Context Navigation

check.pl @ 2545

Last change on this file since 2545 was 2545, checked in by andersk, 9 years ago
Test all certificates for expiration, including intermediates
Property svn:executable set to ``*
File size: 1.1 KB

Rev	Line
[1171]	1	#!/usr/bin/perl
	2
[2545]	3	use strict;
	4	use warnings;
	5	use autodie;
	6	use Date::Parse;
[1171]	7	use File::Basename;
[2545]	8	use Getopt::Long qw(:config bundling);
	9	use IPC::Open2;
[1171]	10
[2545]	11	chdir dirname($0);
[1171]	12
	13	my $now = time();
	14
[2545]	15	GetOptions(
	16	"verbose\|v" => \my $verbose,
	17	) or exit 2;
[1171]	18
	19	use constant WARNING => 606024*14; # Warn if a cert is expiring within 14 days
	20
	21	foreach my $cert (glob "*.pem") {
[2545]	22	open(CERT, "<", $cert);
	23	my $ins = do {local $/; <CERT>};
	24	close(CERT);
[1171]	25
[2545]	26	for my $in ($ins =~ /^-----BEGIN CERTIFICATE-----\n.*?^-----END CERTIFICATE-----\n/msg) {
	27	my $pid = open2(\X509, \IN, qw(openssl x509 -enddate -noout));
	28	print IN $in;
	29	close(IN);
	30	my $out = do {local $/; <X509>};
	31	close(X509);
	32	waitpid($pid, 0);
[1171]	33
[2545]	34	my $exp;
	35	unless (defined $out and ($exp) = $out =~ /^notAfter=(.*)$/m) {
	36	warn "Cert appears broken: $cert";
	37	next;
	38	}
	39
	40	my $time = str2time($exp);
	41
	42	if ($verbose \|\| ($time - $now) <= WARNING) {
	43	printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.06024)), $cert;
	44	open(IN, '\|-', qw(openssl x509 -subject -noout));
	45	print IN $in;
	46	close(IN);
	47	}
[1171]	48	}
	49	}

Note: See TracBrowser for help on using the repository browser.