ssl-cert-check icon indicating copy to clipboard operation
ssl-cert-check copied to clipboard

Published 20 hours ago verified publisher icon Matty9191

script is broken if reading from file

Open hanscees opened this issue 5 years ago • 6 comments

When I fire the script to read from file it fails:

./ssl-cert-check  -f ssldomains

ERROR: The file named /var/tmp/cert.ueLNSS is unreadable or doesn't exist
ERROR: Please check to make sure the certificate for www.bomengids.nl:443:www.bomengids.nl:443 is valid

cat ssldomains 
www.nu.nl:443
www.bomengids.nl:443

when I use it interactively it works fine

root@mail # ./ssl-cert-check  -s www.nu.nl -p 443

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74

hanscees avatar Aug 20 '20 12:08 hanscees

Your syntax is incorrect. There should be a space between the domain name and port:

$ ssl-cert-check -f domains

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
www.bomengids.nl:443                            Valid        Jul 23, 2021  337

Please see this article for practical examples.

Matty9191 avatar Aug 20 '20 13:08 Matty9191

here is the fix https://github.com/Matty9191/ssl-cert-check/commit/b257b9364ea8cbc23d0b83e9401d19b9874d12b7#diff-86977fd8bc9006d031d54752a7b726d1

hanscees avatar Aug 20 '20 14:08 hanscees

Your syntax is incorrect. There should be a space between the domain name and port:

$ ssl-cert-check -f domains

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
www.bomengids.nl:443                            Valid        Jul 23, 2021  337

Please see this article for practical examples.

If that is the case, could you please edit the documentation, since nowhere it is stated what the file to read form should look like.

If you could perhaps adjust this line

  -f cert file      : File with a list of FQDNs and ports

like so

  -f cert file      : File with a list of FQDNs and ports. FQDN and ports should be on one line separated by a space.

I apologize if I overlooked something!

hanscees avatar Aug 20 '20 14:08 hanscees

This is thoroughly documented in the official documentation.

Matty9191 avatar Aug 20 '20 14:08 Matty9191

This is thoroughly documented in the official documentation.

it is not here: https://github.com/Matty9191/ssl-cert-check/blob/master/README.md unless you go and check the additional information.

it is not here: ./ssl-cert-check -h

So by no means is it thoroughly documented. I see two places you can improve that.

hanscees avatar Aug 20 '20 14:08 hanscees

Anyway, I learned a great deal on openssl from analysing this script.

I did find one error it does not catch:

# openssl s_client -connect nc.hanscees.com:443 -servername nc.hanscees.com
socket: Bad file descriptor
connect:errno=9

In this situation the server does resolve, but wrongly and no certificate is downloaded. Your error checking gets a lot of errors, but misses this one.

hanscees avatar Aug 22 '20 12:08 hanscees