HOSTCERT_TXT populated, certificate end+startdate in JSON

HOSTCERT_TXT is now generated each time a HOSTCERT is
written. For now it is just being used in ``read_sigalg_from_file()``.
More to come.

Also in JSON output the start date and end date of the certificate
are now in separate objects. (the time format could need some polishing though).
This commit is contained in:
Dirk 2018-01-29 20:03:00 +01:00
parent c1d75f65ce
commit 88cd5528e7
1 changed files with 12 additions and 5 deletions

View File

@ -4981,7 +4981,10 @@ read_dhtype_from_file() {
# arg1: certificate file
read_sigalg_from_file() {
$OPENSSL x509 -noout -text -in "$1" 2>/dev/null | awk -F':' '/Signature Algorithm/ { print $2; exit; }'
local hostcert_txt="${1//pem/txt}"
[[ -r "$hostcert_txt" ]] || $OPENSSL x509 -noout -text -in "$1" 2>/dev/null >$hostcert_txt
awk -F':' '/Signature Algorithm/ { print $2; exit; }' < $hostcert_txt
}
@ -5694,6 +5697,7 @@ get_host_cert() {
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $1") 2>/dev/null </dev/null >$tmpvar
if sclient_connect_successful $? $tmpvar; then
awk '/-----BEGIN/,/-----END/ { print $0 }' $tmpvar >$HOSTCERT
$OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE >$HOSTCERT_TXT
return 0
else
if [[ -z "$1" ]]; then
@ -6019,6 +6023,7 @@ extract_certificates() {
else
success=0
mv level0.crt $HOSTCERT
$OPENSSL x509 -in "$HOSTCERT" -noout -text 2>>$ERRFILE >$HOSTCERT_TXT
if [[ $nrsaved -eq 1 ]]; then
echo "" > $TEMPDIR/intermediatecerts.pem
else
@ -6281,7 +6286,7 @@ must_staple() {
fileout "${jsonID}${json_postfix}" "OK" "supported"
else
prln_svrty_high "requires OCSP stapling (NOT ok)"
fileout "${jsonID}${json_postfix}" "HIGH" "must staple extension detected but no OCSP stapling provided"
fileout "${jsonID}${json_postfix}" "HIGH" "extension detected but no OCSP stapling provided"
fi
else
outln "no"
@ -6962,7 +6967,8 @@ certificate_info() {
fi
outln " ($startdate --> $enddate)"
fileout "cert_expiration_status${json_postfix}" "$expok" "$expfinding"
fileout "cert_expiration_startend${json_postfix}" "$expok" "$startdate --> $enddate"
fileout "cert_expiration_start${json_postfix}" "$expok" "$startdate"
fileout "cert_expiration_end${json_postfix}" "$expok" "$enddate"
certificates_provided=1+$(grep -c "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem)
out "$indent"; pr_bold " # of certificates provided"; outln " $certificates_provided"
@ -8596,6 +8602,7 @@ parse_sslv2_serverhello() {
"$parse_complete" || return $ret
# not sure why we need this
rm -f $HOSTCERT $TEMPDIR/intermediatecerts.pem
if [[ $ret -eq 3 ]]; then
certificate_len=2*$(hex2dec "$v2_hello_cert_length")
@ -8627,7 +8634,7 @@ parse_sslv2_serverhello() {
# arg1: hash function
# arg2: key
# arg3: text
# arg3: text
hmac() {
local hash_fn="$1"
local key="$2" text="$3" output
@ -10064,7 +10071,6 @@ parse_tls_serverhello() {
tmpfile_handle $FUNCNAME.txt
return 1
fi
for (( j=8; j < tls_certificate_ascii_len; j=j+extn_len )); do
if [[ $tls_certificate_ascii_len-$j -lt 6 ]]; then
debugme tmln_warning "Malformed Certificate Handshake message in ServerHello."
@ -10243,6 +10249,7 @@ parse_tls_serverhello() {
# Now parse the Certificate message.
if [[ "$process_full" == "all" ]]; then
# not sure why we need this
[[ -e "$HOSTCERT" ]] && rm "$HOSTCERT"
[[ -e "$TEMPDIR/intermediatecerts.pem" ]] && rm "$TEMPDIR/intermediatecerts.pem"
fi