From 47d65a191c6549226fe3bff6c73950b0d420aa33 Mon Sep 17 00:00:00 2001
From: Didier 'OdyX' Raboud <didier.raboud@liip.ch>
Date: Mon, 8 May 2023 16:37:37 +0200
Subject: [PATCH 1/3] ssl_cert: replace deprecated -n with --match

Fixes https://github.com/Icinga/icinga2/issues/9661
---
 doc/10-icinga-template-library.md | 2 +-
 itl/plugins-contrib.d/web.conf    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md
index b8775c74b..5100f582a 100644
--- a/doc/10-icinga-template-library.md
+++ b/doc/10-icinga-template-library.md
@@ -5784,7 +5784,7 @@ ssl_cert_proxy                | **Optional.** Proxy server to use for connecting
 ssl_cert_file                 | **Optional.** Local file path. Works only if `ssl_cert_address` is set to "localhost".
 ssl_cert_warn                 | **Optional.** Minimum number of days a certificate has to be valid.
 ssl_cert_critical             | **Optional.** Minimum number of days a certificate has to be valid to issue a critical status.
-ssl_cert_cn                   | **Optional.** Pattern to match the CN of the certificate.
+ssl_cert_cn                   | **Optional.** Pattern to match the CN or AltName of the certificate.
 ssl_cert_altnames             | **Optional.** Matches the pattern specified in -n with alternate
 ssl_cert_issuer               | **Optional.** Pattern to match the issuer of the certificate.
 ssl_cert_org                  | **Optional.** Pattern to match the organization of the certificate.
diff --git a/itl/plugins-contrib.d/web.conf b/itl/plugins-contrib.d/web.conf
index f5e65d5a1..c2739c071 100644
--- a/itl/plugins-contrib.d/web.conf
+++ b/itl/plugins-contrib.d/web.conf
@@ -396,9 +396,9 @@ object CheckCommand "ssl_cert" {
 			value = "$ssl_cert_critical$"
 			description = "Minimum number of days a certificate has to be valid to issue a critical status"
 		}
-		"-n" = {
+		"--match" = {
 			value = "$ssl_cert_cn$"
-			description = "Pattern to match the CN of the certificate"
+			description = "Pattern to match the CN or AltNames of the certificate"
 		}
 		"--altnames" = {
 			set_if = "$ssl_cert_altnames$"

From 610ba8d27ab23ed380e4c304d5cb15ddb2521be3 Mon Sep 17 00:00:00 2001
From: Didier 'OdyX' Raboud <didier.raboud@liip.ch>
Date: Mon, 8 May 2023 16:38:01 +0200
Subject: [PATCH 2/3] ssl_cert: drop now-unsupported --altnames

Fixes https://github.com/Icinga/icinga2/issues/9661
---
 doc/10-icinga-template-library.md | 1 -
 itl/plugins-contrib.d/web.conf    | 4 ----
 2 files changed, 5 deletions(-)

diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md
index 5100f582a..c09ddf664 100644
--- a/doc/10-icinga-template-library.md
+++ b/doc/10-icinga-template-library.md
@@ -5785,7 +5785,6 @@ ssl_cert_file                 | **Optional.** Local file path. Works only if `ss
 ssl_cert_warn                 | **Optional.** Minimum number of days a certificate has to be valid.
 ssl_cert_critical             | **Optional.** Minimum number of days a certificate has to be valid to issue a critical status.
 ssl_cert_cn                   | **Optional.** Pattern to match the CN or AltName of the certificate.
-ssl_cert_altnames             | **Optional.** Matches the pattern specified in -n with alternate
 ssl_cert_issuer               | **Optional.** Pattern to match the issuer of the certificate.
 ssl_cert_org                  | **Optional.** Pattern to match the organization of the certificate.
 ssl_cert_email                | **Optional.** Pattern to match the email address contained in the certificate.
diff --git a/itl/plugins-contrib.d/web.conf b/itl/plugins-contrib.d/web.conf
index c2739c071..4c52fdb94 100644
--- a/itl/plugins-contrib.d/web.conf
+++ b/itl/plugins-contrib.d/web.conf
@@ -400,10 +400,6 @@ object CheckCommand "ssl_cert" {
 			value = "$ssl_cert_cn$"
 			description = "Pattern to match the CN or AltNames of the certificate"
 		}
-		"--altnames" = {
-			set_if = "$ssl_cert_altnames$"
-			description = "Matches the pattern specified in -n with alternate"
-		}
 		"-i" = {
 			value = "$ssl_cert_issuer$"
 			description = "Pattern to match the issuer of the certificate"

From d3d74c237c54eed61d67600c2e04c3285a630189 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20Aleksandrovi=C4=8D=20Klimov?=
 <alexander.klimov@icinga.com>
Date: Wed, 17 May 2023 16:12:47 +0200
Subject: [PATCH 3/3] ITL: ssl_cert: vars.ssl_cert_cn: default to
 "$ssl_cert_altnames$"

This way vars.ssl_cert_altnames keeps working.
---
 itl/plugins-contrib.d/web.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/itl/plugins-contrib.d/web.conf b/itl/plugins-contrib.d/web.conf
index 4c52fdb94..ee916b8ba 100644
--- a/itl/plugins-contrib.d/web.conf
+++ b/itl/plugins-contrib.d/web.conf
@@ -579,6 +579,7 @@ object CheckCommand "ssl_cert" {
 
 	vars.ssl_cert_address = "$check_address$"
 	vars.ssl_cert_port = 443
+	vars.ssl_cert_cn = "$ssl_cert_altnames$"
 }
 
 object CheckCommand "varnish" {