b-a-t · January 2, 2025 16:22
diff --git a/check_cert.sh b/check_cert.sh
 #!/bin/sh
 #
 # Requires: openssl and (g)awk
 #
 # check_cert remote_fqdn:port [servername_fqdn]
 #
 DUMP_COMMAND="openssl x509 -nocert -dateopt iso_8601 -issuer -subject -ext subjectAltName -dates -email -fingerprint"

 if [ $# -eq 0 ]; then
    exit
 fi

 CONNECT_TARGET="$1"
 shift

 if [ $# -ge 1 ]; then
    SERVERNAME="$1"
    shift
 fi
 REMOTE_HOST=${CONNECT_TARGET%%:*}
 REMOTE_PORT=${CONNECT_TARGET##${REMOTE_HOST}}
 SERVERNAME=${SERVERNAME:-${REMOTE_HOST}}

 openssl s_client -connect "${REMOTE_HOST}${REMOTE_PORT:-:443}" -servername "${SERVERNAME}" -showcerts "$@" </dev/null |  \
    gawk -v dump_command="${DUMP_COMMAND}" -v servername="${SERVERNAME}" '
 	function dump_cert(count, cert, host) {
 	    if(count == 0) {
 		      dump_command = dump_command " -checkhost " servername
 	    }
 	    dump_command = dump_command " > /dev/stderr"
 	    printf("\nCertificate: %d\n", count) > "/dev/stderr"
 	    print cert | dump_command
 	    close(dump_command) # Close the pipe to prevent issues
 	}
 	BEGIN { in_cert = 0; count = 0 }
 	in_cert == 0 && /---BEGIN CERTIFICATE---/ { in_cert = 1 }
 	in_cert == 1 { certs[count] = certs[count] $0 "\n" }
 	in_cert == 1 && /---END CERTIFICATE---/ { in_cert = 0; count++ }
 	END {
 	    for (count=length(certs)-1; count >= 0; count--) { dump_cert(count, certs[count]) }
 	}
    '
	#!/bin/sh
	#
	# Requires: openssl and (g)awk
	#
	# check_cert remote_fqdn:port [servername_fqdn]
	#
	DUMP_COMMAND="openssl x509 -nocert -dateopt iso_8601 -issuer -subject -ext subjectAltName -dates -email -fingerprint"

	if [ $# -eq 0 ]; then
	exit
	fi

	CONNECT_TARGET="$1"
	shift

	if [ $# -ge 1 ]; then
	SERVERNAME="$1"
	shift
	fi
	REMOTE_HOST=${CONNECT_TARGET%%:*}
	REMOTE_PORT=${CONNECT_TARGET##${REMOTE_HOST}}
	SERVERNAME=${SERVERNAME:-${REMOTE_HOST}}

	openssl s_client -connect "${REMOTE_HOST}${REMOTE_PORT:-:443}" -servername "${SERVERNAME}" -showcerts "$@" </dev/null \| \
	gawk -v dump_command="${DUMP_COMMAND}" -v servername="${SERVERNAME}" '
	function dump_cert(count, cert, host) {
	if(count == 0) {
	dump_command = dump_command " -checkhost " servername
	}
	dump_command = dump_command " > /dev/stderr"
	printf("\nCertificate: %d\n", count) > "/dev/stderr"
	print cert \| dump_command
	close(dump_command) # Close the pipe to prevent issues
	}
	BEGIN { in_cert = 0; count = 0 }
	in_cert == 0 && /---BEGIN CERTIFICATE---/ { in_cert = 1 }
	in_cert == 1 { certs[count] = certs[count] $0 "\n" }
	in_cert == 1 && /---END CERTIFICATE---/ { in_cert = 0; count++ }
	END {
	for (count=length(certs)-1; count >= 0; count--) { dump_cert(count, certs[count]) }
	}
	'