我编写了以下代码,输出应该是:
- SSL 证书何时到期
- 浏览器的状态码
问题是如果我插入https://www.google.com或者http://www.google.com我收到一个错误。如果我尝试使用 google.com 它工作正常。
任何想法?
read -p "Please insert the url: " url
certificate_file=$(mktemp)
echo -n | openssl s_client -servername "$url" -connect "$url":443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
date_s=$(date -d "${date}" +%s)
now_s=$(date -d now +%s)
date_diff=$(( (date_s - now_s) / 86400 ))
if [[ "$date_diff" -gt "1" ]]; then
echo "Certificate expires in: $date_diff days"
else
echo "$url does not use SSL Certificates"
fi
response=$(curl -s -w "%{http_code}" $url)
http_code=$(tail -n1 <<< "$response")
if [[ "$http_code" == "200" ]]; then
echo "OK for: $http_code"
elif [[ "http_code" != "200" ]]; then
echo "HTTP code: $http_code"
elif [[ "http_code" == "408" ]]; then
echo "Request Timeout"
fi
错误代码如下:
Please insert the url: https:/www.yahoo.com
unable to load certificate
140381863350720:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
https:/www.yahoo.com does not use SSL Certificates
HTTP code: Regional Redirect302
答案1
-connect的标志采用openssl s_client,host:port但您提供的是 URL。所以你的openssl s_client命令失败并出现如下错误:
s_client: -connect argument or target parameter malformed or ambiguous
但是您使用 丢弃此错误消息2>/dev/null,因此它不会显示在您的输出中。当openssl s_client命令失败时,您将不会有任何数据$certificate_file。这会导致Expecting: TRUSTED CERTIFICATE您在输出中看到错误。
要修复此问题,您需要先转换$url为主机名,然后再将其用作 的参数-connect。