Move determination of fingerprint and serial to determine_cert_fingerprint_serial()
.. so that it can be used for other certificates than the host certificate
This commit is contained in:
parent
9094665768
commit
b625df87c1
25
testssl.sh
25
testssl.sh
|
@ -8317,10 +8317,20 @@ certificate_transparency() {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
determine_certs_fingerprints_serial() {
|
# replacement for inline $OPENSSL x509 -noout -in $HOSTCERT -serial
|
||||||
|
# and $OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256/-sha1
|
||||||
|
#
|
||||||
|
determine_cert_fingerprint_serial() {
|
||||||
local cert="$1"
|
local cert="$1"
|
||||||
local ossl_command="$2"
|
local ossl_command="$2"
|
||||||
|
local result=""
|
||||||
|
|
||||||
|
result="$($OPENSSL x509 -noout -in $1 $2 2>>$ERRFILE)"
|
||||||
|
# remove strings in text output, colon only appear in fingerprints
|
||||||
|
result="${result//Fingerprint=}"
|
||||||
|
result="${result//serial=}"
|
||||||
|
result="${result//:/}"
|
||||||
|
safe_echo "$result"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -8707,23 +8717,18 @@ certificate_info() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
out "$indent"; pr_bold " Serial / Fingerprints "
|
out "$indent"; pr_bold " Serial / Fingerprints "
|
||||||
cert_serial="$($OPENSSL x509 -noout -in $HOSTCERT -serial 2>>$ERRFILE)"
|
cert_serial="$(determine_cert_fingerprint_serial "$HOSTCERT" "-serial")"
|
||||||
cert_serial="${cert_serial//serial=}"
|
|
||||||
fileout "cert_serialNumber${json_postfix}" "INFO" "$cert_serial"
|
fileout "cert_serialNumber${json_postfix}" "INFO" "$cert_serial"
|
||||||
|
|
||||||
cert_fingerprint_sha1="$($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha1 2>>$ERRFILE)"
|
cert_fingerprint_sha1="$(determine_cert_fingerprint_serial "$HOSTCERT" "-fingerprint -sha1")"
|
||||||
cert_fingerprint_sha1="${cert_fingerprint_sha1//Fingerprint=}"
|
|
||||||
cert_fingerprint_sha1="${cert_fingerprint_sha1//:/}"
|
|
||||||
outln "$cert_serial / $cert_fingerprint_sha1"
|
outln "$cert_serial / $cert_fingerprint_sha1"
|
||||||
fileout "cert_fingerprintSHA1${json_postfix}" "INFO" "${cert_fingerprint_sha1//SHA1 /}"
|
fileout "cert_fingerprintSHA1${json_postfix}" "INFO" "${cert_fingerprint_sha1//SHA1 /}"
|
||||||
|
|
||||||
cert_fingerprint_sha2="$($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256 2>>$ERRFILE)"
|
cert_fingerprint_sha2="$(determine_cert_fingerprint_serial "$HOSTCERT" "-fingerprint -sha256")"
|
||||||
cert_fingerprint_sha2="${cert_fingerprint_sha2//Fingerprint=}"
|
|
||||||
cert_fingerprint_sha2="${cert_fingerprint_sha2//:/}"
|
|
||||||
fileout "cert_fingerprintSHA256${json_postfix}" "INFO" "${cert_fingerprint_sha2//SHA256 /}"
|
fileout "cert_fingerprintSHA256${json_postfix}" "INFO" "${cert_fingerprint_sha2//SHA256 /}"
|
||||||
outln "$spaces$cert_fingerprint_sha2"
|
outln "$spaces$cert_fingerprint_sha2"
|
||||||
|
|
||||||
# " " needs to be converted back to lf in JSON/CSV output
|
# " " needs to be converted back to lf in JSON/CSV output. watch out leading/ending line containting "CERTIFICATE"
|
||||||
fileout "cert${json_postfix}" "INFO" "$(< $HOSTCERT)"
|
fileout "cert${json_postfix}" "INFO" "$(< $HOSTCERT)"
|
||||||
|
|
||||||
[[ -z $CERT_FINGERPRINT_SHA2 ]] && \
|
[[ -z $CERT_FINGERPRINT_SHA2 ]] && \
|
||||||
|
|
Loading…
Reference in New Issue