+++ /dev/null
-#! /bin/sh -e
-
-conf=/etc/ca/check-x509-certs.conf
-time=$(( 7 * 86400 ))
-usage="usage: $0 [-c CONF] [-d DAYS] [-s SECS]"
-
-while getopts c:d:s: opt; do
- case "$opt" in
- c) conf=$OPTARG ;;
- d) time=$(( $OPTARG * 86400 )) ;;
- s) time=$OPTARG ;;
- *) echo >&2 "$usage"; exit 1 ;;
- esac
-done
-shift $(( $OPTIND - 1 ))
-case $# in 0) ;; *) echo >&2 "$usage"; exit 1 ;; esac
-
-if [ ! -f $conf ]; then exit 0; fi
-
-any=nil
-while read line; do
- case "$line" in "" | "#"*) continue ;; esac
- file=$line
- if openssl x509 -in "$file" -noout -checkend $time; then
- continue
- fi
- if openssl x509 -in "$file" -noout -checkend 0; then
- state="expires soon"
- else
- state="ALREADY EXPIRED!"
- fi
- case $any in nil) any=t ;; t) echo ;; esac
- echo "$file: $state"
- openssl x509 -in "$file" -noout -issuer -dates
-done <"$conf"