| Last change
                  on this file since 2745 was
                  2545,
                  checked in by andersk, 11 years ago | 
        
          | Test all certificates for expiration, including intermediates | 
        
          | 
              
                  Property svn:executable set to
                  * | 
        | File size:
            1.1 KB | 
      
      
        
  | Line |  | 
|---|
| 1 | #!/usr/bin/perl | 
|---|
| 2 |  | 
|---|
| 3 | use strict; | 
|---|
| 4 | use warnings; | 
|---|
| 5 | use autodie; | 
|---|
| 6 | use Date::Parse; | 
|---|
| 7 | use File::Basename; | 
|---|
| 8 | use Getopt::Long qw(:config bundling); | 
|---|
| 9 | use IPC::Open2; | 
|---|
| 10 |  | 
|---|
| 11 | chdir dirname($0); | 
|---|
| 12 |  | 
|---|
| 13 | my $now = time(); | 
|---|
| 14 |  | 
|---|
| 15 | GetOptions( | 
|---|
| 16 | "verbose|v" => \my $verbose, | 
|---|
| 17 | ) or exit 2; | 
|---|
| 18 |  | 
|---|
| 19 | use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days | 
|---|
| 20 |  | 
|---|
| 21 | foreach my $cert (glob "*.pem") { | 
|---|
| 22 | open(CERT, "<", $cert); | 
|---|
| 23 | my $ins = do {local $/; <CERT>}; | 
|---|
| 24 | close(CERT); | 
|---|
| 25 |  | 
|---|
| 26 | for my $in ($ins =~ /^-----BEGIN CERTIFICATE-----\n.*?^-----END CERTIFICATE-----\n/msg) { | 
|---|
| 27 | my $pid = open2(\*X509, \*IN, qw(openssl x509 -enddate -noout)); | 
|---|
| 28 | print IN $in; | 
|---|
| 29 | close(IN); | 
|---|
| 30 | my $out = do {local $/; <X509>}; | 
|---|
| 31 | close(X509); | 
|---|
| 32 | waitpid($pid, 0); | 
|---|
| 33 |  | 
|---|
| 34 | my $exp; | 
|---|
| 35 | unless (defined $out and ($exp) = $out =~ /^notAfter=(.*)$/m) { | 
|---|
| 36 | warn "Cert appears broken: $cert"; | 
|---|
| 37 | next; | 
|---|
| 38 | } | 
|---|
| 39 |  | 
|---|
| 40 | my $time = str2time($exp); | 
|---|
| 41 |  | 
|---|
| 42 | if ($verbose || ($time - $now) <= WARNING) { | 
|---|
| 43 | printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert; | 
|---|
| 44 | open(IN, '|-', qw(openssl x509 -subject -noout)); | 
|---|
| 45 | print IN $in; | 
|---|
| 46 | close(IN); | 
|---|
| 47 | } | 
|---|
| 48 | } | 
|---|
| 49 | } | 
|---|
       
      
      Note: See 
TracBrowser
        for help on using the repository browser.