summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2023-04-28 23:54:23 +0200
committerErich Eckner <git@eckner.net>2023-04-28 23:54:23 +0200
commit3f03082a2a50dec848e23cd2b419ca5d266b4f9b (patch)
tree2de60cdbd63f608e6741d9fc955de8ccb0b4c4cb
parent6b91c00250554d52a343478a2711e7b37d908d02 (diff)
downloadcrypt-expiry-check-3f03082a2a50dec848e23cd2b419ca5d266b4f9b.tar.xz
crypt-expiry-check: if cert is a chain, give the *oldest* expiry date
-rwxr-xr-xcrypt-expiry-check.in8
1 files changed, 5 insertions, 3 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index 22f0eba..624d801 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -410,6 +410,7 @@ check_file_status() {
# Extract the expiration date from the certificate
CERTDATE=$(${OPENSSL} x509 -in ${CERT_TMP} -enddate -noout | \
${SED} 's/notAfter\=//')
+ CERTDATE=$(date +%s -d "${CERTDATE}")
# Extract the issuer from the certificate
CERTISSUER=$(${OPENSSL} x509 -in ${CERT_TMP} -issuer -noout | \
@@ -426,8 +427,9 @@ check_file_status() {
${SED} -e 's/serial=//')
else
# Extract the expiration date from the ceriticate
- CERTDATE=$(${OPENSSL} x509 -in ${CERTFILE} -enddate -noout -inform ${CERTTYPE} | \
- ${SED} 's/notAfter\=//')
+ CERTDATE=$(while ${OPENSSL} x509 -enddate -noout -inform ${CERTTYPE} 2>/dev/null; do :; done <${CERTFILE} | \
+ ${SED} 's/notAfter\=//' | \
+ xargs -rI __ date +%s -d "__")
# Extract the issuer from the certificate
CERTISSUER=$(${OPENSSL} x509 -in ${CERTFILE} -issuer -noout -inform ${CERTTYPE} | \
@@ -443,7 +445,7 @@ check_file_status() {
fi
# Convert the date to seconds, and get the diff between NOW and the expiration date
- CERTDIFF=$[$(date +%s -d "${CERTDATE}") - $(date +%s)]
+ CERTDIFF=$[${CERTDATE} - $(date +%s)]
if [ ${CERTDIFF} -lt 0 ]
then
CERTDIFF=$[$[${CERTDIFF}+1]/3600/24-1]