-
Notifications
You must be signed in to change notification settings - Fork 39
/
get-ssl-fingerprint
executable file
·62 lines (56 loc) · 1.65 KB
/
get-ssl-fingerprint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env bash
##############################################################################
#
# get-ssl-fingerprint
# -------------------
# Get a cert fingerprint after pulling the cert down.
#
# @author Isis Agora Lovecruft, 0x2cdb8b35
# @date 22 February 2013
# @version 0.0.2
##############################################################################
function usage () {
this="${0##*/}"
printf "Usage: %s [-h] [-t digest] <host:port>\n\n" $this
cat <<EOF
Example: "$ $this -t sha512 blog.patternsinthevoid.net:443"
Options:
-h Halp
-t digest Hash digest for computing the fingerprint
-l List supported digest types
EOF
}
function listdigests () {
openssl list-message-digest-algorithms >/dev/null
if test "$?" -eq "0"; then
openssl list-message-digest-algorithms
else
printf "Your OpenSSL version is very old. You should update it.\n\n"
openssl list-message-digest-commands
fi
}
if test "$#" -ge "1"; then
while getopts hlt: x; do
case $x in
h ) usage && exit 0 ;;
l ) listdigests && exit 0 ;;
t ) fprtype='-'$OPTARG ;;
* ) usage && exit 2 ;;
esac
done
shift $((OPTIND - 1))
host=$1
if test -n "$host"; then
if test -n "${fprtype}"; then
openssl s_client -connect $host </dev/null 2>/dev/null | \
openssl x509 -in /dev/stdin -noout -fingerprint $fprtype
else
openssl s_client -connect $host </dev/null 2>/dev/null | \
openssl x509 -in /dev/stdin -noout -fingerprint
fi
fi
exit $?
else
usage
exit 1
fi