Little update:
I couldn't find time this weekend to troubleshoot, but on the other hand it's
still working properly without forcing ASSP to use an SSL connection.
After moving the Zabbix server to another machine using another OS (Ubuntu =>
CentOS) I had it happen 3 times on 3 different servers.
I leave it for a while and see.
Cheers
JP
-----Oorspronkelijk bericht-----
> Afzender:Jean-Pierre van Melis <j...@mirmana.com <mailto:j...@mirmana.com> >
> Verstuurd: Vrijdag 23 Mei 2014 14:48
> Aan: ASSP development mailing list <assp-test@lists.sourceforge.net
> <mailto:assp-test@lists.sourceforge.net> >
> Onderwerp: Re: [Assp-test] My Zabbix server gets banned from using SSL
>
> Hi Thomas,
>
>
> Ah, OK.... ;-)
>
> I wasn't really thinking about posting these scripts so they could be used
> for ASSP and Zabbix.
> You would need to have much more info for that....
>
> This certinfo is quite handy and it uses SNI.
> I use it to quickly test an IP
>
> BTW... It still didn't generate an error after more than 24 hours. Still, it
> NEVER generated an error when Zabbix was on that other server....
>
> Oh, and all the statistics ASSP generates is sent to Zabbix as well...
>
> Cheers
>
>
>
> -----Oorspronkelijk bericht-----
> > Afzender:Thomas Eckardt <thomas.ecka...@thockar.com
> > <mailto:thomas.ecka...@thockar.com> <mailto:thomas.ecka...@thockar.com
> > <mailto:thomas.ecka...@thockar.com> > >
> > Verstuurd: Vrijdag 23 Mei 2014 13:23
> > Aan: ASSP development mailing list <assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net>
> > <mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net> > >
> > Onderwerp: Re: [Assp-test] My Zabbix server gets banned from using SSL
> >
> > Jean-Pierre,
> >
> > >Its purpose was warning for expired certificates.
> > >every 20 minutes
> >
> > I know - and that's why I posted the last part to ALL.
> >
> > What some people read is : "Jean-Peer monitors assp via SSL on SMTP port -
> > he has some minor problems, but it works for years and will be fixed. Oh
> > ... a nice shell script attached - let's make some changes and try!"
> >
> > Than, after some time we'll get posts like "... we have problems using
> > Jean-Peers nice scrpt. We've made only some minor changes and now after 2
> > minutes all workers are stucking and assp restarts .... HELP - or could we
> > please have some changes in the assp code to solve our problems ...."
> >
> > :):):):)
> >
> > Thomas
> >
> >
> >
> >
> > Von: Jean-Pierre van Melis <j...@mirmana.com <mailto:j...@mirmana.com>
> > <mailto:j...@mirmana.com <mailto:j...@mirmana.com> > >
> > An: ASSP development mailing list <assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net>
> > <mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net> > >
> > Datum: 23.05.2014 13:07
> > Betreff: Re: [Assp-test] My Zabbix server gets banned from using
> > SSL
> >
> >
> >
> > Hi Thomas,
> >
> > Thanks for all your feedback and I hope I will find time this weekend to
> > check if I can improve that script.
> >
> > However, I can't see the relevance of the remark you made about
> > monitoring.
> >
> > The script certexpire is being executed on more than 1000 connections
> > every 20 minutes for several years and on many occasions it gave me
> > valuable info about the state of these foreign services.
> > Its purpose was warning for expired certificates. Most of the time these
> > expired certificates were from other companies.
> > This is the first time it gave me a false positive (and in fact it wasn't
> > really a false positive as it wasn't able to get an SSL connection).
> >
> > The information a program gives about its own state is completely
> > different than monitoring its behaviour.
> >
> > Cheers and thanks.
> > If I find the exact reason I will post it here.
> >
> > JP
> >
> >
> >
> >
> >
> >
> > -----Oorspronkelijk bericht-----
> > > Afzender:Thomas Eckardt <thomas.ecka...@thockar.com
> > > <mailto:thomas.ecka...@thockar.com> <mailto:thomas.ecka...@thockar.com
> > > <mailto:thomas.ecka...@thockar.com> > <
> > mailto:thomas.ecka...@thockar.com <mailto:thomas.ecka...@thockar.com>
> > <mailto:thomas.ecka...@thockar.com <mailto:thomas.ecka...@thockar.com> > > >
> > > Verstuurd: Vrijdag 23 Mei 2014 12:28
> > > Aan: ASSP development mailing list <assp-test@lists.sourceforge.net
> > > <mailto:assp-test@lists.sourceforge.net>
> > > <mailto:assp-test@lists.sourceforge.net
> > > <mailto:assp-test@lists.sourceforge.net> > <
> > mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net>
> > <mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net> > > >
> > > Onderwerp: Re: [Assp-test] My Zabbix server gets banned from using SSL
> > >
> > > >echo "" | openssl s_client -verify 3 -CAfile ${CAfile} -servername
> > > ${HOST} -connect ${IP}:${PORT} ${TLS} 2>/dev/null >${SCRATCH} &
> > >
> > > You don't define a SSL-protocol here. The default or the one defined in
> > > openssl.cfg is used. Check that assp has the same enabled in
> > > 'SSL_version'.
> > >
> > > You don't set a cipherlist here - so openssl will use the default or the
> >
> > > cipherlist defined in the openssl.cfg. If a cipherlist is set in
> > assp.cfg
> > > - check if they match.
> > > Check which openssl source was used for your openssl installation and
> > the
> > > SSL Perl modules. If they are different, check the openssl change log if
> >
> > > they are incompatible.
> > >
> > > You may also use the 'SSL....Configure' call backs to set different
> > > ssl-protocol/cipherlist for different interfaces in assp.
> > >
> > > >error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO
> > >
> > > This indicates a wrong protocol is used - possibly Zappix uses TLSv1
> > only,
> > > because of a newer openssl version? :-)
> > >
> > > >In fact there's nothing wrong, but only the IP of the Zabbix-server is
> > > blacklisted for doing TLS.
> > >
> > > Including your Zappix server's IP in to 'noBanFailedSSLIP' will prevent
> > > the SSL blocking by cache.
> > >
> > >
> > > FOR ALL !!!! - AND AGAIN - (to make a noice - that everyone can hear it)
> > >
> > > It is not recommended to monitor assp via SMTP or SMTPS ports. The
> > result
> > > only says. that one worker is alive - it will tell you nothing about the
> >
> > > state of assp.
> > > Use the STATS interface/port instead - there you'll get all information
> > -
> > > STATS or simply 'healthy' or 'not healthy' - read the GUI 'webStatPort'.
> > > This could be also used to retrieve the SSL certificate if
> > > 'enableWebStatSSL' is set to ON.
> > >
> > > Thomas
> > >
> > >
> > >
> > >
> > >
> > > Von: Jean-Pierre van Melis <j...@mirmana.com <mailto:j...@mirmana.com>
> > > <mailto:j...@mirmana.com <mailto:j...@mirmana.com> >
> > > <mailto:j...@mirmana.com <mailto:j...@mirmana.com>
> > > <mailto:j...@mirmana.com <mailto:j...@mirmana.com> > > >
> > > An: assp-test@lists.sourceforge.net
> > > <mailto:assp-test@lists.sourceforge.net>
> > > <mailto:assp-test@lists.sourceforge.net
> > > <mailto:assp-test@lists.sourceforge.net> > <
> > mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net>
> > <mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net> > >
> > <assp-test@lists.sourceforge.net <mailto:assp-test@lists.sourceforge.net>
> > <mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net> >
> > <mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net>
> > <mailto:assp-test@lists.sourceforge.net
> > <mailto:assp-test@lists.sourceforge.net> > > >
> > > Datum: 22.05.2014 08:30
> > > Betreff: [Assp-test] My Zabbix server gets banned from using SSL
> > >
> > >
> > >
> > > To check the expiration date of SSL-certificates I wrote a script 2
> > years
> > > ago that has been working fine all this time.
> > > It uses openssl to connect and extracts the date and calculates how many
> >
> > > days that certificate is valid.
> > >
> > > If you merely supply the hostname it will connect to port 443, but if
> > you
> > > supply a port number it will connect to another port.
> > > If the port is 25 or 587 it will connect with TLS (using the openssl
> > > option -crlf -starttls smtp)
> > >
> > > I call this script with Zabbix to test hundreds of servers every 20
> > > minutes.
> > > Zabbix is a monitoring system like Nagios.
> > > If a certificate is about to expire I will get a warning.
> > > I will also get a warning if it is unable to read the certificate.
> > >
> > > This week I migrated my Zabbix to a new server. This time it is CentOS 6
> > > Reading these certificates still work with all these hundreds of
> > services,
> > > but the 3 ASSP proxies I'm checking sometimes stop doing SSL.
> > >
> > > If ASSP has an error with SSL it will add that IP to DB-SSL and all
> > future
> > > connections with that IP will not be offered the option STARTTLS
> > > This means I will get the error message that there's something wrong
> > with
> > > the certificate of that ASSP.
> > > In fact there's nothing wrong, but only the IP of the Zabbix-server is
> > > blacklisted for doing TLS.
> > >
> > > Do note that this has been working reliable for more than 2 years
> > > (everyand it is still reliable for all these other services.
> > > It's also working for ASSP until it suddenly bumps into an error
> > >
> > > In ASSP (and in Zabbix of course) I can see when it happened and I get
> > > these 2 lines in my log
> > >
> > > #grep -B100 00:23:26 /opt/ASSP/logs/maillog.txt | grep 81.169.140.52
> > > May-22-14 00:23:21 [Worker_2] Connected: session:7F5D74D678D0
> > > 81.169.140.52:55539 > 85.214.250.20:587 > 85.214.250.20:25
> > > May-22-14 00:23:21 [Worker_2] 81.169.140.52 [SMTP Reply] 220
> > > ns5.mr-wolf.nl ESMTP Postfix (Ubuntu)
> > > May-22-14 00:23:21 [Worker_2] 81.169.140.52 [SMTP Reply] 250 DSN
> > > May-22-14 00:23:21 [Worker_2] 81.169.140.52 info: got STARTTLS request
> > > from 81.169.140.52
> > > May-22-14 00:23:21 [Worker_2] 81.169.140.52 [SMTP Reply] 220 2.0.0 Ready
> >
> > > to start TLS
> > > May-22-14 00:23:26 [Worker_2] 81.169.140.52 info: retry (3) SSL
> > > negotiation - peer socket was not ready
> > > May-22-14 00:23:26 [Worker_2] 81.169.140.52 error: Couldn't upgrade to
> > TLS
> > > for client 81.169.140.52: SSL accept attempt failed with unknown error
> > > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> > >
> > >
> > > If I go to ASSP's webIF I can delete the IP 81.169.131.53 and it starts
> > > working again.
> > >
> > > Normally a session would look like this:
> > >
> > > May-21-14 23:52:29 [Worker_2] Connected: session:10C08500
> > > 81.169.140.52:48680 > 85.214.250.20:587 > 85.214.250.20:25
> > > May-21-14 23:52:29 [Worker_2] 81.169.140.52 [SMTP Reply] 220
> > > ns5.mr-wolf.nl ESMTP Postfix (Ubuntu)
> > > May-21-14 23:52:29 [Worker_2] 81.169.140.52 [SMTP Reply] 250 DSN
> > > May-21-14 23:52:29 [Worker_2] 81.169.140.52 info: got STARTTLS request
> > > from 81.169.141.63
> > > May-21-14 23:52:29 [Worker_2] 81.169.140.52 [SMTP Reply] 220 2.0.0 Ready
> >
> > > to start TLS
> > > May-21-14 23:52:29 [Worker_2] Disconnected: session:10C08500
> > 81.169.140.52
> > > - processing time 0 seconds
> > >
> > > What could be the reason of this?
> > >
> > >
> > >
> > > Here's the script I wrote to test the expiry date.
> > > I have some more scripts for SSL connections and they were very valuable
> >
> > > for me to quickly check a connection.
> > > I will post certexpire (the script that's also being called by Zabbix)
> > and
> > > certinfo. The latter I often use on the prompt to quickly get some info
> > > about a certificate.
> > >
> > > # cat /usr/local/sbin/certexpire
> > >
> > > #!/bin/bash
> > > # Author: JP van Melis
> > >
> > > export PATH=${PATH}:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin
> > >
> > > TIMEOUT=10
> > > RETVAL=-0.5
> > >
> > > # If called by zabbix, handle some things different
> > > if echo "${BASH_SOURCE}" | grep -q "zabbix" ; then
> > > # get rid of 1st parameter (on Zabbix 1.8x)
> > > # shift 1
> > >
> > > # Change TimeOut value to the one in /etc/zabbix/zabbix_server.conf
> > > ZABBIX_TIMEOUT=`grep -i 'ˆTimeout' /etc/zabbix/zabbix_server.conf
> > > 2>/dev/null | awk -F= '{print $2}' | tr -cd '0-9'`
> > > if [ -z "${ZABBIX_TIMEOUT}" ] ; then
> > > TIMEOUT=3
> > > else
> > > # Let's take 1 second less than the one in
> > > /etc/zabbix/zabbix_server.conf and just hope to be in time
> > > TIMEOUT=$(( ${ZABBIX_TIMEOUT} - 1 ))
> > > fi
> > > fi
> > >
> > > # Zabbix 2.0 sends parameters quoted, where < 1.9 sends them unquoted
> > > # This way it works on both
> > > HOST=`echo "$*" | awk '{print $1}'`
> > > PORT=`echo "$*" | awk '{print $2}'`
> > > SCRATCH=`mktemp`
> > >
> > > [ -z "${HOST}" ] && exit 1
> > > [ -z "${PORT}" ] && PORT=443
> > >
> > > # openssl is able to check plain smtp/pop3/ftp/imap connections
> > > # that use TLS to setup a secure connection
> > > TLS=
> > > echo "${PORT}" | egrep -q 'ˆ(25|587)$' && TLS="-crlf -starttls smtp"
> > > echo "${PORT}" | egrep -q 'ˆ110$' && TLS="-starttls pop3"
> > > echo "${PORT}" | egrep -q 'ˆ21$' && TLS="-starttls ftp"
> > > echo "${PORT}" | egrep -q 'ˆ143$' && TLS="-starttls imap"
> > >
> > > # Retrieve Certificate in background because it doesn't support TimeOuts
> > > # exec 2>/dev/null doesn't seem to be necessary if called this way....
> > > echo "" | openssl s_client -servername ${HOST} -connect ${HOST}:${PORT}
> > > ${TLS} 2>/dev/null >${SCRATCH} &
> > > sleep .1
> > >
> > > # double the TIMEOUT and wait for half a second each time
> > > let TIMEOUT*=2
> > >
> > > # Wait for certificate
> > > n=1
> > > while [ ! -s ${SCRATCH} ] ; do
> > > sleep .48
> > > [ $n -ge ${TIMEOUT} ] && break
> > > let n++
> > > done
> > >
> > > # If we have retrieved the certificate, we'll process it and retrieve
> > the
> > > expiration date
> > > if [ -s ${SCRATCH} ] ; then
> > > EXPIRE_DATE=`sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
> > > ${SCRATCH} | openssl x509 -enddate -noout 2>/dev/null | sed
> > > 's/notAfter\=//'`
> > > if [ ! -z "${EXPIRE_DATE}" ]; then
> > > EXPIRE_SECS=`date -d "${EXPIRE_DATE}" +%s`
> > > EXPIRE_TIME=$(( ${EXPIRE_SECS} - `date +%s` ))
> > >
> > > # We finally have it...
> > > RETVAL=$(( ${EXPIRE_TIME} / 24 / 3600 ))
> > > fi
> > > else
> > > # Too late you lazy bastard, I might as well kill you...
> > > kill -9 %1 2>/dev/null
> > > fi
> > >
> > > rm -f ${SCRATCH} 2>/dev/null
> > > echo ${RETVAL}
> > >
> > > Here's certinfo:
> > >
> > > # cat /usr/local/sbin/certinfo
> > > #!/bin/bash
> > > # Author: JP van Melis
> > >
> > > export PATH=${PATH}:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin
> > >
> > > TIMEOUT=10
> > > RETVAL=3
> > >
> > > # location on Debian based Linux, run "update-ca-certificates" if you
> > > don't have them
> > > CAfile=/etc/ssl/certs/ca-certificates.crt
> > > # Try Redhat based
> > > [ -e "${CAfile}" ] || CAfile=/etc/pki/tls/certs/ca-bundle.crt
> > > if [ ! -e "${CAfile}" ] ; then
> > > echo "No Certificate Authority Bundle found" >&2
> > > exit 1
> > > fi
> > >
> > > # If called by zabbix, handle some things different
> > > if echo "${BASH_SOURCE}" | grep -q "zabbix" ; then
> > > # get rid of 1st parameter (on Zabbix 1.8x)
> > > # shift 1
> > >
> > > # Change TimeOut value to the one in /etc/zabbix/zabbix_server.conf
> > > ZABBIX_TIMEOUT=`grep -i 'ˆTimeout' /etc/zabbix/zabbix_server.conf
> > > 2>/dev/null | awk -F= '{print $2}' | tr -cd '0-9'`
> > > if [ -z "${ZABBIX_TIMEOUT}" ] ; then
> > > TIMEOUT=3
> > > else
> > > # Let's take 1 second less than the one in
> > > /etc/zabbix/zabbix_server.conf and just hope to be in time
> > > TIMEOUT=$(( ${ZABBIX_TIMEOUT} - 1 ))
> > > fi
> > > fi
> > >
> > > # Zabbix 2.0 sends parameters quoted, where < 1.9 sends them unquoted
> > > # This way it works on both
> > > HOST=`echo "$*" | awk '{print $1}' | tr 'A-Z' 'a-z'`
> > > PORT=`echo "$*" | awk '{print $2}' | tr -cd '0-9'`
> > >
> > > SCRATCH=`mktemp`
> > > TMP1=`mktemp`
> > > TMP2=`mktemp`
> > >
> > > esc="\033["
> > > RED="31;40;1m"
> > > GREEN="32;40;1m"
> > >
> > > [ -z "${HOST}" ] && exit 1
> > > [ -z "${PORT}" ] && PORT=443
> > > HOSTWITHIP=${HOST}
> > > IP=${HOST}
> > > if [ "${HOST}" != "${HOST//[a-z]/}" ]; then
> > > IP=`host -t A ${HOST} 2>/dev/null | egrep -o 'has address [0-9.]+' |
> > > head -n1 | awk '{print $3}'`
> > > HOSTWITHIP="${HOST} (${IP})"
> > > if [ -z "${IP}" ] ; then
> > > echo -e "${esc}${RED}Error resolving ${HOST}${esc}0m" >&2
> > > exit 1
> > > fi
> > > fi
> > >
> > > # openssl is able to check plain smtp/pop3/ftp/imap connections
> > > # that use TLS to setup a secure connection
> > > TLS=
> > > case "${PORT}" in
> > > 21) TLS="-starttls ftp";;
> > > 25|587) TLS="-crlf -starttls smtp";;
> > > 110) TLS="-starttls pop3";;
> > > 143) TLS="-starttls imap";;
> > > esac
> > >
> > > # Retrieve Certificate in background because it doesn't support TimeOuts
> > > # exec 2>/dev/null doesn't seem to be necessary if called this way....
> > > echo "" | openssl s_client -verify 3 -CAfile ${CAfile} -servername
> > ${HOST}
> > > -connect ${IP}:${PORT} ${TLS} 2>/dev/null >${SCRATCH} &
> > > sleep .1
> > >
> > > # double the TIMEOUT and wait for half a second each time
> > > let TIMEOUT*=2
> > >
> > > # Wait for certificate
> > > n=1
> > > while [ ! -s ${SCRATCH} ] ; do
> > > sleep .48
> > > [ $n -ge ${TIMEOUT} ] && break
> > > let n++
> > > done
> > >
> > > # If we have retrieved the certificate, we'll process it and retrieve
> > the
> > > domain names
> > > if [ -s ${SCRATCH} ] ; then
> > > sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' ${SCRATCH} |
> > > openssl x509 -text -noout 2>/dev/null >${TMP1}
> > >
> > > #cat ${TMP1}
> > > REMARK=
> > > [ -z "${TLS}" ] || REMARK="(using TLS)"
> > > echo -e "\nCertificate info for host
> > ${esc}${GREEN}${HOSTWITHIP}${esc}0m
> > > on port ${PORT} ${esc}${GREEN}${REMARK}${esc}0m\n"
> > > CN=`grep -i "Subject:" ${TMP1} | egrep -o 'CN=[A-Za-z0-9=:/. @_-]+' |
> > > awk -F= '{print $2}'`
> > > echo " CN: ${CN}"
> > > echo -e '\n Subject:'
> > > grep -i "Subject:" ${TMP1} | egrep -o '[A-Z]+=[A-Za-z0-9=:/. @_-]+' |
> >
> > > sed 's/.*/ &/'
> > >
> > > grep -i 'Verify return code' ${SCRATCH} | grep -qi '(ok)' || echo -e "
> >
> > > ${esc}${RED}Not certified by an Authority!!${esc}0m"
> > >
> > > echo ' Issuer:'
> > > # grep -i "Issuer:" ${TMP1}
> > > grep -i "Issuer:" ${TMP1} | egrep -o '[A-Z]+=[A-Za-z0-9=:/. @_-]+' |
> > > sed 's/.*/ &/'
> > >
> > > echo -e "\n Validity:"
> > > FROM_DATE=`grep -io 'Not Before.*' ${TMP1} | head -n1 | awk -F:
> > '{print
> > > $2":"$3":"$4}'`
> > > [ ! -z "${FROM_DATE}" ] && [ `date -d "${FROM_DATE}" +%s` -ge `date
> > +%s`
> > > ] && echo -en "${esc}${RED}"
> > > echo -e " Valid since: ${FROM_DATE}${esc}0m"
> > > EXPIRE_DATE=`grep -io 'Not After.*' ${TMP1} | head -n1 | awk -F:
> > '{print
> > > $2":"$3":"$4}'`
> > > if [ ! -z "${EXPIRE_DATE}" ] ; then
> > > [ `date -d "${EXPIRE_DATE}" +%s` -lt `date -d "next month" +%s` ] &&
> >
> > > echo -en "${esc}${GREEN}"
> > > [ `date -d "${EXPIRE_DATE}" +%s` -lt `date +%s` ] &&
> >
> > > echo -en "${esc}${RED}"
> > > fi
> > >
> > > echo -e " Expires on: ${EXPIRE_DATE}${esc}0m"
> > >
> > > # Create a greplist with DNS names converted to regular expressions
> > > egrep -o 'DNS:[*A-Za-z0-9.-]+' ${TMP1} | awk -F: '{print $2}' | sed
> > > 's/\./\\./g;s/*/.*/g;s/.*/ˆ&$/g' >${TMP2}
> > >
> > > echo -e "\nDNS names: "
> > > if [ -s ${TMP2} ] ; then
> > > echo "${HOST}" | grep -qif ${TMP2} || echo -e "
> > > ${esc}${RED}Name Mismatch!!${esc}0m no DNS name matches
> > > ${esc}${GREEN}${HOST}${esc}0m"
> > > egrep -o 'DNS:[*a-zA-Z0-9.-]+' ${TMP1} | awk -F: '{print $2}' | sed
> > > 's/.*/ &/'
> > > else
> > > # There are NO DNS names, put CN in the greplist
> > > echo -en "${CN}" | tr 'A-Z' 'a-z' | sed
> > > 's/\./\\./g;s/*/.*/g;s/.*/ˆ&$/g' >${TMP2}
> > > echo -e " ${esc}${RED}No DNS names in
> > certificate${esc}0m\n"
> > > if echo "${HOST}" | grep -qif ${TMP2} ; then
> > > echo -e " ${esc}${GREEN}${HOST} matches CN${esc}0m"
> > > else
> > > echo -e " ${esc}${GREEN}${HOST} ${esc}${RED}does NOT
> > match
> > > CN ${CN}${esc}0m"
> > > fi
> > > fi
> > > echo -e '\n'
> > > else
> > > # Too late you lazy bastard, I might as well kill you...
> > > kill -9 %1 2>/dev/null
> > > fi
> > >
> > > rm -f ${SCRATCH} 2>/dev/null
> > > rm -f ${TMP1} 2>/dev/null
> > > rm -f ${TMP2} 2>/dev/null
> > >
> > >
> > >
> > >
> > ------------------------------------------------------------------------------
> > > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > > Instantly run your Selenium tests across 300+ browser/OS combos.
> > > Get unparalleled scalability from the best Selenium testing platform
> > > available
> > > Simple to use. Nothing to install. Get started now for free."
> > > http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs>
> > > <http://p.sf.net/sfu/SauceLabs> <http://p.sf.net/sfu/SauceLabs>> ;
> > > <http://p.sf.net/sfu/SauceLabs> <http://p.sf.net/sfu/SauceLabs>> ;
> > > <http://p.sf.net/sfu/SauceLabs>>
> > > <http://p.sf.net/sfu/SauceLabs&gt;>> ; ;
> > > _______________________________________________
> > > Assp-test mailing list
> > > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> > > <mailto:Assp-test@lists.sourceforge.net
> > > <mailto:Assp-test@lists.sourceforge.net> >
> > > <mailto:Assp-test@lists.sourceforge.net
> > > <mailto:Assp-test@lists.sourceforge.net>
> > > <mailto:Assp-test@lists.sourceforge.net
> > > <mailto:Assp-test@lists.sourceforge.net> > >
> >
> > > https://lists.sourceforge.net/lists/listinfo/assp-test
> > >
> > >
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use of
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> > >
> > ------------------------------------------------------------------------------
> > > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > > Instantly run your Selenium tests across 300+ browser/OS combos.
> > > Get unparalleled scalability from the best Selenium testing platform
> > available
> > > Simple to use. Nothing to install. Get started now for free."
> > >
> > http://p.sf.net/sfu/SauceLabs_______________________________________________
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>>
> > ;
> > <
> > http://p.sf.net/sfu/SauceLabs_______________________________________________
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>>
> > ;
> > >
> > > Assp-test mailing list
> > > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> > > <mailto:Assp-test@lists.sourceforge.net
> > > <mailto:Assp-test@lists.sourceforge.net> >
> > > <mailto:Assp-test@lists.sourceforge.net
> > > <mailto:Assp-test@lists.sourceforge.net>
> > > <mailto:Assp-test@lists.sourceforge.net
> > > <mailto:Assp-test@lists.sourceforge.net> > >
> >
> > > https://lists.sourceforge.net/lists/listinfo/assp-test
> > >
> >
> > ------------------------------------------------------------------------------
> > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > Instantly run your Selenium tests across 300+ browser/OS combos.
> > Get unparalleled scalability from the best Selenium testing platform
> > available
> > Simple to use. Nothing to install. Get started now for free."
> > http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs>
> > <http://p.sf.net/sfu/SauceLabs> <http://p.sf.net/sfu/SauceLabs>> ;
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> > <mailto:Assp-test@lists.sourceforge.net
> > <mailto:Assp-test@lists.sourceforge.net> >
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential, legally
> > privileged and protected in law and are intended solely for the use of the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> > ------------------------------------------------------------------------------
> > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> > Instantly run your Selenium tests across 300+ browser/OS combos.
> > Get unparalleled scalability from the best Selenium testing platform
> > available
> > Simple to use. Nothing to install. Get started now for free."
> > http://p.sf.net/sfu/SauceLabs_______________________________________________
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>
> >
> > <http://p.sf.net/sfu/SauceLabs_______________________________________________>>
> > ;
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> > <mailto:Assp-test@lists.sourceforge.net
> > <mailto:Assp-test@lists.sourceforge.net> >
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs_______________________________________________
> <http://p.sf.net/sfu/SauceLabs_______________________________________________>
>
> Assp-test mailing list
> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
