diff --git a/tests/scripts/checkcerts.sh b/tests/scripts/checkcerts.sh
index 5c3d737e46e9a119f85d789ced39ed676baa084d..72aa9c53bdc02f767a528cbb6bb16ab3e43c2916 100755
--- a/tests/scripts/checkcerts.sh
+++ b/tests/scripts/checkcerts.sh
@@ -4,6 +4,9 @@
# Returns nonzero on failure. Fails if cert cannot be read or is older than
# $SOON (default 30).
#
+# Hard dependency: OpenSSL OR gnutls
+# Recommended: GNU date
+#
# zzz 2011-08
# kytv 2013-03
# public domain
@@ -22,51 +25,72 @@ elif [ $(which certtool) ]; then : ;else
exit 1
fi
-CHECKCERT() {
+# This "grouping hack" is here to prevent errors from being displayed with the
+# original Bourne shell (Linux shells don't need the {}s
+if { date --help;} >/dev/null 2>&1 ; then
+ HAVE_GNUDATE=1
+fi
+
+checkcert() {
if [ $OPENSSL ]; then
DATA=$(openssl x509 -enddate -noout -in $1| cut -d'=' -f2-)
else
DATA=$(certtool -i < "$1" | sed -e '/Not\sAfter/!d' -e 's/^.*:\s\(.*\)/\1/')
fi
# While this isn't strictly needed it'll ensure that the output is consistent,
- # regardles of the tool used.
- date -u -d "$(echo $DATA)" '+%F %H:%M'
+ # regardles of the tool used. Dates/times are formatting according to OpenSSL's output
+ # since this available by default on most systems.
+ if [ -n "$HAVE_GNUDATE" ]; then
+ LANG=C date -u -d "$(echo $DATA)" '+%b %d %H:%M:%S %Y GMT'
+ else
+ echo $DATA
+ fi
}
-
-cd `dirname $0`/../../installer/resources/certificates
-
-NOW=$(date -u '+%s')
-
-for i in *.crt
-do
- echo "Checking $i ..."
- EXPIRES=`CHECKCERT $i`
- if [ -z "$EXPIRES" ]; then
- echo "********* FAILED CHECK FOR $i *************"
- FAIL=1
- else
+compute_dates() {
+ # Date computations currently depend on GNU date(1).
+ # If run on a non-Linux system just print the expiration date.
+ # TODO Cross-platform date calculation support
+ if [ -n "$HAVE_GNUDATE" ]; then
SECS=$(date -u -d "$EXPIRES" '+%s')
DAYS="$(expr \( $SECS - $NOW \) / 86400)"
if [ $DAYS -ge $SOON ]; then
echo "Expires in $DAYS days ($EXPIRES)"
- elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then
- echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******"
- FAIL=1
- elif [ $DAYS -le $WARN ] && [ $DAYS -ge $SOON ]; then
- echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******"
elif [ $DAYS -eq 1 ]; then
DAYS=$(echo $DAYS | sed 's/^-//')
- echo "****** Check for $I failed, expires in $DAYS day ($EXPIRES) ******"
+ echo "****** Check for $I failed, expires tomorrow ($EXPIRES) ******"
FAIL=1
elif [ $DAYS -eq 0 ]; then
echo "****** Check for $i failed, expires today ($EXPIRES) ******"
FAIL=1
- elif [ $DAYS -le 0 ]; then
+ elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then
+ echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******"
+ FAIL=1
+ elif [ $DAYS -lt $WARN ] && [ $DAYS -gt $SOON ]; then
+ echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******"
+ elif [ $DAYS -lt 0 ]; then
DAYS=$(echo $DAYS | sed 's/^-//')
echo "****** Check for $i failed, expired $DAYS days ago ($EXPIRES) ******"
FAIL=1
fi
+ else
+ echo $EXPIRES
+ fi
+}
+
+cd `dirname $0`/../../installer/resources/certificates
+
+NOW=$(date -u '+%s')
+
+for i in *.crt
+do
+ echo "Checking $i ..."
+ EXPIRES=`checkcert $i`
+ if [ -z "$EXPIRES" ]; then
+ echo "********* FAILED CHECK FOR $i *************"
+ FAIL=1
+ else
+ compute_dates
fi
done