#!/bin/bash
#Author: Daniel Chu (v-danielchu@microsoft.com)
#Last modified: 6/2/2021
#Load module tools/openssl/1.1.1d

# mod achim
export PATH=/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin


FULL_CHAIN_CERT=/dataserfs/collector/updates/svceng.com.fullcertchain.cer

if [ -z "$1" ];
then
    echo "Error: Please specify a URL"
    echo "Syntax: $0 [URL]"
    exit 1
fi

URL=$1

#Check if URL even responds
# mod achim: capture stderr
if ! RESPONSE=`openssl s_client -connect $URL:443 <<< "Q" 2>&1`
then
    case $RESPONSE in
    *getaddrinfo:*) echo "address $URL not found" >&2;;
    *) echo "no valid response" >&2;;
    esac

    echo ERR
    exit 1
fi

OPENSSL_RESP=`openssl s_client -connect $URL:443 -CAfile $FULL_CHAIN_CERT -status <<< "Q" 2> /dev/null | grep "Verification error"`
#Empty reponse means cert was OK.
if [ -z "$OPENSSL_RESP" ];
then
    echo TRUE
else
    echo FALSE
fi
