mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-12-01 17:09:32 +01:00
2015-02-24-znc160-ssl.md: update the function
ref: Mikaela/shell-things#64
This commit is contained in:
parent
ca9d425c36
commit
cea2122fa5
@ -61,16 +61,21 @@ from multiple places:
|
|||||||
```bash
|
```bash
|
||||||
# Get server SSL certificate fingerprint in MD5, SHA1 and SHA256.
|
# Get server SSL certificate fingerprint in MD5, SHA1 and SHA256.
|
||||||
# Note that OpenSSL doesn't support IPv6 at time of writing (2015-01-13).
|
# Note that OpenSSL doesn't support IPv6 at time of writing (2015-01-13).
|
||||||
serversslcertfp() {
|
serversslcertfp () {
|
||||||
SSSLCFFN="/tmp/$(date -Is).pem"
|
SSSLCFFN=$(openssl s_client -showcerts -connect $1 < /dev/null)
|
||||||
openssl s_client -showcerts -connect $1 < /dev/null|tee $SSSLCFFN
|
# To see all validity information
|
||||||
cat $SSSLCFFN|openssl x509 -md5 -fingerprint -noout
|
echo $SSSLCFFN
|
||||||
cat $SSSLCFFN|openssl x509 -sha1 -fingerprint -noout
|
# For getting the fingerprints
|
||||||
cat $SSSLCFFN|openssl x509 -sha256 -fingerprint -noout
|
echo $SSSLCFFN | openssl x509 -md5 -fingerprint -noout
|
||||||
rm $SSSLCFFN
|
echo $SSSLCFFN | openssl x509 -sha1 -fingerprint -noout
|
||||||
|
echo $SSSLCFFN | openssl x509 -sha256 -fingerprint -noout
|
||||||
|
unset SSSLCFFN
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
I hope this article has helped you to understand the issues with blindly
|
I hope this article has helped you to understand the issues with blindly
|
||||||
accepting SSL certificates or at least to understand that *if you don't
|
accepting SSL certificates or at least to understand that *if you don't
|
||||||
want to verify SSL certificates, don't use SSL.*
|
want to verify SSL certificates, don't use SSL.*
|
||||||
|
|
||||||
|
*Updated on 2015-02-26 10:43Z: just use environment variables in the
|
||||||
|
function like suggested by @DarthGandalf on \#znc.*
|
||||||
|
Loading…
Reference in New Issue
Block a user