Recognise self-signed certificates rather than assuming everything is…

… issued from some CA. It turns out that a number of members use self-signed browser-facing certificates on test entities.
InCommon · Nov 30, 2012 · d3ed366 · d3ed366
1 parent 1e0f42b
commit d3ed366
Showing 1 changed file with 21 additions and 8 deletions.
diff --git a/build/probe_nocerts.pl b/build/probe_nocerts.pl
@@ -67,7 +67,7 @@
 	}
 
 	#
-	# Use openssl to convert the certificate to text
+	# Use openssl to convert the certificate to text
 	#
 	my(@lines, $issuer, $subjectCN, $issuerCN);
 	$cmd = "openssl x509 -in $temp_der -inform der -noout -text -nameopt RFC2253 -modulus |";
@@ -77,16 +77,24 @@
 		if (/^\s*Issuer:\s*(.*)$/) {
 			$issuer = $1;
 			#print "$hostPort: issuer is $issuer\n";
-			$issuers{$issuer}{$loc} = 1;
-			$numissued++;
-			if ($issuer =~ /CN=([^,]+)/) {
-				$issuerCN = $1;
-			} else {
-				$issuerCN = $issuer;
-			}
 		}
+		if (/^\s*Subject:\s*(.*)$/) {
+			$subject = $1;
+		}
+	}
+
+	if ($subject eq $issuer) {
+		$issuer = "(self signed certificate)";
 	}
 
+	if ($issuer =~ /CN=([^,]+)/) {
+		$issuerCN = $1;
+	} else {
+		$issuerCN = $issuer;
+	}
+
+	$issuers{$issuer}{$loc} = 1;
+	$numissued++;
 }
 print "\n\n";
 
@@ -108,3 +116,8 @@
 		print "   $loc\n";
 	} 
 }
+
+#
+# Clean up
+#
+unlink $temp_der;