Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to create a simple script where it compares certain parameters of SSL certificates using OpenSSL and prints out the results
I am having issues with variables
I am doing something wrong in the script below, because of which OpenSSL is trying to find a cert named CERT1 and CERT2 instead of actually picking up values (real file locations) of CERT1 and CERT2
**********************
Actual Script:
cat work_in_progress_cert_chain
#!/bin/bash
echo "How many certificates to evaluate? Please enter numerical value"
read NO_OF_CERTS
i=1
while [ $i -le $NO_OF_CERTS ]
do
echo "What's the cert file in PEM?"
read CERT$i
export CERT$i
((i++))
done
i=1
while [ $i -le $NO_OF_CERTS ]
do
if [ $(openssl x509 -subject -in CERT${i} -noout | tr -d ' ' | cut -c11- ) = $(openssl x509 -issuer -noout -in CERT${i} | tr -d ' ' | cut -c10- ) ] ;
then
echo "THIS IS A ROOT CERT"
((i++))
echo $CERT1
echo $CERT2
fi
done
**********************
o/p after running the script with -xv
bash -xv work_in_progress_cert_chain
#!/bin/bash
echo "How many certificates to evaluate? Please enter numerical value"
+ echo 'How many certificates to evaluate? Please enter numerical value'
How many certificates to evaluate? Please enter numerical value
read NO_OF_CERTS
+ read NO_OF_CERTS
2
i=1
+ i=1
while [ $i -le $NO_OF_CERTS ]
do
echo "What's the cert file in PEM?"
read CERT$i
export CERT$i
((i++))
done
+ '[' 1 -le 2 ']'
+ echo 'What'\''s the cert file in PEM?'
What's the cert file in PEM?
+ read CERT1
root.cer
+ export CERT1
+ (( i++ ))
+ '[' 2 -le 2 ']'
+ echo 'What'\''s the cert file in PEM?'
What's the cert file in PEM?
+ read CERT2
root.cer
+ export CERT2
+ (( i++ ))
+ '[' 3 -le 2 ']'
Please use code tags to make your code more readable. Also, if you post a wall of text of debugging information, please point out where the program doesn't behave as expected.
Having said that, it seems your problem is the openssl command. You provide an option "-in CERT$i", and really want it to be something like "-in ${CERT${i}}". Do I understand you correctly?
The problem is that such nested variable evaulations don't work. They are syntactically incorrect; bash doesn't evaluate variables recursively. You can use the "eval" command to help, but it is considered problematic (google for eval evil to find out why).
I think your best solution here is to use arrays - ${CERT[$i]} (or whatever the correct syntax is) will work. For further information, see the bash guide at mywiki.wooledge.org, and the advanced bash scripting guide at tldp.org. The bash reference at gnu.org might be handy as well, concise though perhaps not that easy to read.
I suggest that you read your input into an array. At the command line the input can be terminated with Ctrl-D (the EOF charecter).
Some example code showing assigning to the array and accessing the array
Code:
#!/bin/bash
n=0
while read line ; do
CERT[$n]=$line
((n++))
done
echo "n= $n"
for ((i=0; i<=n; i++)); do
echo "${CERT[$i]}"
done
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.