diff options
| author | Luke Bratch <luke@bratch.co.uk> | 2019-12-19 10:13:42 +0000 |
|---|---|---|
| committer | Luke Bratch <luke@bratch.co.uk> | 2019-12-19 10:13:42 +0000 |
| commit | b579ea5b2d278302a249b3650eec836896cdccb2 (patch) | |
| tree | 0c5a217afa4be5c18b0a68353b5dcedcfa0dc61b | |
| parent | be560d35e9174d9605eb43cab9c6be9d60e6c653 (diff) | |
Add a timeout wrapper to the initial OpenSSL to deal with bad hosts.
| -rwxr-xr-x | certexpiry.sh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/certexpiry.sh b/certexpiry.sh index aafd57b..d564a5f 100755 --- a/certexpiry.sh +++ b/certexpiry.sh @@ -6,6 +6,8 @@ set -euo pipefail WARNSECONDS=1209600 # Two weeks # File containing a newline separated list of host:port combinations to be checked HOSTSANDPORTS="hostsandports.txt" +# Number of seconds before OpenSSL should timeout when connecting to hosts +TIMEOUT=10 # ==== Variables ==== # Loop through all host:port combinations @@ -45,7 +47,7 @@ while read -r HOSTANDPORT ; do fi set +e # Get the "Not After" field for the certificate expiry - EXPIRYSTRING=$(echo "Q" | openssl s_client $STARTTLS -connect "$HOST:$PORT" -servername "$HOST" "$PROTOCOL" 2> /dev/null | openssl x509 -noout -text 2> /dev/null | grep "Not After" | sed -r 's/\s*Not After : //') + EXPIRYSTRING=$(echo "Q" | timeout "$TIMEOUT" openssl s_client $STARTTLS -connect "$HOST:$PORT" -servername "$HOST" "$PROTOCOL" 2> /dev/null | openssl x509 -noout -text 2> /dev/null | grep "Not After" | sed -r 's/\s*Not After : //') RETCODE="$?" set -e done |