summaryrefslogtreecommitdiff
path: root/tor-exit-ssl-check
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2013-07-15 22:50:55 +0000
committerweasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede>2013-07-15 22:50:55 +0000
commitdcb8fe3d186533cdee8f9de47cf65057736e7728 (patch)
tree7665caac2375a664170d053f0760c68320d87a1b /tor-exit-ssl-check
parent7fb3a90b0a00a65d890fa4089b0d2a8275f5540f (diff)
Support a cert cache dir
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@632 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
Diffstat (limited to 'tor-exit-ssl-check')
-rwxr-xr-xtor-exit-ssl-check21
1 files changed, 17 insertions, 4 deletions
diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check
index 5185830..6af71e0 100755
--- a/tor-exit-ssl-check
+++ b/tor-exit-ssl-check
@@ -27,13 +27,14 @@ set -u
shopt -s extglob
usage() {
- echo "Usage: $0 [-v [-v]] [-d <datadir>] <torserver-fpr> <targethost>[:<targetport>] [<targethost>[:<targetport>] [...]]"
+ echo "Usage: $0 [-v [-v]] [-d <datadir>] -c [<cert-cachedir>] <torserver-fpr> <targethost>[:<targetport>] [<targethost>[:<targetport>] [...]]"
echo " If torserver-fpr is -, a list of fingerprints is read from stdin"
}
verbose=0
+cachedir=""
datadir=""
-while getopts "vhd:" OPTION
+while getopts "vhc:d:" OPTION
do
case "$OPTION" in
v)
@@ -43,6 +44,9 @@ do
usage
exit 0
;;
+ c)
+ cachedir="$OPTARG"
+ ;;
d)
datadir="$OPTARG"
;;
@@ -139,12 +143,21 @@ expect_ok() {
fi
}
+[ -n "$cachedir" ] && find "$cachedir" -mmin +1400 -exec rm '{}' '+'
+
for ((i=0; i < ${#targets[@]}; i++)); do
host="${targets[$i]}"
[ "${host%%+([0-9])}" = "$host" ] && host="$host:443"
- [ "$verbose" = 0 ] || echo "Directly to $host:"
- openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i"
+ if [ -n "$cachedir" ] && [ -e "$cachedir/$host" ] ; then
+ [ "$verbose" = 0 ] || echo "Using cached certificate for $host."
+ cp "$cachedir/$host" "$tmpdir/cert-direct-$i"
+ else
+ [ "$verbose" = 0 ] || echo "Directly to $host:"
+ openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i"
+ [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/$host"
+ fi
+
egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered"
[ "$verbose" = 0 ] || echo "===="
done