Removed X-Frame-Options from the list of the required HTTP head…

…ers (is now deprecated)

CITATION.cff

@@ -7,34 +7,22 @@ authors:
 - family-names: "Cécile"
   given-names: "Adam"
   website: https://github.com/eLvErDe
-- name: agibson2
-  website: https://github.com/agibson2
 - name: Alexander Aleksandrovič Klimov
   website: https://github.com/Al2Klimov
-- name: alvar
-  website: https://github.com/oxzi
-- family-names: "Dijkman"
-  given-names: "Andreas"
 - family-names: "Klärner"
   given-names: "Andre"
   website: https://github.com/klaernie
+- family-names: "Dijkman"
+  given-names: "Andreas"
 - family-names: "Miśkiewicz"
   given-names: "Arkadiusz"
   website: https://github.com/arekm
-- name: barakAtSoluto
-  website: https://github.com/barakAtSoluto
 - family-names: "Byrne"
   given-names: "Ben"
   website: https://github.com/benbyr
 - family-names: "Strößenreuther"
   given-names: "Bernd"
   website: https://github.com/booboo-at-gluga-de
-- name: booboo-at-gluga-de
-  website: https://github.com/booboo-at-gluga-de
-- name: cbiedl
-  website: https://github.com/cbiedl
-- name: chornberger-c2c
-  website: https://github.com/chornberger-c2c
 - family-names: "Ruppert"
   given-names: "Christian"
 - family-names: "Moench-Tegeder"
@@ -43,62 +31,42 @@ authors:
 - family-names: "Kuenzler"
   given-names: "Claudio"
   website: https://github.com/Napsty
-- name: claudioth
-  website: https://github.com/claudioth
 - family-names: "Riegg"
   given-names: "Claus-Theodor"
   website: https://github.com/ctriegg-mak
 - family-names: "Smith"
   given-names: "Colin"
-- name: d7415
-  website: https://github.com/d7415
 - family-names: "Pritts"
   given-names: "Dan"
 - family-names: "Wallis"
   given-names: "Dan"
 - family-names: "Visser"
   given-names: "Dick"
   website: https://github.com/dnmvisser
-- name: dupondje
-  website: https://github.com/dupondje
 - family-names: "Sabol"
   given-names: "Ed"
   website: https://github.com/esabol
-- name: eeertel
-  website: https://github.com/eeertel
-- name: eimamagi
-  website: https://github.com/eimamagi
 - family-names: "Ertel"
   given-names: "Emilian"
 - family-names: "Apolloner"
   given-names: "Florian"
   website: https://github.com/apollo13
 - name: Georg
   website: https://github.com/gbotti
-- name: grizzlydev-sarl
-  website: https://github.com/grizzlydev-sarl
-- name: iasdeoupxe
-  website: https://github.com/iasdeoupxe
 - family-names: "Mironov"
   given-names: "Igor"
   website: https://github.com/mcs6502
 - family-names: "Hablutzel"
   given-names: "Jaime"
   website: https://github.com/hablutzel1
-- name: jalbstmeijer
-  website: https://github.com/jalbstmeijer
 - name: Jalonet
   website: https://github.com/jalonet
 - family-names: "Gonel"
   given-names: "Javier"
 - family-names: "Lecour"
   given-names: "Jérémy"
-- name: jf-vf
-  website: https://github.com/jf-vf
 - family-names: "Hopp"
   given-names: "Jim"
-- name: jmuecke
-  website: https://github.com/jmuecke
 - family-names: "Meurer"
   given-names: "Jonas"
   website: https://github.com/mejo-
@@ -108,8 +76,6 @@ authors:
 - family-names: "Thalheim"
   given-names: "Jörg"
   website: https://github.com/Mic92
-- name: juckerf
-  website: https://github.com/juckerf
 - family-names: "McCormack"
   given-names: "Kenny"
 - family-names: "Jahn"
@@ -126,17 +92,14 @@ authors:
 - family-names: "Tribus"
   given-names: "Lukas"
   website: https://github.com/lukastribus
-- family-names: "Wąsikowski"
-  given-names: "Łukasz"
-  website: https://github.com/IdahoPL
+- family-names: "Fournier"
+  given-names: "Marc"
 - family-names: "Burkhalter"
   given-names: "Marcel"
   website: https://github.com/explorer69
 - family-names: "Burkhalter"
   given-names: "Marcel"
   website: https://github.com/marcel-burkhalter
-- family-names: "Fournier"
-  given-names: "Marc"
 - family-names: "Rejås"
   given-names: "Marcus"
 - family-names: "Ruys"
@@ -163,37 +126,37 @@ authors:
 - family-names: "Lafont"
   given-names: "Nicolas"
   website: https://github.com/ManicoW
+- name: PSSGCSim
+  website: https://github.com/PSSGCSim
 - family-names: "Rochnyak"
   given-names: "Pavel"
   website: https://github.com/rpv-tomsk
-- name: Peter
-  website: https://github.com/Peter2121
 - family-names: "Newman"
   given-names: "Peter"
   website: https://github.com/peternewman
+- name: Peter
+  website: https://github.com/Peter2121
 - family-names: "Kueck"
   given-names: "Philippe"
 - family-names: "Rupert"
   given-names: "Pim"
   website: https://github.com/prupert
-- name: PSSGCSim
-  website: https://github.com/PSSGCSim
 - family-names: "Thoma"
   given-names: "Raphael"
 - family-names: "Bartels"
   given-names: "Ricardo"
   website: https://github.com/bb-Ricardo
 - name: Ricardo
   website: https://github.com/bb-Ricardo
+- family-names: "Yamry"
+  given-names: "Rob"
 - name: Robin H. Johnson
 - family-names: "Pronk"
   given-names: "Robin"
   website: https://github.com/rfpronk
 - family-names: "Schneider"
   given-names: "Robin"
   website: https://github.com/ypid-geberit
-- family-names: "Yamry"
-  given-names: "Rob"
 - name: Rolf Eike Beer
 - family-names: "Nowakowski"
   given-names: "Ryan"
@@ -207,12 +170,8 @@ authors:
 - family-names: "Shmanko"
   given-names: "Sergei"
   website: https://github.com/sshmanko
-- name: skanx
-  website: https://github.com/skanx
 - name: Slavko
   website: https://github.com/slavkoja
-- name: sokol-44
-  website: https://github.com/sokol-44
 - family-names: "Schlesinger"
   given-names: "Stefan"
 - family-names: "Nierlein"
@@ -228,17 +187,13 @@ authors:
   website: https://github.com/d7031
 - name: Tone
   website: https://github.com/anthonyhaussman
-- name: tunnelpr0
-  website: https://github.com/tunnelpr0
 - family-names: "Haarala"
   given-names: "Tuomas"
 - family-names: "Heidelberger"
   given-names: "Valentin"
   website: https://github.com/va1entin
 - name: Vamp898
   website: https://github.com/Vamp898
-- name: vanElden
-  website: https://github.com/vanElden
 - name: Varac
   website: https://github.com/varac
 - family-names: "Szépe"
@@ -248,26 +203,71 @@ authors:
 - family-names: "Horky"
   given-names: "Vojtech"
   website: https://github.com/vhotspur
-- name: waja
-  website: https://github.com/waja
 - name: Wim van Ravesteijn
   website: https://github.com/wimvr
 - family-names: "Schricker"
   given-names: "Wolfgang"
-- name: xert
-  website: https://github.com/xert
 - family-names: "Gravel"
   given-names: "Yannick"
-- name: yasirathackersdotmu
-  website: https://github.com/yasirathackersdotmu
 - name: Zadkiel
   website: https://github.com/aslafy-z
+- name: agibson2
+  website: https://github.com/agibson2
+- name: alvar
+  website: https://github.com/oxzi
+- name: barakAtSoluto
+  website: https://github.com/barakAtSoluto
+- name: booboo-at-gluga-de
+  website: https://github.com/booboo-at-gluga-de
+- name: cbiedl
+  website: https://github.com/cbiedl
+- name: chornberger-c2c
+  website: https://github.com/chornberger-c2c
+- name: claudioth
+  website: https://github.com/claudioth
+- name: d7415
+  website: https://github.com/d7415
+- name: dupondje
+  website: https://github.com/dupondje
+- name: eeertel
+  website: https://github.com/eeertel
+- name: eimamagi
+  website: https://github.com/eimamagi
+- name: grizzlydev-sarl
+  website: https://github.com/grizzlydev-sarl
+- name: iasdeoupxe
+  website: https://github.com/iasdeoupxe
+- name: jalbstmeijer
+  website: https://github.com/jalbstmeijer
+- name: jf-vf
+  website: https://github.com/jf-vf
+- name: jmuecke
+  website: https://github.com/jmuecke
+- name: juckerf
+  website: https://github.com/juckerf
+- name: skanx
+  website: https://github.com/skanx
+- name: sokol-44
+  website: https://github.com/sokol-44
+- name: tunnelpr0
+  website: https://github.com/tunnelpr0
+- name: vanElden
+  website: https://github.com/vanElden
+- name: waja
+  website: https://github.com/waja
+- name: xert
+  website: https://github.com/xert
+- name: yasirathackersdotmu
+  website: https://github.com/yasirathackersdotmu
+- family-names: "Wąsikowski"
+  given-names: "Łukasz"
+  website: https://github.com/IdahoPL
 - family-names: "Палаузов"
   given-names: "Дилян"
   website: https://github.com/dilyanpalauzov
 title: "check_ssl_cert"
-version: 2.84.5
-date-released: 2024-10-02
+version: 2.85.0
+date-released: 2024-10-15
 url: "https://github.com/matteocorti/check_ssl_cert"
 repository-code: "https://github.com/matteocorti/check_ssl_cert"
 keywords:

ChangeLog

@@ -1,3 +1,7 @@
+2024-10-16  Matteo Corti  <matteo@corti.li>
+
+        * check_ssl_cert (DEFAULT_REQUIRED_HTTP_HEADERS): removed X-Frame-Options from the list of required headers (is now deprecated)
+
 2024-10-13  Matteo Corti  <matteo@corti.li>
 
         * check_ssl_cert (parse_command_line_options): fix the validation of --url and --user-agent

NEWS.md

@@ -1,5 +1,7 @@
 # News
 
+* 2024-10-15 Version 2.85.0
+  * Removed ```X-Frame-Options``` from the list of the required HTTP headers (is now deprecated)
 * 2024-10-02 Version 2.84.5
   * Fixed a in the command line options validation for ```--url``` and ```--user-agent```
 * 2024-10-02 Version 2.84.4

README.md

@@ -232,7 +232,7 @@ Options:
                                    certificate CAs
       --require-dnssec             Require DNSSEC
       --require-http-header header Require the specified HTTP header
-                                    (e.g., X-Frame-Options)
+                                    (e.g., strict-transport-security)
       --require-no-http-header header Require the absence of the specified
                                    HTTP header (e.g., X-Powered-By)
       --require-no-ssl2            Critical if SSL version 2 is offered

RELEASE_NOTES.md

@@ -1 +1 @@
-Fixed a in the command line options validation for ```--url``` and ```--user-agent```
+Removed ```X-Frame-Options``` from the list of the required HTTP headers (is now deprecated)

VERSION

@@ -1 +1 @@
-2.84.5
+2.85.0

check_ssl_cert

@@ -26,7 +26,7 @@
 ################################################################################
 # Constants
 
-VERSION=2.84.5
+VERSION=2.85.0
 SHORTNAME="SSL_CERT"
 
 # reset possibly set variables
@@ -46,7 +46,7 @@ CONFIGURATION_FILE="${HOME}/.check_ssl_certrc"
 CRITICAL_MSG=""
 DEBUG=0
 DEBUG_FILE=""
-DEFAULT_REQUIRED_HTTP_HEADERS="strict-transport-security,X-Frame-Options,Content-Security-Policy,X-Content-Type-Options,Referrer-Policy,Permissions-Policy"
+DEFAULT_REQUIRED_HTTP_HEADERS="strict-transport-security,Content-Security-Policy,X-Content-Type-Options,Referrer-Policy,Permissions-Policy"
 DEFAULT_UNREQUIRED_HTTP_HEADERS="X-Powered-By,X-Aspnet-Version,X-XSS-Protection,X-AspNetMvc-Version"
 EARLIEST_VALIDITY_HOURS=""
 HOST_CACHE="${HOME}/.check_ssl_cert-cache"
@@ -146,7 +146,7 @@ check_option() {
 ################################################################################
 # Add the specified header to the list of required HTTP headers
 # Usage:
-#   add_required_header X-Frame-Options
+#   add_required_header strict-transport-security
 add_required_header() {
     header=$1
     debuglog "Adding ${header} to the list of required HTTP headers: ${REQUIRED_HTTP_HEADERS}"
@@ -516,7 +516,7 @@ usage() {
     echo "                                   certificate CAs"
     echo "      --require-dnssec             Require DNSSEC"
     echo "      --require-http-header header Require the specified HTTP header"
-    echo "                                   (e.g., X-Frame-Options)."
+    echo "                                   (e.g., strict-transport-security)."
     echo "                                   Can be specified more than once"
     echo "      --require-no-http-header header Require the absence of the specified"
     echo "                                   HTTP header (e.g., X-Powered-By)"
@@ -612,7 +612,8 @@ usage() {
     echo "                                   Alternative Name"
     echo "                                   extension"
     echo "      --require-security-header header require the specified HTTP"
-    echo "                                   security header (e.g., X-Frame-Options)"
+    echo "                                   security header"
+    echo "                                   (e.g., strict-transport-security)"
     echo "                                   (deprecated use --require-http-header)"
     echo "                                   Can be specified more than once"
     echo "      --require-security-headers   Require all the HTTP security headers:"
@@ -621,7 +622,6 @@ usage() {
     echo "                                     Referrer-Policy"
     echo "                                     strict-transport-security"
     echo "                                     X-Content-Type-Options"
-    echo "                                     X-Frame-Options"
     echo "      --require-security-headers-path path the path to be used to fetch HTTP"
     echo "                                   security headers"
     echo "      --require-x-frame-options [path] Require the presence of the"

check_ssl_cert.1

@@ -1,7 +1,7 @@
 .\" Process this file with
 .\" groff -man -Tascii check_ssl_cert.1
 .\"
-.TH "check_ssl_cert" 1 "October, 2024" "2.84.5" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "October, 2024" "2.85.0" "USER COMMANDS"
 .SH NAME
 check_ssl_cert \- checks the validity of X.509 certificates
 .SH SYNOPSIS
@@ -374,7 +374,7 @@ The server must accept a client certificate. 'list' is an optional comma separat
 Require DNSSEC
 .TP
 .BR "   --require-http-header" " header"
-Require the specified HTTP header (e.g., X-Frame-Options)
+Require the specified HTTP header (e.g., strict-transport-security)
 .TP
 .BR "   --require-no-http-header" " header"
 Require the absence of the specified HTTP header (e.g., X-Powered-By)