diff options
| -rwxr-xr-x | certexpiry.sh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/certexpiry.sh b/certexpiry.sh index aafd57b..d564a5f 100755 --- a/certexpiry.sh +++ b/certexpiry.sh @@ -6,6 +6,8 @@ set -euo pipefail WARNSECONDS=1209600 # Two weeks # File containing a newline separated list of host:port combinations to be checked HOSTSANDPORTS="hostsandports.txt" +# Number of seconds before OpenSSL should timeout when connecting to hosts +TIMEOUT=10 # ==== Variables ==== # Loop through all host:port combinations @@ -45,7 +47,7 @@ while read -r HOSTANDPORT ; do fi set +e # Get the "Not After" field for the certificate expiry - EXPIRYSTRING=$(echo "Q" | openssl s_client $STARTTLS -connect "$HOST:$PORT" -servername "$HOST" "$PROTOCOL" 2> /dev/null | openssl x509 -noout -text 2> /dev/null | grep "Not After" | sed -r 's/\s*Not After : //') + EXPIRYSTRING=$(echo "Q" | timeout "$TIMEOUT" openssl s_client $STARTTLS -connect "$HOST:$PORT" -servername "$HOST" "$PROTOCOL" 2> /dev/null | openssl x509 -noout -text 2> /dev/null | grep "Not After" | sed -r 's/\s*Not After : //') RETCODE="$?" set -e done |