On 2021-09-30 11:36, Viktor Dukhovni wrote:
Ah, you also need to add "-showcerts" to s_client and best to separate
stdout and stderr in order to avoid confusion due to error text leaking
through, sender stderr to /dev/null:
$ openssl s_client -showcerts \
-connect bad_server_name:443 \
-servername bad_server_name 2>/dev/null |
openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
openssl pkcs7 -print_certs -noout -text |
egrep 'not(Before|After)'
or write the errors to a separate file.
That almost worked.. but because the first openssl command
never completes the other commands just wait..
I poked around and found that sending Q to the command gets it
to exit so I came up with this:
echo "Q" | openssl s_client -showcerts -connect yehat.aphroland.org:443
\
-servername yehat.aphroland.org 2>/dev/null |
openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
openssl pkcs7 -print_certs -noout -text |
grep "\(Issuer:\|Subject:\|Not Before:\|Not After :\)"
which does the trick for me, used one of my personal servers to test
thanks for the help!
nate
