ssl-cert-check icon indicating copy to clipboard operation
ssl-cert-check copied to clipboard

Published 20 hours ago verified publisher icon Matty9191

ERROR: The file named /var/tmp/cert.KCYtz7 (wrong HOST/PORT parsing)

Open mhow2 opened this issue 5 years ago • 2 comments

on my system (debian 9) v4.13 in commit https://github.com/Matty9191/ssl-cert-check/commit/3c8177c4356db6db87593a1d18565bbb8583e3d7 leads to ERROR: The file named /var/tmp/cert.KCYtz7 is unreadable or doesn't exist for which I have suggested a fix in #80.

In my specific case, the reason for this error is the output tmp file is empty, because the hostname/port arg to openssl are wrong.

$ cat /etc/debian_version 
9.11
$ ./ssl-cert-check -i -f domains.txt 
+ PROGRAMVERSION=4.13
+ trap cleanup EXIT INT TERM QUIT
+ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/ssl/bin:/usr/sfw/bin
+ export PATH
+ ADMIN=root
+ SENDER=
+ WARNDAYS=30
+ QUIET=FALSE
+ ALARM=FALSE
+ NAGIOS=FALSE
+ NAGIOSSUMMARY=FALSE
+ PKCSDBPASSWD=
+ CERTTYPE=pem
++ command -v awk
+ AWK=/usr/bin/awk
++ command -v date
+ DATE=/bin/date
++ command -v grep
+ GREP=/bin/grep
++ command -v openssl
+ OPENSSL=/usr/bin/openssl
++ command -v printf
+ PRINTF=printf
++ command -v sed
+ SED=/bin/sed
++ command -v mktemp
+ MKTEMP=/bin/mktemp
++ command -v find
+ FIND=/usr/bin/find
+ '[' -f /usr/bin/mailx ']'
+ MAIL=/usr/bin/mailx
+ MAILMODE=mailx
+ RETCODE=0
+ SUMMARY_VALID=0
+ SUMMARY_WILL_EXPIRE=0
+ SUMMARY_EXPIRED=0
+ SUMMARY_MIN_DIFF=0
+ SUMMARY_MIN_DATE=
+ SUMMARY_MIN_HOST=
+ SUMMARY_MIN_PORT=
+ umask 077
+ getopts abc:d:e:E:f:hik:nNp:qs:St:Vx: option
+ case "${option}" in
+ ISSUER=TRUE
+ getopts abc:d:e:E:f:hik:nNp:qs:St:Vx: option
+ case "${option}" in
+ SERVERFILE=domains.txt
+ getopts abc:d:e:E:f:hik:nNp:qs:St:Vx: option
+ '[' '!' -f /usr/bin/openssl ']'
+ '[' '!' -f /bin/date ']'
+ '[' '!' -f /bin/grep ']'
+ '[' '!' -f /usr/bin/find ']'
+ '[' '!' -f /bin/mktemp ']'
+ '[' -z printf ']'
+ '[' '!' -f /bin/sed ']'
+ '[' '!' -f /usr/bin/awk ']'
+ '[' FALSE = TRUE ']'
+ /usr/bin/openssl s_client -help
+ grep -servername
+ TLSSERVERNAME=TRUE
++ /bin/mktemp /var/tmp/cert.XXXXXX
+ CERT_TMP=/var/tmp/cert.KCYtz7
++ /bin/mktemp /var/tmp/error.XXXXXX
+ ERROR_TMP=/var/tmp/error.5oxO31
++ /bin/date +%m
+ MONTH=02
++ /bin/date +%d
+ DAY=04
++ /bin/date +%Y
+ YEAR=2020
++ date2julian 2 4 2020
++ '[' 2 '!=' '' ']'
++ '[' 4 '!=' '' ']'
++ '[' 2020 '!=' '' ']'
++ d2j_tmpmonth=24239
++ d2j_tmpyear=2019
++ echo 2458884
+ NOWJULIAN=2458884
+ '[' -n /var/tmp/cert.KCYtz7 ']'
+ '[' -n /var/tmp/error.5oxO31 ']'
+ touch /var/tmp/cert.KCYtz7 /var/tmp/error.5oxO31
+ '[' '' '!=' '' ']'
+ '[' -f domains.txt ']'
+ print_heading
+ '[' '' '!=' TRUE ']'
+ '[' FALSE '!=' TRUE ']'
+ '[' TRUE = TRUE ']'
+ '[' FALSE '!=' TRUE ']'
+ '[' '' '!=' TRUE ']'
+ printf '\n%-35s %-17s %-8s %-11s %-4s\n' Host Issuer Status Expires Days

Host                                Issuer            Status   Expires     Days
+ echo '----------------------------------- ----------------- -------- ----------- ----'
----------------------------------- ----------------- -------- ----------- ----
+ IFS='
'
++ grep -E -v '(^#|^$)' domains.txt
+ for LINE in $(grep -E -v '(^#|^$)' "${SERVERFILE}")
+ HOST=www.google.com
+ PORT=www.google.com
+ IFS=' '
+ '[' www.google.com = FILE ']'
+ check_server_status www.google.com www.google.com
+ PORT=www.google.com
+ case "$PORT" in
+ TLSFLAG=
+ '[' TRUE = FALSE ']'
+ OPTIONS='-connect www.google.com:www.google.com -servername www.google.com '
+ echo ''
+ /usr/bin/openssl s_client -connect www.google.com:www.google.com -servername www.google.com
+ /bin/grep -i 'Connection refused' /var/tmp/error.5oxO31
+ /bin/grep -i 'No route to host' /var/tmp/error.5oxO31
+ /bin/grep -i 'gethostbyname failure' /var/tmp/error.5oxO31
+ /bin/grep -i 'Operation timed out' /var/tmp/error.5oxO31
+ /bin/grep -i 'ssl handshake failure' /var/tmp/error.5oxO31
+ /bin/grep -i 'connect: Connection timed out' /var/tmp/error.5oxO31
+ /bin/grep -i 'Name or service not known' /var/tmp/error.5oxO31
+ check_file_status /var/tmp/cert.KCYtz7 www.google.com www.google.com
+ CERTFILE=/var/tmp/cert.KCYtz7
+ HOST=www.google.com
+ PORT=www.google.com
+ '[' '!' -r /var/tmp/cert.KCYtz7 ']'
+ '[' '!' -s /var/tmp/cert.KCYtz7 ']'
+ echo 'ERROR: The file named /var/tmp/cert.KCYtz7 is unreadable or doesn'\''t exist'
ERROR: The file named /var/tmp/cert.KCYtz7 is unreadable or doesn't exist
+ echo 'ERROR: Please check to make sure the certificate for www.google.com:www.google.com is valid'
ERROR: Please check to make sure the certificate for www.google.com:www.google.com is valid
+ set_returncode 3
+ '[' 0 -lt 3 ']'
+ RETCODE=3
+ return
+ IFS=
+ print_summary
+ '[' FALSE '!=' TRUE ']'
+ return
+ '[' FALSE = TRUE ']'
+ exit 0
+ cleanup
+ '[' -f /var/tmp/cert.KCYtz7 ']'
+ rm -f /var/tmp/cert.KCYtz7
+ '[' -f /var/tmp/error.5oxO31 ']'
+ rm -f /var/tmp/error.5oxO31

mhow2 avatar Feb 04 '20 07:02 mhow2

@Matty9191 : the script is broken again by your commit https://github.com/Matty9191/ssl-cert-check/commit/956b3c13e56b6886e1242d61f02a34e5caf9ebb7

mhow2 avatar Feb 19 '20 09:02 mhow2

the script is broken

ERROR: The file named /var/tmp/cert.ueLNSS is unreadable or doesn't exist ERROR: Please check to make sure the certificate for www.bomengids.nl:443:www.bomengids.nl:443 is valid

hanscees avatar Aug 20 '20 12:08 hanscees