Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2024-11-29 07:59:24 +01:00
Code Issues Projects Releases Wiki Activity

2015-02-24-znc160-ssl.md: update the function

Browse Source 
ref: Mikaela/shell-things#64
This commit is contained in:
Aminda Suomalainen 2015-02-27 12:44:09 +02:00
parent ca9d425c36
commit cea2122fa5
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
_posts/2015-02-24-znc160-ssl.md
View File

@ -61,16 +61,21 @@ from multiple places:
```bash ```bash
# Get server SSL certificate fingerprint in MD5, SHA1 and SHA256. # Get server SSL certificate fingerprint in MD5, SHA1 and SHA256.
# Note that OpenSSL doesn't support IPv6 at time of writing (2015-01-13). # Note that OpenSSL doesn't support IPv6 at time of writing (2015-01-13).
serversslcertfp() { serversslcertfp () {
SSSLCFFN="/tmp/$(date -Is).pem" SSSLCFFN=$(openssl s_client -showcerts -connect $1 < /dev/null)
openssl s_client -showcerts -connect $1 < /dev/null|tee $SSSLCFFN # To see all validity information
cat $SSSLCFFN|openssl x509 -md5 -fingerprint -noout echo $SSSLCFFN
cat $SSSLCFFN|openssl x509 -sha1 -fingerprint -noout # For getting the fingerprints
cat $SSSLCFFN|openssl x509 -sha256 -fingerprint -noout echo $SSSLCFFN | openssl x509 -md5 -fingerprint -noout
rm $SSSLCFFN echo $SSSLCFFN | openssl x509 -sha1 -fingerprint -noout
echo $SSSLCFFN | openssl x509 -sha256 -fingerprint -noout
unset SSSLCFFN
} }
``` ```
I hope this article has helped you to understand the issues with blindly I hope this article has helped you to understand the issues with blindly
accepting SSL certificates or at least to understand that *if you don't accepting SSL certificates or at least to understand that *if you don't
want to verify SSL certificates, don't use SSL.* want to verify SSL certificates, don't use SSL.*
*Updated on 2015-02-26 10:43Z: just use environment variables in the
function like suggested by @DarthGandalf on \#znc.*