Mikaela
/
mikaela.github.io
mirror of https://github.com/mikaela/mikaela.github.io/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

2015-02-24-znc160-ssl.md: update the function 

ref: Mikaela/shell-things#64
This commit is contained in:
Aminda Suomalainen 2015-02-27 12:44:09 +02:00
parent ca9d425c36
commit cea2122fa5
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
_posts/2015-02-24-znc160-ssl.md
View File

@ -61,16 +61,21 @@ from multiple places:
```bash
# Get server SSL certificate fingerprint in MD5, SHA1 and SHA256.
# Note that OpenSSL doesn't support IPv6 at time of writing (2015-01-13).
serversslcertfp() {
SSSLCFFN="/tmp/$(date -Is).pem"
openssl s_client -showcerts -connect $1 < /dev/null|tee $SSSLCFFN
cat $SSSLCFFN|openssl x509 -md5 -fingerprint -noout
cat $SSSLCFFN|openssl x509 -sha1 -fingerprint -noout
cat $SSSLCFFN|openssl x509 -sha256 -fingerprint -noout
rm $SSSLCFFN
serversslcertfp () {
SSSLCFFN=$(openssl s_client -showcerts -connect $1 < /dev/null)
# To see all validity information
echo $SSSLCFFN
# For getting the fingerprints
echo $SSSLCFFN | openssl x509 -md5 -fingerprint -noout
echo $SSSLCFFN | openssl x509 -sha1 -fingerprint -noout
echo $SSSLCFFN | openssl x509 -sha256 -fingerprint -noout
unset SSSLCFFN
}
```
I hope this article has helped you to understand the issues with blindly
accepting SSL certificates or at least to understand that *if you don't
want to verify SSL certificates, don't use SSL.*
*Updated on 2015-02-26 10:43Z: just use environment variables in the
function like suggested by @DarthGandalf on \#znc.*