incomplete SSL certificate verify
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
monitoring-plugins (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi developers:
We made a large scale security static analysis on several open source projects, and found some mistakes in monitoring-
int np_net_
# ifdef USE_OPENSSL
[...]
certificate=
if (!certificate) {
printf(
return STATE_CRITICAL;
}
/* Extract CN from certificate subject */
subj=X509_
[...]
}
We find that you use SSL_get_
information type: | Private Security → Public |
Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at https:/ /github. com/monitoring- plugins/ monitoring- plugins/ issues. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance.