Changeset 2545 for trunk/server/fedora/config
- Timestamp:
- Jul 26, 2014, 6:59:34 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/fedora/config/etc/pki/tls/certs/check.pl
r1302 r2545 1 1 #!/usr/bin/perl 2 2 3 use strict; 4 use warnings; 5 use autodie; 6 use Date::Parse; 3 7 use File::Basename; 4 use Date::Parse; 8 use Getopt::Long qw(:config bundling); 9 use IPC::Open2; 5 10 6 my $dir = dirname($0); 7 chdir $dir or die "Failed to chdir('$dir'): $!"; 11 chdir dirname($0); 8 12 9 13 my $now = time(); 10 14 11 our $verbose = 0; 12 $verbose = 1 if ($ARGV[0] eq "-v"); 15 GetOptions( 16 "verbose|v" => \my $verbose, 17 ) or exit 2; 13 18 14 19 use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days 15 20 16 21 foreach my $cert (glob "*.pem") { 17 open(X509, "-|", qw(openssl x509 -in), $cert, qw(-enddate -noout)) or die "Couldn't invoke openssl x509: $!"; 18 chomp(my $exp = <X509>); 19 close(X509); 20 $exp =~ s/^notAfter=// or warn "Cert appears broken: $cert"; 22 open(CERT, "<", $cert); 23 my $ins = do {local $/; <CERT>}; 24 close(CERT); 21 25 22 my $time = str2time($exp); 26 for my $in ($ins =~ /^-----BEGIN CERTIFICATE-----\n.*?^-----END CERTIFICATE-----\n/msg) { 27 my $pid = open2(\*X509, \*IN, qw(openssl x509 -enddate -noout)); 28 print IN $in; 29 close(IN); 30 my $out = do {local $/; <X509>}; 31 close(X509); 32 waitpid($pid, 0); 23 33 24 if ($verbose || ($time - $now) <= WARNING) { 25 printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert; 26 system(qw(openssl x509 -in), $cert, qw(-subject -noout)); 34 my $exp; 35 unless (defined $out and ($exp) = $out =~ /^notAfter=(.*)$/m) { 36 warn "Cert appears broken: $cert"; 37 next; 38 } 39 40 my $time = str2time($exp); 41 42 if ($verbose || ($time - $now) <= WARNING) { 43 printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert; 44 open(IN, '|-', qw(openssl x509 -subject -noout)); 45 print IN $in; 46 close(IN); 47 } 27 48 } 28 49 }
Note: See TracChangeset
for help on using the changeset viewer.