|
Last change
on this file since 2694 was
2545,
checked in by andersk, 11 years ago
|
|
Test all certificates for expiration, including intermediates
|
-
Property svn:executable set to
*
|
|
File size:
1.1 KB
|
| Line | |
|---|
| 1 | #!/usr/bin/perl |
|---|
| 2 | |
|---|
| 3 | use strict; |
|---|
| 4 | use warnings; |
|---|
| 5 | use autodie; |
|---|
| 6 | use Date::Parse; |
|---|
| 7 | use File::Basename; |
|---|
| 8 | use Getopt::Long qw(:config bundling); |
|---|
| 9 | use IPC::Open2; |
|---|
| 10 | |
|---|
| 11 | chdir dirname($0); |
|---|
| 12 | |
|---|
| 13 | my $now = time(); |
|---|
| 14 | |
|---|
| 15 | GetOptions( |
|---|
| 16 | "verbose|v" => \my $verbose, |
|---|
| 17 | ) or exit 2; |
|---|
| 18 | |
|---|
| 19 | use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days |
|---|
| 20 | |
|---|
| 21 | foreach my $cert (glob "*.pem") { |
|---|
| 22 | open(CERT, "<", $cert); |
|---|
| 23 | my $ins = do {local $/; <CERT>}; |
|---|
| 24 | close(CERT); |
|---|
| 25 | |
|---|
| 26 | for my $in ($ins =~ /^-----BEGIN CERTIFICATE-----\n.*?^-----END CERTIFICATE-----\n/msg) { |
|---|
| 27 | my $pid = open2(\*X509, \*IN, qw(openssl x509 -enddate -noout)); |
|---|
| 28 | print IN $in; |
|---|
| 29 | close(IN); |
|---|
| 30 | my $out = do {local $/; <X509>}; |
|---|
| 31 | close(X509); |
|---|
| 32 | waitpid($pid, 0); |
|---|
| 33 | |
|---|
| 34 | my $exp; |
|---|
| 35 | unless (defined $out and ($exp) = $out =~ /^notAfter=(.*)$/m) { |
|---|
| 36 | warn "Cert appears broken: $cert"; |
|---|
| 37 | next; |
|---|
| 38 | } |
|---|
| 39 | |
|---|
| 40 | my $time = str2time($exp); |
|---|
| 41 | |
|---|
| 42 | if ($verbose || ($time - $now) <= WARNING) { |
|---|
| 43 | printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert; |
|---|
| 44 | open(IN, '|-', qw(openssl x509 -subject -noout)); |
|---|
| 45 | print IN $in; |
|---|
| 46 | close(IN); |
|---|
| 47 | } |
|---|
| 48 | } |
|---|
| 49 | } |
|---|
Note: See
TracBrowser
for help on using the repository browser.
