+#!/bin/sh
+
+set -e
+set -u
+
+ports="443"
+while getopts "hp:" opt; do
+ case "$opt" in
+ h)
+ echo "Usage: $0 [-p=ports] certificates..."
+ exit 0
+ ;;
+ p)
+ ports=$OPTARG
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+for crt in "$@"; do
+ echo "Certificate ${crt}..."
+ digest=$(openssl x509 -in "$crt" -noout -pubkey | openssl rsa -pubin -outform der 2>/dev/null | sha256sum | awk '{print $1}')
+
+ (
+ openssl x509 -noout -text < "$crt" | awk '/X509v3 Subject Alternative Name/ {getline;gsub(/ /, "", $0); print}' | tr ',' '\n' | awk -F: '$1=="DNS" {print $2}';
+ openssl x509 -noout -subject < "$crt" | sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/'
+ ) | sort -u | while read cn; do
+ for port in $ports; do
+ printf "_%d._tcp.%-40s IN TLSA 3 1 1 %s\n" "${port}" "${cn}." "${digest}"
+ done
+done
+done
projects / shutils.git / commitdiff