From ed2670679087bb52a6362b1240b9eefae976e83e Mon Sep 17 00:00:00 2001
From: Chl <chl-dev@bugness.org>
Date: Wed, 2 Oct 2019 02:20:14 +0200
Subject: [PATCH] script_refresh-proxied-certs: check expiry dates

---
 script_refresh-proxied-certs.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/script_refresh-proxied-certs.sh b/script_refresh-proxied-certs.sh
index 7b48e18..c9d9a7e 100755
--- a/script_refresh-proxied-certs.sh
+++ b/script_refresh-proxied-certs.sh
@@ -43,6 +43,12 @@ for i in *.crt; do
 			fi
 		fi
 	fi
+
+	# While we are at it, let's check the expiry dates
+	if [ "$( date --date="$( openssl x509 -noout -dates -in "$i" | sed -n '/^notAfter/s/^notAfter=//p' )" +%s )" -lt "$(( $( date +%s ) + 86400 ))" ]; then
+		echo "WARNING: certificate '$i' near or already expired." >&2
+		EXIT_STATUS=1
+	fi
 done
 
 # Cleanup and exit