我一直在编写一个脚本来获取一些证书详细信息,而不是说我已经在处理它的格式——当我试图解析EndDate="openssl s_client -connect $host:$port 2>/dev/null | openssl x509 -enddate -noout | grep "Not After" | awk '{print $4, $5, $7}'"时,脚本现在挂起了。
这是我目前正在编写的完整脚本供参考,由于我刚刚掌握了脚本的窍门,其中大部分都被黑客入侵了。
# User input for the host or url of the certificate to check
echo "What host IP or URL certificate would you like to check: "
read host
# User input for the port number of the certificate to check
echo "What is the port number for the host's IP or URL: "
read port
# Input Verification post
echo "Host connection information = $host:$port"
# openssl expiration date checks for the week
echo "::Certificate expiration date::"
EndDate=`openssl s_client -connect $host:$port 2>/dev/null | openssl x509 - enddate -noout | grep "Not After" | awk '{print $4, $5, $7}'`
DatePlus7=`date -ud "+7 day" | awk '{print $2, $3, $6}'`
if [ "$EndDate" = "$DatePlus7"]
then
echo "Certificate has expired or will do so within 7 days!"
echo "(or is invalid/not found)"
else
echo "Certificate is good for another week!"
fi
最终,我希望能够为管理员输出echo | openssl s_client -connect $host:$port 2>/dev/null | openssl x509 -enddate -noout,这将出现在fi语句之后。有人能帮我解决这个问题吗?
从小处着手构建比从大处着手调试更容易。
这里有一种更简单的方法来重现你的问题,它也只是挂起:
openssl s_client -connect google.com:443
既然问题如此简单和狭隘,在谷歌上搜索"为什么openssl s_client会挂起?"会得到有用的信息,建议echo -n | ..."向服务器发出响应,以便释放连接"。这应该足以进一步(还有其他问题)。
无论如何,这里有一个较短的方法:
if openssl s_client -connect google.com:443 2> /dev/null < /dev/null |
openssl x509 -checkend $((60*60*24*7)) -noout -in /dev/stdin
then
echo "The certificate is good."
else
echo "The certificate expires within a week."
fi
这将打印到期日期而不挂断:
openssl s_client-connect google.com:443 2>/dev/null<dev/null|openssl x509-enddate-nout-in/dev/stdin