Update extraction of certificate issuer

[michaelzischka]

The issuer can be extracted from the temporary certificate file.

When using ssl-cert-check in Debian Stretch, the issuer will not be extracted, because the regular expression does not fit anymore when using openssl command. The format of the temporary certificate file is the same as in previous Debian releases, therefore the regular expression to extract the issuer still fits and grep does the job.

This is not tested against other Linux distributions.

[Matty9191]

Hey Michael,

Could I get a copy of the temporary certificate that isn't matching the regex? Also, which version of openssl does stretch ship with? I've tested the script on Ubuntu, CentOS and Fedora and it works like a champ. Curious what is different with Debian.

Thanks,

• Ryan

[michaelzischka]

Hey Ryan,

the returned value of the openssl statement before my change would return the line:

issuer=C = US, O = "thawte, Inc.", CN = thawte SHA256 SSL CA

So you see, that the piped awk statement would fail to provide the correct issuer from the O field, because the record separator is not /. Therefore I extracted the issuer with a grep statement from the input file, because its format is the same for all my tested Debian versions.

In Debian 9.0 the used OpenSSL version is 1.1.0f, but I don't know, if that's the problem.

Maybe there is another workaround.

Unfortunately I don't have other Linux distributions around, so I don't know, if my change breaks on them.

Regards, Michael