change to openssl, handle request line
handle date properly
This commit is contained in:
parent
177f835344
commit
660e9f1473
67
checkcert.pl
67
checkcert.pl
|
@ -1,18 +1,17 @@
|
|||
#! /usr/bin/perl
|
||||
|
||||
#
|
||||
# uses certexp.go from https://thrig.me/src/scripts.git/
|
||||
#
|
||||
|
||||
# check certs of the form
|
||||
#
|
||||
# www.lehmann.cx:443
|
||||
# irc.libera.chat:6697
|
||||
# xmpp.hmm.st:5223
|
||||
#
|
||||
# only direct TLS connects work, STARTTLS does not
|
||||
# only direct TLS connects work, STARTTLS does not currently
|
||||
#
|
||||
# typically you would put the program into a cronjob that runs once a day
|
||||
# for ports that are not standard or are not covered by the port list below, you can add the protocol line after a space
|
||||
# like irc.server:6698 quit
|
||||
#
|
||||
# Typically you would put the program into a cronjob that runs once a day
|
||||
#
|
||||
# perl checkcert.pl domains.txt
|
||||
#
|
||||
|
@ -22,32 +21,62 @@
|
|||
#
|
||||
|
||||
use strict;
|
||||
use Date::Parse;
|
||||
|
||||
# warn time is 15 days before expiry
|
||||
my @time=localtime(time()+15*24*60*60);
|
||||
|
||||
my $warntime=sprintf "%04d-%02d-%02d", $time[5]+1900, $time[4]+1, $time[3];
|
||||
|
||||
@time=localtime(time());
|
||||
my $expiretime=sprintf "%04d-%02d-%02d %02d:%02d:%02d", $time[5]+1900, $time[4]+1, $time[3], $time[2], $time[1], $time[0];
|
||||
|
||||
while(<>) {
|
||||
chop;
|
||||
|
||||
next if /^#/;
|
||||
next if /^$/;
|
||||
|
||||
my $host=$_;
|
||||
|
||||
open(PIPE, "~/certexp/certexp $host|");
|
||||
my $notafter="";
|
||||
|
||||
while(<PIPE>) {
|
||||
chop;
|
||||
if(/^notAfter (.*)/) {
|
||||
if($notafter eq "" | $1 le $notafter) {
|
||||
$notafter=$1;
|
||||
}
|
||||
my $line=$_;
|
||||
my ($host, $request);
|
||||
if($line=~/ /) {
|
||||
$line=~/([^ ]+) (.+)/;
|
||||
$host=$1;
|
||||
$request=$2;
|
||||
} else {
|
||||
$host=$line;
|
||||
my $port="";
|
||||
if($host=~/.*:(.*)/) {
|
||||
$port=$1;
|
||||
}
|
||||
$request="";
|
||||
|
||||
# figure out some standard ports
|
||||
$request="quit" if $port==6697;
|
||||
$request="quit" if $port==465;
|
||||
$request="<xml/>" if $port==5223;
|
||||
$request="gemini://$host/" if $port==1965;
|
||||
|
||||
$request="GET / HTTP/1.0\n\n" if $request eq "";
|
||||
}
|
||||
|
||||
open(PIPE, "echo \"$request\" | openssl s_client -connect $host 2>/dev/null | openssl x509 -noout -enddate -in - 2>/dev/null |");
|
||||
my $notafter=<PIPE>;
|
||||
close PIPE;
|
||||
if($notafter le $warntime) {
|
||||
print "$host $notafter\n";
|
||||
|
||||
$notafter =~ s/notAfter=//;
|
||||
|
||||
my ($ss,$mm,$hh,$day,$month,$year,$zone) = strptime($notafter);
|
||||
|
||||
$year+=1900;
|
||||
$month++;
|
||||
|
||||
my $time=sprintf "%04d-%02d-%02d %02d:%02d:%02d", $year,$month,$day,$hh,$mm,$ss;
|
||||
|
||||
if($time le $expiretime) {
|
||||
print "$host $time (expired)\n";
|
||||
}
|
||||
elsif($time le $warntime) {
|
||||
print "$host $time\n";
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue