fix cert mismatch output
This commit is contained in:
parent
4a608e155c
commit
d45f691da0
15
get-certs.sh
15
get-certs.sh
|
@ -90,6 +90,7 @@ while read -r host; do
|
||||||
|
|
||||||
# If "tor" option is used, then connect again via Tor,
|
# If "tor" option is used, then connect again via Tor,
|
||||||
# to check if we get the same cert from a different network perspective.
|
# to check if we get the same cert from a different network perspective.
|
||||||
|
mismatch=0
|
||||||
if [ "${1:-}" = 'tor' ] && [ -n "${host##*.onion}" ]; then
|
if [ "${1:-}" = 'tor' ] && [ -n "${host##*.onion}" ]; then
|
||||||
|
|
||||||
# If torsocks is not installed, return.
|
# If torsocks is not installed, return.
|
||||||
|
@ -101,9 +102,11 @@ while read -r host; do
|
||||||
cert_via_tor=$(fetch_cert "$host_and_port" 'timeout 25' 'torsocks')
|
cert_via_tor=$(fetch_cert "$host_and_port" 'timeout 25' 'torsocks')
|
||||||
|
|
||||||
if [ -z "$cert_via_tor" ]; then
|
if [ -z "$cert_via_tor" ]; then
|
||||||
|
# Tor connection failed.
|
||||||
[ -n "$cert" ] && >&2 echo # output empty line to stderr if cert was downloaded without Tor
|
[ -n "$cert" ] && >&2 echo # output empty line to stderr if cert was downloaded without Tor
|
||||||
>&2 echo "$host_and_port - Tor connection failed"
|
>&2 echo "$host_and_port - Tor connection failed"
|
||||||
elif [ -n "$cert" ] && [ "$cert" != "$cert_via_tor" ]; then
|
elif [ -n "$cert" ] && [ "$cert" != "$cert_via_tor" ]; then
|
||||||
|
# Mismatch.
|
||||||
>&2 echo "$host_and_port - Tor VERIFICATION FAILED (certs don't match)!!!"
|
>&2 echo "$host_and_port - Tor VERIFICATION FAILED (certs don't match)!!!"
|
||||||
# In this case, don't save any certificate to file.
|
# In this case, don't save any certificate to file.
|
||||||
# Output both certificates to stderr instead.
|
# Output both certificates to stderr instead.
|
||||||
|
@ -111,7 +114,7 @@ while read -r host; do
|
||||||
>&2 echo "$cert"
|
>&2 echo "$cert"
|
||||||
>&2 echo "CERT VIA TOR:"
|
>&2 echo "CERT VIA TOR:"
|
||||||
>&2 echo "$cert_via_tor"
|
>&2 echo "$cert_via_tor"
|
||||||
continue
|
mismatch=1
|
||||||
else
|
else
|
||||||
# If direct connection failed and Tor connection succeeded,
|
# If direct connection failed and Tor connection succeeded,
|
||||||
# use the cert received via Tor.
|
# use the cert received via Tor.
|
||||||
|
@ -120,15 +123,19 @@ while read -r host; do
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$cert" ]; then
|
if [ $mismatch -eq 1 ]; then
|
||||||
|
# Mismatch.
|
||||||
|
printf ' - failed (cert mismatch!)'
|
||||||
|
elif [ -z "$cert" ]; then
|
||||||
|
# No certificate received.
|
||||||
|
printf ' - failed'
|
||||||
|
else
|
||||||
# If we got a cert back, then the host and port were valid,
|
# If we got a cert back, then the host and port were valid,
|
||||||
# so they are safe to include in a file name.
|
# so they are safe to include in a file name.
|
||||||
# Convert from punycode to unicode, if needed.
|
# Convert from punycode to unicode, if needed.
|
||||||
host_and_port=$(echo "$host_and_port" | idn --allow-unassigned --idna-to-unicode)
|
host_and_port=$(echo "$host_and_port" | idn --allow-unassigned --idna-to-unicode)
|
||||||
echo "$cert" > "certs/${host_and_port}.pem"
|
echo "$cert" > "certs/${host_and_port}.pem"
|
||||||
printf ' - OK'
|
printf ' - OK'
|
||||||
else
|
|
||||||
printf ' - failed'
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo # newline
|
echo # newline
|
||||||
|
|
Loading…
Reference in New Issue