diff options
author | Erich Eckner <git@eckner.net> | 2023-04-28 23:54:23 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2023-04-28 23:54:23 +0200 |
commit | 3f03082a2a50dec848e23cd2b419ca5d266b4f9b (patch) | |
tree | 2de60cdbd63f608e6741d9fc955de8ccb0b4c4cb | |
parent | 6b91c00250554d52a343478a2711e7b37d908d02 (diff) | |
download | crypt-expiry-check-3f03082a2a50dec848e23cd2b419ca5d266b4f9b.tar.xz |
crypt-expiry-check: if cert is a chain, give the *oldest* expiry date
-rwxr-xr-x | crypt-expiry-check.in | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 22f0eba..624d801 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -410,6 +410,7 @@ check_file_status() { # Extract the expiration date from the certificate CERTDATE=$(${OPENSSL} x509 -in ${CERT_TMP} -enddate -noout | \ ${SED} 's/notAfter\=//') + CERTDATE=$(date +%s -d "${CERTDATE}") # Extract the issuer from the certificate CERTISSUER=$(${OPENSSL} x509 -in ${CERT_TMP} -issuer -noout | \ @@ -426,8 +427,9 @@ check_file_status() { ${SED} -e 's/serial=//') else # Extract the expiration date from the ceriticate - CERTDATE=$(${OPENSSL} x509 -in ${CERTFILE} -enddate -noout -inform ${CERTTYPE} | \ - ${SED} 's/notAfter\=//') + CERTDATE=$(while ${OPENSSL} x509 -enddate -noout -inform ${CERTTYPE} 2>/dev/null; do :; done <${CERTFILE} | \ + ${SED} 's/notAfter\=//' | \ + xargs -rI __ date +%s -d "__") # Extract the issuer from the certificate CERTISSUER=$(${OPENSSL} x509 -in ${CERTFILE} -issuer -noout -inform ${CERTTYPE} | \ @@ -443,7 +445,7 @@ check_file_status() { fi # Convert the date to seconds, and get the diff between NOW and the expiration date - CERTDIFF=$[$(date +%s -d "${CERTDATE}") - $(date +%s)] + CERTDIFF=$[${CERTDATE} - $(date +%s)] if [ ${CERTDIFF} -lt 0 ] then CERTDIFF=$[$[${CERTDIFF}+1]/3600/24-1] |