commit 456febd7c9685473931ccd2bb4a9da4ebcd0a067 parent c697049766b8c0a15b2d776c1b340e8c9c5258be Author: Antoine Amarilli <a3nm@a3nm.net> Date: Sat, 5 Nov 2016 22:42:12 +0100 simplify using openssl x509 -checkend Diffstat:
ssleft | | | 42 | ++++++------------------------------------ |
1 file changed, 6 insertions(+), 36 deletions(-)
diff --git a/ssleft b/ssleft @@ -6,50 +6,20 @@ HOST="$1" PORT=${2:-443} -MARGIN=${3:0} +MARGIN=${3:-0} +MARGIN_S=$((24*60*60 * $MARGIN)) CERT=$(echo | openssl s_client -connect $HOST:$PORT -servername $HOST 2>/dev/null) -DATE=$(echo "$CERT" | openssl x509 -noout -dates) -BDATE=$(echo "$DATE" | grep '^notBefore' | cut -d'=' -f2) -ADATE=$(echo "$DATE" | grep '^notAfter' | cut -d'=' -f2) -if [[ -z "${BDATE// }" || -z "${ADATE// }" ]] +if [[ $MARGIN -eq 0 ]] then - echo "could not get expiration date of cert for $HOST:$PORT; got:" echo "$CERT" - exit 1 + exit 0 fi -STARTDATE=$(date -d "$BDATE" '+%s') -if [[ $? -ne 0 ]] +if ! (echo "$CERT" | openssl x509 -noout -checkend $MARGIN_S) then - echo "could not parse start date of cert for $HOST:$PORT; got $DATE" - exit 2 -fi - -EXPDATE=$(date -d "$ADATE" '+%s') -if [[ $? -ne 0 ]] -then - echo "could not parse expiration date of cert for $HOST:$PORT; got $DATE" - exit 2 -fi - -CDATE=$(date '+%s') -DIFF=$((($EXPDATE-$CDATE) / (60*60*24))) - -if [[ $CDATE -lt $STARTDATE ]] -then - echo "== cert for $HOST:$PORT is not yet valid?! ==" - echo "$DATE" - echo "details of cert are:" - echo "$CERT" - exit 2 -fi - -if [[ $DIFF -lt $MARGIN || $MARGIN -eq 0 ]] -then - echo "== cert for $HOST:$PORT will expire in $DIFF days ==" - echo "$DATE" + echo "== cert for $HOST:$PORT will expire in <= $MARGIN days ==" echo "details of cert are:" echo "$CERT" exit 3