don't calculate sha sums for the certificates over and over

we can use cksum to calculate simple checksum much faster than with using openssl, so we can compute sums only once
2024-11-22 22:33:40 +01:00 · 2014-07-12 14:17:52 +02:00 · 2014-07-12 14:17:52 +02:00 · bcfe0dbae1
commit bcfe0dbae1
parent ef4786f1d7
1 changed files with 23 additions and 7 deletions
--- a/30
+++ b/30
@ -35,6 +35,10 @@ CAPATH=""
 SAVECRT=""
 unset ok_protocols
 declare -A ok_protocols
+unset known_certs
+declare -A known_certs
+unset cert_checksums
+declare -A cert_checksums

 usage() {
    echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [--capath directory] [-d|--delay seconds] [-D|--debug] [-j|--json] [--savecrt directory] [-v|--verbose] [-o|--openssl file] [openssl s_client args] <target:port>
@ -165,15 +169,25 @@ test_cipher_on_target() {
        for ((i=0; i<$certificate_count; i=i+1 )); do

            # extract i'th certificate
-            local cert=$(awk -v i=$i 'split_after == 1 {n++;split_after=0}
-            /-----END CERTIFICATE-----/ {split_after=1}
-            {if (n == i) print }
-            ' <<<"$tmp")
-            # clean up the cert from junk before BEGIN CERTIFICATE
-            cert=$(${OPENSSLBIN} x509 <<<"$cert" 2>/dev/null)
+            local cert=$(awk -v i=$i 'BEGIN { output=0;n=0 }
+            /-----BEGIN CERTIFICATE-----/ { output=1 }
+            output==1 { if (n==i) print }
+            /-----END CERTIFICATE-----/ { output=0; n++ }' <<<"$tmp")
+            # put the output to an array instead awk '{print $1}'
+            local cksum=($(cksum <<<"$cert"))
+            # compare the values not just checksums so that eventual collision
+            # doesn't mess up results
+            if [[ ${known_certs[$cksum]} == $cert ]]; then
+                if [ -n "${current_certificates}" ]; then
+                    current_certificates+=","
+                fi
+                current_certificates+="\"${cert_checksums[$cksum]}\""
+                continue
+            fi

            # compute sha256 fingerprint of the certificate
-            local sha256sum=$(${OPENSSLBIN} x509 -outform DER <<<"$cert" 2>/dev/null |\
+            local sha256sum=$(${OPENSSLBIN} x509 -outform DER\
+                <<<"$cert" 2>/dev/null |\
                ${OPENSSLBIN} dgst -sha256 -r 2>/dev/null| awk '{print $1}')

            # check if it is a CA certificate
@ -219,6 +233,8 @@ test_cipher_on_target() {
                current_certificates+=","
            fi
            current_certificates+="\"${sha256sum}\""
+            known_certs[$cksum]="$cert"
+            cert_checksums[$cksum]="$sha256sum"
        done
        debug "current_certificates: $current_certificates"