1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
#! /usr/bin/env bash
#
# A diff canonifier that removes all X.509 Distinguished Name subject fields
# because that output can differ depending on installed OpenSSL version.
awk '
BEGIN { FS="\t"; OFS="\t"; s_col = -1; i_col = -1; is_col = -1; cs_col = -1; ci_col = -1; cert_subj_col = -1; cert_issuer_col = -1 }
/^#/ {
if ( $1 == "#fields" )
{
for ( i = 2; i <= NF; ++i )
{
if ( $i == "subject" )
s_col = i-1;
if ( $i == "issuer" )
i_col = i-1;
if ( $i == "issuer_subject" )
is_col = i-1;
if ( $i == "client_subject" )
cs_col = i-1;
if ( $i == "client_issuer" )
ci_col = i-1;
if ( $i == "certificate.subject" )
cert_subj_col = i-1;
if ( $i == "certificate.issuer" )
cert_issuer_col = i-1;
}
}
print;
next;
}
s_col > 0 {
if ( $s_col != "-" )
# Mark that it is set, but ignore content.
$s_col = "+";
}
i_col > 0 {
if ( $i_col != "-" )
# Mark that it is set, but ignore content.
$i_col = "+";
}
is_col > 0 {
if ( $is_col != "-" )
# Mark that it is set, but ignore content.
$is_col = "+";
}
cs_col > 0 {
if ( $cs_col != "-" )
# Mark that it is set, but ignore content.
$cs_col = "+";
}
ci_col > 0 {
if ( $ci_col != "-" )
# Mark that it is set, but ignore content.
$ci_col = "+";
}
cert_subj_col > 0 {
if ( $cert_subj_col != "-" )
# Mark that it is set, but ignore content.
$cert_subj_col = "+";
}
cert_issuer_col > 0 {
if ( $cert_issuer_col != "-" )
# Mark that it is set, but ignore content.
$cert_issuer_col = "+";
}
{
print;
}
'
|
