-
Notifications
You must be signed in to change notification settings - Fork 8
/
s_verify_http
executable file
·36 lines (31 loc) · 1.01 KB
/
s_verify_http
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#! /bin/sh
# s_verify_http (Bourne shell script) -- Connects to an SSL HTTP server and verifies the X.509 certificate for a given domain
#
# Version: 1.2
# Copyright: (c) 2019 Alastair Irvine <[email protected]>
# Keywords: openssl, SSL, TLS, secure certificate
# Licence: This file is released under the GNU General Public License v2
#
# Uses "Server Name Indication" (SNI)
# Note: Verifies the chain but won't actually compare the CN of the returned
# cert agains the server name
SELF=$(basename "$0")
if [ "$1" = -P ] ; then
PORT=$2
shift
shift
fi
if [ $# -lt 1 -o $# -gt 3 ] ; then
echo "Usage: $SELF [ -P <port> ] <servername> [ <sitename> ] [ <opts> ]" >&2
exit 1
fi
if [ -z "$SSL_PATH" ] ; then
if [ -d /etc/pki/tls ] ; then
SSL_PATH=/etc/pki/tls
else
SSL_PATH=/etc/ssl
fi
fi
openssl s_client -connect $1:${PORT-443} -servername ${2:-$1} ${3:--no_ssl3} -verify 20 -CApath $SSL_PATH/certs/ < /dev/null |
sed "/^-----BEGIN CERTIFICATE-----/,/^-----END CERTIFICATE-----/d" |
${PAGER:-less}