Skip to content

Commit b625df8

Browse files
drwetterdrwetter
committed
Move determination of fingerprint and serial to determine_cert_fingerprint_serial()
.. so that it can be used for other certificates than the host certificate
1 parent 9094665 commit b625df8

1 file changed

Lines changed: 15 additions & 10 deletions

File tree

testssl.sh

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8317,10 +8317,20 @@ certificate_transparency() {
83178317
return 0
83188318
}
83198319

8320-
determine_certs_fingerprints_serial() {
8320+
# replacement for inline $OPENSSL x509 -noout -in $HOSTCERT -serial
8321+
# and $OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256/-sha1
8322+
#
8323+
determine_cert_fingerprint_serial() {
83218324
local cert="$1"
83228325
local ossl_command="$2"
8326+
local result=""
83238327

8328+
result="$($OPENSSL x509 -noout -in $1 $2 2>>$ERRFILE)"
8329+
# remove strings in text output, colon only appear in fingerprints
8330+
result="${result//Fingerprint=}"
8331+
result="${result//serial=}"
8332+
result="${result//:/}"
8333+
safe_echo "$result"
83248334
}
83258335

83268336

@@ -8707,23 +8717,18 @@ certificate_info() {
87078717
fi
87088718

87098719
out "$indent"; pr_bold " Serial / Fingerprints "
8710-
cert_serial="$($OPENSSL x509 -noout -in $HOSTCERT -serial 2>>$ERRFILE)"
8711-
cert_serial="${cert_serial//serial=}"
8720+
cert_serial="$(determine_cert_fingerprint_serial "$HOSTCERT" "-serial")"
87128721
fileout "cert_serialNumber${json_postfix}" "INFO" "$cert_serial"
87138722

8714-
cert_fingerprint_sha1="$($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha1 2>>$ERRFILE)"
8715-
cert_fingerprint_sha1="${cert_fingerprint_sha1//Fingerprint=}"
8716-
cert_fingerprint_sha1="${cert_fingerprint_sha1//:/}"
8723+
cert_fingerprint_sha1="$(determine_cert_fingerprint_serial "$HOSTCERT" "-fingerprint -sha1")"
87178724
outln "$cert_serial / $cert_fingerprint_sha1"
87188725
fileout "cert_fingerprintSHA1${json_postfix}" "INFO" "${cert_fingerprint_sha1//SHA1 /}"
87198726

8720-
cert_fingerprint_sha2="$($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256 2>>$ERRFILE)"
8721-
cert_fingerprint_sha2="${cert_fingerprint_sha2//Fingerprint=}"
8722-
cert_fingerprint_sha2="${cert_fingerprint_sha2//:/}"
8727+
cert_fingerprint_sha2="$(determine_cert_fingerprint_serial "$HOSTCERT" "-fingerprint -sha256")"
87238728
fileout "cert_fingerprintSHA256${json_postfix}" "INFO" "${cert_fingerprint_sha2//SHA256 /}"
87248729
outln "$spaces$cert_fingerprint_sha2"
87258730

8726-
# " " needs to be converted back to lf in JSON/CSV output
8731+
# " " needs to be converted back to lf in JSON/CSV output. watch out leading/ending line containting "CERTIFICATE"
87278732
fileout "cert${json_postfix}" "INFO" "$(< $HOSTCERT)"
87288733

87298734
[[ -z $CERT_FINGERPRINT_SHA2 ]] && \

0 commit comments

Comments
 (0)