From 3f03082a2a50dec848e23cd2b419ca5d266b4f9b Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Fri, 28 Apr 2023 23:54:23 +0200 Subject: crypt-expiry-check: if cert is a chain, give the *oldest* expiry date --- crypt-expiry-check.in | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 22f0eba..624d801 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -410,6 +410,7 @@ check_file_status() { # Extract the expiration date from the certificate CERTDATE=$(${OPENSSL} x509 -in ${CERT_TMP} -enddate -noout | \ ${SED} 's/notAfter\=//') + CERTDATE=$(date +%s -d "${CERTDATE}") # Extract the issuer from the certificate CERTISSUER=$(${OPENSSL} x509 -in ${CERT_TMP} -issuer -noout | \ @@ -426,8 +427,9 @@ check_file_status() { ${SED} -e 's/serial=//') else # Extract the expiration date from the ceriticate - CERTDATE=$(${OPENSSL} x509 -in ${CERTFILE} -enddate -noout -inform ${CERTTYPE} | \ - ${SED} 's/notAfter\=//') + CERTDATE=$(while ${OPENSSL} x509 -enddate -noout -inform ${CERTTYPE} 2>/dev/null; do :; done <${CERTFILE} | \ + ${SED} 's/notAfter\=//' | \ + xargs -rI __ date +%s -d "__") # Extract the issuer from the certificate CERTISSUER=$(${OPENSSL} x509 -in ${CERTFILE} -issuer -noout -inform ${CERTTYPE} | \ @@ -443,7 +445,7 @@ check_file_status() { fi # Convert the date to seconds, and get the diff between NOW and the expiration date - CERTDIFF=$[$(date +%s -d "${CERTDATE}") - $(date +%s)] + CERTDIFF=$[${CERTDATE} - $(date +%s)] if [ ${CERTDIFF} -lt 0 ] then CERTDIFF=$[$[${CERTDIFF}+1]/3600/24-1] -- cgit v1.2.3-70-g09d2