Text-Processing
如何將 openssl 證書輸出解析為主機名和驗證碼?
我有這個 shell 程式碼,它從輸入文件中讀取主機名行,執行
openssl列印 ssl 證書資訊的命令,並在終端中輸出結果。while read x; do echo $x; echo | openssl s_client -servername "$x" -connect "$x":443 -CApath etc/ssl/certs/ca-certificates.crt 2>/dev/null; done <mylist.txt這是一個範例輸出:
example.com CONNECTED(00000003) --- Certificate chain 0 s:/CN=*.vhs.ir i:/CN=*.vhs.ir --- Server certificate -----BEGIN CERTIFICATE----- MIIC8jCCAdqgAwIBAgIFAgK8lFowDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwI Ki52aHMuaXIwHhcNMTcwMjA5MTIzMDUwWhcNMTgwMjA5MTIzMDUwWjATMREwDwYD VQQDDAgqLnZocy5pcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANvD aCQtMdGEPLpLAQGrnEpWjWHxolB71dYVXSBCBVAhjeCCBYtRnZSWFZRpNyskBHFc eUoGRc5FkZgetujWgBjvQrufug1gyzvcENZkmRcjnjRNDLguzkZDJNjRcm4gik47 1Q1eGD6oF50clDH5XyeLtedk+0buYGS5HvVWX4lNKn1bMWpeqU20paLa8G4eqV4z vNdE534rl9lYKMltD+y+/h+rhZ0Lq2Na+2P2a37NvOg67kkQbIl/SQticGT9Hvzj SQx7dnJXnLzt5eEq9I63/VxRcKBSiQLFyMCYBxbaf0Ru3X1Z+xLPpJ5wTpkIEUhe ik75xD92+aDQeKOu5WECAwEAAaNNMEswHQYDVR0OBBYEFGrN5RNdnvrtYiGAqYz/ gnvfYyEAMB8GA1UdIwQYMBaAFGrN5RNdnvrtYiGAqYz/gnvfYyEAMAkGA1UdEwQC MAAwDQYJKoZIhvcNAQELBQADggEBAEcJuLhZSDYpM+6icKak26A0oYxxLbSX9yJ2 vfnUWcBdV5AC47KwHbkre0VLcB4N0JmXRuxd9Jx/9RZJ5+wOm/vjmpuhqGUKcGEV nj1bsHqxAZkJ7WI3GD5ebo2iDwkQLGrJYn+EyoI4vKuLNy8G8RO7wO3i58ieRTvm c7yYb4zmmppPCSLAG4soXGTpWeMYCN3ogQj2r2AWMK8R5P4rNVqpicIIO758GrNX 8RKVP4zMfaBF4hfwehxFJtTd/SoL70UiIYAyktt6U3S7BN+8uImuJYPdjlyc7XwV 0zzlxW+f8BhPEZ8SV9wb6riT0ViU6LV2/qNmxeFJloyiyVFq2Wk= -----END CERTIFICATE----- subject=/CN=*.example.com issuer=/CN=*.example.com --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1444 bytes and written 325 bytes Verification error: certificate has expired --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 03FC884879FB1BC4E471721134E9FE75E08C0C36047D9A0C4570FE6EABA77F8C Session-ID-ctx: Master-Key: 38EE0A6AE709E2DCD11B5C47C19713B78FE3959B42498699D604940A9B62DD64D3C3E03918BF25FD5CECA7403EAE590E PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 10800 (seconds) TLS session ticket: 0000 - a4 da 49 66 62 ff aa e7-be bd 76 58 0e d5 fb 45 ..Ifb.....vX...E 0010 - d8 44 c8 2e b1 46 e9 22-6e eb e6 e3 0f eb 8f dc .D...F."n....... 0020 - 8a 57 16 a0 1b 16 36 33-87 2b a3 38 cc 1b 4e c0 .W....63.+.8..N. 0030 - f4 3c 9e d7 82 1d 34 ce-b2 bb 18 95 43 33 74 b7 .<....4.....C3t. 0040 - 24 65 7d 66 94 1e 4f e2-ff 19 e4 71 af bb 51 01 $e}f..O....q..Q. 0050 - f1 fd 55 26 0d 65 39 aa-ef b2 d4 12 84 29 57 96 ..U&.e9......)W. 0060 - 01 2b ae 36 c0 82 f6 e3-4e f9 3e 3b 6d 40 8f ae .+.6....N.>;m@.. 0070 - 9a f0 da 95 c2 61 90 42-38 f6 4f 43 78 a5 f4 a5 .....a.B8.OCx... 0080 - 16 27 c8 23 81 fe 98 59-52 87 c1 46 71 3a 34 5d .'.#...YR..Fq:4] 0090 - 6a 1b eb a8 4d 57 19 ea-0b 47 5e 39 8e 07 23 16 j...MW...G^9..#. 00a0 - 34 14 f4 0f 0e 4e 13 55-f8 76 10 64 6c 52 e6 c5 4....N.U.v.dlR.. 00b0 - 17 4b 5d 11 89 35 4e ae-97 f1 b7 36 f8 c4 03 56 .K]..5N....6...V Start Time: 1552057179 Timeout : 7200 (sec) Verify return code: 10 (certificate has expired) Extended master secret: no我想將結果輸出到一個文件中,每個主機(
x)用逗號分隔,它的驗證結果(即後面的文本Verify return code:)。我試圖
| grep "Verify return code:"在 shell 腳本中的命令之後添加行:但沒有工作。如何讓 shell 腳本將輸出列印為: x,(what come after
"Verify return code:") ?例子:
example.com,10(證書已過期)
使用
awk:while read -r x do vreturn=$(echo | openssl s_client -servername "$x" -connect "$x":443 -CApath etc/ssl/certs/ca-certificates.crt 2>/dev/null | awk -F\: '$1 ~ "Verify return code"{print $2}') echo "${x},$vreturn" done <mylist.txt這將
:用作欄位分隔符並將變數設置為包含在其第一行中vreturn的任何行的第二個欄位。Verify return code
;也不需要在每行的末尾進行註釋。我已經在
-r您的命令中添加了該選項read,這主要是出於習慣,但這將防止您的主機名中可能存在的任何反斜杠(不太可能)被解釋為轉義字元。