Index: trunk/server/fedora/config/etc/pki/tls/certs/check.pl =================================================================== --- trunk/server/fedora/config/etc/pki/tls/certs/check.pl (revision 2544) +++ trunk/server/fedora/config/etc/pki/tls/certs/check.pl (revision 2545) @@ -1,28 +1,49 @@ #!/usr/bin/perl +use strict; +use warnings; +use autodie; +use Date::Parse; use File::Basename; -use Date::Parse; +use Getopt::Long qw(:config bundling); +use IPC::Open2; -my $dir = dirname($0); -chdir $dir or die "Failed to chdir('$dir'): $!"; +chdir dirname($0); my $now = time(); -our $verbose = 0; -$verbose = 1 if ($ARGV[0] eq "-v"); +GetOptions( + "verbose|v" => \my $verbose, +) or exit 2; use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days foreach my $cert (glob "*.pem") { - open(X509, "-|", qw(openssl x509 -in), $cert, qw(-enddate -noout)) or die "Couldn't invoke openssl x509: $!"; - chomp(my $exp = ); - close(X509); - $exp =~ s/^notAfter=// or warn "Cert appears broken: $cert"; + open(CERT, "<", $cert); + my $ins = do {local $/; }; + close(CERT); - my $time = str2time($exp); + for my $in ($ins =~ /^-----BEGIN CERTIFICATE-----\n.*?^-----END CERTIFICATE-----\n/msg) { + my $pid = open2(\*X509, \*IN, qw(openssl x509 -enddate -noout)); + print IN $in; + close(IN); + my $out = do {local $/; }; + close(X509); + waitpid($pid, 0); - if ($verbose || ($time - $now) <= WARNING) { - printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert; - system(qw(openssl x509 -in), $cert, qw(-subject -noout)); + my $exp; + unless (defined $out and ($exp) = $out =~ /^notAfter=(.*)$/m) { + warn "Cert appears broken: $cert"; + next; + } + + my $time = str2time($exp); + + if ($verbose || ($time - $now) <= WARNING) { + printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert; + open(IN, '|-', qw(openssl x509 -subject -noout)); + print IN $in; + close(IN); + } } }