Created
May 13, 2020 18:55
-
-
Save yaasita/1f211e16d607991fb3fb49d8e6ad14b6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function ssl_check { #{{{ | |
local OPT | |
OPTIND=1 | |
local usage="usage: ssl_check [-v] [-s sni_servername] -c host[:port]" | |
if [ "$#" -lt 1 ]; then | |
echo $usage | |
return | |
fi | |
while getopts "hvs:c:" OPT | |
do | |
case $OPT in | |
"h" ) | |
echo $usage | |
return | |
;; | |
"v" ) | |
local verbose="true" | |
;; | |
"s" ) | |
echo "servername -> $OPTARG" | |
local SNI="-servername $OPTARG" | |
;; | |
"c" ) | |
local SSL_HOST="$OPTARG" | |
;; | |
esac | |
done | |
local SSL_PORT=443 | |
if [ "$SSL_HOST" = "" ];then | |
echo "ホストが指定されてません" | |
echo $usage | |
return | |
elif `echo $SSL_HOST | grep -q ":"`;then | |
SSL_PORT=`echo $SSL_HOST | cut -d: -f 2` | |
SSL_HOST=`echo $SSL_HOST | cut -d: -f 1` | |
fi | |
echo "connect -> $SSL_HOST:$SSL_PORT" | |
# 証明書一時保存 | |
local crt_tempfile=`tempfile` | |
echo "" \ | |
| openssl s_client -CApath /usr/share/ca-certificates/mozilla/ \ | |
$SNI -connect $SSL_HOST:$SSL_PORT -showcerts 2>/dev/null > $crt_tempfile | |
echo "* 証明書チェーン" | |
echo "" \ | |
| openssl s_client -CApath /usr/share/ca-certificates/mozilla/ \ | |
$SNI -connect $SSL_HOST:$SSL_PORT 2>/dev/null \ | |
| egrep 'subject|return' | |
echo "* 有効期限" | |
openssl x509 -dates -noout -in $crt_tempfile | |
echo "* サブジェクト別名" | |
openssl x509 -text -noout -in $crt_tempfile \ | |
| perl -nle 'print if /Subject Alternative Name/../DNS/' \ | |
| perl -ple 's/^\s+//' | |
echo "* 署名アルゴリズム" | |
openssl x509 -noout -text -in $crt_tempfile \ | |
| grep "Signature Algorithm" | sort -u | |
if [ "$verbose" = "true" ];then | |
echo -e "\n" | |
echo "cert file => $crt_tempfile" | |
else | |
# tempfile削除 | |
rm $crt_tempfile | |
fi | |
} #}}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment