| 1 | #! /bin/sh -e |
| 2 | |
| 3 | conf=/etc/ca/check-x509-certs.conf |
| 4 | time=$(( 7 * 86400 )) |
| 5 | usage="usage: $0 [-c CONF] [-d DAYS] [-s SECS]" |
| 6 | |
| 7 | while getopts c:d:s: opt; do |
| 8 | case "$opt" in |
| 9 | c) conf=$OPTARG ;; |
| 10 | d) time=$(( $OPTARG * 86400 )) ;; |
| 11 | s) time=$OPTARG ;; |
| 12 | *) echo >&2 "$usage"; exit 1 ;; |
| 13 | esac |
| 14 | done |
| 15 | shift $(( $OPTIND - 1 )) |
| 16 | case $# in 0) ;; *) echo >&2 "$usage"; exit 1 ;; esac |
| 17 | |
| 18 | if [ ! -f $conf ]; then exit 0; fi |
| 19 | |
| 20 | any=nil |
| 21 | while read line; do |
| 22 | case "$line" in "" | "#"*) continue ;; esac |
| 23 | file=$line |
| 24 | if openssl x509 -in "$file" -noout -checkend $time; then |
| 25 | continue |
| 26 | fi |
| 27 | if openssl x509 -in "$file" -noout -checkend 0; then |
| 28 | state="expires soon" |
| 29 | else |
| 30 | state="ALREADY EXPIRED!" |
| 31 | fi |
| 32 | case $any in nil) any=t ;; t) echo ;; esac |
| 33 | echo "$file: $state" |
| 34 | openssl x509 -in "$file" -noout -issuer -dates |
| 35 | done <"$conf" |