diff options
| -rwxr-xr-x | tor-exit-ssl-check | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check index 5185830..6af71e0 100755 --- a/tor-exit-ssl-check +++ b/tor-exit-ssl-check @@ -27,13 +27,14 @@ set -u shopt -s extglob usage() { - echo "Usage: $0 [-v [-v]] [-d <datadir>] <torserver-fpr> <targethost>[:<targetport>] [<targethost>[:<targetport>] [...]]" + echo "Usage: $0 [-v [-v]] [-d <datadir>] -c [<cert-cachedir>] <torserver-fpr> <targethost>[:<targetport>] [<targethost>[:<targetport>] [...]]" echo " If torserver-fpr is -, a list of fingerprints is read from stdin" } verbose=0 +cachedir="" datadir="" -while getopts "vhd:" OPTION +while getopts "vhc:d:" OPTION do case "$OPTION" in v) @@ -43,6 +44,9 @@ do usage exit 0 ;; + c) + cachedir="$OPTARG" + ;; d) datadir="$OPTARG" ;; @@ -139,12 +143,21 @@ expect_ok() { fi } +[ -n "$cachedir" ] && find "$cachedir" -mmin +1400 -exec rm '{}' '+' + for ((i=0; i < ${#targets[@]}; i++)); do host="${targets[$i]}" [ "${host%%+([0-9])}" = "$host" ] && host="$host:443" - [ "$verbose" = 0 ] || echo "Directly to $host:" - openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i" + if [ -n "$cachedir" ] && [ -e "$cachedir/$host" ] ; then + [ "$verbose" = 0 ] || echo "Using cached certificate for $host." + cp "$cachedir/$host" "$tmpdir/cert-direct-$i" + else + [ "$verbose" = 0 ] || echo "Directly to $host:" + openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i" + [ -n "$cachedir" ] && cp "$tmpdir/cert-direct-$i" "$cachedir/$host" + fi + egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered" [ "$verbose" = 0 ] || echo "====" done |