Exploring content of X.509 certificates
- Relational pipes
- Principles
- Roadmap
- FAQ
- Specification
- Implementation
- Examples
- License
- Screenshots
- Download
- Support & contact
X.509 certificates and keys used for SSL/TLS (HTTPS, POP3S, IMAPS etc.) are usually distributed as files either with .pem or .der extension.
Or bundled together in a PKCS#12 container as a .p12 file.
The „text“ PEM format is often considered more „accessible“ or „friendly“ than the binary DER.
However PEM is just Base64 encoded DER original and is actually less legible to the naked eye than DER,
because in DER we can spot at least some strings like common and domain names or validity/expiration dates or recognize certain data structures in a HEX editor.
Base64 just obfuscates everything. PEM can be easily copied through clipboard, which is probably the only advantage of this format (but it can also more likely leak).
So our first step is to get rid of the annoying Base64 pseudo-plain-text encoding – we use one of these commands:
cat certificate.pem | grep -v ^--- | base64 -d > certificate.der
cat certificate.pem | openssl x509 -inform PEM -outform DER > certificate.der
Telco veterans could now start reading the DER file with hd or xxd, jumping over the offsets and traversing the sequences and sets…
However most people would appreciate some software that helps them parsing the ASN.1 BER encoding (the superset of DER and CER).
Such software is e.g. Wireshark or dumpasn1. These programs are good for ad-hoc inspection or quick check.
In Relational pipes v0.18 we have (early and bit raw) support for ASN.1 BER encoding and thus we can get the structured data in a machine-readable form
– which is good for further processing, conversion to other formats or use in scripts.
Because the ASN.1 data model is not relational – actually it is a tree – this format is supported in the relpipe-in-asn1table
command that is modelled after the well-known XMLTable() database function that allows translating arbitrary tree structures to relations using the XPath expressions.
So in relpipe-in-asn1table we can write XPath expressions to query the ASN.1 tree data structures and extract relations, records and attributes
from X.509 certificates, keys or other cryptographic artifacts, LDAP or SNMP packets or any other ASN.1 BER data.
But how do we know what XPath expressions should we run?
It is useful to see the XML representation of whole source data.
There is a simple trick to do this – use "/" as the XPath for selecting records (is always selects the single record, single node – the root)
and use "." as the XPath to select a single attribute (it always select the root element)
and add --mode raw-xml, so we get the raw XML source instead of the text content of given elements.
We do not have to write this routine by hand – just create a symlink to the example script:
ln -s …/relpipe-in-xmltable.cpp/examples/2xml.sh asn12xml # in ~/bin or somewhere
This example is generic and works also for other formats supported by the relpipe-in-*table commands.
Then we can analyze X.509 DER certificates stored on our disk or we can fetch some from live servers.
The openssl command helps us with that:
fetch_x509_certificate() {
echo \
| openssl s_client -connect $1:${2:-443} 2>/dev/null \
| openssl x509 -inform PEM -outform DER;
}
Now put both commands together in a pipeline:
fetch_x509_certificate "gnu.org" | asn12xml # HTTPS port (443) is used as default
and get this XML representation of the ASN.1 X.509 tree:
<?xml version="1.0"?>
<asn1>
<sequence tag="16" class="universal">
<sequence tag="16" class="universal">
<constructed tag="0" class="context">
<integer hex="02" tag="2" class="universal">2</integer>
</constructed>
<integer hex="03abb913df3ec5e5c22f410b01bd46d4f6b7" tag="2" class="universal"/>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.2.840.113549.1.1.11</oid>
<null tag="5" class="universal"/>
</sequence>
<sequence tag="16" class="universal">
<set tag="17" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.4.6</oid>
<text-string tag="19" class="universal">US</text-string>
</sequence>
</set>
<set tag="17" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.4.10</oid>
<text-string tag="19" class="universal">Let's Encrypt</text-string>
</sequence>
</set>
<set tag="17" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.4.3</oid>
<text-string tag="19" class="universal">R3</text-string>
</sequence>
</set>
</sequence>
<sequence tag="16" class="universal">
<date-time tag="23" class="universal">2021-12-10T13:52:28+00:00</date-time>
<date-time tag="23" class="universal">2022-03-10T13:52:27+00:00</date-time>
</sequence>
<sequence tag="16" class="universal">
<set tag="17" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.4.3</oid>
<text-string tag="19" class="universal">wildebeest1p.gnu.org</text-string>
</sequence>
</set>
</sequence>
<sequence tag="16" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.2.840.113549.1.1.1</oid>
<null tag="5" class="universal"/>
</sequence>
<bit-string length="2160" tag="3" class="universal">100000000000000010000000110000000100000010110010100110101010101011000010001101001001001101000111111011101100011100011110000011010000010000011010011110000101011001010011110101011111011110111011001001110001010101011111100111110101001001111001100001000101111100111000110111111010000111101010101110001111000001011000101100101111010010011111101101101100110000011110001101111100011011010010001001000100001100010011110101110011001110101010101111110011010011111110000010001101000100100011011111011010000010110001101101011000010111011101001110000011000001110001100100100001111100010101111000110011000100010000101011010010011101001101101100001000010011011011001010000011010110100001010111101011010110101001111110101011011011101110010110101111100111001101111010101111001101000100001001101100001101010111111110100111010011010001101101110111111111001110110010011110101011001110100111000100101101100101011100110001100001011000100000000001001100010001110100110001000000010011111101111111110000000010111100010101000010100111001110000011111001000110011001000111000010101001000000110101011100001110110001111000111010110101101011010110010110110010001100001010111001000111000001000001110011110010111110010101000011010101110110011001001000111101000111101111101100110010101000100111100110000010010111001110001010111101110000010101010011011001100011010011000111001010000000010110001001100011000010010010010110000001110011001011010100101101101111011100110100011111001010110111110101011111101101010111110110110000100001110101100101011011111100101101000100111111101110010100011011101010000100000100001010111111010110110010000100011011110101001101101110001001110000011101001000101001001101111101111100100001100011111101010001111001110111100100101100001110100010001001000101111100010001011010110010000111000000011011101101100010101100001110001110011100011100010110101101000101101100001100010101101110001010111000110000100110010011011101100000011000011101001111111111101100111011001011111001011010101010001101100000101111000001101110110110111101101011010000001101111001110011101110000010000110100001101100101101010101000000001000000010000000010000010100000001010000100000000100000100001100</bit-string>
</sequence>
<encapsulated tag="3" class="context">
<sequence tag="16" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.29.15</oid>
<boolean tag="1" class="universal">true</boolean>
<encapsulated tag="4" class="universal">
<bit-string length="3" tag="3" class="universal">101</bit-string>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.29.37</oid>
<encapsulated tag="4" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.3.6.1.5.5.7.3.1</oid>
<oid tag="6" class="universal">1.3.6.1.5.5.7.3.2</oid>
</sequence>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.29.19</oid>
<boolean tag="1" class="universal">true</boolean>
<encapsulated tag="4" class="universal">
<sequence tag="16" class="universal"/>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.29.14</oid>
<encapsulated tag="4" class="universal">
<octet-string length="20" tag="4" class="universal">9e05272100500e8f5139ae2e3ad87ea30ea08448</octet-string>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.29.35</oid>
<encapsulated tag="4" class="universal">
<sequence tag="16" class="universal">
<specific length="20" hex="142eb317b75856cbae500940e61faf9d8b14c2c6" tag="0" class="context">.....XV..P.@........</specific>
</sequence>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.3.6.1.5.5.7.1.1</oid>
<encapsulated tag="4" class="universal">
<sequence tag="16" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.3.6.1.5.5.7.48.1</oid>
<specific length="21" hex="687474703a2f2f72332e6f2e6c656e63722e6f7267" tag="6" class="context">http://r3.o.lencr.org</specific>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.3.6.1.5.5.7.48.2</oid>
<specific length="22" hex="687474703a2f2f72332e692e6c656e63722e6f72672f" tag="6" class="context">http://r3.i.lencr.org/</specific>
</sequence>
</sequence>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.29.17</oid>
<encapsulated tag="4" class="universal">
<sequence tag="16" class="universal">
<specific length="21" hex="617263686976652e676e657773656e73652e6f7267" tag="2" class="context">archive.gnewsense.org</specific>
<specific length="18" hex="626574612e676e657773656e73652e6f7267" tag="2" class="context">beta.gnewsense.org</specific>
<specific length="22" hex="626c6f6f646e6f6b2e676e657773656e73652e6f7267" tag="2" class="context">bloodnok.gnewsense.org</specific>
<specific length="18" hex="626f66682e676e657773656e73652e6f7267" tag="2" class="context">bofh.gnewsense.org</specific>
<specific length="18" hex="627567732e676e657773656e73652e6f7267" tag="2" class="context">bugs.gnewsense.org</specific>
<specific length="17" hex="627a722e676e657773656e73652e6f7267" tag="2" class="context">bzr.gnewsense.org</specific>
<specific length="21" hex="6364696d6167652e676e657773656e73652e6f7267" tag="2" class="context">cdimage.gnewsense.org</specific>
<specific length="13" hex="636c617373706174682e6f7267" tag="2" class="context">classpath.org</specific>
<specific length="20" hex="636f6e6669672e676e657773656e73652e6f7267" tag="2" class="context">config.gnewsense.org</specific>
<specific length="17" hex="6469676974616c7370656563682e6f7267" tag="2" class="context">digitalspeech.org</specific>
<specific length="24" hex="646f6e6174652e6469676974616c7370656563682e6f7267" tag="2" class="context">donate.digitalspeech.org</specific>
<specific length="10" hex="646f74676e752e6f7267" tag="2" class="context">dotgnu.org</specific>
<specific length="20" hex="6563636c65732e676e657773656e73652e6f7267" tag="2" class="context">eccles.gnewsense.org</specific>
<specific length="9" hex="656d6163732e6f7267" tag="2" class="context">emacs.org</specific>
<specific length="13" hex="676c6962632e676e752e6f7267" tag="2" class="context">glibc.gnu.org</specific>
<specific length="13" hex="676e657773656e73652e6f7267" tag="2" class="context">gnewsense.org</specific>
<specific length="7" hex="676e752e6f7267" tag="2" class="context">gnu.org</specific>
<specific length="11" hex="676e756b6964732e6f7267" tag="2" class="context">gnukids.org</specific>
<specific length="10" hex="67706c6661712e6f7267" tag="2" class="context">gplfaq.org</specific>
<specific length="12" hex="687572642e676e752e6f7267" tag="2" class="context">hurd.gnu.org</specific>
<specific length="15" hex="697076362e6e6f6e676e752e6f7267" tag="2" class="context">ipv6.nongnu.org</specific>
<specific length="17" hex="6b696e646c657377696e646c652e6f7267" tag="2" class="context">kindleswindle.org</specific>
<specific length="10" hex="6e6f6e676e752e6f7267" tag="2" class="context">nongnu.org</specific>
<specific length="27" hex="70617463682d747261636b65722e676e657773656e73652e6f7267" tag="2" class="context">patch-tracker.gnewsense.org</specific>
<specific length="15" hex="706c617966726565646f6d2e6f7267" tag="2" class="context">playfreedom.org</specific>
<specific length="11" hex="706c61796f67672e636f6d" tag="2" class="context">playogg.com</specific>
<specific length="11" hex="706c61796f67672e6e6574" tag="2" class="context">playogg.net</specific>
<specific length="11" hex="706c61796f67672e6f7267" tag="2" class="context">playogg.org</specific>
<specific length="19" hex="7273796e632e676e657773656e73652e6f7267" tag="2" class="context">rsync.gnewsense.org</specific>
<specific length="21" hex="736561676f6f6e2e676e657773656e73652e6f7267" tag="2" class="context">seagoon.gnewsense.org</specific>
<specific length="22" hex="73656375726974792e676e657773656e73652e6f7267" tag="2" class="context">security.gnewsense.org</specific>
<specific length="17" hex="736d616c6c74616c6b2e676e752e6f7267" tag="2" class="context">smalltalk.gnu.org</specific>
<specific length="21" hex="746f7272656e742e676e657773656e73652e6f7267" tag="2" class="context">torrent.gnewsense.org</specific>
<specific length="22" hex="7570677261646566726f6d77696e646f77732e636f6d" tag="2" class="context">upgradefromwindows.com</specific>
<specific length="22" hex="7570677261646566726f6d77696e646f77732e6f7267" tag="2" class="context">upgradefromwindows.org</specific>
<specific length="23" hex="7570677261646566726f6d77696e646f7773382e636f6d" tag="2" class="context">upgradefromwindows8.com</specific>
<specific length="23" hex="7570677261646566726f6d77696e646f7773382e6f7267" tag="2" class="context">upgradefromwindows8.org</specific>
<specific length="24" hex="75732e617263686976652e676e657773656e73652e6f7267" tag="2" class="context">us.archive.gnewsense.org</specific>
<specific length="13" hex="766364696d616765722e6f7267" tag="2" class="context">vcdimager.org</specific>
<specific length="18" hex="77696b692e676e657773656e73652e6f7267" tag="2" class="context">wiki.gnewsense.org</specific>
<specific length="23" hex="77696c646562656573742e697076362e676e752e6f7267" tag="2" class="context">wildebeest.ipv6.gnu.org</specific>
<specific length="20" hex="77696c6465626565737431702e676e752e6f7267" tag="2" class="context">wildebeest1p.gnu.org</specific>
<specific length="17" hex="7777772e636c617373706174682e6f7267" tag="2" class="context">www.classpath.org</specific>
<specific length="21" hex="7777772e6469676974616c7370656563682e6f7267" tag="2" class="context">www.digitalspeech.org</specific>
<specific length="14" hex="7777772e646f74676e752e6f7267" tag="2" class="context">www.dotgnu.org</specific>
<specific length="13" hex="7777772e656d6163732e6f7267" tag="2" class="context">www.emacs.org</specific>
<specific length="17" hex="7777772e676e657773656e73652e6f7267" tag="2" class="context">www.gnewsense.org</specific>
<specific length="11" hex="7777772e676e752e6f7267" tag="2" class="context">www.gnu.org</specific>
<specific length="15" hex="7777772e676e756b6964732e6f7267" tag="2" class="context">www.gnukids.org</specific>
<specific length="14" hex="7777772e67706c6661712e6f7267" tag="2" class="context">www.gplfaq.org</specific>
<specific length="16" hex="7777772e687572642e676e752e6f7267" tag="2" class="context">www.hurd.gnu.org</specific>
<specific length="16" hex="7777772e697076362e676e752e6f7267" tag="2" class="context">www.ipv6.gnu.org</specific>
<specific length="19" hex="7777772e697076362e6e6f6e676e752e6f7267" tag="2" class="context">www.ipv6.nongnu.org</specific>
<specific length="21" hex="7777772e6b696e646c657377696e646c652e6f7267" tag="2" class="context">www.kindleswindle.org</specific>
<specific length="14" hex="7777772e6e6f6e676e752e6f7267" tag="2" class="context">www.nongnu.org</specific>
<specific length="19" hex="7777772e706c617966726565646f6d2e6f7267" tag="2" class="context">www.playfreedom.org</specific>
<specific length="15" hex="7777772e706c61796f67672e636f6d" tag="2" class="context">www.playogg.com</specific>
<specific length="15" hex="7777772e706c61796f67672e6e6574" tag="2" class="context">www.playogg.net</specific>
<specific length="15" hex="7777772e706c61796f67672e6f7267" tag="2" class="context">www.playogg.org</specific>
<specific length="26" hex="7777772e7570677261646566726f6d77696e646f77732e636f6d" tag="2" class="context">www.upgradefromwindows.com</specific>
<specific length="26" hex="7777772e7570677261646566726f6d77696e646f77732e6f7267" tag="2" class="context">www.upgradefromwindows.org</specific>
<specific length="27" hex="7777772e7570677261646566726f6d77696e646f7773382e636f6d" tag="2" class="context">www.upgradefromwindows8.com</specific>
<specific length="27" hex="7777772e7570677261646566726f6d77696e646f7773382e6f7267" tag="2" class="context">www.upgradefromwindows8.org</specific>
<specific length="17" hex="7777772e766364696d616765722e6f7267" tag="2" class="context">www.vcdimager.org</specific>
<specific length="12" hex="777777362e676e752e6f7267" tag="2" class="context">www6.gnu.org</specific>
<specific length="15" hex="777777362e6e6f6e676e752e6f7267" tag="2" class="context">www6.nongnu.org</specific>
<specific length="20" hex="7838362d33322e676e657773656e73652e6f7267" tag="2" class="context">x86-32.gnewsense.org</specific>
<specific length="20" hex="7838362d36342e676e657773656e73652e6f7267" tag="2" class="context">x86-64.gnewsense.org</specific>
</sequence>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.5.29.32</oid>
<encapsulated tag="4" class="universal">
<sequence tag="16" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">2.23.140.1.2.1</oid>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.3.6.1.4.1.44947.1.1.1</oid>
<sequence tag="16" class="universal">
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.3.6.1.5.5.7.2.1</oid>
<specific length="26" hex="687474703a2f2f6370732e6c657473656e63727970742e6f7267" tag="22" class="universal">http://cps.letsencrypt.org</specific>
</sequence>
</sequence>
</sequence>
</sequence>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.3.6.1.4.1.11129.2.4.2</oid>
<encapsulated tag="4" class="universal">
<octet-string length="243" tag="4" class="universal">00f1007700dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a730000017da4d4c8e00000040300483046022100e459e6392e11771d2425d9ace43e194a9f1776ed5ec8f56db3db661b3a9ac77e022100d6fd9e62b74b86201d0aedc85e31a42fb3b6a3cbd46ef769de3bef49f0cf2b290076002979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc7840000017da4d4c9540000040300473045022100de46ef3a2991ba373fef55fc6b03e0b813986e1393d5699f7f22ae84350d01d002202a205df263e45819c7d9afa7b0e2298b911414e5f940de94ec43c8cfba3e7659</octet-string>
</encapsulated>
</sequence>
</sequence>
</encapsulated>
</sequence>
<sequence tag="16" class="universal">
<oid tag="6" class="universal">1.2.840.113549.1.1.11</oid>
<null tag="5" class="universal"/>
</sequence>
<bit-string length="2048" tag="3" class="universal">11111111011111011010000011000111111100100110100101111000100011011011101111101100100011110111000100000000010010101011010111010001100001110000010010011010110101000101000000011111101110000111111000010110001000011101101101110110101001001001100001111011111100111100110110100010111000100001101111011100100011100101100101011110111010010110000101011111100101100100011011011011000111110000011111000001001110111111111111110111110110111011001000110000111001010100111010010000001100111001011000001001110100110000111010000011100111011100010110011011101111100101101111111001010000000100110011110010000101101011011011001111010100000110000110100001111011001001000000001011110110100111000111100010111111110111111111001010010001101000111100001111101111001010010011101100010111001100010001111101101001101100110000001010000100101001110001000010101010111000000001110011001100110100010101100111111001010001111110000101011000001100110110101100000000100101000000101011010000101011000111110000111011000011001001000001000110111001100011111100110011110101111101000010101100010000110011101111111100100011111010001111110110110110100011011101111111110001000010011101000000001100101010010000010011101101101110100010101000011010011111100111111011011111011001111100010101110000100011100110000111111111110011011011110001101001001001110100001110001000001001111010100000001010011111011111001110101100101001011011110100111111010001010011110000111001110010101110101011011101101101001101010000100001111111110100011011000100011101000010001011001010110110101110011010010110001101110110111100111110111101000111011111010000110010110100011110001000101011100010110100011110010001101001010010101111100011100110011110110010100101100010010110000101100110110010100110100000110011010011101100001111111110110011010011100001011001010010110000110101011001000011001010111010100111011110011010011000000010010111111001011001101000011110100100011000100001010111010010010101011111101000011110000001011001110110010110010011100000001000000111110100110100011100011010100010110111110101100000110001000110101010</bit-string>
</sequence>
</asn1>
Once we know the structure, we can easily hack together a function that extracts parts of the tree as relations:
parse_x509_certificate() {
relpipe-in-asn1table \
--relation 'validity' \
--records '//sequence[date-time][1]' \
--attribute 'from' string 'date-time[1]' \
--attribute 'to' string 'date-time[2]' \
--relation 'alternative_name' \
--records '//sequence[oid="2.5.29.17"][1]/encapsulated/sequence/specific' \
--attribute 'name' string '.';
}
Everything put together:
fetch_x509_certificate "gnu.org" | parse_x509_certificate | relpipe-out-tabular
will print:
validity:
╭───────────────────────────┬───────────────────────────╮
│ from (string) │ to (string) │
├───────────────────────────┼───────────────────────────┤
│ 2021-12-10T13:52:28+00:00 │ 2022-03-10T13:52:27+00:00 │
╰───────────────────────────┴───────────────────────────╯
Record count: 1
alternative_name:
╭─────────────────────────────╮
│ name (string) │
├─────────────────────────────┤
│ archive.gnewsense.org │
│ beta.gnewsense.org │
│ bloodnok.gnewsense.org │
│ bofh.gnewsense.org │
│ bugs.gnewsense.org │
│ bzr.gnewsense.org │
│ cdimage.gnewsense.org │
│ classpath.org │
│ config.gnewsense.org │
│ digitalspeech.org │
│ donate.digitalspeech.org │
│ dotgnu.org │
│ eccles.gnewsense.org │
│ emacs.org │
│ glibc.gnu.org │
│ gnewsense.org │
│ gnu.org │
│ gnukids.org │
│ gplfaq.org │
│ hurd.gnu.org │
│ ipv6.nongnu.org │
│ kindleswindle.org │
│ nongnu.org │
│ patch-tracker.gnewsense.org │
│ playfreedom.org │
│ playogg.com │
│ playogg.net │
│ playogg.org │
│ rsync.gnewsense.org │
│ seagoon.gnewsense.org │
│ security.gnewsense.org │
│ smalltalk.gnu.org │
│ torrent.gnewsense.org │
│ upgradefromwindows.com │
│ upgradefromwindows.org │
│ upgradefromwindows8.com │
│ upgradefromwindows8.org │
│ us.archive.gnewsense.org │
│ vcdimager.org │
│ wiki.gnewsense.org │
│ wildebeest.ipv6.gnu.org │
│ wildebeest1p.gnu.org │
│ www.classpath.org │
│ www.digitalspeech.org │
│ www.dotgnu.org │
│ www.emacs.org │
│ www.gnewsense.org │
│ www.gnu.org │
│ www.gnukids.org │
│ www.gplfaq.org │
│ www.hurd.gnu.org │
│ www.ipv6.gnu.org │
│ www.ipv6.nongnu.org │
│ www.kindleswindle.org │
│ www.nongnu.org │
│ www.playfreedom.org │
│ www.playogg.com │
│ www.playogg.net │
│ www.playogg.org │
│ www.upgradefromwindows.com │
│ www.upgradefromwindows.org │
│ www.upgradefromwindows8.com │
│ www.upgradefromwindows8.org │
│ www.vcdimager.org │
│ www6.gnu.org │
│ www6.nongnu.org │
│ x86-32.gnewsense.org │
│ x86-64.gnewsense.org │
╰─────────────────────────────╯
Record count: 68
The function above is just a „hello world“ example. Please note that the XPath expressions need to be carefully crafted with respect to the given format in order to match exactly what we want.
Instead of printing a table, we can use the relpipe-out-nullbyte tool + the read_nullbyte function
and shell loop over the records (alternative names) and e.g. ping each domain or fetch given root web page using wget or curl.
We can also write a simple script that checks the validity of our own certificates and notifies us in advance when some of them are going to expire.
Later versions of relpipe-in-asn1table will probably support OID names, so it will not be necessary to use the numeric object identifiers.
n.b. there is also the relpipe-in-asn1 – this tool reads data generated by its counterpart, the relpipe-out-asn1 (or other ASN.1 BER capable software)
i.e. it is not as universal as relpipe-in-asn1table, it has simpler interface, needs no configuration and expects certain ASN.1 structures (relations serialized in BER format).
Relational pipes, open standard and free software © 2018-2022 GlobalCode