#!/usr/bin/env perl
# $Id: verify-ssl-conn,v 1.2 2018/02/03 01:43:39 friedman Exp $

use strict;
use warnings qw(all);

my @opt = (qw(-verify      8
              -auth_level  2
              -status

              -check_ss_sig
              -extended_crl
              -policy_check
              -policy_print
              -x509_strict

              -no_ticket
              -state
              -prexit

              -connect)); # keep this arg last

sub main
{
  my $pid = open (my $fh, "-|");
  die "fork: $!\n" unless defined $pid;
  if ($pid) # parent
    {
      local $/ = undef;
      $_ = scalar <$fh>;
      wait;
    }
  else
    {
      (my $hostname = $_[0]) =~ s/:.*//;
      unshift @opt, "-verify_hostname", $hostname;

      open (STDIN,  "<",  "/dev/null");
      open (STDERR, ">&", STDOUT);
      exec (qw(openssl s_client), @opt, @_)
        or die "exec: $_[0]: $!";
    }

  s/^-+BEGIN CERT.*^-+END CERT\S+-+$//msg;
  print;
}

main (@ARGV);

# eof