iowait, &cputime[i].irq, + &cputime[i].softirq, &cputime[i].steal, + &cputime[i].guest, &cputime[i].guestn); + dbg ("line: %s", line); + dbg (" \\ %s >> [1]user:%llu ... [5]iowait:%llu ...\n", + cputime[i].cpuname, cputime[i].user, cputime[i].iowait); + } + } + + free (line); + fclose (fp); + + if (!found) + plugin_error (STATE_UNKNOWN, 0, + "%s: pattern not found: 'cpu '", procpath); +} + +static unsigned long long +cpu_stats_get_value_with_pattern (const char *pattern, bool mandatory) +{ + FILE *fp; + size_t len = 0; + ssize_t chread; + char *line = NULL; + bool found; + unsigned long long value; + const char *procpath = get_path_proc_stat (); + + if ((fp = fopen (procpath, "r")) == NULL) + plugin_error (STATE_UNKNOWN, errno, "error opening %s", procpath); + + value = 0; + found = false; + + while ((chread = getline (&line, &len, fp)) != -1) + { + if (!strncmp (line, pattern, strlen (pattern))) + { + sscanf (line + strlen (pattern), "%llu", &value); + dbg ("line: %s \\ value for '%s': %llu\n", line, pattern, value); + found = true; + break; + } + } + + free (line); + fclose (fp); + + if (!found && mandatory) + plugin_error (STATE_UNKNOWN, 0, + "%s: pattern not found: '%s'", procpath, pattern); + + return value; +} + +/* wrappers */ + +unsigned long long +cpu_stats_get_cswch () +{ + return cpu_stats_get_value_with_pattern ("ctxt ", true); +} + +unsigned long long +cpu_stats_get_intr () +{ + return cpu_stats_get_value_with_pattern ("intr ", true); +} + +unsigned long long +cpu_stats_get_softirq () +{ + /* Not separated out until the 2.6.0-test4, hence 'false' */ + return cpu_stats_get_value_with_pattern ("softirq ", false); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cputopology.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cputopology.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cputopology.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/cputopology.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,243 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014-2015 Davide Madrisan + * + * A library for checking the CPU topology + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +/* A note on terminology + * --------------------- + * CPU The logical CPU number of a CPU as used by the Linux kernel. + * CORE The logical core number. A core can contain several CPUs. + * SOCKET The logical socket number. A socket can contain several cores. + * BOOK The logical book number. A book can contain several sockets. + * NODE The logical NUMA node number. A node may contain several books. */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "cputopology.h" +#include "sysfsparser.h" + +#define PATH_SYS_SYSTEM "/sys/devices/system" +#define PATH_SYS_CPU PATH_SYS_SYSTEM "/cpu" + +#if !HAVE_DECL_CPU_ALLOC +/* Please, use CPU_COUNT_S() macro. This is fallback */ +int +__cpuset_count_s (size_t setsize, const cpu_set_t * set) +{ + int s = 0; + const __cpu_mask *p = set->__bits; + const __cpu_mask *end = &set->__bits[setsize / sizeof (__cpu_mask)]; + + while (p < end) + { + __cpu_mask l = *p++; + + if (l == 0) + continue; +#if LONG_BIT > 32 + l = (l & 0x5555555555555555ul) + ((l >> 1) & 0x5555555555555555ul); + l = (l & 0x3333333333333333ul) + ((l >> 2) & 0x3333333333333333ul); + l = (l & 0x0f0f0f0f0f0f0f0ful) + ((l >> 4) & 0x0f0f0f0f0f0f0f0ful); + l = (l & 0x00ff00ff00ff00fful) + ((l >> 8) & 0x00ff00ff00ff00fful); + l = (l & 0x0000ffff0000fffful) + ((l >> 16) & 0x0000ffff0000fffful); + l = (l & 0x00000000fffffffful) + ((l >> 32) & 0x00000000fffffffful); +#else + l = (l & 0x55555555ul) + ((l >> 1) & 0x55555555ul); + l = (l & 0x33333333ul) + ((l >> 2) & 0x33333333ul); + l = (l & 0x0f0f0f0ful) + ((l >> 4) & 0x0f0f0f0ful); + l = (l & 0x00ff00fful) + ((l >> 8) & 0x00ff00fful); + l = (l & 0x0000fffful) + ((l >> 16) & 0x0000fffful); +#endif + s += l; + } + return s; +} +#endif + +/* Get the number of total and active cpus */ + +/* Note! On Linux systems with glibc, + * sysconf (_SC_NPROCESSORS_CONF) + * sysconf (_SC_NPROCESSORS_ONLN) + * come from the /sys and /proc file systems (see + * glibc/sysdeps/unix/sysv/linux/getsysstats.c). + * In some situations these file systems are not mounted, and the sysconf + * call returns 1, which does not reflect the reality. */ + +int +get_processor_number_total (void) +{ + /* The number of CPUs configured in the system. */ + return +#if defined (HAVE_GET_NPROCS_CONF) + get_nprocs_conf (); +#elif defined (HAVE_SYSCONF__SC_NPROCESSORS_CONF) + sysconf (_SC_NPROCESSORS_CONF); +#else + -1; +#endif +} + +int +get_processor_number_online (void) +{ + /* The number of CPUs available to the scheduler. */ + return +#if defined (HAVE_GET_NPROCS) + get_nprocs (); +#elif defined (HAVE_SYSCONF__SC_NPROCESSORS_ONLN) + sysconf (_SC_NPROCESSORS_ONLN); +#else + -1; +#endif +} + +/* Get the maximum cpu index allowed by the kernel configuration. */ + +int +get_processor_number_kernel_max () +{ + return sysfsparser_getvalue (PATH_SYS_CPU "/kernel_max") + 1; +} + +static inline int +char_to_val (int c) +{ + int cl; + + cl = tolower (c); + if (c >= '0' && c <= '9') + return c - '0'; + else if (cl >= 'a' && cl <= 'f') + return cl + (10 - 'a'); + else + return -1; +} + +/* Parses string with CPUs mask and return the number of CPUs present. */ + +static int +cpumask_parse (const char *str, cpu_set_t *set, size_t setsize) +{ + const char *ptr; + int len, cpu = 0; + + if (!str) + return -1; + + len = strlen (str); + ptr = str + len - 1; + + /* skip 0x, it's all hex anyway */ + if (len > 1 && !memcmp (str, "0x", 2L)) + str += 2; + + CPU_ZERO_S (setsize, set); + + while (ptr >= str) + { + char val; + + /* cpu masks in /sys uses comma as a separator */ + if (*ptr == ',') + ptr--; + + val = char_to_val (*ptr); + if (val == (char) -1) + return -1; + if (val & 1) + CPU_SET_S (cpu, setsize, set); + if (val & 2) + CPU_SET_S (cpu + 1, setsize, set); + if (val & 4) + CPU_SET_S (cpu + 2, setsize, set); + if (val & 8) + CPU_SET_S (cpu + 3, setsize, set); + ptr--; + cpu += 4; + } + + return CPU_COUNT_S (setsize, set); +} + +/* Get the number of threads within one core */ + +void +get_cputopology_read (unsigned int *nsockets, unsigned int *ncores, + unsigned int *nthreads) +{ + cpu_set_t *set; + size_t cpu, /* most 32 bit architectures use "unsigned int" size_t, + * and all 64 bit architectures use "unsigned long" size_t */ + maxcpus, setsize = 0; + + *nsockets = *ncores = *nthreads = 1; + maxcpus = get_processor_number_kernel_max (); + + if (!(set = CPU_ALLOC (maxcpus))) + return; + setsize = CPU_ALLOC_SIZE (maxcpus); + + for (cpu = 0; cpu < maxcpus; cpu++) + { + /* thread_siblings: internal kernel map of cpu#'s hardware threads + * within the same core as cpu# */ + char *thread_siblings = + sysfsparser_getline (PATH_SYS_CPU "/cpu%lu/topology/thread_siblings", + (unsigned long)cpu); + if (!thread_siblings) + continue; + + /* threads within one core */ + *nthreads = cpumask_parse (thread_siblings, set, setsize); + if (*nthreads == 0) + *nthreads = 1; + + /* core_siblings: internal kernel map of cpu#'s hardware threads + * within the same physical_package_id. */ + char *core_siblings = + sysfsparser_getline (PATH_SYS_CPU "/cpu%lu/topology/core_siblings", + (unsigned long)cpu); + /* cores within one socket */ + *ncores = cpumask_parse (core_siblings, set, setsize) / *nthreads; + if (*ncores == 0) + *ncores = 1; + + int ncpus_online = get_processor_number_online (); + unsigned int ncpus = ncpus_online > 0 ? ncpus_online : 0; + + *nsockets = ncpus / *nthreads / *ncores; + if (!*nsockets) + *nsockets = 1; + + free (core_siblings); + free (thread_siblings); + } + + CPU_FREE (set); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/interrupts.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/interrupts.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/interrupts.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/interrupts.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A library for getting informations on the system interrupts + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include + +#include "common.h" +#include "cputopology.h" +#include "logging.h" +#include "system.h" +#include "xalloc.h" + +#define PROC_ROOT "/proc" +#define PROC_INTR PROC_ROOT "/interrupts" + +/* Return an array containing the number of interrupts per cpu per IO device. + * Since Linux 2.6.24, for the i386 and x86_64 architectures at least, + * /proc/interrupts also includes interrupts internal to the system (that is, + * not associated with a device as such). */ +unsigned long * +proc_interrupts_get_nintr_per_cpu (unsigned int *ncpus) +{ + FILE *fp; + char *p, *end, *line = NULL; + size_t len = 0; + ssize_t chread; + bool header = true; + unsigned int cpu; + + if ((fp = fopen (PROC_INTR, "r")) == NULL) + return NULL; + + *ncpus = get_processor_number_online (); + unsigned long value, + *vintr = xnmalloc (*ncpus, sizeof (unsigned long)); + + while ((chread = getline (&line, &len, fp)) != -1) + { + /* skip the first line */ + if (header) + { + header = false; + continue; + } + + p = strchr(line, ':'); + if (NULL == p) /* this should never happen */ + continue; + + dbg ("%s", line); + for (cpu = 0; cpu < *ncpus; cpu++) + { + if (*p == '\0' || *p == '\n') + continue; + value = strtoul (p + 1, &end, 10); + dbg (" --> cpu%u = %lu\n", cpu, value); + vintr[cpu] += value; + p = end + 1; + } + dbg ("\n"); + } + + free (line); + + return vintr; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/json_helpers.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/json_helpers.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/json_helpers.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/json_helpers.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A library containing some helper functions for parsing data in JSON format. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include + +#include "jsmn.h" +#include "json_helpers.h" +#include "logging.h" +#include "xalloc.h" + +int +json_token_streq (const char *json, jsmntok_t * tok, const char *s) +{ + if (tok->type == JSMN_STRING && (int) strlen (s) == tok->end - tok->start && + strncmp (json + tok->start, s, tok->end - tok->start) == 0) + return 0; + + return -1; +} + +char * +json_token_tostr (char *json, jsmntok_t * t) +{ + return xsubstrdup (json + t->start, t->end - t->start); +} + +jsmntok_t * +json_tokenise (const char *json, size_t *ntoken) +{ + jsmn_parser parser; + int r, ret; + + assert (NULL != json); + + jsmn_init (&parser); + r = jsmn_parse (&parser, json, strlen (json), NULL, 0); + if (r < 0) + return NULL; + + dbg ("number of json tokens: %d\n", r); + jsmntok_t *tokens = xnmalloc (r, sizeof (jsmntok_t)); + + jsmn_init (&parser); + ret = jsmn_parse (&parser, json, strlen (json), tokens, r); + assert (ret >= 0); + + *ntoken = r; + return tokens; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/kernelver.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/kernelver.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/kernelver.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/kernelver.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A library for checking the version of a running Linux kernel + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include +#include +#include + +#include "messages.h" + +unsigned int +linux_version (void) +{ + struct utsname utsbuf; + int x, y, z, depth; + + if (uname (&utsbuf) == -1) + plugin_error (STATE_UNKNOWN, errno, "uname() failed"); + + x = y = z = 0; + depth = sscanf(utsbuf.release, "%d.%d.%d", &x, &y, &z); + if ((depth < 2) || /* non-standard for all known kernels */ + ((depth < 3) && (x < 3))) /* non-standard for 2.x.x kernels */ + plugin_error (STATE_UNKNOWN, 0, "non-standard kernel version: %s", + utsbuf.release); + + return KERNEL_VERSION (x, y, z); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,81 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2014-2016 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +AM_CPPFLAGS = \ + -include $(top_builddir)/config.h \ + -I$(top_srcdir)/include \ + -DDOCKER_SOCKET=\"$(DOCKER_SOCKET)\" \ + -DVARLINK_ADDRESS=\"$(VARLINK_ADDRESS)\" \ + $(LIBCURL_CPPFLAGS) \ + $(LIBPROCPS_CPPFLAGS) + +noinst_LIBRARIES = libutils.a + +libutils_a_SOURCES = \ + collection.c \ + container_docker_memory.c \ + cpudesc.c \ + cpufreq.c \ + cpustats.c \ + cputopology.c \ + kernelver.c \ + interrupts.c \ + json_helpers.c \ + messages.c \ + mountlist.c \ + netinfo.c \ + netinfo-private.c \ + perfdata.c \ + pressure.c \ + processes.c \ + procparser.c \ + progname.c \ + sysfsparser.c \ + thresholds.c \ + tcpinfo.c \ + url_encode.c \ + xasprintf.c \ + xmalloc.c \ + xstrton.c + +if HAVE_LIBCURL + libutils_a_SOURCES += \ + container_docker_count.c +endif + +if HAVE_LIBVARLINK + libutils_a_SOURCES += \ + container_podman.c \ + container_podman_count.c \ + container_podman_stats.c +endif + +if HAVE_LIBPROCPS + + libutils_a_SOURCES += \ + meminfo_procps.c \ + vminfo_procps.c + +else + +if HAVE_PROC_MEMINFO + libutils_a_SOURCES += meminfo.c +endif + + libutils_a_SOURCES += vminfo.c + +endif diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,292 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014-2015 Davide Madrisan + * + * A library for checking memory and swap usage on linux + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include + +#include "getenv.h" +#include "kernelver.h" +#include "logging.h" +#include "messages.h" +#include "meminfo.h" +#include "procparser.h" +#include "sysfsparser.h" +#include "system.h" +#include "units.h" + +#define MEMINFO_UNSET ~0UL + +#define PATH_PROC_SYS "/proc/sys" +#define PATH_VM_MIN_FREE_KB PATH_PROC_SYS "/vm/min_free_kbytes" + +typedef struct proc_sysmem_data +{ + /* old but still kicking -- the important stuff */ + unsigned long kb_main_buffers; + unsigned long kb_page_cache; + unsigned long kb_main_free; + unsigned long kb_main_total; + unsigned long kb_swap_free; + unsigned long kb_swap_total; + /* Shmem in 2.6.32+ */ + unsigned long kb_main_shared; + /* recently introduced */ + unsigned long kb_high_total; + unsigned long kb_low_free; + unsigned long kb_low_total; + /* 2.4.xx era */ + unsigned long kb_active; + unsigned long kb_inact_laundry; + unsigned long kb_inact_dirty; + unsigned long kb_inact_clean; + unsigned long kb_swap_cached; /* late 2.4 and 2.6+ only */ + /* 2.5.41+ */ + unsigned long kb_slab; + unsigned long kb_committed_as; + unsigned long kb_dirty; + unsigned long kb_inactive; + // 2.6.19+ + unsigned long kb_slab_reclaimable; + /* seen on 2.6.24-rc6-git12 */ + unsigned long kb_anon_pages; + // 2.6.27+ + unsigned long kb_active_file; + unsigned long kb_inactive_file; + /* 3.14+ + * MemAvailable provides an estimate of how much memory is available for + * starting new applications, without swapping. + * However, unlike the data provided by the Cache or Free fields, + * MemAvailable takes into account page cache and also that not all + * reclaimable memory slabs will be reclaimable due to items being in + * use. + * See: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/\ + * commit/?id=34e431b0ae398fc54ea69ff85ec700722c9da773 + */ + unsigned long kb_main_available; + /* derived values */ + unsigned long kb_main_cached; + unsigned long kb_main_used; +} proc_sysmem_data_t; + +typedef struct proc_sysmem +{ + int refcount; + struct proc_sysmem_data *data; +} proc_sysmem_t; + +#ifndef NPL_TESTING + +const char * +get_path_proc_meminfo () +{ + const char *env_procmeminfo = secure_getenv ("NPL_TEST_PATH_PROCMEMINFO"); + if (env_procmeminfo) + return env_procmeminfo; + + return PROC_MEMINFO; +} + +/* Allocates space for a new sysmem object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + +int +proc_sysmem_new (struct proc_sysmem **sysmem) +{ + struct proc_sysmem *m; + + m = calloc (1, sizeof (struct proc_sysmem)); + if (!m) + return -ENOMEM; + + m->refcount = 1; + m->data = calloc (1, sizeof (struct proc_sysmem_data)); + if (!m->data) + { + free (m); + return -ENOMEM; + } + + *sysmem = m; + return 0; +} + +/* Fill the proc_sysmem structure pointed will the values found in the + * proc filesystem. */ + +void proc_sysmem_read (struct proc_sysmem *sysmem) +{ + if (sysmem == NULL) + return; + + struct proc_sysmem_data *data = sysmem->data; + + const struct proc_table_struct sysmem_table[] = { + { "Active", &data->kb_active }, /* important */ + { "Active(file)", &data->kb_active_file }, + { "AnonPages", &data->kb_anon_pages }, + { "Buffers", &data->kb_main_buffers }, /* important */ + { "Cached", &data->kb_page_cache }, /* important */ + { "Committed_AS", &data->kb_committed_as }, + { "Dirty", &data->kb_dirty }, /* kB version of vmstat nr_dirty */ + { "HighTotal", &data->kb_high_total }, + { "Inact_clean", &data->kb_inact_clean }, + { "Inact_dirty", &data->kb_inact_dirty }, + { "Inact_laundry", &data->kb_inact_laundry }, + { "Inactive", &data->kb_inactive }, /* important */ + { "Inactive(file)", &data->kb_inactive_file }, + { "LowFree", &data->kb_low_free }, + { "LowTotal", &data->kb_low_total }, + { "MemAvailable", &data->kb_main_available }, /* kernel 3.14 and later */ + { "MemFree", &data->kb_main_free }, /* important */ + { "MemTotal", &data->kb_main_total }, /* important */ + { "SReclaimable", &data->kb_slab_reclaimable }, /* dentry and inode structures */ + { "Shmem", &data->kb_main_shared }, /* kernel 2.6.32 and later */ + { "Slab", &data->kb_slab }, /* kB version of vmstat nr_slab */ + { "SwapCached", &data->kb_swap_cached }, /* late 2.4 and 2.6+ only */ + { "SwapFree", &data->kb_swap_free }, /* important */ + { "SwapTotal", &data->kb_swap_total }, /* important */ + }; + const int sysmem_table_count = sizeof (sysmem_table) / sizeof (proc_table_struct); + + data->kb_inactive = MEMINFO_UNSET; + data->kb_low_total = MEMINFO_UNSET; + data->kb_main_available = MEMINFO_UNSET; + + procparser (get_path_proc_meminfo (), sysmem_table, sysmem_table_count, ':'); + + if (!data->kb_low_total) + { /* low==main except with large-memory support */ + data->kb_low_total = data->kb_main_total; + data->kb_low_free = data->kb_main_free; + } + + if (data->kb_inactive == MEMINFO_UNSET) + { + data->kb_inactive = + data->kb_inact_dirty + data->kb_inact_clean + + data->kb_inact_laundry; + } + + /* zero? might need fallback for 2.6.27 <= kernel < 3.14 */ + if (data->kb_main_available == MEMINFO_UNSET) + { + dbg ("MemAvailable is not provided by /proc/meminfo (kernel %u)...", + linux_version ()); + if (linux_version () < KERNEL_VERSION (2, 6, 27)) + { + dbg ("...falling back to MemFree\n"); + data->kb_main_available = data->kb_main_free; + } + else + { + dbg ("...let's calculate the value...\n"); + unsigned long kb_min_free = + sysfsparser_getvalue (PATH_VM_MIN_FREE_KB); + /* should be equal to sum of all 'low' fields in /proc/zoneinfo */ + unsigned long watermark_low = kb_min_free * 5 / 4; + + signed long mem_available = + (signed long) data->kb_main_free - watermark_low + + data->kb_inactive_file + data->kb_active_file +#define MIN(x,y) ((x) < (y) ? (x) : (y)) + - MIN((data->kb_inactive_file + data->kb_active_file) / 2, + watermark_low) + data->kb_slab_reclaimable + - MIN(data->kb_slab_reclaimable / 2, watermark_low); +#undef MIN + if (mem_available < 0) + mem_available = 0; + data->kb_main_available = (unsigned long) mem_available; + } + } + + /* derived values */ + data->kb_main_cached = data->kb_page_cache + data->kb_slab_reclaimable; + data->kb_main_used = + data->kb_main_total - data->kb_main_free - data->kb_main_cached - + data->kb_main_buffers; +} + +/* Drop a reference of the memory library context. If the refcount of + * reaches zero, the resources of the context will be released. */ + +struct proc_sysmem *proc_sysmem_unref (struct proc_sysmem *sysmem) +{ + if (sysmem == NULL) + return NULL; + + sysmem->refcount--; + if (sysmem->refcount > 0) + return sysmem; + + free (sysmem->data); + free (sysmem); + return NULL; +} + +#define proc_sysmem_get(arg) \ +unsigned long proc_sysmem_get_ ## arg (struct proc_sysmem *p) \ + { return (p == NULL) ? 0 : p->data->kb_ ## arg; } + +/* Memory that has been used more recently and usually not reclaimed unless + * absolutely necessary. */ +proc_sysmem_get(active) +/* Non-file backed pages mapped into user-space page tables. + * High AnonPages means too much memory been allocated (mostly by malloc call) + * but not released yet (by instance because of memory leaks - process(es) + * that allocate but never free memory. */ +proc_sysmem_get(anon_pages) +/* The amount of memory presently allocated on the system. */ +proc_sysmem_get(committed_as) +/* Memory which is waiting to get written back to the disk. */ +proc_sysmem_get(dirty) +/* Memory which has been less recently used. + * Inactive memory is the best candidate for reclaiming memory and so low + * inactive memory would mean that you are low on memory and the kernel may + + have to swap out process pages, or swap out the cache to disk or in the + * worst case if it runs out of swap space then begin killing processes. */ +proc_sysmem_get(inactive) +proc_sysmem_get(main_available) +proc_sysmem_get(main_buffers) +proc_sysmem_get(main_cached) +proc_sysmem_get(main_free) +proc_sysmem_get(main_shared) +proc_sysmem_get(main_total) +proc_sysmem_get(main_used) + +proc_sysmem_get(swap_cached) +proc_sysmem_get(swap_free) +proc_sysmem_get(swap_total) + +#undef proc_sysmem_get + +unsigned long +proc_sysmem_get_swap_used (struct proc_sysmem *sysmem) +{ + return (sysmem == NULL) ? 0 : + sysmem->data->kb_swap_total - sysmem->data->kb_swap_free; +} + +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo_procps.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo_procps.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo_procps.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/meminfo_procps.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * A library for checking memory and swap usage on linux. + * This library is a front-end for `procps-newlib': + * https://gitlab.com/madrisan/procps/tree/newlib + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include + +typedef struct proc_sysmem +{ + int refcount; + struct meminfo_info *info; /* proc/meminfo.{h,c} */ +} proc_sysmem_t; + +int +proc_sysmem_new (struct proc_sysmem **sysmem) +{ + struct proc_sysmem *m; + + m = calloc (1, sizeof (struct proc_sysmem)); + if (!m) + return -ENOMEM; + + m->refcount = 1; + + if (procps_meminfo_new (&m->info) < 0) + return -ENOMEM; + + *sysmem = m; + return 0; +} + +void +proc_sysmem_read (struct proc_sysmem *sysmem __attribute__ ((unused))) +{ +} + +struct proc_sysmem * +proc_sysmem_unref (struct proc_sysmem *sysmem) +{ + if (sysmem == NULL) + return NULL; + + sysmem->refcount--; + if (sysmem->refcount > 0) + return sysmem; + + procps_meminfo_unref (&(sysmem->info)); + free (sysmem); + return NULL; +} + +#define proc_sysmem_get(arg, item) \ +unsigned long proc_sysmem_get_ ## arg (struct proc_sysmem *p) \ + { return (p == NULL) ? 0 : MEMINFO_GET (p->info, item, ul_int); } + +/* Memory that has been used more recently and usually not reclaimed unless + * absolutely necessary. */ +proc_sysmem_get(active, MEMINFO_MEM_ACTIVE) +/* Non-file backed pages mapped into user-space page tables. + * High AnonPages means too much memory been allocated (mostly by malloc call) + * but not released yet (by instance because of memory leaks - process(es) + * that allocate but never free memory. */ +proc_sysmem_get(anon_pages, MEMINFO_MEM_ANON) +/* The amount of memory presently allocated on the system. */ +proc_sysmem_get(committed_as, MEMINFO_MEM_COMMITTED_AS) +/* Memory which is waiting to get written back to the disk. */ +proc_sysmem_get(dirty, MEMINFO_MEM_DIRTY) +/* Memory which has been less recently used. + * Inactive memory is the best candidate for reclaiming memory and so low + * inactive memory would mean that you are low on memory and the kernel may + + have to swap out process pages, or swap out the cache to disk or in the + * worst case if it runs out of swap space then begin killing processes. */ +proc_sysmem_get(inactive, MEMINFO_MEM_INACTIVE) +proc_sysmem_get(main_available, MEMINFO_MEM_AVAILABLE) +proc_sysmem_get(main_buffers, MEMINFO_MEM_BUFFERS) +proc_sysmem_get(main_cached, MEMINFO_MEM_CACHED_ALL) +proc_sysmem_get(main_free, MEMINFO_MEM_FREE) +proc_sysmem_get(main_shared, MEMINFO_MEM_SHARED) +proc_sysmem_get(main_total, MEMINFO_MEM_TOTAL) +proc_sysmem_get(main_used, MEMINFO_MEM_USED) + +proc_sysmem_get(swap_cached, MEMINFO_SWAP_CACHED) +proc_sysmem_get(swap_free, MEMINFO_SWAP_FREE) +proc_sysmem_get(swap_total, MEMINFO_SWAP_TOTAL) + +unsigned long +proc_sysmem_get_swap_used (struct proc_sysmem *sysmem) +{ + return (sysmem == NULL) ? 0 : + proc_sysmem_get_swap_total (sysmem) - proc_sysmem_get_swap_free (sysmem); +} + +#undef proc_sysmem_get diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/messages.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/messages.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/messages.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/messages.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,115 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* This library was based on and inspired by the gnulib code. + */ + +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" + +/* This variable is incremented each time 'error' is called. */ +unsigned int error_message_count; + +/* The calling program should define program_name and set it to the + name of the executing program. */ +extern char *program_name; + +/* Return non-zero if FD is open. */ +static inline int +is_open (int fd) +{ + return 0 <= fcntl (fd, F_GETFL); +} + +static inline void +flush_stdout (void) +{ + int stdout_fd; + + /* POSIX states that fileno (stdout) after fclose is unspecified. But in + practice it is not a problem, because stdout is statically allocated and + the fd of a FILE stream is stored as a field in its allocated memory. */ + stdout_fd = fileno (stdout); + + /* POSIX states that fflush (stdout) after fclose is unspecified; it + is safe in glibc, but not on all other platforms. fflush (NULL) + is always defined, but too draconian. */ + if (0 <= stdout_fd && is_open (stdout_fd)) + fflush (stdout); +} + +static void +print_errno_message (int errnum) +{ + char const *s; + + s = strerror (errnum); + fprintf (stdout, " (%s)", s); +} + +/* Print the program name and error message MESSAGE, which is a printf-style + format string with optional args. + If ERRNUM is nonzero, print its corresponding system error message. + Exit with status STATUS if it is nonzero. */ +void +plugin_error (nagstatus status, int errnum, const char *message, ...) +{ + va_list args; + + flush_stdout (); + + fprintf (stdout, "%s: ", program_name); + + va_start (args, message); + vfprintf (stdout, message, args); + va_end (args); + + ++error_message_count; + if (errnum) + print_errno_message (errnum); + + fputs ("\n", stdout); + fflush (stdout); + + exit (status); +} + +const char * +state_text (nagstatus result) +{ + switch (result) + { + case STATE_OK: + return "OK"; + case STATE_WARNING: + return "WARNING"; + case STATE_CRITICAL: + return "CRITICAL"; + case STATE_DEPENDENT: + return "DEPENDENT"; + default: + return "UNKNOWN"; + } +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/mountlist.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/mountlist.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/mountlist.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/mountlist.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,197 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2013 Davide Madrisan + * + * A Nagios plugin to check for readonly filesystems + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* This library was largely based on and inspired by the coreutils code. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "string-macros.h" +#include "mountlist.h" +#include "xalloc.h" + +#if HAVE_SYS_PARAM_H +#include +#endif + +#include +#if !defined MOUNTED +# if defined _PATH_MOUNTED /* GNU libc */ +# define MOUNTED _PATH_MOUNTED +# endif +#endif + +#ifndef ME_DUMMY +# define ME_DUMMY(Fs_name, Fs_type) \ + (STREQ (Fs_type, "autofs") \ + || STREQ (Fs_type, "proc") \ + /* for Linux 2.6/3.x */ \ + || STREQ (Fs_type, "cgroup") \ + || STREQ (Fs_type, "debugfs") \ + || STREQ (Fs_type, "devpts") \ + || STREQ (Fs_type, "fusectl") \ + || STREQ (Fs_type, "hugetlbfs") \ + || STREQ (Fs_type, "mqueue") \ + || STREQ (Fs_type, "pstore") \ + || STREQ (Fs_type, "rpc_pipefs") \ + || STREQ (Fs_type, "securityfs") \ + || STREQ (Fs_type, "sysfs") \ + /* Linux 2.4 */ \ + || STREQ (Fs_type, "devfs") \ + || STREQ (Fs_type, "binfmt_misc") \ + || STREQ (Fs_type, "none")) +#endif + +#ifndef ME_REMOTE +/* A file system is "remote" if its Fs_name contains a ':' + * or if (it is of type (smbfs or cifs) and its Fs_name starts with '//'). */ +# define ME_REMOTE(Fs_name, Fs_type) \ + (strchr (Fs_name, ':') != NULL \ + || ((Fs_name)[0] == '/' \ + && (Fs_name)[1] == '/' \ + && (STREQ (Fs_type, "smbfs") \ + || STREQ (Fs_type, "cifs")))) +#endif + +/* Check for the "ro" pattern in the MOUNT_OPTIONS. + * Return true if found, Otherwise return false. */ +#if HAVE_HASMNTOPT +static bool +fs_check_if_readonly (const struct mntent *mnt) +{ + static char const readonly_pattern[] = "ro"; + return hasmntopt (mnt, readonly_pattern) ? true : false; +} +#else +static bool +fs_check_if_readonly (char *mount_options) +{ + static char const readonly_pattern[] = "ro"; + + char *str1, saveptr1; + int j; + + for (j = 1, str1 = mount_options;; j++, str1 = NULL) + { + char *token = strtok_r (str1, ",", &saveptr1); + if (token == NULL) + break; + if (STREQ (token, readonly_pattern)) + return true; + } + + return false; +} +#endif + +/* Return the device number from MOUNT_OPTIONS, if possible. + * Otherwise return (dev_t) -1. */ +static dev_t +dev_from_mount_options (char const *mount_options) +{ + /* GNU/Linux allows file system implementations to define their own + * meaning for "dev=" mount options, so don't trust the meaning + * here. */ + (void) mount_options; + return -1; +} + +/* Return a list of the currently mounted file systems, or NULL on error. + Add each entry to the tail of the list so that they stay in order. + If NEED_FS_TYPE is true, ensure that the file system type fields in + the returned list are valid. Otherwise, they might not be. */ + +struct mount_entry * +read_file_system_list (bool need_fs_type) +{ + struct mount_entry *mount_list; + struct mount_entry *me; + struct mount_entry **mtail = &mount_list; + (void) need_fs_type; + + { + struct mntent *mnt; + char const *table = MOUNTED; + FILE *fp; + + fp = setmntent (table, "r"); + if (fp == NULL) + return NULL; + + while ((mnt = getmntent (fp))) + { + me = xmalloc (sizeof *me); + me->me_devname = xstrdup (mnt->mnt_fsname); + me->me_mountdir = xstrdup (mnt->mnt_dir); + me->me_type = xstrdup (mnt->mnt_type); + me->me_type_malloced = 1; + me->me_opts = xstrdup (mnt->mnt_opts); + me->me_opts_malloced = 1; + me->me_dummy = ME_DUMMY (me->me_devname, me->me_type); + me->me_remote = ME_REMOTE (me->me_devname, me->me_type); +#if HAVE_HASMNTOPT + me->me_readonly = fs_check_if_readonly (mnt); +#else + me->me_readonly = fs_check_if_readonly (me->me_opts); +#endif + me->me_dev = dev_from_mount_options (mnt->mnt_opts); + + /* Add to the linked list. */ + *mtail = me; + mtail = &me->me_next; + } + + if (endmntent (fp) == 0) + goto free_then_fail; + } + + *mtail = NULL; + return mount_list; + + +free_then_fail: + { + int saved_errno = errno; + *mtail = NULL; + + while (mount_list) + { + me = mount_list->me_next; + free (mount_list->me_devname); + free (mount_list->me_mountdir); + if (mount_list->me_type_malloced) + free (mount_list->me_type); + if (mount_list->me_opts_malloced) + free (mount_list->me_opts); + free (mount_list); + mount_list = me; + } + + errno = saved_errno; + return NULL; + } +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,295 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2020 Davide Madrisan + * + * A library for getting some network interfaces.statistics. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "logging.h" +#include "string-macros.h" +#include "messages.h" +#include "netinfo.h" +#include "netinfo-private.h" +#include "system.h" +#include "xasprintf.h" + +extern char *const duplex_table[]; + +struct iflist * +netinfo (unsigned int options, const char *ifname_regex, unsigned int seconds, + unsigned int *ninterfaces) +{ + bool opt_check_link = (options & CHECK_LINK); + char msgbuf[256]; + int rc; + regex_t regex; + struct iflist *iflhead, *ifl, *iflhead2, *ifl2; + + if ((rc = + regcomp (®ex, ifname_regex ? ifname_regex : ".*", REG_EXTENDED))) + { + regerror (rc, ®ex, msgbuf, sizeof (msgbuf)); + plugin_error (STATE_UNKNOWN, 0, "could not compile regex: %s", msgbuf); + } + + dbg ("getting network informations...\n"); + iflhead = get_netinfo_snapshot (options, ®ex); + + if (seconds > 0) + { + sleep (seconds); + + dbg ("getting network informations again (after %us)...\n", seconds); + iflhead2 = get_netinfo_snapshot (options, ®ex); + + *ninterfaces = 0; + for (ifl = iflhead, ifl2 = iflhead2; ifl != NULL && ifl2 != NULL; + ifl = ifl->next, ifl2 = ifl2->next) + { + if (STRNEQ (ifl->ifname, ifl2->ifname)) + plugin_error (STATE_UNKNOWN, 0, + "bug in netinfo(), please contact the developers"); + + dbg ("network interface '%s'\n", ifl->ifname); + + bool if_up = if_flags_UP (ifl->flags), + if_running = if_flags_RUNNING (ifl->flags); + + if (ifl->stats) + { +#define DIV(a, b) ceil (((b) - (a)) / (double)seconds) + dbg ("\ttx_packets : %u %u\n", + ifl->stats->tx_packets, ifl2->stats->tx_packets); + ifl->stats->tx_packets = DIV (ifl->stats->tx_packets, + ifl2->stats->tx_packets); + + dbg ("\trx_packets : %u %u\n", + ifl->stats->rx_packets, ifl2->stats->rx_packets); + ifl->stats->rx_packets = DIV (ifl->stats->rx_packets, + ifl2->stats->rx_packets); + + dbg ("\ttx_bytes : %u %u\n", + ifl->stats->tx_bytes, ifl2->stats->tx_bytes); + ifl->stats->tx_bytes = DIV (ifl->stats->tx_bytes, + ifl2->stats->tx_bytes); + + dbg ("\trx_bytes : %u %u\n", + ifl->stats->rx_bytes, ifl2->stats->rx_bytes); + ifl->stats->rx_bytes = DIV (ifl->stats->rx_bytes, + ifl2->stats->rx_bytes); + + dbg ("\ttx_errors : %u %u\n", + ifl->stats->tx_errors, ifl2->stats->tx_errors); + ifl->stats->tx_errors = DIV (ifl->stats->tx_errors, + ifl2->stats->tx_errors); + + dbg ("\trx_errors : %u %u\n", + ifl->stats->rx_errors, ifl2->stats->rx_errors); + ifl->stats->rx_errors = DIV (ifl->stats->rx_errors, + ifl2->stats->rx_errors); + + dbg ("\ttx_dropped : %u %u\n", + ifl->stats->tx_dropped, ifl2->stats->tx_dropped); + ifl->stats->tx_dropped = DIV (ifl->stats->tx_dropped, + ifl2->stats->tx_dropped); + + dbg ("\trx_dropped : %u %u\n", + ifl->stats->rx_dropped, ifl2->stats->rx_dropped); + ifl->stats->rx_dropped = DIV (ifl->stats->rx_dropped, + ifl2->stats->rx_dropped); + + dbg ("\tcollisions : %u %u\n", + ifl->stats->collisions, ifl2->stats->collisions); + ifl->stats->collisions = DIV (ifl->stats->collisions, + ifl2->stats->collisions); + + dbg ("\tmulticast : %u %u\n", + ifl->stats->multicast, ifl2->stats->multicast); + ifl->stats->multicast = DIV (ifl->stats->multicast, + ifl2->stats->multicast); +#undef DIV + } + + dbg ("\tlink UP: %s\n", if_up ? "true" : "false"); + dbg ("\tlink RUNNING: %s\n", if_running ? "true" : "false"); + + if (ifl->speed > 0) + dbg ("\tspeed : %uMbit/s\n", ifl->speed); + + if (opt_check_link && !(if_up && if_running)) + plugin_error (STATE_CRITICAL, 0, + "%s matches the given regular expression " + "but is not UP and RUNNING!", ifl->ifname); + (*ninterfaces)++; + } + + freeiflist (iflhead2); + } + + /* Free memory allocated to the pattern buffer by regcomp() */ + regfree (®ex); + + return iflhead; +} + +struct iflist * +iflist_get_next (struct iflist *ifentry) +{ + return ifentry->next; +} + +/* Accessing the values from struct iflist */ + +const char * +iflist_get_ifname (struct iflist *ifentry) +{ + return ifentry->ifname; +} + +uint8_t +iflist_get_duplex (struct iflist *ifentry) +{ + return ifentry->duplex; +} + +uint32_t +iflist_get_speed (struct iflist *ifentry) +{ + return ifentry->speed; +} + +unsigned int +iflist_get_flags (struct iflist *ifentry) +{ + return ifentry->flags; +} + +/* FIXME: should perhaps not return 0 if the interface stats are not available + * but this seems to be the behaviour of the commands "ifconfig" and + * "ip -s link" */ +#define __iflist_get__(arg) \ +unsigned int iflist_get_ ## arg (struct iflist *ifentry) \ + { return ifentry->stats ? ifentry->stats->arg : 0; } + +__iflist_get__(collisions) +__iflist_get__(multicast) +__iflist_get__(tx_packets) +__iflist_get__(rx_packets) +__iflist_get__(tx_bytes) +__iflist_get__(rx_bytes) +__iflist_get__(tx_errors) +__iflist_get__(rx_errors) +__iflist_get__(tx_dropped) +__iflist_get__(rx_dropped) +#undef __iflist_get__ + +/* Print the list of network interfaces (for debug) */ + +void print_ifname_debug (struct iflist *iflhead, unsigned int options) +{ + bool pd_bytes = (options & NO_BYTES) != NO_BYTES, + pd_collisions = (options & NO_COLLISIONS) != NO_COLLISIONS, + pd_drops = (options & NO_DROPS) != NO_DROPS, + pd_errors = (options & NO_ERRORS) != NO_ERRORS, + pd_multicast = (options & NO_MULTICAST) != NO_MULTICAST, + pd_packets = (options & NO_PACKETS) != NO_PACKETS, + rx_only = options & RX_ONLY, + tx_only = options & TX_ONLY; + struct iflist *ifl; + +#define __printf_tx_rx__(metric, tx_only, rx_only) \ + do \ + { \ + fprintf (stdout, " - "); \ + if (!rx_only) \ + fprintf (stdout, "%s_tx%s\t ", ifl->ifname, metric); \ + if (!tx_only) \ + fprintf (stdout, "%s_rx%s", ifl->ifname, metric); \ + fprintf (stdout, "\n"); \ + } \ + while (0) + + for (ifl = iflhead; ifl != NULL; ifl = ifl->next) + { + bool if_up = if_flags_UP (ifl->flags), + if_running = if_flags_RUNNING (ifl->flags); + char *ifduplex = NULL, + *ifspeed = NULL; + + if (ifl->speed > 0) + ifspeed = xasprintf (" link-speed:%uMbps", ifl->speed); + if (ifl->duplex != _DUP_UNKNOWN) + ifduplex = xasprintf (" %s-duplex", duplex_table[ifl->duplex]); + printf ("%s%s%s%s\n" + , ifl->ifname + , if_up && !if_running ? " (NO-CARRIER)" + : if_up ? "" : " (DOWN)" + , ifspeed ? ifspeed : "" + , ifduplex ? ifduplex : ""); + + if (ifl->stats) + { + if (pd_bytes) + __printf_tx_rx__ ("byte/s", tx_only, rx_only); + if (pd_errors) + __printf_tx_rx__ ("err/s", tx_only, rx_only); + if (pd_drops) + __printf_tx_rx__ ("drop/s", tx_only, rx_only); + if (pd_packets) + __printf_tx_rx__ ("pck/s", tx_only, rx_only); + if (pd_collisions) + fprintf (stdout, " - %s_coll/s\n", ifl->ifname); + if (pd_multicast) + fprintf (stdout, " - %s_mcast/s\n", ifl->ifname); + } + } +#undef __printf_tx_rx__ +} + +void +freeiflist (struct iflist *iflhead) +{ + struct iflist *ifl = iflhead, *iflnext; + + while (ifl != NULL) + { + iflnext = ifl->next; + free (ifl->ifname); + free (ifl); + ifl = iflnext; + } +} + +/* helper functions for parsing interface flags */ +#define ifa_flags_parser(arg) \ +bool if_flags_ ## arg (unsigned int flags) \ + { return flags & IFF_ ## arg; } + +ifa_flags_parser (LOOPBACK); +ifa_flags_parser (RUNNING); +ifa_flags_parser (UP); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo-private.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo-private.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo-private.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/netinfo-private.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,454 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2020 Davide Madrisan + * + * A library for getting some network interfaces.statistics. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_LINUX_IF_LINK_H +# include +#endif +#include +#include +#include +#include + +#include "common.h" +#include "logging.h" +#include "messages.h" +#include "netinfo.h" +#include "string-macros.h" +#include "system.h" +#include "xalloc.h" + +typedef struct nl_req_s +{ + struct nlmsghdr hdr; + struct rtgenmsg gen; +} nl_req_t; + +const char *const duplex_table[_DUP_MAX] = { + [DUPLEX_HALF] = "half", + [DUPLEX_FULL] = "full" +}; + +const struct link_speed +{ + long phy_speed; + const char *phy_speed_str; +} phy_speed_to_str[] = { + { SPEED_10, "10Mbps" }, + { SPEED_100, "100Mbps" }, + { SPEED_1000, "1Gbps" }, + { SPEED_2500, "2.5Gbps" }, + { SPEED_5000, "5Gbps" }, + { SPEED_10000, "10Gbps" }, +#if defined (SPEED_14000) + { SPEED_14000, "14Gbps" }, +#endif +#if defined (SPEED_20000) + { SPEED_20000, "20Gbps" }, +#endif +#if defined (SPEED_25000) + { SPEED_25000, "25Gbps" }, +#endif +#if defined (SPEED_40000) + { SPEED_40000, "40Gbps" }, +#endif +#if defined (SPEED_50000) + { SPEED_50000, "50Gbps" }, +#endif +#if defined (SPEED_56000) + { SPEED_56000, "56Gbps" }, +#endif +#if defined (SPEED_100000) + { SPEED_100000, "100Gbps" }, +#endif + { SPEED_UNKNOWN, "unknown!" } +}; +static const size_t link_speed_size = + sizeof (phy_speed_to_str) / sizeof (phy_speed_to_str[0]); + +static int +get_ctl_fd (void) +{ + int fd; + int s_errno; + + if ((fd = socket (PF_INET, SOCK_DGRAM, 0)) >= 0) + return fd; + s_errno = errno; + if ((fd = socket (PF_PACKET, SOCK_DGRAM, 0)) >= 0) + return fd; + if ((fd = socket (PF_INET6, SOCK_DGRAM, 0)) >= 0) + return fd; + + errno = s_errno; + return -1; +} + +static const char * +map_speed_value_for_key (const struct link_speed * map, long phy_speed) +{ + const char* ret = NULL; + for (size_t i = 0 ; i < link_speed_size && ret == NULL; i++) + if (map[i].phy_speed == phy_speed) + ret = map[i].phy_speed_str; + + return ret ? ret : "unknown!"; +} + +/* Determines network interface speed from ETHTOOL_GLINKSETTINGS + * (requires Linux kernel 4.9+). + * In case of failure revert to obsolete ETHTOOL_GSET. */ + +static int +check_link_speed (const char *ifname, uint32_t *speed, uint8_t *duplex) +{ + int fd, ret = -1; + struct ifreq ifr = {}; + struct ethtool_cmd ecmd = { + .cmd = ETHTOOL_GSET + }; +#ifdef ETHTOOL_GLINKSETTINGS +# define ETHTOOL_LINK_MODE_MASK_MAX_KERNEL_NU32 (SCHAR_MAX) + struct elinkset { + struct ethtool_link_settings req; + uint32_t link_mode_data[3 * ETHTOOL_LINK_MODE_MASK_MAX_KERNEL_NU32]; + } elinkset; +#endif + + if ((fd = get_ctl_fd ()) < 0) + plugin_error (STATE_UNKNOWN, errno, "socket() failed"); + + *duplex = DUPLEX_UNKNOWN; + *speed = 0; /* SPEED_UNKNOWN */ + STRNCPY_TERMINATED (ifr.ifr_name, ifname, sizeof (ifr.ifr_name)); + +#ifdef ETHTOOL_GLINKSETTINGS + + /* The interaction user/kernel via the new API requires a small + * ETHTOOL_GLINKSETTINGS handshake first to agree on the length + * of the link mode bitmaps. If kernel doesn't agree with user, + * it returns the bitmap length it is expecting from user as a + * negative length (and cmd field is 0). When kernel and user + * agree, kernel returns valid info in all fields (ie. link mode + * length > 0 and cmd is ETHTOOL_GLINKSETTINGS). Based on + * https://github.com/torvalds/linux/commit/3f1ac7a700d039c61d8d8b99f28d605d489a60cf + */ + + dbg ("ETHTOOL_GLINKSETTINGS is defined\n"); + memset (&elinkset, 0, sizeof (elinkset)); + elinkset.req.cmd = ETHTOOL_GLINKSETTINGS; + ifr.ifr_data = (void *) &elinkset; + + ret = ioctl (fd, SIOCETHTOOL, &ifr); + /* see above: we expect a strictly negative value from kernel. */ + if (ret >= 0 && (elinkset.req.link_mode_masks_nwords < 0)) + { + elinkset.req.cmd = ETHTOOL_GLINKSETTINGS; + elinkset.req.link_mode_masks_nwords = -elinkset.req.link_mode_masks_nwords; + + ret = ioctl (fd, SIOCETHTOOL, &ifr); + if (ret < 0 || elinkset.req.link_mode_masks_nwords <= 0 + || elinkset.req.cmd != ETHTOOL_GLINKSETTINGS) + ret = -ENOTSUP; + } + +#endif + + if (ret < 0) + { + dbg ("%s: revert to the obsolete ETHTOOL_GSET...\n", ifname); + ifr.ifr_data = (void *) &ecmd; + if ((ret = ioctl (fd, SIOCETHTOOL, &ifr)) == 0) + { + *duplex = ecmd.duplex; + *speed = ecmd.speed; + } + else + dbg ("%s: no link speed associated to this interface\n", ifname); + } +#ifdef ETHTOOL_GLINKSETTINGS + else + { + *duplex = elinkset.req.duplex; + *speed = elinkset.req.speed; + } +#endif + + dbg ("%s: duplex %s (%d), speed is %s (%u)\n" + , ifname + , *duplex == _DUP_UNKNOWN ? "invalid" : duplex_table[*duplex] + , *duplex + , map_speed_value_for_key (phy_speed_to_str, *speed) + , *speed); + + /* normalize the unknown speed values */ + if (*speed == (uint16_t)(-1) || *speed == (uint32_t)(-1)) + { + dbg ("%s: normalizing the unknown speed to zero...\n", ifname); + *speed = 0; + } + + close (fd); + return ret; +} + +static bool +link_wireless (const char *ifname) +{ + bool is_wireless = false; + int sock; + struct iwreq pwrq; + + if ((sock = socket (AF_INET, SOCK_STREAM, 0)) < 0) + plugin_error (STATE_UNKNOWN, errno, "socket() failed"); + + memset (&pwrq, 0, sizeof (pwrq)); + strncpy (pwrq.ifr_name, ifname, IFNAMSIZ); + + if (ioctl (sock, SIOCGIWNAME, &pwrq) != -1) + { + dbg ("%s: wireless interface (%s)\n" + , ifname + , pwrq.u.name); + is_wireless = true; + } + + close (sock); + return is_wireless; +} + +/* Get the RTNL socket */ +static int +get_rtnl_fd () +{ + int fd; + union + { + struct sockaddr addr; + struct sockaddr_nl local; /* local (user space) addr struct */ + } u; + + fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (fd < 0) + plugin_error (STATE_UNKNOWN, errno, "failed to create netlink socket"); + + memset (&u.local, 0, sizeof (u.local)); + u.local.nl_family = AF_NETLINK; + u.local.nl_groups = 0; + u.local.nl_pid = getpid (); + + if (bind (fd, &u.addr, sizeof (u.addr)) < 0) + { + close (fd); + plugin_error (STATE_UNKNOWN, errno, "failed to bind netlink socket"); + } + + return fd; +} + +/* Prepare and send the RTNL request for dumping the network links + * configuration */ +static int +sendmsg_rtnl_links_dump (int fd, struct iovec *iov, struct sockaddr_nl *kernel) +{ + nl_req_t req; /* structure that describes the rtnetlink packet itself */ + struct msghdr rtnl_msg; /* generic msghdr struct for use with sendmsg */ + + memset (&rtnl_msg, 0, sizeof (rtnl_msg)); + memset (kernel, 0, sizeof (*kernel)); + memset (&req, 0, sizeof (req)); + + kernel->nl_family = AF_NETLINK; + + req.hdr.nlmsg_len = NLMSG_LENGTH (sizeof (struct rtgenmsg)); + req.hdr.nlmsg_type = RTM_GETLINK; + req.hdr.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; + req.hdr.nlmsg_seq = 1; + req.hdr.nlmsg_pid = getpid (); + /* no preferred AF, we will get all interfaces */ + req.gen.rtgen_family = AF_PACKET; + + iov->iov_base = &req; + iov->iov_len = req.hdr.nlmsg_len; + rtnl_msg.msg_iov = iov; + rtnl_msg.msg_iovlen = 1; + rtnl_msg.msg_name = kernel; + rtnl_msg.msg_namelen = sizeof (*kernel); + + if (sendmsg (fd, (struct msghdr *) &rtnl_msg, 0) < 0) + return errno; + + return 0; +} + +static int +parse_rtattr (struct rtattr *tb[], int max, struct rtattr *rta, int len) +{ + memset (tb, 0, sizeof (struct rtattr *) * (max + 1)); + + while (RTA_OK (rta, len)) + { + if (rta->rta_type <= max) + tb[rta->rta_type] = rta; + rta = RTA_NEXT (rta,len); + } + + return 0; +} + +#define IFLIST_REPLY_BUFFER 8192 + +struct iflist * +get_netinfo_snapshot (unsigned int options, const regex_t *if_regex) +{ + bool msg_done = false, + opt_ignore_loopback = (options & NO_LOOPBACK), + opt_ignore_wireless = (options & NO_WIRELESS); + char reply[IFLIST_REPLY_BUFFER]; + int fd, ret; + struct iflist *iflhead = NULL, *iflprev = NULL; + + /* netlink structures */ + struct iovec iov; /* IO vector for sendmsg */ + /* the remote (kernel space) side of the communication */ + struct sockaddr_nl kernel; + + fd = get_rtnl_fd (); + ret = sendmsg_rtnl_links_dump (fd, &iov, &kernel); + if (ret != 0) + plugin_error (STATE_UNKNOWN, ret, "error in sendmsg"); + + while (!msg_done) + { + /* parse reply */ + ssize_t len; + struct nlmsghdr *h; + struct msghdr rtnl_reply; + struct iovec io_reply; + + memset (&io_reply, 0, sizeof (io_reply)); + memset (&rtnl_reply, 0, sizeof (rtnl_reply)); + + iov.iov_base = reply; + iov.iov_len = IFLIST_REPLY_BUFFER; + rtnl_reply.msg_iov = &iov; + rtnl_reply.msg_iovlen = 1; + rtnl_reply.msg_name = &kernel; + rtnl_reply.msg_namelen = sizeof (kernel); + + /* read as much data as fits in the receive buffer */ + if ((len = recvmsg (fd, &rtnl_reply, MSG_DONTWAIT)) < 0) + { + usleep (250000); /* sleep for a while */ + continue; + } + + char name[IFNAMSIZ]; + int attr_len; + struct iflist *ifl; + struct ifinfomsg *ifi; + struct rtattr *tb[IFLA_MAX+1]; + struct rtnl_link_stats *stats; + + for (h = (struct nlmsghdr *) reply; + NLMSG_OK (h, len); h = NLMSG_NEXT (h, len)) + { + switch (h->nlmsg_type) + { + /* this is the special meaning NLMSG_DONE message we asked for + * by using NLM_F_DUMP flag */ + case NLMSG_DONE: + msg_done = true; + break; + case RTM_NEWLINK: + ifi = NLMSG_DATA (h); + attr_len = h->nlmsg_len - NLMSG_LENGTH (sizeof (*ifi)); + + parse_rtattr (tb, IFLA_MAX, IFLA_RTA (ifi), attr_len); + if (NULL == tb[IFLA_IFNAME]) + plugin_error (STATE_UNKNOWN, 0, + "BUG: nil ifname returned by parse_rtattr()"); + + strcpy (name, (char *) RTA_DATA (tb[IFLA_IFNAME])); + + bool is_loopback = if_flags_LOOPBACK (ifi->ifi_flags); + bool is_wireless = link_wireless (name); + bool skip_interface = + ((is_loopback && opt_ignore_loopback) + || (is_wireless && opt_ignore_wireless) + || (regexec (if_regex, name, (size_t) 0, NULL, 0))); + if (skip_interface) + { + dbg ("skipping network interface '%s'...\n", name); + continue; + } + + /* create a new list structure 'ifl' and initialize + * all the members, except stats-related ones */ + ifl = xmalloc (sizeof (struct iflist)); + ifl->ifname = xstrdup (name); + ifl->flags = ifi->ifi_flags; + check_link_speed (name, &(ifl->speed), &(ifl->duplex)); + + ifl->next = NULL; + ifl->stats = NULL; + + if (NULL == iflhead) + iflhead = ifl; + else + iflprev->next = ifl; + iflprev = ifl; + + stats = (struct rtnl_link_stats *) RTA_DATA (tb[IFLA_STATS]); + if (stats) + { + /* copy the link statistics into the list structure 'ifl' */ + ifl->stats = xmalloc (sizeof (struct ifstats)); + ifl->stats->collisions = stats->collisions; + ifl->stats->multicast = stats->multicast; + ifl->stats->tx_packets = stats->tx_packets; + ifl->stats->rx_packets = stats->rx_packets; + ifl->stats->tx_bytes = stats->tx_bytes; + ifl->stats->rx_bytes = stats->rx_bytes; + ifl->stats->tx_errors = stats->tx_errors; + ifl->stats->rx_errors = stats->rx_errors; + ifl->stats->tx_dropped = stats->tx_dropped; + ifl->stats->rx_dropped = stats->rx_dropped; + } + else + dbg ("no network interface stats for '%s'...\n", name); + break; + } + } + } + + close (fd); + return iflhead; +} + +#undef IFLIST_REPLY_BUFFER diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/perfdata.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/perfdata.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/perfdata.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/perfdata.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,86 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2019 Davide Madrisan + * + * A library to manage the Nagios perfdata. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * This software takes some ideas and code from procps-3.2.8 (free). + */ + +#include "common.h" +#include "logging.h" +#include "system.h" +#include "thresholds.h" +#include "units.h" + +int +get_perfdata_limit (range * threshold, unsigned long base, + unsigned long long *limit, bool percent) +{ + if (NULL == threshold) + return -1; + + double threshold_limit; + + if (NP_RANGE_INSIDE == threshold->alert_on) + { + /* example: @10:20 >= 10 and <= 20, (inside the range of {10 .. 20}) */ + dbg ("threshold {%g, %g} with alert_on set to true\n", + threshold->start, threshold->end); + return -1; + } + else if (threshold->start_infinity) + { + /* example: ~:10 > 10, (outside the range of {-\infty .. 10}) */ + dbg ("threshold {%g, %g} with start_infinity set to true\n", + threshold->start, threshold->end); + return -1; + } + else if (threshold->end_infinity) + { + /* example: 10: < 10, (outside {10 .. \infty}) */ + dbg ("threshold {%g, %g} with end_infinity set to true\n", + threshold->start, threshold->end); + threshold_limit = threshold->start; + } + else + { + /* example: 10 < 0 or > 10, (outside the range of {0 .. 10}) + * ~:10 > 10, (outside the range of {-\infty .. 10}) */ + dbg ("threshold {%g, %g}\n", threshold->start, threshold->end); + threshold_limit = threshold->end; + } + + *limit = (unsigned long long) (base * threshold_limit); + if (percent) + *limit = (unsigned long long) (*limit / 100.0); + + return 0; +} + +int +get_perfdata_limit_converted (range * threshold, unsigned long base, + int shift, unsigned long long *limit, + bool percent) +{ + int error = get_perfdata_limit (threshold, base, limit, percent); + if (0 != error) + return error; + + *limit = UNIT_CONVERT (*limit, shift); + return 0; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/pressure.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/pressure.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/pressure.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/pressure.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,198 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A library for checking + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include +#include +#include + +#include "logging.h" +#include "messages.h" +#include "pressure.h" +#include "string-macros.h" +#include "xalloc.h" + +#ifdef NPL_TESTING +static const char * +get_path_proc_pressure (enum linux_psi_id psi_id) +{ + const char *env_procpressure = NULL; + + switch (psi_id) + { + default: + break; + case LINUX_PSI_CPU: + env_procpressure = secure_getenv ("NPL_TEST_PATH_PROCPRESSURE_CPU"); + break; + case LINUX_PSI_IO: + case LINUX_PSI_MEMORY: + env_procpressure = secure_getenv ("NPL_TEST_PATH_PROCPRESSURE_IO"); + break; + } + + return env_procpressure ? env_procpressure : NULL; +} +#endif + +static int +proc_psi_parser (struct proc_psi_oneline *psi_stat, + const char *procpath, char *label) +{ + FILE *fp; + int rc = 0; + size_t len = 0, label_len; + ssize_t chread; + char *line = NULL; + + if ((fp = fopen (procpath, "r")) == NULL) + plugin_error (STATE_UNKNOWN, errno, "error opening %s", procpath); + + dbg ("reading file %s\n", procpath); + while ((chread = getline (&line, &len, fp)) != -1) + { + dbg ("line: %s", line); + label_len = strlen (label); + if (STREQLEN (line, label, label_len)) + { + dbg (" \\ matching label \"%s\"\n", label); + rc = + sscanf (line + label_len + 1, + "avg10=%32lf avg60=%32lf avg300=%32lf total=%llu", + &psi_stat->avg10, + &psi_stat->avg60, + &psi_stat->avg300, + &psi_stat->total); + dbg (" \\ avg10=%g avg60=%g avg300=%g total=%llu\n", + psi_stat->avg10, psi_stat->avg60, psi_stat->avg300, + psi_stat->total); + break; + } + } + + free (line); + fclose (fp); + + if (rc < 4) + plugin_error (STATE_UNKNOWN, errno, "error reading %s", procpath); + + return 0; +} + +int +proc_psi_read_cpu (struct proc_psi_oneline **psi_cpu, + unsigned long long *starvation, unsigned long delay) +{ +#ifdef NPL_TESTING + const char *procpath = get_path_proc_pressure (LINUX_PSI_CPU); +#else + const char *procpath = PATH_PSI_PROC_CPU; +#endif + struct proc_psi_oneline psi, *stats = *psi_cpu; + unsigned long long total; + + if (NULL == stats) + { + stats = xmalloc (sizeof (struct proc_psi_oneline)); + *psi_cpu = stats; + } + + proc_psi_parser (&psi, procpath, "some"); + stats->avg10 = psi.avg10; + stats->avg60 = psi.avg60; + stats->avg300 = psi.avg300; + stats->total = total = psi.total; + + /* calculate the starvation (in microseconds) per second */ + sleep (delay); + + proc_psi_parser (&psi, procpath, "some"); + *starvation = psi.total - total; + dbg ("delta (over %lusec): %llu (%llu - %llu)\n", + delay, *starvation, psi.total, total); + + return 0; +} + +static int +proc_psi_read (struct proc_psi_twolines **psi_io, + unsigned long long *starvation, const char *procfile, + unsigned long delay) +{ + struct proc_psi_oneline psi; + struct proc_psi_twolines *stats = *psi_io; + unsigned long long total; + + if (NULL == stats) + { + stats = xmalloc (sizeof (struct proc_psi_twolines)); + *psi_io = stats; + } + + proc_psi_parser (&psi, procfile, "some"); + stats->some_avg10 = psi.avg10; + stats->some_avg60 = psi.avg60; + stats->some_avg300 = psi.avg300; + stats->some_total = total = psi.total; + + proc_psi_parser (&psi, procfile, "full"); + stats->full_avg10 = psi.avg10; + stats->full_avg60 = psi.avg60; + stats->full_avg300 = psi.avg300; + stats->full_total = total = psi.total; + + sleep (delay); + + proc_psi_parser (&psi, procfile, "some"); + *starvation = psi.total - total; + dbg ("delta (over %lusec) form some: %llu (%llu - %llu)\n", + delay, *starvation, psi.total, total); + + proc_psi_parser (&psi, procfile, "full"); + *(starvation + 1) = psi.total - total; + dbg ("delta (over %lusec) for full: %llu (%llu - %llu)\n", + delay, *(starvation + 1), psi.total, total); + + return 0; +} + +int +proc_psi_read_io (struct proc_psi_twolines **psi_io, + unsigned long long *starvation, unsigned long delay) +{ +#ifdef NPL_TESTING + const char *procpath = get_path_proc_pressure (LINUX_PSI_IO); +#else + const char *procpath = PATH_PSI_PROC_IO; +#endif + return proc_psi_read (psi_io, starvation, procpath, delay); +} + +int +proc_psi_read_memory (struct proc_psi_twolines **psi_memory, + unsigned long long *starvation, unsigned long delay) +{ +#ifdef NPL_TESTING + const char *procpath = get_path_proc_pressure (LINUX_PSI_MEMORY); +#else + const char *procpath = PATH_PSI_PROC_MEMORY; +#endif + return proc_psi_read (psi_memory, starvation, procpath, delay); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/processes.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/processes.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/processes.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/processes.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,272 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A library for getting informations on the running processes + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "logging.h" +#include "messages.h" +#include "system.h" +#include "xalloc.h" + +#define PROC_ROOT "/proc" +#ifndef RLIM_INFINITY +# define RLIM_INFINITY 65535 +#endif + +#define NBPROCS_NONE 0x00 +#define NBPROCS_VERBOSE 0x01 +#define NBPROCS_THREADS 0x02 + +/* Return name corresponding to 'uid', or NULL on error */ + +char * +uid_to_username (uid_t uid) +{ + struct passwd *pwd = getpwuid (uid); + return (pwd == NULL) ? "" : pwd->pw_name; +} + +struct procs_list_node +{ + uid_t uid; + char *username; + long nbr; /* number of the occurrences */ +#ifdef RLIMIT_NPROC + rlim_t rlimit_nproc_soft; /* ulimit -Su */ + rlim_t rlimit_nproc_hard; /* ulimit -Hu */ +#endif + struct procs_list_node *next; +}; + +char * +procs_list_node_get_username (struct procs_list_node *node) +{ + return node->username; +} + +long +procs_list_node_get_nbr (struct procs_list_node *node) +{ + return node->nbr; +} + +#ifdef RLIMIT_NPROC +unsigned long +procs_list_node_get_rlimit_nproc_soft (struct procs_list_node *node) +{ + return node->rlimit_nproc_soft; +} + +unsigned long +procs_list_node_get_rlimit_nproc_hard (struct procs_list_node *node) +{ + return node->rlimit_nproc_hard; +} +#endif + +struct procs_list_node * +procs_list_node_get_next (struct procs_list_node *node) +{ + return node->next; +} + +long procs_list_node_get_total_procs_nbr (struct procs_list_node *list) +{ + return list->nbr; +} + +void +procs_list_node_init (struct procs_list_node **list) +{ + struct procs_list_node *new = xmalloc (sizeof (struct procs_list_node)); + + /* The list's head points to itself if empty */ + new->uid = -1; + new->nbr = 0; /* will hold the total number of processes */ + new->next = new; + *list = new; +} + +struct procs_list_node * +procs_list_node_add (uid_t uid, unsigned long inc, + struct procs_list_node *plist) +{ + struct procs_list_node *p = plist; + + dbg ("procs_list_node_add (uid %u, #threads %lu)\n", uid, + plist->nbr + inc); + while (p != p->next) + { + p = p->next; + dbg (" - iteration: uid = %u\n", p->uid); + if (p->uid == uid) + { + p->nbr += inc; + plist->nbr += inc; + dbg (" - found uid %u: now #%ld\n", uid, p->nbr); + return p; + } + } + + struct procs_list_node *new = xmalloc (sizeof (struct procs_list_node)); + dbg ("new uid --> append uid %u #1\n", uid); + new->uid = uid; + new->nbr = inc; + plist->nbr += inc; + new->username = xstrdup (uid_to_username (uid)); +#ifdef RLIMIT_NPROC + struct rlimit rlim; + int res; + + if ((res = getrlimit (RLIMIT_NPROC, &rlim)) < 0) + new->rlimit_nproc_soft = new->rlimit_nproc_hard = RLIM_INFINITY; + else + { +#ifdef LIBC_MUSL + dbg (" - with rlimits: %llu %llu\n", rlim.rlim_cur, rlim.rlim_max); +#else + dbg (" - with rlimits: %lu %lu\n", rlim.rlim_cur, rlim.rlim_max); +#endif + new->rlimit_nproc_soft = rlim.rlim_cur; + new->rlimit_nproc_hard = rlim.rlim_max; + } +#endif + new->next = new; + p->next = new; + + return new; +} + +/* Parses /proc/PID/status files to produce a list of the running processes */ + +struct procs_list_node * +procs_list_getall (unsigned int flags) +{ + DIR *dirp; + FILE *fp; + size_t len = 0; + bool gotname, gotuid, gotthreads, + threads = (flags & NBPROCS_THREADS) ? true : false, + verbose = (flags & NBPROCS_VERBOSE) ? true : false; + char *line = NULL, *p, path[PATH_MAX]; + uid_t uid = -1; + unsigned long threads_nbr; + struct procs_list_node *plist = NULL; + +#define MAX_LINE 128 + char *cmd = xmalloc (MAX_LINE); + + if ((dirp = opendir (PROC_ROOT)) == NULL) + plugin_error (STATE_UNKNOWN, errno, "Cannot open %s", PROC_ROOT); + + procs_list_node_init (&plist); + + /* Scan entries under /proc directory */ + for (;;) + { + struct dirent *dp; + ssize_t chread; + errno = 0; + + if ((dp = readdir (dirp)) == NULL) + { + if (errno != 0) + plugin_error (STATE_UNKNOWN, errno, "readdir() failure"); + else + break; /* end-of-directory */ + } + + /* Since we are looking for /proc/PID directories, skip entries + that are not directories, or don't begin with a digit. */ + + if (dp->d_type != DT_DIR || !isdigit ((unsigned char) dp->d_name[0])) + continue; + + snprintf (path, PATH_MAX, "/proc/%s/status", dp->d_name); + + if ((fp = fopen (path, "r")) == NULL) + continue; /* Ignore errors: fopen() might fail if + process has just terminated */ + + gotname = gotuid = gotthreads = false; + threads_nbr = 0; + while ((chread = getline (&line, &len, fp)) != -1) + { + /* The "Name:" line contains the name of the command that + this process is running */ + if (strncmp (line, "Name:", 5) == 0) + { + for (p = line + 5; *p != '\0' && isspace ((unsigned char) *p);) + p++; + strncpy (cmd, p, MAX_LINE - 1); + cmd[MAX_LINE - 1] = '\0'; /* Ensure null-terminated */ + gotname = true; + } + + /* The "Threads:" line contains the number of threads in process + containing this thread: check with 'ps -e -o pid,user,nlwp' */ + if (strncmp (line, "Threads:", 8) == 0) + { + threads_nbr = strtol (line + 8, NULL, 10); + gotthreads = true; + } + + /* The "Uid:" line contains the real, effective, saved set-, + and file-system user IDs */ + if (strncmp (line, "Uid:", 4) == 0) + { + uid = strtol (line + 4, NULL, 10); + gotuid = true; + } + + if (gotname && gotuid && gotthreads) + { + procs_list_node_add (uid, (threads ? threads_nbr : 1), plist); + break; + } + } + + fclose (fp); + + if (gotname && gotuid && gotthreads && verbose) + printf ("%12s: pid: %5s threads: %5lu, cmd: %s", + uid_to_username (uid), dp->d_name, threads_nbr, cmd); + } + + closedir (dirp); + free (cmd); + free (line); + + return plist; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/procparser.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/procparser.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/procparser.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/procparser.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A parser for the /proc files /proc/meminfo and /proc/vmstat + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "string-macros.h" +#include "messages.h" +#include "procparser.h" +#include "xalloc.h" + +static int +compare_proc_table_structs (const void *a, const void *b) +{ + return strcmp (((const proc_table_struct *) a)->name, + ((const proc_table_struct *) b)->name); +} + +void +procparser (const char *filename, const proc_table_struct *proc_table, + int proc_table_count, char separator) +{ + char namebuf[32]; /* big enough to hold any row name */ + proc_table_struct findme = { namebuf, NULL }; + proc_table_struct *found; + char *line = NULL; + FILE *fp; + size_t len = 0; + ssize_t chread; + +#if __SIZEOF_LONG__ == 4 + unsigned long long slotll; +#endif + + if ((fp = fopen (filename, "r")) == NULL) + plugin_error (STATE_UNKNOWN, errno, "error: cannot read %s", filename); + + while ((chread = getline (&line, &len, fp)) != -1) + { + char *head = line; + char *tail = strchr (line, separator); + if (!tail) + continue; + *tail = '\0'; + if (strlen (head) >= sizeof (namebuf)) + continue; + strcpy (namebuf, head); + found = bsearch (&findme, proc_table, proc_table_count, + sizeof (proc_table_struct), + compare_proc_table_structs); + head = tail + 1; + if (!found) + continue; + +#if __SIZEOF_LONG__ == 4 + /* A 32 bit kernel would have already truncated the value, a 64 bit kernel + * doesn't need to. Truncate here to let 32 bit programs to continue to get + * truncated values. It's that or change the API for a larger data type. + */ + slotll = strtoull (head, &tail, 10); + *(found->slot) = (unsigned long) slotll; +#else + *(found->slot) = strtoul (head, &tail, 10); +#endif + } + + free (line); +} + +int +linelookup (char *line, char *pattern, char **value) +{ + char *p, *v; + int len = strlen (pattern); + + if (!*line) + return 0; + + /* pattern */ + if (strncmp (line, pattern, len)) + return 0; + + /* white spaces */ + for (p = line + len; isspace (*p); p++); + + /* separator */ + if (*p != ':') + return 0; + + /* white spaces */ + for (++p; isspace (*p); p++); + + /* value */ + if (!*p) + return 0; + v = p; + + /* end of value */ + len = strlen (line) - 1; + for (p = line + len; isspace (*(p - 1)); p--); + *p = '\0'; + + *value = xstrdup (v); + return 1; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/progname.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/progname.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/progname.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/progname.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* This library was based on and inspired by the gnulib code. + */ + +#include +#include + +#include "common.h" +#include "messages.h" + +/* String containing name the program is called with. + To be initialized by main(). */ +const char *program_name = NULL; + +/* This string can be used in the final output message */ +const char *program_name_short = NULL; + +/* Set program_name, based on argv[0]. + argv0 must be a string allocated with indefinite extent, and must not be + modified after this call. */ +void +set_program_name (const char *argv0) +{ + const char *slash, *underscore; + + if (argv0 == NULL) + { + /* It's a bug in the invoking program. Help diagnosing it. */ + plugin_error (STATE_UNKNOWN, 0, + "A NULL argv[0] was passed through an exec system call"); + } + + slash = strrchr (argv0, '/'); + program_name = (slash != NULL ? slash + 1 : argv0); + + underscore = strchr (program_name, '_'); + program_name_short = (underscore != NULL ? underscore + 1 : program_name); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/sysfsparser.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/sysfsparser.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/sysfsparser.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/sysfsparser.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,512 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014-2021 Davide Madrisan + * + * A library for parsing the sysfs filesystem + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "logging.h" +#include "string-macros.h" +#include "messages.h" +#include "sysfsparser.h" +#include "xasprintf.h" + +#define PATH_SYS_SYSTEM "/sys/devices/system" +#define PATH_SYS_CPU PATH_SYS_SYSTEM "/cpu" + +enum sysfsparser_cpufreq_sysfile_numeric_id +{ + CPUINFO_CUR_FREQ, + CPUINFO_MIN_FREQ, + CPUINFO_MAX_FREQ, + CPUINFO_LATENCY, + SCALING_CUR_FREQ, + SCALING_MIN_FREQ, + SCALING_MAX_FREQ, + MAX_VALUE_FILES +}; + +static const char * + sysfsparser_devices_system_cpu_file_numeric[MAX_VALUE_FILES] = { + [CPUINFO_CUR_FREQ] = "cpuinfo_cur_freq", + [CPUINFO_MIN_FREQ] = "cpuinfo_min_freq", + [CPUINFO_MAX_FREQ] = "cpuinfo_max_freq", + [CPUINFO_LATENCY] = "cpuinfo_transition_latency", + [SCALING_CUR_FREQ] = "scaling_cur_freq", + [SCALING_MIN_FREQ] = "scaling_min_freq", + [SCALING_MAX_FREQ] = "scaling_max_freq" +}; + +enum sysfsparser_cpufreq_sysfile_string_id +{ + SCALING_DRIVER, + SCALING_GOVERNOR, + SCALING_AVAILABLE_GOVERNORS, + SCALING_AVAILABLE_FREQS, + MAX_STRING_FILES +}; + +static const char * + sysfsparser_devices_system_cpu_file_string[MAX_STRING_FILES] = { + [SCALING_DRIVER] = "scaling_driver", + [SCALING_GOVERNOR] = "scaling_governor", + [SCALING_AVAILABLE_GOVERNORS] = "scaling_available_governors", + [SCALING_AVAILABLE_FREQS] = "scaling_available_frequencies" +}; + +bool +sysfsparser_path_exist (const char *path, ...) +{ + char *filename; + va_list args; + + va_start (args, path); + if (vasprintf (&filename, path, args) < 0) + plugin_error (STATE_UNKNOWN, errno, "vasprintf has failed"); + va_end (args); + + return access (filename, F_OK) == 0; +} + +void +sysfsparser_opendir(DIR **dirp, const char *path, ...) +{ + char *dirname; + va_list args; + + va_start (args, path); + if (vasprintf (&dirname, path, args) < 0) + plugin_error (STATE_UNKNOWN, errno, "vasprintf has failed"); + va_end (args); + + if ((*dirp = opendir (dirname)) == NULL) + plugin_error (STATE_UNKNOWN, errno, "Cannot open %s", dirname); +} + +void sysfsparser_closedir(DIR *dirp) +{ + closedir(dirp); +} + +struct dirent * +sysfsparser_readfilename(DIR *dirp, unsigned int flags) +{ + for (;;) + { + struct dirent *dp; + errno = 0; + if ((dp = readdir (dirp)) == NULL) + { + if (errno != 0) + plugin_error (STATE_UNKNOWN, errno, "readdir() failure"); + else + return NULL; /* end-of-directory */ + } + + /* ignore directory entries */ + if (STREQ (dp->d_name, ".") || STREQ (dp->d_name, "..")) + continue; + + if (dp->d_type & flags) + return dp; + } +} + +char * +sysfsparser_getline (const char *format, ...) +{ + FILE *fp; + char *filename, *line = NULL; + size_t len = 0; + ssize_t chread; + va_list args; + + va_start (args, format); + if (vasprintf (&filename, format, args) < 0) + plugin_error (STATE_UNKNOWN, errno, "vasprintf has failed"); + va_end (args); + + if ((fp = fopen (filename, "r")) == NULL) + return NULL; + + chread = getline (&line, &len, fp); + fclose (fp); + + if (chread < 1) + return NULL; + + len = strlen (line); + if (line[len-1] == '\n') + line[len-1] = '\0'; + + return line; +} + +unsigned long long +sysfsparser_getvalue (const char *format, ...) +{ + char *line, *endptr, *filename; + unsigned long long value; + va_list args; + + va_start (args, format); + if (vasprintf (&filename, format, args) < 0) + plugin_error (STATE_UNKNOWN, errno, "vasprintf has failed"); + va_end (args); + + if (NULL == (line = sysfsparser_getline ("%s", filename))) + return 0; + + errno = 0; + value = strtoull (line, &endptr, 0); + if ((endptr == line) || (errno == ERANGE)) + value = 0; + + free (line); + return value; +} + +int +sysfsparser_linelookup_numeric (char *line, char *pattern, long long *value) +{ + char *p; + size_t len = strlen (pattern); + + if (!*line || (len + 1 > strlen (line))) + return 0; + + p = line + len; + if (strncmp (line, pattern, len) || !isspace (*p)) + return 0; + + *value = strtoll (p, NULL, 10); + return 1; +} + +static unsigned long +sysfsparser_cpufreq_get_value (unsigned int cpunum, + enum sysfsparser_cpufreq_sysfile_numeric_id which) +{ + char *line, *endptr; + long value; + + if (which >= MAX_VALUE_FILES) + return 0; + + line = + sysfsparser_getline (PATH_SYS_CPU "/cpu%u/cpufreq/%s", cpunum, + sysfsparser_devices_system_cpu_file_numeric[which]); + if (NULL == line) + return 0; + + errno = 0; + value = strtoul (line, &endptr, 10); + if ((endptr == line) || (errno == ERANGE)) + value = 0; + + free (line); + return value; +} + +static char * +sysfsparser_cpufreq_get_string (unsigned int cpunum, + enum sysfsparser_cpufreq_sysfile_string_id which) +{ + char *line; + size_t len = 0; + + if (which >= MAX_STRING_FILES) + return NULL; + + line = + sysfsparser_getline (PATH_SYS_CPU "/cpu%u/cpufreq/%s", cpunum, + sysfsparser_devices_system_cpu_file_string[which]); + if (NULL == line) + return 0; + + len = strlen (line); + if (line[len-1] == '\n') + line[len-1] = '\0'; + + return line; +} + +/* CPU Freq functions */ + +int +sysfsparser_cpufreq_get_hardware_limits (unsigned int cpu, + unsigned long *min, + unsigned long *max) +{ + if ((!min) || (!max)) + return -EINVAL; + + *min = sysfsparser_cpufreq_get_value (cpu, CPUINFO_MIN_FREQ); + if (!*min) + return -ENODEV; + + *max = sysfsparser_cpufreq_get_value (cpu, CPUINFO_MAX_FREQ); + if (!*max) + return -ENODEV; + + return 0; +} + +unsigned long +sysfsparser_cpufreq_get_freq_kernel (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_value (cpu, SCALING_CUR_FREQ); +} + +char * +sysfsparser_cpufreq_get_available_freqs (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_string (cpu, SCALING_AVAILABLE_FREQS); +} + +unsigned long +sysfsparser_cpufreq_get_transition_latency (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_value (cpu, CPUINFO_LATENCY); +} + +char * +sysfsparser_cpufreq_get_driver (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_string (cpu, SCALING_DRIVER); +} + +char * +sysfsparser_cpufreq_get_governor (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_string (cpu, SCALING_GOVERNOR); +} + +char * +sysfsparser_cpufreq_get_available_governors (unsigned int cpu) +{ + return sysfsparser_cpufreq_get_string (cpu, SCALING_AVAILABLE_GOVERNORS); +} + +/* Thermal Sensors function */ + +#define PATH_SYS_ACPI "/sys/class" +#define PATH_SYS_ACPI_THERMAL PATH_SYS_ACPI "/thermal" + +/* Thermal zone device sys I/F, created once it's registered: + * /sys/class/thermal/thermal_zone[0-*]: + * |---type: Type of the thermal zone + * |---temp: Current temperature + * |---mode: Working mode of the thermal zone + * |---policy: Thermal governor used for this zone + * |---trip_point_[0-*]_temp: Trip point temperature + * |---trip_point_[0-*]_type: Trip point type + * |---trip_point_[0-*]_hyst: Hysteresis value for this trip point + * |---emul_temp: Emulated temperature set node + */ + +bool +sysfsparser_thermal_kernel_support () +{ + if (chdir (PATH_SYS_ACPI_THERMAL) < 0) + return false; + + return true; +} + +const char * +sysfsparser_thermal_sysfs_path () +{ + return PATH_SYS_ACPI_THERMAL; +} + +int +sysfsparser_thermal_get_critical_temperature (unsigned int thermal_zone) +{ + int i, crit_temp = -1; + + /* as far as I can see, the only possible trip points are: + * 'critical', 'passive', 'active0', and 'active1' + * Four (optional) entries max. */ + for (i = 0; i < 4; i++) + { + char *type; + type = sysfsparser_getline (PATH_SYS_ACPI_THERMAL + "/thermal_zone%u/trip_point_%d_type", + thermal_zone, i); + if (NULL == type) + continue; + + /* cat /sys/class/thermal/thermal_zone0/trip_point_0_temp + * 98000 + * cat /sys/class/thermal/thermal_zone0/trip_point_0_type + * critical */ + if (!STRPREFIX (type, "critical")) + continue; + + crit_temp = sysfsparser_getvalue (PATH_SYS_ACPI_THERMAL + "/thermal_zone%u/trip_point_%d_temp", + thermal_zone, i); + + if (crit_temp > 0) + dbg ("a critical trip point has been found: %.2f degrees C\n", + (float) (crit_temp / 1000.0)); + + free (type); + break; + } + + return crit_temp; +} + +const char * +sysfsparser_thermal_get_device (unsigned int thermal_zone) +{ + char *device; + device = sysfsparser_getline (PATH_SYS_ACPI_THERMAL + "/thermal_zone%u/device/path", + thermal_zone); + if (NULL == device) + return "Virtual device"; + + return STRTRIMPREFIX (device, "\\_TZ_."); +} + +int +sysfsparser_thermal_get_temperature (unsigned int selected_zone, + unsigned int *zone, char **type) +{ + DIR *d; + struct dirent *de; + bool found_data = false; + unsigned int thermal_zone; + unsigned long max_temp = 0, temp = 0; + + if (!sysfsparser_thermal_kernel_support ()) + plugin_error (STATE_UNKNOWN, 0, "no ACPI thermal support in kernel " + "or incorrect path (\"%s\")", PATH_SYS_ACPI_THERMAL); + + if ((d = opendir (".")) == NULL) + plugin_error (STATE_UNKNOWN, errno, + "cannot open() " PATH_SYS_ACPI_THERMAL); + + while ((de = readdir (d))) + { + /* ignore directory entries */ + if (STREQ (de->d_name, ".") || STREQ (de->d_name, "..")) + continue; + /* ignore all files but 'thermal_zone[0-*]' ones */ + if (!STRPREFIX (de->d_name, "thermal_zone")) + continue; + + thermal_zone = strtoul (de->d_name + 12, NULL, 10); + if ((selected_zone != ALL_THERMAL_ZONES) && + (selected_zone != thermal_zone)) + continue; + + /* temperatures are stored in the files + * /sys/class/thermal/thermal_zone[0-9]/temp */ + temp = sysfsparser_getvalue (PATH_SYS_ACPI_THERMAL "/%s/temp", + de->d_name); + *type = sysfsparser_getline (PATH_SYS_ACPI_THERMAL "/%s/type", + de->d_name); + + /* If a thermal zone is not asked by user, get the highest temperature + * reported by sysfs */ + dbg ("thermal information found: %.2f°C, zone: %u, type: %s\n", + (float) (temp / 1000.0), thermal_zone, *type); + found_data = true; + if (max_temp < temp || 0 == max_temp) + { + max_temp = temp; + *zone = thermal_zone; + } + } + closedir (d); + + if (false == found_data) + { + if (selected_zone == ALL_THERMAL_ZONES) + plugin_error (STATE_UNKNOWN, 0, + "no thermal information has been found"); + else + plugin_error (STATE_UNKNOWN, 0, + "no thermal information for zone '%u'", selected_zone); + } + + return max_temp; +} + +void +sysfsparser_thermal_listall () +{ + struct dirent **namelist; + unsigned int thermal_zone; + char *type; + int i, n, crit_temp; + + if (!sysfsparser_thermal_kernel_support ()) + plugin_error (STATE_UNKNOWN, errno, + "no ACPI thermal support in kernel " + "or incorrect path (\"%s\")", PATH_SYS_ACPI_THERMAL); + + n = scandir (PATH_SYS_ACPI_THERMAL, &namelist, 0, alphasort); + if (-1 == n) + plugin_error (STATE_UNKNOWN, errno, + "cannot scandir() " PATH_SYS_ACPI_THERMAL); + + printf ("Thermal zones reported by the linux kernel (%s):\n", + sysfsparser_thermal_sysfs_path ()); + + for (i = 0; i < n; i++) + { + if (STRPREFIX (namelist[i]->d_name, "thermal_zone")) + { + thermal_zone = strtoul (namelist[i]->d_name + 12, NULL, 10); + type = sysfsparser_getline (PATH_SYS_ACPI_THERMAL "/%s/type", + namelist[i]->d_name); + crit_temp = + sysfsparser_thermal_get_critical_temperature (thermal_zone); + + fprintf (stdout, " - zone %2u [%s], type \"%s\"" + , thermal_zone + , sysfsparser_thermal_get_device (thermal_zone) + , type ? type : "n/a"); + if (crit_temp > 0) + fprintf (stdout, ", critical trip point at %d°C", crit_temp / 1000); + fputs ("\n", stdout); + } + + free (namelist[i]); + } + + free(namelist); +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/tcpinfo.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/tcpinfo.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/tcpinfo.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/tcpinfo.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,294 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A library for checking TCP network and socket informations + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include +#include +#if HAVE_NETINET_IN_H +# include +#endif + +#include "common.h" +#include "messages.h" +#include "system.h" + +#define PROC_TCPINFO "/proc/net/tcp" +#define PROC_TCP6INFO "/proc/net/tcp6" + +#define TCP_UNSET 0 +#define TCP_VERBOSE (1 << 1) +#define TCP_v4 (1 << 2) +#define TCP_v6 (1 << 3) + +typedef enum tcp_status +{ + TCP_ESTABLISHED = 1, + TCP_SYN_SENT, + TCP_SYN_RECV, + TCP_FIN_WAIT1, + TCP_FIN_WAIT2, + TCP_TIME_WAIT, + TCP_CLOSE, + TCP_CLOSE_WAIT, + TCP_LAST_ACK, + TCP_LISTEN, + TCP_CLOSING /* now a valid state */ +} tcp_status; + +static const char *tcp_state[] = +{ + "", + "ESTABLISHED", + "SYN_SENT", + "SYN_RECV", + "FIN_WAIT1", + "FIN_WAIT2", + "TIME_WAIT", + "CLOSE", + "CLOSE_WAIT", + "LAST_ACK", + "LISTEN", + "CLOSING" +}; + +typedef struct proc_tcptable_data +{ + unsigned long tcp_established; + unsigned long tcp_syn_sent; + unsigned long tcp_syn_recv; + unsigned long tcp_fin_wait1; + unsigned long tcp_fin_wait2; + unsigned long tcp_time_wait; + unsigned long tcp_close; + unsigned long tcp_close_wait; + unsigned long tcp_last_ack; + unsigned long tcp_listen; + unsigned long tcp_closing; +} proc_tcptable_data_t; + +typedef struct proc_tcptable +{ + int refcount; + struct proc_tcptable_data *data; +} proc_tcptable_t; + + +/* Parses /proc/net/tcp and /proc/net/tcp6 */ + +static void +procparser_tcp (const char *procfile, struct proc_tcptable_data *data, + bool verbose) +{ + FILE *fp; + char *line = NULL; + size_t len = 0; + ssize_t nread; + + char local_addr_buf[128], rem_addr_buf[128]; + unsigned int slot, num, local_port, rem_port; + unsigned int state, timer_run, uid, timeout; + unsigned long lnr = 0; + unsigned long rxq, txq, time_len, retr, inode; +#if HAVE_AFINET6 + char lbuffer[INET6_ADDRSTRLEN], rbuffer[INET6_ADDRSTRLEN]; + struct in6_addr in6; +#else + char lbuffer[INET_ADDRSTRLEN], rbuffer[INET_ADDRSTRLEN]; +#endif + struct sockaddr_in in; + + if ((fp = fopen (procfile, "r")) == NULL) + plugin_error (STATE_UNKNOWN, errno, "error opening %s", procfile); + + /* sl local_addr:local_port rem_addr:rem_port st ... */ + while ((nread = getline (&line, &len, fp)) != -1) + { + if (++lnr == 1) /* Skip the heading line */ + { + if (verbose) + printf ("[%s]\nproto %-11s %20s %22s\n", procfile, + "status", "local-addr:port", "remote-addr:port"); + continue; + } + + num = + sscanf (line, + "%u: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X " + "%lX:%lX %X:%lX %lX %u %u %lu %*s\n", + &slot, local_addr_buf, &local_port, rem_addr_buf, &rem_port, + &state, &txq, &rxq, &timer_run, &time_len, &retr, &uid, + &timeout, &inode); + if (num < 11) + fprintf (stderr, "warning, got bogus tcp line.\n%s", line); + + switch (state) + { + case TCP_ESTABLISHED: + data -> tcp_established++; + break; + case TCP_SYN_SENT: + data -> tcp_syn_sent++; + break; + case TCP_SYN_RECV: + data -> tcp_syn_recv++; + break; + case TCP_FIN_WAIT1: + data -> tcp_fin_wait1++; + break; + case TCP_FIN_WAIT2: + data -> tcp_fin_wait2++; + break; + case TCP_TIME_WAIT: + data -> tcp_time_wait++; + break; + case TCP_CLOSE: + data -> tcp_close++; + break; + case TCP_CLOSE_WAIT: + data -> tcp_close_wait++; + break; + case TCP_LAST_ACK: + data -> tcp_last_ack++; + break; + case TCP_LISTEN: + data -> tcp_listen++; + break; + case TCP_CLOSING: + data -> tcp_closing++; + break; + } + + if (verbose == false) + continue; + + /* Demangle what the kernel gives us */ + if (strlen (local_addr_buf) > 8) + { +#if HAVE_AFINET6 + sscanf (local_addr_buf, "%08X%08X%08X%08X", + &in6.s6_addr32[0], &in6.s6_addr32[1], + &in6.s6_addr32[2], &in6.s6_addr32[3]); + /*in6.sin6_family = AF_INET6;*/ + inet_ntop (AF_INET6, &in6, lbuffer, sizeof (lbuffer)); + sscanf (rem_addr_buf, "%08X%08X%08X%08X", + &in6.s6_addr32[0], &in6.s6_addr32[1], + &in6.s6_addr32[2], &in6.s6_addr32[3]); + inet_ntop (AF_INET6, &in6, rbuffer, sizeof (rbuffer)); + + printf(" tcp6 %-11s %15s:%-6u %15s:%-6u\n", tcp_state[state], + lbuffer, local_port, rbuffer, rem_port); +#endif + } + else + { + sscanf (local_addr_buf, "%X", &in.sin_addr.s_addr); + /*in.sa_family = AF_INET;*/ + inet_ntop (AF_INET, &in.sin_addr, lbuffer, sizeof (lbuffer)); + sscanf (rem_addr_buf, "%X", &in.sin_addr.s_addr); + inet_ntop (AF_INET, &in.sin_addr, rbuffer, sizeof (rbuffer)); + + printf(" tcp %-11s %15s:%-6u %15s:%-6u\n", tcp_state[state], + lbuffer, local_port, rbuffer, rem_port); + } + } + + free (line); +} + +/* Allocates space for a new tcptable object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + +int +proc_tcptable_new (struct proc_tcptable **tcptable) +{ + struct proc_tcptable *t; + + t = calloc (1, sizeof (struct proc_tcptable)); + if (!t) + return -ENOMEM; + + t->refcount = 1; + t->data = calloc (1, sizeof (struct proc_tcptable_data)); + if (!t->data) + { + free (t); + return -ENOMEM; + } + + *tcptable = t; + return 0; +} + +/* Fill the proc_tcptable structure pointed will the values found in the + * proc filesystem. */ + +void +proc_tcptable_read (struct proc_tcptable *tcptable, int flags) +{ + if (tcptable == NULL) + return; + + bool verbose = (flags & TCP_VERBOSE) ? true : false; + struct proc_tcptable_data *data = tcptable->data; + + if (flags & TCP_v4) + procparser_tcp (PROC_TCPINFO, data, verbose); + + if (flags & TCP_v6) + procparser_tcp (PROC_TCP6INFO, data, verbose); +} + +struct proc_tcptable * +proc_tcptable_unref (struct proc_tcptable *tcptable) +{ + if (tcptable == NULL) + return NULL; + + tcptable->refcount--; + if (tcptable->refcount > 0) + return tcptable; + + free (tcptable->data); + free (tcptable); + return NULL; +} + +#define proc_tcp_get(arg) \ +unsigned long proc_tcp_get_tcp_ ## arg (struct proc_tcptable *p) \ + { return (p == NULL) ? 0 : p->data->tcp_ ## arg; } + +proc_tcp_get (established) +proc_tcp_get (syn_sent) +proc_tcp_get (syn_recv) +proc_tcp_get (fin_wait1) +proc_tcp_get (fin_wait2) +proc_tcp_get (time_wait) +proc_tcp_get (close) +proc_tcp_get (close_wait) +proc_tcp_get (last_ack) +proc_tcp_get (listen) +proc_tcp_get (closing) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/thresholds.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/thresholds.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/thresholds.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/thresholds.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,215 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPL + * Copyright (c) 2006 Nagios Plugins Development Team + * + * Library of useful functions for nagios plugins + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "string-macros.h" +#include "system.h" +#include "thresholds.h" +#include "xalloc.h" + +/* + * Returns TRUE if alert should be raised based on the range + */ +int +check_range (double value, range * my_range) +{ + bool no = false; + bool yes = true; + + if (my_range->alert_on == NP_RANGE_INSIDE) + { + no = true; + yes = false; + } + + if (my_range->end_infinity == false && my_range->start_infinity == false) + { + if ((my_range->start <= value) && (value <= my_range->end)) + return no; + else + return yes; + } + else if (my_range->start_infinity == false + && my_range->end_infinity == true) + { + if (my_range->start <= value) + return no; + else + return yes; + } + else if (my_range->start_infinity == true + && my_range->end_infinity == false) + { + if (value <= my_range->end) + return no; + else + return yes; + } + else + return no; +} + +int +get_status (double value, thresholds * my_thresholds) +{ + if (my_thresholds->critical != NULL) + { + if (check_range (value, my_thresholds->critical) == true) + return STATE_CRITICAL; + } + if (my_thresholds->warning != NULL) + { + if (check_range (value, my_thresholds->warning) == true) + return STATE_WARNING; + } + return STATE_OK; +} + +void +set_range_start (range * this, double value) +{ + this->start = value; + this->start_infinity = false; +} + +void +set_range_end (range * this, double value) +{ + this->end = value; + this->end_infinity = false; +} + +range * +parse_range_string (char *str) +{ + range *temp_range; + double end; + char *end_str; + + temp_range = (range *) xmalloc (sizeof (range)); + + /* + * Set defaults + */ + temp_range->start = 0; + temp_range->start_infinity = false; + temp_range->end = 0; + temp_range->end_infinity = true; + temp_range->alert_on = NP_RANGE_OUTSIDE; + + if (str[0] == '@') + { + temp_range->alert_on = NP_RANGE_INSIDE; + str++; + } + + end_str = index (str, ':'); + if (end_str != NULL) + { + if (str[0] == '~') + temp_range->start_infinity = true; + else + { + double start = strtod (str, NULL); /* Will stop at the ':' */ + set_range_start (temp_range, start); + } + end_str++; /* Move past the ':' */ + } + else + { + end_str = str; + } + end = strtod (end_str, NULL); + if (STRNEQ (end_str, "")) + set_range_end (temp_range, end); + + if (temp_range->start_infinity == true || + temp_range->end_infinity == true || + temp_range->start <= temp_range->end) + { + return temp_range; + } + free (temp_range); + return NULL; +} + +/* + * Returns 0 if okay, otherwise 1 (NP_RANGE_UNPARSEABLE) + */ +int +set_thresholds (thresholds ** my_thresholds, char *warn_string, + char *critical_string) +{ + thresholds *temp_thresholds = NULL; + + if ((temp_thresholds = malloc (sizeof (thresholds))) == NULL) + { + printf ("Cannot allocate memory: %s", strerror (errno)); + exit (STATE_UNKNOWN); + } + + temp_thresholds->warning = NULL; + temp_thresholds->critical = NULL; + + if (warn_string != NULL) + { + if ((temp_thresholds->warning = + parse_range_string (warn_string)) == NULL) + { + free (temp_thresholds); + return NP_RANGE_UNPARSEABLE; + } + } + if (critical_string != NULL) + { + if ((temp_thresholds->critical = + parse_range_string (critical_string)) == NULL) + { + free (temp_thresholds); + return NP_RANGE_UNPARSEABLE; + } + } + + *my_thresholds = temp_thresholds; + + return 0; +} + +/* + * Returns true if the warning and critical thresholds are expressed + * as percentages (when defined), false otherwise + */ + +bool +thresholds_expressed_as_percentages (char *warn_string, char *critical_string) +{ + if ((warn_string && !STRCONTAINS (warn_string, "%")) + || (critical_string && !STRCONTAINS (critical_string, "%"))) + return false; + + return true; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/url_encode.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/url_encode.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/url_encode.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/url_encode.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: Public Domain + * Copyright (c) Fred Bulback + * Source Code: http://www.geekhideout.com/urlcode.shtml + * + * A library for encoding URLs. + * + * To the extent possible under law, Fred Bulback has waived all copyright + * and related or neighboring rights to URL Encoding/Decoding in C. + * This work is published from: United States. */ + +#include +#include +#include +#include + +/* Converts a hex character to its integer value */ +char +from_hex (char ch) +{ + return isdigit (ch) ? ch - '0' : tolower (ch) - 'a' + 10; +} + +/* Converts an integer value to its hex character */ +char +to_hex (char code) +{ + const char hex[] = "0123456789abcdef"; + return hex[code & 15]; +} + +/* Returns a url-encoded version of str */ +/* IMPORTANT: be sure to free() the returned string after use */ +char * +url_encode (char *str) +{ + char *pstr = str, *buf = malloc (strlen (str) * 3 + 1), *pbuf = buf; + while (*pstr) + { + if (isalnum (*pstr) || *pstr == '-' || *pstr == '_' || *pstr == '.' + || *pstr == '~') + *pbuf++ = *pstr; + else if (*pstr == ' ') + *pbuf++ = '+'; + else + { + *pbuf++ = '%'; + *pbuf++ = to_hex (*pstr >> 4); + *pbuf++ = to_hex (*pstr & 15); + } + pstr++; + } + *pbuf = '\0'; + return buf; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,337 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014 Davide Madrisan + * + * A library for checking memory and swap usage on linux + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * This module is based on procps 3.2.8 + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include + +#include "system.h" +#include "getenv.h" +#include "messages.h" +#include "procparser.h" +#include "vminfo.h" + +#define PROC_STAT "/proc/stat" + +typedef struct proc_vmem_data +{ + /* read /proc/vminfo only for 2.5.41 and above */ + /* see include/linux/page-flags.h and mm/page_alloc.c */ + unsigned long vm_nr_dirty; /* dirty writable pages */ + unsigned long vm_nr_writeback; /* pages under writeback */ + unsigned long vm_nr_pagecache; /* pages in pagecache -- gone in 2.5.66+ kernels */ + unsigned long vm_nr_page_table_pages; /* pages used for pagetables */ + unsigned long vm_nr_reverse_maps; /* includes PageDirect */ + unsigned long vm_nr_mapped; /* mapped into pagetables */ + unsigned long vm_nr_slab; /* in slab */ + unsigned long vm_pgpgin; /* kB disk reads (same as 1st num on /proc/stat page line) */ + unsigned long vm_pgpgout; /* kB disk writes (same as 2nd num on /proc/stat page line) */ + unsigned long vm_pswpin; /* swap reads (same as 1st num on /proc/stat swap line) */ + unsigned long vm_pswpout; /* swap writes (same as 2nd num on /proc/stat swap line) */ + unsigned long vm_pgalloc; /* page allocations */ + unsigned long vm_pgfree; /* page freeings */ + unsigned long vm_pgactivate; /* pages moved inactive -> active */ + unsigned long vm_pgdeactivate; /* pages moved active -> inactive */ + unsigned long vm_pgfault; /* total faults (major+minor) */ + unsigned long vm_pgmajfault; /* major faults */ + unsigned long vm_pgscan; /* pages scanned by page reclaim */ + unsigned long vm_pgrefill; /* inspected by refill_inactive_zone */ + unsigned long vm_pgsteal; /* total pages reclaimed */ + unsigned long vm_kswapd_steal; /* pages reclaimed by kswapd */ + /* next 3 as defined by the 2.5.52 kernel */ + unsigned long vm_pageoutrun; /* times kswapd ran page reclaim */ + unsigned long vm_allocstall; /* times a page allocator ran direct reclaim */ + unsigned long vm_pgrotated; /* pages rotated to the tail of the LRU for immediate reclaim */ + unsigned long vm_pgalloc_dma; + unsigned long vm_pgalloc_dma32; + unsigned long vm_pgalloc_high; + unsigned long vm_pgalloc_normal; + unsigned long vm_pgrefill_dma; + unsigned long vm_pgrefill_dma32; + unsigned long vm_pgrefill_high; + unsigned long vm_pgrefill_normal; + unsigned long vm_pgscan_direct_dma; + unsigned long vm_pgscan_direct_dma32; + unsigned long vm_pgscan_direct_high; + unsigned long vm_pgscan_direct_normal; + unsigned long vm_pgscan_kswapd_dma; + unsigned long vm_pgscan_kswapd_dma32; + unsigned long vm_pgscan_kswapd_high; + unsigned long vm_pgscan_kswapd_normal; + unsigned long vm_pgsteal_dma; + unsigned long vm_pgsteal_dma32; + unsigned long vm_pgsteal_high; + unsigned long vm_pgsteal_normal; + unsigned long vm_pgsteal_direct_dma; + unsigned long vm_pgsteal_direct_dma32; + unsigned long vm_pgsteal_direct_high; + unsigned long vm_pgsteal_direct_normal; + /* seen on a 2.6.8-rc1 kernel */ + unsigned long vm_kswapd_inodesteal; + unsigned long vm_nr_unstable; + unsigned long vm_pginodesteal; + unsigned long vm_slabs_scanned; +} proc_vmem_data_t; + +typedef struct proc_vmem +{ + int refcount; + struct proc_vmem_data *data; +} proc_vmem_t; + +#ifndef NPL_TESTING + +const char * +get_path_proc_vmstat () +{ + const char *env_procvmstat = secure_getenv ("NPL_TEST_PATH_PROCVMSTAT"); + if (env_procvmstat) + return env_procvmstat; + + return "/proc/vmstat"; +} + +/* get_vmem_pagesize - get memory page size */ + +inline long +get_vmem_pagesize (void) +{ + return sysconf (_SC_PAGESIZE); +} + +/* Allocates space for a new vmem object. + * Returns 0 if all went ok. Errors are returned as negative values. */ + +int +proc_vmem_new (struct proc_vmem **vmem) +{ + struct proc_vmem *vm; + + vm = calloc (1, sizeof (struct proc_vmem)); + if (!vm) + return -ENOMEM; + + vm->refcount = 1; + vm->data = calloc (1, sizeof (struct proc_vmem_data)); + if (!vm->data) + { + free (vm); + return -ENOMEM; + } + + *vmem = vm; + return 0; +} + +/* Fill the proc_vmem structure pointed will the values found in the + * proc filesystem. */ + +void +proc_vmem_read (struct proc_vmem *vmem) +{ + FILE *fp; + char *line = NULL; + size_t len = 0; + bool found_pgpg_data = false, found_pswp_data = false; + + if (vmem == NULL) + return; + + struct proc_vmem_data *data = vmem->data; + + const proc_table_struct vmem_table[] = { + { "allocstall", &data->vm_allocstall }, + { "kswapd_inodesteal", &data->vm_kswapd_inodesteal }, + { "kswapd_steal", &data->vm_kswapd_steal }, + { "nr_dirty", &data->vm_nr_dirty }, /* page version of meminfo Dirty */ + { "nr_mapped", &data->vm_nr_mapped }, /* page version of meminfo Mapped */ + { "nr_page_table_pages", &data->vm_nr_page_table_pages }, /* same as meminfo PageTables */ + { "nr_pagecache", &data->vm_nr_pagecache }, /* gone in 2.5.66+ kernels */ + { "nr_reverse_maps", &data->vm_nr_reverse_maps }, /* page version of meminfo ReverseMaps GONE */ + { "nr_slab", &data->vm_nr_slab }, /* page version of meminfo Slab */ + { "nr_unstable", &data->vm_nr_unstable }, + { "nr_writeback", &data->vm_nr_writeback }, /* page version of meminfo Writeback */ + { "pageoutrun", &data->vm_pageoutrun }, + { "pgactivate", &data->vm_pgactivate }, + { "pgalloc", &data->vm_pgalloc }, /* GONE (now separate dma,high,normal) */ + { "pgalloc_dma", &data->vm_pgalloc_dma }, + { "pgalloc_dma32", &data->vm_pgalloc_dma32 }, + { "pgalloc_high", &data->vm_pgalloc_high }, + { "pgalloc_normal", &data->vm_pgalloc_normal }, + { "pgdeactivate", &data->vm_pgdeactivate }, + { "pgfault", &data->vm_pgfault }, + { "pgfree", &data->vm_pgfree }, + { "pginodesteal", &data->vm_pginodesteal }, + { "pgmajfault", &data->vm_pgmajfault }, + { "pgpgin", &data->vm_pgpgin }, /* important */ + { "pgpgout", &data->vm_pgpgout }, /* important */ + { "pgrefill", &data->vm_pgrefill }, /* GONE (now separate dma,high,normal) */ + { "pgrefill_dma", &data->vm_pgrefill_dma }, + { "pgrefill_dma32", &data->vm_pgrefill_dma32 }, + { "pgrefill_high", &data->vm_pgrefill_high }, + { "pgrefill_normal", &data->vm_pgrefill_normal }, + { "pgrotated", &data->vm_pgrotated }, + { "pgscan", &data->vm_pgscan }, /* GONE (now separate direct,kswapd and dma,high,normal) */ + { "pgscan_direct_dma", &data->vm_pgscan_direct_dma }, + { "pgscan_direct_dma32", &data->vm_pgscan_direct_dma32 }, + { "pgscan_direct_high", &data->vm_pgscan_direct_high }, + { "pgscan_direct_normal", &data->vm_pgscan_direct_normal }, + { "pgscan_kswapd_dma", &data->vm_pgscan_kswapd_dma }, + { "pgscan_kswapd_dma32", &data->vm_pgscan_kswapd_dma32 }, + { "pgscan_kswapd_high", &data->vm_pgscan_kswapd_high }, + { "pgscan_kswapd_normal", &data->vm_pgscan_kswapd_normal }, + { "pgsteal", &data->vm_pgsteal }, /* GONE (now separate dma,high,normal) */ + { "pgsteal_dma", &data->vm_pgsteal_dma }, + { "pgsteal_dma32", &data->vm_pgsteal_dma32 }, + { "pgsteal_high", &data->vm_pgsteal_high }, + { "pgsteal_normal", &data->vm_pgsteal_normal }, + { "pgsteal_direct_dma", &data->vm_pgsteal_direct_dma }, + { "pgsteal_direct_dma32", &data->vm_pgsteal_direct_dma32 }, + { "pgsteal_direct_high", &data->vm_pgsteal_direct_high }, + { "pgsteal_direct_normal", &data->vm_pgsteal_direct_normal }, + { "pswpin", &data->vm_pswpin }, /* important */ + { "pswpout", &data->vm_pswpout }, /* important */ + { "slabs_scanned", &data->vm_slabs_scanned }, + }; + const int vmem_table_count = + sizeof (vmem_table) / sizeof (proc_table_struct); + + data->vm_pgalloc = 0; + data->vm_pgrefill = 0; + data->vm_pgscan = 0; + data->vm_pgsteal = 0; + + data->vm_pgpgin = data->vm_pgpgout = ~0UL; + data->vm_pswpin = data->vm_pswpout = ~0UL; + + procparser (get_path_proc_vmstat (), vmem_table, vmem_table_count, ' '); + +#define FOR_ALL_ZONES(x) x##_dma + x##_dma32 + x##_normal + x##_high + if (!data->vm_pgalloc) + data->vm_pgalloc = FOR_ALL_ZONES (data->vm_pgalloc); + + if (!data->vm_pgrefill) + data->vm_pgrefill = FOR_ALL_ZONES (data->vm_pgrefill); + + if (!data->vm_pgscan) + data->vm_pgscan = FOR_ALL_ZONES (data->vm_pgscan_direct) + + FOR_ALL_ZONES (data->vm_pgscan_kswapd); + + if (!data->vm_pgsteal) + data->vm_pgsteal = FOR_ALL_ZONES (data->vm_pgsteal); +#undef FOR_ALL_ZONES + + if (data->vm_pgpgin != ~0UL && data->vm_pswpin != ~0UL) + return; + else if (data->vm_pgpgin != ~0UL) + found_pgpg_data = true; + else if (data->vm_pswpin != ~0UL) + found_pswp_data = true; + + /* Linux kernels < 2.5.40-bk4 */ + + if ((fp = fopen (PROC_STAT, "r"))) + { + ssize_t nread; + while ((nread = getline (&line, &len, fp)) != -1) + { + if (2 == sscanf (line, "page %lu %lu", + &data->vm_pgpgin, &data->vm_pgpgout)) + found_pgpg_data = true; + else if (2 == sscanf (line, "swap %lu %lu", + &data->vm_pswpin, &data->vm_pswpout)) + found_pswp_data = true; + + if (found_pgpg_data && found_pswp_data) + break; + } + fclose (fp); + free (line); + } + + /* This should never occur */ + if (!found_pgpg_data) + data->vm_pgpgin = data->vm_pgpgout = 0; + if (!found_pswp_data) + data->vm_pswpin = data->vm_pswpout = 0; +} + +/* Drop a reference of the memory library context. If the refcount of + * reaches zero, the resources of the context will be released. */ + +struct proc_vmem * +proc_vmem_unref (struct proc_vmem *vmem) +{ + if (vmem == NULL) + return NULL; + + vmem->refcount--; + if (vmem->refcount > 0) + return vmem; + + free (vmem->data); + free (vmem); + return NULL; +} + +#define proc_vmem_get(arg) \ +unsigned long proc_vmem_get_ ## arg (struct proc_vmem *p) \ + { return (p == NULL) ? 0 : p->data->vm_ ## arg; } + +proc_vmem_get (pgalloc) +proc_vmem_get (pgfault) +proc_vmem_get (pgfree) +proc_vmem_get (pgmajfault) +proc_vmem_get (pgpgin) +proc_vmem_get (pgpgout) +proc_vmem_get (pgrefill) +proc_vmem_get (pgscan) +proc_vmem_get (pgsteal) +proc_vmem_get (pswpin) +proc_vmem_get (pswpout) + +#undef proc_vmem_get + +unsigned long +proc_vmem_get_pgscand (struct proc_vmem *vmem) +{ + return (vmem == + NULL) ? 0 : vmem->data->vm_pgscan_direct_dma + + vmem->data->vm_pgscan_direct_high + vmem->data->vm_pgscan_direct_normal; +} + +unsigned long +proc_vmem_get_pgscank (struct proc_vmem *vmem) +{ + return (vmem == + NULL) ? 0 : vmem->data->vm_pgscan_kswapd_dma + + vmem->data->vm_pgscan_kswapd_high + vmem->data->vm_pgscan_kswapd_normal; +} + +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo_procps.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo_procps.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo_procps.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/vminfo_procps.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,136 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * A library for checking memory and swap usage on linux. + * This library is a front-end for `procps-newlib': + * https://gitlab.com/madrisan/procps/tree/newlib + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include + +typedef struct proc_vmem +{ + int refcount; + struct vmstat_info *info; /* proc/vmstat.h */ +} proc_vmem_t; + +int +proc_vmem_new (struct proc_vmem **vmem) +{ + struct proc_vmem *vm; + + vm = calloc (1, sizeof (struct proc_vmem)); + if (!vm) + return -ENOMEM; + + vm->refcount = 1; + + if (procps_vmstat_new (&vm->info) < 0) + return -ENOMEM; + + *vmem = vm; + return 0; +} + +void +proc_vmem_read (struct proc_vmem *vmem __attribute__ ((unused))) +{ +} + +struct proc_vmem * +proc_vmem_unref (struct proc_vmem *vmem) +{ + if (vmem == NULL) + return NULL; + + vmem->refcount--; + if (vmem->refcount > 0) + return vmem; + + procps_vmstat_unref (&(vmem->info)); + free (vmem); + return NULL; +} + +#define proc_vmem_get(arg, item) \ +unsigned long proc_vmem_get_ ## arg (struct proc_vmem *p) \ + { return (p == NULL) ? 0 : VMSTAT_GET(p->info, item, ul_int); } + +proc_vmem_get (pgfault, VMSTAT_PGFAULT) +proc_vmem_get (pgfree, VMSTAT_PGFREE) +proc_vmem_get (pgmajfault, VMSTAT_PGMAJFAULT) +proc_vmem_get (pgpgin, VMSTAT_PGPGIN) proc_vmem_get (pgpgout, VMSTAT_PGPGOUT) +proc_vmem_get (pswpin, VMSTAT_PSWPIN) +proc_vmem_get (pswpout, VMSTAT_PSWPOUT) + +#undef proc_vmem_get + +/* + * DMA memory zone: + * - low 16MB of memory + * - exists for historical reasons, sometime there was hardware that + * could only do DMA in this area + * DMA32 memory zone: + * - only in 64-bit linux + * - low ~4GBytes of memory + * - today, there is hardware that can do DMA to 4GBytes + * Normal memory zone: + * different on 32-bit and 64-bit machines + * - 32-bit: Memory from 16MB to 896MB + * - 64-bit: Memory above ~4GB + * HighMem memory zone: + * - only on 32-bit Linux + * - all Memory above ~896 MB + * - is not permanently or automatically mapped into the kernel’s + * address space + * + * cat /proc/pagetypeinfo + */ + +#define GET_DATA(item) VMSTAT_GET(vmem->info, item, ul_int) + +unsigned long +proc_vmem_get_pgsteal (struct proc_vmem *vmem) +{ + if (vmem == NULL) + return 0; + + return GET_DATA (VMSTAT_PGSTEAL_DIRECT); +} + +unsigned long +proc_vmem_get_pgscand (struct proc_vmem *vmem) +{ + if (vmem == NULL) + return 0; + + return GET_DATA (VMSTAT_PGSCAN_DIRECT); +} + +unsigned long +proc_vmem_get_pgscank (struct proc_vmem *vmem) +{ + if (vmem == NULL) + return 0; + + return GET_DATA (VMSTAT_PGSCAN_KSWAPD); +} + +#undef GET_DATA diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xasprintf.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xasprintf.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xasprintf.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xasprintf.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* asprintf with out-of-memory checking. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "xasprintf.h" + +char * +xasprintf (const char *format, ...) +{ + va_list args; + char *result; + + va_start (args, format); + if (vasprintf (&result, format, args) < 0) + plugin_error (STATE_UNKNOWN, errno, "asprintf has failed"); + va_end (args); + + return result; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xmalloc.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xmalloc.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xmalloc.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xmalloc.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* xmalloc.c -- malloc with out of memory checking + * + * Copyright (C) 1990-2000, 2002-2006, 2008-2012 Free Software Foundation, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + +#include +#include +#include +#include + +# include "messages.h" +# include "xalloc.h" + +/* Allocate N bytes of memory dynamically, with error checking. + * The memory is set to zero. */ + +void * +xmalloc (const size_t n) +{ + void *p = calloc (1, n); + if (!p && n != 0) + plugin_error (STATE_UNKNOWN, errno, "memory exhausted"); + return p; +} + +/* Clone an object P of size S, with error checking. There's no need + * for xnmemdup (P, N, S), since xmemdup (P, N * S) works without any + * need for an arithmetic overflow check. */ + +void * +xmemdup (void const *p, const size_t s) +{ + return memcpy (xmalloc (s), p, s); +} + +/* Clone STRING. */ + +char * +xstrdup (char const *string) +{ + return xmemdup (string, strlen (string) + 1); +} + +/* Clone a substring of lenght S, starting at the address START. + * S characters will be copied into the new allocated memory and + * a null character will be added at the and. */ + +char * +xsubstrdup (char const *start, const size_t s) +{ + return memcpy (xmalloc (s + 1), start, s); +} + +/* Allocate an array of N objects, each with S bytes of memory, + * dynamically, with error checking. S must be nonzero. */ + +void * +xnmalloc (const size_t n, const size_t s) +{ + return xmalloc (n * s); +} + +/* Memory allocation wrapper for realloc */ + +void * +xrealloc (void *ptr, const size_t size) +{ + void *ret = realloc (ptr, size); + if (!ret && size) + plugin_error (STATE_UNKNOWN, errno, "memory exhausted"); + return ret; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xstrton.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xstrton.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xstrton.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/lib/xstrton.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* strtol with error checking + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#include +#include + +#include "common.h" +#include "messages.h" + +/* same as strtod(3) but exit on failure instead of returning crap */ +double +strtod_or_err (const char *str, const char *errmesg) +{ + char *end = NULL; + + if (str != NULL && *str != '\0') + { + errno = 0; + double num = strtod (str, &end); + if (errno == 0 && str != end && end != NULL && *end == '\0') + return num; + } + + plugin_error (STATE_UNKNOWN, errno, "%s: '%s'", errmesg, str); + return 0; +} + +/* same as strtol(3) but exit on failure instead of returning crap */ +long +strtol_or_err (const char *str, const char *errmesg) +{ + char *end = NULL; + + if (str != NULL && *str != '\0') + { + errno = 0; + long num = strtol (str, &end, 10); + if (errno == 0 && str != end && end != NULL && *end == '\0') + return num; + } + + plugin_error (STATE_UNKNOWN, errno, "%s: '%s'", errmesg, str); + return 0; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/LICENSE nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/LICENSE --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/LICENSE 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/LICENSE 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,674 @@ +GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/ltmain.sh nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/ltmain.sh --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/ltmain.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/ltmain.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,11147 @@ +#! /bin/sh +## DO NOT EDIT - This file generated from ./build-aux/ltmain.in +## by inline-source v2014-01-03.01 + +# libtool (GNU libtool) 2.4.6 +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +PROGRAM=libtool +PACKAGE=libtool +VERSION=2.4.6 +package_revision=2.4.6 + + +## ------ ## +## Usage. ## +## ------ ## + +# Run './libtool --help' for help with using this script from the +# command line. + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# After configure completes, it has a better idea of some of the +# shell tools we need than the defaults used by the functions shared +# with bootstrap, so set those here where they can still be over- +# ridden by the user, but otherwise take precedence. + +: ${AUTOCONF="autoconf"} +: ${AUTOMAKE="automake"} + + +## -------------------------- ## +## Source external libraries. ## +## -------------------------- ## + +# Much of our low-level functionality needs to be sourced from external +# libraries, which are installed to $pkgauxdir. + +# Set a version string for this script. +scriptversion=2015-01-20.17; # UTC + +# General shell script boiler plate, and helper functions. +# Written by Gary V. Vaughan, 2004 + +# Copyright (C) 2004-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# As a special exception to the GNU General Public License, if you distribute +# this file as part of a program or library that is built using GNU Libtool, +# you may include this file under the same distribution terms that you use +# for the rest of that program. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# Evaluate this file near the top of your script to gain access to +# the functions and variables defined here: +# +# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh +# +# If you need to override any of the default environment variable +# settings, do that before evaluating this file. + + +## -------------------- ## +## Shell normalisation. ## +## -------------------- ## + +# Some shells need a little help to be as Bourne compatible as possible. +# Before doing anything else, make sure all that help has been provided! + +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac +fi + +# NLS nuisances: We save the old values in case they are required later. +_G_user_locale= +_G_safe_locale= +for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test set = \"\${$_G_var+set}\"; then + save_$_G_var=\$$_G_var + $_G_var=C + export $_G_var + _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" + _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" + fi" +done + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Make sure IFS has a sensible default +sp=' ' +nl=' +' +IFS="$sp $nl" + +# There are apparently some retarded systems that use ';' as a PATH separator! +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + + +## ------------------------- ## +## Locate command utilities. ## +## ------------------------- ## + + +# func_executable_p FILE +# ---------------------- +# Check that FILE is an executable regular file. +func_executable_p () +{ + test -f "$1" && test -x "$1" +} + + +# func_path_progs PROGS_LIST CHECK_FUNC [PATH] +# -------------------------------------------- +# Search for either a program that responds to --version with output +# containing "GNU", or else returned by CHECK_FUNC otherwise, by +# trying all the directories in PATH with each of the elements of +# PROGS_LIST. +# +# CHECK_FUNC should accept the path to a candidate program, and +# set $func_check_prog_result if it truncates its output less than +# $_G_path_prog_max characters. +func_path_progs () +{ + _G_progs_list=$1 + _G_check_func=$2 + _G_PATH=${3-"$PATH"} + + _G_path_prog_max=0 + _G_path_prog_found=false + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} + for _G_dir in $_G_PATH; do + IFS=$_G_save_IFS + test -z "$_G_dir" && _G_dir=. + for _G_prog_name in $_G_progs_list; do + for _exeext in '' .EXE; do + _G_path_prog=$_G_dir/$_G_prog_name$_exeext + func_executable_p "$_G_path_prog" || continue + case `"$_G_path_prog" --version 2>&1` in + *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; + *) $_G_check_func $_G_path_prog + func_path_progs_result=$func_check_prog_result + ;; + esac + $_G_path_prog_found && break 3 + done + done + done + IFS=$_G_save_IFS + test -z "$func_path_progs_result" && { + echo "no acceptable sed could be found in \$PATH" >&2 + exit 1 + } +} + + +# We want to be able to use the functions in this file before configure +# has figured out where the best binaries are kept, which means we have +# to search for them ourselves - except when the results are already set +# where we skip the searches. + +# Unless the user overrides by setting SED, search the path for either GNU +# sed, or the sed that truncates its output the least. +test -z "$SED" && { + _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for _G_i in 1 2 3 4 5 6 7; do + _G_sed_script=$_G_sed_script$nl$_G_sed_script + done + echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed + _G_sed_script= + + func_check_prog_sed () + { + _G_path_prog=$1 + + _G_count=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo '' >> conftest.nl + "$_G_path_prog" -f conftest.sed conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + rm -f conftest.sed + SED=$func_path_progs_result +} + + +# Unless the user overrides by setting GREP, search the path for either GNU +# grep, or the grep that truncates its output the least. +test -z "$GREP" && { + func_check_prog_grep () + { + _G_path_prog=$1 + + _G_count=0 + _G_path_prog_max=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo 'GREP' >> conftest.nl + "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + GREP=$func_path_progs_result +} + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# All uppercase variable names are used for environment variables. These +# variables can be overridden by the user before calling a script that +# uses them if a suitable command of that name is not already available +# in the command search PATH. + +: ${CP="cp -f"} +: ${ECHO="printf %s\n"} +: ${EGREP="$GREP -E"} +: ${FGREP="$GREP -F"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} + + +## -------------------- ## +## Useful sed snippets. ## +## -------------------- ## + +sed_dirname='s|/[^/]*$||' +sed_basename='s|^.*/||' + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s|\([`"$\\]\)|\\\1|g' + +# Same as above, but do not quote variable references. +sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' + +# Sed substitution that converts a w32 file name or path +# that contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-'\' parameter expansions in output of sed_double_quote_subst that +# were '\'-ed in input to the same. If an odd number of '\' preceded a +# '$' in input to sed_double_quote_subst, that '$' was protected from +# expansion. Since each input '\' is now two '\'s, look for any number +# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. +_G_bs='\\' +_G_bs2='\\\\' +_G_bs4='\\\\\\\\' +_G_dollar='\$' +sed_double_backslash="\ + s/$_G_bs4/&\\ +/g + s/^$_G_bs2$_G_dollar/$_G_bs&/ + s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g + s/\n//g" + + +## ----------------- ## +## Global variables. ## +## ----------------- ## + +# Except for the global variables explicitly listed below, the following +# functions in the '^func_' namespace, and the '^require_' namespace +# variables initialised in the 'Resource management' section, sourcing +# this file will not pollute your global namespace with anything +# else. There's no portable way to scope variables in Bourne shell +# though, so actually running these functions will sometimes place +# results into a variable named after the function, and often use +# temporary variables in the '^_G_' namespace. If you are careful to +# avoid using those namespaces casually in your sourcing script, things +# should continue to work as you expect. And, of course, you can freely +# overwrite any of the functions or variables defined here before +# calling anything to customize them. + +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +# Allow overriding, eg assuming that you follow the convention of +# putting '$debug_cmd' at the start of all your functions, you can get +# bash to show function call trace with: +# +# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +debug_cmd=${debug_cmd-":"} +exit_cmd=: + +# By convention, finish your script with: +# +# exit $exit_status +# +# so that you can set exit_status to non-zero if you want to indicate +# something went wrong during execution without actually bailing out at +# the point of failure. +exit_status=$EXIT_SUCCESS + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath=$0 + +# The name of this program. +progname=`$ECHO "$progpath" |$SED "$sed_basename"` + +# Make sure we have an absolute progpath for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` + progdir=`cd "$progdir" && pwd` + progpath=$progdir/$progname + ;; + *) + _G_IFS=$IFS + IFS=${PATH_SEPARATOR-:} + for progdir in $PATH; do + IFS=$_G_IFS + test -x "$progdir/$progname" && break + done + IFS=$_G_IFS + test -n "$progdir" || progdir=`pwd` + progpath=$progdir/$progname + ;; +esac + + +## ----------------- ## +## Standard options. ## +## ----------------- ## + +# The following options affect the operation of the functions defined +# below, and should be set appropriately depending on run-time para- +# meters passed on the command line. + +opt_dry_run=false +opt_quiet=false +opt_verbose=false + +# Categories 'all' and 'none' are always available. Append any others +# you will pass as the first argument to func_warning from your own +# code. +warning_categories= + +# By default, display warnings according to 'opt_warning_types'. Set +# 'warning_func' to ':' to elide all warnings, or func_fatal_error to +# treat the next displayed warning as a fatal error. +warning_func=func_warn_and_continue + +# Set to 'all' to display all warnings, 'none' to suppress all +# warnings, or a space delimited list of some subset of +# 'warning_categories' to display only the listed warnings. +opt_warning_types=all + + +## -------------------- ## +## Resource management. ## +## -------------------- ## + +# This section contains definitions for functions that each ensure a +# particular resource (a file, or a non-empty configuration variable for +# example) is available, and if appropriate to extract default values +# from pertinent package files. Call them using their associated +# 'require_*' variable to ensure that they are executed, at most, once. +# +# It's entirely deliberate that calling these functions can set +# variables that don't obey the namespace limitations obeyed by the rest +# of this file, in order that that they be as useful as possible to +# callers. + + +# require_term_colors +# ------------------- +# Allow display of bold text on terminals that support it. +require_term_colors=func_require_term_colors +func_require_term_colors () +{ + $debug_cmd + + test -t 1 && { + # COLORTERM and USE_ANSI_COLORS environment variables take + # precedence, because most terminfo databases neglect to describe + # whether color sequences are supported. + test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} + + if test 1 = "$USE_ANSI_COLORS"; then + # Standard ANSI escape sequences + tc_reset='' + tc_bold=''; tc_standout='' + tc_red=''; tc_green='' + tc_blue=''; tc_cyan='' + else + # Otherwise trust the terminfo database after all. + test -n "`tput sgr0 2>/dev/null`" && { + tc_reset=`tput sgr0` + test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` + tc_standout=$tc_bold + test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` + test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` + test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` + test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` + test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` + } + fi + } + + require_term_colors=: +} + + +## ----------------- ## +## Function library. ## +## ----------------- ## + +# This section contains a variety of useful functions to call in your +# scripts. Take note of the portable wrappers for features provided by +# some modern shells, which will fall back to slower equivalents on +# less featureful shells. + + +# func_append VAR VALUE +# --------------------- +# Append VALUE onto the existing contents of VAR. + + # We should try to minimise forks, especially on Windows where they are + # unreasonably slow, so skip the feature probes when bash or zsh are + # being used: + if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then + : ${_G_HAVE_ARITH_OP="yes"} + : ${_G_HAVE_XSI_OPS="yes"} + # The += operator was introduced in bash 3.1 + case $BASH_VERSION in + [12].* | 3.0 | 3.0*) ;; + *) + : ${_G_HAVE_PLUSEQ_OP="yes"} + ;; + esac + fi + + # _G_HAVE_PLUSEQ_OP + # Can be empty, in which case the shell is probed, "yes" if += is + # useable or anything else if it does not work. + test -z "$_G_HAVE_PLUSEQ_OP" \ + && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ + && _G_HAVE_PLUSEQ_OP=yes + +if test yes = "$_G_HAVE_PLUSEQ_OP" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_append () + { + $debug_cmd + + eval "$1+=\$2" + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_append () + { + $debug_cmd + + eval "$1=\$$1\$2" + } +fi + + +# func_append_quoted VAR VALUE +# ---------------------------- +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +if test yes = "$_G_HAVE_PLUSEQ_OP"; then + eval 'func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1+=\\ \$func_quote_for_eval_result" + }' +else + func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1=\$$1\\ \$func_quote_for_eval_result" + } +fi + + +# func_append_uniq VAR VALUE +# -------------------------- +# Append unique VALUE onto the existing contents of VAR, assuming +# entries are delimited by the first character of VALUE. For example: +# +# func_append_uniq options " --another-option option-argument" +# +# will only append to $options if " --another-option option-argument " +# is not already present somewhere in $options already (note spaces at +# each end implied by leading space in second argument). +func_append_uniq () +{ + $debug_cmd + + eval _G_current_value='`$ECHO $'$1'`' + _G_delim=`expr "$2" : '\(.\)'` + + case $_G_delim$_G_current_value$_G_delim in + *"$2$_G_delim"*) ;; + *) func_append "$@" ;; + esac +} + + +# func_arith TERM... +# ------------------ +# Set func_arith_result to the result of evaluating TERMs. + test -z "$_G_HAVE_ARITH_OP" \ + && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ + && _G_HAVE_ARITH_OP=yes + +if test yes = "$_G_HAVE_ARITH_OP"; then + eval 'func_arith () + { + $debug_cmd + + func_arith_result=$(( $* )) + }' +else + func_arith () + { + $debug_cmd + + func_arith_result=`expr "$@"` + } +fi + + +# func_basename FILE +# ------------------ +# Set func_basename_result to FILE with everything up to and including +# the last / stripped. +if test yes = "$_G_HAVE_XSI_OPS"; then + # If this shell supports suffix pattern removal, then use it to avoid + # forking. Hide the definitions single quotes in case the shell chokes + # on unsupported syntax... + _b='func_basename_result=${1##*/}' + _d='case $1 in + */*) func_dirname_result=${1%/*}$2 ;; + * ) func_dirname_result=$3 ;; + esac' + +else + # ...otherwise fall back to using sed. + _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' + _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` + if test "X$func_dirname_result" = "X$1"; then + func_dirname_result=$3 + else + func_append func_dirname_result "$2" + fi' +fi + +eval 'func_basename () +{ + $debug_cmd + + '"$_b"' +}' + + +# func_dirname FILE APPEND NONDIR_REPLACEMENT +# ------------------------------------------- +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +eval 'func_dirname () +{ + $debug_cmd + + '"$_d"' +}' + + +# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT +# -------------------------------------------------------- +# Perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# For efficiency, we do not delegate to the functions above but instead +# duplicate the functionality here. +eval 'func_dirname_and_basename () +{ + $debug_cmd + + '"$_b"' + '"$_d"' +}' + + +# func_echo ARG... +# ---------------- +# Echo program name prefixed message. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_echo_all ARG... +# -------------------- +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + + +# func_echo_infix_1 INFIX ARG... +# ------------------------------ +# Echo program name, followed by INFIX on the first line, with any +# additional lines not showing INFIX. +func_echo_infix_1 () +{ + $debug_cmd + + $require_term_colors + + _G_infix=$1; shift + _G_indent=$_G_infix + _G_prefix="$progname: $_G_infix: " + _G_message=$* + + # Strip color escape sequences before counting printable length + for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" + do + test -n "$_G_tc" && { + _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` + _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` + } + done + _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes + + func_echo_infix_1_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_infix_1_IFS + $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 + _G_prefix=$_G_indent + done + IFS=$func_echo_infix_1_IFS +} + + +# func_error ARG... +# ----------------- +# Echo program name prefixed message to standard error. +func_error () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 +} + + +# func_fatal_error ARG... +# ----------------------- +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + $debug_cmd + + func_error "$*" + exit $EXIT_FAILURE +} + + +# func_grep EXPRESSION FILENAME +# ----------------------------- +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $debug_cmd + + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_len STRING +# --------------- +# Set func_len_result to the length of STRING. STRING may not +# start with a hyphen. + test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_len () + { + $debug_cmd + + func_len_result=${#1} + }' +else + func_len () + { + $debug_cmd + + func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` + } +fi + + +# func_mkdir_p DIRECTORY-PATH +# --------------------------- +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + $debug_cmd + + _G_directory_path=$1 + _G_dir_list= + + if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then + + # Protect directory names starting with '-' + case $_G_directory_path in + -*) _G_directory_path=./$_G_directory_path ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$_G_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + _G_dir_list=$_G_directory_path:$_G_dir_list + + # If the last portion added has no slash in it, the list is done + case $_G_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` + done + _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` + + func_mkdir_p_IFS=$IFS; IFS=: + for _G_dir in $_G_dir_list; do + IFS=$func_mkdir_p_IFS + # mkdir can fail with a 'File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$_G_dir" 2>/dev/null || : + done + IFS=$func_mkdir_p_IFS + + # Bail out if we (or some other process) failed to create a directory. + test -d "$_G_directory_path" || \ + func_fatal_error "Failed to create '$1'" + fi +} + + +# func_mktempdir [BASENAME] +# ------------------------- +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, BASENAME is the basename for that directory. +func_mktempdir () +{ + $debug_cmd + + _G_template=${TMPDIR-/tmp}/${1-$progname} + + if test : = "$opt_dry_run"; then + # Return a directory name, but don't create it in dry-run mode + _G_tmpdir=$_G_template-$$ + else + + # If mktemp works, use that first and foremost + _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` + + if test ! -d "$_G_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + _G_tmpdir=$_G_template-${RANDOM-0}$$ + + func_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$_G_tmpdir" + umask $func_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$_G_tmpdir" || \ + func_fatal_error "cannot create temporary directory '$_G_tmpdir'" + fi + + $ECHO "$_G_tmpdir" +} + + +# func_normal_abspath PATH +# ------------------------ +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +func_normal_abspath () +{ + $debug_cmd + + # These SED scripts presuppose an absolute path with a trailing slash. + _G_pathcar='s|^/\([^/]*\).*$|\1|' + _G_pathcdr='s|^/[^/]*||' + _G_removedotparts=':dotsl + s|/\./|/|g + t dotsl + s|/\.$|/|' + _G_collapseslashes='s|/\{1,\}|/|g' + _G_finalslash='s|/*$|/|' + + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` + while :; do + # Processed it all yet? + if test / = "$func_normal_abspath_tpath"; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result"; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + + +# func_notquiet ARG... +# -------------------- +# Echo program name prefixed message only when not in quiet mode. +func_notquiet () +{ + $debug_cmd + + $opt_quiet || func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + + +# func_relative_path SRCDIR DSTDIR +# -------------------------------- +# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. +func_relative_path () +{ + $debug_cmd + + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=$func_dirname_result + if test -z "$func_relative_path_tlibdir"; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test -n "$func_stripname_result"; then + func_append func_relative_path_result "/$func_stripname_result" + fi + + # Normalisation. If bindir is libdir, return '.' else relative path. + if test -n "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + fi + + test -n "$func_relative_path_result" || func_relative_path_result=. + + : +} + + +# func_quote_for_eval ARG... +# -------------------------- +# Aesthetically quote ARGs to be evaled later. +# This function returns two values: +# i) func_quote_for_eval_result +# double-quoted, suitable for a subsequent eval +# ii) func_quote_for_eval_unquoted_result +# has all characters that are still active within double +# quotes backslashified. +func_quote_for_eval () +{ + $debug_cmd + + func_quote_for_eval_unquoted_result= + func_quote_for_eval_result= + while test 0 -lt $#; do + case $1 in + *[\\\`\"\$]*) + _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; + *) + _G_unquoted_arg=$1 ;; + esac + if test -n "$func_quote_for_eval_unquoted_result"; then + func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" + else + func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + fi + + case $_G_unquoted_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_quoted_arg=\"$_G_unquoted_arg\" + ;; + *) + _G_quoted_arg=$_G_unquoted_arg + ;; + esac + + if test -n "$func_quote_for_eval_result"; then + func_append func_quote_for_eval_result " $_G_quoted_arg" + else + func_append func_quote_for_eval_result "$_G_quoted_arg" + fi + shift + done +} + + +# func_quote_for_expand ARG +# ------------------------- +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + $debug_cmd + + case $1 in + *[\\\`\"]*) + _G_arg=`$ECHO "$1" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; + *) + _G_arg=$1 ;; + esac + + case $_G_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_arg=\"$_G_arg\" + ;; + esac + + func_quote_for_expand_result=$_G_arg +} + + +# func_stripname PREFIX SUFFIX NAME +# --------------------------------- +# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_stripname () + { + $debug_cmd + + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary variable first. + func_stripname_result=$3 + func_stripname_result=${func_stripname_result#"$1"} + func_stripname_result=${func_stripname_result%"$2"} + }' +else + func_stripname () + { + $debug_cmd + + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; + esac + } +fi + + +# func_show_eval CMD [FAIL_EXP] +# ----------------------------- +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + func_quote_for_expand "$_G_cmd" + eval "func_notquiet $func_quote_for_expand_result" + + $opt_dry_run || { + eval "$_G_cmd" + _G_status=$? + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_show_eval_locale CMD [FAIL_EXP] +# ------------------------------------ +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + $opt_quiet || { + func_quote_for_expand "$_G_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + $opt_dry_run || { + eval "$_G_user_locale + $_G_cmd" + _G_status=$? + eval "$_G_safe_locale" + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_tr_sh +# ---------- +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + $debug_cmd + + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_verbose ARG... +# ------------------- +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $debug_cmd + + $opt_verbose && func_echo "$*" + + : +} + + +# func_warn_and_continue ARG... +# ----------------------------- +# Echo program name prefixed warning message to standard error. +func_warn_and_continue () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 +} + + +# func_warning CATEGORY ARG... +# ---------------------------- +# Echo program name prefixed warning message to standard error. Warning +# messages can be filtered according to CATEGORY, where this function +# elides messages where CATEGORY is not listed in the global variable +# 'opt_warning_types'. +func_warning () +{ + $debug_cmd + + # CATEGORY must be in the warning_categories list! + case " $warning_categories " in + *" $1 "*) ;; + *) func_internal_error "invalid warning category '$1'" ;; + esac + + _G_category=$1 + shift + + case " $opt_warning_types " in + *" $_G_category "*) $warning_func ${1+"$@"} ;; + esac +} + + +# func_sort_ver VER1 VER2 +# ----------------------- +# 'sort -V' is not generally available. +# Note this deviates from the version comparison in automake +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a +# but this should suffice as we won't be specifying old +# version formats or redundant trailing .0 in bootstrap.conf. +# If we did want full compatibility then we should probably +# use m4_version_compare from autoconf. +func_sort_ver () +{ + $debug_cmd + + printf '%s\n%s\n' "$1" "$2" \ + | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n +} + +# func_lt_ver PREV CURR +# --------------------- +# Return true if PREV and CURR are in the correct order according to +# func_sort_ver, otherwise false. Use it like this: +# +# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." +func_lt_ver () +{ + $debug_cmd + + test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: +#! /bin/sh + +# Set a version string for this script. +scriptversion=2014-01-07.03; # UTC + +# A portable, pluggable option parser for Bourne shell. +# Written by Gary V. Vaughan, 2010 + +# Copyright (C) 2010-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# This file is a library for parsing options in your shell scripts along +# with assorted other useful supporting features that you can make use +# of too. +# +# For the simplest scripts you might need only: +# +# #!/bin/sh +# . relative/path/to/funclib.sh +# . relative/path/to/options-parser +# scriptversion=1.0 +# func_options ${1+"$@"} +# eval set dummy "$func_options_result"; shift +# ...rest of your script... +# +# In order for the '--version' option to work, you will need to have a +# suitably formatted comment like the one at the top of this file +# starting with '# Written by ' and ending with '# warranty; '. +# +# For '-h' and '--help' to work, you will also need a one line +# description of your script's purpose in a comment directly above the +# '# Written by ' line, like the one at the top of this file. +# +# The default options also support '--debug', which will turn on shell +# execution tracing (see the comment above debug_cmd below for another +# use), and '--verbose' and the func_verbose function to allow your script +# to display verbose messages only when your user has specified +# '--verbose'. +# +# After sourcing this file, you can plug processing for additional +# options by amending the variables from the 'Configuration' section +# below, and following the instructions in the 'Option parsing' +# section further down. + +## -------------- ## +## Configuration. ## +## -------------- ## + +# You should override these variables in your script after sourcing this +# file so that they reflect the customisations you have added to the +# option parser. + +# The usage line for option parsing errors and the start of '-h' and +# '--help' output messages. You can embed shell variables for delayed +# expansion at the time the message is displayed, but you will need to +# quote other shell meta-characters carefully to prevent them being +# expanded when the contents are evaled. +usage='$progpath [OPTION]...' + +# Short help message in response to '-h' and '--help'. Add to this or +# override it after sourcing this library to reflect the full set of +# options your script accepts. +usage_message="\ + --debug enable verbose shell tracing + -W, --warnings=CATEGORY + report the warnings falling in CATEGORY [all] + -v, --verbose verbosely report processing + --version print version information and exit + -h, --help print short or long help message and exit +" + +# Additional text appended to 'usage_message' in response to '--help'. +long_help_message=" +Warning categories include: + 'all' show all warnings + 'none' turn off all the warnings + 'error' warnings are treated as fatal errors" + +# Help message printed before fatal option parsing errors. +fatal_help="Try '\$progname --help' for more information." + + + +## ------------------------- ## +## Hook function management. ## +## ------------------------- ## + +# This section contains functions for adding, removing, and running hooks +# to the main code. A hook is just a named list of of function, that can +# be run in order later on. + +# func_hookable FUNC_NAME +# ----------------------- +# Declare that FUNC_NAME will run hooks added with +# 'func_add_hook FUNC_NAME ...'. +func_hookable () +{ + $debug_cmd + + func_append hookable_fns " $1" +} + + +# func_add_hook FUNC_NAME HOOK_FUNC +# --------------------------------- +# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must +# first have been declared "hookable" by a call to 'func_hookable'. +func_add_hook () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not accept hook functions." ;; + esac + + eval func_append ${1}_hooks '" $2"' +} + + +# func_remove_hook FUNC_NAME HOOK_FUNC +# ------------------------------------ +# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +func_remove_hook () +{ + $debug_cmd + + eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' +} + + +# func_run_hooks FUNC_NAME [ARG]... +# --------------------------------- +# Run all hook functions registered to FUNC_NAME. +# It is assumed that the list of hook functions contains nothing more +# than a whitespace-delimited list of legal shell function names, and +# no effort is wasted trying to catch shell meta-characters or preserve +# whitespace. +func_run_hooks () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not support hook funcions.n" ;; + esac + + eval _G_hook_fns=\$$1_hooks; shift + + for _G_hook in $_G_hook_fns; do + eval $_G_hook '"$@"' + + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift + done + + func_quote_for_eval ${1+"$@"} + func_run_hooks_result=$func_quote_for_eval_result +} + + + +## --------------- ## +## Option parsing. ## +## --------------- ## + +# In order to add your own option parsing hooks, you must accept the +# full positional parameter list in your hook function, remove any +# options that you action, and then pass back the remaining unprocessed +# options in '_result', escaped suitably for +# 'eval'. Like this: +# +# my_options_prep () +# { +# $debug_cmd +# +# # Extend the existing usage message. +# usage_message=$usage_message' +# -s, --silent don'\''t print informational messages +# ' +# +# func_quote_for_eval ${1+"$@"} +# my_options_prep_result=$func_quote_for_eval_result +# } +# func_add_hook func_options_prep my_options_prep +# +# +# my_silent_option () +# { +# $debug_cmd +# +# # Note that for efficiency, we parse as many options as we can +# # recognise in a loop before passing the remainder back to the +# # caller on the first unrecognised argument we encounter. +# while test $# -gt 0; do +# opt=$1; shift +# case $opt in +# --silent|-s) opt_silent=: ;; +# # Separate non-argument short options: +# -s*) func_split_short_opt "$_G_opt" +# set dummy "$func_split_short_opt_name" \ +# "-$func_split_short_opt_arg" ${1+"$@"} +# shift +# ;; +# *) set dummy "$_G_opt" "$*"; shift; break ;; +# esac +# done +# +# func_quote_for_eval ${1+"$@"} +# my_silent_option_result=$func_quote_for_eval_result +# } +# func_add_hook func_parse_options my_silent_option +# +# +# my_option_validation () +# { +# $debug_cmd +# +# $opt_silent && $opt_verbose && func_fatal_help "\ +# '--silent' and '--verbose' options are mutually exclusive." +# +# func_quote_for_eval ${1+"$@"} +# my_option_validation_result=$func_quote_for_eval_result +# } +# func_add_hook func_validate_options my_option_validation +# +# You'll alse need to manually amend $usage_message to reflect the extra +# options you parse. It's preferable to append if you can, so that +# multiple option parsing hooks can be added safely. + + +# func_options [ARG]... +# --------------------- +# All the functions called inside func_options are hookable. See the +# individual implementations for details. +func_hookable func_options +func_options () +{ + $debug_cmd + + func_options_prep ${1+"$@"} + eval func_parse_options \ + ${func_options_prep_result+"$func_options_prep_result"} + eval func_validate_options \ + ${func_parse_options_result+"$func_parse_options_result"} + + eval func_run_hooks func_options \ + ${func_validate_options_result+"$func_validate_options_result"} + + # save modified positional parameters for caller + func_options_result=$func_run_hooks_result +} + + +# func_options_prep [ARG]... +# -------------------------- +# All initialisations required before starting the option parse loop. +# Note that when calling hook functions, we pass through the list of +# positional parameters. If a hook function modifies that list, and +# needs to propogate that back to rest of this script, then the complete +# modified list must be put in 'func_run_hooks_result' before +# returning. +func_hookable func_options_prep +func_options_prep () +{ + $debug_cmd + + # Option defaults: + opt_verbose=false + opt_warning_types= + + func_run_hooks func_options_prep ${1+"$@"} + + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result +} + + +# func_parse_options [ARG]... +# --------------------------- +# The main option parsing loop. +func_hookable func_parse_options +func_parse_options () +{ + $debug_cmd + + func_parse_options_result= + + # this just eases exit handling + while test $# -gt 0; do + # Defer to hook functions for initial option parsing, so they + # get priority in the event of reusing an option name. + func_run_hooks func_parse_options ${1+"$@"} + + # Adjust func_parse_options positional parameters to match + eval set dummy "$func_run_hooks_result"; shift + + # Break out of the loop if we already parsed every option. + test $# -gt 0 || break + + _G_opt=$1 + shift + case $_G_opt in + --debug|-x) debug_cmd='set -x' + func_echo "enabling shell trace mode" + $debug_cmd + ;; + + --no-warnings|--no-warning|--no-warn) + set dummy --warnings none ${1+"$@"} + shift + ;; + + --warnings|--warning|-W) + test $# = 0 && func_missing_arg $_G_opt && break + case " $warning_categories $1" in + *" $1 "*) + # trailing space prevents matching last $1 above + func_append_uniq opt_warning_types " $1" + ;; + *all) + opt_warning_types=$warning_categories + ;; + *none) + opt_warning_types=none + warning_func=: + ;; + *error) + opt_warning_types=$warning_categories + warning_func=func_fatal_error + ;; + *) + func_fatal_error \ + "unsupported warning category: '$1'" + ;; + esac + shift + ;; + + --verbose|-v) opt_verbose=: ;; + --version) func_version ;; + -\?|-h) func_usage ;; + --help) func_help ;; + + # Separate optargs to long options (plugins may need this): + --*=*) func_split_equals "$_G_opt" + set dummy "$func_split_equals_lhs" \ + "$func_split_equals_rhs" ${1+"$@"} + shift + ;; + + # Separate optargs to short options: + -W*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-v*|-x*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) break ;; + -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done + + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + func_parse_options_result=$func_quote_for_eval_result +} + + +# func_validate_options [ARG]... +# ------------------------------ +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +func_hookable func_validate_options +func_validate_options () +{ + $debug_cmd + + # Display all warnings if -W was not given. + test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" + + func_run_hooks func_validate_options ${1+"$@"} + + # Bail if the options were screwed! + $exit_cmd $EXIT_FAILURE + + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result +} + + + +## ----------------- ## +## Helper functions. ## +## ----------------- ## + +# This section contains the helper functions used by the rest of the +# hookable option parser framework in ascii-betical order. + + +# func_fatal_help ARG... +# ---------------------- +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + eval \$ECHO \""$fatal_help"\" + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + + +# func_help +# --------- +# Echo long help message to standard output and exit. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message" + exit 0 +} + + +# func_missing_arg ARGNAME +# ------------------------ +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + $debug_cmd + + func_error "Missing argument for '$1'." + exit_cmd=exit +} + + +# func_split_equals STRING +# ------------------------ +# Set func_split_equals_lhs and func_split_equals_rhs shell variables after +# splitting STRING at the '=' sign. +test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=${1%%=*} + func_split_equals_rhs=${1#*=} + test "x$func_split_equals_lhs" = "x$1" \ + && func_split_equals_rhs= + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` + func_split_equals_rhs= + test "x$func_split_equals_lhs" = "x$1" \ + || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` + } +fi #func_split_equals + + +# func_split_short_opt SHORTOPT +# ----------------------------- +# Set func_split_short_opt_name and func_split_short_opt_arg shell +# variables after splitting SHORTOPT after the 2nd character. +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"} + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` + func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` + } +fi #func_split_short_opt + + +# func_usage +# ---------- +# Echo short help message to standard output and exit. +func_usage () +{ + $debug_cmd + + func_usage_message + $ECHO "Run '$progname --help |${PAGER-more}' for full usage" + exit 0 +} + + +# func_usage_message +# ------------------ +# Echo short help message to standard output. +func_usage_message () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + echo + $SED -n 's|^# || + /^Written by/{ + x;p;x + } + h + /^Written by/q' < "$progpath" + echo + eval \$ECHO \""$usage_message"\" +} + + +# func_version +# ------------ +# Echo version message to standard output and exit. +func_version () +{ + $debug_cmd + + printf '%s\n' "$progname $scriptversion" + $SED -n ' + /(C)/!b go + :more + /\./!{ + N + s|\n# | | + b more + } + :go + /^# Written by /,/# warranty; / { + s|^# || + s|^# *$|| + s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| + p + } + /^# Written by / { + s|^# || + p + } + /^warranty; /q' < "$progpath" + + exit $? +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: + +# Set a version string. +scriptversion='(GNU libtool) 2.4.6' + + +# func_echo ARG... +# ---------------- +# Libtool also displays the current mode in messages, so override +# funclib.sh func_echo with this custom definition. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_warning ARG... +# ------------------- +# Libtool warnings are not categorized, so override funclib.sh +# func_warning with this simpler definition. +func_warning () +{ + $debug_cmd + + $warning_func ${1+"$@"} +} + + +## ---------------- ## +## Options parsing. ## +## ---------------- ## + +# Hook in the functions to make sure our own options are parsed during +# the option parsing loop. + +usage='$progpath [OPTION]... [MODE-ARG]...' + +# Short help message in response to '-h'. +usage_message="Options: + --config show all configuration variables + --debug enable verbose shell tracing + -n, --dry-run display commands without modifying any files + --features display basic configuration information and exit + --mode=MODE use operation mode MODE + --no-warnings equivalent to '-Wnone' + --preserve-dup-deps don't remove duplicate dependency libraries + --quiet, --silent don't print informational messages + --tag=TAG use configuration variables from tag TAG + -v, --verbose print more informational messages than default + --version print version information + -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] + -h, --help, --help-all print short, long, or detailed help message +" + +# Additional text appended to 'usage_message' in response to '--help'. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message + +MODE must be one of the following: + + clean remove files from the build directory + compile compile a source file into a libtool object + execute automatically set library path, then run a program + finish complete the installation of libtool libraries + install install libraries or executables + link create a library or an executable + uninstall remove libraries from an installed directory + +MODE-ARGS vary depending on the MODE. When passed as first option, +'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. +Try '$progname --help --mode=MODE' for a more detailed description of MODE. + +When reporting a bug, please describe a test case to reproduce it and +include the following information: + + host-triplet: $host + shell: $SHELL + compiler: $LTCC + compiler flags: $LTCFLAGS + linker: $LD (gnu? $with_gnu_ld) + version: $progname (GNU libtool) 2.4.6 + automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` + autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` + +Report bugs to . +GNU libtool home page: . +General help using GNU software: ." + exit 0 +} + + +# func_lo2o OBJECT-NAME +# --------------------- +# Transform OBJECT-NAME from a '.lo' suffix to the platform specific +# object suffix. + +lo2o=s/\\.lo\$/.$objext/ +o2lo=s/\\.$objext\$/.lo/ + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_lo2o () + { + case $1 in + *.lo) func_lo2o_result=${1%.lo}.$objext ;; + * ) func_lo2o_result=$1 ;; + esac + }' + + # func_xform LIBOBJ-OR-SOURCE + # --------------------------- + # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) + # suffix to a '.lo' libtool-object suffix. + eval 'func_xform () + { + func_xform_result=${1%.*}.lo + }' +else + # ...otherwise fall back to using sed. + func_lo2o () + { + func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` + } + + func_xform () + { + func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` + } +fi + + +# func_fatal_configuration ARG... +# ------------------------------- +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func__fatal_error ${1+"$@"} \ + "See the $PACKAGE documentation for more information." \ + "Fatal configuration error." +} + + +# func_config +# ----------- +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + + # Now print the configurations for the tags. + for tagname in $taglist; do + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" + done + + exit $? +} + + +# func_features +# ------------- +# Display the features supported by this script. +func_features () +{ + echo "host: $host" + if test yes = "$build_libtool_libs"; then + echo "enable shared libraries" + else + echo "disable shared libraries" + fi + if test yes = "$build_old_libs"; then + echo "enable static libraries" + else + echo "disable static libraries" + fi + + exit $? +} + + +# func_enable_tag TAGNAME +# ----------------------- +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname=$1 + + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf=/$re_begincf/,/$re_endcf/p + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac + + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + + +# func_check_version_match +# ------------------------ +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH + fi +} + + +# libtool_options_prep [ARG]... +# ----------------------------- +# Preparation for options parsed by libtool. +libtool_options_prep () +{ + $debug_mode + + # Option defaults: + opt_config=false + opt_dlopen= + opt_dry_run=false + opt_help=false + opt_mode= + opt_preserve_dup_deps=false + opt_quiet=false + + nonopt= + preserve_args= + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; + esac + + # Pass back the list of options. + func_quote_for_eval ${1+"$@"} + libtool_options_prep_result=$func_quote_for_eval_result +} +func_add_hook func_options_prep libtool_options_prep + + +# libtool_parse_options [ARG]... +# --------------------------------- +# Provide handling for libtool specific options. +libtool_parse_options () +{ + $debug_cmd + + # Perform our own loop to consume as many options as possible in + # each iteration. + while test $# -gt 0; do + _G_opt=$1 + shift + case $_G_opt in + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + + --config) func_config ;; + + --dlopen|-dlopen) + opt_dlopen="${opt_dlopen+$opt_dlopen +}$1" + shift + ;; + + --preserve-dup-deps) + opt_preserve_dup_deps=: ;; + + --features) func_features ;; + + --finish) set dummy --mode finish ${1+"$@"}; shift ;; + + --help) opt_help=: ;; + + --help-all) opt_help=': help-all' ;; + + --mode) test $# = 0 && func_missing_arg $_G_opt && break + opt_mode=$1 + case $1 in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $_G_opt" + exit_cmd=exit + break + ;; + esac + shift + ;; + + --no-silent|--no-quiet) + opt_quiet=false + func_append preserve_args " $_G_opt" + ;; + + --no-warnings|--no-warning|--no-warn) + opt_warning=false + func_append preserve_args " $_G_opt" + ;; + + --no-verbose) + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --silent|--quiet) + opt_quiet=: + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --tag) test $# = 0 && func_missing_arg $_G_opt && break + opt_tag=$1 + func_append preserve_args " $_G_opt $1" + func_enable_tag "$1" + shift + ;; + + --verbose|-v) opt_quiet=false + opt_verbose=: + func_append preserve_args " $_G_opt" + ;; + + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; + esac + done + + + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + libtool_parse_options_result=$func_quote_for_eval_result +} +func_add_hook func_parse_options libtool_parse_options + + + +# libtool_validate_options [ARG]... +# --------------------------------- +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +libtool_validate_options () +{ + # save first non-option argument + if test 0 -lt $#; then + nonopt=$1 + shift + fi + + # preserve --debug + test : = "$debug_cmd" || func_append preserve_args " --debug" + + case $host in + # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 + # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 + *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac + + $opt_help || { + # Sanity checks first: + func_check_version_match + + test yes != "$build_libtool_libs" \ + && test yes != "$build_old_libs" \ + && func_fatal_configuration "not configured to build any kind of library" + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test execute != "$opt_mode"; then + func_error "unrecognized option '-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help=$help + help="Try '$progname --help --mode=$opt_mode' for more information." + } + + # Pass back the unparsed argument list + func_quote_for_eval ${1+"$@"} + libtool_validate_options_result=$func_quote_for_eval_result +} +func_add_hook func_validate_options libtool_validate_options + + +# Process options as early as possible so that --help and --version +# can return quickly. +func_options ${1+"$@"} +eval set dummy "$func_options_result"; shift + + + +## ----------- ## +## Main. ## +## ----------- ## + +magic='%%%MAGIC variable%%%' +magic_exe='%%%MAGIC EXE variable%%%' + +# Global variables. +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# func_generated_by_libtool +# True iff stdin has been generated by Libtool. This function is only +# a basic sanity check; it will hardly flush out determined imposters. +func_generated_by_libtool_p () +{ + $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if 'file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case $lalib_p_line in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test yes = "$lalib_p" +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + test -f "$1" && + $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $debug_cmd + + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# 'FILE.' does not work on cygwin managed mounts. +func_source () +{ + $debug_cmd + + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + +# func_resolve_sysroot PATH +# Replace a leading = in PATH with a sysroot. Store the result into +# func_resolve_sysroot_result +func_resolve_sysroot () +{ + func_resolve_sysroot_result=$1 + case $func_resolve_sysroot_result in + =*) + func_stripname '=' '' "$func_resolve_sysroot_result" + func_resolve_sysroot_result=$lt_sysroot$func_stripname_result + ;; + esac +} + +# func_replace_sysroot PATH +# If PATH begins with the sysroot, replace it with = and +# store the result into func_replace_sysroot_result. +func_replace_sysroot () +{ + case $lt_sysroot:$1 in + ?*:"$lt_sysroot"*) + func_stripname "$lt_sysroot" '' "$1" + func_replace_sysroot_result='='$func_stripname_result + ;; + *) + # Including no sysroot. + func_replace_sysroot_result=$1 + ;; + esac +} + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $debug_cmd + + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case "$@ " in + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with '--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac + fi +} + + + +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=$1 + if test yes = "$build_libtool_libs"; then + write_lobj=\'$2\' + else + write_lobj=none + fi + + if test yes = "$build_old_libs"; then + write_oldobj=\'$3\' + else + write_oldobj=none + fi + + $opt_dry_run || { + cat >${write_libobj}T </dev/null` + if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then + func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | + $SED -e "$sed_naive_backslashify"` + else + func_convert_core_file_wine_to_w32_result= + fi + fi +} +# end: func_convert_core_file_wine_to_w32 + + +# func_convert_core_path_wine_to_w32 ARG +# Helper function used by path conversion functions when $build is *nix, and +# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly +# configured wine environment available, with the winepath program in $build's +# $PATH. Assumes ARG has no leading or trailing path separator characters. +# +# ARG is path to be converted from $build format to win32. +# Result is available in $func_convert_core_path_wine_to_w32_result. +# Unconvertible file (directory) names in ARG are skipped; if no directory names +# are convertible, then the result may be empty. +func_convert_core_path_wine_to_w32 () +{ + $debug_cmd + + # unfortunately, winepath doesn't convert paths, only file names + func_convert_core_path_wine_to_w32_result= + if test -n "$1"; then + oldIFS=$IFS + IFS=: + for func_convert_core_path_wine_to_w32_f in $1; do + IFS=$oldIFS + func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" + if test -n "$func_convert_core_file_wine_to_w32_result"; then + if test -z "$func_convert_core_path_wine_to_w32_result"; then + func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result + else + func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" + fi + fi + done + IFS=$oldIFS + fi +} +# end: func_convert_core_path_wine_to_w32 + + +# func_cygpath ARGS... +# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when +# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) +# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or +# (2), returns the Cygwin file name or path in func_cygpath_result (input +# file name or path is assumed to be in w32 format, as previously converted +# from $build's *nix or MSYS format). In case (3), returns the w32 file name +# or path in func_cygpath_result (input file name or path is assumed to be in +# Cygwin format). Returns an empty string on error. +# +# ARGS are passed to cygpath, with the last one being the file name or path to +# be converted. +# +# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH +# environment variable; do not put it in $PATH. +func_cygpath () +{ + $debug_cmd + + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then + func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` + if test "$?" -ne 0; then + # on failure, ensure result is empty + func_cygpath_result= + fi + else + func_cygpath_result= + func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" + fi +} +#end: func_cygpath + + +# func_convert_core_msys_to_w32 ARG +# Convert file name or path ARG from MSYS format to w32 format. Return +# result in func_convert_core_msys_to_w32_result. +func_convert_core_msys_to_w32 () +{ + $debug_cmd + + # awkward: cmd appends spaces to result + func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` +} +#end: func_convert_core_msys_to_w32 + + +# func_convert_file_check ARG1 ARG2 +# Verify that ARG1 (a file name in $build format) was converted to $host +# format in ARG2. Otherwise, emit an error message, but continue (resetting +# func_to_host_file_result to ARG1). +func_convert_file_check () +{ + $debug_cmd + + if test -z "$2" && test -n "$1"; then + func_error "Could not determine host file name corresponding to" + func_error " '$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback: + func_to_host_file_result=$1 + fi +} +# end func_convert_file_check + + +# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH +# Verify that FROM_PATH (a path in $build format) was converted to $host +# format in TO_PATH. Otherwise, emit an error message, but continue, resetting +# func_to_host_file_result to a simplistic fallback value (see below). +func_convert_path_check () +{ + $debug_cmd + + if test -z "$4" && test -n "$3"; then + func_error "Could not determine the host path corresponding to" + func_error " '$3'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback. This is a deliberately simplistic "conversion" and + # should not be "improved". See libtool.info. + if test "x$1" != "x$2"; then + lt_replace_pathsep_chars="s|$1|$2|g" + func_to_host_path_result=`echo "$3" | + $SED -e "$lt_replace_pathsep_chars"` + else + func_to_host_path_result=$3 + fi + fi +} +# end func_convert_path_check + + +# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG +# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT +# and appending REPL if ORIG matches BACKPAT. +func_convert_path_front_back_pathsep () +{ + $debug_cmd + + case $4 in + $1 ) func_to_host_path_result=$3$func_to_host_path_result + ;; + esac + case $4 in + $2 ) func_append func_to_host_path_result "$3" + ;; + esac +} +# end func_convert_path_front_back_pathsep + + +################################################## +# $build to $host FILE NAME CONVERSION FUNCTIONS # +################################################## +# invoked via '$to_host_file_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# Result will be available in $func_to_host_file_result. + + +# func_to_host_file ARG +# Converts the file name ARG from $build format to $host format. Return result +# in func_to_host_file_result. +func_to_host_file () +{ + $debug_cmd + + $to_host_file_cmd "$1" +} +# end func_to_host_file + + +# func_to_tool_file ARG LAZY +# converts the file name ARG from $build format to toolchain format. Return +# result in func_to_tool_file_result. If the conversion in use is listed +# in (the comma separated) LAZY, no conversion takes place. +func_to_tool_file () +{ + $debug_cmd + + case ,$2, in + *,"$to_tool_file_cmd",*) + func_to_tool_file_result=$1 + ;; + *) + $to_tool_file_cmd "$1" + func_to_tool_file_result=$func_to_host_file_result + ;; + esac +} +# end func_to_tool_file + + +# func_convert_file_noop ARG +# Copy ARG to func_to_host_file_result. +func_convert_file_noop () +{ + func_to_host_file_result=$1 +} +# end func_convert_file_noop + + +# func_convert_file_msys_to_w32 ARG +# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_file_result. +func_convert_file_msys_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_to_host_file_result=$func_convert_core_msys_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_w32 + + +# func_convert_file_cygwin_to_w32 ARG +# Convert file name ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_file_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # because $build is cygwin, we call "the" cygpath in $PATH; no need to use + # LT_CYGPATH in this case. + func_to_host_file_result=`cygpath -m "$1"` + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_cygwin_to_w32 + + +# func_convert_file_nix_to_w32 ARG +# Convert file name ARG from *nix to w32 format. Requires a wine environment +# and a working winepath. Returns result in func_to_host_file_result. +func_convert_file_nix_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_file_wine_to_w32 "$1" + func_to_host_file_result=$func_convert_core_file_wine_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_w32 + + +# func_convert_file_msys_to_cygwin ARG +# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_file_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_cygpath -u "$func_convert_core_msys_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_cygwin + + +# func_convert_file_nix_to_cygwin ARG +# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed +# in a wine environment, working winepath, and LT_CYGPATH set. Returns result +# in func_to_host_file_result. +func_convert_file_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. + func_convert_core_file_wine_to_w32 "$1" + func_cygpath -u "$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_cygwin + + +############################################# +# $build to $host PATH CONVERSION FUNCTIONS # +############################################# +# invoked via '$to_host_path_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# The result will be available in $func_to_host_path_result. +# +# Path separators are also converted from $build format to $host format. If +# ARG begins or ends with a path separator character, it is preserved (but +# converted to $host format) on output. +# +# All path conversion functions are named using the following convention: +# file name conversion function : func_convert_file_X_to_Y () +# path conversion function : func_convert_path_X_to_Y () +# where, for any given $build/$host combination the 'X_to_Y' value is the +# same. If conversion functions are added for new $build/$host combinations, +# the two new functions must follow this pattern, or func_init_to_host_path_cmd +# will break. + + +# func_init_to_host_path_cmd +# Ensures that function "pointer" variable $to_host_path_cmd is set to the +# appropriate value, based on the value of $to_host_file_cmd. +to_host_path_cmd= +func_init_to_host_path_cmd () +{ + $debug_cmd + + if test -z "$to_host_path_cmd"; then + func_stripname 'func_convert_file_' '' "$to_host_file_cmd" + to_host_path_cmd=func_convert_path_$func_stripname_result + fi +} + + +# func_to_host_path ARG +# Converts the path ARG from $build format to $host format. Return result +# in func_to_host_path_result. +func_to_host_path () +{ + $debug_cmd + + func_init_to_host_path_cmd + $to_host_path_cmd "$1" +} +# end func_to_host_path + + +# func_convert_path_noop ARG +# Copy ARG to func_to_host_path_result. +func_convert_path_noop () +{ + func_to_host_path_result=$1 +} +# end func_convert_path_noop + + +# func_convert_path_msys_to_w32 ARG +# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_path_result. +func_convert_path_msys_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from ARG. MSYS + # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; + # and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_msys_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_msys_to_w32 + + +# func_convert_path_cygwin_to_w32 ARG +# Convert path ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_path_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_cygwin_to_w32 + + +# func_convert_path_nix_to_w32 ARG +# Convert path ARG from *nix to w32 format. Requires a wine environment and +# a working winepath. Returns result in func_to_host_file_result. +func_convert_path_nix_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_path_wine_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_nix_to_w32 + + +# func_convert_path_msys_to_cygwin ARG +# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_path_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_msys_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_msys_to_cygwin + + +# func_convert_path_nix_to_cygwin ARG +# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a +# a wine environment, working winepath, and LT_CYGPATH set. Returns result in +# func_to_host_file_result. +func_convert_path_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_nix_to_cygwin + + +# func_dll_def_p FILE +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with _LT_DLL_DEF_P in libtool.m4 +func_dll_def_p () +{ + $debug_cmd + + func_dll_def_p_tmp=`$SED -n \ + -e 's/^[ ]*//' \ + -e '/^\(;.*\)*$/d' \ + -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ + -e q \ + "$1"` + test DEF = "$func_dll_def_p_tmp" +} + + +# func_mode_compile arg... +func_mode_compile () +{ + $debug_cmd + + # Get the compilation command and the source file. + base_compile= + srcfile=$nonopt # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + pie_flag= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg=$arg + arg_mode=normal + ;; + + target ) + libobj=$arg + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + test -n "$libobj" && \ + func_fatal_error "you cannot specify '-o' more than once" + arg_mode=target + continue + ;; + + -pie | -fpie | -fPIE) + func_append pie_flag " $arg" + continue + ;; + + -shared | -static | -prefer-pic | -prefer-non-pic) + func_append later " $arg" + continue + ;; + + -no-suppress) + suppress_opt=no + continue + ;; + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + lastarg= + save_ifs=$IFS; IFS=, + for arg in $args; do + IFS=$save_ifs + func_append_quoted lastarg "$arg" + done + IFS=$save_ifs + func_stripname ' ' '' "$lastarg" + lastarg=$func_stripname_result + + # Add the arguments to base_compile. + func_append base_compile " $lastarg" + continue + ;; + + *) + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg=$srcfile + srcfile=$arg + ;; + esac # case $arg + ;; + esac # case $arg_mode + + # Aesthetically quote the previous argument. + func_append_quoted base_compile "$lastarg" + done # for arg + + case $arg_mode in + arg) + func_fatal_error "you must specify an argument for -Xcompile" + ;; + target) + func_fatal_error "you must specify a target with '-o'" + ;; + *) + # Get the name of the library object. + test -z "$libobj" && { + func_basename "$srcfile" + libobj=$func_basename_result + } + ;; + esac + + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + case $libobj in + *.[cCFSifmso] | \ + *.ada | *.adb | *.ads | *.asm | \ + *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) + func_xform "$libobj" + libobj=$func_xform_result + ;; + esac + + case $libobj in + *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; + *) + func_fatal_error "cannot determine name of library object from '$libobj'" + ;; + esac + + func_infer_tag $base_compile + + for arg in $later; do + case $arg in + -shared) + test yes = "$build_libtool_libs" \ + || func_fatal_configuration "cannot build a shared library" + build_old_libs=no + continue + ;; + + -static) + build_libtool_libs=no + build_old_libs=yes + continue + ;; + + -prefer-pic) + pic_mode=yes + continue + ;; + + -prefer-non-pic) + pic_mode=no + continue + ;; + esac + done + + func_quote_for_eval "$libobj" + test "X$libobj" != "X$func_quote_for_eval_result" \ + && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && func_warning "libobj name '$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname=$func_basename_result + xdir=$func_dirname_result + lobj=$xdir$objdir/$objname + + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" + + # Delete any leftover library objects. + if test yes = "$build_old_libs"; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test no = "$compiler_c_o"; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext + lockfile=$output_obj.lock + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test yes = "$need_locks"; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test warn = "$need_locks"; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + func_append removelist " $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi + + $opt_dry_run || $RM $removelist + func_append removelist " $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 + srcfile=$func_to_tool_file_result + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result + + # Only build a PIC object if we are building libtool libraries. + if test yes = "$build_libtool_libs"; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile + + if test no != "$pic_mode"; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi + + func_mkdir_p "$xdir$objdir" + + if test -z "$output_obj"; then + # Place PIC objects in $objdir + func_append command " -o $lobj" + fi + + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + + # Allow error messages only from the first compilation. + if test yes = "$suppress_opt"; then + suppress_output=' >/dev/null 2>&1' + fi + fi + + # Only build a position-dependent object if we build old libraries. + if test yes = "$build_old_libs"; then + if test yes != "$pic_mode"; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test yes = "$compiler_c_o"; then + func_append command " -o $obj" + fi + + # Suppress compiler output if we already did a PIC compilation. + func_append command "$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi + + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" + + # Unlock the critical section if it was locked + if test no != "$need_locks"; then + removelist=$lockfile + $RM "$lockfile" + fi + } + + exit $EXIT_SUCCESS +} + +$opt_help || { + test compile = "$opt_mode" && func_mode_compile ${1+"$@"} +} + +func_mode_help () +{ + # We need to display help for each of the modes. + case $opt_mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; + + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only + -shared do not build a '.o' file suitable for static linking + -static only build a '.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler + +COMPILE-COMMAND is a command to be used in creating a 'standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix '.c' with the +library object suffix, '.lo'." + ;; + + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to '-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the '--dry-run' option if you just want to see what would be executed." + ;; + + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the 'install' or 'cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) + -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE use a list of object files found in FILE to specify objects + -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) + +All other options (arguments beginning with '-') are ignored. + +Every other argument is treated as a filename. Files ending in '.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in '.la', then a libtool library is created, +only library objects ('.lo' files) may be specified, and '-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created +using 'ar' and 'ranlib', or on Windows using 'lib'. + +If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode '$opt_mode'" + ;; + esac + + echo + $ECHO "Try '$progname --help' for more information about other modes." +} + +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test : = "$opt_help"; then + func_mode_help + else + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | $SED -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + $SED '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi + + +# func_mode_execute arg... +func_mode_execute () +{ + $debug_cmd + + # The first argument is the command name. + cmd=$nonopt + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $opt_dlopen; do + test -f "$file" \ + || func_fatal_help "'$file' is not a file" + + dir= + case $file in + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "'$file' was not linked with '-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir=$func_dirname_result + + if test -f "$dir/$objdir/$dlname"; then + func_append dir "/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" + fi + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir=$func_dirname_result + ;; + + *) + func_warning "'-dlopen' is ignored for non-libtool libraries and objects" + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir=$absdir + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic=$magic + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -* | *.la | *.lo ) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file=$progdir/$program + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file=$progdir/$program + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_append_quoted args "$file" + done + + if $opt_dry_run; then + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + else + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd=\$cmd$args + fi +} + +test execute = "$opt_mode" && func_mode_execute ${1+"$@"} + + +# func_mode_finish arg... +func_mode_finish () +{ + $debug_cmd + + libs= + libdirs= + admincmds= + + for opt in "$nonopt" ${1+"$@"} + do + if test -d "$opt"; then + func_append libdirs " $opt" + + elif test -f "$opt"; then + if func_lalib_unsafe_p "$opt"; then + func_append libs " $opt" + else + func_warning "'$opt' is not a valid libtool archive" + fi + + else + func_fatal_error "invalid argument '$opt'" + fi + done + + if test -n "$libs"; then + if test -n "$lt_sysroot"; then + sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` + sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" + else + sysroot_cmd= + fi + + # Remove sysroot references + if $opt_dry_run; then + for lib in $libs; do + echo "removing references to $lt_sysroot and '=' prefixes from $lib" + done + else + tmpdir=`func_mktempdir` + for lib in $libs; do + $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + > $tmpdir/tmp-la + mv -f $tmpdir/tmp-la $lib + done + ${RM}r "$tmpdir" + fi + fi + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || func_append admincmds " + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + $opt_quiet && exit $EXIT_SUCCESS + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the '-LLIBDIR'" + echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + echo " - add LIBDIR to the '$shlibpath_var' environment variable" + echo " during execution" + fi + if test -n "$runpath_var"; then + echo " - add LIBDIR to the '$runpath_var' environment variable" + echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the '$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" + fi + echo + + echo "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." + ;; + *) + echo "more information, such as the ld(1) and ld.so(8) manual pages." + ;; + esac + echo "----------------------------------------------------------------------" + fi + exit $EXIT_SUCCESS +} + +test finish = "$opt_mode" && func_mode_finish ${1+"$@"} + + +# func_mode_install arg... +func_mode_install () +{ + $debug_cmd + + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || + # Allow the use of GNU shtool's install command. + case $nonopt in *shtool*) :;; *) false;; esac + then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + func_append install_prog "$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=false + stripme= + no_mode=: + for arg + do + arg2= + if test -n "$dest"; then + func_append files " $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=: ;; + -f) + if $install_cp; then :; else + prev=$arg + fi + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + if test X-m = "X$prev" && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + func_append install_prog " $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + func_append install_shared_prog " $func_quote_for_eval_result" + done + + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" + + test -n "$prev" && \ + func_fatal_help "the '$prev' option requires an argument" + + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + func_append install_shared_prog " -m $func_quote_for_eval_result" + fi + fi + + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi + + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=: + if $isdir; then + destdir=$dest + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir=$func_dirname_result + destname=$func_basename_result + + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "'$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "'$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + func_append staticlibs " $file" + ;; + + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$file' is not a valid libtool archive" + + library_names= + old_library= + relink_command= + func_source "$file" + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) func_append current_libdirs " $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) func_append future_libdirs " $libdir" ;; + esac + fi + + func_dirname "$file" "/" "" + dir=$func_dirname_result + func_append dir "$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + fi + + func_warning "relinking '$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname=$1 + shift + + srcname=$realname + test -n "$relink_command" && srcname=${realname}T + + # Install the shared library and build the symlinks. + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme=$stripme + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme= + ;; + esac + ;; + os2*) + case $realname in + *_dll.a) + tstripme= + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try 'ln -sf' first, because the 'ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" + done + fi + + # Do each command in the postinstall commands. + lib=$destdir/$realname + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi + + # Install the pseudo-library for information purposes. + func_basename "$file" + name=$func_basename_result + instname=$dir/${name}i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' + + # Maybe install the static library, too. + test -n "$old_library" && func_append staticlibs " $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest=$destfile + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to '$destfile'" + ;; + esac + + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' + + # Install the old object if enabled. + if test yes = "$build_old_libs"; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext= + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=.exe + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= + + func_source "$wrapper" + + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script '$wrapper'" + + finalize=: + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "'$lib' has not been installed in '$libdir'" + finalize=false + fi + done + + relink_command= + func_source "$wrapper" + + outputname= + if test no = "$fast_install" && test -n "$relink_command"; then + $opt_dry_run || { + if $finalize; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file=$func_basename_result + outputname=$tmpdir/$file + # Replace the output file specification. + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_quiet || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink '$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file=$outputname + else + func_warning "cannot relink '$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" + fi + ;; + esac + done + + for file in $staticlibs; do + func_basename "$file" + name=$func_basename_result + + # Set up the ranlib parameters. + oldlib=$destdir/$name + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' + fi + + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done + + test -n "$future_libdirs" && \ + func_warning "remember to run '$progname --finish$future_libdirs'" + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} + +test install = "$opt_mode" && func_mode_install ${1+"$@"} + + +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $debug_cmd + + my_outputname=$1 + my_originator=$2 + my_pic_p=${3-false} + my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms=${my_outputname}S.c + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi + + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist=$output_objdir/$my_outputname.nm + + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" + + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" + + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* External symbol declarations for the compiler. */\ +" + + if test yes = "$dlself"; then + func_verbose "generating symbol list for '$output'" + + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_to_tool_file "$progfile" func_convert_file_msys_to_w32 + func_verbose "extracting global C symbols from '$func_to_tool_file_result'" + $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols=$output_objdir/$outputname.exp + $opt_dry_run || { + $RM $export_symbols + eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi + + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from '$dlprefile'" + func_basename "$dlprefile" + name=$func_basename_result + case $host in + *cygwin* | *mingw* | *cegcc* ) + # if an import library, we need to obtain dlname + if func_win32_import_lib_p "$dlprefile"; then + func_tr_sh "$dlprefile" + eval "curr_lafile=\$libfile_$func_tr_sh_result" + dlprefile_dlbasename= + if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then + # Use subshell, to avoid clobbering current variable values + dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` + if test -n "$dlprefile_dlname"; then + func_basename "$dlprefile_dlname" + dlprefile_dlbasename=$func_basename_result + else + # no lafile. user explicitly requested -dlpreopen . + $sharedlib_from_linklib_cmd "$dlprefile" + dlprefile_dlbasename=$sharedlib_from_linklib_result + fi + fi + $opt_dry_run || { + if test -n "$dlprefile_dlbasename"; then + eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' + else + func_warning "Could not compute DLL name from $name" + eval '$ECHO ": $name " >> "$nlist"' + fi + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + } + else # not an import lib + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + fi + ;; + *) + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + ;; + esac + done + + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi + + func_show_eval '$RM "${nlist}I"' + if test -n "$global_symbol_to_import"; then + eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' + fi + + echo >> "$output_objdir/$my_dlsyms" "\ + +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +extern LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[];\ +" + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ +static void lt_syminit(void) +{ + LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; + for (; symbol->name; ++symbol) + {" + $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" + echo >> "$output_objdir/$my_dlsyms" "\ + } +}" + fi + echo >> "$output_objdir/$my_dlsyms" "\ +LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{ {\"$my_originator\", (void *) 0}," + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ + {\"@INIT@\", (void *) <_syminit}," + fi + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + *) + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + esac + echo >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run + + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + $my_pic_p && pic_flag_for_symtable=" $pic_flag" + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; + esac + done + + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' + + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' + + # Transform the symbol file into the correct name. + symfileobj=$output_objdir/${my_outputname}S.$objext + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for '$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` + fi +} + +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. +func_win32_libid () +{ + $debug_cmd + + win32_libid_type=unknown + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + case $nm_interface in + "MS dumpbin") + if func_cygming_ms_implib_p "$1" || + func_cygming_gnu_implib_p "$1" + then + win32_nmres=import + else + win32_nmres= + fi + ;; + *) + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' + 1,100{ + / I /{ + s|.*|import| + p + q + } + }'` + ;; + esac + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} + +# func_cygming_dll_for_implib ARG +# +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib () +{ + $debug_cmd + + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` +} + +# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs +# +# The is the core of a fallback implementation of a +# platform-specific function to extract the name of the +# DLL associated with the specified import library LIBNAME. +# +# SECTION_NAME is either .idata$6 or .idata$7, depending +# on the platform and compiler that created the implib. +# +# Echos the name of the DLL associated with the +# specified import library. +func_cygming_dll_for_implib_fallback_core () +{ + $debug_cmd + + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` + $OBJDUMP -s --section "$1" "$2" 2>/dev/null | + $SED '/^Contents of section '"$match_literal"':/{ + # Place marker at beginning of archive member dllname section + s/.*/====MARK====/ + p + d + } + # These lines can sometimes be longer than 43 characters, but + # are always uninteresting + /:[ ]*file format pe[i]\{,1\}-/d + /^In archive [^:]*:/d + # Ensure marker is printed + /^====MARK====/p + # Remove all lines with less than 43 characters + /^.\{43\}/!d + # From remaining lines, remove first 43 characters + s/^.\{43\}//' | + $SED -n ' + # Join marker and all lines until next marker into a single line + /^====MARK====/ b para + H + $ b para + b + :para + x + s/\n//g + # Remove the marker + s/^====MARK====// + # Remove trailing dots and whitespace + s/[\. \t]*$// + # Print + /./p' | + # we now have a list, one entry per line, of the stringified + # contents of the appropriate section of all members of the + # archive that possess that section. Heuristic: eliminate + # all those that have a first or second character that is + # a '.' (that is, objdump's representation of an unprintable + # character.) This should work for all archives with less than + # 0x302f exports -- but will fail for DLLs whose name actually + # begins with a literal '.' or a single character followed by + # a '.'. + # + # Of those that remain, print the first one. + $SED -e '/^\./d;/^.\./d;q' +} + +# func_cygming_dll_for_implib_fallback ARG +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# +# This fallback implementation is for use when $DLLTOOL +# does not support the --identify-strict option. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib_fallback () +{ + $debug_cmd + + if func_cygming_gnu_implib_p "$1"; then + # binutils import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` + elif func_cygming_ms_implib_p "$1"; then + # ms-generated import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` + else + # unknown + sharedlib_from_linklib_result= + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $debug_cmd + + f_ex_an_ar_dir=$1; shift + f_ex_an_ar_oldlib=$1 + if test yes = "$lock_old_archive_extraction"; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test yes = "$lock_old_archive_extraction"; then + $opt_dry_run || rm -f "$lockfile" + fi + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} + + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $debug_cmd + + my_gentop=$1; shift + my_oldlibs=${1+"$@"} + my_oldobjs= + my_xlib= + my_xabs= + my_xdir= + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib=$func_basename_result + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir=$my_gentop/$my_xlib_u + + func_mkdir_p "$my_xdir" + + case $host in + *-darwin*) + func_verbose "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + $opt_dry_run || { + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + func_basename "$darwin_archive" + darwin_base_archive=$func_basename_result + darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches; do + func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" + $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" + cd "unfat-$$/$darwin_base_archive-$darwin_arch" + func_extract_an_archive "`pwd`" "$darwin_base_archive" + cd "$darwin_curdir" + $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" + else + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result=$my_oldobjs +} + + +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory where it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=${1-no} + + $ECHO "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='$sed_quote_subst' + +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ that is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options that match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} + + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` + done + + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test yes = "$fast_install"; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" + + $ECHO "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + \$ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi + + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $ECHO "\ + + if test -f \"\$progdir/\$program\"; then" + + # fixup the dll searchpath if we need to. + # + # Fix the DLL searchpath if we need to. Do this before prepending + # to shlibpath, because on Windows, both are PATH and uninstalled + # libraries must come first. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + # Export our shlibpath_var if we have one. + if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` + + export $shlibpath_var +" + fi + + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + func_exec_program \${1+\"\$@\"} + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} + + +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat < +#include +#ifdef _MSC_VER +# include +# include +# include +#else +# include +# include +# ifdef __CYGWIN__ +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* declarations of non-ANSI functions */ +#if defined __MINGW32__ +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined __CYGWIN__ +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined other_platform || defined ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined _MSC_VER +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +#elif defined __MINGW32__ +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined __CYGWIN__ +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined other platforms ... */ +#endif + +#if defined PATH_MAX +# define LT_PATHMAX PATH_MAX +#elif defined MAXPATHLEN +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif + +/* path handling portability macros */ +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ + defined __OS2__ +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free (stale); stale = 0; } \ +} while (0) + +#if defined LT_DEBUGWRAPPER +static int lt_debug = 1; +#else +static int lt_debug = 0; +#endif + +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ + +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); +EOF + + cat <= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} + +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; + + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; + + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + size_t tmp_len; + char *concat_name; + + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined HAVE_DOS_BASED_FILE_SYSTEM + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined HAVE_DOS_BASED_FILE_SYSTEM + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = (size_t) (q - p); + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; +} + +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } + + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); + } + } + XFREE (tmp_pathspec); + + if (!has_symlinks) + { + return xstrdup (pathspec); + } + + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif +} + +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; + + assert (str != NULL); + assert (pat != NULL); + + len = strlen (str); + patlen = strlen (pat); + + if (patlen <= len) + { + str += len - patlen; + if (STREQ (str, pat)) + *str = '\0'; + } + return str; +} + +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + +static void +lt_error_core (int exit_status, const char *file, + int line, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *file, int line, const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); + va_end (ap); +} + +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + +void +lt_setenv (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); +#else + size_t len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } +#endif + } +} + +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + size_t orig_value_len = strlen (orig_value); + size_t add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} + +void +lt_update_exe_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + size_t len = strlen (new_value); + while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[--len] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +void +lt_update_lib_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' + cat <<"EOF" +} +EOF +} +# end: func_emit_cwrapperexe_src + +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $debug_cmd + + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + +# func_suncc_cstd_abi +# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! +# Several compiler flags select an ABI that is incompatible with the +# Cstd library. Avoid specifying it if any are in CXXFLAGS. +func_suncc_cstd_abi () +{ + $debug_cmd + + case " $compile_command " in + *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) + suncc_use_cstd_abi=no + ;; + *) + suncc_use_cstd_abi=yes + ;; + esac +} + +# func_mode_link arg... +func_mode_link () +{ + $debug_cmd + + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # what system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no + + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll that has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt + + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= + + avoid_version=no + bindir= + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + os2dllname= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=false + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module=$wl-single_module + func_infer_tag $base_compile + + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test yes != "$build_libtool_libs" \ + && func_fatal_configuration "cannot build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg=$1 + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac + + case $prev in + bindir) + bindir=$arg + prev= + continue + ;; + dlfiles|dlprefiles) + $preload || { + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=: + } + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test no = "$dlself"; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test dlprefiles = "$prev"; then + dlself=yes + elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test dlfiles = "$prev"; then + func_append dlfiles " $arg" + else + func_append dlprefiles " $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols=$arg + test -f "$arg" \ + || func_fatal_error "symbol file '$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex=$arg + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) func_append deplibs " $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir=$arg + prev= + continue + ;; + mllvm) + # Clang does not use LLVM to link, so we can simply discard any + # '-mllvm $arg' options when doing the link step. + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# func_append moreargs " $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + if test none != "$pic_object"; then + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + fi + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file '$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + os2dllname) + os2dllname=$arg + prev= + continue + ;; + precious_regex) + precious_files_regex=$arg + prev= + continue + ;; + release) + release=-$arg + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test rpath = "$prev"; then + case "$rpath " in + *" $arg "*) ;; + *) func_append rpath " $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) func_append xrpath " $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds=$arg + prev= + continue + ;; + weak) + func_append weak_libs " $arg" + prev= + continue + ;; + xcclinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg=$arg + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "'-allow-undefined' must not be used because it is the default" + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -bindir) + prev=bindir + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test X-export-symbols = "X$arg"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname "-L" '' "$arg" + if test -z "$func_stripname_result"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between '-L' and '$1'" + else + func_fatal_error "need path for '-L' option" + fi + fi + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of '$dir'" + dir=$absdir + ;; + esac + case "$deplibs " in + *" -L$dir "* | *" $arg "*) + # Will only happen for absolute or sysroot arguments + ;; + *) + # Preserve sysroot, but never include relative directories + case $dir in + [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; + *) func_append deplibs " -L$dir" ;; + esac + func_append lib_search_path " $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) func_append dllsearchpath ":$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test X-lc = "X$arg" || test X-lm = "X$arg"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test X-lc = "X$arg" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc due to us having libc/libc_r. + test X-lc = "X$arg" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + func_append deplibs " System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test X-lc = "X$arg" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test X-lc = "X$arg" && continue + ;; + esac + elif test X-lc_r = "X$arg"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + func_append deplibs " $arg" + continue + ;; + + -mllvm) + prev=mllvm + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot|--sysroot) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + continue + ;; + + -multi_module) + single_module=$wl-multi_module + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "'-no-install' is ignored for $host" + func_warning "assuming '-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -os2dllname) + prev=os2dllname + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + =*) + func_stripname '=' '' "$dir" + dir=$lt_sysroot$func_stripname_result + ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $func_quote_for_eval_result" + func_append compiler_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $wl$func_quote_for_eval_result" + func_append compiler_flags " $wl$func_quote_for_eval_result" + func_append linker_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # -fstack-protector* stack protector flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection + # --sysroot=* for sysroot support + # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -stdlib=* select c++ std lib with clang + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + func_append compile_command " $arg" + func_append finalize_command " $arg" + func_append compiler_flags " $arg" + continue + ;; + + -Z*) + if test os2 = "`expr $host : '.*\(os2\)'`"; then + # OS/2 uses -Zxxx to specify OS/2-specific options + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case $arg in + -Zlinker | -Zstack) + prev=xcompiler + ;; + esac + continue + else + # Otherwise treat like 'Some other compiler flag' below + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + fi + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + *.$objext) + # A standard object. + func_append objs " $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + test none = "$pic_object" || { + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + } + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + func_append deplibs " $arg" + func_append old_deplibs " $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + func_resolve_sysroot "$arg" + if test dlfiles = "$prev"; then + # This library was specified with -dlopen. + func_append dlfiles " $func_resolve_sysroot_result" + prev= + elif test dlprefiles = "$prev"; then + # The library was specified with -dlpreopen. + func_append dlprefiles " $func_resolve_sysroot_result" + prev= + else + func_append deplibs " $func_resolve_sysroot_result" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the '$prevarg' option requires an argument" + + if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname=$func_basename_result + libobjs_save=$libobjs + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + # Definition is injected by LT_CONFIG during libtool generation. + func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" + + func_dirname "$output" "/" "" + output_objdir=$func_dirname_result$objdir + func_to_tool_file "$output_objdir/" + tool_output_objdir=$func_to_tool_file_result + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_preserve_dup_deps; then + case "$libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append libs " $deplib" + done + + if test lib = "$linkmode"; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; + esac + func_append pre_post_deps " $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=false + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test lib,link = "$linkmode,$pass"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs=$tmp_deplibs + fi + + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass"; then + libs=$deplibs + deplibs= + fi + if test prog = "$linkmode"; then + case $pass in + dlopen) libs=$dlfiles ;; + dlpreopen) libs=$dlprefiles ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + esac + fi + if test lib,dlpreopen = "$linkmode,$pass"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + func_resolve_sysroot "$lib" + case $lib in + *.la) func_source "$func_resolve_sysroot_result" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + func_basename "$deplib" + deplib_base=$func_basename_result + case " $weak_libs " in + *" $deplib_base "*) ;; + *) func_append deplibs " $deplib" ;; + esac + done + done + libs=$dlprefiles + fi + if test dlopen = "$pass"; then + # Collect dlpreopened libraries + save_deplibs=$deplibs + deplibs= + fi + + for deplib in $libs; do + lib= + found=false + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append compiler_flags " $deplib" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test lib != "$linkmode" && test prog != "$linkmode"; then + func_warning "'-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test lib = "$linkmode"; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib=$searchdir/lib$name$search_ext + if test -f "$lib"; then + if test .la = "$search_ext"; then + found=: + else + found=false + fi + break 2 + fi + done + done + if $found; then + # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll=$l + done + if test "X$ll" = "X$old_library"; then # only static version available + found=false + func_dirname "$lib" "" "." + ladir=$func_dirname_result + lib=$ladir/$old_library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + else + # deplib doesn't seem to be a libtool library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + ;; # -l + *.ltframework) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test conv = "$pass" && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + prog) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + if test scan = "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + *) + func_warning "'-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test link = "$pass"; then + func_stripname '-R' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) + func_resolve_sysroot "$deplib" + lib=$func_resolve_sysroot_result + ;; + *.$libext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=false + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=: + fi + ;; + pass_all) + valid_a_lib=: + ;; + esac + if $valid_a_lib; then + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + else + echo + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." + fi + ;; + esac + continue + ;; + prog) + if test link != "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + elif test prog = "$linkmode"; then + if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + func_append newdlprefiles " $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append newdlfiles " $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=: + continue + ;; + esac # case $deplib + + $found || test -f "$lib" \ + || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "'$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir=$func_dirname_result + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass" || + { test prog != "$linkmode" && test lib != "$linkmode"; }; then + test -n "$dlopen" && func_append dlfiles " $dlopen" + test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" + fi + + if test conv = "$pass"; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + # It is a libtool convenience library, so add in its objects. + func_append convenience " $ladir/$objdir/$old_library" + func_append old_convenience " $ladir/$objdir/$old_library" + elif test prog != "$linkmode" && test lib != "$linkmode"; then + func_fatal_error "'$lib' is not a convenience library" + fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + if test -n "$old_library" && + { test yes = "$prefer_static_libs" || + test built,no = "$prefer_static_libs,$installed"; }; then + linklib=$old_library + else + for l in $old_library $library_names; do + linklib=$l + done + fi + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + + # This library was specified with -dlopen. + if test dlopen = "$pass"; then + test -z "$libdir" \ + && func_fatal_error "cannot -dlopen a convenience library: '$lib'" + if test -z "$dlname" || + test yes != "$dlopen_support" || + test no = "$build_libtool_libs" + then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + func_append dlprefiles " $lib $dependency_libs" + else + func_append newdlfiles " $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of '$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir=$ladir + fi + ;; + esac + func_basename "$lib" + laname=$func_basename_result + + # Find the relevant object directory and library name. + if test yes = "$installed"; then + if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library '$lib' was moved." + dir=$ladir + absdir=$abs_ladir + libdir=$abs_ladir + else + dir=$lt_sysroot$libdir + absdir=$lt_sysroot$libdir + fi + test yes = "$hardcode_automatic" && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir=$ladir + absdir=$abs_ladir + # Remove this search path later + func_append notinst_path " $abs_ladir" + else + dir=$ladir/$objdir + absdir=$abs_ladir/$objdir + # Remove this search path later + func_append notinst_path " $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test dlpreopen = "$pass"; then + if test -z "$libdir" && test prog = "$linkmode"; then + func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" + fi + case $host in + # special handling for platforms with PE-DLLs. + *cygwin* | *mingw* | *cegcc* ) + # Linker will automatically link against shared library if both + # static and shared are present. Therefore, ensure we extract + # symbols from the import library if a shared library is present + # (otherwise, the dlopen module name will be incorrect). We do + # this by putting the import library name into $newdlprefiles. + # We recover the dlopen module name by 'saving' the la file + # name in a special purpose variable, and (later) extracting the + # dlname from the la file. + if test -n "$dlname"; then + func_tr_sh "$dir/$linklib" + eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" + func_append newdlprefiles " $dir/$linklib" + else + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + fi + ;; + * ) + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + func_append newdlprefiles " $dir/$dlname" + else + func_append newdlprefiles " $dir/$linklib" + fi + ;; + esac + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test lib = "$linkmode"; then + deplibs="$dir/$old_library $deplibs" + elif test prog,link = "$linkmode,$pass"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test prog = "$linkmode" && test link != "$pass"; then + func_append newlib_search_path " $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=false + if test no != "$link_all_deplibs" || test -z "$library_names" || + test no = "$build_libtool_libs"; then + linkalldeplibs=: + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + esac + # Need to link against all dependency_libs? + if $linkalldeplibs; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test prog,link = "$linkmode,$pass"; then + if test -n "$library_names" && + { { test no = "$prefer_static_libs" || + test built,yes = "$prefer_static_libs,$installed"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then + # Make sure the rpath contains only unique directories. + case $temp_rpath: in + *"$absdir:"*) ;; + *) func_append temp_rpath "$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if $alldeplibs && + { test pass_all = "$deplibs_check_method" || + { test yes = "$build_libtool_libs" && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test built = "$use_static_libs" && test yes = "$installed"; then + use_static_libs=no + fi + if test -n "$library_names" && + { test no = "$use_static_libs" || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc* | *os2*) + # No point in relinking DLLs because paths are not encoded + func_append notinst_deplibs " $lib" + need_relink=no + ;; + *) + if test no = "$installed"; then + func_append notinst_deplibs " $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule= + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule=$dlpremoduletest + break + fi + done + if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then + echo + if test prog = "$linkmode"; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test lib = "$linkmode" && + test yes = "$hardcode_into_libs"; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname=$1 + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname=$dlname + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc* | *os2*) + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + esac + eval soname=\"$soname_spec\" + else + soname=$realname + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot=$soname + func_basename "$soroot" + soname=$func_basename_result + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from '$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for '$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test prog = "$linkmode" || test relink != "$opt_mode"; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test no = "$hardcode_direct"; then + add=$dir/$linklib + case $host in + *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; + *-*-sysv4*uw2*) add_dir=-L$dir ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir=-L$dir ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we cannot + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library"; then + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" + else + add=$dir/$old_library + fi + elif test -n "$old_library"; then + add=$dir/$old_library + fi + fi + esac + elif test no = "$hardcode_minus_L"; then + case $host in + *-*-sunos*) add_shlibpath=$dir ;; + esac + add_dir=-L$dir + add=-l$name + elif test no = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + else + lib_linked=no + fi + ;; + relink) + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$dir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$absdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test yes != "$lib_linked"; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) func_append compile_shlibpath "$add_shlibpath:" ;; + esac + fi + if test prog = "$linkmode"; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test yes != "$hardcode_direct" && + test yes != "$hardcode_minus_L" && + test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + fi + fi + fi + + if test prog = "$linkmode" || test relink = "$opt_mode"; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$libdir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$libdir + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + add=-l$name + elif test yes = "$hardcode_automatic"; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib"; then + add=$inst_prefix_dir$libdir/$linklib + else + add=$libdir/$linklib + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir=-L$libdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + fi + + if test prog = "$linkmode"; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test prog = "$linkmode"; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test unsupported != "$hardcode_direct"; then + test -n "$old_library" && linklib=$old_library + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test yes = "$build_libtool_libs"; then + # Not a shared library + if test pass_all != "$deplibs_check_method"; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + echo + $ECHO "*** Warning: This system cannot link to static lib archive $lib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." + if test yes = "$module"; then + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test lib = "$linkmode"; then + if test -n "$dependency_libs" && + { test yes != "$hardcode_into_libs" || + test yes = "$build_old_libs" || + test yes = "$link_static"; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) func_append xrpath " $temp_xrpath";; + esac;; + *) func_append temp_deplibs " $libdir";; + esac + done + dependency_libs=$temp_deplibs + fi + + func_append newlib_search_path " $absdir" + # Link against this library + test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result";; + *) func_resolve_sysroot "$deplib" ;; + esac + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $func_resolve_sysroot_result "*) + func_append specialdeplibs " $func_resolve_sysroot_result" ;; + esac + fi + func_append tmp_libs " $func_resolve_sysroot_result" + done + + if test no != "$link_all_deplibs"; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path=$deplib ;; + *.la) + func_resolve_sysroot "$deplib" + deplib=$func_resolve_sysroot_result + func_dirname "$deplib" "" "." + dir=$func_dirname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of '$dir'" + absdir=$dir + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names"; then + for tmp in $deplibrary_names; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl"; then + depdepl=$absdir/$objdir/$depdepl + darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" + func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" + path= + fi + fi + ;; + *) + path=-L$absdir/$objdir + ;; + esac + else + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "'$deplib' seems to be moved" + + path=-L$absdir + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test link = "$pass"; then + if test prog = "$linkmode"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs=$newdependency_libs + if test dlpreopen = "$pass"; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test dlopen != "$pass"; then + test conv = "$pass" || { + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) func_append lib_search_path " $dir" ;; + esac + done + newlib_search_path= + } + + if test prog,link = "$linkmode,$pass"; then + vars="compile_deplibs finalize_deplibs" + else + vars=deplibs + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) func_append tmp_libs " $deplib" ;; + esac + ;; + *) func_append tmp_libs " $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + + # Add Sun CC postdeps if required: + test CXX = "$tagname" && { + case $host_os in + linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i= + ;; + esac + if test -n "$i"; then + func_append tmp_libs " $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test prog = "$linkmode"; then + dlfiles=$newdlfiles + fi + if test prog = "$linkmode" || test lib = "$linkmode"; then + dlprefiles=$newdlprefiles + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "'-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "'-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs=$output + func_append objs "$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form 'libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + test no = "$module" \ + && func_fatal_help "libtool library '$output' must begin with 'lib'" + + if test no != "$need_lib_prefix"; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test pass_all != "$deplibs_check_method"; then + func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" + else + echo + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + func_append libobjs " $objs" + fi + fi + + test no = "$dlself" \ + || func_warning "'-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test 1 -lt "$#" \ + && func_warning "ignoring multiple '-rpath's for a libtool library" + + install_libdir=$1 + + oldlibs= + if test -z "$rpath"; then + if test yes = "$build_libtool_libs"; then + # Building a libtool convenience library. + # Some compilers have problems with a '.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "'-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs=$IFS; IFS=: + set dummy $vinfo 0 0 0 + shift + IFS=$save_ifs + + test -n "$7" && \ + func_fatal_help "too many parameters to '-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major=$1 + number_minor=$2 + number_revision=$3 + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # that has an extra 1 added just for fun + # + case $version_type in + # correct linux to gnu/linux during the next big refactor + darwin|freebsd-elf|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_revision + ;; + freebsd-aout|qnx|sunos) + current=$number_major + revision=$number_minor + age=0 + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_minor + lt_irix_increment=no + ;; + esac + ;; + no) + current=$1 + revision=$2 + age=$3 + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT '$current' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION '$revision' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE '$age' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE '$age' is greater than the current interface number '$current'" + func_fatal_error "'$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + # On Darwin other compilers + case $CC in + nagfor*) + verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + ;; + *) + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + esac + ;; + + freebsd-aout) + major=.$current + versuffix=.$current.$revision + ;; + + freebsd-elf) + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + irix | nonstopux) + if test no = "$lt_irix_increment"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring=$verstring_prefix$major.$revision + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test 0 -ne "$loop"; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring_prefix$major.$iface:$verstring + done + + # Before this point, $major must not contain '.'. + major=.$major + versuffix=$major.$revision + ;; + + linux) # correct to gnu/linux during the next big refactor + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=.$current.$age.$revision + verstring=$current.$age.$revision + + # Add in all the interfaces that we are compatible with. + loop=$age + while test 0 -ne "$loop"; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring:$iface.0 + done + + # Make executables depend on our current version. + func_append verstring ":$current.0" + ;; + + qnx) + major=.$current + versuffix=.$current + ;; + + sco) + major=.$current + versuffix=.$current + ;; + + sunos) + major=.$current + versuffix=.$current.$revision + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 file systems. + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + + *) + func_fatal_configuration "unknown library version type '$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring=0.0 + ;; + esac + if test no = "$need_version"; then + versuffix= + else + versuffix=.0.0 + fi + fi + + # Remove version info from name if versioning should be avoided + if test yes,no = "$avoid_version,$need_version"; then + major= + versuffix= + verstring= + fi + + # Check to see if the archive will have undefined symbols. + if test yes = "$allow_undefined"; then + if test unsupported = "$allow_undefined_flag"; then + if test yes = "$build_old_libs"; then + func_warning "undefined symbols not allowed in $host shared libraries; building static only" + build_libtool_libs=no + else + func_fatal_error "can't build $host shared library unless -no-undefined is specified" + fi + fi + else + # Don't allow undefined symbols. + allow_undefined_flag=$no_undefined_flag + fi + + fi + + func_generate_dlsyms "$libname" "$libname" : + func_append libobjs " $symfileobj" + test " " = "$libobjs" && libobjs= + + if test relink != "$opt_mode"; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) + if test -n "$precious_files_regex"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + func_append removelist " $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then + func_append oldlibs " $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + func_replace_sysroot "$libdir" + func_append temp_xrpath " -R$func_replace_sysroot_result" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles=$dlfiles + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) func_append dlfiles " $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles=$dlprefiles + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) func_append dlprefiles " $lib" ;; + esac + done + + if test yes = "$build_libtool_libs"; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + func_append deplibs " System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test yes = "$build_libtool_need_lc"; then + func_append deplibs " -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release= + versuffix= + major= + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c </dev/null` + $nocaseglob + else + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + fi + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib=$potent_lib + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | $SED 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; + *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib= + ;; + esac + fi + if test -n "$a_deplib"; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib=$potent_lib # see symlink-check above in file_magic test + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs= + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + for i in $predeps $postdeps; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` + done + fi + case $tmp_deplibs in + *[!\ \ ]*) + echo + if test none = "$deplibs_check_method"; then + echo "*** Warning: inter-library dependencies are not supported in this platform." + else + echo "*** Warning: inter-library dependencies are not known to be supported." + fi + echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + ;; + esac + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + if test yes = "$droppeddeps"; then + if test yes = "$module"; then + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." + + if test no = "$allow_undefined"; then + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + deplibs=$new_libs + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test yes = "$build_libtool_libs"; then + # Remove $wl instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac + if test yes = "$hardcode_into_libs"; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath=$finalize_rpath + test relink = "$opt_mode" || rpath=$compile_rpath$rpath + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + func_replace_sysroot "$libdir" + libdir=$func_replace_sysroot_result + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append dep_rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath=$finalize_shlibpath + test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname=$1 + shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname=$realname + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib=$output_objdir/$realname + linknames= + for link + do + func_append linknames " $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= + + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols=$output_objdir/$libname.uexp + func_append delfiles " $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + func_dll_def_p "$export_symbols" || { + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols=$export_symbols + export_symbols= + always_export_symbols=yes + } + fi + ;; + esac + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs=$IFS; IFS='~' + for cmd1 in $cmds; do + IFS=$save_ifs + # Take the normal branch if the nm_file_list_spec branch + # doesn't work or if tool conversion is not needed. + case $nm_file_list_spec~$to_tool_file_cmd in + *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) + try_normal_branch=yes + eval cmd=\"$cmd1\" + func_len " $cmd" + len=$func_len_result + ;; + *) + try_normal_branch=no + ;; + esac + if test yes = "$try_normal_branch" \ + && { test "$len" -lt "$max_cmd_len" \ + || test "$max_cmd_len" -le -1; } + then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + elif test -n "$nm_file_list_spec"; then + func_basename "$output" + output_la=$func_basename_result + save_libobjs=$libobjs + save_output=$output + output=$output_objdir/$output_la.nm + func_to_tool_file "$output" + libobjs=$nm_file_list_spec$func_to_tool_file_result + func_append delfiles " $output" + func_verbose "creating $NM input file list: $output" + for obj in $save_libobjs; do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > "$output" + eval cmd=\"$cmd1\" + func_show_eval "$cmd" 'exit $?' + output=$save_output + libobjs=$save_libobjs + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS=$save_ifs + if test -n "$export_symbols_regex" && test : != "$skipped_export"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test : != "$skipped_export" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + func_append tmp_deplibs " $test_deplib" + ;; + esac + done + deplibs=$tmp_deplibs + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test yes = "$compiler_needs_object" && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi + + if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + func_append linker_flags " $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test : != "$skipped_export" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + func_basename "$output" + output_la=$func_basename_result + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 + + if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then + output=$output_objdir/$output_la.lnkscript + func_verbose "creating GNU ld script: $output" + echo 'INPUT (' > $output + for obj in $save_libobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + echo ')' >> $output + func_append delfiles " $output" + func_to_tool_file "$output" + output=$func_to_tool_file_result + elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then + output=$output_objdir/$output_la.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test yes = "$compiler_needs_object"; then + firstobj="$1 " + shift + fi + for obj + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + func_append delfiles " $output" + func_to_tool_file "$output" + output=$firstobj\"$file_list_spec$func_to_tool_file_result\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-$k.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test -z "$objlist" || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test 1 -eq "$k"; then + # The first file doesn't have a previous command to add. + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" + else + # All subsequent reloadable object files will link in + # the last one created. + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-$k.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-$k.$objext + objlist=" $obj" + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds$reload_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + func_append delfiles " $output" + + else + output= + fi + + ${skipped_export-false} && { + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + } + + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs=$IFS; IFS='~' + for cmd in $concat_cmds; do + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + + ${skipped_export-false} && { + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + } + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + fi + + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + + save_ifs=$IFS; IFS='~' + for cmd in $cmds; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test yes = "$module" || test yes = "$export_dynamic"; then + # On all known operating systems, these are identical. + dlname=$soname + fi + fi + ;; + + obj) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for objects" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for objects" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for objects" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for objects" + + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "'-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object '$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result + ;; + *) + libobj= + obj=$output + ;; + esac + + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # if reload_cmds runs $LD directly, get rid of -Wl from + # whole_archive_flag_spec and hope we can get by with turning comma + # into space. + case $reload_cmds in + *\$LD[\ \$]*) wl= ;; + esac + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags + else + gentop=$output_objdir/${obj}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # If we're not building shared, we need to use non_pic_objs + test yes = "$build_libtool_libs" || libobjs=$non_pic_objects + + # Create the old-style object. + reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs + + output=$obj + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + fi + + test yes = "$build_libtool_libs" || { + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + } + + if test -n "$pic_flag" || test default != "$pic_mode"; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output=$libobj + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for programs" + + test -n "$release" && \ + func_warning "'-release' is ignored for programs" + + $preload \ + && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ + && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test CXX = "$tagname"; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + func_append compile_command " $wl-bind_at_load" + func_append finalize_command " $wl-bind_at_load" + ;; + esac + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + compile_deplibs=$new_libs + + + func_append compile_command " $compile_deplibs" + func_append finalize_command " $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) func_append dllsearchpath ":$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath=$rpath + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) func_append finalize_perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath=$rpath + + if test -n "$libobjs" && test yes = "$build_old_libs"; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + fi + + func_generate_dlsyms "$outputname" "@PROGRAM@" false + + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi + + wrappers_required=: + case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=false + ;; + *cygwin* | *mingw* ) + test yes = "$build_libtool_libs" || wrappers_required=false + ;; + *) + if test no = "$need_relink" || test yes != "$build_libtool_libs"; then + wrappers_required=false + fi + ;; + esac + $wrappers_required || { + # Replace the output file specification. + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + link_command=$compile_command$compile_rpath + + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.$objext"; then + func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' + fi + + exit $exit_status + } + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + func_append rpath "$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test yes = "$no_install"; then + # We don't need to create a wrapper script. + link_command=$compile_var$compile_command$compile_rpath + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + exit $EXIT_SUCCESS + fi + + case $hardcode_action,$fast_install in + relink,*) + # Fast installation is not supported + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "'$output' will be relinked during installation" + ;; + *,yes) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + ;; + *,no) + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + ;; + *,needless) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command= + ;; + esac + + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname + + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output_objdir/$outputname" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Now create the wrapper script. + func_verbose "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + fi + + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource=$output_path/$objdir/lt-$output_name.c + cwrapper=$output_path/$output_name.exe + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } + + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host"; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 + + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + case $build_libtool_libs in + convenience) + oldobjs="$libobjs_save $symfileobj" + addlibs=$convenience + build_libtool_libs=no + ;; + module) + oldobjs=$libobjs_save + addlibs=$old_convenience + build_libtool_libs=no + ;; + *) + oldobjs="$old_deplibs $non_pic_objects" + $preload && test -f "$symfileobj" \ + && func_append oldobjs " $symfileobj" + addlibs=$old_convenience + ;; + esac + + if test -n "$addlibs"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $addlibs + func_append oldobjs " $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then + cmds=$old_archive_from_new_cmds + else + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append oldobjs " $func_extract_archives_result" + fi + + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + echo "copying selected object files to avoid basename conflicts..." + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase=$func_basename_result + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + func_append oldobjs " $gentop/$newobj" + ;; + *) func_append oldobjs " $obj" ;; + esac + done + fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + eval cmds=\"$old_archive_cmds\" + + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + elif test -n "$archiver_list_spec"; then + func_verbose "using command file archive linking..." + for obj in $oldobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > $output_objdir/$libname.libcmd + func_to_tool_file "$output_objdir/$libname.libcmd" + oldobjs=" $archiver_list_spec$func_to_tool_file_result" + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj"; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test -z "$oldobjs"; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' + done + + test -n "$generated" && \ + func_show_eval "${RM}r$generated" + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test yes = "$build_old_libs" && old_library=$libname.$libext + func_verbose "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + if test yes = "$hardcode_automatic"; then + relink_command= + fi + + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test yes = "$installed"; then + if test -z "$install_libdir"; then + break + fi + output=$output_objdir/${outputname}i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name=$func_basename_result + func_resolve_sysroot "$deplib" + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" + ;; + -L*) + func_stripname -L '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -L$func_replace_sysroot_result" + ;; + -R*) + func_stripname -R '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -R$func_replace_sysroot_result" + ;; + *) func_append newdependency_libs " $deplib" ;; + esac + done + dependency_libs=$newdependency_libs + newdlfiles= + + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" + ;; + *) func_append newdlfiles " $lib" ;; + esac + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" + ;; + esac + done + dlprefiles=$newdlprefiles + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlfiles " $abs" + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlprefiles " $abs" + done + dlprefiles=$newdlprefiles + fi + $RM $output + # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test -n "$bindir"; then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result/$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Linker flags that cannot go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test no,yes = "$installed,$need_relink"; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} + +if test link = "$opt_mode" || test relink = "$opt_mode"; then + func_mode_link ${1+"$@"} +fi + + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $debug_cmd + + RM=$nonopt + files= + rmforce=false + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + for arg + do + case $arg in + -f) func_append RM " $arg"; rmforce=: ;; + -*) func_append RM " $arg" ;; + *) func_append files " $arg" ;; + esac + done + + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" + + rmdirs= + + for file in $files; do + func_dirname "$file" "" "." + dir=$func_dirname_result + if test . = "$dir"; then + odir=$objdir + else + odir=$dir/$objdir + fi + func_basename "$file" + name=$func_basename_result + test uninstall = "$opt_mode" && odir=$dir + + # Remember odir for removal later, being careful to avoid duplicates + if test clean = "$opt_mode"; then + case " $rmdirs " in + *" $odir "*) ;; + *) func_append rmdirs " $odir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif $rmforce; then + continue + fi + + rmfiles=$file + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if func_lalib_p "$file"; then + func_source $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + func_append rmfiles " $odir/$n" + done + test -n "$old_library" && func_append rmfiles " $odir/$old_library" + + case $opt_mode in + clean) + case " $library_names " in + *" $dlname "*) ;; + *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; + esac + test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if func_lalib_p "$file"; then + + # Read the .lo file + func_source $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" && test none != "$pic_object"; then + func_append rmfiles " $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" && test none != "$non_pic_object"; then + func_append rmfiles " $dir/$non_pic_object" + fi + fi + ;; + + *) + if test clean = "$opt_mode"; then + noexename=$name + case $file in + *.exe) + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result + # $file with .exe has already been added to rmfiles, + # add $file without .exe + func_append rmfiles " $file" + ;; + esac + # Do a test to see if this is a libtool program. + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + func_append rmfiles " $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + func_append rmfiles " $odir/$name $odir/${name}S.$objext" + if test yes = "$fast_install" && test -n "$relink_command"; then + func_append rmfiles " $odir/lt-$name" + fi + if test "X$noexename" != "X$name"; then + func_append rmfiles " $odir/lt-$noexename.c" + fi + fi + fi + ;; + esac + func_show_eval "$RM $rmfiles" 'exit_status=1' + done + + # Try to remove the $objdir's in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + func_show_eval "rmdir $dir >/dev/null 2>&1" + fi + done + + exit $exit_status +} + +if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then + func_mode_uninstall ${1+"$@"} +fi + +test -z "$opt_mode" && { + help=$generic_help + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode '$opt_mode'" + +if test -n "$exec_cmd"; then + eval exec "$exec_cmd" + exit $EXIT_FAILURE +fi + +exit $exit_status + + +# The TAGs below are defined such that we never get into a situation +# where we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +build_libtool_libs=no +build_old_libs=yes +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_cflags.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_cflags.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_cflags.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_cflags.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,34 @@ +dnl This file is part of `nagios-plugins-linux'. +dnl Copyright (C) 2014 by Davide Madrisan + +dnl This program is free software: you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation, either version 3 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +dnl GNU General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program. If not, see . + +dnl Process this file with autoconf to produce a configure script. + +dnl cc_TRY_CFLAGS (CFLAGS) +dnl ------------------------------------------------------------ +dnl Checks if $CC supports a given set of CFLAGS. +dnl If supported, the current CFLAGS is appended to SUPPORTED_CFLAGS +AC_DEFUN([cc_TRY_CFLAGS], + [AC_MSG_CHECKING([whether compiler accepts $1]) + ac_save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -Werror $1" + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]],[[]])], + [AC_MSG_RESULT([yes]) + SUPPORTED_CFLAGS="$SUPPORTED_CFLAGS $1"], + [AC_MSG_RESULT([no])] + ) + CFLAGS="$ac_save_CFLAGS" +]) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_ldflags.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_ldflags.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_ldflags.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/cc_try_ldflags.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,34 @@ +dnl This file is part of `nagios-plugins-linux'. +dnl Copyright (C) 2018 by Davide Madrisan + +dnl This program is free software: you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation, either version 3 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +dnl GNU General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program. If not, see . + +dnl Process this file with autoconf to produce a configure script. + +dnl cc_TRY_LDFLAGS (LDFLAGS) +dnl ------------------------------------------------------------ +dnl Checks if $CC supports a given set of LDFLAGS. +dnl If supported, the current LDFLAGS is appended to SUPPORTED_LDFLAGS +AC_DEFUN([cc_TRY_LDFLAGS], + [AC_MSG_CHECKING([whether compiler accepts $1]) + ac_save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $1" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]],[[int x;]])], + [AC_MSG_RESULT([yes]) + SUPPORTED_LDFLAGS="$SUPPORTED_LDFLAGS $1"], + [AC_MSG_RESULT([no])] + ) + LDFLAGS="$ac_save_LDFLAGS" +]) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libcurl.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libcurl.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libcurl.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libcurl.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,272 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 2006, David Shaw +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### +# LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION], +# [ACTION-IF-YES], [ACTION-IF-NO]) +# ---------------------------------------------------------- +# David Shaw May-09-2006 +# +# Checks for libcurl. DEFAULT-ACTION is the string yes or no to +# specify whether to default to --with-libcurl or --without-libcurl. +# If not supplied, DEFAULT-ACTION is yes. MINIMUM-VERSION is the +# minimum version of libcurl to accept. Pass the version as a regular +# version number like 7.10.1. If not supplied, any version is +# accepted. ACTION-IF-YES is a list of shell commands to run if +# libcurl was successfully found and passed the various tests. +# ACTION-IF-NO is a list of shell commands that are run otherwise. +# Note that using --without-libcurl does run ACTION-IF-NO. +# +# This macro #defines HAVE_LIBCURL if a working libcurl setup is +# found, and sets @LIBCURL@ and @LIBCURL_CPPFLAGS@ to the necessary +# values. Other useful defines are LIBCURL_FEATURE_xxx where xxx are +# the various features supported by libcurl, and LIBCURL_PROTOCOL_yyy +# where yyy are the various protocols supported by libcurl. Both xxx +# and yyy are capitalized. See the list of AH_TEMPLATEs at the top of +# the macro for the complete list of possible defines. Shell +# variables $libcurl_feature_xxx and $libcurl_protocol_yyy are also +# defined to 'yes' for those features and protocols that were found. +# Note that xxx and yyy keep the same capitalization as in the +# curl-config list (e.g. it's "HTTP" and not "http"). +# +# Users may override the detected values by doing something like: +# LIBCURL="-lcurl" LIBCURL_CPPFLAGS="-I/usr/myinclude" ./configure +# +# For the sake of sanity, this macro assumes that any libcurl that is +# found is after version 7.7.2, the first version that included the +# curl-config script. Note that it is very important for people +# packaging binary versions of libcurl to include this script! +# Without curl-config, we can only guess what protocols are available, +# or use curl_version_info to figure it out at runtime. + +AC_DEFUN([LIBCURL_CHECK_CONFIG], +[ + AH_TEMPLATE([LIBCURL_FEATURE_SSL],[Defined if libcurl supports SSL]) + AH_TEMPLATE([LIBCURL_FEATURE_KRB4],[Defined if libcurl supports KRB4]) + AH_TEMPLATE([LIBCURL_FEATURE_IPV6],[Defined if libcurl supports IPv6]) + AH_TEMPLATE([LIBCURL_FEATURE_LIBZ],[Defined if libcurl supports libz]) + AH_TEMPLATE([LIBCURL_FEATURE_ASYNCHDNS],[Defined if libcurl supports AsynchDNS]) + AH_TEMPLATE([LIBCURL_FEATURE_IDN],[Defined if libcurl supports IDN]) + AH_TEMPLATE([LIBCURL_FEATURE_SSPI],[Defined if libcurl supports SSPI]) + AH_TEMPLATE([LIBCURL_FEATURE_NTLM],[Defined if libcurl supports NTLM]) + + AH_TEMPLATE([LIBCURL_PROTOCOL_HTTP],[Defined if libcurl supports HTTP]) + AH_TEMPLATE([LIBCURL_PROTOCOL_HTTPS],[Defined if libcurl supports HTTPS]) + AH_TEMPLATE([LIBCURL_PROTOCOL_FTP],[Defined if libcurl supports FTP]) + AH_TEMPLATE([LIBCURL_PROTOCOL_FTPS],[Defined if libcurl supports FTPS]) + AH_TEMPLATE([LIBCURL_PROTOCOL_FILE],[Defined if libcurl supports FILE]) + AH_TEMPLATE([LIBCURL_PROTOCOL_TELNET],[Defined if libcurl supports TELNET]) + AH_TEMPLATE([LIBCURL_PROTOCOL_LDAP],[Defined if libcurl supports LDAP]) + AH_TEMPLATE([LIBCURL_PROTOCOL_DICT],[Defined if libcurl supports DICT]) + AH_TEMPLATE([LIBCURL_PROTOCOL_TFTP],[Defined if libcurl supports TFTP]) + AH_TEMPLATE([LIBCURL_PROTOCOL_RTSP],[Defined if libcurl supports RTSP]) + AH_TEMPLATE([LIBCURL_PROTOCOL_POP3],[Defined if libcurl supports POP3]) + AH_TEMPLATE([LIBCURL_PROTOCOL_IMAP],[Defined if libcurl supports IMAP]) + AH_TEMPLATE([LIBCURL_PROTOCOL_SMTP],[Defined if libcurl supports SMTP]) + + AC_ARG_WITH(libcurl, + AS_HELP_STRING([--with-libcurl=PREFIX],[look for the curl library in PREFIX/lib and headers in PREFIX/include]), + [_libcurl_with=$withval],[_libcurl_with=ifelse([$1],,[yes],[$1])]) + + if test "$_libcurl_with" != "no" ; then + + AC_PROG_AWK + + _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[[1]]+256*A[[2]]+A[[3]]; print X;}'" + + _libcurl_try_link=yes + + if test -d "$_libcurl_with" ; then + LIBCURL_CPPFLAGS="-I$withval/include" + _libcurl_ldflags="-L$withval/lib" + AC_PATH_PROG([_libcurl_config],[curl-config],[], + ["$withval/bin"]) + else + AC_PATH_PROG([_libcurl_config],[curl-config],[],[$PATH]) + fi + + if test x$_libcurl_config != "x" ; then + AC_CACHE_CHECK([for the version of libcurl], + [libcurl_cv_lib_curl_version], + [libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $[]2}'`]) + + _libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse` + _libcurl_wanted=`echo ifelse([$2],,[0],[$2]) | $_libcurl_version_parse` + + if test $_libcurl_wanted -gt 0 ; then + AC_CACHE_CHECK([for libcurl >= version $2], + [libcurl_cv_lib_version_ok], + [ + if test $_libcurl_version -ge $_libcurl_wanted ; then + libcurl_cv_lib_version_ok=yes + else + libcurl_cv_lib_version_ok=no + fi + ]) + fi + + if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then + if test x"$LIBCURL_CPPFLAGS" = "x" ; then + LIBCURL_CPPFLAGS=`$_libcurl_config --cflags` + fi + if test x"$LIBCURL" = "x" ; then + LIBCURL=`$_libcurl_config --libs` + + # This is so silly, but Apple actually has a bug in their + # curl-config script. Fixed in Tiger, but there are still + # lots of Panther installs around. + case "${host}" in + powerpc-apple-darwin7*) + LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'` + ;; + esac + fi + + # All curl-config scripts support --feature + _libcurl_features=`$_libcurl_config --feature` + + # Is it modern enough to have --protocols? (7.12.4) + if test $_libcurl_version -ge 461828 ; then + _libcurl_protocols=`$_libcurl_config --protocols` + fi + else + _libcurl_try_link=no + fi + + unset _libcurl_wanted + fi + + if test $_libcurl_try_link = yes ; then + + # we didn't find curl-config, so let's see if the user-supplied + # link line (or failing that, "-lcurl") is enough. + LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"} + + AC_CACHE_CHECK([whether libcurl is usable], + [libcurl_cv_lib_curl_usable], + [ + _libcurl_save_cppflags=$CPPFLAGS + CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS" + _libcurl_save_libs=$LIBS + LIBS="$LIBCURL $LIBS" + + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[ +/* Try and use a few common options to force a failure if we are + missing symbols or can't link. */ +int x; +curl_easy_setopt(NULL,CURLOPT_URL,NULL); +x=CURL_ERROR_SIZE; +x=CURLOPT_WRITEFUNCTION; +x=CURLOPT_WRITEDATA; +x=CURLOPT_ERRORBUFFER; +x=CURLOPT_STDERR; +x=CURLOPT_VERBOSE; +if (x) {;} +]])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no) + + CPPFLAGS=$_libcurl_save_cppflags + LIBS=$_libcurl_save_libs + unset _libcurl_save_cppflags + unset _libcurl_save_libs + ]) + + if test $libcurl_cv_lib_curl_usable = yes ; then + + # Does curl_free() exist in this version of libcurl? + # If not, fake it with free() + + _libcurl_save_cppflags=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS" + _libcurl_save_libs=$LIBS + LIBS="$LIBS $LIBCURL" + + AC_CHECK_FUNC(curl_free,, + AC_DEFINE(curl_free,free, + [Define curl_free() as free() if our version of curl lacks curl_free.])) + + CPPFLAGS=$_libcurl_save_cppflags + LIBS=$_libcurl_save_libs + unset _libcurl_save_cppflags + unset _libcurl_save_libs + + AC_DEFINE(HAVE_LIBCURL,1, + [Define to 1 if you have a functional curl library.]) + AC_SUBST(LIBCURL_CPPFLAGS) + AC_SUBST(LIBCURL) + + for _libcurl_feature in $_libcurl_features ; do + AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_feature_$_libcurl_feature),[1]) + eval AS_TR_SH(libcurl_feature_$_libcurl_feature)=yes + done + + if test "x$_libcurl_protocols" = "x" ; then + + # We don't have --protocols, so just assume that all + # protocols are available + _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT TFTP" + + if test x$libcurl_feature_SSL = xyes ; then + _libcurl_protocols="$_libcurl_protocols HTTPS" + + # FTPS wasn't standards-compliant until version + # 7.11.0 (0x070b00 == 461568) + if test $_libcurl_version -ge 461568; then + _libcurl_protocols="$_libcurl_protocols FTPS" + fi + fi + + # RTSP, IMAP, POP3 and SMTP were added in + # 7.20.0 (0x071400 == 463872) + if test $_libcurl_version -ge 463872; then + _libcurl_protocols="$_libcurl_protocols RTSP IMAP POP3 SMTP" + fi + fi + + for _libcurl_protocol in $_libcurl_protocols ; do + AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_protocol_$_libcurl_protocol),[1]) + eval AS_TR_SH(libcurl_protocol_$_libcurl_protocol)=yes + done + else + unset LIBCURL + unset LIBCURL_CPPFLAGS + fi + fi + + unset _libcurl_try_link + unset _libcurl_version_parse + unset _libcurl_config + unset _libcurl_feature + unset _libcurl_features + unset _libcurl_protocol + unset _libcurl_protocols + unset _libcurl_version + unset _libcurl_ldflags + fi + + if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then + # This is the IF-NO path + ifelse([$4],,:,[$4]) + else + # This is the IF-YES path + ifelse([$3],,:,[$3]) + fi + + unset _libcurl_with +])dnl diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libtool.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libtool.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libtool.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/libtool.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,8369 @@ +# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- +# +# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +m4_define([_LT_COPYING], [dnl +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +]) + +# serial 58 LT_INIT + + +# LT_PREREQ(VERSION) +# ------------------ +# Complain and exit if this libtool version is less that VERSION. +m4_defun([LT_PREREQ], +[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, + [m4_default([$3], + [m4_fatal([Libtool version $1 or higher is required], + 63)])], + [$2])]) + + +# _LT_CHECK_BUILDDIR +# ------------------ +# Complain if the absolute build directory name contains unusual characters +m4_defun([_LT_CHECK_BUILDDIR], +[case `pwd` in + *\ * | *\ *) + AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; +esac +]) + + +# LT_INIT([OPTIONS]) +# ------------------ +AC_DEFUN([LT_INIT], +[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK +AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +AC_BEFORE([$0], [LT_LANG])dnl +AC_BEFORE([$0], [LT_OUTPUT])dnl +AC_BEFORE([$0], [LTDL_INIT])dnl +m4_require([_LT_CHECK_BUILDDIR])dnl + +dnl Autoconf doesn't catch unexpanded LT_ macros by default: +m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl +m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl +dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 +dnl unless we require an AC_DEFUNed macro: +AC_REQUIRE([LTOPTIONS_VERSION])dnl +AC_REQUIRE([LTSUGAR_VERSION])dnl +AC_REQUIRE([LTVERSION_VERSION])dnl +AC_REQUIRE([LTOBSOLETE_VERSION])dnl +m4_require([_LT_PROG_LTMAIN])dnl + +_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) + +dnl Parse OPTIONS +_LT_SET_OPTIONS([$0], [$1]) + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS=$ltmain + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +_LT_SETUP + +# Only expand once: +m4_define([LT_INIT]) +])# LT_INIT + +# Old names: +AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) +AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PROG_LIBTOOL], []) +dnl AC_DEFUN([AM_PROG_LIBTOOL], []) + + +# _LT_PREPARE_CC_BASENAME +# ----------------------- +m4_defun([_LT_PREPARE_CC_BASENAME], [ +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in @S|@*""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} +])# _LT_PREPARE_CC_BASENAME + + +# _LT_CC_BASENAME(CC) +# ------------------- +# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME, +# but that macro is also expanded into generated libtool script, which +# arranges for $SED and $ECHO to be set by different means. +m4_defun([_LT_CC_BASENAME], +[m4_require([_LT_PREPARE_CC_BASENAME])dnl +AC_REQUIRE([_LT_DECL_SED])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +func_cc_basename $1 +cc_basename=$func_cc_basename_result +]) + + +# _LT_FILEUTILS_DEFAULTS +# ---------------------- +# It is okay to use these file commands and assume they have been set +# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'. +m4_defun([_LT_FILEUTILS_DEFAULTS], +[: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} +])# _LT_FILEUTILS_DEFAULTS + + +# _LT_SETUP +# --------- +m4_defun([_LT_SETUP], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl + +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl +_LT_DECL([], [host_alias], [0], [The host system])dnl +_LT_DECL([], [host], [0])dnl +_LT_DECL([], [host_os], [0])dnl +dnl +_LT_DECL([], [build_alias], [0], [The build system])dnl +_LT_DECL([], [build], [0])dnl +_LT_DECL([], [build_os], [0])dnl +dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +dnl +AC_REQUIRE([AC_PROG_LN_S])dnl +test -z "$LN_S" && LN_S="ln -s" +_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl +dnl +AC_REQUIRE([LT_CMD_MAX_LEN])dnl +_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl +_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl +dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl +m4_require([_LT_CMD_RELOAD])dnl +m4_require([_LT_CHECK_MAGIC_METHOD])dnl +m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl +m4_require([_LT_CMD_OLD_ARCHIVE])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_WITH_SYSROOT])dnl +m4_require([_LT_CMD_TRUNCATE])dnl + +_LT_CONFIG_LIBTOOL_INIT([ +# See if we are running on zsh, and set the options that allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi +]) +if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + +_LT_CHECK_OBJDIR + +m4_require([_LT_TAG_COMPILER])dnl + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld=$lt_cv_prog_gnu_ld + +old_CC=$CC +old_CFLAGS=$CFLAGS + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +_LT_CC_BASENAME([$compiler]) + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + _LT_PATH_MAGIC + fi + ;; +esac + +# Use C for the default configuration in the libtool script +LT_SUPPORTED_TAG([CC]) +_LT_LANG_C_CONFIG +_LT_LANG_DEFAULT_CONFIG +_LT_CONFIG_COMMANDS +])# _LT_SETUP + + +# _LT_PREPARE_SED_QUOTE_VARS +# -------------------------- +# Define a few sed substitution that help us do robust quoting. +m4_defun([_LT_PREPARE_SED_QUOTE_VARS], +[# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' +]) + +# _LT_PROG_LTMAIN +# --------------- +# Note that this code is called both from 'configure', and 'config.status' +# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, +# 'config.status' has no value for ac_aux_dir unless we are using Automake, +# so we pass a copy along to make sure it has a sensible value anyway. +m4_defun([_LT_PROG_LTMAIN], +[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl +_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) +ltmain=$ac_aux_dir/ltmain.sh +])# _LT_PROG_LTMAIN + + +## ------------------------------------- ## +## Accumulate code for creating libtool. ## +## ------------------------------------- ## + +# So that we can recreate a full libtool script including additional +# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS +# in macros and then make a single call at the end using the 'libtool' +# label. + + +# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) +# ---------------------------------------- +# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL_INIT], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_INIT], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_INIT]) + + +# _LT_CONFIG_LIBTOOL([COMMANDS]) +# ------------------------------ +# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) + + +# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) +# ----------------------------------------------------- +m4_defun([_LT_CONFIG_SAVE_COMMANDS], +[_LT_CONFIG_LIBTOOL([$1]) +_LT_CONFIG_LIBTOOL_INIT([$2]) +]) + + +# _LT_FORMAT_COMMENT([COMMENT]) +# ----------------------------- +# Add leading comment marks to the start of each line, and a trailing +# full-stop to the whole comment if one is not present already. +m4_define([_LT_FORMAT_COMMENT], +[m4_ifval([$1], [ +m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], + [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) +)]) + + + +## ------------------------ ## +## FIXME: Eliminate VARNAME ## +## ------------------------ ## + + +# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) +# ------------------------------------------------------------------- +# CONFIGNAME is the name given to the value in the libtool script. +# VARNAME is the (base) name used in the configure script. +# VALUE may be 0, 1 or 2 for a computed quote escaped value based on +# VARNAME. Any other value will be used directly. +m4_define([_LT_DECL], +[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], + [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], + [m4_ifval([$1], [$1], [$2])]) + lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) + m4_ifval([$4], + [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) + lt_dict_add_subkey([lt_decl_dict], [$2], + [tagged?], [m4_ifval([$5], [yes], [no])])]) +]) + + +# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) +# -------------------------------------------------------- +m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) + + +# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_tag_varnames], +[_lt_decl_filter([tagged?], [yes], $@)]) + + +# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) +# --------------------------------------------------------- +m4_define([_lt_decl_filter], +[m4_case([$#], + [0], [m4_fatal([$0: too few arguments: $#])], + [1], [m4_fatal([$0: too few arguments: $#: $1])], + [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], + [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], + [lt_dict_filter([lt_decl_dict], $@)])[]dnl +]) + + +# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) +# -------------------------------------------------- +m4_define([lt_decl_quote_varnames], +[_lt_decl_filter([value], [1], $@)]) + + +# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_dquote_varnames], +[_lt_decl_filter([value], [2], $@)]) + + +# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_varnames_tagged], +[m4_assert([$# <= 2])dnl +_$0(m4_quote(m4_default([$1], [[, ]])), + m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), + m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) +m4_define([_lt_decl_varnames_tagged], +[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) + + +# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_all_varnames], +[_$0(m4_quote(m4_default([$1], [[, ]])), + m4_if([$2], [], + m4_quote(lt_decl_varnames), + m4_quote(m4_shift($@))))[]dnl +]) +m4_define([_lt_decl_all_varnames], +[lt_join($@, lt_decl_varnames_tagged([$1], + lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl +]) + + +# _LT_CONFIG_STATUS_DECLARE([VARNAME]) +# ------------------------------------ +# Quote a variable value, and forward it to 'config.status' so that its +# declaration there will have the same value as in 'configure'. VARNAME +# must have a single quote delimited value for this to work. +m4_define([_LT_CONFIG_STATUS_DECLARE], +[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) + + +# _LT_CONFIG_STATUS_DECLARATIONS +# ------------------------------ +# We delimit libtool config variables with single quotes, so when +# we write them to config.status, we have to be sure to quote all +# embedded single quotes properly. In configure, this macro expands +# each variable declared with _LT_DECL (and _LT_TAGDECL) into: +# +# ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' +m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], +[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), + [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAGS +# ---------------- +# Output comment and list of tags supported by the script +m4_defun([_LT_LIBTOOL_TAGS], +[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl +available_tags='_LT_TAGS'dnl +]) + + +# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) +# ----------------------------------- +# Extract the dictionary values for VARNAME (optionally with TAG) and +# expand to a commented shell variable setting: +# +# # Some comment about what VAR is for. +# visible_name=$lt_internal_name +m4_define([_LT_LIBTOOL_DECLARE], +[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], + [description])))[]dnl +m4_pushdef([_libtool_name], + m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl +m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), + [0], [_libtool_name=[$]$1], + [1], [_libtool_name=$lt_[]$1], + [2], [_libtool_name=$lt_[]$1], + [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl +m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl +]) + + +# _LT_LIBTOOL_CONFIG_VARS +# ----------------------- +# Produce commented declarations of non-tagged libtool config variables +# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool' +# script. Tagged libtool config variables (even for the LIBTOOL CONFIG +# section) are produced by _LT_LIBTOOL_TAG_VARS. +m4_defun([_LT_LIBTOOL_CONFIG_VARS], +[m4_foreach([_lt_var], + m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAG_VARS(TAG) +# ------------------------- +m4_define([_LT_LIBTOOL_TAG_VARS], +[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) + + +# _LT_TAGVAR(VARNAME, [TAGNAME]) +# ------------------------------ +m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) + + +# _LT_CONFIG_COMMANDS +# ------------------- +# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of +# variables for single and double quote escaping we saved from calls +# to _LT_DECL, we can put quote escaped variables declarations +# into 'config.status', and then the shell code to quote escape them in +# for loops in 'config.status'. Finally, any additional code accumulated +# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. +m4_defun([_LT_CONFIG_COMMANDS], +[AC_PROVIDE_IFELSE([LT_OUTPUT], + dnl If the libtool generation code has been placed in $CONFIG_LT, + dnl instead of duplicating it all over again into config.status, + dnl then we will have config.status run $CONFIG_LT later, so it + dnl needs to know what name is stored there: + [AC_CONFIG_COMMANDS([libtool], + [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], + dnl If the libtool generation code is destined for config.status, + dnl expand the accumulated commands and init code now: + [AC_CONFIG_COMMANDS([libtool], + [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) +])#_LT_CONFIG_COMMANDS + + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], +[ + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +_LT_CONFIG_STATUS_DECLARATIONS +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$[]1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_quote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_dquote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +_LT_OUTPUT_LIBTOOL_INIT +]) + +# _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) +# ------------------------------------ +# Generate a child script FILE with all initialization necessary to +# reuse the environment learned by the parent script, and make the +# file executable. If COMMENT is supplied, it is inserted after the +# '#!' sequence but before initialization text begins. After this +# macro, additional text can be appended to FILE to form the body of +# the child script. The macro ends with non-zero status if the +# file could not be fully written (such as if the disk is full). +m4_ifdef([AS_INIT_GENERATED], +[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], +[m4_defun([_LT_GENERATED_FILE_INIT], +[m4_require([AS_PREPARE])]dnl +[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl +[lt_write_fail=0 +cat >$1 <<_ASEOF || lt_write_fail=1 +#! $SHELL +# Generated by $as_me. +$2 +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$1 <<\_ASEOF || lt_write_fail=1 +AS_SHELL_SANITIZE +_AS_PREPARE +exec AS_MESSAGE_FD>&1 +_ASEOF +test 0 = "$lt_write_fail" && chmod +x $1[]dnl +m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT + +# LT_OUTPUT +# --------- +# This macro allows early generation of the libtool script (before +# AC_OUTPUT is called), incase it is used in configure for compilation +# tests. +AC_DEFUN([LT_OUTPUT], +[: ${CONFIG_LT=./config.lt} +AC_MSG_NOTICE([creating $CONFIG_LT]) +_LT_GENERATED_FILE_INIT(["$CONFIG_LT"], +[# Run this file to recreate a libtool stub with the current configuration.]) + +cat >>"$CONFIG_LT" <<\_LTEOF +lt_cl_silent=false +exec AS_MESSAGE_LOG_FD>>config.log +{ + echo + AS_BOX([Running $as_me.]) +} >&AS_MESSAGE_LOG_FD + +lt_cl_help="\ +'$as_me' creates a local libtool stub from the current configuration, +for use in further configure time tests before the real libtool is +generated. + +Usage: $[0] [[OPTIONS]] + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + +Report bugs to ." + +lt_cl_version="\ +m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl +m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) +configured by $[0], generated by m4_PACKAGE_STRING. + +Copyright (C) 2011 Free Software Foundation, Inc. +This config.lt script is free software; the Free Software Foundation +gives unlimited permision to copy, distribute and modify it." + +while test 0 != $[#] +do + case $[1] in + --version | --v* | -V ) + echo "$lt_cl_version"; exit 0 ;; + --help | --h* | -h ) + echo "$lt_cl_help"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --quiet | --q* | --silent | --s* | -q ) + lt_cl_silent=: ;; + + -*) AC_MSG_ERROR([unrecognized option: $[1] +Try '$[0] --help' for more information.]) ;; + + *) AC_MSG_ERROR([unrecognized argument: $[1] +Try '$[0] --help' for more information.]) ;; + esac + shift +done + +if $lt_cl_silent; then + exec AS_MESSAGE_FD>/dev/null +fi +_LTEOF + +cat >>"$CONFIG_LT" <<_LTEOF +_LT_OUTPUT_LIBTOOL_COMMANDS_INIT +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AC_MSG_NOTICE([creating $ofile]) +_LT_OUTPUT_LIBTOOL_COMMANDS +AS_EXIT(0) +_LTEOF +chmod +x "$CONFIG_LT" + +# configure is writing to config.log, but config.lt does its own redirection, +# appending to config.log, which fails on DOS, as config.log is still kept +# open by configure. Here we exec the FD to /dev/null, effectively closing +# config.log, so it can be properly (re)opened and appended to by config.lt. +lt_cl_success=: +test yes = "$silent" && + lt_config_lt_args="$lt_config_lt_args --quiet" +exec AS_MESSAGE_LOG_FD>/dev/null +$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false +exec AS_MESSAGE_LOG_FD>>config.log +$lt_cl_success || AS_EXIT(1) +])# LT_OUTPUT + + +# _LT_CONFIG(TAG) +# --------------- +# If TAG is the built-in tag, create an initial libtool script with a +# default configuration from the untagged config vars. Otherwise add code +# to config.status for appending the configuration named by TAG from the +# matching tagged config vars. +m4_defun([_LT_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_CONFIG_SAVE_COMMANDS([ + m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl + m4_if(_LT_TAG, [C], [ + # See if we are running on zsh, and set the options that allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST + fi + + cfgfile=${ofile}T + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL +# Generated automatically by $as_me ($PACKAGE) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +_LT_COPYING +_LT_LIBTOOL_TAGS + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + +# ### BEGIN LIBTOOL CONFIG +_LT_LIBTOOL_CONFIG_VARS +_LT_LIBTOOL_TAG_VARS +# ### END LIBTOOL CONFIG + +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +_LT_PREPARE_MUNGE_PATH_LIST +_LT_PREPARE_CC_BASENAME + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + _LT_PROG_LTMAIN + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" +], +[cat <<_LT_EOF >> "$ofile" + +dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded +dnl in a comment (ie after a #). +# ### BEGIN LIBTOOL TAG CONFIG: $1 +_LT_LIBTOOL_TAG_VARS(_LT_TAG) +# ### END LIBTOOL TAG CONFIG: $1 +_LT_EOF +])dnl /m4_if +], +[m4_if([$1], [], [ + PACKAGE='$PACKAGE' + VERSION='$VERSION' + RM='$RM' + ofile='$ofile'], []) +])dnl /_LT_CONFIG_SAVE_COMMANDS +])# _LT_CONFIG + + +# LT_SUPPORTED_TAG(TAG) +# --------------------- +# Trace this macro to discover what tags are supported by the libtool +# --tag option, using: +# autoconf --trace 'LT_SUPPORTED_TAG:$1' +AC_DEFUN([LT_SUPPORTED_TAG], []) + + +# C support is built-in for now +m4_define([_LT_LANG_C_enabled], []) +m4_define([_LT_TAGS], []) + + +# LT_LANG(LANG) +# ------------- +# Enable libtool support for the given language if not already enabled. +AC_DEFUN([LT_LANG], +[AC_BEFORE([$0], [LT_OUTPUT])dnl +m4_case([$1], + [C], [_LT_LANG(C)], + [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], + [Java], [_LT_LANG(GCJ)], + [Fortran 77], [_LT_LANG(F77)], + [Fortran], [_LT_LANG(FC)], + [Windows Resource], [_LT_LANG(RC)], + [m4_ifdef([_LT_LANG_]$1[_CONFIG], + [_LT_LANG($1)], + [m4_fatal([$0: unsupported language: "$1"])])])dnl +])# LT_LANG + + +# _LT_LANG(LANGNAME) +# ------------------ +m4_defun([_LT_LANG], +[m4_ifdef([_LT_LANG_]$1[_enabled], [], + [LT_SUPPORTED_TAG([$1])dnl + m4_append([_LT_TAGS], [$1 ])dnl + m4_define([_LT_LANG_]$1[_enabled], [])dnl + _LT_LANG_$1_CONFIG($1)])dnl +])# _LT_LANG + + +m4_ifndef([AC_PROG_GO], [ +############################################################ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +############################################################ +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + +# _LT_LANG_DEFAULT_CONFIG +# ----------------------- +m4_defun([_LT_LANG_DEFAULT_CONFIG], +[AC_PROVIDE_IFELSE([AC_PROG_CXX], + [LT_LANG(CXX)], + [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) + +AC_PROVIDE_IFELSE([AC_PROG_F77], + [LT_LANG(F77)], + [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) + +AC_PROVIDE_IFELSE([AC_PROG_FC], + [LT_LANG(FC)], + [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) + +dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal +dnl pulling things in needlessly. +AC_PROVIDE_IFELSE([AC_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([LT_PROG_GCJ], + [LT_LANG(GCJ)], + [m4_ifdef([AC_PROG_GCJ], + [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([A][M_PROG_GCJ], + [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([LT_PROG_GCJ], + [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) + +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + +AC_PROVIDE_IFELSE([LT_PROG_RC], + [LT_LANG(RC)], + [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) +])# _LT_LANG_DEFAULT_CONFIG + +# Obsolete macros: +AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) +AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) +AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) +AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_CXX], []) +dnl AC_DEFUN([AC_LIBTOOL_F77], []) +dnl AC_DEFUN([AC_LIBTOOL_FC], []) +dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) +dnl AC_DEFUN([AC_LIBTOOL_RC], []) + + +# _LT_TAG_COMPILER +# ---------------- +m4_defun([_LT_TAG_COMPILER], +[AC_REQUIRE([AC_PROG_CC])dnl + +_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl +_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl +_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl +_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC +])# _LT_TAG_COMPILER + + +# _LT_COMPILER_BOILERPLATE +# ------------------------ +# Check for compiler boilerplate output or warnings with +# the simple compiler test code. +m4_defun([_LT_COMPILER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* +])# _LT_COMPILER_BOILERPLATE + + +# _LT_LINKER_BOILERPLATE +# ---------------------- +# Check for linker boilerplate output or warnings with +# the simple link test code. +m4_defun([_LT_LINKER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* +])# _LT_LINKER_BOILERPLATE + +# _LT_REQUIRED_DARWIN_CHECKS +# ------------------------- +m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ + case $host_os in + rhapsody* | darwin*) + AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) + AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) + AC_CHECK_TOOL([LIPO], [lipo], [:]) + AC_CHECK_TOOL([OTOOL], [otool], [:]) + AC_CHECK_TOOL([OTOOL64], [otool64], [:]) + _LT_DECL([], [DSYMUTIL], [1], + [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) + _LT_DECL([], [NMEDIT], [1], + [Tool to change global to local symbols on Mac OS X]) + _LT_DECL([], [LIPO], [1], + [Tool to manipulate fat objects and archives on Mac OS X]) + _LT_DECL([], [OTOOL], [1], + [ldd/readelf like tool for Mach-O binaries on Mac OS X]) + _LT_DECL([], [OTOOL64], [1], + [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) + + AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], + [lt_cv_apple_cc_single_mod=no + if test -z "$LT_MULTI_MODULE"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi]) + + AC_CACHE_CHECK([for -exported_symbols_list linker flag], + [lt_cv_ld_exported_symbols_list], + [lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [lt_cv_ld_exported_symbols_list=yes], + [lt_cv_ld_exported_symbols_list=no]) + LDFLAGS=$save_LDFLAGS + ]) + + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], + [lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD + echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD + $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + ]) + case $host_os in + rhapsody* | darwin1.[[012]]) + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[[012]][[,.]]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test yes = "$lt_cv_apple_cc_single_mod"; then + _lt_dar_single_mod='$single_module' + fi + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' + fi + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac +]) + + +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- +# Checks for linker and compiler features on darwin +m4_defun([_LT_DARWIN_LINKER_FEATURES], +[ + m4_require([_LT_REQUIRED_DARWIN_CHECKS]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_automatic, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + if test yes = "$lt_cv_ld_force_load"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined + case $cc_basename in + ifort*|nagfor*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test yes = "$_lt_dar_can_shared"; then + output_verbose_link_cmd=func_echo_all + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + m4_if([$1], [CXX], +[ if test yes != "$lt_cv_apple_cc_single_mod"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" + fi +],[]) + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi +]) + +# _LT_SYS_MODULE_PATH_AIX([TAGNAME]) +# ---------------------------------- +# Links a minimal program and checks the executable +# for the system default hardcoded library path. In most cases, +# this is /usr/lib:/lib, but when the MPI compilers are used +# the location of the communication and MPI libs are included too. +# If we don't find anything, use the default library path according +# to the aix ld manual. +# Store the results from the different compilers for each TAGNAME. +# Allow to override them for all tags through lt_cv_aix_libpath. +m4_defun([_LT_SYS_MODULE_PATH_AIX], +[m4_require([_LT_DECL_SED])dnl +if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], + [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ + lt_aix_libpath_sed='[ + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }]' + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi],[]) + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib + fi + ]) + aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) +fi +])# _LT_SYS_MODULE_PATH_AIX + + +# _LT_SHELL_INIT(ARG) +# ------------------- +m4_define([_LT_SHELL_INIT], +[m4_divert_text([M4SH-INIT], [$1 +])])# _LT_SHELL_INIT + + + +# _LT_PROG_ECHO_BACKSLASH +# ----------------------- +# Find how we can fake an echo command that does not interpret backslash. +# In particular, with Autoconf 2.60 or later we add some code to the start +# of the generated configure script that will find a shell with a builtin +# printf (that we can use as an echo command). +m4_defun([_LT_PROG_ECHO_BACKSLASH], +[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +AC_MSG_CHECKING([how to print strings]) +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$[]1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + +case $ECHO in + printf*) AC_MSG_RESULT([printf]) ;; + print*) AC_MSG_RESULT([print -r]) ;; + *) AC_MSG_RESULT([cat]) ;; +esac + +m4_ifdef([_AS_DETECT_SUGGESTED], +[_AS_DETECT_SUGGESTED([ + test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test "X`printf %s $ECHO`" = "X$ECHO" \ + || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) + +_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) +_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) +])# _LT_PROG_ECHO_BACKSLASH + + +# _LT_WITH_SYSROOT +# ---------------- +AC_DEFUN([_LT_WITH_SYSROOT], +[AC_MSG_CHECKING([for sysroot]) +AC_ARG_WITH([sysroot], +[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@], + [Search for dependent libraries within DIR (or the compiler's sysroot + if not specified).])], +[], [with_sysroot=no]) + +dnl lt_sysroot will always be passed unquoted. We quote it here +dnl in case the user passed a directory name. +lt_sysroot= +case $with_sysroot in #( + yes) + if test yes = "$GCC"; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + AC_MSG_RESULT([$with_sysroot]) + AC_MSG_ERROR([The sysroot must be an absolute path.]) + ;; +esac + + AC_MSG_RESULT([${lt_sysroot:-no}]) +_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl +[dependent libraries, and where our libraries should be installed.])]) + +# _LT_ENABLE_LOCK +# --------------- +m4_defun([_LT_ENABLE_LOCK], +[AC_ARG_ENABLE([libtool-lock], + [AS_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test no = "$enable_libtool_lock" || enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE=32 + ;; + *ELF-64*) + HPUX_IA64_MODE=64 + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + if test yes = "$lt_cv_prog_gnu_ld"; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac + ;; + powerpc64le-*linux*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + powerpcle-*linux*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_LANG_PUSH(C) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) + AC_LANG_POP]) + if test yes != "$lt_cv_cc_needs_belf"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS=$SAVE_CFLAGS + fi + ;; +*-*solaris*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*|x86_64-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD=${LD-ld}_sol2 + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks=$enable_libtool_lock +])# _LT_ENABLE_LOCK + + +# _LT_PROG_AR +# ----------- +m4_defun([_LT_PROG_AR], +[AC_CHECK_TOOLS(AR, [ar], false) +: ${AR=ar} +: ${AR_FLAGS=cru} +_LT_DECL([], [AR], [1], [The archiver]) +_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) + +AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], + [lt_cv_ar_at_file=no + AC_COMPILE_IFELSE([AC_LANG_PROGRAM], + [echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' + AC_TRY_EVAL([lt_ar_try]) + if test 0 -eq "$ac_status"; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + AC_TRY_EVAL([lt_ar_try]) + if test 0 -ne "$ac_status"; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + ]) + ]) + +if test no = "$lt_cv_ar_at_file"; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi +_LT_DECL([], [archiver_list_spec], [1], + [How to feed a file listing to the archiver]) +])# _LT_PROG_AR + + +# _LT_CMD_OLD_ARCHIVE +# ------------------- +m4_defun([_LT_CMD_OLD_ARCHIVE], +[_LT_PROG_AR + +AC_CHECK_TOOL(STRIP, strip, :) +test -z "$STRIP" && STRIP=: +_LT_DECL([], [STRIP], [1], [A symbol stripping program]) + +AC_CHECK_TOOL(RANLIB, ranlib, :) +test -z "$RANLIB" && RANLIB=: +_LT_DECL([], [RANLIB], [1], + [Commands used to install an old-style archive]) + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + bitrig* | openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac +_LT_DECL([], [old_postinstall_cmds], [2]) +_LT_DECL([], [old_postuninstall_cmds], [2]) +_LT_TAGDECL([], [old_archive_cmds], [2], + [Commands used to build an old-style archive]) +_LT_DECL([], [lock_old_archive_extraction], [0], + [Whether to use a lock for old archive extraction]) +])# _LT_CMD_OLD_ARCHIVE + + +# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------------------- +# Check whether the given compiler option works +AC_DEFUN([_LT_COMPILER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + fi + $RM conftest* +]) + +if test yes = "[$]$2"; then + m4_if([$5], , :, [$5]) +else + m4_if([$6], , :, [$6]) +fi +])# _LT_COMPILER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) + + +# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------- +# Check whether the given linker option works +AC_DEFUN([_LT_LINKER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $3" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&AS_MESSAGE_LOG_FD + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + else + $2=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS +]) + +if test yes = "[$]$2"; then + m4_if([$4], , :, [$4]) +else + m4_if([$5], , :, [$5]) +fi +])# _LT_LINKER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) + + +# LT_CMD_MAX_LEN +#--------------- +AC_DEFUN([LT_CMD_MAX_LEN], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +# find the maximum length of command line arguments +AC_MSG_CHECKING([the maximum length of command line arguments]) +AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl + i=0 + teststring=ABCD + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test 17 != "$i" # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac +]) +if test -n "$lt_cv_sys_max_cmd_len"; then + AC_MSG_RESULT($lt_cv_sys_max_cmd_len) +else + AC_MSG_RESULT(none) +fi +max_cmd_len=$lt_cv_sys_max_cmd_len +_LT_DECL([], [max_cmd_len], [0], + [What is the maximum length of a command?]) +])# LT_CMD_MAX_LEN + +# Old name: +AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) + + +# _LT_HEADER_DLFCN +# ---------------- +m4_defun([_LT_HEADER_DLFCN], +[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl +])# _LT_HEADER_DLFCN + + +# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, +# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) +# ---------------------------------------------------------------- +m4_defun([_LT_TRY_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test yes = "$cross_compiling"; then : + [$4] +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +[#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +}] +_LT_EOF + if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) $1 ;; + x$lt_dlneed_uscore) $2 ;; + x$lt_dlunknown|x*) $3 ;; + esac + else : + # compilation failed + $3 + fi +fi +rm -fr conftest* +])# _LT_TRY_DLOPEN_SELF + + +# LT_SYS_DLOPEN_SELF +# ------------------ +AC_DEFUN([LT_SYS_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test yes != "$enable_dlopen"; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen=load_add_on + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen=LoadLibrary + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[ + lt_cv_dlopen=dyld + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ]) + ;; + + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + + *) + AC_CHECK_FUNC([shl_load], + [lt_cv_dlopen=shl_load], + [AC_CHECK_LIB([dld], [shl_load], + [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld], + [AC_CHECK_FUNC([dlopen], + [lt_cv_dlopen=dlopen], + [AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl], + [AC_CHECK_LIB([svld], [dlopen], + [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld], + [AC_CHECK_LIB([dld], [dld_link], + [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld]) + ]) + ]) + ]) + ]) + ]) + ;; + esac + + if test no = "$lt_cv_dlopen"; then + enable_dlopen=no + else + enable_dlopen=yes + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS=$LDFLAGS + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS=$LIBS + LIBS="$lt_cv_dlopen_libs $LIBS" + + AC_CACHE_CHECK([whether a program can dlopen itself], + lt_cv_dlopen_self, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, + lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) + ]) + + if test yes = "$lt_cv_dlopen_self"; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + AC_CACHE_CHECK([whether a statically linked program can dlopen itself], + lt_cv_dlopen_self_static, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, + lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) + ]) + fi + + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi +_LT_DECL([dlopen_support], [enable_dlopen], [0], + [Whether dlopen is supported]) +_LT_DECL([dlopen_self], [enable_dlopen_self], [0], + [Whether dlopen of programs is supported]) +_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], + [Whether dlopen of statically linked programs is supported]) +])# LT_SYS_DLOPEN_SELF + +# Old name: +AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) + + +# _LT_COMPILER_C_O([TAGNAME]) +# --------------------------- +# Check to see if options -c and -o are simultaneously supported by compiler. +# This macro does not hard code the compiler like AC_PROG_CC_C_O. +m4_defun([_LT_COMPILER_C_O], +[m4_require([_LT_DECL_SED])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + fi + fi + chmod u+w . 2>&AS_MESSAGE_LOG_FD + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* +]) +_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], + [Does compiler simultaneously support -c and -o options?]) +])# _LT_COMPILER_C_O + + +# _LT_COMPILER_FILE_LOCKS([TAGNAME]) +# ---------------------------------- +# Check to see if we can do hard links to lock some files if needed +m4_defun([_LT_COMPILER_FILE_LOCKS], +[m4_require([_LT_ENABLE_LOCK])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_COMPILER_C_O([$1]) + +hard_links=nottested +if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user + AC_MSG_CHECKING([if we can lock with hard links]) + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + AC_MSG_RESULT([$hard_links]) + if test no = "$hard_links"; then + AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe]) + need_locks=warn + fi +else + need_locks=no +fi +_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) +])# _LT_COMPILER_FILE_LOCKS + + +# _LT_CHECK_OBJDIR +# ---------------- +m4_defun([_LT_CHECK_OBJDIR], +[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], +[rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null]) +objdir=$lt_cv_objdir +_LT_DECL([], [objdir], [0], + [The name of the directory that contains temporary libtool files])dnl +m4_pattern_allow([LT_OBJDIR])dnl +AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/", + [Define to the sub-directory where libtool stores uninstalled libraries.]) +])# _LT_CHECK_OBJDIR + + +# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) +# -------------------------------------- +# Check hardcoding attributes. +m4_defun([_LT_LINKER_HARDCODE_LIBPATH], +[AC_MSG_CHECKING([how to hardcode library paths into programs]) +_LT_TAGVAR(hardcode_action, $1)= +if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || + test -n "$_LT_TAGVAR(runpath_var, $1)" || + test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then + + # We can hardcode non-existent directories. + if test no != "$_LT_TAGVAR(hardcode_direct, $1)" && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" && + test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then + # Linking always hardcodes the temporary library directory. + _LT_TAGVAR(hardcode_action, $1)=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + _LT_TAGVAR(hardcode_action, $1)=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + _LT_TAGVAR(hardcode_action, $1)=unsupported +fi +AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) + +if test relink = "$_LT_TAGVAR(hardcode_action, $1)" || + test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then + # Fast installation is not supported + enable_fast_install=no +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then + # Fast installation is not necessary + enable_fast_install=needless +fi +_LT_TAGDECL([], [hardcode_action], [0], + [How to hardcode a shared library path into an executable]) +])# _LT_LINKER_HARDCODE_LIBPATH + + +# _LT_CMD_STRIPLIB +# ---------------- +m4_defun([_LT_CMD_STRIPLIB], +[m4_require([_LT_DECL_EGREP]) +striplib= +old_striplib= +AC_MSG_CHECKING([whether stripping libraries is possible]) +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP"; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi +_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) +_LT_DECL([], [striplib], [1]) +])# _LT_CMD_STRIPLIB + + +# _LT_PREPARE_MUNGE_PATH_LIST +# --------------------------- +# Make sure func_munge_path_list() is defined correctly. +m4_defun([_LT_PREPARE_MUNGE_PATH_LIST], +[[# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x@S|@2 in + x) + ;; + *:) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\" + ;; + x:*) + eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\" + ;; + *) + eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\" + ;; + esac +} +]])# _LT_PREPARE_PATH_LIST + + +# _LT_SYS_DYNAMIC_LINKER([TAG]) +# ----------------------------- +# PORTME Fill in your ld.so characteristics +m4_defun([_LT_SYS_DYNAMIC_LINKER], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_OBJDUMP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl +AC_MSG_CHECKING([dynamic linker characteristics]) +m4_if([$1], + [], [ +if test yes = "$GCC"; then + case $host_os in + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary... + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo = "/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[[lt_foo]]++; } + if (lt_freq[[lt_foo]] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi]) +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=.so +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +AC_ARG_VAR([LT_SYS_LIBRARY_PATH], +[User-defined run-time library search path.]) + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='$libname$release$shared_ext$major' + ;; + +aix[[4-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[[01]] | aix4.[[01]].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a[(]lib.so.V[)]' + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='$libname$shared_ext' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[[45]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec=$LIB + if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[[23]].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[[01]]* | freebsdelf3.[[01]]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ + freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 + fi + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[[3-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test yes = "$lt_cv_prog_gnu_ld"; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], + [lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [lt_cv_shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + ]) + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd* | bitrig*) + version_type=sunos + sys_lib_dlsearch_path_spec=/usr/lib + need_lib_prefix=no + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no + else + need_version=yes + fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +os2*) + libname_spec='$name' + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test yes = "$with_gnu_ld"; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec; then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=sco + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +AC_MSG_RESULT([$dynamic_linker]) +test no = "$dynamic_linker" && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test yes = "$GCC"; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec +fi + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec +fi + +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + +_LT_DECL([], [variables_saved_for_relink], [1], + [Variables whose values should be saved in libtool wrapper scripts and + restored at link time]) +_LT_DECL([], [need_lib_prefix], [0], + [Do we need the "lib" prefix for modules?]) +_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) +_LT_DECL([], [version_type], [0], [Library versioning type]) +_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) +_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) +_LT_DECL([], [shlibpath_overrides_runpath], [0], + [Is shlibpath searched before the hard-coded library search path?]) +_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) +_LT_DECL([], [library_names_spec], [1], + [[List of archive names. First name is the real one, the rest are links. + The last name is the one that the linker finds with -lNAME]]) +_LT_DECL([], [soname_spec], [1], + [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [install_override_mode], [1], + [Permission mode override for installation of shared libraries]) +_LT_DECL([], [postinstall_cmds], [2], + [Command to use after installation of a shared archive]) +_LT_DECL([], [postuninstall_cmds], [2], + [Command to use after uninstallation of a shared archive]) +_LT_DECL([], [finish_cmds], [2], + [Commands used to finish a libtool library installation in a directory]) +_LT_DECL([], [finish_eval], [1], + [[As "finish_cmds", except a single script fragment to be evaled but + not shown]]) +_LT_DECL([], [hardcode_into_libs], [0], + [Whether we should hardcode library paths into libraries]) +_LT_DECL([], [sys_lib_search_path_spec], [2], + [Compile-time system search path for libraries]) +_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2], + [Detected run-time system search path for libraries]) +_LT_DECL([], [configure_time_lt_sys_library_path], [2], + [Explicit LT_SYS_LIBRARY_PATH set during ./configure time]) +])# _LT_SYS_DYNAMIC_LINKER + + +# _LT_PATH_TOOL_PREFIX(TOOL) +# -------------------------- +# find a file program that can recognize shared library +AC_DEFUN([_LT_PATH_TOOL_PREFIX], +[m4_require([_LT_DECL_EGREP])dnl +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, +[case $MAGIC_CMD in +[[\\/*] | ?:[\\/]*]) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR +dnl $ac_dummy forces splitting on constant user-supplied paths. +dnl POSIX.2 word splitting is done only on the output of word expansions, +dnl not every word. This closes a longstanding sh security hole. + ac_dummy="m4_if([$2], , $PATH, [$2])" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$1"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"$1" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac]) +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + AC_MSG_RESULT($MAGIC_CMD) +else + AC_MSG_RESULT(no) +fi +_LT_DECL([], [MAGIC_CMD], [0], + [Used to examine libraries when file_magic_cmd begins with "file"])dnl +])# _LT_PATH_TOOL_PREFIX + +# Old name: +AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) + + +# _LT_PATH_MAGIC +# -------------- +# find a file program that can recognize a shared library +m4_defun([_LT_PATH_MAGIC], +[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) + else + MAGIC_CMD=: + fi +fi +])# _LT_PATH_MAGIC + + +# LT_PATH_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([LT_PATH_LD], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PROG_ECHO_BACKSLASH])dnl + +AC_ARG_WITH([gnu-ld], + [AS_HELP_STRING([--with-gnu-ld], + [assume the C compiler uses GNU ld @<:@default=no@:>@])], + [test no = "$withval" || with_gnu_ld=yes], + [with_gnu_ld=no])dnl + +ac_prog=ld +if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD=$ac_prog + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test yes = "$with_gnu_ld"; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD=$ac_dir/$ac_prog + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd], +[if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi]) +rm -f conftest.i conftest2.i conftest.out]) +])# _LT_PATH_DD + + +# _LT_CMD_TRUNCATE +# ---------------- +# find command to truncate a binary pipe +m4_defun([_LT_CMD_TRUNCATE], +[m4_require([_LT_PATH_DD]) +AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin], +[printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"]) +_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1], + [Command to truncate a binary pipe]) +])# _LT_CMD_TRUNCATE + + +# _LT_CHECK_MAGIC_METHOD +# ---------------------- +# how to check for library dependencies +# -- PORTME fill in with the dynamic library characteristics +m4_defun([_LT_CHECK_MAGIC_METHOD], +[m4_require([_LT_DECL_EGREP]) +m4_require([_LT_DECL_OBJDUMP]) +AC_CACHE_CHECK([how to recognize dependent libraries], +lt_cv_deplibs_check_method, +[lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# 'unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[[4-9]]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[[45]]*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + if ( file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[[3-9]]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; +esac +]) + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + +_LT_DECL([], [deplibs_check_method], [1], + [Method to check whether dependent libraries are shared objects]) +_LT_DECL([], [file_magic_cmd], [1], + [Command to use when deplibs_check_method = "file_magic"]) +_LT_DECL([], [file_magic_glob], [1], + [How to find potential files when deplibs_check_method = "file_magic"]) +_LT_DECL([], [want_nocaseglob], [1], + [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) +])# _LT_CHECK_MAGIC_METHOD + + +# LT_PATH_NM +# ---------- +# find the pathname to a BSD- or MS-compatible name lister +AC_DEFUN([LT_PATH_NM], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM=$NM +else + lt_nm_to_check=${ac_tool_prefix}nm + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break 2 + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break 2 + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS=$lt_save_ifs + done + : ${lt_cv_path_NM=no} +fi]) +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols -headers" + ;; + *) + DUMPBIN=: + ;; + esac + fi + AC_SUBST([DUMPBIN]) + if test : != "$DUMPBIN"; then + NM=$DUMPBIN + fi +fi +test -z "$NM" && NM=nm +AC_SUBST([NM]) +_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl + +AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], + [lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) + cat conftest.out >&AS_MESSAGE_LOG_FD + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest*]) +])# LT_PATH_NM + +# Old names: +AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) +AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_PROG_NM], []) +dnl AC_DEFUN([AC_PROG_NM], []) + +# _LT_CHECK_SHAREDLIB_FROM_LINKLIB +# -------------------------------- +# how to determine the name of the shared library +# associated with a specific link library. +# -- PORTME fill in with the dynamic library characteristics +m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], +[m4_require([_LT_DECL_EGREP]) +m4_require([_LT_DECL_OBJDUMP]) +m4_require([_LT_DECL_DLLTOOL]) +AC_CACHE_CHECK([how to associate runtime and link libraries], +lt_cv_sharedlib_from_linklib_cmd, +[lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd=$ECHO + ;; +esac +]) +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + +_LT_DECL([], [sharedlib_from_linklib_cmd], [1], + [Command to associate shared and link libraries]) +])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB + + +# _LT_PATH_MANIFEST_TOOL +# ---------------------- +# locate the manifest tool +m4_defun([_LT_PATH_MANIFEST_TOOL], +[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], + [lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&AS_MESSAGE_LOG_FD + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest*]) +if test yes != "$lt_cv_path_mainfest_tool"; then + MANIFEST_TOOL=: +fi +_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl +])# _LT_PATH_MANIFEST_TOOL + + +# _LT_DLL_DEF_P([FILE]) +# --------------------- +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with func_dll_def_p in the libtool script +AC_DEFUN([_LT_DLL_DEF_P], +[dnl + test DEF = "`$SED -n dnl + -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace + -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments + -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl + -e q dnl Only consider the first "real" line + $1`" dnl +])# _LT_DLL_DEF_P + + +# LT_LIB_M +# -------- +# check for math library +AC_DEFUN([LT_LIB_M], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case $host in +*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) + # These system don't have libm, or don't need it + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw) + AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, cos, LIBM=-lm) + ;; +esac +AC_SUBST([LIBM]) +])# LT_LIB_M + +# Old name: +AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_CHECK_LIBM], []) + + +# _LT_COMPILER_NO_RTTI([TAGNAME]) +# ------------------------------- +m4_defun([_LT_COMPILER_NO_RTTI], +[m4_require([_LT_TAG_COMPILER])dnl + +_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + +if test yes = "$GCC"; then + case $cc_basename in + nvcc*) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; + *) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; + esac + + _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], + lt_cv_prog_compiler_rtti_exceptions, + [-fno-rtti -fno-exceptions], [], + [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) +fi +_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], + [Compiler flag to turn off builtin functions]) +])# _LT_COMPILER_NO_RTTI + + +# _LT_CMD_GLOBAL_SYMBOLS +# ---------------------- +m4_defun([_LT_CMD_GLOBAL_SYMBOLS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([LT_PATH_NM])dnl +AC_REQUIRE([LT_PATH_LD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_TAG_COMPILER])dnl + +# Check for command to grab the raw symbol name followed by C symbol from nm. +AC_MSG_CHECKING([command to parse $NM output from $compiler object]) +AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], +[ +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[[BCDEGRST]]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[[BCDT]]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[[ABCDGISTW]]' + ;; +hpux*) + if test ia64 = "$host_cpu"; then + symcode='[[ABCDEGRST]]' + fi + ;; +irix* | nonstopux*) + symcode='[[BCDEGRST]]' + ;; +osf*) + symcode='[[BCDEGQRST]]' + ;; +solaris*) + symcode='[[BDRT]]' + ;; +sco3.2v5*) + symcode='[[DT]]' + ;; +sysv4.2uw2*) + symcode='[[DT]]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[[ABDT]]' + ;; +sysv4) + symcode='[[DFNSTU]]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[[ABCDGIRSTW]]' ;; +esac + +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK ['"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx]" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if AC_TRY_EVAL(ac_compile); then + # Now try to grab the symbols. + nlist=conftest.nm + if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT@&t@_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT@&t@_DLSYM_CONST +#else +# define LT@&t@_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT@&t@_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[[]] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS=conftstm.$ac_objext + CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" + if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD + fi + else + echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test yes = "$pipe_works"; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done +]) +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + AC_MSG_RESULT(failed) +else + AC_MSG_RESULT(ok) +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + +_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], + [Take the output of nm and produce a listing of raw symbols and C names]) +_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], + [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1], + [Transform the output of nm into a list of symbols to manually relocate]) +_LT_DECL([global_symbol_to_c_name_address], + [lt_cv_sys_global_symbol_to_c_name_address], [1], + [Transform the output of nm in a C name address pair]) +_LT_DECL([global_symbol_to_c_name_address_lib_prefix], + [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], + [Transform the output of nm in a C name address pair when lib prefix is needed]) +_LT_DECL([nm_interface], [lt_cv_nm_interface], [1], + [The name lister interface]) +_LT_DECL([], [nm_file_list_spec], [1], + [Specify filename containing input files for $NM]) +]) # _LT_CMD_GLOBAL_SYMBOLS + + +# _LT_COMPILER_PIC([TAGNAME]) +# --------------------------- +m4_defun([_LT_COMPILER_PIC], +[m4_require([_LT_TAG_COMPILER])dnl +_LT_TAGVAR(lt_prog_compiler_wl, $1)= +_LT_TAGVAR(lt_prog_compiler_pic, $1)= +_LT_TAGVAR(lt_prog_compiler_static, $1)= + +m4_if([$1], [CXX], [ + # C++ specific cases for pic, static, wl, etc. + if test yes = "$GXX"; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + case $host_os in + aix[[4-9]]*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + dgux*) + case $cc_basename in + ec++*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + if test ia64 != "$host_cpu"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + fi + ;; + aCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # KAI C++ Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64, which still supported -KPIC. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd*) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + cxx*) + # Digital/Compaq C++ + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + lcc*) + # Lucid + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +], +[ + if test yes = "$GCC"; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + case $host_os in + os2*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static' + ;; + esac + ;; + + hpux9* | hpux10* | hpux11*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC (with -KPIC) is the default. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + # old Intel for x86_64, which still supported -KPIC. + ecc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' + _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' + ;; + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + ccc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All Alpha code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All OSF/1 code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + rdos*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + solaris*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; + *) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; + esac + ;; + + sunos4*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + unicos*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + + uts4*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +]) +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" + ;; +esac + +AC_CACHE_CHECK([for $compiler option to produce PIC], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) +_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], + [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], + [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], + [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in + "" | " "*) ;; + *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; + esac], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) +fi +_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], + [Additional compiler flags for building library objects]) + +_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], + [How to pass a linker flag through the compiler]) +# +# Check to make sure the static flag actually works. +# +wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" +_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], + _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), + $lt_tmp_static_flag, + [], + [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) +_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], + [Compiler flag to prevent dynamic linking]) +])# _LT_COMPILER_PIC + + +# _LT_LINKER_SHLIBS([TAGNAME]) +# ---------------------------- +# See if the linker supports building shared libraries. +m4_defun([_LT_LINKER_SHLIBS], +[AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +m4_if([$1], [CXX], [ + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + case $host_os in + aix[[4-9]]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds + ;; + cygwin* | mingw* | cegcc*) + case $cc_basename in + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + ;; + esac + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac +], [ + runpath_var= + _LT_TAGVAR(allow_undefined_flag, $1)= + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(archive_cmds, $1)= + _LT_TAGVAR(archive_expsym_cmds, $1)= + _LT_TAGVAR(compiler_needs_object, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(hardcode_automatic, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_separator, $1)= + _LT_TAGVAR(hardcode_minus_L, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(inherit_rpath, $1)=no + _LT_TAGVAR(link_all_deplibs, $1)=unknown + _LT_TAGVAR(module_cmds, $1)= + _LT_TAGVAR(module_expsym_cmds, $1)= + _LT_TAGVAR(old_archive_from_new_cmds, $1)= + _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= + _LT_TAGVAR(thread_safe_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + _LT_TAGVAR(include_expsyms, $1)= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. +dnl Note also adjust exclude_expsyms for C++ above. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test yes != "$GCC"; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd* | bitrig*) + with_gnu_ld=no + ;; + esac + + _LT_TAGVAR(ld_shlibs, $1)=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test yes = "$with_gnu_ld"; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; + *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test yes = "$lt_use_gnu_ld_interface"; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='$wl' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + supports_anon_versioning=no + case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[[3-9]]*) + # On AIX/PPC, the GNU linker is very broken + if test ia64 != "$host_cpu"; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test linux-dietlibc = "$host_os"; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test no = "$tmp_diet" + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + _LT_TAGVAR(whole_archive_flag_spec, $1)= + tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; + xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + + if test yes = "$supports_anon_versioning"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + tcc*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic' + ;; + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test yes = "$supports_anon_versioning"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + sunos4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + + if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then + runpath_var= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + _LT_TAGVAR(hardcode_direct, $1)=unsupported + fi + ;; + + aix[[4-9]]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then + aix_use_runtimelinking=yes + break + fi + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac + + if test yes = "$GCC"; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + bsdi[[45]]*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. + _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + esac + ;; + + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + hpux9*) + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + ;; + + hpux10*) + if test yes,no = "$GCC,$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + fi + ;; + + hpux11*) + if test yes,no = "$GCC,$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + m4_if($1, [], [ + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + _LT_LINKER_OPTION([if $CC understands -b], + _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) + ;; + esac + fi + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], + [lt_cv_irix_exported_symbol], + [save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" + AC_LINK_IFELSE( + [AC_LANG_SOURCE( + [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], + [C++], [[int foo (void) { return 0; }]], + [Fortran 77], [[ + subroutine foo + end]], + [Fortran], [[ + subroutine foo + end]])])], + [lt_cv_irix_exported_symbol=yes], + [lt_cv_irix_exported_symbol=no]) + LDFLAGS=$save_LDFLAGS]) + if test yes = "$lt_cv_irix_exported_symbol"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' + fi + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + _LT_TAGVAR(ld_shlibs, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + newsos6) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *nto* | *qnx*) + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + fi + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + osf3*) + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test yes = "$GCC"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + solaris*) + _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' + if test yes = "$GCC"; then + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='$wl' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. GCC discards it without '$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test yes = "$GCC"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + fi + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + sunos4*) + if test sequent = "$host_vendor"; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4) + case $host_vendor in + sni) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' + _LT_TAGVAR(hardcode_direct, $1)=no + ;; + motorola) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4.3*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + _LT_TAGVAR(ld_shlibs, $1)=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + if test sni = "$host_vendor"; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym' + ;; + esac + fi + fi +]) +AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) +test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no + +_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld + +_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl +_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl +_LT_DECL([], [extract_expsyms_cmds], [2], + [The commands to extract the exported symbol list from a shared archive]) + +# +# Do we need to explicitly link libc? +# +case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in +x|xyes) + # Assume -lc should be added + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + + if test yes,yes = "$GCC,$enable_shared"; then + case $_LT_TAGVAR(archive_cmds, $1) in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + AC_CACHE_CHECK([whether -lc should be explicitly linked in], + [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), + [$RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + ]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) + ;; + esac + fi + ;; +esac + +_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], + [Whether or not to add -lc for building shared libraries]) +_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], + [enable_shared_with_static_runtimes], [0], + [Whether or not to disallow shared libs when runtime libs are static]) +_LT_TAGDECL([], [export_dynamic_flag_spec], [1], + [Compiler flag to allow reflexive dlopens]) +_LT_TAGDECL([], [whole_archive_flag_spec], [1], + [Compiler flag to generate shared objects directly from archives]) +_LT_TAGDECL([], [compiler_needs_object], [1], + [Whether the compiler copes with passing no objects directly]) +_LT_TAGDECL([], [old_archive_from_new_cmds], [2], + [Create an old-style archive from a shared archive]) +_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], + [Create a temporary old-style archive to link instead of a shared archive]) +_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) +_LT_TAGDECL([], [archive_expsym_cmds], [2]) +_LT_TAGDECL([], [module_cmds], [2], + [Commands used to build a loadable module if different from building + a shared archive.]) +_LT_TAGDECL([], [module_expsym_cmds], [2]) +_LT_TAGDECL([], [with_gnu_ld], [1], + [Whether we are building with GNU ld or not]) +_LT_TAGDECL([], [allow_undefined_flag], [1], + [Flag that allows shared libraries with undefined symbols to be built]) +_LT_TAGDECL([], [no_undefined_flag], [1], + [Flag that enforces no undefined symbols]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], + [Flag to hardcode $libdir into a binary during linking. + This must work even if $libdir does not exist]) +_LT_TAGDECL([], [hardcode_libdir_separator], [1], + [Whether we need a single "-rpath" flag with a separated argument]) +_LT_TAGDECL([], [hardcode_direct], [0], + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes + DIR into the resulting binary]) +_LT_TAGDECL([], [hardcode_direct_absolute], [0], + [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes + DIR into the resulting binary and the resulting library dependency is + "absolute", i.e impossible to change by setting $shlibpath_var if the + library is relocated]) +_LT_TAGDECL([], [hardcode_minus_L], [0], + [Set to "yes" if using the -LDIR flag during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_shlibpath_var], [0], + [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_automatic], [0], + [Set to "yes" if building a shared library automatically hardcodes DIR + into the library and all subsequent libraries and executables linked + against it]) +_LT_TAGDECL([], [inherit_rpath], [0], + [Set to yes if linker adds runtime paths of dependent libraries + to runtime path list]) +_LT_TAGDECL([], [link_all_deplibs], [0], + [Whether libtool must link a program against all its dependency libraries]) +_LT_TAGDECL([], [always_export_symbols], [0], + [Set to "yes" if exported symbols are required]) +_LT_TAGDECL([], [export_symbols_cmds], [2], + [The commands to list exported symbols]) +_LT_TAGDECL([], [exclude_expsyms], [1], + [Symbols that should not be listed in the preloaded symbols]) +_LT_TAGDECL([], [include_expsyms], [1], + [Symbols that must always be exported]) +_LT_TAGDECL([], [prelink_cmds], [2], + [Commands necessary for linking programs (against libraries) with templates]) +_LT_TAGDECL([], [postlink_cmds], [2], + [Commands necessary for finishing linking programs]) +_LT_TAGDECL([], [file_list_spec], [1], + [Specify filename containing input files]) +dnl FIXME: Not yet implemented +dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], +dnl [Compiler flag to generate thread safe objects]) +])# _LT_LINKER_SHLIBS + + +# _LT_LANG_C_CONFIG([TAG]) +# ------------------------ +# Ensure that the configuration variables for a C compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_C_CONFIG], +[m4_require([_LT_DECL_EGREP])dnl +lt_save_CC=$CC +AC_LANG_PUSH(C) + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + +_LT_TAG_COMPILER +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + LT_SYS_DLOPEN_SELF + _LT_CMD_STRIPLIB + + # Report what library types will actually be built + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[[4-9]]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_CONFIG($1) +fi +AC_LANG_POP +CC=$lt_save_CC +])# _LT_LANG_C_CONFIG + + +# _LT_LANG_CXX_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a C++ compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_CXX_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +if test -n "$CXX" && ( test no != "$CXX" && + ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || + (test g++ != "$CXX"))); then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi + +AC_LANG_PUSH(C++) +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(compiler_needs_object, $1)=no +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_caught_CXX_error"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_CFLAGS=$CFLAGS + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + CFLAGS=$CXXFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test yes = "$GXX"; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + else + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + fi + + if test yes = "$GXX"; then + # Set up default GNU C++ configuration + + LT_PATH_LD + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test yes = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='$wl' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) + _LT_TAGVAR(ld_shlibs, $1)=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aix[[4-9]]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + ;; + esac + + if test yes = "$GXX"; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag=$shared_flag' $wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + # The "-G" linker flag allows undefined symbols. + _LT_TAGVAR(no_undefined_flag, $1)='-bernotok' + # Determine the default libpath from the value encoded in an empty + # executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared + # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + case $GXX,$cc_basename in + ,cl* | no,cl*) + # Native MSVC + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # g++ + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + shrext_cmds=.dll + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + freebsd2.*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + freebsd-elf*) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + hpux9*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' + fi + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + esac + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + ;; + cxx*) + # Compaq C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + ;; + xl* | mpixl* | bgxl*) + # IBM XL 8.0 on PPC, with GNU ld + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + if test yes = "$supports_anon_versioning"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + fi + output_verbose_link_cmd=func_echo_all + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + case $host in + osf3*) + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + ;; + *) + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ + $RM $lib.exp' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*' + case $host in + osf3*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(archive_cmds_need_lc,$1)=yes + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test yes,no = "$GXX,$with_gnu_ld"; then + _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + else + # g++ 2.7 appears to require '-G' NOT '-shared' on this + # platform. + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + fi + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ + '"$_LT_TAGVAR(old_archive_cmds, $1)" + _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ + '"$_LT_TAGVAR(reload_cmds, $1)" + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) + test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no + + _LT_TAGVAR(GCC, $1)=$GXX + _LT_TAGVAR(LD, $1)=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test yes != "$_lt_caught_CXX_error" + +AC_LANG_POP +])# _LT_LANG_CXX_CONFIG + + +# _LT_FUNC_STRIPNAME_CNF +# ---------------------- +# func_stripname_cnf prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# +# This function is identical to the (non-XSI) version of func_stripname, +# except this one can be used by m4 code that may be executed by configure, +# rather than the libtool script. +m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl +AC_REQUIRE([_LT_DECL_SED]) +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) +func_stripname_cnf () +{ + case @S|@2 in + .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;; + *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;; + esac +} # func_stripname_cnf +])# _LT_FUNC_STRIPNAME_CNF + + +# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) +# --------------------------------- +# Figure out "hidden" library dependencies from verbose +# compiler output when linking a shared library. +# Parse the compiler output and extract the necessary +# objects, libraries and library flags. +m4_defun([_LT_SYS_HIDDEN_LIBDEPS], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl +# Dependencies to place before and after the object being linked: +_LT_TAGVAR(predep_objects, $1)= +_LT_TAGVAR(postdep_objects, $1)= +_LT_TAGVAR(predeps, $1)= +_LT_TAGVAR(postdeps, $1)= +_LT_TAGVAR(compiler_lib_search_path, $1)= + +dnl we can't use the lt_simple_compile_test_code here, +dnl because it contains code intended for an executable, +dnl not a library. It's possible we should let each +dnl tag define a new lt_????_link_test_code variable, +dnl but it's only used here... +m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF +int a; +void foo (void) { a = 0; } +_LT_EOF +], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF +], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer*4 a + a=0 + return + end +_LT_EOF +], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer a + a=0 + return + end +_LT_EOF +], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF +public class foo { + private int a; + public void bar (void) { + a = 0; + } +}; +_LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF +]) + +_lt_libdeps_save_CFLAGS=$CFLAGS +case "$CC $CFLAGS " in #( +*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; +*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; +esac + +dnl Parse the compiler output and extract the necessary +dnl objects, libraries and library flags. +if AC_TRY_EVAL(ac_compile); then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case $prev$p in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test x-L = "$p" || + test x-R = "$p"; then + prev=$p + continue + fi + + # Expand the sysroot to ease extracting the directories later. + if test -z "$prev"; then + case $p in + -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; + -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; + -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; + esac + fi + case $p in + =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; + esac + if test no = "$pre_test_object_deps_done"; then + case $prev in + -L | -R) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then + _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p + else + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$_LT_TAGVAR(postdeps, $1)"; then + _LT_TAGVAR(postdeps, $1)=$prev$p + else + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p" + fi + fi + prev= + ;; + + *.lto.$objext) ;; # Ignore GCC LTO objects + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test no = "$pre_test_object_deps_done"; then + if test -z "$_LT_TAGVAR(predep_objects, $1)"; then + _LT_TAGVAR(predep_objects, $1)=$p + else + _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" + fi + else + if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then + _LT_TAGVAR(postdep_objects, $1)=$p + else + _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling $1 test program" +fi + +$RM -f confest.$objext +CFLAGS=$_lt_libdeps_save_CFLAGS + +# PORTME: override above test on systems where it is broken +m4_if([$1], [CXX], +[case $host_os in +interix[[3-9]]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + _LT_TAGVAR(predep_objects,$1)= + _LT_TAGVAR(postdep_objects,$1)= + _LT_TAGVAR(postdeps,$1)= + ;; +esac +]) + +case " $_LT_TAGVAR(postdeps, $1) " in +*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; +esac + _LT_TAGVAR(compiler_lib_search_dirs, $1)= +if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'` +fi +_LT_TAGDECL([], [compiler_lib_search_dirs], [1], + [The directories searched by this compiler when creating a shared library]) +_LT_TAGDECL([], [predep_objects], [1], + [Dependencies to place before and after the objects being linked to + create a shared library]) +_LT_TAGDECL([], [postdep_objects], [1]) +_LT_TAGDECL([], [predeps], [1]) +_LT_TAGDECL([], [postdeps], [1]) +_LT_TAGDECL([], [compiler_lib_search_path], [1], + [The library search path used internally by the compiler when linking + a shared library]) +])# _LT_SYS_HIDDEN_LIBDEPS + + +# _LT_LANG_F77_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a Fortran 77 compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_F77_CONFIG], +[AC_LANG_PUSH(Fortran 77) +if test -z "$F77" || test no = "$F77"; then + _lt_disable_F77=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for f77 test sources. +ac_ext=f + +# Object file extension for compiled f77 test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the F77 compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_disable_F77"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${F77-"f77"} + CFLAGS=$FFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + GCC=$G77 + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)=$G77 + _LT_TAGVAR(LD, $1)=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test yes != "$_lt_disable_F77" + +AC_LANG_POP +])# _LT_LANG_F77_CONFIG + + +# _LT_LANG_FC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for a Fortran compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_FC_CONFIG], +[AC_LANG_PUSH(Fortran) + +if test -z "$FC" || test no = "$FC"; then + _lt_disable_FC=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for fc test sources. +ac_ext=${ac_fc_srcext-f} + +# Object file extension for compiled fc test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the FC compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_disable_FC"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${FC-"f95"} + CFLAGS=$FCFLAGS + compiler=$CC + GCC=$ac_cv_fc_compiler_gnu + + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu + _LT_TAGVAR(LD, $1)=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test yes != "$_lt_disable_FC" + +AC_LANG_POP +])# _LT_LANG_FC_CONFIG + + +# _LT_LANG_GCJ_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Java Compiler compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_GCJ_CONFIG], +[AC_REQUIRE([LT_PROG_GCJ])dnl +AC_LANG_SAVE + +# Source file extension for Java test sources. +ac_ext=java + +# Object file extension for compiled Java test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="class foo {}" + +# Code to be used in simple link tests +lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GCJ-"gcj"} +CFLAGS=$GCJFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)=$LD +_LT_CC_BASENAME([$compiler]) + +# GCJ did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GCJ_CONFIG + + +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)=$LD +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + +# _LT_LANG_RC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for the Windows resource compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to 'libtool'. +m4_defun([_LT_LANG_RC_CONFIG], +[AC_REQUIRE([LT_PROG_RC])dnl +AC_LANG_SAVE + +# Source file extension for RC test sources. +ac_ext=rc + +# Object file extension for compiled RC test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + +# Code to be used in simple link tests +lt_simple_link_test_code=$lt_simple_compile_test_code + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC= +CC=${RC-"windres"} +CFLAGS= +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_CC_BASENAME([$compiler]) +_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + +if test -n "$compiler"; then + : + _LT_CONFIG($1) +fi + +GCC=$lt_save_GCC +AC_LANG_RESTORE +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_RC_CONFIG + + +# LT_PROG_GCJ +# ----------- +AC_DEFUN([LT_PROG_GCJ], +[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], + [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], + [AC_CHECK_TOOL(GCJ, gcj,) + test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2" + AC_SUBST(GCJFLAGS)])])[]dnl +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_GCJ], []) + + +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + +# LT_PROG_RC +# ---------- +AC_DEFUN([LT_PROG_RC], +[AC_CHECK_TOOL(RC, windres,) +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_RC], []) + + +# _LT_DECL_EGREP +# -------------- +# If we don't have a new enough Autoconf to choose the best grep +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_EGREP], +[AC_REQUIRE([AC_PROG_EGREP])dnl +AC_REQUIRE([AC_PROG_FGREP])dnl +test -z "$GREP" && GREP=grep +_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) +_LT_DECL([], [EGREP], [1], [An ERE matcher]) +_LT_DECL([], [FGREP], [1], [A literal string matcher]) +dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too +AC_SUBST([GREP]) +]) + + +# _LT_DECL_OBJDUMP +# -------------- +# If we don't have a new enough Autoconf to choose the best objdump +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_OBJDUMP], +[AC_CHECK_TOOL(OBJDUMP, objdump, false) +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) +AC_SUBST([OBJDUMP]) +]) + +# _LT_DECL_DLLTOOL +# ---------------- +# Ensure DLLTOOL variable is set. +m4_defun([_LT_DECL_DLLTOOL], +[AC_CHECK_TOOL(DLLTOOL, dlltool, false) +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program]) +AC_SUBST([DLLTOOL]) +]) + +# _LT_DECL_SED +# ------------ +# Check for a fully-functional sed program, that truncates +# as few characters as possible. Prefer GNU sed if found. +m4_defun([_LT_DECL_SED], +[AC_PROG_SED +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" +_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) +_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], + [Sed that helps us avoid accidentally triggering echo(1) options like -n]) +])# _LT_DECL_SED + +m4_ifndef([AC_PROG_SED], [ +############################################################ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_SED. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +############################################################ + +m4_defun([AC_PROG_SED], +[AC_MSG_CHECKING([for a sed that does not truncate output]) +AC_CACHE_VAL(lt_cv_path_SED, +[# Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +IFS=$as_save_IFS +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f "$lt_ac_sed" && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test 10 -lt "$lt_ac_count" && break + lt_ac_count=`expr $lt_ac_count + 1` + if test "$lt_ac_count" -gt "$lt_ac_max"; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done +]) +SED=$lt_cv_path_SED +AC_SUBST([SED]) +AC_MSG_RESULT([$SED]) +])#AC_PROG_SED +])#m4_ifndef + +# Old name: +AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_SED], []) + + +# _LT_CHECK_SHELL_FEATURES +# ------------------------ +# Find out whether the shell is Bourne or XSI compatible, +# or has some other useful features. +m4_defun([_LT_CHECK_SHELL_FEATURES], +[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi +_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac +_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl +_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl +])# _LT_CHECK_SHELL_FEATURES + + +# _LT_PATH_CONVERSION_FUNCTIONS +# ----------------------------- +# Determine what file name conversion functions should be used by +# func_to_host_file (and, implicitly, by func_to_host_path). These are needed +# for certain cross-compile configurations and native mingw. +m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_MSG_CHECKING([how to convert $build file names to $host format]) +AC_CACHE_VAL(lt_cv_to_host_file_cmd, +[case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac +]) +to_host_file_cmd=$lt_cv_to_host_file_cmd +AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) +_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], + [0], [convert $build file names to $host format])dnl + +AC_MSG_CHECKING([how to convert $build file names to toolchain format]) +AC_CACHE_VAL(lt_cv_to_tool_file_cmd, +[#assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac +]) +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) +_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], + [0], [convert $build files to toolchain format])dnl +])# _LT_PATH_CONVERSION_FUNCTIONS diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/lt~obsolete.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/lt~obsolete.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/lt~obsolete.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/lt~obsolete.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,99 @@ +# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- +# +# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software +# Foundation, Inc. +# Written by Scott James Remnant, 2004. +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 5 lt~obsolete.m4 + +# These exist entirely to fool aclocal when bootstrapping libtool. +# +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN), +# which have later been changed to m4_define as they aren't part of the +# exported API, or moved to Autoconf or Automake where they belong. +# +# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN +# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us +# using a macro with the same name in our local m4/libtool.m4 it'll +# pull the old libtool.m4 in (it doesn't see our shiny new m4_define +# and doesn't know about Autoconf macros at all.) +# +# So we provide this file, which has a silly filename so it's always +# included after everything else. This provides aclocal with the +# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything +# because those macros already exist, or will be overwritten later. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# +# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. +# Yes, that means every name once taken will need to remain here until +# we give up compatibility with versions before 1.7, at which point +# we need to keep only those names which we still refer to. + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) + +m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) +m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) +m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) +m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) +m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) +m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) +m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) +m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) +m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) +m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) +m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) +m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) +m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) +m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) +m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) +m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) +m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) +m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) +m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) +m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) +m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) +m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) +m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) +m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) +m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) +m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) +m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) +m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) +m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) +m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) +m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) +m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) +m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) +m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) +m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) +m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) +m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) +m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) +m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) +m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) +m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) +m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) +m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) +m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) +m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) +m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) +m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) +m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) +m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) +m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) +m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltoptions.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltoptions.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltoptions.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltoptions.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,437 @@ +# Helper functions for option handling. -*- Autoconf -*- +# +# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software +# Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 8 ltoptions.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) + + +# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) +# ------------------------------------------ +m4_define([_LT_MANGLE_OPTION], +[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) + + +# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) +# --------------------------------------- +# Set option OPTION-NAME for macro MACRO-NAME, and if there is a +# matching handler defined, dispatch to it. Other OPTION-NAMEs are +# saved as a flag. +m4_define([_LT_SET_OPTION], +[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl +m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), + _LT_MANGLE_DEFUN([$1], [$2]), + [m4_warning([Unknown $1 option '$2'])])[]dnl +]) + + +# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) +# ------------------------------------------------------------ +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +m4_define([_LT_IF_OPTION], +[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) + + +# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) +# ------------------------------------------------------- +# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME +# are set. +m4_define([_LT_UNLESS_OPTIONS], +[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), + [m4_define([$0_found])])])[]dnl +m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 +])[]dnl +]) + + +# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) +# ---------------------------------------- +# OPTION-LIST is a space-separated list of Libtool options associated +# with MACRO-NAME. If any OPTION has a matching handler declared with +# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about +# the unknown option and exit. +m4_defun([_LT_SET_OPTIONS], +[# Set options +m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [_LT_SET_OPTION([$1], _LT_Option)]) + +m4_if([$1],[LT_INIT],[ + dnl + dnl Simply set some default values (i.e off) if boolean options were not + dnl specified: + _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no + ]) + _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no + ]) + dnl + dnl If no reference was made to various pairs of opposing options, then + dnl we run the default mode handler for the pair. For example, if neither + dnl 'shared' nor 'disable-shared' was passed, we enable building of shared + dnl archives by default: + _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) + _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], + [_LT_ENABLE_FAST_INSTALL]) + _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4], + [_LT_WITH_AIX_SONAME([aix])]) + ]) +])# _LT_SET_OPTIONS + + +## --------------------------------- ## +## Macros to handle LT_INIT options. ## +## --------------------------------- ## + +# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) +# ----------------------------------------- +m4_define([_LT_MANGLE_DEFUN], +[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) + + +# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) +# ----------------------------------------------- +m4_define([LT_OPTION_DEFINE], +[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl +])# LT_OPTION_DEFINE + + +# dlopen +# ------ +LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes +]) + +AU_DEFUN([AC_LIBTOOL_DLOPEN], +[_LT_SET_OPTION([LT_INIT], [dlopen]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the 'dlopen' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) + + +# win32-dll +# --------- +# Declare package support for building win32 dll's. +LT_OPTION_DEFINE([LT_INIT], [win32-dll], +[enable_win32_dll=yes + +case $host in +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; +esac + +test -z "$AS" && AS=as +_LT_DECL([], [AS], [1], [Assembler program])dnl + +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl + +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl +])# win32-dll + +AU_DEFUN([AC_LIBTOOL_WIN32_DLL], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +_LT_SET_OPTION([LT_INIT], [win32-dll]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the 'win32-dll' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) + + +# _LT_ENABLE_SHARED([DEFAULT]) +# ---------------------------- +# implement the --enable-shared flag, and supports the 'shared' and +# 'disable-shared' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. +m4_define([_LT_ENABLE_SHARED], +[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([shared], + [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], + [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) + + _LT_DECL([build_libtool_libs], [enable_shared], [0], + [Whether or not to build shared libraries]) +])# _LT_ENABLE_SHARED + +LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) +]) + +AC_DEFUN([AC_DISABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], [disable-shared]) +]) + +AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) +AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_SHARED], []) +dnl AC_DEFUN([AM_DISABLE_SHARED], []) + + + +# _LT_ENABLE_STATIC([DEFAULT]) +# ---------------------------- +# implement the --enable-static flag, and support the 'static' and +# 'disable-static' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. +m4_define([_LT_ENABLE_STATIC], +[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([static], + [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], + [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [enable_static=]_LT_ENABLE_STATIC_DEFAULT) + + _LT_DECL([build_old_libs], [enable_static], [0], + [Whether or not to build static libraries]) +])# _LT_ENABLE_STATIC + +LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) +]) + +AC_DEFUN([AC_DISABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], [disable-static]) +]) + +AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) +AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_STATIC], []) +dnl AC_DEFUN([AM_DISABLE_STATIC], []) + + + +# _LT_ENABLE_FAST_INSTALL([DEFAULT]) +# ---------------------------------- +# implement the --enable-fast-install flag, and support the 'fast-install' +# and 'disable-fast-install' LT_INIT options. +# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'. +m4_define([_LT_ENABLE_FAST_INSTALL], +[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([fast-install], + [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], + [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) + +_LT_DECL([fast_install], [enable_fast_install], [0], + [Whether or not to optimize for fast installation])dnl +])# _LT_ENABLE_FAST_INSTALL + +LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) + +# Old names: +AU_DEFUN([AC_ENABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the 'fast-install' option into LT_INIT's first parameter.]) +]) + +AU_DEFUN([AC_DISABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the 'disable-fast-install' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) +dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) + + +# _LT_WITH_AIX_SONAME([DEFAULT]) +# ---------------------------------- +# implement the --with-aix-soname flag, and support the `aix-soname=aix' +# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT +# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'. +m4_define([_LT_WITH_AIX_SONAME], +[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl +shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[[5-9]]*,yes) + AC_MSG_CHECKING([which variant of shared library versioning to provide]) + AC_ARG_WITH([aix-soname], + [AS_HELP_STRING([--with-aix-soname=aix|svr4|both], + [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])], + [case $withval in + aix|svr4|both) + ;; + *) + AC_MSG_ERROR([Unknown argument to --with-aix-soname]) + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname], + [AC_CACHE_VAL([lt_cv_with_aix_soname], + [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT) + with_aix_soname=$lt_cv_with_aix_soname]) + AC_MSG_RESULT([$with_aix_soname]) + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + +_LT_DECL([], [shared_archive_member_spec], [0], + [Shared archive member basename, for filename based shared library versioning on AIX])dnl +])# _LT_WITH_AIX_SONAME + +LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])]) +LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])]) + + +# _LT_WITH_PIC([MODE]) +# -------------------- +# implement the --with-pic flag, and support the 'pic-only' and 'no-pic' +# LT_INIT options. +# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'. +m4_define([_LT_WITH_PIC], +[AC_ARG_WITH([pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], + [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $withval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac], + [pic_mode=m4_default([$1], [default])]) + +_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl +])# _LT_WITH_PIC + +LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) + +# Old name: +AU_DEFUN([AC_LIBTOOL_PICMODE], +[_LT_SET_OPTION([LT_INIT], [pic-only]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the 'pic-only' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) + +## ----------------- ## +## LTDL_INIT Options ## +## ----------------- ## + +m4_define([_LTDL_MODE], []) +LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], + [m4_define([_LTDL_MODE], [nonrecursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [recursive], + [m4_define([_LTDL_MODE], [recursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [subproject], + [m4_define([_LTDL_MODE], [subproject])]) + +m4_define([_LTDL_TYPE], []) +LT_OPTION_DEFINE([LTDL_INIT], [installable], + [m4_define([_LTDL_TYPE], [installable])]) +LT_OPTION_DEFINE([LTDL_INIT], [convenience], + [m4_define([_LTDL_TYPE], [convenience])]) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltsugar.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltsugar.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltsugar.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltsugar.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,124 @@ +# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- +# +# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software +# Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltsugar.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) + + +# lt_join(SEP, ARG1, [ARG2...]) +# ----------------------------- +# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their +# associated separator. +# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier +# versions in m4sugar had bugs. +m4_define([lt_join], +[m4_if([$#], [1], [], + [$#], [2], [[$2]], + [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) +m4_define([_lt_join], +[m4_if([$#$2], [2], [], + [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) + + +# lt_car(LIST) +# lt_cdr(LIST) +# ------------ +# Manipulate m4 lists. +# These macros are necessary as long as will still need to support +# Autoconf-2.59, which quotes differently. +m4_define([lt_car], [[$1]]) +m4_define([lt_cdr], +[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], + [$#], 1, [], + [m4_dquote(m4_shift($@))])]) +m4_define([lt_unquote], $1) + + +# lt_append(MACRO-NAME, STRING, [SEPARATOR]) +# ------------------------------------------ +# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'. +# Note that neither SEPARATOR nor STRING are expanded; they are appended +# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). +# No SEPARATOR is output if MACRO-NAME was previously undefined (different +# than defined and empty). +# +# This macro is needed until we can rely on Autoconf 2.62, since earlier +# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. +m4_define([lt_append], +[m4_define([$1], + m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) + + + +# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) +# ---------------------------------------------------------- +# Produce a SEP delimited list of all paired combinations of elements of +# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list +# has the form PREFIXmINFIXSUFFIXn. +# Needed until we can rely on m4_combine added in Autoconf 2.62. +m4_define([lt_combine], +[m4_if(m4_eval([$# > 3]), [1], + [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl +[[m4_foreach([_Lt_prefix], [$2], + [m4_foreach([_Lt_suffix], + ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, + [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) + + +# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) +# ----------------------------------------------------------------------- +# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited +# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. +m4_define([lt_if_append_uniq], +[m4_ifdef([$1], + [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], + [lt_append([$1], [$2], [$3])$4], + [$5])], + [lt_append([$1], [$2], [$3])$4])]) + + +# lt_dict_add(DICT, KEY, VALUE) +# ----------------------------- +m4_define([lt_dict_add], +[m4_define([$1($2)], [$3])]) + + +# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) +# -------------------------------------------- +m4_define([lt_dict_add_subkey], +[m4_define([$1($2:$3)], [$4])]) + + +# lt_dict_fetch(DICT, KEY, [SUBKEY]) +# ---------------------------------- +m4_define([lt_dict_fetch], +[m4_ifval([$3], + m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), + m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) + + +# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) +# ----------------------------------------------------------------- +m4_define([lt_if_dict_fetch], +[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], + [$5], + [$6])]) + + +# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) +# -------------------------------------------------------------- +m4_define([lt_dict_filter], +[m4_if([$5], [], [], + [lt_join(m4_quote(m4_default([$4], [[, ]])), + lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), + [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl +]) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltversion.m4 nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltversion.m4 --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltversion.m4 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/m4/ltversion.m4 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,23 @@ +# ltversion.m4 -- version numbers -*- Autoconf -*- +# +# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# @configure_input@ + +# serial 4179 ltversion.m4 +# This file is part of GNU Libtool + +m4_define([LT_PACKAGE_VERSION], [2.4.6]) +m4_define([LT_PACKAGE_REVISION], [2.4.6]) + +AC_DEFUN([LTVERSION_VERSION], +[macro_version='2.4.6' +macro_revision='2.4.6' +_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) +_LT_DECL(, macro_revision, 0) +]) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,24 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2014-2016 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +AM_MAKEFLAGS = --no-print-directory +ACLOCAL_AMFLAGS = -I m4 + +SUBDIRS = debian include lib packages plugins tests +EXTRA_DIST = check_skel.c.sample + +check-local: all tests diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/missing nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/missing --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/missing 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/missing 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,215 @@ +#! /bin/sh +# Common wrapper for a few potentially missing GNU programs. + +scriptversion=2013-10-28.13; # UTC + +# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try '$0 --help' for more information" + exit 1 +fi + +case $1 in + + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; + + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. + +Send bug reports to ." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" + exit 1 + ;; + +esac + +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi + +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: Binary files /tmp/tmpbvznukrd/AR2TEg1FPo/nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/nagios-plugins-linux-logo-256.png and /tmp/tmpbvznukrd/rsuwgAjtog/nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/nagios-plugins-linux-logo-256.png differ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,608 @@ +## Version 29 ("High Temperatures") +### Jul 20th, 2021 + +#### FIXES + +##### Plugin check_temperature + + * Do not display thermal ranges if `-t|--thermal_zone` in not set at command-line. + +#### ENHANCEMENTS + +##### Plugin check_temperature + + * Improve the output message by adding the thermal device when available; + * List also the devices that display a temperature of 0°C to be more consistent with the tool 'sensors'; + * Improve the help message; + * New command-line option `-l|--list` for displyaing the all the thermal sensors reported by the kernel. + +##### Package creation + + * Update the list of supported platforms by adding Alpine 3.13 and 3.14 and Fedora 34; + * Several improvements to the Debian packaging (thanks to [Vincent Olivert-Riera](https://github.com/vincent-olivert-riera) for the PR); + * Build Debian multi-packages instead of a single package providing all binary plugins. + This will permit these plugins to cohexist with the Nagios native ones. + +##### Test framework + + * Switch to the latest stable OSes in GitHub workflow. + +##### Documentation + + * Update the documentation for linking against procps-ng newlib; + * Thanks to [Christian Bryn (epleterte)](https://github.com/epleterte) for reporting and fixing a typo in the git clone command. + +### GIT DIFF +``` +$ git diff --stat c57373a9 4e0d46e8 + .github/workflows/build-checks.yml | 6 ++-- + DEVELOPERS.md | 4 +-- + NEWS.md | 75 +++++++++++++++++++++++++++++++++++++++++++ + README.md | 23 +++++++------- + VERSION | 1 + + configure.ac | 22 ++++++++++++- + debian/changelog | 9 +++++- + debian/compat | 2 +- + debian/control | 262 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---- + debian/nagios-plugins-linux-clock.install | 1 + + debian/nagios-plugins-linux-cpu.install | 1 + + debian/nagios-plugins-linux-cpufreq.install | 1 + + debian/nagios-plugins-linux-cswch.install | 1 + + debian/nagios-plugins-linux-docker.install | 1 + + debian/nagios-plugins-linux-fc.install | 1 + + debian/nagios-plugins-linux-ifmountfs.install | 1 + + debian/nagios-plugins-linux-intr.install | 1 + + debian/nagios-plugins-linux-iowait.install | 1 + + debian/nagios-plugins-linux-load.install | 1 + + debian/nagios-plugins-linux-memory.install | 1 + + debian/nagios-plugins-linux-multipath.install | 1 + + debian/nagios-plugins-linux-nbprocs.install | 1 + + debian/nagios-plugins-linux-network.install | 1 + + debian/nagios-plugins-linux-paging.install | 1 + + debian/nagios-plugins-linux-pressure.install | 1 + + debian/nagios-plugins-linux-readonlyfs.install | 1 + + debian/nagios-plugins-linux-swap.install | 1 + + debian/nagios-plugins-linux-tcpcount.install | 1 + + debian/nagios-plugins-linux-temperature.install | 1 + + debian/nagios-plugins-linux-uptime.install | 1 + + debian/nagios-plugins-linux-users.install | 1 + + debian/nagios-plugins-linux.dirs | 1 + + debian/rules | 2 +- + include/string-macros.h | 2 ++ + include/sysfsparser.h | 3 ++ + lib/meminfo_procps.c | 2 +- + lib/sysfsparser.c | 86 ++++++++++++++++++++++++++++++++++++++++++------- + lib/vminfo_procps.c | 2 +- + packages/Makefile.am | 10 +++--- + packages/multibuild.sh | 2 +- + packages/specs/nagios-plugins-linux.spec.in | 17 ++++++++-- + plugins/Makefile.am | 11 ++++--- + plugins/check_temperature.c | 32 ++++++++++++++----- + 43 files changed, 536 insertions(+), 60 deletions(-) +``` + +## Version 28 ("Alpine Hike") +### Dec 12th, 2020 + +#### FIXES + +A few Clang and GCC warnings have been fixed. + +#### ENHANCEMENTS + +##### Plugin check_pressure + +New plugin `check_pressure` that reports the Linux Pressure Stall Information (PSI) exported by Linux kernels 4.20+ (in the `/proc/pressure/` folder). + + check_pressure --cpu return the cpu pressure metrics + check_pressure --io return the io (block layer/filesystems) pressure metrics + check_pressure --memory return the memory pressure metrics + +##### Build system + +Here are some notable news: + + * Integrate *Nagios Plugins for Linux* with *GitHub Workflow* tests; + * Add [Linux Alpine](https://alpinelinux.org/) and [Ubuntu](https://ubuntu.com/) + to the list of supported and automatically tested Linux distributions; + * Update the list of supported platforms by adding Alpine 3.12 and Fedora 33; + * Make the `packages/docker-shell-helpers` folder a git submodule. + +##### Package creation + +Create also the native package for Alpine 3.12. + +### GIT DIFF +``` +$ git diff --stat bef83bc ee0fbd5 + .github/ISSUE_TEMPLATE/bug_report.md | 17 +++++----- + .github/ISSUE_TEMPLATE/feature_request.md | 22 +++++++++++++ + .github/workflows/build-checks.yml | 59 ++++++++++++++++++++++++++++++++++ + .gitmodules | 3 ++ + NEWS.md | 230 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------ + README.md | 69 ++++++++++++++++++++++++---------------- + configure.ac | 14 ++++++++ + include/Makefile.am | 1 + + include/pressure.h | 85 +++++++++++++++++++++++++++++++++++++++++++++++++ + include/system.h | 3 -- + include/testutils.h | 2 ++ + lib/Makefile.am | 1 + + lib/netinfo-private.c | 4 +-- + lib/pressure.c | 198 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + lib/processes.c | 4 +++ + packages/Makefile.am | 28 ++++++++++------ + packages/docker-shell-helpers | 1 + + packages/docker-shell-helpers/LICENSE | 201 ------------------------------------------------------------------------------------------------------------------ + packages/docker-shell-helpers/README.md | 74 ------------------------------------------ + packages/docker-shell-helpers/__generate-doc.sh | 26 --------------- + packages/docker-shell-helpers/docker-shell-helpers.sh | 183 -------------------------------------------------------------------------------------------------------- + packages/docker-shell-helpers/images/docker.png | Bin 28288 -> 0 bytes + packages/multibuild.sh | 51 +++++++++++++++++++++++++---- + packages/specs/APKBUILD.in | 44 +++++++++++++++++++++++++ + packages/specs/Makefile.am | 2 +- + plugins/Makefile.am | 2 ++ + plugins/check_multipath.c | 1 + + plugins/check_network.c | 2 +- + plugins/check_pressure.c | 230 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + tests/Makefile.am | 6 ++++ + tests/ts_procpressurecpu.data | 1 + + tests/ts_procpressureio.data | 2 ++ + tests/tslib_uname.c | 14 ++++++++ + tests/tslibpressure.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 34 files changed, 1046 insertions(+), 659 deletions(-) +``` + +## Version 27 ("Polish Landscapes") +### Aug 8th, 2020 + +#### FIXES + +##### Plugin check_multipath + +Free memory allocated to the pattern buffer by the function `regcomp`. + +##### lib/meminfo_procps, lib/vminfo_procps + +Fix the +[libprocps-ng:newlib](https://gitlab.com/procps-ng/procps/-/tree/newlib) +detection at build time. +Most distro packaged version of `procps-ng` correctly report the +version of the library *libprocps*. +According to the project mailing-list and my own tests, Debian +and Ubuntu report `UNKNOWN` as library version. +But, under openSUSE Tumbleweed, Archlinux, Slackware, and Fedora +it is shown properly. +So switch from `UNKNOWN` to `libprocps >= 3.3.12` in configure. + +Also add a +[documentation page](DEVELOPERS.md) +for developers because the `procps-ng:newlib` +library is still in active development and there's no stable version +available. + +#### ENHANCEMENTS + +##### Plugin check_network + +Add a bunch of command-line options: + * `-i,--ifname`: only display interfaces matching a POSIX Extended [Regular Expression](https://man7.org/linux/man-pages/man7/regex.7.html); + * `--ifname-debug`: display the list of metric keys and exit (for debugging); + * `-k,--check-link`: report an error if one or more links are down; + * `-l,--no-loopback`: skip the loopback interface; + * `-W,--no-wireless `: skip the wireless interfaces; + * `-%,--perc`: return percentage metrics when possible. + +Note that the percentage **can only be calculated** for links with an available +physical speed. This feature has been asked by [iam333](https://github.com/iam333). +See the issue [#55](https://github.com/madrisan/nagios-plugins-linux/issues/55). + +By default *all* the counters are reported in the perdata, but it's now possible +to select a subset of them if it's preferable: + * `-b --no-bytes`: omit the rx/tx bytes counter from perfdata; + * `-C,--no-collisions`: omit the collisions counter from perfdata; + * `-d --no-drops`: omit the rx/tx drop counters from perfdata; + * `-e --no-errors`: omit the rx/tx errors counters from perfdata; + * `-m,--no-multicast`: omit the multicast counter from perfdata; + * `-p,--no-packets`: omit the rx/tx packets counter from perfdata. + +Make it possible to set the thresholds for all the reported metrics, by using +the following new plugins (they are actually just symlinks to `check_network`): + * `check_network_collisions` + * `check_network_dropped` + * `check_network_errors` + * `check_network_multicast` + +Previously it was only possible for the network traffic in bytes. + +Add two extra command-line switches `-r/--rx-only` and `-t/--tx-only` +for discarding the transmission and received metrics respectively. +This should allow even more custom plugin configurations and should be +especially usefull for setting thresholds in the network traffic in bytes. + +##### lib/netinfo* (check_network): switch from getifaddrs glib call to linux rtnetlink + +Switch to linux +[rtnetlink](https://www.man7.org/linux/man-pages/man7/netlink.7.html) +to be able to get the required +network statistics for all the available network interfaces, +not only for the `AF_PACKET`-capable ones. + +This new implementation in particular let now `check_network` return +the statistics also for the [WireGuard](https://www.wireguard.com/) interfaces +[[#58](https://github.com/madrisan/nagios-plugins-linux/issues/58)]. + +##### lib/netinfo-private: switch to ETHTOOL_GLINKSETTINGS when possible + +Change `SIOCETHTOOL` ioctl to use `ETHTOOL_GLINKSETTINGS`instead of the +obsolete `ETHTOOL_GSET`, when determining the network interface speed. +This requires Linux kernel 4.9+. +In case of failure revert to the obsolete `ETHTOOL_GSET`. + +See the +[kernel commit](https://github.com/torvalds/linux/commit/3f1ac7a700d039c61d8d8b99f28d605d489a60cf) +(net: ethtool: add new ETHTOOL_xLINKSETTINGS API) if you need deeper technical informations. + +#### LICENSE + +Add to all files containing C code the +[SPDX License Identifier](https://spdx.org/licenses/) +for the GPL 3.0+ license. +``` +// SPDX-License-Identifier: GPL-3.0-or-later +``` + +### GIT DIFF +``` +-- git diff --stat 2de9564 532861c +.codeclimate.yml | 2 +- +.gitattributes | 1 + +AUTHORS | 25 +++--- +DEVELOPERS.md | 68 ++++++++++++++ +NEWS | 661 +-------------------------------------------------------------------------------------------------------------------------------------- +NEWS-OLD | 660 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +NEWS.md | 324 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +README.md | 20 ++--- +check_skel.c.sample | 5 +- +configure.ac | 23 ++++- +include/Makefile.am | 1 + +include/collection.h | 1 + +include/common.h | 4 +- +include/container_docker.h | 1 + +include/container_podman.h | 1 + +include/cpudesc.h | 1 + +include/cpufreq.h | 1 + +include/cpustats.h | 1 + +include/cputopology.h | 1 + +include/getenv.h | 1 + +include/interrupts.h | 1 + +include/jsmn.h | 1 + +include/json_helpers.h | 1 + +include/kernelver.h | 1 + +include/logging.h | 1 + +include/meminfo.h | 1 + +include/messages.h | 1 + +include/mountlist.h | 1 + +include/netinfo-private.h | 59 ++++++++++++ +include/netinfo.h | 79 +++++++++++++---- +include/perfdata.h | 1 + +include/processes.h | 1 + +include/procparser.h | 1 + +include/progname.h | 1 + +include/progversion.h | 1 + +include/string-macros.h | 10 +++ +include/sysfsparser.h | 1 + +include/system.h | 6 +- +include/tcpinfo.h | 1 + +include/testutils.h | 1 + +include/thresholds.h | 1 + +include/units.h | 1 + +include/url_encode.h | 1 + +include/vminfo.h | 1 + +include/xalloc.h | 1 + +include/xasprintf.h | 1 + +include/xstrton.h | 1 + +lib/Makefile.am | 4 +- +lib/collection.c | 1 + +lib/container_docker_count.c | 1 + +lib/container_docker_memory.c | 1 + +lib/container_podman.c | 1 + +lib/container_podman_count.c | 1 + +lib/container_podman_stats.c | 1 + +lib/cpudesc.c | 1 + +lib/cpufreq.c | 1 + +lib/cpustats.c | 1 + +lib/cputopology.c | 1 + +lib/interrupts.c | 1 + +lib/json_helpers.c | 1 + +lib/kernelver.c | 1 + +lib/meminfo.c | 1 + +lib/meminfo_procps.c | 3 +- +lib/messages.c | 1 + +lib/mountlist.c | 1 + +lib/netinfo-private.c | 454 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +lib/netinfo.c | 303 +++++++++++++++++++++++++++++++++++++++++++++----------------- +lib/perfdata.c | 1 + +lib/processes.c | 1 + +lib/procparser.c | 1 + +lib/progname.c | 1 + +lib/sysfsparser.c | 1 + +lib/tcpinfo.c | 1 + +lib/thresholds.c | 1 + +lib/url_encode.c | 1 + +lib/vminfo.c | 1 + +lib/vminfo_procps.c | 30 ++----- +lib/xasprintf.c | 1 + +lib/xmalloc.c | 1 + +lib/xstrton.c | 1 + +packages/specs/nagios-plugins-linux.spec.in | 2 +- +plugins/Makefile.am | 17 +++- +plugins/check_clock.c | 1 + +plugins/check_cpu.c | 8 +- +plugins/check_cpufreq.c | 1 + +plugins/check_cswch.c | 1 + +plugins/check_docker.c | 1 + +plugins/check_fc.c | 1 + +plugins/check_ifmountfs.c | 1 + +plugins/check_intr.c | 1 + +plugins/check_load.c | 1 + +plugins/check_memory.c | 1 + +plugins/check_multipath.c | 3 + +plugins/check_nbprocs.c | 1 + +plugins/check_network.c | 423 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------ +plugins/check_paging.c | 1 + +plugins/check_podman.c | 1 + +plugins/check_readonlyfs.c | 1 + +plugins/check_swap.c | 1 + +plugins/check_tcpcount.c | 1 + +plugins/check_temperature.c | 1 + +plugins/check_uptime.c | 1 + +plugins/check_users.c | 1 + +tests/Makefile.am | 2 +- +tests/testutils.c | 1 + +tests/tsclock_thresholds.c | 1 + +tests/tscswch.c | 1 + +tests/tsintr.c | 1 + +tests/tslib_uname.c | 1 + +tests/tslibcontainer_docker_count.c | 1 + +tests/tslibcontainer_docker_memory.c | 1 + +tests/tslibkernelver.c | 1 + +tests/tslibmeminfo_conversions.c | 1 + +tests/tslibmeminfo_interface.c | 5 +- +tests/tslibmeminfo_procparser.c | 1 + +tests/tslibmessages.c | 1 + +tests/tslibperfdata.c | 1 + +tests/tsliburlencode.c | 1 + +tests/tslibvminfo.c | 1 + +tests/tsload_normalize.c | 1 + +tests/tsload_thresholds.c | 1 + +tests/tspaging.c | 1 + +tests/tstemperature.c | 1 + +tests/{tststestutils.c => tstestutils.c} | 1 + +tests/tsuptime.c | 1 + +125 files changed, 2447 insertions(+), 852 deletions(-) +``` + +## Version 26 ("Lockdown") +### May 5th, 2020 + +#### FIXES + +##### Fix build with musl by including limits.h when PATH_MAX is used. + +Bug reported and patched by Louis Sautier. +See also: [Gentoo bug #717038](https://bugs.gentoo.org/717038) + +##### Fix build when `-fno-common` is added to CFLAGS. + +The build with `-fno-common` failed with the error message: +``` +(.bss+0x8): multiple definition of `program_name' +(.bss+0x0): multiple definition of `program_name_short' +``` +This flag will be apparently enabled by default in gcc 10. +Bug reported by [sbraz](https://github.com/sbraz). + +##### Fixed travis CI build + +Fix by [sbraz](https://github.com/sbraz). + +#### ENHANCEMENTS / CHANGES + +##### New plugin check_podman + +New plugin **check_podman** for checking some runtime metric of [podman](https://podman.io/) containers. + +##### Package creation + +Add Fedora 32 and CentOS 8 to the supported distributions. + +#### GIT DIFF +``` +-- git diff --stat f5c0edc 6c41cc9 + +.travis.yml | 2 +- +AUTHORS | 2 + +README.md | 30 ++++++++--- +configure.ac | 30 ++++++++++- +debian/copyright | 2 +- +include/Makefile.am | 8 +-- +include/collection.h | 2 +- +include/{container.h => container_docker.h} | 8 +-- +include/container_podman.h | 117 ++++++++++++++++++++++++++++++++++++++++ +include/{json.h => jsmn.h} | 0 +include/json_helpers.h | 35 ++++++++++++ +include/progname.h | 4 +- +include/testutils.h | 10 +++- +include/xalloc.h | 2 + +include/{xstrtol.h => xstrton.h} | 9 ++-- +lib/Makefile.am | 15 ++++-- +lib/collection.c | 25 ++++++--- +lib/{container_count.c => container_docker_count.c} | 34 +++--------- +lib/{container_memory.c => container_docker_memory.c} | 2 +- +lib/container_podman.c | 373 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +lib/container_podman_count.c | 114 +++++++++++++++++++++++++++++++++++++++ +lib/container_podman_stats.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +lib/json_helpers.c | 66 +++++++++++++++++++++++ +lib/processes.c | 1 + +lib/xmalloc.c | 17 ++++-- +lib/{xstrtol.c => xstrton.c} | 20 ++++++- +packages/Makefile.am | 8 +-- +packages/multibuild.sh | 16 +++++- +packages/specs/nagios-plugins-linux.spec.in | 6 +++ +plugins/Makefile.am | 13 ++++- +plugins/check_clock.c | 2 +- +plugins/check_cpu.c | 2 +- +plugins/check_cswch.c | 2 +- +plugins/check_docker.c | 4 +- +plugins/check_fc.c | 3 +- +plugins/check_intr.c | 2 +- +plugins/check_podman.c | 261 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +tests/Makefile.am | 16 +++--- +tests/{ts_container.data => ts_container_docker.data} | 0 +tests/ts_container_podman_GetContainerStats.data | 1 + +tests/ts_container_podman_ListContainers.data | 1 + +tests/{tslibcontainer_count.c => tslibcontainer_docker_count.c} | 6 +-- +tests/{tslibcontainer_memory.c => tslibcontainer_docker_memory.c} | 8 +-- +43 files changed, 1362 insertions(+), 96 deletions(-) +``` + + +## Version 25 ("Gentoo") +### May 5th, 2020 + +#### FIXES + +##### Fix issues reported by lgtm, clang, and Codacy + +Fix two security issues reported by lgtm analyzer, an issue reported by the clang static analyser v8, and some issues reported by Codacy. + +##### Library sysfsparser + +Fix debug messages in `sysfsparser_thermal_get_temperature()`. + +##### Plugin check_memory + +Add `min`, `max`, `warning` and `critical` to perfdata for `mem_available` and `mem_used` as asked by [sbraz](https://github.com/sbraz). + +Minor code cleanup, and typo fixes. + +##### Build system + +Fix compilation when *libcurl* headers are not installed. + +#### ENHANCEMENTS / CHANGES + +Udate the external *jsmn* library. + +Move some functions to the new library *perfdata*. + +##### Build system + +Fix a warning message about obsolete `AC_PROG_RANLIB`. + +Add a build option to disable libcurl: `--disable-libcurl`. + +##### Package creation + +Make rpm packages for Fedora 30 and Debian 10 (Buster) packages. + +Drop support for the Linux distribution Fedora 24-27 and Debian 6 (Squeeze). + +##### Test framework + +New unit test for `lib/perfdata.c`. + +#### GIT DIFF +``` +-- git diff --stat 440eefa c4a58b5 + +AUTHORS | 6 ++ +README.md | 16 ++-- +configure.ac | 17 +++-- +debian/changelog | 32 ++++++++ +include/Makefile.am | 1 + +include/json.h | 490 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------- +include/perfdata.h | 37 +++++++++ +include/string-macros.h | 1 + +include/thresholds.h | 9 ++- +lib/Makefile.am | 2 +- +lib/container_count.c | 7 +- +lib/container_memory.c | 8 +- +lib/cputopology.c | 3 +- +lib/json.c | 417 ------------------------------------------------------------------------------------------------------ +lib/perfdata.c | 85 +++++++++++++++++++++ +lib/sysfsparser.c | 41 +++++----- +lib/thresholds.c | 26 +++++-- +packages/Makefile.am | 25 ++++--- +packages/docker-shell-helpers/docker-shell-helpers.sh | 6 +- +packages/multibuild.sh | 30 +++----- +packages/specs/nagios-plugins-linux.spec.in | 14 +++- +plugins/check_clock.c | 10 +-- +plugins/check_cpu.c | 3 + +plugins/check_memory.c | 55 ++++++++++++-- +plugins/check_swap.c | 3 + +plugins/check_uptime.c | 8 +- +plugins/check_users.c | 3 +- +tests/Makefile.am | 9 ++- +tests/tslibcontainer_count.c | 2 +- +tests/tslibkernelver.c | 7 +- +tests/tslibperfdata.c | 111 +++++++++++++++++++++++++++ +31 files changed, 925 insertions(+), 559 deletions(-) +``` + + +## Version 24 +### January 13th, 2019 + +#### FIXES + +##### Plugin check_cpufreq + +The frequences returned by sysfs are in KHz. +This issue has been reported by [sbraz](https://github.com/sbraz). +Thanks! + +#### ENHANCEMENTS / CHANGES + +##### Plugin check_uptime + +Add warn, crit, and min values to perfdata. +Based on a merge request opened by [magmax](https://github.com/magmax). +Thanks! + +##### Plugin check_cpufreq + +Make it possible to output the values in Hz/kHz/mHz/gHz +by adding some new command-line switches: + * `-H,--Hz` + * `-K,--kHz` + * `-M,--mHz` + * `-G,--gHz` + +##### Build system + +Check for the compiler flag `-Wstringop-truncation` availability. + +Remove the autotools-generated file `libtool`. + +Fix unsupported warning options for clang (7.0.0): + * `-Wformat-signedness` + * `-Wstringop-truncation` + +Support Fedora 29 packaging (rpm packages generation). + +#### GIT DIFF +``` +-- git diff --stat 0a3b90b 0b7e7ea + +.github/ISSUE_TEMPLATE/bug_report.md | 26 + +.gitignore | 1 + +README.md | 8 +- +configure.ac | 3 +- +libtool | 11645 -------------------------------- +m4/cc_try_cflags.m4 | 4 +- +packages/Makefile.am | 7 +- +plugins/check_cpufreq.c | 35 +- +plugins/check_uptime.c | 9 +- +9 files changed, 73 insertions(+), 11665 deletions(-) +``` diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS.md nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS.md --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,608 @@ +## Version 29 ("High Temperatures") +### Jul 20th, 2021 + +#### FIXES + +##### Plugin check_temperature + + * Do not display thermal ranges if `-t|--thermal_zone` in not set at command-line. + +#### ENHANCEMENTS + +##### Plugin check_temperature + + * Improve the output message by adding the thermal device when available; + * List also the devices that display a temperature of 0°C to be more consistent with the tool 'sensors'; + * Improve the help message; + * New command-line option `-l|--list` for displyaing the all the thermal sensors reported by the kernel. + +##### Package creation + + * Update the list of supported platforms by adding Alpine 3.13 and 3.14 and Fedora 34; + * Several improvements to the Debian packaging (thanks to [Vincent Olivert-Riera](https://github.com/vincent-olivert-riera) for the PR); + * Build Debian multi-packages instead of a single package providing all binary plugins. + This will permit these plugins to cohexist with the Nagios native ones. + +##### Test framework + + * Switch to the latest stable OSes in GitHub workflow. + +##### Documentation + + * Update the documentation for linking against procps-ng newlib; + * Thanks to [Christian Bryn (epleterte)](https://github.com/epleterte) for reporting and fixing a typo in the git clone command. + +### GIT DIFF +``` +$ git diff --stat c57373a9 4e0d46e8 + .github/workflows/build-checks.yml | 6 ++-- + DEVELOPERS.md | 4 +-- + NEWS.md | 75 +++++++++++++++++++++++++++++++++++++++++++ + README.md | 23 +++++++------- + VERSION | 1 + + configure.ac | 22 ++++++++++++- + debian/changelog | 9 +++++- + debian/compat | 2 +- + debian/control | 262 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---- + debian/nagios-plugins-linux-clock.install | 1 + + debian/nagios-plugins-linux-cpu.install | 1 + + debian/nagios-plugins-linux-cpufreq.install | 1 + + debian/nagios-plugins-linux-cswch.install | 1 + + debian/nagios-plugins-linux-docker.install | 1 + + debian/nagios-plugins-linux-fc.install | 1 + + debian/nagios-plugins-linux-ifmountfs.install | 1 + + debian/nagios-plugins-linux-intr.install | 1 + + debian/nagios-plugins-linux-iowait.install | 1 + + debian/nagios-plugins-linux-load.install | 1 + + debian/nagios-plugins-linux-memory.install | 1 + + debian/nagios-plugins-linux-multipath.install | 1 + + debian/nagios-plugins-linux-nbprocs.install | 1 + + debian/nagios-plugins-linux-network.install | 1 + + debian/nagios-plugins-linux-paging.install | 1 + + debian/nagios-plugins-linux-pressure.install | 1 + + debian/nagios-plugins-linux-readonlyfs.install | 1 + + debian/nagios-plugins-linux-swap.install | 1 + + debian/nagios-plugins-linux-tcpcount.install | 1 + + debian/nagios-plugins-linux-temperature.install | 1 + + debian/nagios-plugins-linux-uptime.install | 1 + + debian/nagios-plugins-linux-users.install | 1 + + debian/nagios-plugins-linux.dirs | 1 + + debian/rules | 2 +- + include/string-macros.h | 2 ++ + include/sysfsparser.h | 3 ++ + lib/meminfo_procps.c | 2 +- + lib/sysfsparser.c | 86 ++++++++++++++++++++++++++++++++++++++++++------- + lib/vminfo_procps.c | 2 +- + packages/Makefile.am | 10 +++--- + packages/multibuild.sh | 2 +- + packages/specs/nagios-plugins-linux.spec.in | 17 ++++++++-- + plugins/Makefile.am | 11 ++++--- + plugins/check_temperature.c | 32 ++++++++++++++----- + 43 files changed, 536 insertions(+), 60 deletions(-) +``` + +## Version 28 ("Alpine Hike") +### Dec 12th, 2020 + +#### FIXES + +A few Clang and GCC warnings have been fixed. + +#### ENHANCEMENTS + +##### Plugin check_pressure + +New plugin `check_pressure` that reports the Linux Pressure Stall Information (PSI) exported by Linux kernels 4.20+ (in the `/proc/pressure/` folder). + + check_pressure --cpu return the cpu pressure metrics + check_pressure --io return the io (block layer/filesystems) pressure metrics + check_pressure --memory return the memory pressure metrics + +##### Build system + +Here are some notable news: + + * Integrate *Nagios Plugins for Linux* with *GitHub Workflow* tests; + * Add [Linux Alpine](https://alpinelinux.org/) and [Ubuntu](https://ubuntu.com/) + to the list of supported and automatically tested Linux distributions; + * Update the list of supported platforms by adding Alpine 3.12 and Fedora 33; + * Make the `packages/docker-shell-helpers` folder a git submodule. + +##### Package creation + +Create also the native package for Alpine 3.12. + +### GIT DIFF +``` +$ git diff --stat bef83bc ee0fbd5 + .github/ISSUE_TEMPLATE/bug_report.md | 17 +++++----- + .github/ISSUE_TEMPLATE/feature_request.md | 22 +++++++++++++ + .github/workflows/build-checks.yml | 59 ++++++++++++++++++++++++++++++++++ + .gitmodules | 3 ++ + NEWS.md | 230 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------ + README.md | 69 ++++++++++++++++++++++++---------------- + configure.ac | 14 ++++++++ + include/Makefile.am | 1 + + include/pressure.h | 85 +++++++++++++++++++++++++++++++++++++++++++++++++ + include/system.h | 3 -- + include/testutils.h | 2 ++ + lib/Makefile.am | 1 + + lib/netinfo-private.c | 4 +-- + lib/pressure.c | 198 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + lib/processes.c | 4 +++ + packages/Makefile.am | 28 ++++++++++------ + packages/docker-shell-helpers | 1 + + packages/docker-shell-helpers/LICENSE | 201 ------------------------------------------------------------------------------------------------------------------ + packages/docker-shell-helpers/README.md | 74 ------------------------------------------ + packages/docker-shell-helpers/__generate-doc.sh | 26 --------------- + packages/docker-shell-helpers/docker-shell-helpers.sh | 183 -------------------------------------------------------------------------------------------------------- + packages/docker-shell-helpers/images/docker.png | Bin 28288 -> 0 bytes + packages/multibuild.sh | 51 +++++++++++++++++++++++++---- + packages/specs/APKBUILD.in | 44 +++++++++++++++++++++++++ + packages/specs/Makefile.am | 2 +- + plugins/Makefile.am | 2 ++ + plugins/check_multipath.c | 1 + + plugins/check_network.c | 2 +- + plugins/check_pressure.c | 230 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + tests/Makefile.am | 6 ++++ + tests/ts_procpressurecpu.data | 1 + + tests/ts_procpressureio.data | 2 ++ + tests/tslib_uname.c | 14 ++++++++ + tests/tslibpressure.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 34 files changed, 1046 insertions(+), 659 deletions(-) +``` + +## Version 27 ("Polish Landscapes") +### Aug 8th, 2020 + +#### FIXES + +##### Plugin check_multipath + +Free memory allocated to the pattern buffer by the function `regcomp`. + +##### lib/meminfo_procps, lib/vminfo_procps + +Fix the +[libprocps-ng:newlib](https://gitlab.com/procps-ng/procps/-/tree/newlib) +detection at build time. +Most distro packaged version of `procps-ng` correctly report the +version of the library *libprocps*. +According to the project mailing-list and my own tests, Debian +and Ubuntu report `UNKNOWN` as library version. +But, under openSUSE Tumbleweed, Archlinux, Slackware, and Fedora +it is shown properly. +So switch from `UNKNOWN` to `libprocps >= 3.3.12` in configure. + +Also add a +[documentation page](DEVELOPERS.md) +for developers because the `procps-ng:newlib` +library is still in active development and there's no stable version +available. + +#### ENHANCEMENTS + +##### Plugin check_network + +Add a bunch of command-line options: + * `-i,--ifname`: only display interfaces matching a POSIX Extended [Regular Expression](https://man7.org/linux/man-pages/man7/regex.7.html); + * `--ifname-debug`: display the list of metric keys and exit (for debugging); + * `-k,--check-link`: report an error if one or more links are down; + * `-l,--no-loopback`: skip the loopback interface; + * `-W,--no-wireless `: skip the wireless interfaces; + * `-%,--perc`: return percentage metrics when possible. + +Note that the percentage **can only be calculated** for links with an available +physical speed. This feature has been asked by [iam333](https://github.com/iam333). +See the issue [#55](https://github.com/madrisan/nagios-plugins-linux/issues/55). + +By default *all* the counters are reported in the perdata, but it's now possible +to select a subset of them if it's preferable: + * `-b --no-bytes`: omit the rx/tx bytes counter from perfdata; + * `-C,--no-collisions`: omit the collisions counter from perfdata; + * `-d --no-drops`: omit the rx/tx drop counters from perfdata; + * `-e --no-errors`: omit the rx/tx errors counters from perfdata; + * `-m,--no-multicast`: omit the multicast counter from perfdata; + * `-p,--no-packets`: omit the rx/tx packets counter from perfdata. + +Make it possible to set the thresholds for all the reported metrics, by using +the following new plugins (they are actually just symlinks to `check_network`): + * `check_network_collisions` + * `check_network_dropped` + * `check_network_errors` + * `check_network_multicast` + +Previously it was only possible for the network traffic in bytes. + +Add two extra command-line switches `-r/--rx-only` and `-t/--tx-only` +for discarding the transmission and received metrics respectively. +This should allow even more custom plugin configurations and should be +especially usefull for setting thresholds in the network traffic in bytes. + +##### lib/netinfo* (check_network): switch from getifaddrs glib call to linux rtnetlink + +Switch to linux +[rtnetlink](https://www.man7.org/linux/man-pages/man7/netlink.7.html) +to be able to get the required +network statistics for all the available network interfaces, +not only for the `AF_PACKET`-capable ones. + +This new implementation in particular let now `check_network` return +the statistics also for the [WireGuard](https://www.wireguard.com/) interfaces +[[#58](https://github.com/madrisan/nagios-plugins-linux/issues/58)]. + +##### lib/netinfo-private: switch to ETHTOOL_GLINKSETTINGS when possible + +Change `SIOCETHTOOL` ioctl to use `ETHTOOL_GLINKSETTINGS`instead of the +obsolete `ETHTOOL_GSET`, when determining the network interface speed. +This requires Linux kernel 4.9+. +In case of failure revert to the obsolete `ETHTOOL_GSET`. + +See the +[kernel commit](https://github.com/torvalds/linux/commit/3f1ac7a700d039c61d8d8b99f28d605d489a60cf) +(net: ethtool: add new ETHTOOL_xLINKSETTINGS API) if you need deeper technical informations. + +#### LICENSE + +Add to all files containing C code the +[SPDX License Identifier](https://spdx.org/licenses/) +for the GPL 3.0+ license. +``` +// SPDX-License-Identifier: GPL-3.0-or-later +``` + +### GIT DIFF +``` +-- git diff --stat 2de9564 532861c +.codeclimate.yml | 2 +- +.gitattributes | 1 + +AUTHORS | 25 +++--- +DEVELOPERS.md | 68 ++++++++++++++ +NEWS | 661 +-------------------------------------------------------------------------------------------------------------------------------------- +NEWS-OLD | 660 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +NEWS.md | 324 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +README.md | 20 ++--- +check_skel.c.sample | 5 +- +configure.ac | 23 ++++- +include/Makefile.am | 1 + +include/collection.h | 1 + +include/common.h | 4 +- +include/container_docker.h | 1 + +include/container_podman.h | 1 + +include/cpudesc.h | 1 + +include/cpufreq.h | 1 + +include/cpustats.h | 1 + +include/cputopology.h | 1 + +include/getenv.h | 1 + +include/interrupts.h | 1 + +include/jsmn.h | 1 + +include/json_helpers.h | 1 + +include/kernelver.h | 1 + +include/logging.h | 1 + +include/meminfo.h | 1 + +include/messages.h | 1 + +include/mountlist.h | 1 + +include/netinfo-private.h | 59 ++++++++++++ +include/netinfo.h | 79 +++++++++++++---- +include/perfdata.h | 1 + +include/processes.h | 1 + +include/procparser.h | 1 + +include/progname.h | 1 + +include/progversion.h | 1 + +include/string-macros.h | 10 +++ +include/sysfsparser.h | 1 + +include/system.h | 6 +- +include/tcpinfo.h | 1 + +include/testutils.h | 1 + +include/thresholds.h | 1 + +include/units.h | 1 + +include/url_encode.h | 1 + +include/vminfo.h | 1 + +include/xalloc.h | 1 + +include/xasprintf.h | 1 + +include/xstrton.h | 1 + +lib/Makefile.am | 4 +- +lib/collection.c | 1 + +lib/container_docker_count.c | 1 + +lib/container_docker_memory.c | 1 + +lib/container_podman.c | 1 + +lib/container_podman_count.c | 1 + +lib/container_podman_stats.c | 1 + +lib/cpudesc.c | 1 + +lib/cpufreq.c | 1 + +lib/cpustats.c | 1 + +lib/cputopology.c | 1 + +lib/interrupts.c | 1 + +lib/json_helpers.c | 1 + +lib/kernelver.c | 1 + +lib/meminfo.c | 1 + +lib/meminfo_procps.c | 3 +- +lib/messages.c | 1 + +lib/mountlist.c | 1 + +lib/netinfo-private.c | 454 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +lib/netinfo.c | 303 +++++++++++++++++++++++++++++++++++++++++++++----------------- +lib/perfdata.c | 1 + +lib/processes.c | 1 + +lib/procparser.c | 1 + +lib/progname.c | 1 + +lib/sysfsparser.c | 1 + +lib/tcpinfo.c | 1 + +lib/thresholds.c | 1 + +lib/url_encode.c | 1 + +lib/vminfo.c | 1 + +lib/vminfo_procps.c | 30 ++----- +lib/xasprintf.c | 1 + +lib/xmalloc.c | 1 + +lib/xstrton.c | 1 + +packages/specs/nagios-plugins-linux.spec.in | 2 +- +plugins/Makefile.am | 17 +++- +plugins/check_clock.c | 1 + +plugins/check_cpu.c | 8 +- +plugins/check_cpufreq.c | 1 + +plugins/check_cswch.c | 1 + +plugins/check_docker.c | 1 + +plugins/check_fc.c | 1 + +plugins/check_ifmountfs.c | 1 + +plugins/check_intr.c | 1 + +plugins/check_load.c | 1 + +plugins/check_memory.c | 1 + +plugins/check_multipath.c | 3 + +plugins/check_nbprocs.c | 1 + +plugins/check_network.c | 423 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------ +plugins/check_paging.c | 1 + +plugins/check_podman.c | 1 + +plugins/check_readonlyfs.c | 1 + +plugins/check_swap.c | 1 + +plugins/check_tcpcount.c | 1 + +plugins/check_temperature.c | 1 + +plugins/check_uptime.c | 1 + +plugins/check_users.c | 1 + +tests/Makefile.am | 2 +- +tests/testutils.c | 1 + +tests/tsclock_thresholds.c | 1 + +tests/tscswch.c | 1 + +tests/tsintr.c | 1 + +tests/tslib_uname.c | 1 + +tests/tslibcontainer_docker_count.c | 1 + +tests/tslibcontainer_docker_memory.c | 1 + +tests/tslibkernelver.c | 1 + +tests/tslibmeminfo_conversions.c | 1 + +tests/tslibmeminfo_interface.c | 5 +- +tests/tslibmeminfo_procparser.c | 1 + +tests/tslibmessages.c | 1 + +tests/tslibperfdata.c | 1 + +tests/tsliburlencode.c | 1 + +tests/tslibvminfo.c | 1 + +tests/tsload_normalize.c | 1 + +tests/tsload_thresholds.c | 1 + +tests/tspaging.c | 1 + +tests/tstemperature.c | 1 + +tests/{tststestutils.c => tstestutils.c} | 1 + +tests/tsuptime.c | 1 + +125 files changed, 2447 insertions(+), 852 deletions(-) +``` + +## Version 26 ("Lockdown") +### May 5th, 2020 + +#### FIXES + +##### Fix build with musl by including limits.h when PATH_MAX is used. + +Bug reported and patched by Louis Sautier. +See also: [Gentoo bug #717038](https://bugs.gentoo.org/717038) + +##### Fix build when `-fno-common` is added to CFLAGS. + +The build with `-fno-common` failed with the error message: +``` +(.bss+0x8): multiple definition of `program_name' +(.bss+0x0): multiple definition of `program_name_short' +``` +This flag will be apparently enabled by default in gcc 10. +Bug reported by [sbraz](https://github.com/sbraz). + +##### Fixed travis CI build + +Fix by [sbraz](https://github.com/sbraz). + +#### ENHANCEMENTS / CHANGES + +##### New plugin check_podman + +New plugin **check_podman** for checking some runtime metric of [podman](https://podman.io/) containers. + +##### Package creation + +Add Fedora 32 and CentOS 8 to the supported distributions. + +#### GIT DIFF +``` +-- git diff --stat f5c0edc 6c41cc9 + +.travis.yml | 2 +- +AUTHORS | 2 + +README.md | 30 ++++++++--- +configure.ac | 30 ++++++++++- +debian/copyright | 2 +- +include/Makefile.am | 8 +-- +include/collection.h | 2 +- +include/{container.h => container_docker.h} | 8 +-- +include/container_podman.h | 117 ++++++++++++++++++++++++++++++++++++++++ +include/{json.h => jsmn.h} | 0 +include/json_helpers.h | 35 ++++++++++++ +include/progname.h | 4 +- +include/testutils.h | 10 +++- +include/xalloc.h | 2 + +include/{xstrtol.h => xstrton.h} | 9 ++-- +lib/Makefile.am | 15 ++++-- +lib/collection.c | 25 ++++++--- +lib/{container_count.c => container_docker_count.c} | 34 +++--------- +lib/{container_memory.c => container_docker_memory.c} | 2 +- +lib/container_podman.c | 373 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +lib/container_podman_count.c | 114 +++++++++++++++++++++++++++++++++++++++ +lib/container_podman_stats.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +lib/json_helpers.c | 66 +++++++++++++++++++++++ +lib/processes.c | 1 + +lib/xmalloc.c | 17 ++++-- +lib/{xstrtol.c => xstrton.c} | 20 ++++++- +packages/Makefile.am | 8 +-- +packages/multibuild.sh | 16 +++++- +packages/specs/nagios-plugins-linux.spec.in | 6 +++ +plugins/Makefile.am | 13 ++++- +plugins/check_clock.c | 2 +- +plugins/check_cpu.c | 2 +- +plugins/check_cswch.c | 2 +- +plugins/check_docker.c | 4 +- +plugins/check_fc.c | 3 +- +plugins/check_intr.c | 2 +- +plugins/check_podman.c | 261 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +tests/Makefile.am | 16 +++--- +tests/{ts_container.data => ts_container_docker.data} | 0 +tests/ts_container_podman_GetContainerStats.data | 1 + +tests/ts_container_podman_ListContainers.data | 1 + +tests/{tslibcontainer_count.c => tslibcontainer_docker_count.c} | 6 +-- +tests/{tslibcontainer_memory.c => tslibcontainer_docker_memory.c} | 8 +-- +43 files changed, 1362 insertions(+), 96 deletions(-) +``` + + +## Version 25 ("Gentoo") +### May 5th, 2020 + +#### FIXES + +##### Fix issues reported by lgtm, clang, and Codacy + +Fix two security issues reported by lgtm analyzer, an issue reported by the clang static analyser v8, and some issues reported by Codacy. + +##### Library sysfsparser + +Fix debug messages in `sysfsparser_thermal_get_temperature()`. + +##### Plugin check_memory + +Add `min`, `max`, `warning` and `critical` to perfdata for `mem_available` and `mem_used` as asked by [sbraz](https://github.com/sbraz). + +Minor code cleanup, and typo fixes. + +##### Build system + +Fix compilation when *libcurl* headers are not installed. + +#### ENHANCEMENTS / CHANGES + +Udate the external *jsmn* library. + +Move some functions to the new library *perfdata*. + +##### Build system + +Fix a warning message about obsolete `AC_PROG_RANLIB`. + +Add a build option to disable libcurl: `--disable-libcurl`. + +##### Package creation + +Make rpm packages for Fedora 30 and Debian 10 (Buster) packages. + +Drop support for the Linux distribution Fedora 24-27 and Debian 6 (Squeeze). + +##### Test framework + +New unit test for `lib/perfdata.c`. + +#### GIT DIFF +``` +-- git diff --stat 440eefa c4a58b5 + +AUTHORS | 6 ++ +README.md | 16 ++-- +configure.ac | 17 +++-- +debian/changelog | 32 ++++++++ +include/Makefile.am | 1 + +include/json.h | 490 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------- +include/perfdata.h | 37 +++++++++ +include/string-macros.h | 1 + +include/thresholds.h | 9 ++- +lib/Makefile.am | 2 +- +lib/container_count.c | 7 +- +lib/container_memory.c | 8 +- +lib/cputopology.c | 3 +- +lib/json.c | 417 ------------------------------------------------------------------------------------------------------ +lib/perfdata.c | 85 +++++++++++++++++++++ +lib/sysfsparser.c | 41 +++++----- +lib/thresholds.c | 26 +++++-- +packages/Makefile.am | 25 ++++--- +packages/docker-shell-helpers/docker-shell-helpers.sh | 6 +- +packages/multibuild.sh | 30 +++----- +packages/specs/nagios-plugins-linux.spec.in | 14 +++- +plugins/check_clock.c | 10 +-- +plugins/check_cpu.c | 3 + +plugins/check_memory.c | 55 ++++++++++++-- +plugins/check_swap.c | 3 + +plugins/check_uptime.c | 8 +- +plugins/check_users.c | 3 +- +tests/Makefile.am | 9 ++- +tests/tslibcontainer_count.c | 2 +- +tests/tslibkernelver.c | 7 +- +tests/tslibperfdata.c | 111 +++++++++++++++++++++++++++ +31 files changed, 925 insertions(+), 559 deletions(-) +``` + + +## Version 24 +### January 13th, 2019 + +#### FIXES + +##### Plugin check_cpufreq + +The frequences returned by sysfs are in KHz. +This issue has been reported by [sbraz](https://github.com/sbraz). +Thanks! + +#### ENHANCEMENTS / CHANGES + +##### Plugin check_uptime + +Add warn, crit, and min values to perfdata. +Based on a merge request opened by [magmax](https://github.com/magmax). +Thanks! + +##### Plugin check_cpufreq + +Make it possible to output the values in Hz/kHz/mHz/gHz +by adding some new command-line switches: + * `-H,--Hz` + * `-K,--kHz` + * `-M,--mHz` + * `-G,--gHz` + +##### Build system + +Check for the compiler flag `-Wstringop-truncation` availability. + +Remove the autotools-generated file `libtool`. + +Fix unsupported warning options for clang (7.0.0): + * `-Wformat-signedness` + * `-Wstringop-truncation` + +Support Fedora 29 packaging (rpm packages generation). + +#### GIT DIFF +``` +-- git diff --stat 0a3b90b 0b7e7ea + +.github/ISSUE_TEMPLATE/bug_report.md | 26 + +.gitignore | 1 + +README.md | 8 +- +configure.ac | 3 +- +libtool | 11645 -------------------------------- +m4/cc_try_cflags.m4 | 4 +- +packages/Makefile.am | 7 +- +plugins/check_cpufreq.c | 35 +- +plugins/check_uptime.c | 9 +- +9 files changed, 73 insertions(+), 11665 deletions(-) +``` diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS-OLD nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS-OLD --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS-OLD 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/NEWS-OLD 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,660 @@ + + Major changes between "nagios-plugins-linux" versions 25 and 26 + -= Lockdown release =- + +-- Fixes: + +* Fix build with musl by including limits.h when PATH_MAX is used. + Bug reported and patched by Louis Sautier. + See also: https://bugs.gentoo.org/717038 + +* The build fails when '-fno-common' is added to CFLAGS. + + (.bss+0x8): multiple definition of `program_name' + (.bss+0x0): multiple definition of `program_name_short' + + This flag will be apparently enabled by default in gcc 10. + Bug reported by Louis Sautier. + +* Fixed travis CI build by Louis Sautier. + +-- Enhancements / Changes + +* New plugin check_podman for checking some runtime metric of podman + containers. + +* Package creation: + + * Add Fedora 32 and CentOS 8 to the supported distributions. + + -- git diff --stat f5c0edc 6c41cc9 + + .travis.yml | 2 +- + AUTHORS | 2 + + README.md | 30 ++++++++--- + configure.ac | 30 ++++++++++- + debian/copyright | 2 +- + include/Makefile.am | 8 +-- + include/collection.h | 2 +- + include/{container.h => container_docker.h} | 8 +-- + include/container_podman.h | 117 ++++++++++++++++++++++++++++++++++++++++ + include/{json.h => jsmn.h} | 0 + include/json_helpers.h | 35 ++++++++++++ + include/progname.h | 4 +- + include/testutils.h | 10 +++- + include/xalloc.h | 2 + + include/{xstrtol.h => xstrton.h} | 9 ++-- + lib/Makefile.am | 15 ++++-- + lib/collection.c | 25 ++++++--- + lib/{container_count.c => container_docker_count.c} | 34 +++--------- + lib/{container_memory.c => container_docker_memory.c} | 2 +- + lib/container_podman.c | 373 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + lib/container_podman_count.c | 114 +++++++++++++++++++++++++++++++++++++++ + lib/container_podman_stats.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + lib/json_helpers.c | 66 +++++++++++++++++++++++ + lib/processes.c | 1 + + lib/xmalloc.c | 17 ++++-- + lib/{xstrtol.c => xstrton.c} | 20 ++++++- + packages/Makefile.am | 8 +-- + packages/multibuild.sh | 16 +++++- + packages/specs/nagios-plugins-linux.spec.in | 6 +++ + plugins/Makefile.am | 13 ++++- + plugins/check_clock.c | 2 +- + plugins/check_cpu.c | 2 +- + plugins/check_cswch.c | 2 +- + plugins/check_docker.c | 4 +- + plugins/check_fc.c | 3 +- + plugins/check_intr.c | 2 +- + plugins/check_podman.c | 261 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + tests/Makefile.am | 16 +++--- + tests/{ts_container.data => ts_container_docker.data} | 0 + tests/ts_container_podman_GetContainerStats.data | 1 + + tests/ts_container_podman_ListContainers.data | 1 + + tests/{tslibcontainer_count.c => tslibcontainer_docker_count.c} | 6 +-- + tests/{tslibcontainer_memory.c => tslibcontainer_docker_memory.c} | 8 +-- + 43 files changed, 1362 insertions(+), 96 deletions(-) + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 24 and 25 + -= Gentoo release =- + +-- Fixes: + +* Fix two security issues reported by lgtm analyzer, an issue + reported by the clang static analyser v8, and some issues reported + by Codacy. + +* sysfsparser lib: fix debug messages in + "sysfsparser_thermal_get_temperature()". + +* check_memory: + + * Minor code cleanup. + * Fix typo. + * Add perfdata to mem_available and mem_used: + Add min, max, warning and critical in perfdata for + "mem_available" and "mem_used" as asked by sbraz. + +* Build system: + + * Fix compilation when libcurl headers are not installed. + +-- Enhancements / Changes + +* Udate the external jsmn library. + +* Move some functions to the new library 'perfdata'. + +* Build system: + + * Fix warning message about obsolete AC_PROG_RANLIB + * Add a build option to disable libcurl: --disable-libcurl + +* Package creation: + + * Make rpm packages for Fedora 30 and Debian 10 (Buster) packages. + * Drop support for Fedora 24-27 and Debian 6 (Squeeze). + +* Test framework: + + * new unit test for lib/perfdata.c + + -- git diff --stat 440eefa c4a58b5 + + AUTHORS | 6 ++ + README.md | 16 ++-- + configure.ac | 17 +++-- + debian/changelog | 32 ++++++++ + include/Makefile.am | 1 + + include/json.h | 490 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------- + include/perfdata.h | 37 +++++++++ + include/string-macros.h | 1 + + include/thresholds.h | 9 ++- + lib/Makefile.am | 2 +- + lib/container_count.c | 7 +- + lib/container_memory.c | 8 +- + lib/cputopology.c | 3 +- + lib/json.c | 417 ------------------------------------------------------------------------------------------------------ + lib/perfdata.c | 85 +++++++++++++++++++++ + lib/sysfsparser.c | 41 +++++----- + lib/thresholds.c | 26 +++++-- + packages/Makefile.am | 25 ++++--- + packages/docker-shell-helpers/docker-shell-helpers.sh | 6 +- + packages/multibuild.sh | 30 +++----- + packages/specs/nagios-plugins-linux.spec.in | 14 +++- + plugins/check_clock.c | 10 +-- + plugins/check_cpu.c | 3 + + plugins/check_memory.c | 55 ++++++++++++-- + plugins/check_swap.c | 3 + + plugins/check_uptime.c | 8 +- + plugins/check_users.c | 3 +- + tests/Makefile.am | 9 ++- + tests/tslibcontainer_count.c | 2 +- + tests/tslibkernelver.c | 7 +- + tests/tslibperfdata.c | 111 +++++++++++++++++++++++++++ + 31 files changed, 925 insertions(+), 559 deletions(-) + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 23 and 24 + -= New Year 2019 release =- + +-- Fixes: + +* check_cpufreq: the frequences returned by sysfs are in KHz. + This issue has been reported by "sbraz". Thanks! + +-- Enhancements + +* check_uptime: add warn, crit, and min values to perfdata + Based on a merge request opened by "magmax" (https://github.com/magmax). + Thanks! + +* check_cpufreq: make it possible to output the values in Hz/kHz/mHz/gHz + by adding some new command-line switches: + + -H | --Hz + -K | --kHz + -M | --mHz + -G | --gHz + +* Build system: + + * Check for the compiler flag `-Wstringop-truncation' availability. + + * Remove the autotools-generated file `libtool'. + + * Fix unsupported warning options for clang (7.0.0): + + `-Wformat-signedness' + `-Wstringop-truncation' + + * Support Fedora 29 packaging (rpm packages generation). + + +-- git diff --stat 0a3b90b 0b7e7ea + + .github/ISSUE_TEMPLATE/bug_report.md | 26 + + .gitignore | 1 + + README.md | 8 +- + configure.ac | 3 +- + libtool | 11645 -------------------------------- + m4/cc_try_cflags.m4 | 4 +- + packages/Makefile.am | 7 +- + plugins/check_cpufreq.c | 35 +- + plugins/check_uptime.c | 9 +- + 9 files changed, 73 insertions(+), 11665 deletions(-) + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 22 and 23 + -= Korbielow.pl 2018 release =- + +-- Enhancements + +* New plugin 'check_docker': + + This new plugin can be used for: + * checking the total number of running docker containers or the containers + of a given type + * checking the memory usage (alpha!) + +* Build system: + + * Build the sources with the available compiler's hardening flags. + The following compiler flags are tested/added when available: + * -D_FORTIFY_SOURCE=2 (Buffer overflow checks) + * -fstack-protector-strong or -fstack-protector-all + * -fpie -fPIE (Position Independent Executable support) + * -Wstack-protector + * -Wl,-z,relro (RELRO (read-only relocation)) + * -Wl,-z,now + + The option `--disable-hardening' disable the attempt to harden + the resulting executables. + + * End the ./configure output with a summary of the build options. + + * Add the option --enable-werror to ./configure, to make all warnings + as errors. This option is disabled by default. + +* Package creation: + + * Add Fedora 27 and Fedora 28 to the supported distributions. + +* Test framework: + + * Some new unit tests have been added. + * lib/container + * lib/url_encode + * tests/testutils + +-- Fixes: + +* Fix some issues reported by Codacy, Coverity, and LGTM. + +-- Experimental + +* Add the command line option `--enable-libprocps' that will + link the binaries with the library libprocps newlib instead + of using the internal libraries. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 21 and 22 + -- "Commit 600" release + +-- Fixes + +* vminfo lib: add the following items to the /proc/vmstat parser: + - vm_pgalloc_dma32 + - vm_pgrefill_dma32 + - vm_pgscan_direct_dma32 + - vm_pgscan_kswapd_dma32 + - vm_pgsteal_dma32 + - vm_pgsteal_direct_dma + - vm_pgsteal_direct_dma32 + + The DMA32 memory zone is only available on 64-bit linux + (low ~4GBytes of memory). This patch can slightly modify the value + of the memory counters reported by check_memory. + +-- Enhancements + +* Fix several warnings reported by Codacy and Codeclimate. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 20 and 21 + +-- Enhancements + +* check_paging: the command-line option `--swapping-only' has been + added for displaying only the swap reads and writes. The help + message has been updated and improved by added some lines that + explain which kernel variable(s) are selected when a user specify + the warning and/or critical thresholds. + +* The Docker-based framework for packaging the Nagios Plugins for + Linux (test-build) supports two new extra distributions: + + Debian 9 (Stretch) + Fedora 26 + +* The test framework (make check) has been reworked and enriched in + new modules: + + tests/tsclock_thresholds + tests/tscswch + tests/tsintr + tests/tslibmeminfo_conversions + tests/tslibmeminfo_interface + tests/tslibmeminfo_procparser + tests/tslibmessages + tests/tslibvminfo + tests/tsload_normalize + tests/tsload_thresholds + tests/tspaging + tests/tstemperature + tests/tsuptime + + The result of each text execution is now diplayed with colors. + +* The code of several plugins has been polished and modularized to + allow testing. + +* The glibc function `secure_getenv()' (or `__secure_getenv()' on + Ubuntu, and maybe other distributions) is now used, instead of + `getenv()', in the test code to improve security. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 19 and 20 + +-- Security fixes + +* Some insecure data handling issues discovered by Coverity in the + new test framework have been fixed. + +-- Enhancements + +* The Clang Static Analyser can now be executed by running the command + make -C tests check-clang-checker + in the project root directory. + All the warnings spotted by this code analyser have been fixed. + +* A new Docker-based framework for packaging the Nagios Plugins for + Linux (rpm and deb packages) is now available. + The supported Linux distributions follow: + + CentOS 5/6/7 + Debian 6 (Squeeze), 7 (Wheezy), 8 (Jessie) + Fedora 24/25/rawhide + RHEL 5/6/7 + +* Nagios Plugins for Linux has been Debianized. + +* The messages displayed in case of a too large "count" or "delay" + error have been improved. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 18 and 19 + +-- Fixes + +* check_multipath: recent versions of multipath no longer open a + multipathd socket file in the file system, but instead use an + abstract namespace socket: @/org/kernel/linux/storage/multipathd. + Thanks to Chris Procter "chr15p" for reporting the issue and + creating a pull request. + +* check_load: fixed the performance data output + +-- Security fixes + + check_cpu: fixed coverity 152987 "Untrusted loop bound" + check_cswch: fixed coverity 152985 "Untrusted loop bound" + check_fc: fixed coverity 152984 "Untrusted value as argument" + check_intr: fixed coverity 152986 "Untrusted loop bound" + +-- Enhancements + +* check_multipath: fixed the long-standing gcc compiler warning: + "dereferencing type-punned pointer might break strict-aliasing + rules [-Wstrict-aliasing]". + This was a false problem, but the code has been modified to quiet + the warning. + +* check_multipath: use a larger buffer for queries to make this + plugin working with systems that have lots of mapped disks. + +* test-suite: a framework for testing the code (make check) has been + added and some tests are now available. + +-- Compatibility issues + +* check_multipath: by default the abstract namespace socket + "@/org/kernel/linux/storage/multipathd" is now selected at build + time. If you need to monitor old distributions (RHEL5 and RHEL6 + for instance) you need to configure this package as followed: + + ./configure --with-socketfile=/var/run/multipathd.sock + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 17 and 18 + +-- Fixes + +* check_clock, + check_cpufreq, + check_cswch, + check_intr, + check_multipath, + check_nbprocs, + check_network, + check_tcpcount, + check_users: fix the return code of the warning and critical + case. Thanks Paul Dunkler for pointing out this issue. + +* check_cpu: fix the detection of the CPU 64-bit op-mode. + +* check_cpu: fix a memory resource leak reported by the Coverity Scan + tool. + +* meminfo lib (check_memory): use SReclaimable in cached. + The cached memory is something you can get back and reclaim if + under memory pressure. Make cached only use the reclaimable + component and ignore the unreclaimable values which doesn't make + sense in this context. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 16 and 17 + -- "400th (git) commit" release + +-- Enhancements + +* check_fc: new plugin for checking the status of the fiber channel + ports. + +-- Fixes + +* Fix a resource leak in the library 'thresholds'. + +* Minor fix in the library 'interrupt'. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 15 and 16 + -- "25 aprile" release + +-- Enhancements + +* check_cpufreq: new plugin. + +* meminfo lib: reduce the memory footprint by not allocating the + variable exported by /proc/memory and not used by any plugin. + +* check_cpu: new option '--per-cpu' for checking the CPU utilization + for each CPU. A warning message is returned if at least one CPU + exceeds the warning threshold and no CPU exceed the critical state. + A critical message is returned if at least one CPU exceeds the + critical threshold. + The option '--cpufreq' has been removed because this information is + now provided by the new plugin 'check_cpufreq'. + +-- Fixes + +* check_multipath: fix the regular expression that catches the failed + paths and that prevented the plugin from working correctly. + +* Improved code quality based on the Coverity scan analysis. + +* Build system: minor fixes to make the Travis-CI Continuous + Integration work - gcc (Ubuntu/Linaro 4.6.3-1ubuntu5) environment. + Update some obsolete macros used by configure.ac. + Portability has been improved. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 14 and 15 + +-- Enhancements + +* check_memory / meminfo lib: the command line option '-C|--caches' + now does nothing but is still accepted for compatibility. + The memory usage calculation has been reviewed and is now more + accurate. The changes are based on the (long) discussions and + patches that have been recently posted in the procps mailing list. + +* check_memory / meminfo lib: a fall-back has been implemented in + order to provide the memory available counter for the linux kernels + 2.6.27 and above, + +* check_cpu: add one decimal digit to the counters 'cpu_user', + 'cpu_system', 'cpu_idle', 'cpu_iowait', and 'cpu_steal'. + +* check_cpu: new command line option '-m|--no-cpu-model' for removing + the cpu model description from the output message. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 13 and 14 + -= Korbielow 2014 release =- + +-- Enhancements + +* check_users: new '--verbose' mode, for debugging. + +* check_uptime: new option '-m|--clock-monotonic' for retrieving the + time of the linux monotonic clock instead of using the system + statistics returned by 'sysinfo()'. + +* New library 'xstrtol' containing the function 'strtol_or_err' that + was previosly duplicated in several plugins. + +-- Fixes + +* check_clock: option '--refclock': validate the input instead of + returning crap when the date format is unsupported. + +* check_readonlys: do not dereference a null pointer string in the + output message when no readonly filesystems are detected. + +* Minor fixes. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 12 and 13 + +-- Enhancements + +* The build system, the plugins and libraries are been reworked in + order to support some older Linux kernels and (gcc) compilers. + The "nagios-plugins-linux" can now be compiled and run on older + linux systems, like RHEL 5 (gcc 4.1.2, kernel 2.6.18). + +* check_memory: new option '-a|--available' for selecting the kernel + counter 'MemAvailable' instead of the default one (memory used). + This feature requires a Linux kernel 3.14 or better. + For older kernels the plugin falls back to the free memory counter. + +-- Fixes + +* check_tcpcount: do not exit with 'error opening /proc/net/tcp6' + when the command line option '--tcp6' has not been specified. + +* cpustats library: do not exit with an error message if 'softirq' + cannot be found in /proc/stat'. This entry is not provided by old + kernels. + +===================================================================== + + Major changes between "nagios-plugins-linux" versions 11 and 12 + +* New plugin 'check_intr'. +* meminfo library: get 'MemAvailable' value from /proc/meminfo + (kernel 3.14+) for a future usage. +* check_cswch: fix the unit displayed in the output message when + 'count' is 1. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 10 and 11 + +* New plugin 'check_cswch'. +* check_cpu: better output of '--cpuinfo' when a hot pluggable cpu + is offline. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 9 and 10 + +* check_temperature: modify the syntax of the switch command +* check_temperature: add the sensor type to the output message. +* check_temperature. the code has been reworked and most of the code + moved to the sysfsparser library. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 8 and 9 + +* New plugin 'check_temperature'. +* check_cpu: add the CPU frequencies to the plugin perfdata. +* check_cpu: new summary mode (command line switch: '--cpuinfo'). + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 7 and 8 + +* New plugin 'check_network'. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 6 and 7 + +* New plugin 'check_clock'. +* Conditionally enable ('--degub') the debug messages at build time. +* Minor fixes. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 5 and 6 + +* New plugin 'check_nbprocs'. +* The verbose mode is not avaiblable in the plugin 'check_tcpcount'. +* Minor fixes. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 4 and 5 + +* New plugins 'check_paging' and 'check_tcpcount'. +* The plugun 'check_load' now always display the three loads (1, 5, + and 15 minuts load) in the perfdata. +* Plugins 'check_memory', 'check_swap': new argument '--vmstats'. +* Plugin 'check_memory': properly handle memory used by tmpfs. +* Reports the paging activity per second instead of the value since + last boot in 'check_memory', and 'check_swap'. +* The internal libraries have been completely reworked. +* Build system: rework the build system and enable the silent mode. +* Several fixes. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 3 and 4 + +* New plugins 'check_users' and 'check_multipath'. +* Code cleanups. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 2 and 3 + +* New plugin 'check_cpu'. +* The plugin 'check_io_latency' has been renamed to 'check_iowait'. + +====================================================================== + + Major changes between "nagios-plugins-linux" versions 1 and 2 + +* New plugins 'check_load' and 'check_io_latency'. +* A C99 compliant compiler is now required for building the source + code. +* The internal library has been reworked and some new functions have + been added. +* Minor fixes and code cleanups. + +====================================================================== + + Nagios Plugins Linux version 1 + +* Available plugins: + - check_ifmountfs, check_readonlyfs; + - chck_memory, check_swap; + - check_uptime. +* An internal static library containing the common code has been + created. diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,81 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2016-2019 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +multibuilddir = $(shell pwd) + +DOCKER = /usr/bin/docker +SPECFILE = $(PACKAGE).spec + +# GID and UID of the user 'developer' +GID ?= "$(shell id -g)" +UID ?= "$(shell id -u)" + +MULTIBUILD_SCRIPT = $(multibuilddir)/multibuild.sh + +MULTIBUILD_OPTS = \ + --shared $(top_srcdir):/shared:rw \ + --gid $(GID) \ + --uid $(UID) \ + --pckver $(PACKAGE_VERSION) + +TARGETS_ALPINE = \ + alpine-3.12 \ + alpine-3.13 \ + alpine-3.14 +alpine-latest: alpine-3.14 + +TARGETS_DEBIAN = \ + debian-jessie debian-stretch debian-buster +debian-8: debian-jessie +debian-9: debian-stretch +debian-10: debian-buster +debian-latest: debian-buster + +TARGETS_REDHAT = \ + centos-5 centos-6 centos-7 centos-8 \ + fedora-32 fedora-33 fedora-34 \ + fedora-rawhide +centos-latest: centos-8 +fedora-latest: fedora-34 + +.PHONY: specfile +specfile: + @cd $(builddir)/specs && $(MAKE) $(AM_MAKEFLAGS) all + +.PHONY: source-archive +source-archive: + @cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) dist + +$(TARGETS_ALPINE): source-archive $(DOCKER) $(MULTIBUILD_SCRIPT) + @distr=`echo $@ | sed s/-/:/`; \ + $(SHELL) $(MULTIBUILD_SCRIPT) $(MULTIBUILD_OPTS) \ + --spec $(multibuilddir)/specs/APKBUILD \ + --os $$distr --target pcks/$@ + +$(TARGETS_DEBIAN): source-archive $(DOCKER) $(MULTIBUILD_SCRIPT) + @distr=`echo $@ | sed s/-/:/`-slim; \ + $(SHELL) $(MULTIBUILD_SCRIPT) $(MULTIBUILD_OPTS) \ + --os $$distr --target pcks/$@ + +$(TARGETS_REDHAT): specfile source-archive $(DOCKER) $(MULTIBUILD_SCRIPT) + @distr=`echo $@ | sed s/-/:/`; \ + $(SHELL) $(MULTIBUILD_SCRIPT) $(MULTIBUILD_OPTS) \ + --spec $(multibuilddir)/specs/$(SPECFILE) \ + --os $$distr --target pcks/$@ + +EXTRA_DIST = docker-shell-helpers multibuild.sh +SUBDIRS = specs diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/multibuild.sh nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/multibuild.sh --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/multibuild.sh 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/multibuild.sh 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,277 @@ +#!/bin/bash +# Multi-platform build system +# Copyright (C) 2016-2020 Davide Madrisan + +PROGNAME="${0##*/}" +PROGPATH="${0%/*}" +REVISION=3 + +die () { echo -e "$PROGNAME: error: $1" 1>&2; exit 1; } +msg () { echo "*** info: $1"; } + +docker_helpers="$PROGPATH/docker-shell-helpers/docker-shell-helpers.sh" + +[ -r "$docker_helpers" ] || die "no such file: $docker_helpers" +# shellcheck source=/dev/null +. "$docker_helpers" + +usage () { + cat <<__EOF +Usage: $PROGNAME -o -s [-d ] [--spec ] \ +[-t ] -v + $PROGNAME --help + $PROGNAME --version + +Where: + -d|--distro : distribution name (default: no distribution set) + -o|--os : distribution (example: centos:centos6) + -s|--shared : shared folder that will be mounted on the docker instance + --spec : the specfile to be used for building the rpm packages + -t|--target : the directory where to copy the rpm packages + -v|--pckver : the package version + -g|--gid : group ID of the user 'developer' used for building the software + -u|--uid : user ID of the user 'developer' used for building the software + +Supported distributions: + CentOS 5/6/7/8 + Debian jessie/stretch/buster + Fedora 31/32/33/rawhide + +Example: + $0 -s $PROGPATH/../../nagios-plugins-linux:/shared:rw \\ + --spec specs/nagios-plugins-linux.spec \\ + -t pcks -d mamba -g 100 -u 1000 -o centos:latest + $0 -s $PROGPATH/../../nagios-plugins-linux:/shared:rw \\ + -t pcks -d mamba -v 20 -o debian:jessie + +__EOF +} + +help () { + cat <<__EOF +$PROGNAME v$REVISION - containerized software build checker +Copyright (C) 2016-2020 Davide Madrisan + +__EOF + + usage +} + +while test -n "$1"; do + case "$1" in + --help|-h) help; exit 0 ;; + --version|-V) + echo "$PROGNAME v$REVISION" + exit 0 ;; + --distro|-d) + usr_distro="$2"; shift ;; + --gid|-g) + usr_gid="$2"; shift ;; + --os|-o) + usr_os="$2"; shift ;; + --shared|-s) + usr_disk="$2"; shift ;; + --spec) + usr_specfile="$2"; shift ;; + --target|-t) + usr_targetdir="$2"; shift ;; + --pckver|-v) + usr_pckver="$2"; shift ;; + --uid|-u) + usr_uid="$2"; shift ;; + --*|-*) die "unknown argument: $1" ;; + *) die "unknown option: $1" ;; + esac + shift +done + +[ "$usr_disk" ] || { usage; exit 1; } +[ "$usr_os" ] || { usage; exit 1; } +[ "$usr_specfile" ] && + { [ -r "$usr_specfile" ] || die "no such file: $usr_specfile"; } +[ "$usr_pckver" ] || { usage; exit 1; } + +# parse the shared disk string +IFS_save="$IFS" +IFS=":"; set -- $usr_disk +shared_disk_host="$(readlink -f "$1")" +shared_disk_container="$2" +IFS="$IFS_save" + +([ "$shared_disk_host" ] && [ "$shared_disk_container" ]) || + die "bad syntax for --shared" + +if [ "$usr_specfile" ]; then + specfile="$(readlink -f "$usr_specfile")" + case "$specfile" in + ${shared_disk_host}*) + specfile="./${specfile#$shared_disk_host}" ;; + *) die "the specfile must be in $shared_disk_host" ;; + esac +fi +if [ "$usr_targetdir" ]; then + targetdir="$(readlink -m "$usr_targetdir")" + case "$targetdir" in + ${shared_disk_host}*) + targetdir="$shared_disk_container/${targetdir#$shared_disk_host}" ;; + *) die "the target dir must be in $shared_disk_host" ;; + esac +fi + +msg "instantiating a new container based on $usr_os ..." +container="$(container_create --random-name --os "$usr_os" \ + --disk "$shared_disk_host:$shared_disk_container")" || + die "failed to create a new container with os $usr_os" + +container_start "$container" + +ipaddr="$(container_property --ipaddr "$container")" +os="$(container_property --os "$container")" + +case "$os" in + alpine-*) + pck_format="apk" + pck_install="apk add" + pcks_dev="alpine-sdk curl-dev" + have_libcurl="1" + have_libvarlink="0" + ;; + centos-*) + pck_format="rpm" + pck_install="yum install -y" + pck_dist=".el${os:7:1}" + pcks_dev="bzip2 make gcc libcurl-devel xz rpm-build" + # requires libcurl-devel 7.40.0+ which is not available in < CentOS 8 + case "$os" in centos-8.*) have_libcurl="1" ;; *) have_libcurl="0" ;; esac + have_libvarlink="0" + ;; + debian-*) + pck_format="deb" + pck_install="\ +export DEBIAN_FRONTEND=noninteractive; +apt-get update && apt-get -y --no-install-recommends install" + pcks_dev="\ +build-essential bzip2 debhelper devscripts fakeroot gcc make pkg-config xz-utils" + pcks_dev="$pcks_dev libcurl4-gnutls-dev" ;; + fedora-*) + pck_format="rpm" + pck_install="dnf install -y" + pck_dist=".fc${os:7:2}" + pcks_dev="bzip2 make gcc libcurl-devel libvarlink-devel xz rpm-build" + have_libcurl="1" + have_libvarlink="1" ;; + *) die "unsupported os: $os" ;; +esac +pck_dist="${pck_dist}${usr_distro:+.$usr_distro}" + +pckname="nagios-plugins-linux" + +echo "\ +Container \"$container\" status:running ipaddr:$ipaddr os:$os +" + +if [ "$have_libcurl" = "0" ]; then + msg "the docker plugin will not be built because libcurl is too old." +else + msg "the available curl library allows the docker plugin to be built." +fi + +msg "testing the build process inside $container ..." +container_exec_command "$container" "\ +# fixes for debian 6 (squeeze) +[ -r /etc/debian_version ] && +case \"\$(cat /etc/debian_version 2>/dev/null)\" in + 6.*) sed -i 's,httpredir,archive,g; + /squeeze-updates/d;' /etc/apt/sources.list ;; +esac + +# install the build prereqs +$pck_install $pcks_dev + +# create a non-root user for building the software (developer) ... +case $os in + alpine-*) + addgroup -g 1000 developers + adduser -D -G developers -u 1000 -s /bin/sh developer + addgroup developer abuild + #abuild-keygen -a -i + ;; + *) groupadd -g $usr_gid developers + useradd -m -g $usr_gid -u $usr_uid -s /bin/bash developer + ;; +esac + +# ... and switch to this user +su - developer -c ' +msg () { echo \"*** info: \$1\"; } + +mkdir -p $targetdir + +if [ \"'$pck_format'\" = apk ]; then + mkdir -p ~/${pckname} + cp -p $shared_disk_container/${pckname}*.tar.* ~/${pckname} + cp -p $shared_disk_container/$specfile ~/${pckname} + + msg \"creating the required abuild certificates ...\" + abuild-keygen -n -a + cat .abuild/abuild.conf + echo + find /home/developer/.abuild/ -name \"*rsa*\" -exec cat {} \\; + echo + + msg \"creating the apk packages ...\" + cd ~/${pckname} + abuild checksum + abuild -r + + if [ \"'$targetdir'\" ]; then + msg \"copying the apk packages to the target folder ...\" + cp -p ../packages/developer/$(arch)/*.apk $targetdir + fi +elif [ \"'$pck_format'\" = rpm ] && [ \"'$specfile'\" ]; then + mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} + cp -p $shared_disk_container/$specfile ~/rpmbuild/SPECS/ + cp -p $shared_disk_container/${pckname}*.tar.* ~/rpmbuild/SOURCES/ + + msg \"creating the rpm packages ...\" + pushd ~/rpmbuild/SPECS/ &>/dev/null + rpmbuild \ + --define=\"dist $pck_dist\" \ + --define=\"_topdir \$HOME/rpmbuild\" \ + --define=\"have_libcurl $have_libcurl\" \ + --define=\"have_libvarlink $have_libvarlink\" \ + -ba ${pckname}.spec + + msg \"testing the installation of the rpm packages ...\" + rpm --test -hiv ../RPMS/*/*.rpm || exit 1 + + if [ \"'$targetdir'\" ]; then + msg \"copying the rpm packages to the target folder ...\" + cp -p ../SRPMS/*.src.rpm ../RPMS/*/*.rpm $targetdir + fi + popd &>/dev/null +elif [ \"'$pck_format'\" = deb ]; then + msg \"creating the origin package ${pckname}_${usr_pckver}.orig.tar.xz...\" + mkdir -p ~/debian-build + cp $shared_disk_container/${pckname}-${usr_pckver}.tar.xz \ + ~/debian-build/${pckname}_${usr_pckver}.orig.tar.xz + + export PATH=\$PATH:/usr/sbin:/sbin + + msg \"creating the deb package and build files for version ${usr_pckver}...\" + cd ~/debian-build + tar xf ${pckname}_${usr_pckver}.orig.tar.xz + cd ~/debian-build/${pckname}-${usr_pckver} + debuild -us -uc || exit 1 + msg \"testing the installation of the deb package(s) ...\" + dpkg --dry-run -i ../*.deb || exit 1 + + if [ \"'$targetdir'\" ]; then + msg \"copying the debian packages to the target folder ...\" + cp -p ../*.{changes,deb,dsc,orig.tar.*} $targetdir + fi +fi +'" + +msg "removing the temporary container ..." +container_remove "$container" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/APKBUILD.in nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/APKBUILD.in --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/APKBUILD.in 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/APKBUILD.in 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,44 @@ +# Contributor: +# Maintainer: Davide Madrisan +pkgname=@package@ +pkgver=@version@ +pkgrel=@release@ +pkgdesc="Nagios Plugins for Linux" +url="https://github.com/madrisan/nagios-plugins-linux" +arch="all" +license="GPL-3.0-or-later" +depends="" +makedepends="autoconf automake bzip2 curl-dev file gcc libtool linux-headers make m4 musl-dev tar xz" +install="" +subpackages="" +source="$pkgname-$pkgver.tar.xz" +builddir="$srcdir/$pkgname-$pkgver" + +prepare() { + cd "$builddir" + autoreconf -vif || return 1 +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libexecdir=/usr/lib/nagios/plugins \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var + make +} + +check() { + cd "$builddir" + make check +} + +package() { + make DESTDIR="$pkgdir" install +} + +sha512sums="129c696cee4b2638e6106289e398f6823caabb382ca8e1a867f8b35985f99d7dc69a14308eaeed0a6b788e244a13778c7cdf28b4ff70354b5620f7d646225a44 nagios-plugins-linux-27.tar.xz" diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,36 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2016 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +INFILES := $(wildcard APKBUILD.in *.spec.in) +OUTFILES := $(INFILES:.in=) + +PACKAGE_RELEASE = 1 + +SUFFIXES = .in +.in:; @echo "Generating $@...";\ + sed "s,@package@,$(PACKAGE_NAME),g;\ + s,@version@,$(PACKAGE_VERSION),g;\ + s,@release@,$(PACKAGE_RELEASE),g;\ + s,@plugindir@,$(PLUGINDIR),g;\ + s,@date@,`LC_ALL="C" date "+%a %b %d %Y"`," $< > $@ + +EXTRA_DIST = $(INFILES) + +all: $(OUTFILES) + +clean-local: + rm -f $(OUTFILES) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/nagios-plugins-linux.spec.in nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/nagios-plugins-linux.spec.in --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/nagios-plugins-linux.spec.in 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/packages/specs/nagios-plugins-linux.spec.in 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,341 @@ +Name: nagios-plugins-linux +Version: @version@ +Release: @release@%{?dist} +Summary: Linux plugins for nagios compatible monitoring systems + +Group: Applications/System +License: GPLv3+ +URL: https://github.com/madrisan/nagios-plugins-linux/wiki +Source0: https://github.com/madrisan/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz + +BuildRequires: gcc +BuildRequires: make +BuildRequires: glibc-devel + +#Requires: nagios-common >= 3.3.1-1 + +%if 0%{?rhel} < 6 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +%endif + +%description +A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + +%package all +Summary: Nagios Plugins Linux - All plugins +Group: Applications/System +Requires: nagios-plugins-linux-clock +Requires: nagios-plugins-linux-cpu +Requires: nagios-plugins-linux-cpufreq +Requires: nagios-plugins-linux-cswch +%if 0%{?!have_libcurl} +Requires: nagios-plugins-linux-docker +%endif +Requires: nagios-plugins-linux-ifmountfs +Requires: nagios-plugins-linux-intr +Requires: nagios-plugins-linux-iowait +Requires: nagios-plugins-linux-load +Requires: nagios-plugins-linux-memory +Requires: nagios-plugins-linux-multipath +Requires: nagios-plugins-linux-nbprocs +Requires: nagios-plugins-linux-network +Requires: nagios-plugins-linux-paging +%if 0%{?!have_libvarlink} +Requires: nagios-plugins-linux-podman +%endif +Requires: nagios-plugins-linux-pressure +Requires: nagios-plugins-linux-readonlyfs +Requires: nagios-plugins-linux-swap +Requires: nagios-plugins-linux-tcpcount +Requires: nagios-plugins-linux-temperature +Requires: nagios-plugins-linux-uptime +Requires: nagios-plugins-linux-users + +%description all +A suite of Nagios/NRPE plugins for monitoring Linux servers and appliances. + +%package clock +Summary: Nagios plugins for Linux - check_clock +Group: Applications/System + +%description clock +This Nagios plugin returns the number of seconds elapsed between local time and Nagios time. + +%package cpu +Summary: Nagios plugins for Linux - check_cpu +Group: Applications/System + +%description cpu +This Nagios plugin checks the CPU (user mode) utilization. + +%package cpufreq +Summary: Nagios plugins for Linux - check_cpufreq +Group: Applications/System + +%description cpufreq +This Nagios plugin displays the CPU frequency characteristics. + +%package cswch +Summary: Nagios plugins for Linux - check_cpu +Group: Applications/System + +%description cswch +This Nagios plugin monitors the total number of context switches per second across all CPUs. + +%if 0%{?have_libcurl} +%package docker +Summary: Nagios plugins for Linux - check_docker +Group: Applications/System + +%description docker +This Nagios plugin checks the memory and the number of running docker container. +%endif + +%package fc +Summary: Nagios plugins for Linux - check_fc +Group: Applications/System + +%description fc +This Nagios plugin monitors the status of the fiber status ports. + +%package ifmountfs +Summary: Nagios plugins for Linux - check_ifmountfs +Group: Applications/System + +%description ifmountfs +This Nagios plugin checks whether the given filesystems are mounted. + +%package intr +Summary: Nagios plugins for Linux - check_intr +Group: Applications/System + +%description intr +This Nagios plugin monitors the interrupts serviced per second, including unnumbered architecture specific interrupts. + +%package iowait +Summary: Nagios plugins for Linux - check_iowait +Group: Applications/System + +%description iowait +This Nagios plugin monitors the I/O wait bottlenecks. + +%package load +Summary: Nagios plugins for Linux - check_load +Group: Applications/System + +%description load +This Nagios plugin checks the current system load average. + +%package memory +Summary: Nagios plugins for Linux - check_memory +Group: Applications/System + +%description memory +This Nagios plugin checks the memory usage. + +%package multipath +Summary: Nagios plugins for Linux - check_multipath +Group: Applications/System + +%description multipath +This Nagios plugin checks the multipath topology status. + +%package nbprocs +Summary: Nagios plugins for Linux - check_nbprocs +Group: Applications/System + +%description nbprocs +This Nagios plugin displays the number of running processes per user. + +%package network +Summary: Nagios plugins for Linux - check_network +Group: Applications/System + +%description network +This Nagios plugin displays some network interfaces statistics. + +%package paging +Summary: Nagios plugins for Linux - check_paging +Group: Applications/System + +%description paging +This Nagios plugin checks the memory and swap paging. + +%if 0%{?have_libvarlink} +%package podman +Summary: Nagios plugins for Linux - check_podman +Group: Applications/System + +%description podman +This Nagios plugin returns some runtime metrics of Podman containers. +%endif + +%package pressure +Summary: Nagios plugins for Linux - check_pressure +Group: Applications/System + +%description pressure +This Nagios plugin checks the Linux Pressure Stall Information (PSI) data. + +%package readonlyfs +Summary: Nagios plugins for Linux - check_readonlyfs +Group: Applications/System + +%description readonlyfs +This Nagios plugin checks for readonly filesystems. + +%package swap +Summary: Nagios plugins for Linux - check_swap +Group: Applications/System + +%description swap +This Nagios plugin checks the swap usage. + +%package tcpcount +Summary: Nagios plugins for Linux - check_tcpcount +Group: Applications/System + +%description tcpcount +This Nagios plugin checks the tcp network usage. + +%package temperature +Summary: Nagios plugins for Linux - check_temperature +Group: Applications/System + +%description temperature +This Nagios plugin monitors the hardware's temperature. + +%package uptime +Summary: Nagios plugins for Linux - check_uptime +Group: Applications/System + +%description uptime +This Nagios plugin checks how long the system has been running. + +%package users +Summary: Nagios plugins for Linux - check_users +Group: Applications/System + +%description users +This Nagios plugin displays the number of users that are currently logged on. + +%prep +%setup -q + +%build +%configure --libexecdir=%{_libdir}/nagios/plugins \ +%if 0%{?rhel} < 7 + --with-socketfile=/var/run/multipathd.sock +%endif + +make %{?_smp_mflags} + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +make DESTDIR=%{buildroot} install + +%files all +%defattr(-,root,root) +%doc AUTHORS COPYING NEWS README + +%files clock +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_clock + +%files cpu +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_cpu + +%files cpufreq +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_cpufreq + +%files cswch +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_cswch + +%if 0%{?have_libcurl} +%files docker +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_docker +%endif + +%files fc +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_fc + +%files ifmountfs +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_ifmountfs + +%files intr +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_intr + +%files iowait +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_iowait + +%files load +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_load + +%files memory +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_memory + +%files multipath +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_multipath + +%files nbprocs +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_nbprocs + +%files network +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_network +%{_libdir}/nagios/plugins/check_network_* + +%files paging +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_paging + +%if 0%{?have_libvarlink} +%files podman +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_podman +%endif + +%files pressure +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_pressure + +%files readonlyfs +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_readonlyfs + +%files swap +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_swap + +%files tcpcount +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_tcpcount + +%files temperature +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_temperature + +%files uptime +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_uptime + +%files users +%defattr(-,root,root) +%{_libdir}/nagios/plugins/check_users + +%changelog + +* @date@ Davide Madrisan @version@-@release@ +- Upstream version @version@ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_clock.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_clock.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_clock.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_clock.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,175 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015 Davide Madrisan + * + * A Nagios plugin that returns the number of seconds elapsed between + * local time and Nagios time. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "xstrton.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "refclock", required_argument, NULL, 'r'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin returns the number of seconds elapsed between\n", out); + fputs ("the host local time and Nagios time.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-w COUNTER] [-c COUNTER] --refclock TIME\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -r, --refclock COUNTER the clock reference " + "(in seconds since the Epoch)\n", + out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -w 60 -c 120 --refclock $ARG1$\n", + program_name); + fputs (" # where $ARG1$ is the number of seconds since the Epoch: " + "\"$(date '+%s')\"\n", out); + fputs (" # provided by the Nagios poller\n", out); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static int +get_timedelta (unsigned long refclock, bool verbose) +{ + struct tm tminfo; + time_t rawtime; + char outstr[32]; + char *end = NULL; + long timedelta; + + rawtime = time (NULL); + localtime_r (&rawtime, &tminfo); + if (strftime (outstr, sizeof (outstr), "%s", &tminfo) == 0) + plugin_error (STATE_UNKNOWN, errno, "strftime() failed"); + + timedelta = (strtol (outstr, &end, 10) - refclock); + + if (verbose) + { + printf ("Seconds since the Epoch: %s\n", outstr); + printf ("Refclock: %lu --> Delta: %ld\n", refclock, timedelta); + } + + return timedelta; +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c; + bool verbose = false; + char *critical = NULL, *warning = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + + unsigned long refclock = ~0UL; + long timedelta; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "r:c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'r': + refclock = strtol_or_err (optarg, + "the option '-s' requires an integer"); + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (refclock == ~0UL) + usage (stderr); + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + timedelta = get_timedelta (refclock, verbose); + + status = get_status (labs (timedelta), my_threshold); + free (my_threshold); + + printf ("%s %s - time delta %lds | clock_delta=%ld\n", + program_name_short, state_text (status), timedelta, timedelta); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpu.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpu.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpu.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpu.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,458 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015,2020 Davide Madrisan + * + * A Nagios plugin to check the CPU utilization. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * This software is based on the source code of the tool "vmstat". + */ + + /* Definition of I/O wait time: + * The I/O wait time is the time during which a CPU was idle and + * there was at least one outstanding (disk or network) I/O operation + * requested by a task scheduled on that CPU. */ + +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "cpudesc.h" +#include "cpufreq.h" +#include "cpustats.h" +#include "cputopology.h" +#include "logging.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "string-macros.h" +#include "system.h" +#include "xalloc.h" +#include "xasprintf.h" +#include "xstrton.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static const char *program_shorthelp = NULL; + +static struct option const longopts[] = { + {(char *) "cpuinfo", no_argument, NULL, 'i'}, + {(char *) "no-cpu-model", no_argument, NULL, 'm'}, + {(char *) "per-cpu", no_argument, NULL, 'p'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_shorthelp, out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-v] [-m] [-p] [-w PERC] [-c PERC] [delay [count]]\n", + program_name); + fprintf (out, " %s --cpuinfo\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -m, --no-cpu-model " + "do not display the CPU model in the output message\n", out); + fputs (" -p, --per-cpu display the utilization of each CPU\n", out); + fputs (" -w, --warning PERCENT warning threshold\n", out); + fputs (" -c, --critical PERCENT critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (" -i, --cpuinfo show the CPU characteristics (for debugging)\n", + out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " delay is the delay between updates in seconds " + "(default: %dsec)\n", DELAY_DEFAULT); + fprintf (out, " count is the number of updates " + "(default: %d)\n", COUNT_DEFAULT); + fputs ("\t1 means the percentages of total CPU time from boottime.\n", out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -m -p -w 85%% -c 95%%\n", program_name); + fprintf (out, " %s -w 85%% -c 95%% 1 2\n", program_name); + fprintf (out, " %s --cpuinfo\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +/* output formats ": " */ +#define print_d(_key, _val) printf ("%-30s%d\n", _key, _val) +#define print_u(_key, _val) printf ("%-30s%u\n", _key, _val) +#define print_s(_key, _val) printf ("%-30s%s\n", _key, _val) +#define print_key_s(_key) printf ("%-30s", _key) +#define print_range_s(_key, _val1, _val2) \ + printf ("%-30s%s - %s\n", _key, _val1, _val2) + +static void cpu_desc_summary (struct cpu_desc *cpudesc) +{ + printf ("-= CPU Characteristics =-\n"); + + print_s("Architecture:", cpu_desc_get_architecture (cpudesc)); + + int cpu_mode = cpu_desc_get_mode (cpudesc); + if (cpu_mode) + { + char mbuf[32], *p = mbuf; + if (cpu_mode & MODE_32BIT) + { + strcpy (p, "32-bit, "); + p += 8; + } + if (cpu_mode & MODE_64BIT) + { + strcpy (p, "64-bit, "); + p += 8; + } + *(p - 2) = '\0'; + + print_s("CPU op-mode(s):", mbuf); + } + +#if !defined(WORDS_BIGENDIAN) + print_s("Byte Order:", "Little Endian"); +#else + print_s("Byte Order:", "Big Endian"); +#endif + + int cpu, ncpus = cpu_desc_get_ncpus (cpudesc); + + print_d("CPU(s):", ncpus); + + unsigned int nsockets, ncores, nthreads; + get_cputopology_read (&nsockets, &ncores, &nthreads); + + print_u("Thread(s) per core:", nthreads); + print_u("Core(s) per socket:", ncores); + print_u("Socket(s):", nsockets); + + print_s("Vendor ID:", cpu_desc_get_vendor (cpudesc)); + print_s("CPU Family:", cpu_desc_get_family (cpudesc)); + print_s("Model:", cpu_desc_get_model (cpudesc)); + print_s("Model name:", cpu_desc_get_model_name (cpudesc)); + + for (cpu = 0; cpu < ncpus; cpu++) + { + printf ("-CPU%d-\n", cpu); + + bool cpu_hot_pluggable = get_processor_is_hot_pluggable (cpu); + int cpu_online = get_processor_is_online (cpu); + + print_s ("CPU is Hot Pluggable:", cpu_hot_pluggable ? + (cpu_online ? "yes (online)" : "yes (offline)") : "no"); + + unsigned long latency = cpufreq_get_transition_latency (cpu); + if (latency) + print_s("Maximum Transition Latency:", + cpufreq_duration_to_string (latency)); + + unsigned long freq_kernel = cpufreq_get_freq_kernel (cpu); + if (freq_kernel > 0) + print_s("Current CPU Frequency:", cpufreq_freq_to_string (freq_kernel)); + + struct cpufreq_available_frequencies *cpufreqs, *curr; + cpufreqs = curr = cpufreq_get_available_freqs (cpu); + if (curr) + { + print_key_s("Available CPU Frequencies:"); + while (curr) + { + printf ("%s ", + cpufreq_freq_to_string + (cpufreq_get_available_freqs_value (curr))); + curr = cpufreq_get_available_freqs_next (curr); + } + printf ("\n"); + cpufreq_available_frequencies_unref(cpufreqs); + } + + unsigned long freq_min, freq_max; + if (0 == cpufreq_get_hardware_limits (cpu, &freq_min, &freq_max)) + { + char *min_s = cpufreq_freq_to_string (freq_min), + *max_s = cpufreq_freq_to_string (freq_max); + print_range_s("Hardware Limits:", min_s, max_s); + free (min_s); + free (max_s); + } + + char *freq_governor = cpufreq_get_governor (cpu); + if (freq_governor) + { + print_s ("CPU Freq Current Governor:", freq_governor); + free (freq_governor); + } + + char *freq_governors = cpufreq_get_available_governors (cpu); + if (freq_governors) + { + print_s ("CPU Freq Available Governors:", freq_governors); + free (freq_governors); + } + + char *freq_driver = cpufreq_get_driver (cpu); + if (freq_driver) + { + print_s ("CPU Freq Driver:", freq_driver); + free (freq_driver); + } + } + + char *cpu_virtflag = cpu_desc_get_virtualization_flag (cpudesc); + if (cpu_virtflag) + print_s("Virtualization:", cpu_virtflag); +} + +int +main (int argc, char **argv) +{ + int c, err; + bool verbose, cpu_model, per_cpu_stats; + unsigned long len, i, count, delay; + char *critical = NULL, *warning = NULL; + char *p = NULL, *cpu_progname; + nagstatus currstatus, status; + thresholds *my_threshold = NULL; + + float cpu_perc = 0.0; + unsigned int tog = 0; /* toggle switch for cleaner code */ + struct cpu_desc *cpudesc = NULL; + + set_program_name (argv[0]); + + len = strlen (program_name); + if (len > 6 && STRPREFIX (program_name, "check_")) + p = (char *) program_name + 6; + else + plugin_error (STATE_UNKNOWN, 0, + "bug: the plugin does not have a standard name"); + + if (STRPREFIX (p, "iowait")) /* check_iowait --> cpu_iowait */ + { + cpu_progname = xstrdup ("iowait"); + program_shorthelp = + xstrdup ("This plugin checks I/O wait bottlenecks\n"); + } + else /* check_cpu --> cpu_user (the default) */ + { + cpu_progname = xstrdup ("user");; + program_shorthelp = + xstrdup ("This plugin checks the CPU (user mode) utilization\n"); + } + + err = cpu_desc_new (&cpudesc); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + /* default values */ + verbose = per_cpu_stats = false; + cpu_model = true; + + while ((c = getopt_long ( + argc, argv, "c:w:vifmp" + GETOPT_HELP_VERSION_STRING, longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'i': + cpu_desc_read (cpudesc); + cpu_desc_summary (cpudesc); + return STATE_UNKNOWN; + case 'm': + cpu_model = false; + break; + case 'p': + per_cpu_stats = true; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (!thresholds_expressed_as_percentages (warning, critical)) + usage (stderr); + + delay = DELAY_DEFAULT, count = COUNT_DEFAULT; + if (optind < argc) + { + delay = strtol_or_err (argv[optind++], "failed to parse argument"); + + if (delay < 1) + plugin_error (STATE_UNKNOWN, 0, "delay must be positive integer"); + else if (DELAY_MAX < delay) + plugin_error (STATE_UNKNOWN, 0, + "too large delay value (greater than %d)", DELAY_MAX); + } + + if (optind < argc) + { + count = strtol_or_err (argv[optind++], "failed to parse argument"); + if (COUNT_MAX < count) + plugin_error (STATE_UNKNOWN, 0, + "too large count value (greater than %d)", COUNT_MAX); + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + int ncpus = per_cpu_stats ? get_processor_number_total () + 1 : 1; + + jiff duser[ncpus], dsystem[ncpus], didle[ncpus], + diowait[ncpus], dsteal[ncpus], ratio[ncpus]; + int debt[ncpus]; /* handle idle ticks running backwards */ + struct cpu_time cpuv[2][ncpus]; + jiff *cpu_value = strncmp (p, "iowait", 6) ? duser : diowait; + const char *cpuname; + + cpu_stats_get_time (cpuv[0], ncpus); + + for (c = 0; c < ncpus; c++) + { + duser[c] = cpuv[0][c].user + cpuv[0][c].nice; + dsystem[c] = cpuv[0][c].system + cpuv[0][c].irq + cpuv[0][c].softirq; + didle[c] = cpuv[0][c].idle; + diowait[c] = cpuv[0][c].iowait; + dsteal[c] = cpuv[0][c].steal; + + debt[c] = 0; + ratio[c] = duser[c] + dsystem[c] + didle[c] + diowait[c] + dsteal[c]; + if (!ratio[c]) + ratio[c] = 1, didle[c] = 1; + } + + for (i = 1; i < count; i++) + { + sleep (delay); + tog = !tog; + cpu_stats_get_time (cpuv[tog], ncpus); + + for (c = 0; c < ncpus; c++) + { + duser[c] = + cpuv[tog][c].user - cpuv[!tog][c].user + + cpuv[tog][c].nice - cpuv[!tog][c].nice; + dsystem[c] = + cpuv[tog][c].system - cpuv[!tog][c].system + + cpuv[tog][c].irq - cpuv[!tog][c].irq + + cpuv[tog][c].softirq - cpuv[!tog][c].softirq; + didle[c] = cpuv[tog][c].idle - cpuv[!tog][c].idle; + diowait[c] = cpuv[tog][c].iowait - cpuv[!tog][c].iowait; + dsteal[c] = cpuv[tog][c].steal - cpuv[!tog][c].steal; + + /* idle can run backwards for a moment -- kernel "feature" */ + if (debt[c]) + { + didle[c] = (int) didle[c] + debt[c]; + debt[c] = 0; + } + if ((int) didle[c] < 0) + { + debt[c] = (int) didle[c]; + didle[c] = 0; + } + + ratio[c] = duser[c] + dsystem[c] + didle[c] + diowait[c] + dsteal[c]; + if (!ratio[c]) + ratio[c] = 1, didle[c] = 1; + + if (NULL == (cpuname = cpuv[0][c].cpuname)) + cpuname = "n/a"; + + if (verbose) + printf + ("%s_user=%.1f%%, %s_system=%.1f%%, %s_idle=%.1f%%, " + "%s_iowait=%.1f%%, %s_steal=%.1f%%\n" + , cpuname, 100.0 * duser[c] / ratio[c] + , cpuname, 100.0 * dsystem[c] / ratio[c] + , cpuname, 100.0 * didle[c] / ratio[c] + , cpuname, 100.0 * diowait[c] / ratio[c] + , cpuname, 100.0 * dsteal[c] / ratio[c]); + + dbg ("sum (%s_*) = %.1f%%\n", cpuname, (100.0 * duser[c] / ratio[c]) + + (100.0 * dsystem[c] / ratio[c]) + (100.0 * didle[c] / ratio[c]) + + (100.0 * diowait[c] / ratio[c]) + (100.0 * dsteal[c] / ratio[c])); + } + } + + for (c = 0, status = STATE_OK; c < ncpus; c++) + { + cpu_perc = (100.0 * (cpu_value[c]) / ratio[c]); + currstatus = get_status (cpu_perc, my_threshold); + if (currstatus > status) + status = currstatus; + } + + cpu_desc_read (cpudesc); + char *cpu_model_str = + cpu_model ? xasprintf ("(%s) ", + cpu_desc_get_model_name (cpudesc)) : NULL; + + printf ("%s %s%s - cpu %s %.1f%% |" + , program_name_short, cpu_model ? cpu_model_str : "" + , state_text (status), cpu_progname, cpu_perc); + for (c = 0; c < ncpus; c++) + { + if ((cpuname = cpuv[0][c].cpuname)) + printf (" %s_user=%.1f%% %s_system=%.1f%% %s_idle=%.1f%%" + " %s_iowait=%.1f%% %s_steal=%.1f%%" + , cpuname, 100.0 * duser[c] / ratio[c] + , cpuname, 100.0 * dsystem[c] / ratio[c] + , cpuname, 100.0 * didle[c] / ratio[c] + , cpuname, 100.0 * diowait[c] / ratio[c] + , cpuname, 100.0 * dsteal[c] / ratio[c]); + } + putchar ('\n'); + + cpu_desc_unref (cpudesc); + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpufreq.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpufreq.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpufreq.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cpufreq.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,183 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015,2019 Davide Madrisan + * + * A Nagios plugin to check the CPU frequency characteristics. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * This software is based on the source code of the tool "vmstat". + */ + +#include +#include +#include + +#include "common.h" +#include "cpudesc.h" +#include "cpufreq.h" +#include "cpustats.h" +#include "cputopology.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "units.h" +#include "xalloc.h" +#include "xasprintf.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015,2019 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "no-cpu-model", no_argument, NULL, 'm'}, + {(char *) "Hz", no_argument, NULL, 'H'}, + {(char *) "kHz", no_argument, NULL, 'K'}, + {(char *) "mHz", no_argument, NULL, 'M'}, + {(char *) "gHz", no_argument, NULL, 'G'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin displays the CPU frequency characteristics.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-m] [-H,-K,-M,-G] [-w COUNTER] [-c COUNTER]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -m, --no-cpu-model " + "do not display the CPU model in the output message\n", out); + fputs (" -H,-K,-M,-G " + "show output in Hz, kHz (the default), mHz, or gHz\n", out); + fputs (" -w, --warning COUNTER (kHz) warning threshold\n", out); + fputs (" -c, --critical COUNTER (kHz) critical threshold\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -m -w 800000:\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +int +main (int argc, char **argv) +{ + int c, err; + bool cpu_model; + char *critical = NULL, *warning = NULL; + float factor = 1.0; + nagstatus currstatus, status = STATE_OK; + thresholds *my_threshold = NULL; + struct cpu_desc *cpudesc = NULL; + unsigned long freq_min, freq_max, freq_kernel; + + set_program_name (argv[0]); + + err = cpu_desc_new (&cpudesc); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + /* default values */ + cpu_model = true; + + while ((c = getopt_long ( + argc, argv, "c:w:mHKMG" + GETOPT_HELP_VERSION_STRING, longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'm': + cpu_model = false; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'H': factor = 1000.0; break; + case 'K': factor = 1.0; break; + case 'M': factor = 1.0/1000; break; + case 'G': factor = 1.0/100000; break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + int ncpus = get_processor_number_total (); + + cpu_desc_read (cpudesc); + char *cpu_model_str = + cpu_model ? xasprintf ("(%s) ", + cpu_desc_get_model_name (cpudesc)) : NULL; + + for (c = 0; c < ncpus; c++) + if ((freq_kernel = cpufreq_get_freq_kernel (c)) > 0) + { + currstatus = get_status (freq_kernel, my_threshold); + if (currstatus > status) + status = currstatus; + } + + printf ("%s %s%s |" + , program_name_short, cpu_model ? cpu_model_str : "" + , state_text (status)); +#define unit_convert(_val, _factor) (unsigned long long)(_val * _factor) + for (c = 0; c < ncpus; c++) + { + if (0 == cpufreq_get_hardware_limits (c, &freq_min, &freq_max)) + { + freq_kernel = cpufreq_get_freq_kernel (c); + /* expected format for the Nagios performance data: + * 'label'=value[UOM];[warn];[crit];[min];[max] */ + if (freq_kernel) + printf (" cpu%d_freq=%llu;;;%llu;%llu", + c, + unit_convert(freq_kernel, factor), + unit_convert(freq_min, factor), + unit_convert(freq_max, factor)); + } + } +#undef unit_convert + putchar ('\n'); + cpu_desc_unref (cpudesc); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cswch.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cswch.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cswch.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_cswch.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,187 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015 Davide Madrisan + * + * A Nagios plugin that monitors the total number of context switches + * per second across all CPUs. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "cpustats.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "xstrton.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin monitors the total number of context switches " + "across all CPUs.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-v] [-w COUNTER] -c [COUNTER] [delay [count]]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " delay is the delay between updates in seconds " + "(default: %dsec)\n", DELAY_DEFAULT); + fprintf (out, " count is the number of updates " + "(default: %d)\n", COUNT_DEFAULT); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s 1 2\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static unsigned long long +get_ctxtdelta (unsigned int count, unsigned int delay, bool verbose) +{ + int tog = 0; + unsigned int i; + unsigned long long nctxt[2], + dnctxt = nctxt[0] = cpu_stats_get_cswch (); + + if (verbose) + printf ("ctxt = %llu\n", dnctxt); + + for (i = 1; i < count; i++) + { + sleep (delay); + + tog = !tog; + nctxt[tog] = cpu_stats_get_cswch (); + dnctxt = (nctxt[tog] - nctxt[!tog]) / delay; + + if (verbose) + printf ("ctxt = %llu --> %llu/s\n", nctxt[tog], dnctxt); + } + + return dnctxt; +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c; + bool verbose = false; + char *critical = NULL, *warning = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + + unsigned long count, delay; + unsigned long long dnctxt; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + delay = DELAY_DEFAULT, count = COUNT_DEFAULT; + if (optind < argc) + { + delay = strtol_or_err (argv[optind++], "failed to parse argument"); + + if (delay < 1) + plugin_error (STATE_UNKNOWN, 0, "delay must be positive integer"); + else if (DELAY_MAX < delay) + plugin_error (STATE_UNKNOWN, 0, + "too large delay value (greater than %d)", DELAY_MAX); + } + + if (optind < argc) + { + count = strtol_or_err (argv[optind++], "failed to parse argument"); + if (COUNT_MAX < count) + plugin_error (STATE_UNKNOWN, 0, + "too large count value (greater than %d)", COUNT_MAX); + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + dnctxt = get_ctxtdelta (count, delay, verbose); + + status = get_status (dnctxt, my_threshold); + free (my_threshold); + + char *time_unit = (count > 1) ? "/s" : ""; + printf ("%s %s - number of context switches%s %llu | cswch%s=%llu\n", + program_name_short, state_text (status), + time_unit, dnctxt, time_unit, dnctxt); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_docker.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_docker.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_docker.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_docker.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,268 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2018 Davide Madrisan + * + * A Nagios plugin that returns some runtime metrics exposed by Docker. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "container_docker.h" +#include "logging.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "units.h" +#include "xalloc.h" +#include "xasprintf.h" +#include "xstrton.h" + +static const char *program_copyright = + "Copyright (C) 2018 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "image", required_argument, NULL, 'i'}, + {(char *) "memory", no_argument, NULL, 'M'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "byte", no_argument, NULL, 'b'}, + {(char *) "kilobyte", no_argument, NULL, 'k'}, + {(char *) "megabyte", no_argument, NULL, 'm'}, + {(char *) "gigabyte", no_argument, NULL, 'g'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin returns some runtime metrics exposed by Docker\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [--image IMAGE] [-w COUNTER] [-c COUNTER]\n", + program_name); + fprintf (out, + " %s --memory [-b,-k,-m,-g] [-w COUNTER] [-c COUNTER] [delay]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs + (" -i, --image IMAGE limit the investigation only to the containers " + "running IMAGE\n", out); + fputs (" -M, --memory return the runtime memory metrics (alpha!)\n", out); + fputs (" -b,-k,-m,-g " + "show output in bytes, KB (the default), MB, or GB\n", out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " delay is the delay between updates in seconds " + "(default: %dsec)\n", DELAY_DEFAULT); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -w 100 -c 120\n", program_name); + fprintf (out, " %s --image nginx -c 5:\n", program_name); + fprintf (out, " %s --memory -m -w 512 -c 640 5\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c; + int shift = k_shift; + bool check_memory = false, + verbose = false; + char *image = NULL; + char *critical = NULL, *warning = NULL; + char *status_msg, *perfdata_msg; + char *units = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + unsigned long delay = DELAY_DEFAULT; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "c:w:vi:Mbkmg" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + break; + case 'i': + image = optarg; + break; + case 'M': + check_memory = true; + break; + case 'b': shift = b_shift; units = xstrdup ("B"); break; + case 'k': shift = k_shift; units = xstrdup ("kB"); break; + case 'm': shift = m_shift; units = xstrdup ("MB"); break; + case 'g': shift = g_shift; units = xstrdup ("GB"); break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (optind < argc) + { + delay = strtol_or_err (argv[optind++], "failed to parse argument"); + + if (delay < 1) + plugin_error (STATE_UNKNOWN, 0, "delay must be positive integer"); + else if (DELAY_MAX < delay) + plugin_error (STATE_UNKNOWN, 0, + "too large delay value (greater than %d)", DELAY_MAX); + } + + if (check_memory && image) + usage (stderr); + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + if (check_memory) + { + int err; + struct docker_memory_desc *memdesc = NULL; + + /* output in kilobytes by default */ + if (units == NULL) + units = xstrdup ("kB"); + + err = docker_memory_desc_new (&memdesc); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + long long pgfault[2]; + long long pgmajfault[2]; + long long pgpgin[2]; + long long pgpgout[2]; + + docker_memory_desc_read (memdesc); + + long long kb_total_cache = + docker_memory_get_total_cache (memdesc) / 1024; + long long kb_total_rss = + docker_memory_get_total_rss (memdesc) / 1024; + long long kb_total_swap = + docker_memory_get_total_swap (memdesc) / 1024; + long long kb_total_unevictable = + docker_memory_get_total_unevictable (memdesc) / 1024; + long long kb_memory_used_total = + kb_total_cache + kb_total_rss + kb_total_swap; + + pgfault[0] = docker_memory_get_total_pgfault (memdesc); + pgmajfault[0] = docker_memory_get_total_pgmajfault (memdesc); + pgpgin[0] = docker_memory_get_total_pgpgin (memdesc); + pgpgout[0] = docker_memory_get_total_pgpgout (memdesc); + + sleep (delay); + + docker_memory_desc_read (memdesc); + pgfault[1] = docker_memory_get_total_pgfault (memdesc); + pgmajfault[1] = docker_memory_get_total_pgmajfault (memdesc); + pgpgin[1] = docker_memory_get_total_pgpgin (memdesc); + pgpgout[1] = docker_memory_get_total_pgpgout (memdesc); + + #define __dbg__(arg) \ + dbg ("delta (%lu sec) for %s: %lld == (%lld-%lld)\n", \ + delay, #arg, arg[1]-arg[0], arg[1], arg[0]) + __dbg__ (pgfault); + __dbg__ (pgmajfault); + __dbg__ (pgpgin); + __dbg__ (pgpgout); + #undef dbg__ + + status = get_status (UNIT_CONVERT (kb_memory_used_total, shift), + my_threshold); + status_msg = + xasprintf ("%s: %llu %s memory used", state_text (status), + UNIT_STR (kb_memory_used_total)); + + perfdata_msg = + xasprintf ("cache=%llu%s rss=%llu%s swap=%llu%s unevictable=%llu%s " + "pgfault=%lld pgmajfault=%lld " + "pgpgin=%lld pgpgout=%lld" + , UNIT_STR (kb_total_cache) + , UNIT_STR (kb_total_rss) + , UNIT_STR (kb_total_swap) + , UNIT_STR (kb_total_unevictable) + , pgfault[1] - pgfault[0] + , pgmajfault[1] - pgmajfault[0] + , pgpgin[1] - pgpgin[0] + , pgpgout[1] - pgpgout[0]); + + docker_memory_desc_unref (memdesc); + } + else + { + unsigned int containers; + docker_running_containers (&containers, image, &perfdata_msg, verbose); + status = get_status (containers, my_threshold); + status_msg = image ? + xasprintf ("%s: %u running container(s) of type \"%s\"", + state_text (status), containers, image) : + xasprintf ("%s: %u running container(s)", state_text (status), + containers); + } + + printf ("%s%s %s | %s\n", program_name_short, + check_memory ? " memory" : " containers", status_msg, perfdata_msg); + + free (my_threshold); + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_fc.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_fc.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_fc.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_fc.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,337 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2015 Davide Madrisan + * + * A Nagios plugin that monitors the status of the fiber channel ports + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "logging.h" +#include "string-macros.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "sysfsparser.h" +#include "thresholds.h" +#include "xstrton.h" + +static const char *program_copyright = + "Copyright (C) 2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "fchostinfo", no_argument, NULL, 'i'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin monitors the status of the fiber status ports.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s -w COUNTER -c COUNTER [delay [count]]\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (" -i, --fchostinfo show the fc_host class object attributes\n", + out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " delay is the delay between updates in seconds " + "(default: %dsec)\n", DELAY_DEFAULT); + fprintf (out, " count is the number of updates " + "(default: %d)\n", COUNT_DEFAULT); + fputs ("\t1 means the total inbound/outbound traffic from boottime.\n", out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -c 2:\n", program_name); + fprintf (out, " %s -i -v\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +#define PATH_SYS_FC "/sys/class" +#define PATH_SYS_FC_HOST PATH_SYS_FC "/fc_host" + +void +fc_host_summary (bool verbose) +{ + DIR *dirp; + struct dirent *dp; + char *line, path[PATH_MAX]; + + sysfsparser_opendir(&dirp, PATH_SYS_FC_HOST); + + /* Scan entries under /sys/class/fc_host directory */ + while ((dp = sysfsparser_readfilename(dirp, DT_DIR | DT_LNK))) + { + DIR *dirp_host; + struct dirent *dp_host; + + printf ("Class Device = \"%s\"\n", dp->d_name); + + if (!verbose) + continue; + + snprintf (path, PATH_MAX, "%s/%s/device", PATH_SYS_FC_HOST, dp->d_name); + char *cdevpath = realpath (path, NULL); + printf ("Class Device path = \"%s\"\n", cdevpath); + + sysfsparser_opendir(&dirp_host, "%s/%s", PATH_SYS_FC_HOST, dp->d_name); + + /* https://www.kernel.org/doc/Documentation/scsi/scsi_fc_transport.txt */ + while ((dp_host = sysfsparser_readfilename(dirp_host, DT_REG))) + { + snprintf (path, PATH_MAX, "%s/%s/%s", + PATH_SYS_FC_HOST, dp->d_name, dp_host->d_name); + if ((line = sysfsparser_getline ("%s", path))) + { + fprintf (stdout, "%25s = \"%s\"\n", dp_host->d_name, line); + free (line); + } + } + + fputs ("\n", stdout); + + sysfsparser_closedir (dirp_host); + free (cdevpath); + } + + sysfsparser_closedir (dirp); +} + +static uint64_t +fc_host_get_statistic (const char *which, const char *host) +{ + uint64_t value = + sysfsparser_getvalue (PATH_SYS_FC_HOST "/%s/statistics/%s", host, which); + + dbg (PATH_SYS_FC_HOST "/%s/statistics/%s = %llu\n", + host, which, (unsigned long long)value); + + return value; +} + +#define fc_get_stat(name) \ +static uint64_t fc_stat_##name(const char *host) \ +{ \ + return fc_host_get_statistic (#name, host); \ +} +fc_get_stat(rx_frames); +fc_get_stat(tx_frames); +fc_get_stat(error_frames); +fc_get_stat(invalid_crc_count); +fc_get_stat(link_failure_count); +fc_get_stat(loss_of_signal_count); +fc_get_stat(loss_of_sync_count); + +/* see */ +typedef struct fc_host_statistics { + uint64_t rx_frames; + uint64_t tx_frames; + uint64_t error_frames; + uint64_t invalid_crc_count; + uint64_t link_failure_count; + uint64_t loss_of_signal_count; + uint64_t loss_of_sync_count; +} fc_host_statistics; + +static void +fc_host_status (int *n_ports, int *n_online, fc_host_statistics *stats, + unsigned int delay, unsigned int count) +{ + DIR *dirp; + struct dirent *dp; + char path[PATH_MAX]; + uint64_t drx_frames_tot = 0, dtx_frames_tot = 0; + + *n_ports = *n_online = 0; + sysfsparser_opendir(&dirp, PATH_SYS_FC_HOST); + + /* Scan entries under /sys/class/fc_host directory */ + while ((dp = sysfsparser_readfilename(dirp, DT_DIR | DT_LNK))) + { + (*n_ports)++; + snprintf (path, PATH_MAX, "%s/%s/port_state", + PATH_SYS_FC_HOST, dp->d_name); + + char *line = sysfsparser_getline ("%s", path); + if (STREQ (line, "Online")) + (*n_online)++; + + free (line); + + /* collect some statistics */ + uint64_t rx_frames[2], tx_frames[2]; + unsigned int i, tog = 0; + + stats->rx_frames = rx_frames[0] = fc_stat_rx_frames (dp->d_name); + stats->tx_frames = tx_frames[0] = fc_stat_tx_frames (dp->d_name); + + for (i = 1; i < count; i++) + { + sleep (delay); + tog = !tog; + + rx_frames[tog] = fc_stat_rx_frames (dp->d_name); + stats->rx_frames = rx_frames[tog] - rx_frames[!tog]; + tx_frames[tog] = fc_stat_tx_frames (dp->d_name); + stats->tx_frames = tx_frames[tog] - tx_frames[!tog]; + } + + drx_frames_tot += stats->rx_frames; + dtx_frames_tot += stats->tx_frames; + + stats->error_frames += fc_stat_error_frames (dp->d_name); + stats->invalid_crc_count += fc_stat_invalid_crc_count (dp->d_name); + stats->link_failure_count += fc_stat_link_failure_count (dp->d_name); + stats->loss_of_signal_count += + fc_stat_loss_of_signal_count (dp->d_name); + stats->loss_of_sync_count += fc_stat_loss_of_sync_count (dp->d_name); + } + + sysfsparser_closedir (dirp); + + stats->rx_frames = drx_frames_tot; + stats->tx_frames = dtx_frames_tot; +} + +#undef PATH_SYS_FC +#undef PATH_SYS_FC_HOST + +int +main (int argc, char **argv) +{ + int c, n_ports, n_online; + bool verbose = false, summary = false; + char *critical = NULL, *warning = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + unsigned long count, delay; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "c:w:vi" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'i': + summary = true; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (summary) + { + fc_host_summary (verbose); + return STATE_UNKNOWN; + } + + delay = DELAY_DEFAULT, count = COUNT_DEFAULT; + if (optind < argc) + { + delay = strtol_or_err (argv[optind++], "failed to parse argument"); + + if (delay < 1) + plugin_error (STATE_UNKNOWN, 0, "delay must be positive integer"); + else if (DELAY_MAX < delay) + plugin_error (STATE_UNKNOWN, 0, + "too large delay value (greater than %d)", DELAY_MAX); + } + + if (optind < argc) + { + count = strtol_or_err (argv[optind++], "failed to parse argument"); + if (COUNT_MAX < count) + plugin_error (STATE_UNKNOWN, 0, + "too large count value (greater than %d)", COUNT_MAX); + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + fc_host_statistics stats = {0}; + + fc_host_status (&n_ports, &n_online, &stats, delay, count); + status = get_status (n_online, my_threshold); + + printf ("%s %s - Fiber Channel ports status: %d/%d Online " + "| rx_frames=%llu tx_frames=%llu" + " error_frames=%llu" + " invalid_crc_count=%llu" + " link_failure_count=%llu" + " loss_of_signal_count=%llu" + " loss_of_sync_count=%llu\n", + program_name_short, state_text (status), + n_online, n_ports, + (unsigned long long) stats.rx_frames, + (unsigned long long) stats.tx_frames, + (unsigned long long) stats.error_frames, + (unsigned long long) stats.invalid_crc_count, + (unsigned long long) stats.link_failure_count, + (unsigned long long) stats.loss_of_signal_count, + (unsigned long long) stats.loss_of_sync_count + ); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_ifmountfs.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_ifmountfs.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_ifmountfs.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_ifmountfs.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,138 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2013 Davide Madrisan + * + * A Nagios plugin to check for readonly filesystems. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "string-macros.h" +#include "messages.h" +#include "mountlist.h" +#include "progname.h" +#include "progversion.h" + +static const char *program_copyright = + "Copyright (C) 2013-2014 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +/* Linked list of mounted file systems. */ +static struct mount_entry *mount_list; + +static struct option const longopts[] = { + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks whether the given filesystems are mounted.\n", + out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [FILESYSTEM]...\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s /mnt/nfs-data /mnt/cdrom\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static nagstatus +check_entry (char const *mountpoint) +{ + struct mount_entry *me; + + for (me = mount_list; me; me = me->me_next) + if (STREQ (me->me_mountdir, mountpoint)) + return STATE_OK; + + return STATE_CRITICAL; +} + +int +main (int argc, char **argv) +{ + int c, i; + nagstatus status = STATE_OK; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, GETOPT_HELP_VERSION_STRING, longopts, + NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (argc <= optind) + usage (stderr); + + mount_list = read_file_system_list (false); + + if (NULL == mount_list) + /* Couldn't read the table of mounted file systems. */ + plugin_error (STATE_UNKNOWN, 0, + "cannot read table of mounted file systems"); + + for (i = optind; i < argc; ++i) + if (STATE_CRITICAL == check_entry (argv[i])) + status = STATE_CRITICAL; + else + /* This is allowed. See: + * http://www.open-std.org/JTC1/sc22/wg14/www/docs/n1256.pdf */ + argv[i] = NULL; + + printf ("filesystems %s", state_text (status)); + for (i = optind; i < argc; ++i) + if (argv[i]) + printf (" %s", argv[i]); + + if (STATE_CRITICAL == status) + printf (" unmounted!"); + putchar ('\n'); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_intr.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_intr.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_intr.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_intr.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,214 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015 Davide Madrisan + * + * A Nagios plugin that monitors the interrupts serviced per second, + * including unnumbered architecture specific interrupts. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* Note: High number of interrupts per second indicates a problem with + * hardware. It could indicate a software bug in the case of software + * interrupts. */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "cpustats.h" +#include "interrupts.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "xstrton.h" + +#define MIN(a,b) \ + ({ __typeof__ (a) _a = (a); \ + __typeof__ (b) _b = (b); \ + _a < _b ? _a : _b; }) + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin monitors the total number of system interrupts.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-v] [-w COUNTER] -c [COUNTER] [delay [count]]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " delay is the delay between updates in seconds " + "(default: %dsec)\n", DELAY_DEFAULT); + fprintf (out, " count is the number of updates " + "(default: %d)\n", COUNT_DEFAULT); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -w 10000 1 2\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static unsigned long long +get_intrdelta (unsigned int *ncpus0, unsigned int *ncpus1, + unsigned long *(*vintr)[2], unsigned int count, + unsigned int delay, bool verbose) +{ + unsigned long long nintr[2], dnintr; + unsigned int i, tog = 0; + + dnintr = nintr[0] = cpu_stats_get_intr (); + + if (verbose) + printf ("intr = %llu\n", dnintr); + + if (count <= 2) + (*vintr)[0] = proc_interrupts_get_nintr_per_cpu (ncpus0); + + for (i = 1; i < count; i++) + { + sleep (delay); + + tog = !tog; + nintr[tog] = cpu_stats_get_intr (); + + dnintr = (nintr[tog] - nintr[!tog]) / delay; + if (verbose) + printf ("intr = %llu --> %llu/s\n", nintr[tog], dnintr); + + if (count - 2 == i) + (*vintr)[0] = proc_interrupts_get_nintr_per_cpu (ncpus0); + else if (count - 1 == i) + (*vintr)[1] = proc_interrupts_get_nintr_per_cpu (ncpus1); + } + + return dnintr; +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c; + bool verbose = false; + char *critical = NULL, *warning = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + + unsigned int ncpus0 = 0, ncpus1 = 0; + unsigned long i, delay, count, *vintr[2] = { NULL, NULL }; + unsigned long long dnintr; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + } + } + + delay = DELAY_DEFAULT, count = COUNT_DEFAULT; + if (optind < argc) + { + delay = strtol_or_err (argv[optind++], "failed to parse argument"); + + if (delay < 1) + plugin_error (STATE_UNKNOWN, 0, "delay must be positive integer"); + else if (DELAY_MAX < delay) + plugin_error (STATE_UNKNOWN, 0, + "too large delay value (greater than %d)", DELAY_MAX); + } + + if (optind < argc) + { + count = strtol_or_err (argv[optind++], "failed to parse argument"); + if (COUNT_MAX < count) + plugin_error (STATE_UNKNOWN, 0, + "too large count value (greater than %d)", COUNT_MAX); + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + dnintr = get_intrdelta (&ncpus0, &ncpus1, &vintr, count, delay, verbose); + + status = get_status (dnintr, my_threshold); + free (my_threshold); + + char *time_unit = (count > 1) ? "/s" : ""; + printf ("%s %s - number of interrupts%s %llu | intr%s=%llu", + program_name_short, state_text (status), + time_unit, dnintr, time_unit, dnintr); + + for (i = 0; i < MIN (ncpus0, ncpus1); i++) + printf (" intr_cpu%lu%s=%lu", i, time_unit, + (count > 1) ? (vintr[1][i] - vintr[0][i]) / delay : vintr[0][i]); + printf ("\n"); + + free (vintr[1]); + free (vintr[0]); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_load.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_load.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_load.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_load.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,199 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015,2017 Davide Madrisan + * + * A Nagios plugin that tests the current system load average. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include + +#include "common.h" +//#include "cpudesc.h" +#include "cputopology.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "system.h" +#include "xasprintf.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "load1", required_argument, NULL, '1'}, + {(char *) "load5", required_argument, NULL, '5'}, + {(char *) "load15", required_argument, NULL, 'L'}, + {(char *) "percpu", no_argument, NULL, 'r'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks the current system load average.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-r] [--load1=w,c] [--load5=w,c] [--load15=w,c]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -r, --percpu divide the load averages by the number of CPUs\n", + out); + fputs (" -1, --load1=WLOAD1,CLOAD1" + " warning and critical thresholds for load1\n", out); + fputs (" -5, --load5=WLOAD5,CLOAD5" + " warning and critical thresholds for load5\n", out); + fputs (" -L, --load15=WLOAD15,CLOAD15" + " warning and critical thresholds for load15\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -r --load1=2,3 --load15=1.5,2.5\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static void +validate_input (int i, double w, double c) +{ + if (i != 2 || (w >= c)) + plugin_error (STATE_UNKNOWN, 0, "command line error: bad thresholds"); +} + +static void +normalize_loadavg (double *loadavg, int numcpus) +{ + int i; + + if (!numcpus) + numcpus = get_processor_number_online (); + + for (i = 0; i < 3; i++) + { + if (numcpus > 1) + loadavg[i] /= numcpus; + } +} + +static int +loadavg_status (const double *loadavg, const double *wload, const double *cload, + const bool *required) +{ + int i, status = STATE_OK; + + for (i = 0; i < 3; i++) + { + if (required[i] == false) + continue; + if (loadavg[i] > cload[i]) + { + status = STATE_CRITICAL; + break; + } + else if (loadavg[i] > wload[i]) + status = STATE_WARNING; + } + + return status; +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c, i, status = STATE_OK; + const unsigned int lamin[3] = { 1, 5, 15 }; + bool required[3] = { false, false, false }; + bool normalize = false; + double loadavg[3]; + double wload[3] = { 0.0, 0.0, 0.0 }; + double cload[3] = { 0.0, 0.0, 0.0 }; + char *status_msg, *perfdata_msg; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, "1:5:L:r" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case '1': + i = sscanf (optarg, "%lf,%lf", &wload[0], &cload[0]); + validate_input (i, wload[0], cload[0]); + required[0] = true; + break; + case '5': + i = sscanf (optarg, "%lf,%lf", &wload[1], &cload[1]); + validate_input (i, wload[1], cload[1]); + required[1] = true; + break; + case 'L': + i = sscanf (optarg, "%lf,%lf", &wload[2], &cload[2]); + validate_input (i, wload[2], cload[2]); + required[2] = true; + break; + case 'r': + normalize = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (getloadavg (&loadavg[0], 3) != 3) + plugin_error (STATE_UNKNOWN, 0, + "the system load average was unobtainable"); + if (normalize) + normalize_loadavg (loadavg, 0); + status = loadavg_status (loadavg, wload, cload, required); + + status_msg = + xasprintf ("%s - average: %.2lf, %.2lf, %.2lf", + state_text (status), loadavg[0], loadavg[1], loadavg[2]); + /* performance data format: + * 'label'=value[UOM];[warn];[crit];[min];[max] */ + perfdata_msg = + xasprintf ("load%u=%.3lf;%.3lf;%.3lf;0 " + "load%u=%.3lf;%.3lf;%.3lf;0 " + "load%u=%.3lf;%.3lf;%.3lf;0" + , lamin[0], loadavg[0], wload[0], cload[0] + , lamin[1], loadavg[1], wload[1], cload[1] + , lamin[2], loadavg[2], wload[2], cload[2]); + + printf ("%s %s | %s\n", program_name_short, status_msg, perfdata_msg); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_memory.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_memory.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_memory.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_memory.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,322 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014-2019 Davide Madrisan + * + * A Nagios plugin to check system memory usage on Linux. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * This software takes some ideas and code from procps-3.2.8 (free). + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "logging.h" +#include "meminfo.h" +#include "messages.h" +#include "perfdata.h" +#include "progname.h" +#include "progversion.h" +#include "system.h" +#include "thresholds.h" +#include "units.h" +#include "vminfo.h" +#include "xalloc.h" +#include "xasprintf.h" + +static const char *program_copyright = + "Copyright (C) 2014-2019 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "available", no_argument, NULL, 'a'}, + {(char *) "caches", no_argument, NULL, 'C'}, + {(char *) "vmstats", no_argument, NULL, 's'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "byte", no_argument, NULL, 'b'}, + {(char *) "kilobyte", no_argument, NULL, 'k'}, + {(char *) "megabyte", no_argument, NULL, 'm'}, + {(char *) "gigabyte", no_argument, NULL, 'g'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks the system memory utilization.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-a] [-b,-k,-m,-g] [-s] -w PERC -c PERC\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -a, --available display the free/available memory\n", + out); + fputs (" -b,-k,-m,-g " + "show output in bytes, KB (the default), MB, or GB\n", out); + fputs (" -s, --vmstats display the virtual memory perfdata\n", out); + fputs (" -w, --warning PERCENT warning threshold\n", out); + fputs (" -c, --critical PERCENT critical threshold\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_NOTE, out); + fputs (" The option '-a|--available' gives an estimation of the " + "available memory\n" + " for starting new applications without swapping.\n", out); + fputs (" It requires at least a kernel 3.14, which provides this " + "information in\n" + " /proc/meminfo (see the parameter 'MemAvailable').\n", out); + fputs (" A MemAvailable fall-back code is implemented for " + "kernels 2.6.27 and above.\n", out); + fputs (" For older kernels 'MemFree' is returned instead.\n", + out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s --available -w 20%%: -c 10%%:\n", program_name); + fprintf (out, " %s --vmstats -w 80%% -c90%%\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + bool vmem_perfdata = false; + int c, status, err; + int shift = k_shift; + char *critical = NULL, *warning = NULL; + char *units = NULL; + char *status_msg, *perfdata_mem_msg, + *perfdata_vmem_msg = "", + *perfdata_memavailable_msg = "", + *perfdata_memused_msg = ""; + float mem_percent = 0; + thresholds *my_threshold = NULL; + + struct proc_sysmem *sysmem = NULL; + unsigned long kb_mem_main_available; + unsigned long kb_mem_main_buffers; + unsigned long kb_mem_main_cached; + unsigned long kb_mem_main_free; + unsigned long kb_mem_main_shared; + unsigned long kb_mem_main_total; + unsigned long kb_mem_main_used; + unsigned long kb_mem_active; + unsigned long kb_mem_anon_pages; + unsigned long kb_mem_committed_as; + unsigned long kb_mem_dirty; + unsigned long kb_mem_inactive; + + struct proc_vmem *vmem = NULL; + unsigned long nr_vmem_pgpgin[2]; + unsigned long nr_vmem_pgpgout[2]; + unsigned long nr_vmem_pgmajfault[2]; + + /* by default we display the memory used */ + unsigned long *kb_mem_monitored = &kb_mem_main_used; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "aMSCsc:w:bkmg" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'a': + kb_mem_monitored = &kb_mem_main_available; + break; + case 'C': + /* does nothing, exists for compatibility */ + break; + case 's': + vmem_perfdata = true; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'b': shift = b_shift; units = xstrdup ("B"); break; + case 'k': shift = k_shift; units = xstrdup ("kB"); break; + case 'm': shift = m_shift; units = xstrdup ("MB"); break; + case 'g': shift = g_shift; units = xstrdup ("GB"); break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (!thresholds_expressed_as_percentages (warning, critical)) + usage (stderr); + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + /* output in kilobytes by default */ + if (units == NULL) + units = xstrdup ("kB"); + + err = proc_sysmem_new (&sysmem); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + proc_sysmem_read (sysmem); + + kb_mem_active = proc_sysmem_get_active (sysmem); + kb_mem_anon_pages = proc_sysmem_get_anon_pages (sysmem); + kb_mem_committed_as = proc_sysmem_get_committed_as (sysmem); + kb_mem_dirty = proc_sysmem_get_dirty (sysmem); + kb_mem_inactive = proc_sysmem_get_inactive (sysmem); + kb_mem_main_available = proc_sysmem_get_main_available (sysmem); + kb_mem_main_buffers = proc_sysmem_get_main_buffers (sysmem); + kb_mem_main_cached = proc_sysmem_get_main_cached (sysmem); + kb_mem_main_free = proc_sysmem_get_main_free (sysmem); + kb_mem_main_shared = proc_sysmem_get_main_shared (sysmem); + kb_mem_main_total = proc_sysmem_get_main_total (sysmem); + kb_mem_main_used = proc_sysmem_get_main_used (sysmem); + + if (vmem_perfdata) + { + unsigned long dpgpgin, dpgpgout, dpgmajfault; + + err = proc_vmem_new (&vmem); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + proc_vmem_read (vmem); + nr_vmem_pgpgin[0] = proc_vmem_get_pgpgin (vmem); + nr_vmem_pgpgout[0] = proc_vmem_get_pgpgout (vmem); + nr_vmem_pgmajfault[0] = proc_vmem_get_pgmajfault (vmem); + + sleep (1); + + proc_vmem_read (vmem); + nr_vmem_pgpgin[1] = proc_vmem_get_pgpgin (vmem); + nr_vmem_pgpgout[1] = proc_vmem_get_pgpgout (vmem); + nr_vmem_pgmajfault[1] = proc_vmem_get_pgmajfault (vmem); + + dpgpgin = nr_vmem_pgpgin[1] - nr_vmem_pgpgin[0]; + dpgpgout = nr_vmem_pgpgout[1] - nr_vmem_pgpgout[0]; + dpgmajfault = nr_vmem_pgmajfault[1] - nr_vmem_pgmajfault[0]; + + perfdata_vmem_msg = + xasprintf (", vmem_pageins/s=%lu, vmem_pageouts/s=%lu, " + "vmem_pgmajfault/s=%lu", dpgpgin, dpgpgout, dpgmajfault); + } + + /* Note: we should perhaps implement the following tests instead: + * 1. The Main Memory Test + * (MemFree + Buffers + Cached) / MemTotal < threshold + * 2. The Page Fault Test + * Major pagefaults > threshold + * + * See. http://doc.qt.digia.com/qtextended4.4/syscust-oom.html */ + + if (kb_mem_main_total != 0) + mem_percent = ((*kb_mem_monitored) * 100.0 / kb_mem_main_total); + status = get_status (mem_percent, my_threshold); + + char *mem_monitored_warning = NULL, + *mem_monitored_critical = NULL; + unsigned long long warning_limit, critical_limit; + + if (0 == (get_perfdata_limit_converted + (my_threshold->warning, kb_mem_main_total, shift, &warning_limit, true))) + mem_monitored_warning = xasprintf ("%llu", warning_limit); + if (0 == (get_perfdata_limit_converted + (my_threshold->critical, kb_mem_main_total, shift, + &critical_limit, true))) + mem_monitored_critical = xasprintf ("%llu", critical_limit); + + /* performance data format: + * 'label'=value[UOM];[warn];[crit];[min];[max] */ + bool add_perfdata = (kb_mem_monitored == &kb_mem_main_available); + perfdata_memavailable_msg = + xasprintf ("mem_available=%llu%s;%s;%s;0;%llu", + UNIT_STR (kb_mem_main_available), + (add_perfdata + && mem_monitored_warning) ? mem_monitored_warning : "", + (add_perfdata + && mem_monitored_critical) ? mem_monitored_critical : "", + UNIT_CONVERT (kb_mem_main_total, shift)); + + add_perfdata = (kb_mem_monitored == &kb_mem_main_used); + perfdata_memused_msg = + xasprintf ("mem_used=%llu%s;%s;%s;0;%llu", + UNIT_STR (kb_mem_main_used), + (add_perfdata + && mem_monitored_warning) ? mem_monitored_warning : "", + (add_perfdata && + mem_monitored_critical) ? mem_monitored_critical : "", + UNIT_CONVERT (kb_mem_main_total, shift)); + + status_msg = + xasprintf ("%s: %.2f%% (%llu %s) %s", + state_text (status), mem_percent, UNIT_STR (*kb_mem_monitored), + (kb_mem_monitored == &kb_mem_main_available) ? + "available" : "used"); + + free (my_threshold); + + perfdata_mem_msg = + xasprintf ("mem_total=%llu%s %s mem_free=%llu%s " + "mem_shared=%llu%s mem_buffers=%llu%s mem_cached=%llu%s %s " + "mem_active=%llu%s mem_anonpages=%llu%s mem_committed=%llu%s " + "mem_dirty=%llu%s mem_inactive=%llu%s" + , UNIT_STR (kb_mem_main_total) + , perfdata_memused_msg + , UNIT_STR (kb_mem_main_free) + , UNIT_STR (kb_mem_main_shared) + , UNIT_STR (kb_mem_main_buffers) + , UNIT_STR (kb_mem_main_cached) + , perfdata_memavailable_msg + , UNIT_STR (kb_mem_active) + , UNIT_STR (kb_mem_anon_pages) + , UNIT_STR (kb_mem_committed_as) + , UNIT_STR (kb_mem_dirty) + , UNIT_STR (kb_mem_inactive)); + + printf ("%s %s | %s%s\n", program_name_short, status_msg, + perfdata_mem_msg, perfdata_vmem_msg); + + proc_sysmem_unref (sysmem); + proc_vmem_unref (vmem); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_multipath.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_multipath.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_multipath.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_multipath.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,285 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2013,2015 Davide Madrisan + * + * A Nagios plugin to check multipath topology. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "system.h" + +static bool verbose = false; +static const char *multipathd_socket = MULTIPATHD_SOCKET; + +static const char *program_copyright = + "Copyright (C) 2013,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks the multipath topology status.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [OPTION]...\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static size_t +write_all (int fd, const void *buf, size_t len) +{ + size_t total = 0; + + while (len) + { + ssize_t n = write (fd, buf, len); + if (n < 0) + { + if ((errno == EINTR) || (errno == EAGAIN)) + continue; + return total; + } + if (!n) + return total; + + buf = n + (char *) buf; + len -= n; + total += n; + } + + return total; +} + +static size_t +read_all (int fd, void *buf, size_t len) +{ + size_t total = 0; + + while (len) + { + ssize_t n = read (fd, buf, len); + if (n < 0) + { + if ((errno == EINTR) || (errno == EAGAIN)) + continue; + return total; + } + if (!n) + return total; + + buf = n + (char *) buf; + len -= n; + total += n; + } + + return total; +} + +static int +multipathd_connect (void) +{ + int fd, len; + union + { + struct sockaddr addr; + struct sockaddr_un ux; + } u; + + memset (&u.ux, 0, sizeof (u.ux)); + u.ux.sun_family = AF_LOCAL; + + if (multipathd_socket[0] == '@') + { + /* the multipath socket held in an abstract namespace */ + len = strlen (multipathd_socket) + sizeof (sa_family_t); + strncpy (u.ux.sun_path, multipathd_socket, len); + u.ux.sun_path[0] = '\0'; + } + else + { + strncpy (u.ux.sun_path, multipathd_socket, sizeof (u.ux.sun_path)); + u.ux.sun_path[sizeof (u.ux.sun_path) - 1] = 0; + len = sizeof (u.ux); + } + + fd = socket (AF_LOCAL, SOCK_STREAM, 0); + if (fd == -1) + return -1; + + if (connect (fd, &u.addr, len) == -1) + { + close (fd); + return -1; + } + + return fd; +} + +static void +multipathd_query (const char *query, char *buf, size_t bufsize) +{ + int sock; + size_t len = strlen (query) + 1; + + if ((sock = multipathd_connect ()) < 0) + plugin_error (STATE_UNKNOWN, errno, "cannot connect to %s", + multipathd_socket); + + if (write_all (sock, &len, sizeof (len)) != sizeof (len)) + plugin_error (STATE_UNKNOWN, 0, "failed to send message to multipathd"); + + if (write_all (sock, query, len) != len) + plugin_error (STATE_UNKNOWN, 0, "failed to send message to multipathd"); + + if (read_all (sock, &len, sizeof (len)) != sizeof (len)) + plugin_error (STATE_UNKNOWN, 0, + "failed to receive message from multipathd"); + + if (len > bufsize) + plugin_error (STATE_UNKNOWN, 0, "reply from multipathd too long"); + + if (read_all (sock, buf, len) != len) + plugin_error (STATE_UNKNOWN, 0, + "failed to receive message from multipathd"); + + close (sock); +} + +static int +check_for_faulty_paths (char *buf, size_t bufsize) +{ + char *str1, *saveptr1; + char *dm_st_ok_pattern = "[ \t]+\\[?active\\]?[ \t]*\\[?ready\\]?[ \t]+"; + int rc, row, faulty_paths = 0; + regex_t regex; + + if ((rc = regcomp (®ex, dm_st_ok_pattern, REG_EXTENDED | REG_NOSUB))) + { + regerror (rc, ®ex, buf, bufsize); + plugin_error (STATE_UNKNOWN, 0, "regcomp() failed: %s", buf); + } + + /* data format: + * hcil dev dev_t pri dm_st chk_st next_check + * ex: 4:0:0:0 sdb 8:16 10 [active][ready] XXX....... 7/20 + * -or- + * hcil dev dev_t pri dm_st chk_st dev_st next_check + * ex: 6:0:0:0 sdf 8:80 1 active ready running XXXX...... 9/20 */ + + for (row = 1, str1 = buf;; row++, str1 = NULL) + { + char *token = strtok_r (str1, "\n", &saveptr1); + if (token == NULL) + break; + if (verbose) + printf ("%s\n", token); + if (row > 1 && regexec (®ex, token, (size_t) 0, NULL, 0)) + { + faulty_paths++; + if (verbose) + printf (" \\ faulty path detected!\n"); + } + } + + /* free memory allocated to the pattern buffer by regcomp() */ + regfree (®ex); + return faulty_paths; +} + +int +main (int argc, char **argv) +{ + int c, faulty_paths; + enum { bufsize = 10240 }; + static char buffer[bufsize]; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, "v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (getuid () != 0) + plugin_error (STATE_UNKNOWN, 0, "need to be root"); + + multipathd_query ("show paths", buffer, sizeof (buffer)); + faulty_paths = check_for_faulty_paths (buffer, bufsize); + + if (faulty_paths > 0) + { + printf ("%s %s: found %d faulty path(s)\n", program_name_short, + state_text (STATE_CRITICAL), faulty_paths); + + return STATE_CRITICAL; + } + + printf ("%s %s\n", program_name_short, state_text (STATE_OK)); + + return STATE_OK; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_nbprocs.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_nbprocs.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_nbprocs.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_nbprocs.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,151 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015 Davide Madrisan + * + * A Nagios plugin that displays the number of running processes per user. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "processes.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "threads", no_argument, NULL, 't'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin displays the number of running processes per user.\n", + out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-w COUNTER ] [-c COUNTER]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -t, --threads display the number of threads\n", out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s\n", program_name); + fprintf (out, " %s --threads -w 1500 -c 2000\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +int +main (int argc, char **argv) +{ + int c; + unsigned int nbprocs_flags = NBPROCS_NONE; + char *critical = NULL, *warning = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + struct procs_list_node *procs_list, *node; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 't': + nbprocs_flags |= NBPROCS_THREADS; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + nbprocs_flags |= NBPROCS_VERBOSE; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + procs_list = procs_list_getall (nbprocs_flags); + + status = get_status (procs_list_node_get_total_procs_nbr (procs_list), + my_threshold); + free (my_threshold); + + printf ("%s %s - %ld running processes | ", + program_name_short, state_text (status), + procs_list_node_get_total_procs_nbr (procs_list)); + + proc_list_node_foreach (node, procs_list) +#ifdef RLIMIT_NPROC + /* 'label'=value[UOM];[warn];[crit];[min];[max] */ + printf ("nbr_%s=%ld;%lu;%lu;0 ", procs_list_node_get_username (node), + procs_list_node_get_nbr (node), + procs_list_node_get_rlimit_nproc_soft (node), + procs_list_node_get_rlimit_nproc_hard (node)); +#else + printf ("nbr_%s=%ld ", procs_list_node_get_username (node), + procs_list_node_get_nbr (node)); +#endif + putchar ('\n'); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_network.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_network.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_network.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_network.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,488 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015,2020 Davide Madrisan + * + * A Nagios plugin that displays some network interfaces.statistics. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#ifdef HAVE_LINUX_IF_LINK_H +# include +#else +# include +#endif +#include + +#include "common.h" +#include "logging.h" +#include "messages.h" +#include "netinfo.h" +#include "progname.h" +#include "progversion.h" +#include "string-macros.h" +#include "system.h" +#include "thresholds.h" +#include "xalloc.h" +#include "xasprintf.h" +#include "xstrton.h" + +#define MAX_PRINTED_INTERFACES 5 + +static const char *program_copyright = + "Copyright (C) 2014,2015,2020 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "check-link", no_argument, NULL, 'k'}, + {(char *) "ifname", required_argument, NULL, 'i'}, + {(char *) "ifname-debug", no_argument, NULL, 0}, + {(char *) "no-bytes", no_argument, NULL, 'b'}, + {(char *) "no-collisions", no_argument, NULL, 'C'}, + {(char *) "no-drops", no_argument, NULL, 'd'}, + {(char *) "no-errors", no_argument, NULL, 'e'}, + {(char *) "no-loopback", no_argument, NULL, 'l'}, + {(char *) "no-multicast", no_argument, NULL, 'm'}, + {(char *) "no-packets", no_argument, NULL, 'p'}, + {(char *) "no-wireless", no_argument, NULL, 'W'}, + {(char *) "perc", no_argument, NULL, '%'}, + {(char *) "rx-only", no_argument, NULL, 'r'}, + {(char *) "tx-only", no_argument, NULL, 't'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +typedef enum network_check +{ + CHECK_BYTES, + CHECK_DEFAULT = CHECK_BYTES, + CHECK_COLLISIONS, + CHECK_DROPPED, + CHECK_ERRORS, + CHECK_MULTICAST +} network_check; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin displays some network interfaces statistics.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-klW] [-bCdemp] [-i ] [delay]\n", + program_name); + fprintf (out, " %s [-klW] [-bCdemp] [-i ] --ifname-debug\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -i, --ifname only display interfaces matching a regular " + "expression\n", out); + fputs (" --ifname-debug display the list of metric keys and exit\n", + out); + fputs (" -k, --check-link report an error if at least a link is down\n", + out); + fputs (" -l, --no-loopback skip the loopback interface\n", out); + fputs (" -W, --no-wireless skip the wireless interfaces\n", out); + fputs (" -%, --perc return percentage metrics if possible\n", + out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " delay is the delay between the two network snapshots " + "in seconds (default: %dsec)\n", DELAY_DEFAULT); + fputs (" By default all the counters are reported in the output but it's " + "possible to select a subset of them:\n", out); + fputs (" -b --no-bytes omit the rx/tx bytes counter from perfdata\n", + out); + fputs (" -C, --no-collisions omit the collisions counter from perfdata\n", + out); + fputs (" -d --no-drops omit the rx/tx drop counters from perfdata\n", + out); + fputs (" -e --no-errors omit the rx/tx errors counters " + "from perfdata\n", out); + fputs (" -m, --no-multicast omit the multicast counter from perfdata\n", + out); + fputs (" -p, --no-packets omit the rx/tx packets counter from " + "perfdata\n", out); + fputs (" -r, --rx-only consider the received traffic only in " + "the thresholods\n", out); + fputs (" -t, --tx-only consider the transmitted traffic only in " + "the thresholds\n", out); + fputs (USAGE_NOTE, out); + fputs (" - The option --ifname supports the POSIX Extended Regular Expression " + "syntax.\n", out); + fputs (" See: https://man7.org/linux/man-pages/man7/regex.7.html\n", out); + fputs (" - You cannot select both the options r/rx-only and t/tx-only.\n", + out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s\n", program_name); + fprintf (out, " %s --check-link --ifname \"^(enp|eth)\" 15\n", program_name); + fprintf (out, " %s --check-link --ifname ^wlp --warning 645120 15\n", + program_name); + fprintf (out, " %s --ifname \"^(enp|wlp)\" --ifname-debug -Cdm\n", + program_name); + fprintf (out, " %s --perc --ifname \"^(enp|eth)\" -w 80%% 15\n", + program_name); + fprintf (out, " %s --no-loopback --no-wireless 15\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static inline unsigned int +get_threshold_metric (unsigned int tx, unsigned int rx, + bool tx_only, bool rx_only) +{ + dbg ("call to get_threshold_metric " + "with tx:%u rx:%u, tx_only:%s, rx_only:%s\n" + , tx, rx + , tx_only ? "true" : "false" + , rx_only ? "true" : "false"); + return (tx_only ? 0 : rx) + + (rx_only ? 0 : tx); +} + +/* performance data format: + * 'label'=value[UOM];[warn];[crit];[min];[max] */ +static inline double +ratio_over_speed (unsigned int counter, unsigned long long speed) +{ + return (double)(100.0 / speed) * counter; +} + +static inline char * +fmt_perfdata_bytes (const char *ifname, const char *label, + unsigned int counter, unsigned long long speed, bool perc) +{ + char *perfdata; + + if (perc && (speed > 0)) + { + double counter_perc = ratio_over_speed (counter, speed); + perfdata = + xasprintf ("%s_%s/s=%.2f%%;;;0;100.0", ifname, label, counter_perc); + } + else if (!perc && (speed > 0)) + perfdata = xasprintf("%s_%s/s=%u;;;0;%llu", ifname, label, counter, speed); + else + perfdata = xasprintf ("%s_%s/s=%u", ifname, label, counter); + + return perfdata; +} + +int +main (int argc, char **argv) +{ + int c, option_index = 0; + nagstatus status; + bool ifname_debug = false, + pd_bytes = true, + pd_collisions = true, + pd_drops = true, + pd_errors = true, + pd_multicast = true, + pd_packets = true, + report_perc = false, + rx_only = false, + tx_only = false; + char *p = NULL, *plugin_progname, + *critical = NULL, *warning = NULL, + *bp, *ifname_regex = NULL; + size_t size; + unsigned int options = 0; + unsigned long delay, len; + FILE *perfdata; + network_check check = CHECK_DEFAULT; + thresholds *my_threshold = NULL; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "Cc:bdei:klmpWw:%" GETOPT_HELP_VERSION_STRING, + longopts, &option_index)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 0: + if (STREQ (longopts[option_index].name, "ifname-debug")) + ifname_debug = true; + break; + case 'b': + options |= NO_BYTES; + pd_bytes = false; + break; + case 'C': + options |= NO_COLLISIONS; + pd_collisions = false; + break; + case 'c': + critical = optarg; + break; + case 'd': + options |= NO_DROPS; + pd_drops = false; + break; + case 'e': + options |= NO_ERRORS; + pd_errors = false; + break; + case 'i': + ifname_regex = xstrdup (optarg); + break; + case 'k': + options |= CHECK_LINK; + break; + case 'l': + options |= NO_LOOPBACK; + break; + case 'm': + options |= NO_MULTICAST; + pd_multicast = false; + break; + case 'p': + options |= NO_PACKETS; + pd_packets = false; + break; + case 'r': + options |= RX_ONLY; + rx_only = true; + break; + case 't': + options |= TX_ONLY; + tx_only = true; + break; + case 'W': + options |= NO_WIRELESS; + break; + case 'w': + warning = optarg; + break; + case '%': + report_perc = true; + break; + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + delay = ifname_debug ? 0 : DELAY_DEFAULT; + if (optind < argc) + { + if (ifname_debug) + usage (stderr); + + delay = strtol_or_err (argv[optind++], "failed to parse argument"); + if (delay < 1) + plugin_error (STATE_UNKNOWN, 0, "delay must be positive integer"); + else if (DELAY_MAX < delay) + plugin_error (STATE_UNKNOWN, 0, + "too large delay value (greater than %d)", DELAY_MAX); + } + + if (tx_only && rx_only) + usage (stderr); + + len = strlen (program_name); + if (len > 6 && STRPREFIX (program_name, "check_")) + p = (char *) program_name + 6; + else + plugin_error (STATE_UNKNOWN, 0, + "bug: the plugin does not have a standard name"); + + if (STRPREFIX (p, "network_collisions")) + { + check = CHECK_COLLISIONS; + if (!pd_collisions) + usage (stderr); + plugin_progname = xstrdup ("network collisions"); + } + else if (STRPREFIX (p, "network_dropped")) + { + check = CHECK_DROPPED; + if (!pd_drops) + usage (stderr); + plugin_progname = xstrdup ("network dropped"); + } + else if (STRPREFIX (p, "network_errors")) + { + check = CHECK_ERRORS; + if (!pd_errors) + usage (stderr); + plugin_progname = xstrdup ("network errors"); + } + else if (STRPREFIX (p, "network_multicast")) + { + check = CHECK_MULTICAST; + if (!pd_multicast) + usage (stderr); + plugin_progname = xstrdup ("network multicast"); + } + else + plugin_progname = xstrdup ("network"); + + unsigned int ninterfaces; + struct iflist *ifl, *iflhead = + netinfo (options, ifname_regex, delay, &ninterfaces); + + /* just print the list of matching interfaces and exit */ + if (ifname_debug) + { + print_ifname_debug (iflhead, options); + exit (STATE_UNKNOWN); + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + perfdata = open_memstream (&bp, &size); + status = STATE_OK; + + iflist_foreach (ifl, iflhead) + { + const char *ifname = iflist_get_ifname (ifl); + double counter; + unsigned long long speed = + (iflist_get_speed (ifl) > 0) ? iflist_get_speed (ifl) * 1000*1000/8 : 0; + nagstatus iface_status; + + /* If the output in percentages is selected and a thresholds has been + * set, but the interface is down or its physical speed is not + * available, make the plugin exit with an unknown state. + * Otherwise the thresholds will be used for percentages and counters + * which does not make sense. */ + if (report_perc && (warning || critical) && !(speed > 0)) + plugin_error (STATE_UNKNOWN, 0, + "metrics of %s cannot be converted into percentages%s" + , ifname + , if_flags_UP (iflist_get_flags (ifl)) + && if_flags_RUNNING (iflist_get_flags (ifl)) ? + (0 == speed ? + ": physical speed is not available" : "") + : ": link is not UP/RUNNING"); + if (DUPLEX_HALF == iflist_get_duplex (ifl)) + speed /= 2; + + switch (check) + { + default: + counter = get_threshold_metric (iflist_get_tx_bytes (ifl), + iflist_get_rx_bytes (ifl), + tx_only, rx_only); + if (report_perc && speed > 0) + counter = ratio_over_speed (counter, speed); + break; + case CHECK_COLLISIONS: + counter = iflist_get_collisions (ifl); + break; + case CHECK_DROPPED: + counter = get_threshold_metric (iflist_get_tx_dropped (ifl), + iflist_get_rx_dropped (ifl), + tx_only, rx_only); + break; + case CHECK_ERRORS: + counter = get_threshold_metric (iflist_get_tx_errors (ifl), + iflist_get_rx_errors (ifl), + tx_only, rx_only); + break; + case CHECK_MULTICAST: + counter = iflist_get_multicast (ifl); + break; + } + dbg ("threshold counter: %g with w:%s c:%s\n" + , counter + , warning ? warning : "unset" + , critical ? critical : "unset"); + + iface_status = get_status (counter, my_threshold); + if (iface_status > status) + status = iface_status; + + if (pd_bytes) + { + char *perfdata_txbyte = + fmt_perfdata_bytes (ifname, "txbyte", iflist_get_tx_bytes (ifl), + speed, report_perc); + char *perfdata_rxbyte = + fmt_perfdata_bytes (ifname, "rxbyte", iflist_get_rx_bytes (ifl), + speed, report_perc); + fprintf (perfdata, "%s %s ", perfdata_txbyte, perfdata_rxbyte); + free (perfdata_txbyte); + free (perfdata_rxbyte); + } + if (pd_errors) + fprintf (perfdata + , "%s_txerr/s=%u %s_rxerr/s=%u " + , ifname, iflist_get_tx_errors (ifl) + , ifname, iflist_get_rx_errors (ifl)); + if (pd_drops) + fprintf (perfdata + , "%s_txdrop/s=%u %s_rxdrop/s=%u " + , ifname, iflist_get_tx_dropped (ifl) + , ifname, iflist_get_rx_dropped (ifl)); + if (pd_packets) + fprintf (perfdata + , "%s_txpck/s=%u %s_rxpck/s=%u " + , ifname, iflist_get_tx_packets (ifl) + , ifname, iflist_get_rx_packets (ifl)); + if (pd_collisions) + fprintf (perfdata, "%s_coll/s=%u " + , ifname, iflist_get_collisions (ifl)); + if (pd_multicast) + fprintf (perfdata, "%s_mcast/s=%u " + , ifname, iflist_get_multicast (ifl)); + } + + fclose (perfdata); + + if (ninterfaces < 1) + status = STATE_UNKNOWN; + + int i = 0; + printf ("%s %s - found %u interface(s): " + , plugin_progname + , state_text (status) + , ninterfaces); + iflist_foreach (ifl, iflhead) + if (i++ < MAX_PRINTED_INTERFACES) + printf ("%s%s", i < 2 ? "" : ",", iflist_get_ifname (ifl)); + else + { + printf (",..."); + break; + } + printf (" | %s\n", bp); + + freeiflist (iflhead); + free (my_threshold); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_paging.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_paging.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_paging.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_paging.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,232 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015,2017 Davide Madrisan + * + * A Nagios plugin to check memory and swap paging on Linux. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "vminfo.h" +#include "xasprintf.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015,2017 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "paging", no_argument, NULL, 'p'}, + {(char *) "swapping", no_argument, NULL, 's'}, + {(char *) "swapping-only", no_argument, NULL, 'S'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks the memory and swap paging.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-s] [-S] [-w PAGES] [-c PAGES]\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -s, --swapping display also the swap reads and writes\n", out); + fputs (" -S, --swapping-only only display the swap reads and writes\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " PAGES is the sum of `pswpin' and `pswpout' per second,\n" + "\tif the command-line option `--swapping-only' " + "has been specified,\n" + "\tor the number of `majfault/s' otherwise.\n"); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s --swapping -w 10 -c 25\n", program_name); + fprintf (out, " %s --swapping-only -w 40 -c 60\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +typedef struct paging_data +{ + unsigned long dpgpgin; + unsigned long dpgpgout; + unsigned long dpgfault; + unsigned long dpgfree; + unsigned long dpgmajfault; + unsigned long dpgscand; + unsigned long dpgscank; + unsigned long dpgsteal; + unsigned long dpswpin; + unsigned long dpswpout; + unsigned long summary; +} paging_data_t; + +static void +get_paging_status (bool show_swapping, bool swapping_only, + paging_data_t *paging) +{ + struct proc_vmem *vmem = NULL; + unsigned long nr_vmem_pgpgin[2], nr_vmem_pgpgout[2]; + unsigned long nr_vmem_pgfault[2]; + unsigned long nr_vmem_pgfree[2]; + unsigned long nr_vmem_pgmajfault[2]; + unsigned long nr_vmem_pgsteal[2]; + unsigned long nr_vmem_pgscand[2]; + unsigned long nr_vmem_pgscank[2]; + unsigned long nr_vmem_dpswpin[2], nr_vmem_dpswpout[2]; + unsigned int i, tog = 0, sleep_time = 1; + int err; + + err = proc_vmem_new (&vmem); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + for (i = 0; i < 2; i++) + { + proc_vmem_read (vmem); + + nr_vmem_pgpgin[tog] = proc_vmem_get_pgpgin (vmem); + nr_vmem_pgpgout[tog] = proc_vmem_get_pgpgout (vmem); + nr_vmem_pgfault[tog] = proc_vmem_get_pgfault (vmem); + nr_vmem_pgmajfault[tog] = proc_vmem_get_pgmajfault (vmem); + nr_vmem_pgfree[tog] = proc_vmem_get_pgfree (vmem); + nr_vmem_pgsteal[tog] = proc_vmem_get_pgsteal (vmem); + nr_vmem_pgscand[tog] = proc_vmem_get_pgscand (vmem); + nr_vmem_pgscank[tog] = proc_vmem_get_pgscank (vmem); + + nr_vmem_dpswpin[tog] = proc_vmem_get_pswpin (vmem); + nr_vmem_dpswpout[tog] = proc_vmem_get_pswpout (vmem); + + sleep (sleep_time); + tog = !tog; + } + + paging->dpgpgin = nr_vmem_pgpgin[1] - nr_vmem_pgpgin[0]; + paging->dpgpgout = nr_vmem_pgpgout[1] - nr_vmem_pgpgout[0]; + paging->dpgfault = nr_vmem_pgfault[1] - nr_vmem_pgfault[0]; + paging->dpgmajfault = nr_vmem_pgmajfault[1] - nr_vmem_pgmajfault[0]; + paging->dpgfree = nr_vmem_pgfree[1] - nr_vmem_pgfree[0]; + paging->dpgsteal = nr_vmem_pgsteal[1] - nr_vmem_pgsteal[0]; + paging->dpgscand = nr_vmem_pgscand[1] - nr_vmem_pgscand[0]; + paging->dpgscank = nr_vmem_pgscank[1] - nr_vmem_pgscank[0]; + + paging->dpswpin = nr_vmem_dpswpin[1] - nr_vmem_dpswpin[0]; + paging->dpswpout = nr_vmem_dpswpout[1] - nr_vmem_dpswpout[0]; + + paging->summary = + swapping_only ? (paging->dpswpin + + paging->dpswpout) : paging->dpgmajfault; + + proc_vmem_unref (vmem); +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + bool show_swapping = false; + bool swapping_only = false; + int c, status; + char *critical = NULL, *warning = NULL; + char *status_msg; + char *perfdata_paging_msg = NULL, *perfdata_swapping_msg = NULL; + set_program_name (argv[0]); + thresholds *my_threshold = NULL; + paging_data_t paging; + + while ((c = getopt_long (argc, argv, "psSc:w:" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'p': + /* show_paging = true; left for backward compatibility */ + break; + case 's': + show_swapping = true; + break; + case 'S': + swapping_only = true; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + get_paging_status (show_swapping, swapping_only, &paging); + + status = get_status (paging.summary, my_threshold); + free (my_threshold); + + status_msg = + xasprintf ("%s: %lu %s/s", state_text (status), paging.summary, + swapping_only ? "pswp" : "majfault"); + if (!swapping_only) + perfdata_paging_msg = + xasprintf ("vmem_pgpgin/s=%lu vmem_pgpgout/s=%lu vmem_pgfault/s=%lu " + "vmem_pgmajfault/s=%lu vmem_pgfree/s=%lu vmem_pgsteal/s=%lu " + "vmem_pgscand/s=%lu vmem_pgscank/s=%lu ", + paging.dpgpgin, paging.dpgpgout, paging.dpgfault, + paging.dpgmajfault, paging.dpgfree, paging.dpgsteal, + paging.dpgscand, paging.dpgscank); + if (show_swapping || swapping_only) + perfdata_swapping_msg = + xasprintf ("vmem_pswpin/s=%lu vmem_pswpout/s=%lu", + paging.dpswpin, paging.dpswpout); + + printf ("%s %s | %s%s\n", program_name_short, status_msg, + perfdata_paging_msg ? perfdata_paging_msg : "", + perfdata_swapping_msg ? perfdata_swapping_msg : ""); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_podman.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_podman.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_podman.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_podman.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,262 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A Nagios plugin that returns some runtime metrics of Podman containers. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include + +#include "common.h" +#include "container_podman.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "units.h" +#include "xasprintf.h" +#include "xalloc.h" + +static const char *program_copyright = + "Copyright (C) 2020 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "block-in", no_argument, NULL, 'l'}, + {(char *) "block-out", no_argument, NULL, 'L'}, + {(char *) "cpu", no_argument, NULL, 'C'}, + {(char *) "memory", no_argument, NULL, 'M'}, + {(char *) "memory-perc", no_argument, NULL, '%'}, + {(char *) "net-in", no_argument, NULL, 'n'}, + {(char *) "net-out", no_argument, NULL, 'N'}, + {(char *) "pids", no_argument, NULL, 'p'}, + {(char *) "image", required_argument, NULL, 'i'}, + {(char *) "varlink-address", required_argument, NULL, 'a'}, + {(char *) "byte", no_argument, NULL, 'b'}, + {(char *) "kilobyte", no_argument, NULL, 'k'}, + {(char *) "megabyte", no_argument, NULL, 'm'}, + {(char *) "gigabyte", no_argument, NULL, 'g'}, + {(char *) "perc", no_argument, NULL, '%'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin returns some runtime metrics of Podman containers\n", + out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [--image IMAGE] [-w COUNTER] [-c COUNTER]\n", + program_name); + fprintf (out, " %s --block-in [-b,-k,-m,-g] [--image IMAGE] " + "[-w COUNTER] [-c COUNTER]\n", program_name); + fprintf (out, " %s --block-out [-b,-k,-m,-g] [--image IMAGE] " + "[-w COUNTER] [-c COUNTER]\n", program_name); + fprintf (out, " %s --cpu [--image IMAGE] [-w COUNTER] [-c COUNTER]\n", + program_name); + fprintf (out, " %s --memory [-b,-k,-m,-g] [--image IMAGE] [--perc] " + "[-w COUNTER] [-c COUNTER]\n", program_name); + fprintf (out, " %s --net-in [-b,-k,-m,-g] [--image IMAGE] " + "[-w COUNTER] [-c COUNTER]\n", program_name); + fprintf (out, " %s --net-out [-b,-k,-m,-g] [--image IMAGE] " + "[-w COUNTER] [-c COUNTER]\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs + (" -i, --image IMAGE limit the investigation only to the containers " + "running IMAGE\n", out); + fputs (" -l, --block-in return the block input metrics\n", out); + fputs (" -C, --cpu return the cpu percentage metrics\n", out); + fputs (" -L, --net-out return the block output metrics\n", out); + fputs (" -M, --memory return the runtime memory metrics\n", out); + fputs (" -n, --net-in return the network input metrics\n", out); + fputs (" -N, --net-out return the network output metrics\n", out); + fputs (" -p, --pids return the number of PIDs\n", out); + fputs (" 'b,-k,-m,-g " + "show output in bytes, KB (the default), MB, or GB\n", out); + fputs (" -%, --perc return the percentages when possible\n", out); + fputs + (" -a, --varlink-address ADDRESS varlink address " + "(default: " VARLINK_ADDRESS ")\n", out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_NOTE, out); + fputs (" Podman stats will not work in rootless environments that use " + "CGroups V1.\n", out); + fputs (" Rootless environments that use CGroups V2 are not able to report " + "statistics\n", out); + fputs (" about their networking usage.\n", out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -w 100 -c 120\n", program_name); + fprintf (out, " %s -i \"docker.io/library/nginx:latest\" -c 5:\n", + program_name); + fprintf (out, " %s --block-out -m\n", program_name); + fprintf (out, " %s --cpu\n", program_name); + fprintf (out, " %s --memory -k --perc\n", program_name); + fprintf (out, " %s --memory -m --image \"docker.io/library/nginx:latest\"\n", + program_name); + fprintf (out, " %s --net-in -k --image \"docker.io/library/redis:latest\"\n", + program_name); + fprintf (out, " %s --pids --warning 8:\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c, + check_selected = 0, + shift = k_shift; + bool report_perc = false; + char *image = NULL; + char *varlink_address = NULL; + char *critical = NULL, *warning = NULL; + char *status_msg, *perfdata_msg; + nagstatus status = STATE_OK; + podman_varlink_t *pv = NULL; + stats_type which_stats = unknown; + thresholds *my_threshold = NULL; + total_t total; + unsigned int containers; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "a:c:w:vi:lLnNMpbkmg%" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + case 'a': + varlink_address = optarg; + break; + case 'i': + image = optarg; + break; + case 'C': + which_stats = cpu_stats; + check_selected++; + break; + case 'l': + which_stats = block_in_stats; + check_selected++; + break; + case 'L': + which_stats = block_out_stats; + check_selected++; + break; + case 'M': + which_stats = memory_stats; + check_selected++; + break; + case 'n': + which_stats = network_in_stats; + check_selected++; + break; + case 'N': + which_stats = network_out_stats; + check_selected++; + break; + case 'p': + which_stats = pids_stats; + check_selected++; + break; + case 'b': shift = b_shift; break; + case 'k': shift = k_shift; break; + case 'm': shift = m_shift; break; + case 'g': shift = g_shift; break; + case '%': report_perc = true; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + default: + usage (stderr); + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (1 < check_selected) + usage (stderr); + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + podman_varlink_new (&pv, varlink_address); + + if (0 <= which_stats) + { + podman_stats (pv, which_stats, report_perc, &total, shift, image, + &status_msg, &perfdata_msg); + if (which_stats == cpu_stats) + status = get_status (total.lf, my_threshold); + else + status = get_status (total.llu, my_threshold); + printf ("%s: %s | %s\n", program_name_short + , status_msg + , perfdata_msg); + } + else + { + podman_running_containers (pv, &containers, image, &perfdata_msg); + status = get_status (containers, my_threshold); + status_msg = image ? + xasprintf ("%s: %u running container(s) of type \"%s\"", + state_text (status), containers, image) : + xasprintf ("%s: %u running container(s)", state_text (status), + containers); + + printf ("%s containers %s | %s\n", program_name_short + , status_msg + , perfdata_msg); + } + + free (my_threshold); + podman_varlink_unref (pv); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_pressure.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_pressure.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_pressure.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_pressure.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,230 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * A Nagios plugin that checks Linux Pressure Stall Information (PSI) data. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "pressure.h" +#include "progname.h" +#include "progversion.h" +#include "system.h" +#include "thresholds.h" +#include "xasprintf.h" +#include "xstrton.h" + +static const char *program_copyright = + "Copyright (C) 2020 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "cpu", no_argument, NULL, 'C'}, + {(char *) "full", no_argument, NULL, 'f'}, + {(char *) "io", no_argument, NULL, 'i'}, + {(char *) "memory", no_argument, NULL, 'm'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks Linux Pressure Stall Information (PSI) data.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s --cpu [-w COUNTER] [-c COUNTER] [delay]\n", program_name); + fprintf (out, " %s --io [--full] [-w COUNTER] [-c COUNTER] [delay]\n", + program_name); + fprintf (out, " %s --memory [--full] [-w COUNTER] [-c COUNTER] [delay]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -C, --cpu return the cpu pressure metrics\n", out); + fputs (" -i, --io return the io (block layer/filesystems) pressure " + "metrics\n", out); + fputs (" -m, --memory return the memory pressure metrics\n", out); + fputs (" -f, --full select the data labeled \"full\" to calculate " + "thresholds\n", out); + fputs (" instead of the one with \"some\" " + "(io and memory only)\n", out); + fputs (" -w, --warning COUNTER warning threshold (in microseconds/s)\n", + out); + fputs (" -c, --critical COUNTER critical threshold (in microseconds/s)\n", + out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fprintf (out, " \"delay\" is the delay in seconds between two proc reads " + "(default: %dsec)\n", DELAY_DEFAULT); + fputs (USAGE_NOTE, out); + fputs (" It requires at least a kernel 4.20, which provides this " + "information in the\n" + " /proc/pressure folder.\n", out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s --cpu\n", program_name); + fprintf (out, " %s --io\n", program_name); + fprintf (out, " %s --memory --full 100 2\n", program_name); + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +int +main (int argc, char **argv) +{ + bool threshold_full = false; + int c; + char *critical = NULL, *warning = NULL, + *status_msg, *perfdata_mem_msg, *prefix = NULL; + enum linux_psi_id pressure_mode = LINUX_PSI_NONE; + unsigned long delay; + unsigned long long starvation[2]; + struct proc_psi_oneline *psi_cpu = NULL; + struct proc_psi_twolines *psi = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + int (*proc_psi_read) (struct proc_psi_twolines **, + unsigned long long *, unsigned long) = NULL; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "Cimfc:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'C': + pressure_mode = LINUX_PSI_CPU; + break; + case 'c': + critical = optarg; + break; + case 'f': + threshold_full = true; + break; + case 'i': + prefix = "io"; + pressure_mode = LINUX_PSI_IO; + proc_psi_read = &proc_psi_read_io; + break; + case 'm': + prefix = "mem"; + pressure_mode = LINUX_PSI_MEMORY; + proc_psi_read = &proc_psi_read_memory; + break; + case 'w': + warning = optarg; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if ((LINUX_PSI_NONE == pressure_mode) || + (LINUX_PSI_CPU == pressure_mode && threshold_full)) + usage (stderr); + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + delay = DELAY_DEFAULT; + if (optind < argc) + { + delay = strtol_or_err (argv[optind++], "failed to parse argument"); + + if (delay < 1) + plugin_error (STATE_UNKNOWN, 0, "delay must be positive integer"); + else if (DELAY_MAX < delay) + plugin_error (STATE_UNKNOWN, 0, + "too large delay value (greater than %d)", DELAY_MAX); + } + + switch (pressure_mode) + { + default: + usage (stderr); + case LINUX_PSI_CPU: + proc_psi_read_cpu (&psi_cpu, &starvation[0], delay); + + status = get_status (starvation[0], my_threshold); + + status_msg = + xasprintf ("%s (CPU starvation) %s: %llu microsecs/s", + program_name_short, state_text (status), starvation[0]); + perfdata_mem_msg = + xasprintf ("cpu_avg10=%2.2lf%% cpu_avg60=%2.2lf%% cpu_avg300=%2.2lf%% " + "cpu_starvation/s=%llu" + , psi_cpu->avg10 + , psi_cpu->avg60 + , psi_cpu->avg300 + , starvation[0]); + break; + case LINUX_PSI_IO: + case LINUX_PSI_MEMORY: + proc_psi_read (&psi, &starvation[0], delay); + status = get_status (threshold_full ? starvation[1] : starvation[0], + my_threshold); + status_msg = + xasprintf ("%s (%s starvation) %s: some:%llu full:%llu microsecs/s" + , program_name_short + , pressure_mode == LINUX_PSI_IO ? "IO" : "Memory" + , state_text (status) + , starvation[0], starvation[1]); + perfdata_mem_msg = + xasprintf ("%s_some_avg10=%2.2lf%% %s_some_avg60=%2.2lf%% " + "%s_some_avg300=%2.2lf%% %s_some_starvation/s=%llu " + "%s_full_avg10=%2.2lf%% %s_full_avg60=%2.2lf%% " + "%s_full_avg300=%2.2lf%% %s_full_starvation/s=%llu " + , prefix, psi->some_avg10 + , prefix, psi->some_avg60 + , prefix, psi->some_avg300 + , prefix, starvation[0] + , prefix, psi->full_avg10 + , prefix, psi->full_avg60 + , prefix, psi->full_avg300 + , prefix, starvation[1]); + break; + } + + printf ("%s | %s\n", status_msg, perfdata_mem_msg); + free (my_threshold); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_readonlyfs.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_readonlyfs.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_readonlyfs.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_readonlyfs.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,381 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2013-2015 Davide Madrisan + * + * A Nagios plugin to check for readonly filesystems. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "string-macros.h" +#include "messages.h" +#include "mountlist.h" +#include "xalloc.h" +#include "progname.h" +#include "progversion.h" + +static const char *program_copyright = + "Copyright (C) 2013-2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +/* A file system type to display. */ + +struct fs_type_list +{ + char *fs_name; + struct fs_type_list *fs_next; +}; + +/* Linked list of file system types to display. + * If 'fs_select_list' is NULL, list all types. + * This table is generated dynamically from command-line options, + * rather than hardcoding into the program what it thinks are the + * valid file system types; let the user specify any file system type + * they want to, and if there are any file systems of that type, they + * will be shown. + * + * Some file system types: + * 4.2 4.3 ufs nfs swap ignore io vm efs dbg */ + +static struct fs_type_list *fs_select_list; + +/* Linked list of file system types to omit. + * If the list is empty, don't exclude any types. */ +static struct fs_type_list *fs_exclude_list; + +/* Linked list of mounted file systems. */ +static struct mount_entry *mount_list; + +/* If true, show even file systems with zero size or + uninteresting types. */ +static bool show_all_fs; + +/* If true, show only local file systems. */ +static bool show_local_fs; + +/* If true, show each file system corresponding to the + command line arguments. */ +static bool verbose = false; + +static struct option const longopts[] = { + {(char *) "all", no_argument, NULL, 'a'}, + {(char *) "local", no_argument, NULL, 'l'}, + {(char *) "type", required_argument, NULL, 'T'}, + {(char *) "exclude-type", required_argument, NULL, 'X'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks for readonly filesystems.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [OPTION]... [FILESYSTEM]...\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -a, --all include dummy file systems\n", out); + fputs (" -l, --local limit listing to local file systems\n", + out); + fputs (" -T, --type=TYPE limit listing to file systems of type TYPE\n", + out); + fputs (" -X, --exclude-type=TYPE " + "limit listing to file systems not of type TYPE\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -l -T ext3 -T ext4\n", program_name); + fprintf (out, " %s -l -X vfat\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +/* Add FSTYPE to the list of file system types to display. */ + +static void +add_fs_type (const char *fstype) +{ + struct fs_type_list *fsp; + + fsp = xmalloc (sizeof *fsp); + fsp->fs_name = (char *) fstype; + fsp->fs_next = fs_select_list; + fs_select_list = fsp; +} + +/* Is FSTYPE a type of file system that should be listed? */ + +static bool +selected_fstype (const char *fstype) +{ + const struct fs_type_list *fsp; + + if (fs_select_list == NULL || fstype == NULL) + return true; + for (fsp = fs_select_list; fsp; fsp = fsp->fs_next) + if (STREQ (fstype, fsp->fs_name)) + return true; + return false; +} + +/* Add FSTYPE to the list of file system types to be omitted. */ + +static void +add_excluded_fs_type (const char *fstype) +{ + struct fs_type_list *fsp; + + fsp = xmalloc (sizeof *fsp); + fsp->fs_name = (char *) fstype; + fsp->fs_next = fs_exclude_list; + fs_exclude_list = fsp; +} + +/* Is FSTYPE a type of file system that should be omitted? */ + +static bool +excluded_fstype (const char *fstype) +{ + const struct fs_type_list *fsp; + + if (fs_exclude_list == NULL || fstype == NULL) + return false; + for (fsp = fs_exclude_list; fsp; fsp = fsp->fs_next) + if (STREQ (fstype, fsp->fs_name)) + return true; + return false; +} + +static bool +skip_mount_entry (struct mount_entry *me) +{ + if (me->me_remote && show_local_fs) + return true; + + if (me->me_dummy && !show_all_fs) + return true; + + if (!selected_fstype (me->me_type) || excluded_fstype (me->me_type)) + return true; + + return false; +} + +static int +check_all_entries (char **ro_filesystems) +{ + struct mount_entry *me; + int status = STATE_OK; + char *p; + size_t len; + + for (me = mount_list; me; me = me->me_next) + { + if (skip_mount_entry (me)) + continue; + + if (verbose) + printf ("%-10s %s type %s (%s) %s\n", + me->me_devname, me->me_mountdir, me->me_type, me->me_opts, + (me->me_readonly) ? "<< read-only" : ""); + if (me->me_readonly) + { + if (*ro_filesystems == NULL) + *ro_filesystems = xstrdup (me->me_mountdir); + else + { + len = strlen (*ro_filesystems) + strlen (me->me_mountdir) + 2; + p = xrealloc (*ro_filesystems, len); + sprintf (p, "%s %s", *ro_filesystems, me->me_mountdir); + *ro_filesystems = p; + } + status = STATE_CRITICAL; + } + } + + return status; +} + +static int +check_entry (char const *name) +{ + struct mount_entry *me; + + if (name == NULL) + return STATE_OK; + + for (me = mount_list; me; me = me->me_next) + if (STREQ (me->me_mountdir, name)) + { + if (skip_mount_entry (me)) + return STATE_OK; + + if (verbose) + printf ("%-10s %s type %s (%s) %s\n", + me->me_devname, me->me_mountdir, me->me_type, me->me_opts, + (me->me_readonly) ? "<< read-only" : ""); + + if (me->me_readonly) + return STATE_CRITICAL; + } + + return STATE_OK; +} + +int +main (int argc, char **argv) +{ + int c, i; + int status = STATE_OK; + char *ro_filesystems = NULL; + + fs_select_list = NULL; + fs_exclude_list = NULL; + + show_local_fs = false; + show_all_fs = false; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "alT:X:v" GETOPT_HELP_VERSION_STRING, longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'a': + show_all_fs = true; + break; + case 'l': + show_local_fs = true; + break; + case 'T': + add_fs_type (optarg); + break; + case 'X': + add_excluded_fs_type (optarg); + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + /* Fail if the same file system type was both selected and excluded. */ + { + struct fs_type_list *fs_incl; + for (fs_incl = fs_select_list; fs_incl; fs_incl = fs_incl->fs_next) + { + struct fs_type_list *fs_excl; + for (fs_excl = fs_exclude_list; fs_excl; fs_excl = fs_excl->fs_next) + { + if (STREQ (fs_incl->fs_name, fs_excl->fs_name)) + plugin_error (STATE_UNKNOWN, 0, + "file system type `%s' both selected and " + "excluded", + fs_incl->fs_name); + } + } + } + + if (optind < argc) + { + /* Open each of the given entries to make sure any corresponding + * partition is automounted. This must be done before reading the + * file system table. */ + for (i = optind; i < argc; ++i) + { + int fd = open (argv[i], O_RDONLY | O_NOCTTY); + if (fd < 0) + plugin_error (STATE_UNKNOWN, 0, "cannot open `%s'", argv[i]); + close (fd); + } + } + + mount_list = + read_file_system_list ((fs_select_list != NULL + || fs_exclude_list != NULL || show_local_fs)); + + if (NULL == mount_list) + /* Couldn't read the table of mounted file systems. */ + plugin_error (STATE_UNKNOWN, 0, + "cannot read table of mounted file systems"); + + if (optind < argc) + { + for (i = optind; i < argc; ++i) + { + if (STATE_CRITICAL == check_entry (argv[i])) + status = STATE_CRITICAL; + else + argv[i] = NULL; + } + + printf ("%s %s", program_name_short, state_text (status)); + if (STATE_CRITICAL == status) + { + for (i = optind; i < argc; ++i) + if (argv[i]) + printf (" %s", argv[i]); + printf (" readonly!"); + } + + putchar ('\n'); + return status; + } + + status = check_all_entries (&ro_filesystems); + + if (STATE_CRITICAL == status) + { + printf ("%s %s: %s readonly!\n", program_name_short, state_text (status), + ro_filesystems); + free (ro_filesystems); + } + else + printf ("%s %s\n", program_name_short, state_text (status)); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_swap.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_swap.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_swap.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_swap.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,212 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015 Davide Madrisan + * + * A Nagios plugin to check the swap usage on unix. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * This software is based on the source code of the tool "free" (procps 3.2.8) + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "meminfo.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "units.h" +#include "vminfo.h" +#include "xalloc.h" +#include "xasprintf.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "vmstats", no_argument, NULL, 's'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "byte", no_argument, NULL, 'b'}, + {(char *) "kilobyte", no_argument, NULL, 'k'}, + {(char *) "megabyte", no_argument, NULL, 'm'}, + {(char *) "gigabyte", no_argument, NULL, 'g'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks the swap utilization.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-b,-k,-m,-g] [-s] -w PERC -c PERC\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -b,-k,-m,-g " + "show output in bytes, KB (the default), MB, or GB\n", out); + fputs (" -s, --vmstats display the virtual memory perfdata\n", out); + fputs (" -w, --warning PERCENT warning threshold\n", out); + fputs (" -c, --critical PERCENT critical threshold\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s --vmstats -w 30%% -c 50%%\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +int +main (int argc, char **argv) +{ + bool vmem_perfdata = false; + int c, status, err; + int shift = k_shift; + char *critical = NULL, *warning = NULL; + char *units = NULL; + char *status_msg; + char *perfdata_swap_msg, *perfdata_vmem_msg = NULL; + float percent_used = 0; + thresholds *my_threshold = NULL; + + struct proc_sysmem *sysmem = NULL; + unsigned long kb_swap_cached; + unsigned long kb_swap_free; + unsigned long kb_swap_total; + unsigned long kb_swap_used; + + struct proc_vmem *vmem = NULL; + unsigned long kb_swap_pageins[2]; + unsigned long kb_swap_pageouts[2]; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, "sc:w:bkmg" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 's': + vmem_perfdata = true; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'b': shift = b_shift; units = xstrdup ("B"); break; + case 'k': shift = k_shift; units = xstrdup ("kB"); break; + case 'm': shift = m_shift; units = xstrdup ("MB"); break; + case 'g': shift = g_shift; units = xstrdup ("GB"); break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (!thresholds_expressed_as_percentages (warning, critical)) + usage (stderr); + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + /* output in kilobytes by default */ + if (units == NULL) + units = xstrdup ("kB"); + + err = proc_sysmem_new (&sysmem); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + proc_sysmem_read (sysmem); + + kb_swap_cached = proc_sysmem_get_swap_cached (sysmem); + kb_swap_free = proc_sysmem_get_swap_free (sysmem); + kb_swap_total = proc_sysmem_get_swap_total (sysmem); + kb_swap_used = proc_sysmem_get_swap_used (sysmem); + + if (vmem_perfdata) + { + unsigned long dpswpin, dpswpout; + + err = proc_vmem_new (&vmem); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + proc_vmem_read (vmem); + kb_swap_pageins[0] = proc_vmem_get_pswpin (vmem); + kb_swap_pageouts[0] = proc_vmem_get_pswpout (vmem); + + sleep (1); + + proc_vmem_read (vmem); + kb_swap_pageins[1] = proc_vmem_get_pswpin (vmem); + kb_swap_pageouts[1] = proc_vmem_get_pswpout (vmem); + + dpswpin = kb_swap_pageins[1] - kb_swap_pageins[0]; + dpswpout = kb_swap_pageouts[1] - kb_swap_pageouts[0]; + + perfdata_vmem_msg = + xasprintf (", swap_pageins/s=%lu swap_pageouts/s=%lu", + dpswpin, dpswpout); + } + + if (kb_swap_total != 0) + percent_used = (kb_swap_used * 100.0 / kb_swap_total); + + status = get_status (percent_used, my_threshold); + free (my_threshold); + + status_msg = xasprintf ("%s: %.2f%% (%llu %s) used", state_text (status), + percent_used, UNIT_STR (kb_swap_used)); + + perfdata_swap_msg = + xasprintf ("swap_total=%llu%s swap_used=%llu%s swap_free=%llu%s " + /* The amount of swap, in kB, used as cache memory */ + "swap_cached=%llu%s", + UNIT_STR (kb_swap_total), UNIT_STR (kb_swap_used), + UNIT_STR (kb_swap_free), UNIT_STR (kb_swap_cached)); + + printf ("%s %s | %s%s\n", program_name_short, status_msg, perfdata_swap_msg, + vmem_perfdata ? perfdata_vmem_msg : ""); + + proc_vmem_unref (vmem); + proc_sysmem_unref (sysmem); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_tcpcount.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_tcpcount.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_tcpcount.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_tcpcount.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,188 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015 Davide Madrisan + * + * A Nagios plugin that displays TCP network and socket informations. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "tcpinfo.h" +#include "thresholds.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "tcp", no_argument, NULL, 't'}, + {(char *) "tcp6", no_argument, NULL, '6'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin displays TCP network and socket informations.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [--tcp] [--tcp6] [-w COUNTER] [-c COUNTER]\n", + program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -t, --tcp display the statistics for the TCP protocol " + "(the default)\n", out); + fputs (" -6, --tcp6 display the statistics for the TCPv6 protocol\n", + out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s --tcp -w 1000 -c 1500 # TCPv4 only (the default)\n", + program_name); + fprintf (out, " %s --tcp --tcp6 -w 1500 -c 2000 # TCPv4 and TCPv6\n", + program_name); + fprintf (out, " %s --tcp6 -w 1500 -c 2000 # TCPv6 only\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +int +main (int argc, char **argv) +{ + int c, err; + bool verbose = false; + unsigned int tcp_flags = TCP_UNSET; + char *critical = NULL, *warning = NULL; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + + struct proc_tcptable *tcptable = NULL; + unsigned long tcp_established; + unsigned long tcp_syn_sent; + unsigned long tcp_syn_recv; + unsigned long tcp_fin_wait1; + unsigned long tcp_fin_wait2; + unsigned long tcp_time_wait; + unsigned long tcp_close; + unsigned long tcp_close_wait; + unsigned long tcp_last_ack; + unsigned long tcp_listen; + unsigned long tcp_closing; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "t6c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 't': + tcp_flags |= TCP_v4; + break; + case '6': + tcp_flags |= TCP_v6; + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + if (tcp_flags == TCP_UNSET) + tcp_flags = TCP_v4; + + if (verbose) + tcp_flags |= TCP_VERBOSE; + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + err = proc_tcptable_new (&tcptable); + if (err < 0) + plugin_error (STATE_UNKNOWN, err, "memory exhausted"); + + proc_tcptable_read (tcptable, tcp_flags); + + tcp_established = proc_tcp_get_tcp_established (tcptable); + tcp_syn_sent = proc_tcp_get_tcp_syn_sent (tcptable); + tcp_syn_recv = proc_tcp_get_tcp_syn_recv (tcptable); + tcp_fin_wait1 = proc_tcp_get_tcp_fin_wait1 (tcptable); + tcp_fin_wait2 = proc_tcp_get_tcp_fin_wait2 (tcptable); + tcp_time_wait = proc_tcp_get_tcp_time_wait (tcptable); + tcp_close = proc_tcp_get_tcp_close (tcptable); + tcp_close_wait = proc_tcp_get_tcp_close_wait (tcptable); + tcp_last_ack = proc_tcp_get_tcp_last_ack (tcptable); + tcp_listen = proc_tcp_get_tcp_listen (tcptable); + tcp_closing = proc_tcp_get_tcp_closing (tcptable); + + proc_tcptable_unref (tcptable); + + status = get_status (tcp_established, my_threshold); + free (my_threshold); + + printf ("%s %s - %lu tcp established | " + "tcp_established=%lu tcp_syn_sent=%lu tcp_syn_recv=%lu " + "tcp_fin_wait1=%lu tcp_fin_wait2=%lu tcp_time_wait=%lu " + "tcp_close=%lu tcp_close_wait=%lu tcp_last_ack=%lu " + "tcp_listen=%lu tcp_closing=%lu\n", + program_name_short, state_text (status), tcp_established, + tcp_established, tcp_syn_sent, tcp_syn_recv, + tcp_fin_wait1, tcp_fin_wait2, tcp_time_wait, + tcp_close, tcp_close_wait, tcp_last_ack, + tcp_listen, tcp_closing); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_temperature.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_temperature.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_temperature.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_temperature.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,214 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014-2021 Davide Madrisan + * + * A Nagios plugin that monitors the hardware's temperature. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * Based on the code of the acpiclient tool: + * + * + * See also the official kernel documentation: + * + */ + +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "sysfsparser.h" +#include "thresholds.h" +#include "xalloc.h" + +enum +{ + TEMP_KELVIN, + TEMP_CELSIUS, + TEMP_FAHRENHEIT +}; + +static const char *program_copyright = + "Copyright (C) 2014-2021 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "fahrenheit", required_argument, NULL, 'f'}, + {(char *) "kelvin", required_argument, NULL, 'k'}, + {(char *) "list", no_argument, NULL, 'l'}, + {(char *) "thermal_zone", required_argument, NULL, 't'}, + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin monitors the hardware's temperature.\n", out); + fprintf (out, "It requires the sysfs tree %s to be mounted and readable.\n", + sysfsparser_thermal_sysfs_path ()); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-f|-k] [-t ] " + "[-w COUNTER] [-c COUNTER]\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -f, --fahrenheit use fahrenheit as the temperature unit\n", out); + fputs (" -k, --kelvin use kelvin as the temperature unit\n", out); + fputs (" -l, --list list all the thermal sensors reported by the" + " kernel\n", out); + fputs (" -t, --thermal_zone only consider a specific thermal zone\n", out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_NOTE, out); + fputs (" If the option '-t|--thermal_zone' is not specified, then the" + " thermal zone\n" + " with the highest temperature is selected. Note that this zone" + " may change\n" + " at each plugin execution.\n", out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s --list\n", program_name); + fprintf (out, " %s -w 80 -c 90\n", program_name); + fprintf (out, " %s -t 0 -w 80 -c 90\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static double +get_real_temp (unsigned long temperature, char **scale, int temp_units) +{ + double real_temp = (double) temperature / 1000.0; + const double absolute_zero = 273.1; + + switch (temp_units) + { + case TEMP_CELSIUS: + *scale = "°C"; + break; + case TEMP_FAHRENHEIT: + real_temp = (real_temp * 1.8) + 32; + *scale = "°F"; + break; + case TEMP_KELVIN: + default: + real_temp += absolute_zero; + *scale = "°K"; + break; + } + + return (real_temp); +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c, temperature_unit = TEMP_CELSIUS; + unsigned int thermal_zone, selected_thermal_zone = ALL_THERMAL_ZONES; + char *critical = NULL, *warning = NULL, + *end, *type, *scale; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "fklt:c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'f': + temperature_unit = TEMP_FAHRENHEIT; + break; + case 'k': + temperature_unit = TEMP_KELVIN; + break; + case 'l': + sysfsparser_thermal_listall (); + return STATE_UNKNOWN; + case 't': + errno = 0; + selected_thermal_zone = strtoul (optarg, &end, 10); + if (errno != 0 || optarg == end || (end != NULL && *end != '\0')) + plugin_error (STATE_UNKNOWN, 0, + "the option '-t' requires an integer"); + break; + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + int max_temp = + sysfsparser_thermal_get_temperature (selected_thermal_zone, + &thermal_zone, &type); + double real_temp = get_real_temp (max_temp, &scale, temperature_unit); + + status = get_status (real_temp, my_threshold); + free (my_threshold); + + printf ("%s %s - +%.1f%s (thermal zone: %u [%s], type: \"%s\") | temp=%u%c", + program_name_short, state_text (status), real_temp, scale, + thermal_zone, sysfsparser_thermal_get_device (thermal_zone), + type ? type : "n/a", (unsigned int) real_temp, + (temperature_unit == TEMP_KELVIN) ? 'K' : + (temperature_unit == TEMP_FAHRENHEIT) ? 'F' : 'C'); + + /* check for the related critical temperature, if any */ + int crit_temp = + sysfsparser_thermal_get_critical_temperature (thermal_zone) / 1000; + if (crit_temp > 0 && ALL_THERMAL_ZONES != selected_thermal_zone) + printf (";0;%d", crit_temp); + + putchar ('\n'); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_uptime.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_uptime.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_uptime.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_uptime.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,203 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2010-2019 Davide Madrisan + * + * A Nagios plugin to check how long the system has been running. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include +#if HAVE_SYS_SYSINFO_H +# include +#endif +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" +#include "xasprintf.h" + +static const char *program_copyright = + "Copyright (C) 2010-2019 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +#define BUFSIZE 0x80 +static char buf[BUFSIZE + 1]; + +static struct option const longopts[] = { +#if HAVE_CLOCK_GETTIME_MONOTONIC + {(char *) "clock-monotonic", no_argument, NULL, 'm'}, +#endif + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin checks how long the system has been running.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [OPTION]\n", program_name); + fputs (USAGE_OPTIONS, out); +#if HAVE_CLOCK_GETTIME_MONOTONIC + fputs (" -m, --clock-monotonic " + "use the monotonic clock for retrieving the time\n", out); +#endif + fputs (" -w, --warning MINUTES warning threshold\n", out); + fputs (" -c, --critical MINUTES critical threshold\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s\n", program_name); + fprintf (out, " %s --critical 15: --warning 30:\n", program_name); +#if HAVE_CLOCK_GETTIME_MONOTONIC + fprintf (out, " %s --clock-monotonic -c 15: -w 30:\n", program_name); +#endif + fputs (USAGE_SEPARATOR, out); + fputs (USAGE_THRESHOLDS, out); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +static double +uptime_sysinfo () +{ + struct sysinfo info; + + if (0 != sysinfo (&info)) + plugin_error (STATE_UNKNOWN, errno, "cannot get the system uptime"); + + return info.uptime; +} + +#if HAVE_CLOCK_GETTIME_MONOTONIC +static double +uptime_clock_monotonic () +{ + struct timespec ts; + + if (0 != clock_gettime (CLOCK_MONOTONIC, &ts)) + plugin_error (STATE_UNKNOWN, errno, "cannot get the system uptime"); + + return ts.tv_sec; +} +#endif + +static char * +sprint_uptime (double uptime_secs) +{ + int upminutes, uphours, updays; + int pos = 0; + + updays = (int) uptime_secs / (60 * 60 * 24); + if (updays) + pos += + snprintf (buf, BUFSIZE, "%d day%s ", updays, (updays != 1) ? "s" : ""); + upminutes = (int) uptime_secs / 60; + uphours = upminutes / 60; + uphours = uphours % 24; + upminutes = upminutes % 60; + + if (uphours) + snprintf (buf + pos, BUFSIZE - pos, "%d hour%s %d min", uphours, + (uphours != 1) ? "s" : "", upminutes); + else + snprintf (buf + pos, BUFSIZE - pos, "%d min", upminutes); + + return buf; +} + +#ifndef NPL_TESTING +int +main (int argc, char **argv) +{ + int c, uptime_mins, status; + char *critical = NULL, *warning = NULL; + char *status_msg, *perfdata_msg; + double uptime_secs; + thresholds *my_threshold = NULL; + double (*uptime) (); + + set_program_name (argv[0]); + uptime = uptime_sysinfo; + + while ((c = getopt_long (argc, argv, "mc:w:" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); +#if HAVE_CLOCK_GETTIME_MONOTONIC + case 'm': + uptime = uptime_clock_monotonic; + break; +#endif + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + uptime_secs = uptime (); + + uptime_mins = (int) uptime_secs / 60; + status = get_status (uptime_mins, my_threshold); + free (my_threshold); + + status_msg = + xasprintf ("%s %s: %s", program_name_short, + state_text (status), sprint_uptime (uptime_secs)); + perfdata_msg = + xasprintf ("uptime=%d;%s;%s;0;", uptime_mins, + warning ? warning : "", critical ? critical : ""); + printf ("%s | %s\n", status_msg, perfdata_msg); + + return status; +} +#endif /* NPL_TESTING */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_users.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_users.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_users.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/check_users.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,147 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2014,2015 Davide Madrisan + * + * A Nagios plugin that ckecks for the number of logged on users. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include +#include +#include +#include + +#include "common.h" +#include "messages.h" +#include "progname.h" +#include "progversion.h" +#include "thresholds.h" + +static const char *program_copyright = + "Copyright (C) 2014,2015 Davide Madrisan <" PACKAGE_BUGREPORT ">\n"; + +static struct option const longopts[] = { + {(char *) "critical", required_argument, NULL, 'c'}, + {(char *) "warning", required_argument, NULL, 'w'}, + {(char *) "verbose", no_argument, NULL, 'v'}, + {(char *) "help", no_argument, NULL, GETOPT_HELP_CHAR}, + {(char *) "version", no_argument, NULL, GETOPT_VERSION_CHAR}, + {NULL, 0, NULL, 0} +}; + +static _Noreturn void +usage (FILE * out) +{ + fprintf (out, "%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs ("This plugin displays the number of users " + "that are currently logged on.\n", out); + fputs (program_copyright, out); + fputs (USAGE_HEADER, out); + fprintf (out, " %s [-w COUNTER] [-c COUNTER]\n", program_name); + fputs (USAGE_OPTIONS, out); + fputs (" -w, --warning COUNTER warning threshold\n", out); + fputs (" -c, --critical COUNTER critical threshold\n", out); + fputs (" -v, --verbose show details for command-line debugging " + "(Nagios may truncate output)\n", out); + fputs (USAGE_HELP, out); + fputs (USAGE_VERSION, out); + fputs (USAGE_EXAMPLES, out); + fprintf (out, " %s -w 1\n", program_name); + + exit (out == stderr ? STATE_UNKNOWN : STATE_OK); +} + +static _Noreturn void +print_version (void) +{ + printf ("%s (" PACKAGE_NAME ") v%s\n", program_name, program_version); + fputs (program_copyright, stdout); + fputs (GPLv3_DISCLAIMER, stdout); + + exit (STATE_OK); +} + +int +main (int argc, char **argv) +{ + int c, numuser; + bool verbose = false; + char *critical = NULL, *warning = NULL; + struct utmpx *ut; + nagstatus status = STATE_OK; + thresholds *my_threshold = NULL; + + set_program_name (argv[0]); + + while ((c = getopt_long (argc, argv, + "c:w:v" GETOPT_HELP_VERSION_STRING, + longopts, NULL)) != -1) + { + switch (c) + { + default: + usage (stderr); + case 'c': + critical = optarg; + break; + case 'w': + warning = optarg; + break; + case 'v': + verbose = true; + break; + + case_GETOPT_HELP_CHAR + case_GETOPT_VERSION_CHAR + + } + } + + status = set_thresholds (&my_threshold, warning, critical); + if (status == NP_RANGE_UNPARSEABLE) + usage (stderr); + + numuser = 0; + if (verbose) + printf ("user PID line host date/time\n"); + setutxent (); + while ((ut = getutxent ())) + { + if ((ut->ut_type == USER_PROCESS) && (ut->ut_user[0] != '\0')) + { + numuser++; + if (!verbose) + continue; + char buf[26]; + time_t timetmp = ut->ut_tv.tv_sec; + printf ("%-8s %5ld %-6.6s %-9.9s %s", ut->ut_user, + (long) ut->ut_pid, ut->ut_line, ut->ut_host, + ctime_r (&timetmp, buf)); + } + } + endutxent (); + + status = get_status (numuser, my_threshold); + free (my_threshold); + + printf ("%s %s - %d user%s logged on | logged_users=%d\n", + program_name_short, state_text (status), numuser, + (numuser == 1 ) ? "" : "s", numuser); + + return status; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/plugins/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,159 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2014-2016 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +AM_CPPFLAGS = \ + -include $(top_builddir)/config.h \ + -I$(top_srcdir)/include \ + -DMULTIPATHD_SOCKET=\"$(MULTIPATHD_SOCKET)\" \ + -DVARLINK_ADDRESS=\"$(VARLINK_ADDRESS)\" + +AM_CFLAGS = $(LIBPROCPS_CFLAGS) +AM_LDFLAGS = $(LIBPROCPS_LIBS) + +LN_S=@LN_S@ + +check_cpu_programs = check_iowait +check_network_programs = \ + check_network_collisions \ + check_network_dropped \ + check_network_errors \ + check_network_multicast + +libexec_PROGRAMS = \ + check_clock \ + check_cpu \ + check_cpufreq \ + check_cswch \ + check_fc \ + check_ifmountfs \ + check_intr \ + check_multipath \ + check_nbprocs \ + check_network \ + check_paging \ + check_pressure \ + check_readonlyfs \ + check_temperature \ + check_tcpcount \ + check_uptime \ + check_users + +if HAVE_GETLOADAVG +libexec_PROGRAMS += \ + check_load +endif +if HAVE_LIBCURL +libexec_PROGRAMS += \ + check_docker +endif +if HAVE_PROC_MEMINFO +libexec_PROGRAMS += \ + check_memory \ + check_swap +endif +if HAVE_LIBVARLINK +libexec_PROGRAMS += \ + check_podman +endif + +check_clock_SOURCES = check_clock.c +check_cpu_SOURCES = check_cpu.c +check_cpufreq_SOURCES = check_cpufreq.c +check_cswch_SOURCES = check_cswch.c +check_fc_SOURCES = check_fc.c +check_ifmountfs_SOURCES = check_ifmountfs.c +check_intr_SOURCES = check_intr.c +if HAVE_GETLOADAVG +check_load_SOURCES = check_load.c +endif +if HAVE_LIBCURL +check_docker_SOURCES = check_docker.c +endif +if HAVE_PROC_MEMINFO +check_memory_SOURCES = check_memory.c +endif +check_multipath_SOURCES = check_multipath.c +check_nbprocs_SOURCES = check_nbprocs.c +check_network_SOURCES = check_network.c +check_paging_SOURCES = check_paging.c +if HAVE_LIBVARLINK +check_podman_SOURCES = check_podman.c +endif +check_pressure_SOURCES = check_pressure.c +check_readonlyfs_SOURCES = check_readonlyfs.c +if HAVE_PROC_MEMINFO +check_swap_SOURCES = check_swap.c +endif +check_tcpcount_SOURCES = check_tcpcount.c +check_temperature_SOURCES = check_temperature.c +check_uptime_SOURCES = check_uptime.c +check_users_SOURCES = check_users.c + +LDADD = $(top_builddir)/lib/libutils.a + +check_clock_LDADD = $(LDADD) +check_cpu_LDADD = $(LDADD) +check_cpufreq_LDADD = $(LDADD) +check_cswch_LDADD = $(LDADD) +check_fc_LDADD = $(LDADD) +check_ifmountfs_LDADD = $(LDADD) +check_intr_LDADD = $(LDADD) +if HAVE_GETLOADAVG +check_load_LDADD = $(LDADD) +endif +if HAVE_LIBCURL +check_docker_LDADD = $(LDADD) $(LIBCURL) -lm +endif +if HAVE_PROC_MEMINFO +check_memory_LDADD = $(LDADD) $(LIBPROCPS_LIBS) +endif +check_nbprocs_LDADD = $(LDADD) +check_network_LDADD = $(LDADD) $(CEIL_LIBS) +check_multipath_LDADD = $(LDADD) +check_paging_LDADD = $(LDADD) $(LIBPROCPS_LIBS) +if HAVE_LIBVARLINK +check_podman_LDADD = $(LDADD) $(LIBVARLINK_LIBS) +endif +check_readonlyfs_LDADD = $(LDADD) +if HAVE_PROC_MEMINFO +check_swap_LDADD = $(LDADD) +endif +check_tcpcount_LDADD = $(LDADD) +check_temperature_LDADD = $(LDADD) +check_uptime_LDADD = $(LDADD) $(CLOCK_LIBS) +check_users_LDADD = $(LDADD) + +all-local: $(check_cpu_programs) $(check_network_programs) + +$(check_cpu_programs): check_cpu + rm -f $@ + $(LN_S) check_cpu $@ + +$(check_network_programs): check_network + rm -f $@ + $(LN_S) check_network $@ + +install-exec-hook: + cd $(DESTDIR)$(libexecdir) && \ + for i in $(check_cpu_programs) ; do rm -f $$i; ln -s check_cpu $$i ; done && \ + for i in $(check_network_programs) ; do rm -f $$i; ln -s check_network $$i ; done + +clean-local: + rm -f $(check_cpu_programs) + +uninstall-local: + cd $(DESTDIR)$(libexecdir) && rm -f $(check_cpu_programs) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/README nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/README --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/README 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/README 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,167 @@ +Buy Me a Coffee at ko-fi.com +Wish List at Amazon.fr + +# Nagios-compatible Plugins for Linux + +![Release Status](https://img.shields.io/badge/status-stable-brightgreen.svg) +[![License](https://img.shields.io/badge/License-GPL--3.0-blue.svg)](https://spdx.org/licenses/GPL-3.0.html) +[![Download Latest Release](https://img.shields.io/badge/download-latest--tarball-blue.svg)](https://github.com/madrisan/nagios-plugins-linux/releases/download/v29/nagios-plugins-linux-29.tar.xz) +[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/davide.madrisan@gmail.com) + +[![Build Status](https://travis-ci.org/madrisan/nagios-plugins-linux.svg?branch=master)](https://travis-ci.org/madrisan/nagios-plugins-linux) +[![Coverity Scan Build Status](https://img.shields.io/coverity/scan/3779.svg)](https://scan.coverity.com/projects/madrisan-nagios-plugins-linux) +[![Total Alerts](https://img.shields.io/lgtm/alerts/g/madrisan/nagios-plugins-linux.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/madrisan/nagios-plugins-linux/alerts/) +[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/madrisan/nagios-plugins-linux.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/madrisan/nagios-plugins-linux/context:cpp) + +--------------- + +![alt tag](nagios-plugins-linux-logo-256.png) + +## About + +This package contains several binary plugins for monitoring (physical and virtual) Linux hosts with [Nagios](http://www.nagios.org/) and Nagios-compatible monitoring systems like [Icinga](https://icinga.com/learn/) and [Naemon](https://www.naemon.org/). + +Here is the list of the available plugins: + +* **check_clock** - returns the number of seconds elapsed between local time and Nagios server time +* **check_cpu** - checks the CPU (user mode) utilization +* **check_cpufreq** - displays the CPU frequency characteristics +* **check_cswch** - checks the total number of context switches across all CPUs +* **check_docker** - checks the number of running docker containers (:warning: *alpha*, requires *libcurl* version 7.40.0+) +* **check_fc** - monitors the status of the fiber status ports +* **check_ifmountfs** - checks whether the given filesystems are mounted +* **check_intr** - monitors the total number of system interrupts +* **check_iowait** - monitors the I/O wait bottlenecks +* **check_load** - checks the current system load average +* **check_memory** - checks the memory usage +* **check_multipath** - checks the multipath topology status +* **check_nbprocs** - displays the number of running processes per user +* **check_network** - displays some network interfaces statistics. The following plugins are symlinks to *check_network*: + * check_network_collisions + * check_network_dropped + * check_network_errors + * check_network_multicast +* **check_paging** - checks the memory and swap paging +* **check_pressure** - checks Linux Pressure Stall Information (PSI) data :new: +* **check_podman** - monitor the status of podman containers (:warning: *beta*, requires *libvarlink*) +* **check_readonlyfs** - checks for readonly filesystems +* **check_swap** - checks the swap usage +* **check_tcpcount** - checks the tcp network usage +* **check_temperature** - monitors the hardware's temperature +* **check_uptime** - checks how long the system has been running +* **check_users** - displays the number of users that are currently logged on + +## Full documentation + +The full documentation of the `nagios-plugins-linux` is available online +in the GitHub [wiki page](https://github.com/madrisan/nagios-plugins-linux/wiki). + +## Installation + +This package uses `GNU autotools` for configuration and installation. + +If you have cloned the git repository + + git clone --recursive https://github.com/madrisan/nagios-plugins-linux.git + +then you will need to run `autoreconf --install` to generate the required files. + +Run `./configure --help` to see a list of available install options. +The plugin will be installed by default into `LIBEXECDIR`. + +It is highly likely that you will want to customise this location to +suit your needs, i.e.: + + ./configure --libexecdir=/usr/lib/nagios/plugins + +The plugin `check_multipath` grabs the status of each path by opening a +connection to the multipathd socket. The default value is currently set to +the Linux abstract socket namespace `@/org/kernel/linux/storage/multipathd`, +but can be modified at build time by using the option `--with-socketfile`. + +Example (RHEL5 and RHEL6 and other old distributions): + + ./configure --with-socketfile=/var/run/multipathd.sock + +After `./configure` has completed successfully run `make install` and +you're done! + +You can also run the (still incomplete) set of bundled unit tests by entering +the command `make check` (or `VERBOSE=1 make check`) and, if the llvm tool +`scan-build` is installed on your system, a `make -C tests check-clang-checker` +to get a static code analysis report (for developers only). + +_Note_: you can also pass the _experimental_ option `--enable-libprocps` to +`configure` for getting the informations about memory and swap usage through +the API of the library `libprocps.so.5` +([procps newlib](https://gitlab.com/procps-ng/procps/tree/newlib)). +This library is still under active development and no stable version has +been released yet. + +## Supported Platforms and Linux distributions + +This package is written in plain C, making as few assumptions as possible, and +sticking closely to ANSI C/POSIX. +A C99-compliant compiler is required anyway. + +This package is known to compile with: +* gcc 4.1 (RHEL 5 / CentOS 5), +* gcc 4.4 (RHEL6 / CentOS 6), +* gcc 4.8 (RHEL7 / CentOS 7), +* gcc 3.x, 5.1, 5.3, 6.3, 7, 8, 9, 10, 11 (openmamba GNU/Linux, Debian 8+, Fedora 25+), +* clang 3.7, 3.8, 4.9, 5, 6, 7, 8, 10, 11, 12 (openmamba GNU/Linux, Fedora 25+), + +List of the Linux kernels that have been successfully tested: +* 2.6.18, 2.6.32, +* 3.10, 3.14, 3.18, +* 4.2, 4.4, 4,9, 4.14, 4.15, 4.16, 4.19 +* 5.6, 5.7, 5.8, 5.12 + +The Nagios Plugins Linux are regularly tested on + * Alpine Linux (musl libc), + * Debian, CentOS, Fedora, Gentoo, and Ubuntu (GNU C Library (glibc)). + +## Alpine, CentOS/RHEL, Debian, and Fedora Packages + +The `.apk`, `.rpm` and `.deb` packages for Alpine, CentOS/RHEL, Debian, and Fedora can be built using the following commands + +Command | Distribution +------------------ | ------------ +Alpine 3.14 | `make -C packages alpine-3.14` +Alpine 3.13 | `make -C packages alpine-3.13` +Alpine 3.12 | `make -C packages alpine-3.12` +CentOS 5 | `make -C packages centos-5` +CentOS 6 | `make -C packages centos-6` +CentOS 7 | `make -C packages centos-7` +CentOS 8 | `make -C packages centos-8` +Debian 8 (Jessie) | `make -C packages debian-jessie` +Debian 9 (Stretch) | `make -C packages debian-stretch` +Debian 10 (Buster) | `make -C packages debian-buster` +Fedora 32 | `make -C packages fedora-32` +Fedora 33 | `make -C packages fedora-33` +Fedora 34 | `make -C packages fedora-34` +Fedora Rawhide | `make -C packages fedora-rawhide` + +in the root source folder. +The building process requires the _Docker_ software containerization platform running on your system, and an internet connection to download the Docker images of the operating systems you want to build the packages for. + +On *Fedora* (and all the distributions shipping *Podman*) you can use the native *Podman* pod manager along with the Docker CLI emulation script: + + sudo install dnf podman podman-docker + +_Note_: the previous make commands can end with a `permission denied` error if *selinux* is configured in enforcing mode. +In this case you can temporarily disable *selinux* by executing as root the command `setenforce 0` +(or maybe share a better solution!). + +## Gentoo Package + +The plugins are available [in the Gentoo tree](https://packages.gentoo.org/packages/net-analyzer/nagios-plugins-linux-madrisan). They can be installed by running: +``` +emerge -av net-analyzer/nagios-plugins-linux-madrisan +``` +The USE flags `curl` and `varlink` are required to respectively build `check_docker` and `check_podman`. + +## Bugs + +If you find a bug please create an issue in the project bug tracker at +[GitHub](https://github.com/madrisan/nagios-plugins-linux/issues) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/README.md nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/README.md --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/README.md 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/README.md 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,167 @@ +Buy Me a Coffee at ko-fi.com +Wish List at Amazon.fr + +# Nagios-compatible Plugins for Linux + +![Release Status](https://img.shields.io/badge/status-stable-brightgreen.svg) +[![License](https://img.shields.io/badge/License-GPL--3.0-blue.svg)](https://spdx.org/licenses/GPL-3.0.html) +[![Download Latest Release](https://img.shields.io/badge/download-latest--tarball-blue.svg)](https://github.com/madrisan/nagios-plugins-linux/releases/download/v29/nagios-plugins-linux-29.tar.xz) +[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/davide.madrisan@gmail.com) + +[![Build Status](https://travis-ci.org/madrisan/nagios-plugins-linux.svg?branch=master)](https://travis-ci.org/madrisan/nagios-plugins-linux) +[![Coverity Scan Build Status](https://img.shields.io/coverity/scan/3779.svg)](https://scan.coverity.com/projects/madrisan-nagios-plugins-linux) +[![Total Alerts](https://img.shields.io/lgtm/alerts/g/madrisan/nagios-plugins-linux.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/madrisan/nagios-plugins-linux/alerts/) +[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/madrisan/nagios-plugins-linux.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/madrisan/nagios-plugins-linux/context:cpp) + +--------------- + +![alt tag](nagios-plugins-linux-logo-256.png) + +## About + +This package contains several binary plugins for monitoring (physical and virtual) Linux hosts with [Nagios](http://www.nagios.org/) and Nagios-compatible monitoring systems like [Icinga](https://icinga.com/learn/) and [Naemon](https://www.naemon.org/). + +Here is the list of the available plugins: + +* **check_clock** - returns the number of seconds elapsed between local time and Nagios server time +* **check_cpu** - checks the CPU (user mode) utilization +* **check_cpufreq** - displays the CPU frequency characteristics +* **check_cswch** - checks the total number of context switches across all CPUs +* **check_docker** - checks the number of running docker containers (:warning: *alpha*, requires *libcurl* version 7.40.0+) +* **check_fc** - monitors the status of the fiber status ports +* **check_ifmountfs** - checks whether the given filesystems are mounted +* **check_intr** - monitors the total number of system interrupts +* **check_iowait** - monitors the I/O wait bottlenecks +* **check_load** - checks the current system load average +* **check_memory** - checks the memory usage +* **check_multipath** - checks the multipath topology status +* **check_nbprocs** - displays the number of running processes per user +* **check_network** - displays some network interfaces statistics. The following plugins are symlinks to *check_network*: + * check_network_collisions + * check_network_dropped + * check_network_errors + * check_network_multicast +* **check_paging** - checks the memory and swap paging +* **check_pressure** - checks Linux Pressure Stall Information (PSI) data :new: +* **check_podman** - monitor the status of podman containers (:warning: *beta*, requires *libvarlink*) +* **check_readonlyfs** - checks for readonly filesystems +* **check_swap** - checks the swap usage +* **check_tcpcount** - checks the tcp network usage +* **check_temperature** - monitors the hardware's temperature +* **check_uptime** - checks how long the system has been running +* **check_users** - displays the number of users that are currently logged on + +## Full documentation + +The full documentation of the `nagios-plugins-linux` is available online +in the GitHub [wiki page](https://github.com/madrisan/nagios-plugins-linux/wiki). + +## Installation + +This package uses `GNU autotools` for configuration and installation. + +If you have cloned the git repository + + git clone --recursive https://github.com/madrisan/nagios-plugins-linux.git + +then you will need to run `autoreconf --install` to generate the required files. + +Run `./configure --help` to see a list of available install options. +The plugin will be installed by default into `LIBEXECDIR`. + +It is highly likely that you will want to customise this location to +suit your needs, i.e.: + + ./configure --libexecdir=/usr/lib/nagios/plugins + +The plugin `check_multipath` grabs the status of each path by opening a +connection to the multipathd socket. The default value is currently set to +the Linux abstract socket namespace `@/org/kernel/linux/storage/multipathd`, +but can be modified at build time by using the option `--with-socketfile`. + +Example (RHEL5 and RHEL6 and other old distributions): + + ./configure --with-socketfile=/var/run/multipathd.sock + +After `./configure` has completed successfully run `make install` and +you're done! + +You can also run the (still incomplete) set of bundled unit tests by entering +the command `make check` (or `VERBOSE=1 make check`) and, if the llvm tool +`scan-build` is installed on your system, a `make -C tests check-clang-checker` +to get a static code analysis report (for developers only). + +_Note_: you can also pass the _experimental_ option `--enable-libprocps` to +`configure` for getting the informations about memory and swap usage through +the API of the library `libprocps.so.5` +([procps newlib](https://gitlab.com/procps-ng/procps/tree/newlib)). +This library is still under active development and no stable version has +been released yet. + +## Supported Platforms and Linux distributions + +This package is written in plain C, making as few assumptions as possible, and +sticking closely to ANSI C/POSIX. +A C99-compliant compiler is required anyway. + +This package is known to compile with: +* gcc 4.1 (RHEL 5 / CentOS 5), +* gcc 4.4 (RHEL6 / CentOS 6), +* gcc 4.8 (RHEL7 / CentOS 7), +* gcc 3.x, 5.1, 5.3, 6.3, 7, 8, 9, 10, 11 (openmamba GNU/Linux, Debian 8+, Fedora 25+), +* clang 3.7, 3.8, 4.9, 5, 6, 7, 8, 10, 11, 12 (openmamba GNU/Linux, Fedora 25+), + +List of the Linux kernels that have been successfully tested: +* 2.6.18, 2.6.32, +* 3.10, 3.14, 3.18, +* 4.2, 4.4, 4,9, 4.14, 4.15, 4.16, 4.19 +* 5.6, 5.7, 5.8, 5.12 + +The Nagios Plugins Linux are regularly tested on + * Alpine Linux (musl libc), + * Debian, CentOS, Fedora, Gentoo, and Ubuntu (GNU C Library (glibc)). + +## Alpine, CentOS/RHEL, Debian, and Fedora Packages + +The `.apk`, `.rpm` and `.deb` packages for Alpine, CentOS/RHEL, Debian, and Fedora can be built using the following commands + +Command | Distribution +------------------ | ------------ +Alpine 3.14 | `make -C packages alpine-3.14` +Alpine 3.13 | `make -C packages alpine-3.13` +Alpine 3.12 | `make -C packages alpine-3.12` +CentOS 5 | `make -C packages centos-5` +CentOS 6 | `make -C packages centos-6` +CentOS 7 | `make -C packages centos-7` +CentOS 8 | `make -C packages centos-8` +Debian 8 (Jessie) | `make -C packages debian-jessie` +Debian 9 (Stretch) | `make -C packages debian-stretch` +Debian 10 (Buster) | `make -C packages debian-buster` +Fedora 32 | `make -C packages fedora-32` +Fedora 33 | `make -C packages fedora-33` +Fedora 34 | `make -C packages fedora-34` +Fedora Rawhide | `make -C packages fedora-rawhide` + +in the root source folder. +The building process requires the _Docker_ software containerization platform running on your system, and an internet connection to download the Docker images of the operating systems you want to build the packages for. + +On *Fedora* (and all the distributions shipping *Podman*) you can use the native *Podman* pod manager along with the Docker CLI emulation script: + + sudo install dnf podman podman-docker + +_Note_: the previous make commands can end with a `permission denied` error if *selinux* is configured in enforcing mode. +In this case you can temporarily disable *selinux* by executing as root the command `setenforce 0` +(or maybe share a better solution!). + +## Gentoo Package + +The plugins are available [in the Gentoo tree](https://packages.gentoo.org/packages/net-analyzer/nagios-plugins-linux-madrisan). They can be installed by running: +``` +emerge -av net-analyzer/nagios-plugins-linux-madrisan +``` +The USE flags `curl` and `varlink` are required to respectively build `check_docker` and `check_podman`. + +## Bugs + +If you find a bug please create an issue in the project bug tracker at +[GitHub](https://github.com/madrisan/nagios-plugins-linux/issues) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/test-driver nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/test-driver --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/test-driver 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/test-driver 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,148 @@ +#! /bin/sh +# test-driver - basic testsuite driver script. + +scriptversion=2013-07-13.22; # UTC + +# Copyright (C) 2011-2014 Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +# Make unconditional expansion of undefined variables an error. This +# helps a lot in preventing typo-related bugs. +set -u + +usage_error () +{ + echo "$0: $*" >&2 + print_usage >&2 + exit 2 +} + +print_usage () +{ + cat <$log_file 2>&1 +estatus=$? + +if test $enable_hard_errors = no && test $estatus -eq 99; then + tweaked_estatus=1 +else + tweaked_estatus=$estatus +fi + +case $tweaked_estatus:$expect_failure in + 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; + 0:*) col=$grn res=PASS recheck=no gcopy=no;; + 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; + 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;; + *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;; + *:*) col=$red res=FAIL recheck=yes gcopy=yes;; +esac + +# Report the test outcome and exit status in the logs, so that one can +# know whether the test passed or failed simply by looking at the '.log' +# file, without the need of also peaking into the corresponding '.trs' +# file (automake bug#11814). +echo "$res $test_name (exit status: $estatus)" >>$log_file + +# Report outcome to console. +echo "${col}${res}${std}: $test_name" + +# Register the test result, and other relevant metadata. +echo ":test-result: $res" > $trs_file +echo ":global-test-result: $res" >> $trs_file +echo ":recheck: $recheck" >> $trs_file +echo ":copy-in-global-log: $gcopy" >> $trs_file + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/Makefile.am nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/Makefile.am --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/Makefile.am 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,165 @@ +## Process this file with automake to produce Makefile.in + +## Copyright (c) 2016-2019 Davide Madrisan +## +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program. If not, see . + +#abs_builddir = $(shell pwd) + +SCAN_BUILD_BINARY = /usr/bin/scan-build +SCAN_BUILD_COMMAND = make clean all +SCAN_BUILD_OUTDIR = /tmp/clang-checker-analysis +SCAN_BUILD_OPTS = \ + -analyze-headers \ + -enable-checker alpha.deadcode.UnreachableCode \ + -enable-checker alpha.security.ArrayBoundV2 \ + -enable-checker alpha.security.taint.TaintPropagation \ + -enable-checker nullability.NullableDereferenced \ + -enable-checker security.insecureAPI.strcpy \ + -o $(SCAN_BUILD_OUTDIR) + +check-clang-checker: + test -x $(SCAN_BUILD_BINARY) || \ + { echo 'WARNING: scan-build not found' >&2; exit 77; }; \ + $(SCAN_BUILD_BINARY) \ + $(SCAN_BUILD_OPTS) $(SCAN_BUILD_COMMAND) + +AM_CPPFLAGS = \ + -Dabs_builddir="\"$(abs_builddir)\"" \ + -Dabs_srcdir="\"$(abs_srcdir)\"" \ + -include $(top_builddir)/config.h \ + -I$(top_srcdir)/include + +AM_CFLAGS = $(LIBPROCPS_CFLAGS) +AM_LDFLAGS = $(LIBPROCPS_LIBS) + +test_programs = \ + tslibcontainer_docker_count \ + tslibcontainer_docker_memory \ + tslibkernelver \ + tslibmeminfo_conversions \ + tslibmeminfo_interface \ + tslibmeminfo_procparser \ + tslibmessages \ + tslibperfdata \ + tslibpressure \ + tsliburlencode +if !HAVE_LIBPROCPS +test_programs += \ + tslibvminfo +endif +test_programs += \ + tsclock_thresholds \ + tscswch \ + tsintr \ + tsload_normalize \ + tsload_thresholds \ + tspaging \ + tstestutils \ + tsuptime \ + tstemperature + +test_libraries = tslib_uname.la + +test_utils = \ + $(top_srcdir)/include/testutils.h \ + testutils.c + +LDADDS = $(top_builddir)/lib/libutils.a +TSLIBS_LDFLAGS = -module -avoid-version \ + -rpath /evil/libtool/hack/to/force/shared/lib/creation + +tslibcontainer_docker_count_SOURCES = $(test_utils) tslibcontainer_docker_count.c +tslibcontainer_docker_count_LDADD = $(LDADDS) + +tslibcontainer_docker_memory_SOURCES = $(test_utils) tslibcontainer_docker_memory.c +tslibcontainer_docker_memory_LDADD = $(LDADDS) + +tslibkernelver_SOURCES = $(test_utils) tslibkernelver.c +tslibkernelver_LDADD = $(LDADDS) + +tslibmeminfo_conversions_SOURCES = $(test_utils) tslibmeminfo_conversions.c +tslibmeminfo_conversions_LDADD = $(LDADDS) + +tslibmeminfo_interface_SOURCES = $(test_utils) tslibmeminfo_interface.c +tslibmeminfo_interface_LDADD = $(LDADDS) + +tslibmeminfo_procparser_SOURCES = $(test_utils) tslibmeminfo_procparser.c +tslibmeminfo_procparser_LDADD = $(LDADDS) + +tslibmessages_SOURCES = $(test_utils) tslibmessages.c +tslibmessages_LDADD = $(LDADDS) + +tslibperfdata_SOURCES = $(test_utils) tslibperfdata.c +tslibperfdata_LDADD = $(LDADDS) + +tslibpressure_SOURCES = $(test_utils) tslibpressure.c +tslibpressure_LDADD = $(LDADDS) + +tsliburlencode_SOURCES = $(test_utils) tsliburlencode.c +tsliburlencode_LDADD = $(LDADDS) + +tslibvminfo_SOURCES = $(test_utils) tslibvminfo.c +tslibvminfo_LDADD = $(LDADDS) + +tsclock_thresholds_SOURCES = $(test_utils) tsclock_thresholds.c +tsclock_thresholds_LDADD = $(LDADDS) + +tscswch_SOURCES = $(test_utils) tscswch.c +tscswch_LDADD = $(LDADDS) + +tsintr_SOURCES = $(test_utils) tsintr.c +tsintr_LDADD = $(LDADDS) + +tsload_normalize_SOURCES = $(test_utils) tsload_normalize.c +tsload_normalize_LDADD = $(LDADDS) + +tsload_thresholds_SOURCES = $(test_utils) tsload_thresholds.c +tsload_thresholds_LDADD = $(LDADDS) + +tspaging_SOURCES = $(test_utils) tspaging.c +tspaging_LDADD = $(LDADDS) + +tsuptime_SOURCES = $(test_utils) tsuptime.c +tsuptime_LDADD = $(LDADDS) + +tstemperature_SOURCES = $(test_utils) tstemperature.c +tstemperature_LDADD = $(LDADDS) + +tstestutils_SOURCES = $(test_utils) tstestutils.c +tstestutils_LDADD = $(LDADDS) + +tslib_uname_la_SOURCES = tslib_uname.c +tslib_uname_la_LDFLAGS = $(TSLIBS_LDFLAGS) + +if WITH_TESTS +noinst_PROGRAMS = $(test_programs) +noinst_LTLIBRARIES = $(test_libraries) +else ! WITH_TESTS +check_PROGRAMS = $(test_programs) +check_LTLIBRARIES = $(test_libraries) +endif ! WITH_TESTS + +TESTS = $(test_programs) + +dist_noinst_DATA = \ + ts_container_docker.data \ + ts_container_podman_GetContainerStats.data \ + ts_container_podman_ListContainers.data \ + ts_procmeminfo.data \ + ts_procpressurecpu.data \ + ts_procpressureio.data \ + ts_procstat.data \ + ts_procvmstat.data \ + ts_sysdockermemstat.data diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/testutils.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/testutils.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/testutils.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/testutils.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,137 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016,2018 Davide Madrisan + * + * Basic test utilities for the Nagios Plugin Linux. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * This software is based on the source code of the tool "vmstat". + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include +#include +#include +#include +#include + +#include "common.h" +#include "progname.h" +#include "system.h" +#include "testutils.h" +#include "xalloc.h" + +static size_t test_counter; + +/* Check that a file is regular and has executable bits. + * If false is returned, errno is valid. */ +static bool +test_file_is_executable (const char *file) +{ + struct stat sb; + + if (stat (file, &sb) < 0) + return false; + + if (S_ISREG (sb.st_mode) && (sb.st_mode & 0111) != 0) + return true; + + errno = S_ISDIR (sb.st_mode) ? EISDIR : EACCES; + return false; +} + +static int +test_use_terminal_colors (void) +{ + return isatty (STDIN_FILENO); +} + +char * +test_fstringify (const char * filename) +{ + char * buffer = NULL; + long size; + size_t chars; + FILE * stream = fopen (filename, "r"); + + if (NULL == stream) + return NULL; + + fseek (stream, 0, SEEK_END); + if ((size = ftell (stream)) < 0) + { + fclose (stream); + return NULL; + } + + rewind (stream); + + buffer = xmalloc ((size_t)size + 1); + chars = fread (buffer, 1, (size_t)size, stream); + + if (ferror (stream) || (chars < (size_t)size)) + { + free (buffer); + buffer = NULL; + } + + fclose (stream); + return buffer; +} + +int +test_main (int argc, char **argv, int (*func) (void), ...) +{ + const char *lib; + va_list ap; + int ret; + + va_start (ap, func); + while ((lib = va_arg(ap, const char *))) + TEST_PRELOAD (lib); + va_end(ap); + + program_name = argv[0]; + ret = (func) (); + + return ret; +} + +int +test_run (const char *title, int (*body) (const void *data), const void *data) +{ + int ret = body (data); + test_counter++; + + fprintf (stderr, "%2zu) %-65s ... ", test_counter, title); + + if (test_use_terminal_colors ()) + fprintf (stderr, "%s\n", + (ret == 0) ? "\e[32mOK\e[0m" : /* green */ + (ret == EXIT_AM_SKIP) ? "\e[34m\e[1mSKIP\e[0m" : /* bold blue */ + (ret == EXIT_AM_HARDFAIL) ? /* bold red */ + "\e[31m\e[1mHARDFAIL\e[0m" : "\e[31m\e[1mFAILED\e[0m"); + else + fprintf (stderr, "%s\n", + (ret == 0) ? "OK" : + (ret == EXIT_AM_SKIP) ? "SKIP" : + (ret == EXIT_AM_HARDFAIL) ? "HARDFAIL" : "FAILED"); + + return ret; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsclock_thresholds.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsclock_thresholds.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsclock_thresholds.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsclock_thresholds.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,111 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016 Davide Madrisan + * + * Unit test for check_clock.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" +#include "thresholds.h" + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__((unused)); +static _Noreturn void usage (FILE * out) __attribute__((unused)); + +#define NPL_TESTING +# include "../plugins/check_clock.c" +#undef NPL_TESTING + +static long +get_current_datetime () +{ + struct tm *tm; + time_t t; + char outstr[32]; + char *end = NULL; + + t = time (NULL); + tm = localtime (&t); + if (strftime (outstr, sizeof (outstr), "%s", tm) == 0) + return EXIT_AM_HARDFAIL; + + return strtol (outstr, &end, 10); +} + +struct test_data +{ + char *w; + char *c; + long delta; +}; + +static int +test_clock_timedelta (const void *tdata) +{ + unsigned long refclock; + long timedelta; + thresholds *my_threshold = NULL; + + const struct test_data *data = tdata; + long w_threshold = strtol (data->w, NULL, 10), + c_threshold = strtol (data->c, NULL, 10); + + nagstatus status = set_thresholds (&my_threshold, data->w, data->c); + if (status == NP_RANGE_UNPARSEABLE) + return EXIT_AM_HARDFAIL; + + refclock = data->delta + get_current_datetime (); + timedelta = get_timedelta (refclock, false); + + status = get_status (labs (timedelta), my_threshold); + free (my_threshold); + + if (data->delta <= w_threshold && status == STATE_OK) + return 0; + if (data->delta <= c_threshold && status == STATE_WARNING) + return 0; + if (data->delta > c_threshold && status == STATE_CRITICAL) + return 0; + + return -1; +} + +static int +mymain (void) +{ + int ret = 0; + /* set the warning and critical thresholds */ + struct test_data data = { .w = "20", .c = "40" }; + +#define DO_TEST(MSG, FUNC, DELTA) \ + do \ + { \ + data.delta = DELTA; \ + if (test_run (MSG, FUNC, &data) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST ("check clock for ok condition", test_clock_timedelta, 0); + DO_TEST ("check clock for warning condition", test_clock_timedelta, 30); + DO_TEST ("check clock for critical condition", test_clock_timedelta, 50); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_docker.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_docker.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_docker.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_docker.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +[{"Id":"a53789d9c86df5c3376b3a16287e065100bedaa461a47a7ca69c99076e625c86","Names":["/srv-redis-1"],"Image":"redis","ImageID":"sha256:bfcb1f6df2db8a62694aaa732a3133799db59c6fec58bfeda84e34299e7270a8","Command":"docker-entrypoint.sh redis-server","Created":1526747809,"Ports":[{"IP":"0.0.0.0","PrivatePort":6379,"PublicPort":6379,"Type":"tcp"}],"Labels":{},"State":"running","Status":"Up 2 days","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"9c3c5059e5517e61afae53aaa6f43f1ed0028be2f91479a90468bb8d63ff0223","EndpointID":"c393589c19328fee871a4dd9d1714dde4c61210c58b55e0242e4294066aaa237","Gateway":"172.17.0.1","IPAddress":"172.17.0.5","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:05","DriverOpts":null}}},"Mounts":[{"Type":"volume","Name":"cf2d310f7860b12ee92b9ad45c37c4f32b4089d324446df77f9af4442b02348c","Source":"","Destination":"/data","Driver":"local","Mode":"","RW":true,"Propagation":""}]},{"Id":"778b930ac0efe1f3ab66a7493fd41544a0a6029958a07ec2154da495ebac0be8","Names":["/web-server-3"],"Image":"nginx","ImageID":"sha256:ae513a47849c895a155ddfb868d6ba247f60240ec8495482eca74c4a2c13a881","Command":"nginx -g 'daemon off;'","Created":1526496839,"Ports":[{"IP":"0.0.0.0","PrivatePort":80,"PublicPort":7070,"Type":"tcp"}],"Labels":{"maintainer":"NGINX Docker Maintainers "},"State":"running","Status":"Up 4 days","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"9c3c5059e5517e61afae53aaa6f43f1ed0028be2f91479a90468bb8d63ff0223","EndpointID":"38e1356a9058750d03ec5d6b7c4f40773dc5748df33b55974ae171f1801fe0b8","Gateway":"172.17.0.1","IPAddress":"172.17.0.4","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:04","DriverOpts":null}}},"Mounts":[]},{"Id":"0bbb6477ab8f2bb3b89fbf3a3c99f63faed23a37b218922a4bdf256027fc0687","Names":["/web-server-2"],"Image":"nginx","ImageID":"sha256:ae513a47849c895a155ddfb868d6ba247f60240ec8495482eca74c4a2c13a881","Command":"nginx -g 'daemon off;'","Created":1526496822,"Ports":[{"IP":"0.0.0.0","PrivatePort":80,"PublicPort":9090,"Type":"tcp"}],"Labels":{"maintainer":"NGINX Docker Maintainers "},"State":"running","Status":"Up 4 days","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"9c3c5059e5517e61afae53aaa6f43f1ed0028be2f91479a90468bb8d63ff0223","EndpointID":"b5701c8d1924737a2e563a0e4d40d835ccd9758254f4c1ca6c84822e419275ca","Gateway":"172.17.0.1","IPAddress":"172.17.0.3","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:03","DriverOpts":null}}},"Mounts":[]},{"Id":"ff7a86203ee8a37d58ae80193649682f91d84d5eef9ec6240cc91ec5747497e5","Names":["/web-server-1"],"Image":"nginx","ImageID":"sha256:ae513a47849c895a155ddfb868d6ba247f60240ec8495482eca74c4a2c13a881","Command":"nginx -g 'daemon off;'","Created":1526496809,"Ports":[{"IP":"0.0.0.0","PrivatePort":80,"PublicPort":8080,"Type":"tcp"}],"Labels":{"maintainer":"NGINX Docker Maintainers "},"State":"running","Status":"Up 4 days","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"9c3c5059e5517e61afae53aaa6f43f1ed0028be2f91479a90468bb8d63ff0223","EndpointID":"c3764166019da2fbbc5542a0757b15b33eac723837da5d2817e71ae58bdf888c","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02","DriverOpts":null}}},"Mounts":[]}] \ No newline at end of file diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_GetContainerStats.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_GetContainerStats.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_GetContainerStats.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_GetContainerStats.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +{"container":{"block_input":20594688,"block_output":24576,"cpu":2.241186151818685828849e-09,"cpu_nano":35548000,"id":"fced2dbe15a84cfc6da72d9dd7e3bd104469862f173e42fc08588392740d6122","mem_limit":8232517632,"mem_perc":1.120458213675162573164e-01,"mem_usage":9224192,"name":"web-server-1","net_input":1118,"net_output":7222,"pids":2,"system_nano":1586124381999834484}} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_ListContainers.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_ListContainers.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_ListContainers.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_container_podman_ListContainers.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +{"containers":[{"command":["docker-entrypoint.sh","redis-server"],"containerrunning":true,"createdat":"2020-04-06T00:22:29+02:00","id":"3b395e067a3071ba77b2b44999235589a0957c72e99d1186ff1e53a0069da727","image":"docker.io/library/redis:latest","imageid":"f0453552d7f26fc38ffc05fa034aa7a7bc6fbb01bc7bc5a9e4b3c0ab87068627","mounts":[{"destination":"/proc","options":["nosuid","noexec","nodev"],"source":"proc","type":"proc"},{"destination":"/dev","options":["nosuid","strictatime","mode=755","size=65536k"],"source":"tmpfs","type":"tmpfs"},{"destination":"/dev/pts","options":["nosuid","noexec","newinstance","ptmxmode=0666","mode=0620","gid=5"],"source":"devpts","type":"devpts"},{"destination":"/dev/mqueue","options":["nosuid","noexec","nodev"],"source":"mqueue","type":"mqueue"},{"destination":"/sys","options":["nosuid","noexec","nodev","ro"],"source":"sysfs","type":"sysfs"},{"destination":"/sys/fs/cgroup","options":["rprivate","nosuid","noexec","nodev","relatime","ro"],"source":"cgroup","type":"cgroup"}],"names":"srv-redis-1","namespaces":{"cgroup":"4026533241","ipc":"4026533238","mnt":"4026533236","net":"4026533165","pid":"35289","pidns":"4026533239","user":"4026531837","uts":"4026533237"},"ports":[{"container_port":"6379","host_ip":"","host_port":"6379","protocol":"tcp"}],"rootfssize":98203942,"runningfor":"52.347336247s","rwsize":0,"status":"running"},{"command":["nginx","-g","daemon off;"],"containerrunning":true,"createdat":"2020-04-05T23:48:59+02:00","id":"fced2dbe15a84cfc6da72d9dd7e3bd104469862f173e42fc08588392740d6122","image":"docker.io/library/nginx:latest","imageid":"6678c7c2e56c970388f8d5a398aa30f2ab60e85f20165e101053c3d3a11e6663","labels":{"maintainer":"NGINX Docker Maintainers "},"mounts":[{"destination":"/proc","options":["nosuid","noexec","nodev"],"source":"proc","type":"proc"},{"destination":"/dev","options":["nosuid","strictatime","mode=755","size=65536k"],"source":"tmpfs","type":"tmpfs"},{"destination":"/dev/pts","options":["nosuid","noexec","newinstance","ptmxmode=0666","mode=0620","gid=5"],"source":"devpts","type":"devpts"},{"destination":"/dev/mqueue","options":["nosuid","noexec","nodev"],"source":"mqueue","type":"mqueue"},{"destination":"/sys","options":["nosuid","noexec","nodev","ro"],"source":"sysfs","type":"sysfs"},{"destination":"/sys/fs/cgroup","options":["rprivate","nosuid","noexec","nodev","relatime","ro"],"source":"cgroup","type":"cgroup"}],"names":"web-server-1","namespaces":{"cgroup":"4026532802","ipc":"4026532799","mnt":"4026532797","net":"4026532725","pid":"19181","pidns":"4026532800","user":"4026531837","uts":"4026532798"},"ports":[{"container_port":"80","host_ip":"","host_port":"8080","protocol":"tcp"}],"rootfssize":126768553,"runningfor":"34m22.962799967s","rwsize":2,"status":"running"}]} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tscswch.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tscswch.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tscswch.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tscswch.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016,2017 Davide Madrisan + * + * Unit test for check_cswch.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "system.h" +#include "testutils.h" + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__((unused)); +static _Noreturn void usage (FILE * out) __attribute__((unused)); +static unsigned long long get_ctxtdelta (unsigned int, unsigned int, bool) + __attribute__((unused)); + +#define NPL_TESTING +# include "../plugins/check_cswch.c" +#undef NPL_TESTING + +static bool +test_cswch_proc_stat_exists () +{ + FILE *fp; + + if ((fp = fopen (get_path_proc_stat (), "r")) == NULL) + return false; + + fclose (fp); + return true; +} + +static int +test_cswch_proc_parsing () +{ + int ret = 0; + const char *env_variable = "NPL_TEST_PATH_PROCSTAT"; + + ret = setenv (env_variable, NPL_TEST_PATH_PROCSTAT, 1); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + /* next function will parse the line "ctxt 13817032" */ + if (cpu_stats_get_cswch () != 13817032) + ret = -1; + + unsetenv (env_variable); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + + if (!test_cswch_proc_stat_exists ()) + return EXIT_AM_SKIP; + +#define DO_TEST(MSG, FUNC, DATA) \ + do { if (test_run (MSG, FUNC, DATA) < 0) ret = -1; } while (0) + + DO_TEST ("check for parsing errors in cpu_stats_get_cswch()", + test_cswch_proc_parsing, NULL); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsintr.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsintr.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsintr.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsintr.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,96 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016,2017 Davide Madrisan + * + * Unit test for check_intr.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__((unused)); +static _Noreturn void usage (FILE * out) __attribute__((unused)); + +#define NPL_TESTING +# include "../plugins/check_intr.c" +#undef NPL_TESTING + +static bool +test_intr_proc_stat_exists () +{ + FILE *fp; + + if ((fp = fopen (get_path_proc_stat (), "r")) == NULL) + return false; + + fclose (fp); + return true; +} + +static int +test_intr_monotonic (const void *tdata) +{ + unsigned int ncpus0 = 0, ncpus1 = 0; + unsigned long *vintr[2] = { NULL, NULL }; + + long delta = get_intrdelta (&ncpus0, &ncpus1, &vintr, 1, 1, false); + + if (delta <= 0) + return -1; + + return 0; +} + +static int +test_intr_proc_parsing () +{ + int ret = 0; + const char *env_variable = "NPL_TEST_PATH_PROCSTAT"; + + ret = setenv (env_variable, NPL_TEST_PATH_PROCSTAT, 1); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + /* next function will parse the line "4315363 33 45306 0 0 ..." */ + if (cpu_stats_get_intr () != 4315363) + ret = -1; + + unsetenv (env_variable); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + + if (!test_intr_proc_stat_exists ()) + return EXIT_AM_SKIP; + +#define DO_TEST(MSG, FUNC, DATA) \ + do { if (test_run (MSG, FUNC, DATA) < 0) ret = -1; } while (0) + + DO_TEST ("check if get_intrdelta() is monotonic", + test_intr_monotonic, NULL); + DO_TEST ("check for parsing errors in cpu_stats_get_intr()", + test_intr_proc_parsing, NULL); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_count.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_count.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_count.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_count.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2018 Davide Madrisan + * + * Unit test for lib/container_docker_count.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include + +#include "container_docker.h" +#include "testutils.h" + +#define NPL_TESTING + +static int docker_get (chunk_t * chunk, const int query); +static void docker_close (chunk_t * chunk); + +#include "../lib/container_docker_count.c" + +static int +docker_get (chunk_t * chunk, const int query) +{ + char *filename = NULL; + + switch (query) + { + default: + return EXIT_AM_HARDFAIL; + break; + case DOCKER_CONTAINERS_JSON: + filename = NPL_TEST_PATH_CONTAINER_JSON; + break; + } + + chunk->memory = test_fstringify (filename); + if (NULL == chunk->memory) + return EXIT_AM_HARDFAIL; + + chunk->size = strlen (chunk->memory); + + return 0; +} + +static void +docker_close (chunk_t * chunk) +{ + free (chunk->memory); +} +#undef NPL_TESTING + +typedef struct test_data +{ + char * image; + char * perfdata; + unsigned int expect_value; +} test_data; + +static int +test_docker_running_containers (const void *tdata) +{ + const struct test_data *data = tdata; + int err, ret = 0; + char * perfdata = NULL; + unsigned int containers; + + err = docker_running_containers (&containers, data->image, &perfdata, false); + if (err != 0) + { + free (perfdata); + return err; + } + + TEST_ASSERT_EQUAL_NUMERIC (containers, data->expect_value); + TEST_ASSERT_EQUAL_STRING (perfdata, data->perfdata); + + free (perfdata); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define DO_TEST(MSG, IMAGE, PERFDATA, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .image = IMAGE, \ + .perfdata = PERFDATA, \ + .expect_value = EXPECT_VALUE \ + }; \ + if (test_run(MSG, test_docker_running_containers, &data) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST ("check running docker containers with image set", "nginx", + "containers_nginx=3", 3); + DO_TEST ("check running docker containers with image set", "redis", + "containers_redis=1", 1); + DO_TEST ("check running docker containers", NULL, + "containers_redis=1 containers_nginx=3 containers_total=4", 4); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_memory.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_memory.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_memory.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibcontainer_docker_memory.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,116 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2018 Davide Madrisan + * + * Unit test for lib/container_docker_memory.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include + +#include "container_docker.h" +#include "testutils.h" + +struct docker_memory_desc *dockermem = NULL; + +static char * +get_docker_memory_stat_path () +{ + return NPL_TEST_PATH_SYSDOCKERMEMSTAT; +} + +#define NPL_TESTING +#include "../lib/container_docker_memory.c" +#undef NPL_TESTING + +static int +test_memory_init () +{ + int ret = 0; + + ret = docker_memory_desc_new (&dockermem); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + docker_memory_desc_read (dockermem); + + return 0; +} + +static void +test_memory_release () +{ + docker_memory_desc_unref (dockermem); +} + +typedef struct test_data +{ + long long value; + long long expect_value; +} test_data; + +static int +test_sysmeminfo (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + + TEST_ASSERT_EQUAL_NUMERIC (data->value, data->expect_value); + + return ret; +} + +static int +mymain (void) +{ + int err, ret = 0; + + if ((err = test_memory_init ()) != 0) + return err; + + struct docker_memory_desc *sysdata = dockermem; + +# define DO_TEST(MEMTYPE, VALUE, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .value = VALUE, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run("check docker memory parser for " MEMTYPE " memory", \ + test_sysmeminfo, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + /* test the sysfs data parser */ + + DO_TEST ("total_cache", sysdata->b_total_cache, 108507136L); + DO_TEST ("total_rss", sysdata->b_total_rss, 53219328L); + DO_TEST ("total_swap", sysdata->b_total_swap, 0L); + DO_TEST ("total_unevictable", sysdata->b_total_unevictable, 0L); + DO_TEST ("total_pgfault", sysdata->c_total_pgfault, 97485L); + DO_TEST ("total_pgmajfault", sysdata->c_total_pgmajfault, 424L); + DO_TEST ("total_pgpgin", sysdata->c_total_pgpgin, 111725L); + DO_TEST ("total_pgpgout", sysdata->c_total_pgpgout, 72238L); + + test_memory_release (); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibkernelver.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibkernelver.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibkernelver.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibkernelver.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016 Davide Madrisan + * + * Unit test for lib/kernelver.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include + +#include "common.h" +#include "kernelver.h" +#include "testutils.h" + +static int +mymain (void) +{ +#ifdef KERNEL_VERSION + int ret = 0; + unsigned int lnxver = linux_version (); + + TEST_ASSERT_EQUAL_NUMERIC (lnxver, + KERNEL_VERSION (TEST_KERNEL_VERSION_MAJOR, + TEST_KERNEL_VERSION_MINOR, + TEST_KERNEL_VERSION_PATCH)); + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +#else + return EXIT_AM_SKIP; +#endif +} + +TEST_MAIN_PRELOAD (mymain, abs_builddir "/.libs/tslib_uname.so"); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_conversions.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_conversions.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_conversions.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_conversions.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,77 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for lib/meminfo.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "meminfo.h" +#include "testutils.h" +#include "units.h" + +typedef struct test_data +{ + unsigned long long memsize; + unsigned long long expect_value; + unit_shift shift; +} test_data; + +static int +test_memory_unit_conversion (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + + TEST_ASSERT_EQUAL_NUMERIC ( + UNIT_CONVERT (data->memsize, data->shift), data->expect_value); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define KILO 1024UL +#define MEGA KILO*KILO + +#define DO_TEST(MSG, MEMSIZE, SHIFT, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .memsize = MEMSIZE, \ + .shift = SHIFT, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run(MSG, test_memory_unit_conversion, &data) < 0) \ + ret = -1; \ + } \ + while (0) + + /* unit conversion */ + DO_TEST ("check memory size conversion into kbytes", + KILO, k_shift, KILO); + DO_TEST ("check memory size conversion into mbytes", + 2*KILO, m_shift, 2UL); + DO_TEST ("check memory size conversion into gbytes", + 4*MEGA, g_shift, 4UL); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_interface.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_interface.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_interface.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_interface.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,139 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for lib/meminfo.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" + +#if defined (PROC_MEMINFO) && !defined (HAVE_LIBPROCPS) + +# define NPL_TESTING +# include "../lib/meminfo.c" +# undef NPL_TESTING + +proc_sysmem_t *sysmem = NULL; + +static int +test_memory_init () +{ + int ret = 0; + const char *env_variable = "NPL_TEST_PATH_PROCMEMINFO"; + + ret = proc_sysmem_new (&sysmem); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + ret = setenv (env_variable, NPL_TEST_PATH_PROCMEMINFO, 1); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + proc_sysmem_read (sysmem); + unsetenv (env_variable); + + return 0; +} + +static void +test_memory_release () +{ + proc_sysmem_unref (sysmem); +} + +# define test_memory_label(arg, value) \ +static int test_memory_ ## arg (const void *tdata) \ +{ \ + int err, ret = 0; \ + unsigned long kb_value; \ + const char *env_variable = "NPL_TEST_PATH_PROCMEMINFO"; \ + \ + /* read the data from (a static copy of) /proc/meminfo */ \ + err = setenv (env_variable, NPL_TEST_PATH_PROCMEMINFO, 1); \ + if (err < 0) \ + return EXIT_AM_HARDFAIL; \ + \ + kb_value = proc_sysmem_get_ ## arg (sysmem); \ + TEST_ASSERT_EQUAL_NUMERIC(kb_value, value); \ + \ + return ret; \ +} + +/* function used by check_memory */ +test_memory_label (active, 3090692UL); +test_memory_label (anon_pages, 1008780UL); +test_memory_label (committed_as, 3678828UL); +test_memory_label (dirty, 92UL); +test_memory_label (inactive, 1044404UL); +test_memory_label (main_available, 14564424UL); +test_memory_label (main_buffers, 384876UL); +test_memory_label (main_free, 11918208UL); +test_memory_label (main_shared, 387476UL); +test_memory_label (main_total, 16384256UL); + +/* function used by check_swap */ +test_memory_label (swap_cached, 1024UL); +test_memory_label (swap_free, 8387580UL); +test_memory_label (swap_total, 8388604UL); + +static int +mymain (void) +{ + int err, ret = 0; + + if ((err = test_memory_init ()) != 0) + return err; + + /* test the public interface of the library */ + +# define DO_TEST(MSG, FUNC, DATA) \ + do { if (test_run (MSG, FUNC, DATA) < 0) ret = -1; } while (0) + + /* system memory */ + DO_TEST ("check active memory", test_memory_active, NULL); + DO_TEST ("check anon_pages memory", test_memory_anon_pages, NULL); + DO_TEST ("check committed_as memory", test_memory_committed_as, NULL); + DO_TEST ("check dirty memory", test_memory_dirty, NULL); + DO_TEST ("check inactive memory", test_memory_inactive, NULL); + DO_TEST ("check main_available memory", test_memory_main_available, NULL); + DO_TEST ("check main_buffers memory", test_memory_main_buffers, NULL); + DO_TEST ("check main_free memory", test_memory_main_free, NULL); + DO_TEST ("check main_shared memory", test_memory_main_shared, NULL); + DO_TEST ("check main_total memory", test_memory_main_total, NULL); + + /* system swap */ + DO_TEST ("check swap_cached memory", test_memory_swap_cached, NULL); + DO_TEST ("check swap_free memory", test_memory_swap_free, NULL); + DO_TEST ("check swap_total memory", test_memory_swap_total, NULL); + + test_memory_release (); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) + +#else + +int +main (void) +{ + return EXIT_AM_SKIP; +} + +#endif diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_procparser.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_procparser.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_procparser.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmeminfo_procparser.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,140 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for lib/meminfo.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" + +#if defined (PROC_MEMINFO) && !defined (HAVE_LIBPROCPS) + +# define NPL_TESTING +# include "../lib/meminfo.c" +# undef NPL_TESTING + +proc_sysmem_t *sysmem = NULL; + +static int +test_memory_init () +{ + int ret = 0; + const char *env_variable = "NPL_TEST_PATH_PROCMEMINFO"; + + ret = proc_sysmem_new (&sysmem); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + ret = setenv (env_variable, NPL_TEST_PATH_PROCMEMINFO, 1); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + proc_sysmem_read (sysmem); + unsetenv (env_variable); + + return 0; +} + +static void +test_memory_release () +{ + proc_sysmem_unref (sysmem); +} + +typedef struct test_data +{ + unsigned long value; + unsigned long expect_value; +} test_data; + +static int +test_procmeminfo (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + + TEST_ASSERT_EQUAL_NUMERIC (data->value, data->expect_value); + return ret; +} + +static int +mymain (void) +{ + int err, ret = 0; + + if ((err = test_memory_init ()) != 0) + return err; + + proc_sysmem_data_t *procdata = sysmem->data; + +# define DO_TEST(MEMTYPE, VALUE, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .value = VALUE, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run("check " PROC_MEMINFO " parser for " MEMTYPE " memory", \ + test_procmeminfo, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + /* test the proc parser */ + + DO_TEST ("Active", procdata->kb_active, 3090692UL); + DO_TEST ("Active(file)", procdata->kb_active_file, 2021912UL); + DO_TEST ("AnonPages", procdata->kb_anon_pages, 1008780UL); + DO_TEST ("Buffers", procdata->kb_main_buffers, 384876UL); + DO_TEST ("Cached", procdata->kb_page_cache, 2741476UL); + DO_TEST ("Committed_AS", procdata->kb_committed_as, 3678828UL); + DO_TEST ("Dirty", procdata->kb_dirty, 92UL); + DO_TEST ("HighTotal", procdata->kb_high_total, 0UL); + DO_TEST ("Inact_clean", procdata->kb_inact_clean, 0UL); + DO_TEST ("Inact_dirty", procdata->kb_inact_dirty, 0UL); + DO_TEST ("Inact_laundry", procdata->kb_inact_laundry, 0UL); + DO_TEST ("Inactive", procdata->kb_inactive, 1044404UL); + DO_TEST ("Inactive(file)", procdata->kb_inactive_file, 716976UL); + DO_TEST ("LowFree", procdata->kb_low_free, 0UL); + DO_TEST ("LowTotal", procdata->kb_low_total, MEMINFO_UNSET); + DO_TEST ("MemAvailable", procdata->kb_main_available, 14564424UL); + DO_TEST ("MemFree", procdata->kb_main_free, 11918208UL); + DO_TEST ("MemTotal", procdata->kb_main_total, 16384256UL); + DO_TEST ("SReclaimable", procdata->kb_slab_reclaimable, 152528UL); + DO_TEST ("Shmem", procdata->kb_main_shared, 387476UL); + DO_TEST ("Slab", procdata->kb_slab, 202816UL); + DO_TEST ("SwapCached", procdata->kb_swap_cached, 1024UL); + DO_TEST ("SwapFree", procdata->kb_swap_free, 8387580UL); + DO_TEST ("SwapTotal", procdata->kb_swap_total, 8388604UL); + + test_memory_release (); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) + +#else + +int +main (void) +{ + return EXIT_AM_SKIP; +} + +#endif diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmessages.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmessages.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmessages.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibmessages.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,73 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016 Davide Madrisan + * + * Unit test for lib/messages.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "messages.h" +#include "testutils.h" + +typedef struct test_data +{ + char *state; + nagstatus value; + nagstatus expect_value; +} test_data; + +static int +test_nagios_state_string (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + + TEST_ASSERT_EQUAL_STRING (state_text (data->value), data->state); + TEST_ASSERT_EQUAL_NUMERIC (data->value, data->expect_value); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define STR(S) #S +#define DO_TEST(TYPE, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .state = STR(TYPE), \ + .value = STATE_##TYPE, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run("check nagios state " STR(TYPE), \ + test_nagios_state_string, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST (OK, 0); + DO_TEST (WARNING, 1); + DO_TEST (CRITICAL, 2); + DO_TEST (UNKNOWN, 3); + DO_TEST (DEPENDENT, 4); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibperfdata.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibperfdata.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibperfdata.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibperfdata.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2019 Davide Madrisan + * + * Unit test for lib/perfdata.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "common.h" +#include "perfdata.h" +#include "system.h" +#include "testutils.h" +#include "thresholds.h" +#include "units.h" + +typedef struct test_data +{ + char *warn_string; + char *critical_string; + unsigned long base; + int shift; + unsigned long long limit; + bool percent; + unsigned long long expect_value[2]; +} test_data; + +static int +test_get_perfdata_limit_converted (const void *tdata) +{ + const struct test_data *data = tdata; + thresholds *my_threshold = NULL; + unsigned long long limit_warning, limit_critical; + int ret = 0, retw, retc, status; + + status = set_thresholds (&my_threshold, data->warn_string, + data->critical_string); + if (status == NP_RANGE_UNPARSEABLE) + return -1; + + retw = + get_perfdata_limit_converted (my_threshold->warning, data->base, + data->shift, &limit_warning, data->percent); + retc = + get_perfdata_limit_converted (my_threshold->critical, data->base, + data->shift, &limit_critical, + data->percent); + if (retw != 0 || retc != 0) + return -1; + + TEST_ASSERT_EQUAL_NUMERIC (limit_warning, data->expect_value[0]); + retw = ret; + TEST_ASSERT_EQUAL_NUMERIC (limit_critical, data->expect_value[1]); + retc = ret; + if (retw != 0 || retc != 0) + ret = -1; + + free (my_threshold); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define DO_TEST(WARN_STR, CRITICAL_STR, BASE, SHIFT, PERCENT,\ + EXPECT_VALUE_W, EXPECT_VALUE_C) \ + do \ + { \ + test_data data = { \ + .warn_string = WARN_STR, \ + .critical_string = CRITICAL_STR, \ + .base = BASE, \ + .shift = SHIFT, \ + .percent = PERCENT, \ + .expect_value[0] = EXPECT_VALUE_W, \ + .expect_value[1] = EXPECT_VALUE_C, \ + }; \ + if (test_run( \ + "check get_perfdata_limit_converted with -w " \ + WARN_STR " -c " CRITICAL_STR " and " #SHIFT, \ + test_get_perfdata_limit_converted, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST ("20%:", "10%:", 16302692L, k_shift, true, 3260538L, 1630269L); + DO_TEST ("20%:", "10%:", 16302692L, m_shift, true, 3184L, 1592L); + DO_TEST ("20%:", "10%:", 16302692L, g_shift, true, 3L, 1L); + + DO_TEST ("80%", "90%", 16302692L, k_shift, true, 13042153L, 14672422L); + DO_TEST ("80%", "90%", 16302692L, m_shift, true, 12736L, 14328L); + DO_TEST ("80%", "90%", 16302692L, g_shift, true, 12L, 13L); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibpressure.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibpressure.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibpressure.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibpressure.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,125 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2020 Davide Madrisan + * + * Unit test for lib/pressure.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* activate extra prototypes for glibc */ +#endif + +#include "testutils.h" + +# define NPL_TESTING +# include "../lib/pressure.c" +# undef NPL_TESTING + +static struct proc_psi_oneline *psi_oneline = NULL; +static struct proc_psi_twolines *psi_twolines = NULL; +static unsigned long long starvation[2]; + +static int +test_init () +{ + const char *env_variable_cpu = "NPL_TEST_PATH_PROCPRESSURE_CPU", + *env_variable_io = "NPL_TEST_PATH_PROCPRESSURE_IO"; + + if (setenv (env_variable_cpu, NPL_TEST_PATH_PROCPRESSURE_CPU, 1) < 0) + return EXIT_AM_HARDFAIL; + if (setenv (env_variable_io, NPL_TEST_PATH_PROCPRESSURE_IO, 1) < 0) + return EXIT_AM_HARDFAIL; + + proc_psi_read_cpu (&psi_oneline, &starvation[0], 1); + proc_psi_read_io (&psi_twolines, &starvation[0], 1); + + unsetenv (env_variable_cpu); + unsetenv (env_variable_io); + + return 0; +} + +static void +test_memory_release () +{ + free (psi_oneline); + free (psi_twolines); +} + +typedef struct test_data +{ + unsigned long long value; + unsigned long long expect_value; +} test_data; + +static int +test_procpressure (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + + TEST_ASSERT_EQUAL_NUMERIC (data->value, data->expect_value); + return ret; +} + +static int +mymain (void) +{ + int err, ret = 0; + + if ((err = test_init ()) != 0) + return err; + +# define DO_TEST(DATATYPE, VALUE, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .value = VALUE, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run("check " PATH_PSI_PROC_CPU " parser", \ + test_procpressure, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + /* test the proc parser */ + + /* we multiply by 100 the averages to somewhat transform + * the double values into integer ones */ + DO_TEST ("cpu some avg10", psi_oneline->avg10 * 100, 748ULL); + DO_TEST ("cpu some avg60", psi_oneline->avg60 * 100, 626ULL); + DO_TEST ("cpu some avg300", psi_oneline->avg300 * 100, 666ULL); + DO_TEST ("cpu single total", psi_oneline->total, 200932088ULL); + + DO_TEST ("io some avg10", psi_twolines->some_avg10 * 100, 8ULL); + DO_TEST ("io some avg60", psi_twolines->some_avg60 * 100, 2ULL); + DO_TEST ("io some avg300", psi_twolines->some_avg300 * 100, 1ULL); + DO_TEST ("io some total", psi_twolines->some_total, 40636071ULL); + + DO_TEST ("io full avg10", psi_twolines->full_avg10 * 100, 4ULL); + DO_TEST ("io full avg60", psi_twolines->full_avg60 * 100, 1ULL); + DO_TEST ("io full avg300", psi_twolines->full_avg300 * 100, 0ULL); + DO_TEST ("io full total", psi_twolines->full_total, 32897091ULL); + + test_memory_release (); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslib_uname.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslib_uname.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslib_uname.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslib_uname.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016 Davide Madrisan + * + * Unit test library for checking lib/kernelver.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include + +#include "testutils.h" + +/* + * SUSv3 specifies uname(), but leaves the lengths of the various fields + * of the utsname structure undefined, requiring only that the strings be + * terminated by a null byte. On Linux, these fields are each 65 bytes + * long; including space for terminating null byte. + * Glibc declares a variable _UTSNAME_[A-Z]*_LENGTH for each field, all + * equal to _UTSNAME_LENGTH which in turn equals to 65. + * Musl libc (shipped by Linux Alpine) does not declare any length variable + * but hardcodes this value in each field definition. + */ +#if !defined _UTSNAME_RELEASE_LENGTH && defined LIBC_MUSL +# define _UTSNAME_RELEASE_LENGTH 65 +#endif + +int +uname (struct utsname *__name) +{ + const char krelease[] = TEST_KERNEL_VERSION; + strncpy (__name->release, krelease, _UTSNAME_RELEASE_LENGTH); + return 0; +} diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsliburlencode.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsliburlencode.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsliburlencode.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsliburlencode.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2018 Davide Madrisan + * + * Unit test for lib/url_encode.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include + +#include "testutils.h" +#include "url_encode.h" + +#define NPL_TESTING + +#include "../lib/url_encode.c" + +typedef struct test_data +{ + char * url; + char * expect_value; +} test_data; + +static int +test_url_encoding (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + char *encoded_url = url_encode (data->url); + + TEST_ASSERT_EQUAL_STRING (encoded_url, data->expect_value); + free (encoded_url); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define DO_TEST(URL, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .url = URL, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run("check url encoding for " URL, \ + test_url_encoding, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST ("?test=true", "%3ftest%3dtrue"); + DO_TEST ("?test=true&debug=false", "%3ftest%3dtrue%26debug%3dfalse"); + DO_TEST ("{\"status\":{\"running\":true}}", + "%7b%22status%22%3a%7b%22running%22%3atrue%7d%7d"); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibvminfo.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibvminfo.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibvminfo.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tslibvminfo.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,210 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for lib/vminfo.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "common.h" +#include "testutils.h" + +#ifndef HAVE_LIBPROCPS + +# define NPL_TESTING +# include "../lib/vminfo.c" +# undef NPL_TESTING + +proc_vmem_t *vmem = NULL; + +static int +test_memory_init () +{ + int ret = 0; + const char *env_variable = "NPL_TEST_PATH_PROCVMSTAT"; + + ret = proc_vmem_new (&vmem); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + ret = setenv (env_variable, NPL_TEST_PATH_PROCVMSTAT, 1); + if (ret < 0) + return EXIT_AM_HARDFAIL; + + proc_vmem_read (vmem); + unsetenv (env_variable); + + return 0; +} + +static void +test_memory_release () +{ + proc_vmem_unref (vmem); +} + +typedef struct test_data +{ + unsigned long value; + unsigned long expect_value; +} test_data; + +static int +test_procvminfo (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + + TEST_ASSERT_EQUAL_NUMERIC (data->value, data->expect_value); + return ret; +} + +# define test_memory_label(arg, value) \ + static int test_memory_ ## arg (const void *tdata) \ + { \ + int err, ret = 0; \ + unsigned long kb_value; \ + const char *env_variable = "NPL_TEST_PATH_PROCVMSTAT"; \ + \ + /* read the data from (a static copy of) /proc/vmstat */ \ + err = setenv (env_variable, NPL_TEST_PATH_PROCVMSTAT, 1); \ + if (err < 0) \ + return EXIT_AM_HARDFAIL; \ + \ + kb_value = proc_vmem_get_ ## arg (vmem); \ + TEST_ASSERT_EQUAL_NUMERIC (kb_value, value); \ + \ + return ret; \ + } + +test_memory_label (pgpgin, 2581510UL); +test_memory_label (pgpgout, 34298109UL); +test_memory_label (pswpin, 10402UL); +test_memory_label (pswpout, 12250UL); +test_memory_label (pgfault, 91270548UL); +test_memory_label (pgmajfault, 9363UL); +test_memory_label (pgfree, 91315814UL); +/*test_memory_label (pgsteal, 0UL);*/ +/*test_memory_label (pgscand, 0UL);*/ +/*test_memory_label (pgscank, 0UL);*/ + +static int +mymain (void) +{ + int err, ret = 0; + + if ((err = test_memory_init ()) != 0) + return err; + + proc_vmem_data_t *procdata = vmem->data; + +# define DO_TEST_PROC(MEMTYPE, VALUE, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .value = VALUE, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run("check " PROC_STAT " parser for " MEMTYPE " memory", \ + test_procvminfo, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + /* test the proc parser */ + + DO_TEST_PROC ("allocstall", procdata->vm_allocstall, 0L); + DO_TEST_PROC ("kswapd_inodesteal", procdata->vm_kswapd_inodesteal, 0L); + /* kswapd_steal */ + DO_TEST_PROC ("nr_dirty", procdata->vm_nr_dirty, 20L); + DO_TEST_PROC ("nr_mapped", procdata->vm_nr_mapped, 314943L); + DO_TEST_PROC ("nr_page_table_pages", + procdata->vm_nr_page_table_pages, 10601L); + /* nr_pagecache */ + /* nr_reverse_maps */ + /* nr_slab */ + DO_TEST_PROC ("nr_unstable", procdata->vm_nr_unstable, 0L); + DO_TEST_PROC ("nr_writeback", procdata->vm_nr_writeback, 0L); + DO_TEST_PROC ("pageoutrun", procdata->vm_pageoutrun, 1L); + DO_TEST_PROC ("pgactivate", procdata->vm_pgactivate, 764549L); + /* pgalloc */ + DO_TEST_PROC ("pgalloc_dma", procdata->vm_pgalloc_dma, 6L); + /* pgalloc_high */ + DO_TEST_PROC ("pgalloc_normal", procdata->vm_pgalloc_normal, 70896125L); + DO_TEST_PROC ("pgdeactivate", procdata->vm_pgdeactivate, 0L); + DO_TEST_PROC ("pgfault", procdata->vm_pgfault, 91270548L); + DO_TEST_PROC ("pgfree", procdata->vm_pgfree, 91315814L); + DO_TEST_PROC ("pginodesteal", procdata->vm_pginodesteal, 0L); + DO_TEST_PROC ("pgmajfault", procdata->vm_pgmajfault, 9363L); + DO_TEST_PROC ("pgpgin", procdata->vm_pgpgin, 2581510L); + DO_TEST_PROC ("pgpgout", procdata->vm_pgpgout, 34298109L); + DO_TEST_PROC ("pgrefill", procdata->vm_pgrefill, 0L); + DO_TEST_PROC ("pgrefill_dma", procdata->vm_pgrefill_dma, 0L); + /* pgrefill_high */ + DO_TEST_PROC ("pgrefill_normal", procdata->vm_pgrefill_normal, 0L); + DO_TEST_PROC ("pgrotated", procdata->vm_pgrotated, 407L); + DO_TEST_PROC ("pgscan", procdata->vm_pgscan, 0L); + DO_TEST_PROC ("pgscan_direct_dma", procdata->vm_pgscan_direct_dma, 0L); + /* pgscan_direct_high */ + DO_TEST_PROC ("pgscan_direct_normal", procdata->vm_pgscan_direct_normal, 0L); + DO_TEST_PROC ("pgscan_kswapd_dma", procdata->vm_pgscan_kswapd_dma, 0L); + /* pgscan_kswapd_high */ + DO_TEST_PROC ("pgscan_kswapd_normal", procdata->vm_pgscan_kswapd_normal, 0L); + DO_TEST_PROC ("pgsteal", procdata->vm_pgsteal, 0L); + /* pgsteal_dma */ + /* pgsteal_high */ + /* pgsteal_normal */ + DO_TEST_PROC ("pswpin", procdata->vm_pswpin, 10402L); + DO_TEST_PROC ("pswpout", procdata->vm_pswpout, 12250L); + DO_TEST_PROC ("slabs_scanned", procdata->vm_slabs_scanned, 0L); + + /* test the public interface of the library */ + +# define DO_TEST(MSG, FUNC, DATA) \ + do { if (test_run (MSG, FUNC, DATA) < 0) ret = -1; } while (0) + + DO_TEST ("check pgpgin virtual memory stat", test_memory_pgpgin, NULL); + DO_TEST ("check pgpgout virtual memory stat", test_memory_pgpgout, NULL); + + /* used by check_swap, check_paging */ + DO_TEST ("check pswpin virtual memory stat", test_memory_pswpin, NULL); + DO_TEST ("check pswpout virtual memory stat", test_memory_pswpout, NULL); + + /* used by check_paging */ + DO_TEST ("check pgfault virtual memory stat", test_memory_pgfault, NULL); + DO_TEST ("check pgmajfault virtual memory stat", test_memory_pgmajfault, NULL); + DO_TEST ("check pgfree virtual memory stat", test_memory_pgfree, NULL); + /*DO_TEST ("check pgsteal virtual memory stat", test_memory_pgsteal, NULL);*/ + /*DO_TEST ("check pgscand virtual memory stat", test_memory_pgscand, NULL);*/ + /*DO_TEST ("check pgscank virtual memory stat", test_memory_pgscank, NULL);*/ + + test_memory_release (); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) + +#else + +int +main (void) +{ + return EXIT_AM_SKIP; +} + +#endif /* HAVE_LIBPROCPS */ diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_normalize.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_normalize.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_normalize.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_normalize.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for check_load.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" +#include "system.h" + +#define ARRAY_CARDINALITY(ARRAY) (sizeof(ARRAY) / sizeof(*(ARRAY))) + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__ ((unused)); +static _Noreturn void usage (FILE * out) __attribute__ ((unused)); +static void validate_input (int i, double w, double c) __attribute__ ((unused)); +static int loadavg_status (const double *loadavg, const double *wload, + const double *cload, const bool *required) + __attribute__ ((unused)); + +#define NPL_TESTING +#include "../plugins/check_load.c" +#undef NPL_TESTING + +typedef struct test_data +{ + double loadavg[3]; + double expect_value[3]; + unsigned int active_cpu; +} test_data; + +static int +test_loadavg_normalize (const void *tdata) +{ + const struct test_data *data = tdata; + int ret = 0; + size_t i; + + normalize_loadavg ((double *) data->loadavg, data->active_cpu); + + for (i = 0; i < ARRAY_CARDINALITY (data->loadavg); ++i) + TEST_ASSERT_EQUAL_NUMERIC (data->loadavg[i], data->expect_value[i]); + + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define DO_TEST(L1, L2, L3, E1, E2, E3, NCPU) \ + do \ + { \ + test_data data = { \ + .loadavg = { L1, L2, L3 }, \ + .expect_value = { E1, E2, E3 }, \ + .active_cpu = NCPU \ + }; \ + if (test_run("check load normalization with " #NCPU " cpu(s)", \ + test_loadavg_normalize, (&data)) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST (/* loadavg: */ 4.0, 2.0, 1.0, /* expect_value: */ 4.0, 2.0, 1.0, 1); + DO_TEST (/* loadavg: */ 4.0, 2.0, 1.0, /* expect_value: */ 2.0, 1.0, 0.5, 2); + DO_TEST (/* loadavg: */ 4.0, 2.0, 6.0, /* expect_value: */ 0.5, .25, .75, 8); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_thresholds.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_thresholds.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_thresholds.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsload_thresholds.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,124 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for check_load.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" +#include "thresholds.h" + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__ ((unused)); +static _Noreturn void usage (FILE * out) __attribute__ ((unused)); +static void validate_input (int i, double w, double c) __attribute__ ((unused)); +static void normalize_loadavg (double *loadavg, int numcpus) + __attribute__ ((unused)); + +#define NPL_TESTING +#include "../plugins/check_load.c" +#undef NPL_TESTING + +typedef struct test_data +{ + double loadavg[3]; + double wload[3]; + double cload[3]; + bool required[3]; + nagstatus expect_status; +} test_data; + +static int +test_loadavg_exit_status (const void *tdata) +{ + const struct test_data *data = tdata; + nagstatus status; + int ret = 0; + + status = loadavg_status (data->loadavg, data->wload, data->cload, data->required); + + TEST_ASSERT_EQUAL_NUMERIC (status, data->expect_status); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define DO_TEST(L1,L2,L3, W1,W2,W3, C1,C2,C3, R1,R2,R3, EXPECT) \ + do \ + { \ + test_data data = { \ + .loadavg = { L1, L2, L3 }, \ + .wload = { W1, W2, W3 }, \ + .cload = { C1, C2, C3 }, \ + .required = { R1, R2, R3 }, \ + .expect_status = EXPECT \ + }; \ + if (test_run("check load exit status, expected: " #EXPECT, \ + test_loadavg_exit_status, &data) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST (/* loadavg */ 2.8, 1.9, 1.3, + /* wload */ 3.0, 3.0, 3.0, /* cload */ 4.0, 4.0, 4.0, + /* required */ true, true, true, + /* expect_status */ STATE_OK); + DO_TEST (/* loadavg */ 2.8, 1.9, 1.3, + /* wload */ 3.0, 1.5, 1.5, /* cload */ 4.0, 4.0, 4.0, + /* required */ true, true, true, + /* expect_status */ STATE_WARNING); + DO_TEST (/* loadavg */ 2.8, 1.9, 1.3, + /* wload */ 3.0, 1.5, 1.5, /* cload */ 4.0, 4.0, 4.0, + /* required */ true, false, false, + /* expect_status */ STATE_OK); + DO_TEST (/* loadavg */ 2.8, 1.9, 1.3, + /* wload */ 3.0, 1.5, 1.5, /* cload */ 4.0, 4.0, 4.0, + /* required */ false, true, false, + /* expect_status */ STATE_WARNING); + DO_TEST (/* loadavg */ 2.8, 1.9, 1.3, + /* wload */ 3.0, 1.5, 1.5, /* cload */ 4.0, 4.0, 4.0, + /* required */ false, false, true, + /* expect_status */ STATE_OK); + DO_TEST (/* loadavg */ 2.8, 1.9, 1.3, + /* wload */ 3.0, 1.5, 1.5, /* cload */ 4.0, 4.0, 4.0, + /* required */ false, true, true, + /* expect_status */ STATE_WARNING); + DO_TEST (/* loadavg */ 2.8, 1.9, 5.5, + /* wload */ 1.0, 2.0, 2.0, /* cload */ 3.0, 3.0, 4.0, + /* required */ true, true, true, + /* expect_status */ STATE_CRITICAL); + DO_TEST (/* loadavg */ 2.8, 1.9, 5.5, + /* wload */ 1.0, 2.0, 2.0, /* cload */ 3.0, 3.0, 4.0, + /* required */ true, false, false, + /* expect_status */ STATE_WARNING); + DO_TEST (/* loadavg */ 2.8, 1.9, 5.5, + /* wload */ 1.0, 2.0, 3.0, /* cload */ 3.0, 3.0, 6.0, + /* required */ false, true, false, + /* expect_status */ STATE_OK); + DO_TEST (/* loadavg */ 2.8, 1.9, 5.5, + /* wload */ 1.0, 2.0, 3.0, /* cload */ 3.0, 3.0, 6.0, + /* required */ false, false, true, + /* expect_status */ STATE_WARNING); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tspaging.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tspaging.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tspaging.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tspaging.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2016,2017 Davide Madrisan + * + * Unit test for check_paging.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__((unused)); +static _Noreturn void usage (FILE * out) __attribute__((unused)); + +#define NPL_TESTING +# include "../plugins/check_paging.c" +#undef NPL_TESTING + +static int +test_paging_summary (const void *tdata) +{ + int ret = 0; + const char *env_variable = "NPL_TEST_PATH_PROCVMSTAT"; + paging_data_t paging; + + if (setenv (env_variable, NPL_TEST_PATH_PROCVMSTAT, 1) < 0) + return EXIT_AM_HARDFAIL; + +#define CHECK_SUMMARY(SWAPPING_ONLY) \ + do \ + { \ + get_paging_status (true, SWAPPING_ONLY, &paging); \ + unsigned long summary = \ + SWAPPING_ONLY ? (paging.dpswpin + \ + paging.dpswpout) : paging.dpgmajfault; \ + if (summary != paging.summary) \ + ret = -1; \ + } \ + while (0) + + CHECK_SUMMARY (true); + CHECK_SUMMARY (false); + + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define DO_TEST(MSG, FUNC, DATA) \ + do { if (test_run (MSG, FUNC, DATA) < 0) ret = -1; } while (0) + + DO_TEST ("check for get_paging_status() paging.summary", + test_paging_summary, NULL); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procmeminfo.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procmeminfo.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procmeminfo.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procmeminfo.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,46 @@ +MemTotal: 16384256 kB +MemFree: 11918208 kB +MemAvailable: 14564424 kB +Buffers: 384876 kB +Cached: 2741476 kB +SwapCached: 1024 kB +Active: 3090692 kB +Inactive: 1044404 kB +Active(anon): 1068780 kB +Inactive(anon): 327428 kB +Active(file): 2021912 kB +Inactive(file): 716976 kB +Unevictable: 32 kB +Mlocked: 32 kB +SwapTotal: 8388604 kB +SwapFree: 8387580 kB +Dirty: 92 kB +Writeback: 0 kB +AnonPages: 1008780 kB +Mapped: 1249552 kB +Shmem: 387476 kB +Slab: 202816 kB +SReclaimable: 152528 kB +SUnreclaim: 50288 kB +KernelStack: 7568 kB +PageTables: 42704 kB +NFS_Unstable: 0 kB +Bounce: 0 kB +WritebackTmp: 0 kB +CommitLimit: 16580732 kB +Committed_AS: 3678828 kB +VmallocTotal: 34359738367 kB +VmallocUsed: 0 kB +VmallocChunk: 0 kB +HardwareCorrupted: 0 kB +AnonHugePages: 720896 kB +CmaTotal: 0 kB +CmaFree: 0 kB +HugePages_Total: 0 +HugePages_Free: 0 +HugePages_Rsvd: 0 +HugePages_Surp: 0 +Hugepagesize: 2048 kB +DirectMap4k: 15764 kB +DirectMap2M: 3010560 kB +DirectMap1G: 13631488 kB diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressurecpu.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressurecpu.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressurecpu.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressurecpu.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +some avg10=7.48 avg60=6.26 avg300=6.66 total=200932088 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressureio.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressureio.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressureio.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procpressureio.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,2 @@ +some avg10=0.08 avg60=0.02 avg300=0.01 total=40636071 +full avg10=0.04 avg60=0.01 avg300=0.00 total=32897091 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procstat.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procstat.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procstat.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procstat.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,16 @@ +cpu 46415 2324 23746 2025020 33466 0 178 0 0 0 +cpu0 8457 669 5357 676312 31474 0 103 0 0 0 +cpu1 6876 328 3733 191343 665 0 15 0 0 0 +cpu2 7029 224 4595 191347 381 0 13 0 0 0 +cpu3 7374 210 4651 191025 689 0 9 0 0 0 +cpu4 3948 223 1223 194095 34 0 19 0 0 0 +cpu5 4405 149 1242 193795 60 0 6 0 0 0 +cpu6 4104 253 1549 193465 45 0 6 0 0 0 +cpu7 4219 266 1394 193634 115 0 5 0 0 0 +intr 4315363 33 45306 0 0 0 0 0 0 1 1334 0 0 305377 0 0 0 69 0 9535 0 0 0 0 79 0 0 0 0 0 0 0 798 47 66 17 220606 419887 11 469 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 +ctxt 13817032 +btime 1500269370 +processes 22238 +procs_running 2 +procs_blocked 0 +softirq 5842976 81 1577204 475 19256 215808 14 2294240 1016947 0 718951 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procvmstat.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procvmstat.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procvmstat.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_procvmstat.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,118 @@ +nr_free_pages 2935466 +nr_alloc_batch 1246 +nr_inactive_anon 100858 +nr_active_anon 239721 +nr_inactive_file 210928 +nr_active_file 525235 +nr_unevictable 8 +nr_mlock 8 +nr_anon_pages 222307 +nr_mapped 314943 +nr_file_pages 854452 +nr_dirty 20 +nr_writeback 0 +nr_slab_reclaimable 38516 +nr_slab_unreclaimable 12530 +nr_page_table_pages 10601 +nr_kernel_stack 472 +nr_unstable 0 +nr_bounce 0 +nr_vmscan_write 0 +nr_vmscan_immediate_reclaim 0 +nr_writeback_temp 0 +nr_isolated_anon 0 +nr_isolated_file 0 +nr_shmem 118289 +nr_dirtied 8592336 +nr_written 8520396 +nr_pages_scanned 0 +numa_hit 81405403 +numa_miss 0 +numa_foreign 0 +numa_interleave 20314 +numa_local 81405403 +numa_other 0 +workingset_refault 0 +workingset_activate 0 +workingset_nodereclaim 0 +nr_anon_transparent_hugepages 261 +nr_free_cma 0 +nr_dirty_threshold 1451467 +nr_dirty_background_threshold 362423 +pgpgin 2581510 +pgpgout 34298109 +pswpin 10402 +pswpout 12250 +pgalloc_dma 6 +pgalloc_dma32 17481863 +pgalloc_normal 70896125 +pgalloc_movable 0 +pgfree 91315814 +pgactivate 764549 +pgdeactivate 0 +pgfault 91270548 +pgmajfault 9363 +pgrefill_dma 0 +pgrefill_dma32 0 +pgrefill_normal 0 +pgrefill_movable 0 +pgsteal_kswapd_dma 0 +pgsteal_kswapd_dma32 0 +pgsteal_kswapd_normal 0 +pgsteal_kswapd_movable 0 +pgsteal_direct_dma 0 +pgsteal_direct_dma32 0 +pgsteal_direct_normal 0 +pgsteal_direct_movable 0 +pgscan_kswapd_dma 0 +pgscan_kswapd_dma32 0 +pgscan_kswapd_normal 0 +pgscan_kswapd_movable 0 +pgscan_direct_dma 0 +pgscan_direct_dma32 0 +pgscan_direct_normal 0 +pgscan_direct_movable 0 +pgscan_direct_throttle 0 +zone_reclaim_failed 0 +pginodesteal 0 +slabs_scanned 0 +kswapd_inodesteal 0 +kswapd_low_wmark_hit_quickly 0 +kswapd_high_wmark_hit_quickly 0 +pageoutrun 1 +allocstall 0 +pgrotated 407 +drop_pagecache 0 +drop_slab 0 +numa_pte_updates 0 +numa_huge_pte_updates 11 +numa_hint_faults 0 +numa_hint_faults_local 0 +numa_pages_migrated 0 +pgmigrate_success 0 +pgmigrate_fail 0 +compact_migrate_scanned 0 +compact_free_scanned 0 +compact_isolated 0 +compact_stall 0 +compact_fail 0 +compact_success 0 +htlb_buddy_alloc_success 0 +htlb_buddy_alloc_fail 0 +unevictable_pgs_culled 6188 +unevictable_pgs_scanned 0 +unevictable_pgs_rescued 5183 +unevictable_pgs_mlocked 6485 +unevictable_pgs_munlocked 6477 +unevictable_pgs_cleared 0 +unevictable_pgs_stranded 0 +thp_fault_alloc 7174 +thp_fault_fallback 0 +thp_collapse_alloc 329 +thp_collapse_alloc_failed 0 +thp_split 61 +thp_zero_page_alloc 1 +thp_zero_page_alloc_failed 0 +balloon_inflate 0 +balloon_deflate 0 +balloon_migrate 0 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_sysdockermemstat.data nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_sysdockermemstat.data --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_sysdockermemstat.data 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/ts_sysdockermemstat.data 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,40 @@ +cache 108507136 +rss 53219328 +rss_huge 0 +shmem 172032 +mapped_file 54251520 +dirty 0 +writeback 0 +swap 0 +pgpgin 111725 +pgpgout 72238 +pgfault 97485 +pgmajfault 424 +inactive_anon 20480 +active_anon 53538816 +inactive_file 53460992 +active_file 54882304 +unevictable 0 +hierarchical_memory_limit 9223372036854771712 +hierarchical_memsw_limit 9223372036854771712 +total_cache 108507136 +total_rss 53219328 +total_rss_huge 0 +total_shmem 172032 +total_mapped_file 54251520 +total_dirty 0 +total_writeback 0 +total_swap 0 +total_pgpgin 111725 +total_pgpgout 72238 +total_pgfault 97485 +total_pgmajfault 424 +total_inactive_anon 20480 +total_active_anon 53538816 +total_inactive_file 53460992 +total_active_file 54882304 +total_unevictable 0 +recent_rotated_anon 85328 +recent_rotated_file 13403 +recent_scanned_anon 85369 +recent_scanned_file 36719 diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstemperature.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstemperature.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstemperature.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstemperature.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for check_temperature.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__ ((unused)); +static _Noreturn void usage (FILE * out) __attribute__ ((unused)); + +#define NPL_TESTING +#include "../plugins/check_temperature.c" +#undef NPL_TESTING + +typedef struct test_data +{ + int unit; + double expect_value; +} test_data; + +static int +test_temperature_unit_conversion (const void *tdata) +{ + char *scale; + const struct test_data *data = tdata; + const unsigned long chk_temp = 1000UL*25; /* 25C */ + int ret = 0; + + TEST_ASSERT_EQUAL_NUMERIC (data->expect_value, + get_real_temp (chk_temp, &scale, data->unit)); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + +#define DO_TEST(MSG, UNIT, EXPECT_VALUE) \ + do \ + { \ + test_data data = { \ + .unit = UNIT, \ + .expect_value = EXPECT_VALUE, \ + }; \ + if (test_run(MSG, test_temperature_unit_conversion, &data) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST ("check get_real_temp with temp_units eq TEMP_CELSIUS", + TEMP_CELSIUS, 25); + DO_TEST ("check get_real_temp with temp_units eq TEMP_FAHRENHEIT", + TEMP_FAHRENHEIT, 77); + DO_TEST ("check get_real_temp with temp_units eq TEMP_KELVIN", + TEMP_KELVIN, 298.1); + + /* FIXME: we should test here /sys/class/thermal/ related stuff + /sys/class/thermal/thermal_zone[0-*]/{type,temp,trip_point_*} + see: ./lib/sysfsparser.c */ + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstestutils.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstestutils.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstestutils.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tstestutils.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,71 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for testutils.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include +#include "testutils.h" + +typedef struct test_data +{ + char * filename; + size_t expect_size; +} test_data; + +static int +test_fstringify_bufsize (const void *tdata) +{ + int ret = 0; + const struct test_data *data = tdata; + + char * buffer = test_fstringify (data->filename); + if (NULL == buffer) + return -1; + + TEST_ASSERT_EQUAL_NUMERIC (data->expect_size, strlen (buffer)); + + free (buffer); + return ret; +} + +static int +mymain (void) +{ + int ret = 0; + char *filename = NPL_TEST_PATH_CONTAINER_JSON; + +#define DO_TEST(MSG, FILENAME, EXPECT_SIZE) \ + do \ + { \ + test_data data = { \ + .filename = FILENAME, \ + .expect_size = EXPECT_SIZE, \ + }; \ + if (test_run(MSG, test_fstringify_bufsize, &data) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST ("checking test_fstringify ()", filename, 3832); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +TEST_MAIN (mymain) diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsuptime.c nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsuptime.c --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsuptime.c 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/tests/tsuptime.c 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-3.0-or-later +/* + * License: GPLv3+ + * Copyright (c) 2017 Davide Madrisan + * + * Unit test for check_uptime.c + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "testutils.h" + +/* silence the compiler's warning 'function defined but not used' */ +static _Noreturn void print_version (void) __attribute__((unused)); +static _Noreturn void usage (FILE * out) __attribute__((unused)); +static double uptime_sysinfo () __attribute__((unused)); +#if HAVE_CLOCK_GETTIME_MONOTONIC +static double uptime_clock_monotonic () __attribute__((unused)); +#endif + +#define NPL_TESTING +# include "../plugins/check_uptime.c" +#undef NPL_TESTING + +struct test_data +{ + double secs; + char *output; +}; + +static int +test_uptime_output (const void *tdata) +{ + int ret = 0; + const struct test_data *data = tdata; + + TEST_ASSERT_EQUAL_STRING (sprint_uptime (data->secs), data->output); + return ret; +} + +#define ONE_MINUTE 60 +#define ONE_HOUR (60*ONE_MINUTE) +#define ONE_DAY (24*ONE_HOUR) +#define ONE_MONTH (30*ONE_DAY) + +static int +mymain (void) +{ + int ret = 0; + struct test_data data; + +#define DO_TEST(SECS, UPTIME_STR) \ + do \ + { \ + data.secs = SECS; \ + data.output = UPTIME_STR; \ + if (test_run ("check uptime output of "#SECS" secs", \ + test_uptime_output, &data) < 0) \ + ret = -1; \ + } \ + while (0) + + DO_TEST (59, "0 min"); + DO_TEST (3*ONE_HOUR+2*ONE_MINUTE, "3 hours 2 min"); + DO_TEST (1*ONE_DAY+1*ONE_HOUR+25*ONE_MINUTE, "1 day 1 hour 25 min"); + DO_TEST (9*ONE_MONTH+4*ONE_HOUR+10*ONE_MINUTE, "270 days 4 hours 10 min"); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +#undef ONE_MONTH +#undef ONE_DAY +#undef ONE_HOUR +#undef ONE_MINUTE + +TEST_MAIN (mymain); diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.travis.yml nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.travis.yml --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/.travis.yml 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/.travis.yml 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1,42 @@ +language: c +compiler: + - gcc + - clang + +env: + global: + # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created + # via the "travis encrypt" command using the project repo's public key + - secure: "WqpTr19IWav//MQEQ7RcerdTVhbYt9faBh2QoEZmRLDPm+0RBidw1kvP73Di9pozURqisdB1P5LJ5eVFuocaD2eM+pO4399hHD48QsupDoLxgcJfmeP5YfT7Kmq97vyOs5dV01uopRMTJ9SDD1rt2oia+Ez6B/AeTCEpENb/76Y=" + +sudo: false + +matrix: + exclude: + - compiler: clang + env: COVERITY_SCAN_BRANCH=1 + # Coverity Scan should only run once and it might fail, + # because the number of times its runs is limited per week. + # We only check when compiled with gcc. + allow_failures: + - env: COVERITY_SCAN_BRANCH=1 + +addons: + coverity_scan: + project: + name: "madrisan/nagios-plugins-linux" + notification_email: davide.madrisan@gmail.com + # Commands to prepare for build_command + build_command_prepend: "autoreconf -f -v -Wall -i -Im4 && ./configure" + # This command will be added as an argument to "cov-build" to compile + # the project for analisys + build_command: "make clean all" + branch_pattern: coverity_scan + +script: + - | + if [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then + [ -f ./Makefile ] || autoreconf -f -v -Wall -i -Im4 && ./configure + make clean all + VERBOSE=1 make check + fi diff -Nru nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/VERSION nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/VERSION --- nagios-plugins-contrib-35.20210511ubuntu2/madrisan-nagios-plugins-linux/nagios-plugins-linux/VERSION 1970-01-01 00:00:00.000000000 +0000 +++ nagios-plugins-contrib-37.20211217ubuntu1/madrisan-nagios-plugins-linux/nagios-plugins-linux/VERSION 2021-12-17 14:47:25.000000000 +0000 @@ -0,0 +1 @@ +29