Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

script is broken if reading from file #96

Open
hanscees opened this issue Aug 20, 2020 · 6 comments
Open

script is broken if reading from file #96

hanscees opened this issue Aug 20, 2020 · 6 comments

Comments

@hanscees
Copy link

hanscees commented Aug 20, 2020
edited
Loading

When I fire the script to read from file it fails:

./ssl-cert-check  -f ssldomains

ERROR: The file named /var/tmp/cert.ueLNSS is unreadable or doesn't exist
ERROR: Please check to make sure the certificate for www.bomengids.nl:443:www.bomengids.nl:443 is valid

cat ssldomains 
www.nu.nl:443
www.bomengids.nl:443

when I use it interactively it works fine

root@mail # ./ssl-cert-check  -s www.nu.nl -p 443

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
@Matty9191
Copy link
Owner

Matty9191 commented Aug 20, 2020
edited
Loading

Your syntax is incorrect. There should be a space between the domain name and port:

$ ssl-cert-check -f domains

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
www.bomengids.nl:443                            Valid        Jul 23, 2021  337

Please see this article for practical examples.

@hanscees
Copy link
Author

here is the fix
b257b93#diff-86977fd8bc9006d031d54752a7b726d1

@hanscees
Copy link
Author

hanscees commented Aug 20, 2020
edited
Loading

Your syntax is incorrect. There should be a space between the domain name and port:

$ ssl-cert-check -f domains

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
www.nu.nl:443                                   Valid        Nov  2, 2020   74
www.bomengids.nl:443                            Valid        Jul 23, 2021  337

Please see this article for practical examples.

If that is the case, could you please edit the documentation, since nowhere it is stated what the file to read form should look like.

If you could perhaps adjust this line

  -f cert file      : File with a list of FQDNs and ports

like so

  -f cert file      : File with a list of FQDNs and ports. FQDN and ports should be on one line separated by a space.

I apologize if I overlooked something!

@Matty9191
Copy link
Owner

This is thoroughly documented in the official documentation.

@hanscees
Copy link
Author

This is thoroughly documented in the official documentation.

it is not here:
https://github.com/Matty9191/ssl-cert-check/blob/master/README.md
unless you go and check the additional information.

it is not here:
./ssl-cert-check -h

So by no means is it thoroughly documented. I see two places you can improve that.

@hanscees
Copy link
Author

Anyway, I learned a great deal on openssl from analysing this script.

I did find one error it does not catch:

# openssl s_client -connect nc.hanscees.com:443 -servername nc.hanscees.com
socket: Bad file descriptor
connect:errno=9

In this situation the server does resolve, but wrongly and no certificate is downloaded. Your error checking gets a lot of errors, but misses this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hanscees @Matty9191