diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-07-10 23:21:49 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-07-10 23:21:49 +0200 |
| commit | 4e347178a85468cb2a6451a3a57c3379f832ca97 (patch) | |
| tree | ddd9a152f1042b9c31678057fa24bd9b3652c26b /certs | |
| parent | d5927fb7247e881655488b850812e8186ae444a4 (diff) | |
gencerts: exclude expired certs in the CRT queries.
Diffstat (limited to 'certs')
| -rwxr-xr-x | certs/gencerts.sh | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/certs/gencerts.sh b/certs/gencerts.sh index 9318e42..f20bba5 100755 --- a/certs/gencerts.sh +++ b/certs/gencerts.sh @@ -4,43 +4,43 @@ set -ue PATH=/usr/bin:/bin if [ -n "${GNUPGBIN:-}" ]; then GPG="$GNUPGBIN" elif [ -x /usr/bin/gpg2 ]; then GPG=/usr/bin/gpg2 else GPG=gpg fi GPG_OPTS='--no-auto-check-trustdb --batch --no-verbose --yes' usage() { echo "Usage: $0 /path/to/certs.asc" >&2 exit 1 } x509fpr() { local msg="$1" host cert h spki host="${msg%%,*}"; host="${host%% *}"; host="${host#\`}" cert="$DIR/${host%%:*}.pub" - spki=$(openssl pkey -pubin -outform DER <"$cert" | openssl dgst -sha256 | sed -nr 's/^[^=]+=\s*//p') - [ "$typ" = mdwn ] && printf '\n [%s](https://crt.sh/?spkisha256=%s&iCAID=16418)\n\n' "$msg" "$spki" \ - || printf ' %s\n X.509: https://crt.sh/?spkisha256=%s&iCAID=16418\n SPKI:\n' \ + spki=$(openssl pkey -pubin -outform DER <"$cert" | openssl dgst -sha256 | sed -nr 's/^[^=]+=\s*//p') + [ "$typ" = mdwn ] && printf '\n [%s](https://crt.sh/?spkisha256=%s&iCAID=16418&exclude=expired)\n\n' "$msg" "$spki" \ + || printf ' %s\n X.509: https://crt.sh/?spkisha256=%s&iCAID=16418&exclude=expired\n SPKI:\n' \ "$( echo "$msg" | tr -d '`' )" "$spki" for h in sha1 sha256; do [ "$typ" = mdwn ] || echo -n ' ' echo -n "$h" | tr '[a-z]' '[A-Z]' for i in $(seq 1 $((7 - ${#h}))); do echo -n ' '; done openssl pkey -pubin -outform DER <"$cert" | openssl dgst -"$h" -c | sed -nr 's/^[^=]+=\s*//p' done | sed -r "s/(\S+)(.*)/$indent\1\U\2/" } sshfpr() { local msg="$1" host t h fpr host="${msg%%,*}"; host="${host%% *}"; host="${host#*@}"; host="${host#\`}"; host="${host%\`}" [ "$typ" = mdwn ] && { echo; echo " $msg"; echo; } || { echo " $msg" | tr -d '`'; } [ "${host#*:}" != 22 ] || host="${host%%:*}" for h in MD5 SHA256; do ssh-keygen -E "$h" -f "$DIR/../ssh_known_hosts" -lF "${host#*@}" done | sed -nr 's/^[^ #]+\s+//p' | sed -r 's/^(\S+)\s+(MD5|SHA256):/\1 \2 /' | while read t h fpr; do echo -n "$indent$t" for i in $(seq 1 $((7 - ${#h}))); do echo -n ' '; done |