58 lines
1.3 KiB
Bash
58 lines
1.3 KiB
Bash
#!/bin/bash
|
|
|
|
host=$1
|
|
port=$2
|
|
sni=$3
|
|
proto=$4
|
|
|
|
if [ -z "$sni" ]
|
|
then
|
|
servername=$host
|
|
else
|
|
servername=$sni
|
|
fi
|
|
|
|
if [ -z "$port" ]
|
|
then
|
|
port="443"
|
|
fi
|
|
|
|
if [ -n "$proto" ]
|
|
then
|
|
starttls="-starttls $proto"
|
|
fi
|
|
|
|
cert_data=`openssl s_client -servername $servername -host $host -port $port $starttls -prexit </dev/null 2>/dev/null | sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`
|
|
if [ -n "$cert_data" ]; then
|
|
Rcert=true
|
|
validate_hostname=`echo "$cert_data" | openssl x509 -checkhost $servername 2>/dev/null | grep 'does NOT match certificate'`
|
|
if [ -z "$validate_hostname" ]; then
|
|
Rhostname=true
|
|
else
|
|
Rhostname=false
|
|
fi
|
|
end_date=`echo "$cert_data" | openssl x509 -dates -noout 2>/dev/null | sed -n 's/ *notAfter=*//p'`
|
|
if [ -n "$end_date" ]; then
|
|
end_date_seconds=`date '+%s' --date "$end_date"`
|
|
now_seconds=`date '+%s'`
|
|
remaining_days=`echo "($end_date_seconds-$now_seconds)/24/3600" | bc`
|
|
if [ "$remaining_days" -lt 0 ]; then
|
|
Rdays=0
|
|
else
|
|
Rdays=$remaining_days
|
|
fi
|
|
else
|
|
echo '-1'
|
|
fi
|
|
issue_dn=`echo "$cert_data" | openssl x509 -issuer -noout 2>/dev/null | sed -n 's/ *issuer=*//p'`
|
|
if [ -n "$issue_dn" ]; then
|
|
Rissuer=`echo $issue_dn | sed -n -e 's/, CN = / - /g' -e 's/.*O = //p'`
|
|
else
|
|
Rissuer=""
|
|
fi
|
|
else
|
|
Rcert=false
|
|
fi
|
|
|
|
echo "{ \"cert\": ${Rcert}, \"valid_hostname\": ${Rhostname}, \"remaining_days\": ${Rdays}, \"issuer\": \"${Rissuer}\"}"
|