From bd699c887ccaae5d6e84aeba3ad9cc342d8cb24b Mon Sep 17 00:00:00 2001 From: colin Date: Tue, 20 Dec 2022 03:25:07 +0000 Subject: [PATCH] sane-ssl-dump: new script to help debug ssl stuff --- pkgs/sane-scripts/default.nix | 2 ++ pkgs/sane-scripts/src/sane-ssl-dump | 15 +++++++++++++++ 2 files changed, 17 insertions(+) create mode 100755 pkgs/sane-scripts/src/sane-ssl-dump diff --git a/pkgs/sane-scripts/default.nix b/pkgs/sane-scripts/default.nix index c9c9a5d5..b43ddd47 100644 --- a/pkgs/sane-scripts/default.nix +++ b/pkgs/sane-scripts/default.nix @@ -38,6 +38,7 @@ resholve.mkDerivation { ncurses oath-toolkit openssh + openssl rmlint rsync ssh-to-age @@ -53,6 +54,7 @@ resholve.mkDerivation { "/tmp/rmlint.sh" = true; # intentionally escapes (into user code) "$external_cmd" = true; + "$maybe_sudo" = true; }; fake = { external = [ diff --git a/pkgs/sane-scripts/src/sane-ssl-dump b/pkgs/sane-scripts/src/sane-ssl-dump new file mode 100755 index 00000000..ce20bc34 --- /dev/null +++ b/pkgs/sane-scripts/src/sane-ssl-dump @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +# dump info about the provided SSL certificate +cert="$1" +maybe_sudo= + +if ! (test -e "$cert") +then + cert="/var/lib/acme/${cert}/full.pem" + maybe_sudo=sudo +fi + +# $maybe_sudo openssl x509 -in "$file" -text +$maybe_sudo openssl crl2pkcs7 -nocrl -certfile "$cert" | openssl pkcs7 -print_certs -text -noout +