Skip to content
This repository has been archived by the owner. It is now read-only.

Commit

Permalink
Simplify weekly embedded certificate summary
Browse files Browse the repository at this point in the history 
Resolves #35.
  • Loading branch information
@iay
iay committed Sep 20, 2016
1 parent fa6cd89 commit 0731468
Showing 1 changed file with 15 additions and 48 deletions.
63 changes: 15 additions & 48 deletions utilities/check_embedded.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,25 +31,6 @@
#
my $longExpiredDays = 30*3; # about three months

#
# Request verbose tabulation of certificate issuers.
#
my $verboseIssuers = 0;

#
# Issuer marks (only shown in the absence of verboseIssuers)
#
my %issuerMark;

# ex-roots
$issuerMark{'AddTrust External CA Root'} = 'X';
$issuerMark{'UTN-USERFirst-Hardware'} = 'x';
$issuerMark{'TERENA SSL CA'} = 'x';
$issuerMark{'GlobalSign Root CA'} = 'X';
$issuerMark{'GlobalSign Organization Validation CA'} = 'x';
$issuerMark{'GlobalSign Primary Secure Server CA'} = 'x';
$issuerMark{'GlobalSign ServerSign CA'} = 'x';

#
# Load expiry whitelist.
#
Expand Down Expand Up @@ -131,7 +112,7 @@ sub comment {
# Discard blank lines.
#
next if /^\s*$/;

#
# Handle Entity/KeyName header line.
#
Expand All @@ -148,7 +129,7 @@ sub comment {
if ($entity =~ /^\[(.+)\](.+)$/) {
$entity = $2 . ' (' . $1 . ')';
}

#
# Output header line.
#
Expand Down Expand Up @@ -178,13 +159,13 @@ sub comment {
select((select($fh), $|=1)[0]);
next;
}

#
# Put other lines into a temporary file.
#
print $fh $_;
$blob .= '|' . $_;

#
# If this is the last line of the certificate, actually do
# something with it.
Expand All @@ -200,7 +181,7 @@ sub comment {
close $fh;
next;
}

#
# Otherwise, remember this blob so that we won't process it again.
#
Expand All @@ -213,12 +194,12 @@ sub comment {
# disabled, so the file can simply be passed to other applications
# as input, perhaps multiple times.
#

#
# Collection of names this certificate contains
#
my %names;

#
# Use openssl to convert the certificate to text
#
Expand All @@ -239,7 +220,7 @@ sub comment {
}
next;
}

if (/^\s*Subject:\s*(.*)$/) {
$subject = $1;
if ($subject =~ /CN=([^,]+)/) {
Expand All @@ -250,7 +231,7 @@ sub comment {
}
next;
}

#
# Extract the certificate fingerprint.
#
Expand All @@ -272,7 +253,7 @@ sub comment {
$pubSize = $1;
next;
}

if (/Not After : (.*)$/) {
$notAfter = $1;
$notAfterTime = str2time($notAfter);
Expand Down Expand Up @@ -314,25 +295,25 @@ sub comment {
# DNS:www.example.co.uk, DNS:example.co.uk, URI:http://example.co.uk/
#
my $next = <SSL>;

#
# Make an array of components, each something like "DNS:example.co.uk"
#
$next =~ s/\s*//g;
my @altNames = split /\s*,\s*/, $next;
# my $altSet = "{" . join(", ", @altNames) . "}";
# print "Alt set: $altSet\n";

#
# Each "DNS" component is an additional name for this certificate.
#
while (@altNames) {
my ($type, $altName) = split(":", pop @altNames);
$names{lc $altName}++ if $type eq 'DNS';
$names{lc $altName}++ if $type eq 'DNS';
}
next;
}

}
close SSL;
#print " text lines: $#lines\n";
Expand Down Expand Up @@ -376,27 +357,13 @@ sub comment {
#
close $fh;

#
# Add a warning for certain issuers.
#
if (defined $issuerMark{$issuerCN}) {
my $mark = $issuerMark{$issuerCN};
if ($mark eq '?') {
warning("issuer '$issuerCN' suspect; verify");
}
}

#
# Count issuers.
#
if ($issuer eq $subject) {
$issuers{'(self-signed certificate)'}++;
} else {
if ($verboseIssuers) {
$issuers{$issuer}++;
} else {
$issuers{$issuerCN}++;
}
$issuers{'Other'}++;
}

#
Expand Down

0 comments on commit 0731468

Please sign in to comment.