mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-11-29 07:59:24 +01:00
2015-02-24-znc160-ssl.md: update the function
ref: Mikaela/shell-things#64
This commit is contained in:
parent
ca9d425c36
commit
cea2122fa5
@ -61,16 +61,21 @@ from multiple places:
|
||||
```bash
|
||||
# Get server SSL certificate fingerprint in MD5, SHA1 and SHA256.
|
||||
# Note that OpenSSL doesn't support IPv6 at time of writing (2015-01-13).
|
||||
serversslcertfp() {
|
||||
SSSLCFFN="/tmp/$(date -Is).pem"
|
||||
openssl s_client -showcerts -connect $1 < /dev/null|tee $SSSLCFFN
|
||||
cat $SSSLCFFN|openssl x509 -md5 -fingerprint -noout
|
||||
cat $SSSLCFFN|openssl x509 -sha1 -fingerprint -noout
|
||||
cat $SSSLCFFN|openssl x509 -sha256 -fingerprint -noout
|
||||
rm $SSSLCFFN
|
||||
serversslcertfp () {
|
||||
SSSLCFFN=$(openssl s_client -showcerts -connect $1 < /dev/null)
|
||||
# To see all validity information
|
||||
echo $SSSLCFFN
|
||||
# For getting the fingerprints
|
||||
echo $SSSLCFFN | openssl x509 -md5 -fingerprint -noout
|
||||
echo $SSSLCFFN | openssl x509 -sha1 -fingerprint -noout
|
||||
echo $SSSLCFFN | openssl x509 -sha256 -fingerprint -noout
|
||||
unset SSSLCFFN
|
||||
}
|
||||
```
|
||||
|
||||
I hope this article has helped you to understand the issues with blindly
|
||||
accepting SSL certificates or at least to understand that *if you don't
|
||||
want to verify SSL certificates, don't use SSL.*
|
||||
|
||||
*Updated on 2015-02-26 10:43Z: just use environment variables in the
|
||||
function like suggested by @DarthGandalf on \#znc.*
|
||||
|
Loading…
Reference in New Issue
Block a user