Add SSL fingerprint check utility

bin/ssl_fp

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+. "$(shellfu-get path)" || exit 3
+
+shellfu import pretty
+
+usage() {
+    mkusage "[-d] SERVER:PORT"
+}
+
+cached() {
+    local cache_size=$(stat -c %s "$Cache")
+    debug -v Cache cache_size
+    if test "$cache_size" -gt 0;
+    then
+        debug "using cache ($cache_size bytes)"
+        cat "$Cache"
+    else
+        debug "building cache"
+        get_cert | tee "$Cache"
+    fi
+}
+
+get_cert() {
+    debug heya
+    </dev/null openssl s_client -connect "$Conn" 2>/dev/null
+}
+
+get_fp() {
+    local fun="$1"
+    debug -v Conn fun
+    cached get_cert \
+      | openssl x509 -noout -"$fun" -fingerprint 2>/dev/null
+}
+
+get_fps() {
+    get_fp md5
+    get_fp sha1
+    get_fp sha256
+}
+
+main() {
+    local Conn
+    local Cache
+    local es
+    #shellcheck disable=SC2034
+    while true; do case "$1" in
+        *:*) Conn="$1";             shift ;;
+        -d)  SHELLFU_DEBUG=true;    shift ;;
+        "")                         break ;;
+        *)                          usage ;;
+    esac done
+    test -n "$Conn" || usage
+    Cache="$(mktemp -t ssl_fp.cache.XXXXXXXX)"
+    get_fps; es=$?
+    rm -f "$Cache"
+    return "$es"
+}
+
+main "$@"