yaasita/ssl-check-in-bashrc.sh

## ssl-check-in-bashrc.sh

function ssl_check { #{{{
    local OPT
    OPTIND=1
    local usage="usage: ssl_check [-v] [-s sni_servername] -c host[:port]"
    if [ "$#" -lt 1 ]; then
        echo $usage
        return
    fi
    while getopts "hvs:c:" OPT
    do
        case $OPT in
            "h" )
                echo $usage
                return
                ;;
            "v" )
                local verbose="true"
                ;;
            "s" )
                echo "servername -> $OPTARG"
                local SNI="-servername $OPTARG"
                ;;
            "c" )
                local SSL_HOST="$OPTARG"
                ;;
        esac
    done
    local SSL_PORT=443
    if [ "$SSL_HOST" = "" ];then
        echo "ホストが指定されてません"
        echo $usage
        return
    elif `echo $SSL_HOST | grep -q ":"`;then
        SSL_PORT=`echo $SSL_HOST | cut -d: -f 2`
        SSL_HOST=`echo $SSL_HOST | cut -d: -f 1`
    fi
    echo "connect -> $SSL_HOST:$SSL_PORT"
    # 証明書一時保存
    local crt_tempfile=`tempfile`
    echo "" \
        | openssl s_client -CApath /usr/share/ca-certificates/mozilla/ \
        $SNI -connect $SSL_HOST:$SSL_PORT -showcerts 2>/dev/null > $crt_tempfile
    echo "* 証明書チェーン"
    echo "" \
        | openssl s_client -CApath /usr/share/ca-certificates/mozilla/ \
        $SNI -connect $SSL_HOST:$SSL_PORT 2>/dev/null \
        | egrep 'subject|return'
    echo "* 有効期限"
    openssl x509 -dates -noout -in $crt_tempfile
    echo "* サブジェクト別名"
    openssl x509 -text -noout -in $crt_tempfile \
        | perl -nle 'print if /Subject Alternative Name/../DNS/' \
        | perl -ple 's/^\s+//'
    echo "* 署名アルゴリズム"
    openssl x509 -noout -text -in $crt_tempfile \
        | grep "Signature Algorithm" | sort -u
    if [ "$verbose" = "true" ];then
        echo -e "\n"
        echo "cert file => $crt_tempfile"
    else
        # tempfile削除
        rm $crt_tempfile
    fi
} #}}}

	function ssl_check { #{{{
	local OPT
	OPTIND=1
	local usage="usage: ssl_check [-v] [-s sni_servername] -c host[:port]"
	if [ "$#" -lt 1 ]; then
	echo $usage
	return
	fi
	while getopts "hvs:c:" OPT
	do
	case $OPT in
	"h" )
	echo $usage
	return
	;;
	"v" )
	local verbose="true"
	;;
	"s" )
	echo "servername -> $OPTARG"
	local SNI="-servername $OPTARG"
	;;
	"c" )
	local SSL_HOST="$OPTARG"
	;;
	esac
	done
	local SSL_PORT=443
	if [ "$SSL_HOST" = "" ];then
	echo "ホストが指定されてません"
	echo $usage
	return
	elif `echo $SSL_HOST \| grep -q ":"`;then
	SSL_PORT=`echo $SSL_HOST \| cut -d: -f 2`
	SSL_HOST=`echo $SSL_HOST \| cut -d: -f 1`
	fi
	echo "connect -> $SSL_HOST:$SSL_PORT"
	# 証明書一時保存
	local crt_tempfile=`tempfile`
	echo "" \
	\| openssl s_client -CApath /usr/share/ca-certificates/mozilla/ \
	$SNI -connect $SSL_HOST:$SSL_PORT -showcerts 2>/dev/null > $crt_tempfile
	echo "* 証明書チェーン"
	echo "" \
	\| openssl s_client -CApath /usr/share/ca-certificates/mozilla/ \
	$SNI -connect $SSL_HOST:$SSL_PORT 2>/dev/null \
	\| egrep 'subject\|return'
	echo "* 有効期限"
	openssl x509 -dates -noout -in $crt_tempfile
	echo "* サブジェクト別名"
	openssl x509 -text -noout -in $crt_tempfile \
	\| perl -nle 'print if /Subject Alternative Name/../DNS/' \
	\| perl -ple 's/^\s+//'
	echo "* 署名アルゴリズム"
	openssl x509 -noout -text -in $crt_tempfile \
	\| grep "Signature Algorithm" \| sort -u
	if [ "$verbose" = "true" ];then
	echo -e "\n"
	echo "cert file => $crt_tempfile"
	else
	# tempfile削除
	rm $crt_tempfile
	fi
	} #}}}