Browse Subversion Repository
Contents of /checksan.bash
Parent Directory
| Revision Log
Revision 21 -
( show annotations)
( download)
Wed Feb 19 06:01:53 2020 UTC
(4 years, 3 months ago)
by elge
File size: 1572 byte(s)
better iprev, count, and importing legacy san & valid
| 1 |
#!/bin/bash |
| 2 |
#stage2.0 (legacy) |
| 3 |
|
| 4 |
[[ -z $1 ]] && echo file in hosts format? && exit 1 |
| 5 |
hostsfile=$1 |
| 6 |
|
| 7 |
debug=0 |
| 8 |
|
| 9 |
ehlo=`curl -s ip.nethence.com | sed -n 1p | awk '{print $NF}' | sed 's/\.$//'` |
| 10 |
echo using $ehlo as EHLO |
| 11 |
|
| 12 |
echo writing to $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn |
| 13 |
(( debug == 1 )) && echo |
| 14 |
rm -f $hostsfile.nossl $hostsfile.nocert $hostsfile.validcn $hostsfile.wrongcn |
| 15 |
cat $hostsfile | while read line; do |
| 16 |
ip=`echo $line | awk '{print $1}'` |
| 17 |
mx=`echo $line | awk '{print $2}'` |
| 18 |
mx=${mx%\.} |
| 19 |
(( debug == 1 )) && echo -n $mx/ |
| 20 |
|
| 21 |
if ! altstr=`echo Q | timeout 0.7 /usr/local/bin/openssl s_client -4 -starttls smtp -name $ehlo -servername $mx -connect $ip:25 -crlf 2>/dev/null`; then |
| 22 |
echo $mx >> $hostsfile.nossl && echo -n . |
| 23 |
continue |
| 24 |
fi |
| 25 |
(( debug == 1 )) && echo -n has ssl/ |
| 26 |
|
| 27 |
#no need to check CN as SAN always contains it as first match |
| 28 |
if ! alt=`echo "$altstr" | /usr/local/bin/openssl x509 -noout -text 2>/dev/null | grep DNS: | sed -r 's/DNS://g; s/,//g'`; then |
| 29 |
echo $mx >> $hostsfile.nocert && echo -n / |
| 30 |
continue |
| 31 |
fi |
| 32 |
unset altstr |
| 33 |
(( debug == 1 )) && echo -n has cert and san/ |
| 34 |
|
| 35 |
got=0 |
| 36 |
for sni in $alt; do |
| 37 |
(( debug == 1 )) && echo -n testing sni $sni: |
| 38 |
#we are freaking lucky this condition deals with wildcards |
| 39 |
#e.g. here mxs.mail.ru = *.mail.ru does validate already |
| 40 |
if [[ $mx = $sni ]]; then |
| 41 |
echo $mx >> $hostsfile.validcn |
| 42 |
echo -n - |
| 43 |
got=1 |
| 44 |
break |
| 45 |
fi |
| 46 |
done; unset sni |
| 47 |
(( got != 1 )) && echo $mx >> $hostsfile.wrongcn && echo -n _ |
| 48 |
unset got |
| 49 |
|
| 50 |
(( debug == 1 )) && echo |
| 51 |
unset ip mx |
| 52 |
done && echo done |
| 53 |
|
|