git: d3c43b50d8 - main - remove stale cgi script /cgi/fingerprints.cgi
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 06 Feb 2023 06:57:16 UTC
The branch main has been updated by wosch: URL: https://cgit.FreeBSD.org/doc/commit/?id=d3c43b50d8ab5894cb199ae31b41558e097c5a1a commit d3c43b50d8ab5894cb199ae31b41558e097c5a1a Author: Wolfram Schneider <wosch@FreeBSD.org> AuthorDate: 2023-02-06 06:56:07 +0000 Commit: Wolfram Schneider <wosch@FreeBSD.org> CommitDate: 2023-02-06 06:56:07 +0000 remove stale cgi script /cgi/fingerprints.cgi The script fingerprints.cgi is no longer really in use and there are better tools as ldns-dane(1) to validation TLSA records. Approved by: peter, philip --- website/content/en/cgi/fingerprints.cgi | 58 --------------------------------- 1 file changed, 58 deletions(-) diff --git a/website/content/en/cgi/fingerprints.cgi b/website/content/en/cgi/fingerprints.cgi deleted file mode 100755 index bc99be8985..0000000000 --- a/website/content/en/cgi/fingerprints.cgi +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/perl -T -# -# Display current HTTPS/SSL/TLS certificate fingerprints. -# Should be replaced with something better. -# -# $FreeBSD$ - -require "./cgi-lib.pl"; -require "./cgi-style.pl"; -$ENV{PATH} = '/bin:/usr/bin'; - -# There is an internal post-renew propagation window of about 5-10 minutes. -# However, the script is expensive so we leverage the cache. The problem -# is that people could come here immediately after a fingerprint mismatch -# so we have to be quick to update. -print "Cache-control: public; max-age=120\n"; # 2 minutes -print &short_html_header("FreeBSD HTTPS/SSL/TLS Server Certificate Fingerprints"); - -print qq{<h1>FreeBSD HTTPS/SSL/TLS Server Certificate Fingerprints</h1>\n}; -print qq{<p>The FreeBSD Project makes use of <a href="https://letsencrypt.org">Let's Encrypt</a> certificates for many of its HTTPS/SSL/TLS services. These certificates are automatically updated every 60 days. The current certificate fingerprints of significant services are listed below.</p>\n}; - -# Note: These are all case sensitive. Use lower case to match the file names. -&Fingerprint('git.freebsd.org'); -&Fingerprint('svn.freebsd.org'); -&Fingerprint('download.freebsd.org'); -&Fingerprint('pkg.freebsd.org'); - -print qq{<p>These fingerprints may be helpful in situations where automatic verification is not available.</p>\n}; -print &html_footer; -exit 0; - -sub Fingerprint -{ - my ($domain) = @_; - - my $message; - my $sha1, $sha256; - if ( -e "/etc/clusteradm/acme-certs/$domain.crt" ) { - $sha1 = `/usr/bin/openssl x509 -fingerprint -noout -sha1 -in /etc/clusteradm/acme-certs/$domain.crt`; - $sha256 = `/usr/bin/openssl x509 -fingerprint -noout -sha256 -in /etc/clusteradm/acme-certs/$domain.crt`; - chomp($sha1); - chomp($sha256); - $sha1 =~ s/^.*=//; - $sha256 =~ s/^.*=//; - } else { - $sha1 = 'Error'; - $sha256 = 'Error'; - } - - $message = qq{<p>The fingerprints of the current <b>$domain</b> certificate are:</p>\n}; - $message .= qq{<div class="informaltable"><table border="1"><colgroup><col /><col /></colgroup>}; - $message .= qq{<thead><tr><th>Hash</th><th>Fingerprint</th></tr></thead><tbody>}; - $message .= qq{<tr><td>SHA1</td><td><code class="literal">$sha1</code></td></tr>}; - $message .= qq{<tr><td>SHA256</td><td><code class="literal">$sha256</code></td></tr>}; - $message .= qq{</tbody></table></div>\n}; - - print $message; -}