58 lines
1.1 KiB
Bash
Executable File
58 lines
1.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -Eeuo pipefail
|
|
|
|
declare target_host='' \
|
|
target_port=''
|
|
|
|
declare -r \
|
|
cert_start_marker='-----BEGIN CERTIFICATE-----' \
|
|
cert_end_marker='-----END CERTIFICATE-----'
|
|
|
|
|
|
print_help() {
|
|
echo 'get-ca'
|
|
echo
|
|
echo 'Prints the last certificate in the trust chain sent by an HTTPS server.'
|
|
echo
|
|
echo -e 'Requirements:'
|
|
echo -e '\t* openssl'
|
|
echo
|
|
echo -e 'Usage:'
|
|
echo -e "${0} [-p target_port] target_host"
|
|
echo -e '\t-p\tSpecify the port to connect to. Defaults to 443.'
|
|
echo -e '\t-h\tPrint this help'
|
|
}
|
|
|
|
unknown_flag() {
|
|
print_help
|
|
exit 1
|
|
}
|
|
|
|
|
|
# Parse flags
|
|
while getopts h opt; do
|
|
case "$opt" in
|
|
h) print_help; exit 0 ;;
|
|
*) unknown_flag ;;
|
|
esac
|
|
done
|
|
shift "$((OPTIND-1))"
|
|
|
|
if [ "$#" -ne 1 ]; then
|
|
>&2 echo "${0} requires one positional argument: the target host[:port]."
|
|
exit 2
|
|
fi
|
|
|
|
target_host="${1%:*}"
|
|
target_port="${1##*:}"
|
|
if [[ "$target_port" == "$target_host" ]]; then
|
|
target_port=443
|
|
fi
|
|
|
|
echo -n \
|
|
| openssl s_client -showcerts -servername "$target_host" -connect "${target_host}:${target_port}" 2>/dev/null \
|
|
| tac \
|
|
| sed -n "/${cert_end_marker}/,/${cert_start_marker}/p;/${cert_start_marker}/q" \
|
|
| tac
|