The code to "understand" the notAfter output is fairly simple. You can use either Date::Parse or a kluge using Date::Calc like this:
use Date::Calc( qw"Decode_Month Add_Delta_YMDHMS Date_to_Time Date_to_Text Timezone" );
print ($ed=<STDIN>),"\n"; # <---- This is the output from -enddate:
if ( ($m,$d,$h,$n,$s,$y) =
($ed=~/^notAfter=([A-Za-z]{3})\s(\d\d)\s(\d\d):(\d\d):(\d\d)\s(\d{4})\sGMT$/)
) {
$m = Decode_Month($m);printf "%s %02d:%02d:%02d GMT\n", Date_to_Text($y,$m,$d),$h,$n,$s;
($y,$m,$d,$h,$n,$s) = Add_Delta_YMDHMS( $y,$m,$d,$h,$n,$s, (Timezone Date_to_Time $y,$m,$d,$h,$n,$s)[0..5] );
printf "%s %02d:%02d:%02d Local\n", Date_to_Text($y,$m,$d),$h,$n,$s;
} else {print "nomatch\n";
}
Olaf Gellert wrote:
Patrick Heim wrote:
Does anoyne know of a tool or a way to script OpenSSL to:
1. Connect to an SSL enabled server 2. Retrieve the server certificate 3. Parse it for the certificate expiration date
Well, you can use "openssl s_client" to connect to the server:
openssl s_client -connect www.servername.de:port -showcerts
From the output you can extract the server certificate(choosing the certificate which has the according common name ( s:/C=[whatever]/CN=www.servername.de
This certificate you can put into a file and run openssl x509 on it:
openssl x509 -noout -in bbbb.pem -enddate
The output is like this:
notAfter=Sep 24 09:35:00 2004 GMT
That's what you want, I guess...
So a little bit of perl calling openssl twice (once with s_client, once with x509) and parsing the output should be sufficient.
Cheers,
Olaf
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
